Merge "trust creation allowed with empty roles list"

This commit is contained in:
Jenkins 2014-03-18 06:42:49 +00:00 committed by Gerrit Code Review
commit fa01e2e2d6
3 changed files with 24 additions and 6 deletions

View File

@ -702,17 +702,20 @@ class AuthWithTrust(AuthTest):
def test_create_trust_bad_data_fails(self): def test_create_trust_bad_data_fails(self):
context = self._create_auth_context( context = self._create_auth_context(
self.unscoped_token['access']['token']['id']) self.unscoped_token['access']['token']['id'])
bad_sample_data = {'trustor_user_id': self.trustor['id']} bad_sample_data = {'trustor_user_id': self.trustor['id'],
'project_id': self.tenant_bar['id'],
'roles': [{'id': self.role_browser['id']}]}
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
self.trust_controller.create_trust, self.trust_controller.create_trust,
context, trust=bad_sample_data) context, trust=bad_sample_data)
def test_create_trust_no_roles(self): def test_create_trust_no_roles(self):
self.new_trust = None context = {'token_id': self.unscoped_token['access']['token']['id']}
self.sample_data['roles'] = [] self.sample_data['roles'] = []
self.create_trust() self.assertRaises(exception.Forbidden,
self.assertEqual([], self.new_trust['roles']) self.trust_controller.create_trust,
context, trust=self.sample_data)
def test_create_trust(self): def test_create_trust(self):
self.assertEqual(self.trustor['id'], self.new_trust['trustor_user_id']) self.assertEqual(self.trustor['id'], self.new_trust['trustor_user_id'])

View File

@ -2298,6 +2298,14 @@ class TestTrustAuth(TestAuthInfo):
r = self.post('/OS-TRUST/trusts', body={'trust': ref}) r = self.post('/OS-TRUST/trusts', body={'trust': ref})
self.assertValidTrustResponse(r, ref) self.assertValidTrustResponse(r, ref)
def test_create_trust_no_roles(self):
ref = self.new_trust_ref(
trustor_user_id=self.user_id,
trustee_user_id=self.trustee_user_id,
project_id=self.project_id)
del ref['id']
self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=403)
def _initialize_test_consume_trust(self, count): def _initialize_test_consume_trust(self, count):
# Make sure remaining_uses is decremented as we consume the trust # Make sure remaining_uses is decremented as we consume the trust
ref = self.new_trust_ref( ref = self.new_trust_ref(
@ -2455,14 +2463,18 @@ class TestTrustAuth(TestAuthInfo):
def test_create_trust_trustee_404(self): def test_create_trust_trustee_404(self):
ref = self.new_trust_ref( ref = self.new_trust_ref(
trustor_user_id=self.user_id, trustor_user_id=self.user_id,
trustee_user_id=uuid.uuid4().hex) trustee_user_id=uuid.uuid4().hex,
project_id=self.project_id,
role_ids=[self.role_id])
del ref['id'] del ref['id']
self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=404) self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=404)
def test_create_trust_trustor_trustee_backwards(self): def test_create_trust_trustor_trustee_backwards(self):
ref = self.new_trust_ref( ref = self.new_trust_ref(
trustor_user_id=self.trustee_user_id, trustor_user_id=self.trustee_user_id,
trustee_user_id=self.user_id) trustee_user_id=self.user_id,
project_id=self.project_id,
role_ids=[self.role_id])
del ref['id'] del ref['id']
self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=403) self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=403)

View File

@ -134,6 +134,9 @@ class TrustV3(controller.V3Controller):
if not trust: if not trust:
raise exception.ValidationError(attribute='trust', raise exception.ValidationError(attribute='trust',
target='request') target='request')
if trust.get('project_id') and not trust.get('roles'):
raise exception.Forbidden(
_('At least one role should be specified.'))
try: try:
user_id = self._get_user_id(context) user_id = self._get_user_id(context)
_trustor_only(context, trust, user_id) _trustor_only(context, trust, user_id)