Remove roles from OS-TRUST list responses
According to the docs, the list responses should not contain the roles, only the detailed response when you get a trust explicitly by ID. So remove the roles and modify the tests appropriately. Note it was also observed that expires_at is present in all GET resonses, but not in the docs, but this has been agreed as a docs error so will be addressed via a docs patch. Change-Id: I5387021a53f3284add9e5e71e9e005c4dd31b76c Closes-Bug: #1245590
This commit is contained in:
parent
6ce1425441
commit
ab0e2c7667
|
@ -921,7 +921,7 @@ class RestfulTestCase(rest.RestfulTestCase):
|
||||||
return self.assertValidListResponse(
|
return self.assertValidListResponse(
|
||||||
resp,
|
resp,
|
||||||
'trusts',
|
'trusts',
|
||||||
self.assertValidTrust,
|
self.assertValidTrustSummary,
|
||||||
*args,
|
*args,
|
||||||
**kwargs)
|
**kwargs)
|
||||||
|
|
||||||
|
@ -933,7 +933,10 @@ class RestfulTestCase(rest.RestfulTestCase):
|
||||||
*args,
|
*args,
|
||||||
**kwargs)
|
**kwargs)
|
||||||
|
|
||||||
def assertValidTrust(self, entity, ref=None):
|
def assertValidTrustSummary(self, entity, ref=None):
|
||||||
|
return self.assertValidTrust(entity, ref, summary=True)
|
||||||
|
|
||||||
|
def assertValidTrust(self, entity, ref=None, summary=False):
|
||||||
self.assertIsNotNone(entity.get('trustor_user_id'))
|
self.assertIsNotNone(entity.get('trustor_user_id'))
|
||||||
self.assertIsNotNone(entity.get('trustee_user_id'))
|
self.assertIsNotNone(entity.get('trustee_user_id'))
|
||||||
|
|
||||||
|
@ -941,21 +944,23 @@ class RestfulTestCase(rest.RestfulTestCase):
|
||||||
if entity['expires_at'] is not None:
|
if entity['expires_at'] is not None:
|
||||||
self.assertValidISO8601ExtendedFormatDatetime(entity['expires_at'])
|
self.assertValidISO8601ExtendedFormatDatetime(entity['expires_at'])
|
||||||
|
|
||||||
# always disallow project xor project_id (neither or both is allowed)
|
if summary:
|
||||||
has_roles = bool(entity.get('roles'))
|
# Trust list contains no roles, but getting a specific
|
||||||
has_project = bool(entity.get('project_id'))
|
# trust by ID provides the detailed reponse containing roles
|
||||||
self.assertFalse(has_roles ^ has_project)
|
self.assertNotIn('roles', entity)
|
||||||
|
self.assertIn('project_id', entity)
|
||||||
|
else:
|
||||||
|
for role in entity['roles']:
|
||||||
|
self.assertIsNotNone(role)
|
||||||
|
self.assertValidEntity(role)
|
||||||
|
self.assertValidRole(role)
|
||||||
|
|
||||||
for role in entity['roles']:
|
self.assertValidListLinks(entity.get('roles_links'))
|
||||||
self.assertIsNotNone(role)
|
|
||||||
self.assertValidEntity(role)
|
|
||||||
self.assertValidRole(role)
|
|
||||||
|
|
||||||
self.assertValidListLinks(entity.get('roles_links'))
|
# always disallow role xor project_id (neither or both is allowed)
|
||||||
|
has_roles = bool(entity.get('roles'))
|
||||||
# these were used during dev and shouldn't land in final impl
|
has_project = bool(entity.get('project_id'))
|
||||||
self.assertNotIn('role_ids', entity)
|
self.assertFalse(has_roles ^ has_project)
|
||||||
self.assertNotIn('role_names', entity)
|
|
||||||
|
|
||||||
if ref:
|
if ref:
|
||||||
self.assertEqual(ref['trustor_user_id'], entity['trustor_user_id'])
|
self.assertEqual(ref['trustor_user_id'], entity['trustor_user_id'])
|
||||||
|
|
|
@ -2216,10 +2216,16 @@ class TestTrustAuth(TestAuthInfo):
|
||||||
r = self.post('/OS-TRUST/trusts', body={'trust': ref})
|
r = self.post('/OS-TRUST/trusts', body={'trust': ref})
|
||||||
self.assertValidTrustResponse(r, ref)
|
self.assertValidTrustResponse(r, ref)
|
||||||
|
|
||||||
|
r = self.get('/OS-TRUST/trusts', expected_status=200)
|
||||||
|
trusts = r.result['trusts']
|
||||||
|
self.assertEqual(len(trusts), 3)
|
||||||
|
self.assertValidTrustListResponse(r)
|
||||||
|
|
||||||
r = self.get('/OS-TRUST/trusts?trustor_user_id=%s' %
|
r = self.get('/OS-TRUST/trusts?trustor_user_id=%s' %
|
||||||
self.user_id, expected_status=200)
|
self.user_id, expected_status=200)
|
||||||
trusts = r.result['trusts']
|
trusts = r.result['trusts']
|
||||||
self.assertEqual(len(trusts), 3)
|
self.assertEqual(len(trusts), 3)
|
||||||
|
self.assertValidTrustListResponse(r)
|
||||||
|
|
||||||
r = self.get('/OS-TRUST/trusts?trustee_user_id=%s' %
|
r = self.get('/OS-TRUST/trusts?trustee_user_id=%s' %
|
||||||
self.user_id, expected_status=200)
|
self.user_id, expected_status=200)
|
||||||
|
|
|
@ -208,9 +208,16 @@ class TrustV3(controller.V3Controller):
|
||||||
if user_id != calling_user_id:
|
if user_id != calling_user_id:
|
||||||
raise exception.Forbidden()
|
raise exception.Forbidden()
|
||||||
trusts += self.trust_api.list_trusts_for_trustee(user_id)
|
trusts += self.trust_api.list_trusts_for_trustee(user_id)
|
||||||
global_roles = self.assignment_api.list_roles()
|
|
||||||
for trust in trusts:
|
for trust in trusts:
|
||||||
self._fill_in_roles(context, trust, global_roles)
|
# get_trust returns roles, list_trusts does not
|
||||||
|
# It seems in some circumstances, roles does not
|
||||||
|
# exist in the query response, so check first
|
||||||
|
if 'roles' in trust:
|
||||||
|
del trust['roles']
|
||||||
|
if trust.get('expires_at') is not None:
|
||||||
|
trust['expires_at'] = (timeutils.isotime
|
||||||
|
(trust['expires_at'],
|
||||||
|
subsecond=True))
|
||||||
return TrustV3.wrap_collection(context, trusts)
|
return TrustV3.wrap_collection(context, trusts)
|
||||||
|
|
||||||
@controller.protected()
|
@controller.protected()
|
||||||
|
|
Loading…
Reference in New Issue