Using trustor's session to delete the trust
Now use admin client to delete the trust gives the error: "You are not authorized to perform the requested action: Only admin or trustor can delete a trust.: ForbiddenAction: You are not authorized to perform the requested action: Only admin or trustor can delete a trust." This patch use trustor's session to delete the trust. Change-Id: Ib673128be860f548195181a465a9dff784cdef1a
This commit is contained in:
parent
4397025f56
commit
ea03ab3e7c
|
@ -118,9 +118,10 @@ def create_trust(trustee_token=None, trustee_project_id=None):
|
||||||
return trust.id
|
return trust.id
|
||||||
|
|
||||||
|
|
||||||
def delete_trust(trust):
|
def delete_trust(session):
|
||||||
user_client = _create_keystone_admin_client()
|
user_client = create_keystone_client(
|
||||||
user_client.trusts.delete(trust)
|
token=session.token, project_id=session.project_id)
|
||||||
|
user_client.trusts.delete(session.trust_id)
|
||||||
|
|
||||||
|
|
||||||
def _get_config_option(conf_section, option_name, default=None):
|
def _get_config_option(conf_section, option_name, default=None):
|
||||||
|
|
|
@ -323,7 +323,7 @@ class TaskExecutor(object):
|
||||||
def _delete_trust(self):
|
def _delete_trust(self):
|
||||||
trust_id = self._session.trust_id
|
trust_id = self._session.trust_id
|
||||||
if trust_id:
|
if trust_id:
|
||||||
auth_utils.delete_trust(self._session.trust_id)
|
auth_utils.delete_trust(self._session)
|
||||||
self._session.system_attributes['TrustId'] = None
|
self._session.system_attributes['TrustId'] = None
|
||||||
self._session.trust_id = None
|
self._session.trust_id = None
|
||||||
|
|
||||||
|
|
|
@ -238,16 +238,23 @@ class TestAuthUtils(base.MuranoTestCase):
|
||||||
role_names=mock.sentinel.role_names,
|
role_names=mock.sentinel.role_names,
|
||||||
project=mock.sentinel.project_id)
|
project=mock.sentinel.project_id)
|
||||||
|
|
||||||
@mock.patch.object(
|
@mock.patch.object(auth_utils, 'create_keystone_client', autospec=True)
|
||||||
auth_utils, '_create_keystone_admin_client', autospec=True)
|
def test_delete_trust(self, mock_ks_client):
|
||||||
def test_delete_trust(self, mock_create_ks_admin_client):
|
mock_auth_ref = mock.Mock(trust_id=mock.sentinel.trust_id,
|
||||||
mock_admin_client = mock.Mock()
|
token=mock.sentinel.token,
|
||||||
mock_create_ks_admin_client.return_value = mock_admin_client
|
project_id=mock.sentinel.project_id)
|
||||||
|
mock_user_session = mock.Mock(**{
|
||||||
|
'auth.get_access.return_value': mock_auth_ref
|
||||||
|
})
|
||||||
|
mock_user_client = mock.Mock(
|
||||||
|
session=mock_user_session)
|
||||||
|
|
||||||
auth_utils.delete_trust(mock.sentinel.trust)
|
mock_ks_client.return_value = mock_user_client
|
||||||
|
|
||||||
mock_admin_client.trusts.delete.assert_called_once_with(
|
auth_utils.delete_trust(mock_auth_ref)
|
||||||
mock.sentinel.trust)
|
|
||||||
|
mock_user_client.trusts.delete.assert_called_once_with(
|
||||||
|
mock_auth_ref.trust_id)
|
||||||
|
|
||||||
def test_get_config_option(self):
|
def test_get_config_option(self):
|
||||||
cfg.CONF.set_override('url', 'foourl', 'murano')
|
cfg.CONF.set_override('url', 'foourl', 'murano')
|
||||||
|
|
Loading…
Reference in New Issue