Merge "Reduce duplication in federated auth APIs"
This commit is contained in:
commit
a58b5a48b1
|
@ -455,13 +455,8 @@ class DomainV3(controller.V3Controller):
|
|||
:returns: list of accessible domains
|
||||
|
||||
"""
|
||||
domains = PROVIDERS.assignment_api.list_domains_for_groups(
|
||||
request.auth_context['group_ids'])
|
||||
domains = domains + PROVIDERS.assignment_api.list_domains_for_user(
|
||||
request.auth_context['user_id'])
|
||||
# remove duplicates
|
||||
domains = k_utils.remove_duplicate_dicts_by_id(domains)
|
||||
return DomainV3.wrap_collection(request.context_dict, domains)
|
||||
controller = auth_controllers.Auth()
|
||||
return controller.get_auth_domains(request)
|
||||
|
||||
|
||||
class ProjectAssignmentV3(controller.V3Controller):
|
||||
|
@ -484,14 +479,8 @@ class ProjectAssignmentV3(controller.V3Controller):
|
|||
:returns: list of accessible projects
|
||||
|
||||
"""
|
||||
projects = PROVIDERS.assignment_api.list_projects_for_groups(
|
||||
request.auth_context['group_ids'])
|
||||
projects = projects + PROVIDERS.assignment_api.list_projects_for_user(
|
||||
request.auth_context['user_id'])
|
||||
# remove duplicates
|
||||
projects = k_utils.remove_duplicate_dicts_by_id(projects)
|
||||
return ProjectAssignmentV3.wrap_collection(request.context_dict,
|
||||
projects)
|
||||
controller = auth_controllers.Auth()
|
||||
return controller.get_auth_projects(request)
|
||||
|
||||
|
||||
class ServiceProvider(_ControllerBase):
|
||||
|
|
|
@ -4761,6 +4761,59 @@ class TestAuthSpecificData(test_v3.RestfulTestCase):
|
|||
def test_head_projects_with_project_scoped_token(self):
|
||||
self.head('/auth/projects', expected_status=http_client.OK)
|
||||
|
||||
def test_get_projects_matches_federated_get_projects(self):
|
||||
# create at least one addition project to make sure it doesn't end up
|
||||
# in the response, since the user doesn't have any authorization on it
|
||||
ref = unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
|
||||
r = self.post('/projects', body={'project': ref})
|
||||
unauthorized_project_id = r.json['project']['id']
|
||||
|
||||
r = self.get('/auth/projects', expected_status=http_client.OK)
|
||||
self.assertThat(r.json['projects'], matchers.HasLength(1))
|
||||
for project in r.json['projects']:
|
||||
self.assertNotEqual(unauthorized_project_id, project['id'])
|
||||
|
||||
expected_project_id = r.json['projects'][0]['id']
|
||||
|
||||
# call GET /v3/OS-FEDERATION/projects
|
||||
r = self.get('/OS-FEDERATION/projects', expected_status=http_client.OK)
|
||||
|
||||
# make sure the response is the same
|
||||
self.assertThat(r.json['projects'], matchers.HasLength(1))
|
||||
for project in r.json['projects']:
|
||||
self.assertEqual(expected_project_id, project['id'])
|
||||
|
||||
def test_get_domains_matches_federated_get_domains(self):
|
||||
# create at least one addition domain to make sure it doesn't end up
|
||||
# in the response, since the user doesn't have any authorization on it
|
||||
ref = unit.new_domain_ref()
|
||||
r = self.post('/domains', body={'domain': ref})
|
||||
unauthorized_domain_id = r.json['domain']['id']
|
||||
|
||||
ref = unit.new_domain_ref()
|
||||
r = self.post('/domains', body={'domain': ref})
|
||||
authorized_domain_id = r.json['domain']['id']
|
||||
|
||||
path = '/domains/%(domain_id)s/users/%(user_id)s/roles/%(role_id)s' % {
|
||||
'domain_id': authorized_domain_id,
|
||||
'user_id': self.user_id,
|
||||
'role_id': self.role_id
|
||||
}
|
||||
self.put(path, expected_status=http_client.NO_CONTENT)
|
||||
|
||||
r = self.get('/auth/domains', expected_status=http_client.OK)
|
||||
self.assertThat(r.json['domains'], matchers.HasLength(1))
|
||||
self.assertEqual(authorized_domain_id, r.json['domains'][0]['id'])
|
||||
self.assertNotEqual(unauthorized_domain_id, r.json['domains'][0]['id'])
|
||||
|
||||
# call GET /v3/OS-FEDERATION/domains
|
||||
r = self.get('/OS-FEDERATION/domains', expected_status=http_client.OK)
|
||||
|
||||
# make sure the response is the same
|
||||
self.assertThat(r.json['domains'], matchers.HasLength(1))
|
||||
self.assertEqual(authorized_domain_id, r.json['domains'][0]['id'])
|
||||
self.assertNotEqual(unauthorized_domain_id, r.json['domains'][0]['id'])
|
||||
|
||||
def test_get_domains_with_project_scoped_token(self):
|
||||
self.put(path='/domains/%s/users/%s/roles/%s' % (
|
||||
self.domain['id'], self.user['id'], self.role['id']))
|
||||
|
|
Loading…
Reference in New Issue