diff --git a/keystone/tests/test_v3.py b/keystone/tests/test_v3.py index d2524bb0f3..ed77d12b16 100644 --- a/keystone/tests/test_v3.py +++ b/keystone/tests/test_v3.py @@ -921,7 +921,7 @@ class RestfulTestCase(rest.RestfulTestCase): return self.assertValidListResponse( resp, 'trusts', - self.assertValidTrust, + self.assertValidTrustSummary, *args, **kwargs) @@ -933,7 +933,10 @@ class RestfulTestCase(rest.RestfulTestCase): *args, **kwargs) - def assertValidTrust(self, entity, ref=None): + def assertValidTrustSummary(self, entity, ref=None): + return self.assertValidTrust(entity, ref, summary=True) + + def assertValidTrust(self, entity, ref=None, summary=False): self.assertIsNotNone(entity.get('trustor_user_id')) self.assertIsNotNone(entity.get('trustee_user_id')) @@ -941,21 +944,23 @@ class RestfulTestCase(rest.RestfulTestCase): if entity['expires_at'] is not None: self.assertValidISO8601ExtendedFormatDatetime(entity['expires_at']) - # always disallow project xor project_id (neither or both is allowed) - has_roles = bool(entity.get('roles')) - has_project = bool(entity.get('project_id')) - self.assertFalse(has_roles ^ has_project) + if summary: + # Trust list contains no roles, but getting a specific + # trust by ID provides the detailed reponse containing roles + self.assertNotIn('roles', entity) + self.assertIn('project_id', entity) + else: + for role in entity['roles']: + self.assertIsNotNone(role) + self.assertValidEntity(role) + self.assertValidRole(role) - for role in entity['roles']: - self.assertIsNotNone(role) - self.assertValidEntity(role) - self.assertValidRole(role) + self.assertValidListLinks(entity.get('roles_links')) - self.assertValidListLinks(entity.get('roles_links')) - - # these were used during dev and shouldn't land in final impl - self.assertNotIn('role_ids', entity) - self.assertNotIn('role_names', entity) + # always disallow role xor project_id (neither or both is allowed) + has_roles = bool(entity.get('roles')) + has_project = bool(entity.get('project_id')) + self.assertFalse(has_roles ^ has_project) if ref: self.assertEqual(ref['trustor_user_id'], entity['trustor_user_id']) diff --git a/keystone/tests/test_v3_auth.py b/keystone/tests/test_v3_auth.py index 43be5f7eca..e1fa207a0d 100644 --- a/keystone/tests/test_v3_auth.py +++ b/keystone/tests/test_v3_auth.py @@ -2216,10 +2216,16 @@ class TestTrustAuth(TestAuthInfo): r = self.post('/OS-TRUST/trusts', body={'trust': ref}) self.assertValidTrustResponse(r, ref) + r = self.get('/OS-TRUST/trusts', expected_status=200) + trusts = r.result['trusts'] + self.assertEqual(len(trusts), 3) + self.assertValidTrustListResponse(r) + r = self.get('/OS-TRUST/trusts?trustor_user_id=%s' % self.user_id, expected_status=200) trusts = r.result['trusts'] self.assertEqual(len(trusts), 3) + self.assertValidTrustListResponse(r) r = self.get('/OS-TRUST/trusts?trustee_user_id=%s' % self.user_id, expected_status=200) diff --git a/keystone/trust/controllers.py b/keystone/trust/controllers.py index 42e1a67933..ebf294c643 100644 --- a/keystone/trust/controllers.py +++ b/keystone/trust/controllers.py @@ -208,9 +208,16 @@ class TrustV3(controller.V3Controller): if user_id != calling_user_id: raise exception.Forbidden() trusts += self.trust_api.list_trusts_for_trustee(user_id) - global_roles = self.assignment_api.list_roles() for trust in trusts: - self._fill_in_roles(context, trust, global_roles) + # get_trust returns roles, list_trusts does not + # It seems in some circumstances, roles does not + # exist in the query response, so check first + if 'roles' in trust: + del trust['roles'] + if trust.get('expires_at') is not None: + trust['expires_at'] = (timeutils.isotime + (trust['expires_at'], + subsecond=True)) return TrustV3.wrap_collection(context, trusts) @controller.protected()