Merge "trust creation allowed with empty roles list"
This commit is contained in:
commit
fa01e2e2d6
@ -702,17 +702,20 @@ class AuthWithTrust(AuthTest):
|
|||||||
def test_create_trust_bad_data_fails(self):
|
def test_create_trust_bad_data_fails(self):
|
||||||
context = self._create_auth_context(
|
context = self._create_auth_context(
|
||||||
self.unscoped_token['access']['token']['id'])
|
self.unscoped_token['access']['token']['id'])
|
||||||
bad_sample_data = {'trustor_user_id': self.trustor['id']}
|
bad_sample_data = {'trustor_user_id': self.trustor['id'],
|
||||||
|
'project_id': self.tenant_bar['id'],
|
||||||
|
'roles': [{'id': self.role_browser['id']}]}
|
||||||
|
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
self.trust_controller.create_trust,
|
self.trust_controller.create_trust,
|
||||||
context, trust=bad_sample_data)
|
context, trust=bad_sample_data)
|
||||||
|
|
||||||
def test_create_trust_no_roles(self):
|
def test_create_trust_no_roles(self):
|
||||||
self.new_trust = None
|
context = {'token_id': self.unscoped_token['access']['token']['id']}
|
||||||
self.sample_data['roles'] = []
|
self.sample_data['roles'] = []
|
||||||
self.create_trust()
|
self.assertRaises(exception.Forbidden,
|
||||||
self.assertEqual([], self.new_trust['roles'])
|
self.trust_controller.create_trust,
|
||||||
|
context, trust=self.sample_data)
|
||||||
|
|
||||||
def test_create_trust(self):
|
def test_create_trust(self):
|
||||||
self.assertEqual(self.trustor['id'], self.new_trust['trustor_user_id'])
|
self.assertEqual(self.trustor['id'], self.new_trust['trustor_user_id'])
|
||||||
|
@ -2298,6 +2298,14 @@ class TestTrustAuth(TestAuthInfo):
|
|||||||
r = self.post('/OS-TRUST/trusts', body={'trust': ref})
|
r = self.post('/OS-TRUST/trusts', body={'trust': ref})
|
||||||
self.assertValidTrustResponse(r, ref)
|
self.assertValidTrustResponse(r, ref)
|
||||||
|
|
||||||
|
def test_create_trust_no_roles(self):
|
||||||
|
ref = self.new_trust_ref(
|
||||||
|
trustor_user_id=self.user_id,
|
||||||
|
trustee_user_id=self.trustee_user_id,
|
||||||
|
project_id=self.project_id)
|
||||||
|
del ref['id']
|
||||||
|
self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=403)
|
||||||
|
|
||||||
def _initialize_test_consume_trust(self, count):
|
def _initialize_test_consume_trust(self, count):
|
||||||
# Make sure remaining_uses is decremented as we consume the trust
|
# Make sure remaining_uses is decremented as we consume the trust
|
||||||
ref = self.new_trust_ref(
|
ref = self.new_trust_ref(
|
||||||
@ -2455,14 +2463,18 @@ class TestTrustAuth(TestAuthInfo):
|
|||||||
def test_create_trust_trustee_404(self):
|
def test_create_trust_trustee_404(self):
|
||||||
ref = self.new_trust_ref(
|
ref = self.new_trust_ref(
|
||||||
trustor_user_id=self.user_id,
|
trustor_user_id=self.user_id,
|
||||||
trustee_user_id=uuid.uuid4().hex)
|
trustee_user_id=uuid.uuid4().hex,
|
||||||
|
project_id=self.project_id,
|
||||||
|
role_ids=[self.role_id])
|
||||||
del ref['id']
|
del ref['id']
|
||||||
self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=404)
|
self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=404)
|
||||||
|
|
||||||
def test_create_trust_trustor_trustee_backwards(self):
|
def test_create_trust_trustor_trustee_backwards(self):
|
||||||
ref = self.new_trust_ref(
|
ref = self.new_trust_ref(
|
||||||
trustor_user_id=self.trustee_user_id,
|
trustor_user_id=self.trustee_user_id,
|
||||||
trustee_user_id=self.user_id)
|
trustee_user_id=self.user_id,
|
||||||
|
project_id=self.project_id,
|
||||||
|
role_ids=[self.role_id])
|
||||||
del ref['id']
|
del ref['id']
|
||||||
self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=403)
|
self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=403)
|
||||||
|
|
||||||
|
@ -134,6 +134,9 @@ class TrustV3(controller.V3Controller):
|
|||||||
if not trust:
|
if not trust:
|
||||||
raise exception.ValidationError(attribute='trust',
|
raise exception.ValidationError(attribute='trust',
|
||||||
target='request')
|
target='request')
|
||||||
|
if trust.get('project_id') and not trust.get('roles'):
|
||||||
|
raise exception.Forbidden(
|
||||||
|
_('At least one role should be specified.'))
|
||||||
try:
|
try:
|
||||||
user_id = self._get_user_id(context)
|
user_id = self._get_user_id(context)
|
||||||
_trustor_only(context, trust, user_id)
|
_trustor_only(context, trust, user_id)
|
||||||
|
Loading…
Reference in New Issue
Block a user