Inhrerit roles project calls on keystoneclient v3
This patch allows the user to perform the Inherited roles from projects API calls through python-keystoneclient. Assign role to user on projects in a subtree PUT /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects List user's inherited project roles on project GET /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/inherited_to_projects Check if user has an inherited project role on project HEAD /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects Revoke an inherited project role from user on project DELETE /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects These same operations regarding groups instead of users are also available. Change-Id: I8396d80f031726bbd23f2cc2bb302a7691f98cba Closes-bug: 1446702
This commit is contained in:
parent
eae8e83f5a
commit
6dae40e7c6
|
@ -59,6 +59,20 @@ class RoleTests(utils.TestCase, utils.CrudTests):
|
|||
self.manager.grant(role=ref['id'], domain=domain_id, user=user_id,
|
||||
os_inherit_extension_inherited=True)
|
||||
|
||||
def test_project_role_grant_inherited(self):
|
||||
user_id = uuid.uuid4().hex
|
||||
project_id = uuid.uuid4().hex
|
||||
ref = self.new_ref()
|
||||
|
||||
self.stub_url('PUT',
|
||||
['OS-INHERIT', 'projects', project_id, 'users', user_id,
|
||||
self.collection_key, ref['id'],
|
||||
'inherited_to_projects'],
|
||||
status_code=204)
|
||||
|
||||
self.manager.grant(role=ref['id'], project=project_id, user=user_id,
|
||||
os_inherit_extension_inherited=True)
|
||||
|
||||
def test_domain_group_role_grant(self):
|
||||
group_id = uuid.uuid4().hex
|
||||
domain_id = uuid.uuid4().hex
|
||||
|
@ -85,6 +99,20 @@ class RoleTests(utils.TestCase, utils.CrudTests):
|
|||
self.manager.grant(role=ref['id'], domain=domain_id, group=group_id,
|
||||
os_inherit_extension_inherited=True)
|
||||
|
||||
def test_project_group_role_grant_inherited(self):
|
||||
group_id = uuid.uuid4().hex
|
||||
project_id = uuid.uuid4().hex
|
||||
ref = self.new_ref()
|
||||
|
||||
self.stub_url('PUT',
|
||||
['OS-INHERIT', 'projects', project_id, 'groups',
|
||||
group_id, self.collection_key, ref['id'],
|
||||
'inherited_to_projects'],
|
||||
status_code=204)
|
||||
|
||||
self.manager.grant(role=ref['id'], project=project_id, group=group_id,
|
||||
os_inherit_extension_inherited=True)
|
||||
|
||||
def test_domain_role_list(self):
|
||||
user_id = uuid.uuid4().hex
|
||||
domain_id = uuid.uuid4().hex
|
||||
|
@ -113,6 +141,23 @@ class RoleTests(utils.TestCase, utils.CrudTests):
|
|||
self.assertThat(ref_list, matchers.HasLength(len(returned_list)))
|
||||
[self.assertIsInstance(r, self.model) for r in returned_list]
|
||||
|
||||
def test_project_user_role_list_inherited(self):
|
||||
user_id = uuid.uuid4().hex
|
||||
project_id = uuid.uuid4().hex
|
||||
ref_list = [self.new_ref(), self.new_ref()]
|
||||
|
||||
self.stub_entity('GET',
|
||||
['OS-INHERIT',
|
||||
'projects', project_id, 'users', user_id,
|
||||
self.collection_key, 'inherited_to_projects'],
|
||||
entity=ref_list)
|
||||
|
||||
returned_list = self.manager.list(project=project_id, user=user_id,
|
||||
os_inherit_extension_inherited=True)
|
||||
|
||||
self.assertThat(ref_list, matchers.HasLength(len(returned_list)))
|
||||
[self.assertIsInstance(r, self.model) for r in returned_list]
|
||||
|
||||
def test_domain_group_role_list(self):
|
||||
group_id = uuid.uuid4().hex
|
||||
domain_id = uuid.uuid4().hex
|
||||
|
@ -141,6 +186,23 @@ class RoleTests(utils.TestCase, utils.CrudTests):
|
|||
self.assertThat(ref_list, matchers.HasLength(len(returned_list)))
|
||||
[self.assertIsInstance(r, self.model) for r in returned_list]
|
||||
|
||||
def test_project_group_role_list_inherited(self):
|
||||
group_id = uuid.uuid4().hex
|
||||
project_id = uuid.uuid4().hex
|
||||
ref_list = [self.new_ref(), self.new_ref()]
|
||||
|
||||
self.stub_entity('GET',
|
||||
['OS-INHERIT',
|
||||
'projects', project_id, 'groups', group_id,
|
||||
self.collection_key, 'inherited_to_projects'],
|
||||
entity=ref_list)
|
||||
|
||||
returned_list = self.manager.list(project=project_id, group=group_id,
|
||||
os_inherit_extension_inherited=True)
|
||||
|
||||
self.assertThat(ref_list, matchers.HasLength(len(returned_list)))
|
||||
[self.assertIsInstance(r, self.model) for r in returned_list]
|
||||
|
||||
def test_domain_role_check(self):
|
||||
user_id = uuid.uuid4().hex
|
||||
domain_id = uuid.uuid4().hex
|
||||
|
@ -169,6 +231,21 @@ class RoleTests(utils.TestCase, utils.CrudTests):
|
|||
self.manager.check(role=ref['id'], domain=domain_id,
|
||||
user=user_id, os_inherit_extension_inherited=True)
|
||||
|
||||
def test_project_role_check_inherited(self):
|
||||
user_id = uuid.uuid4().hex
|
||||
project_id = uuid.uuid4().hex
|
||||
ref = self.new_ref()
|
||||
|
||||
self.stub_url('HEAD',
|
||||
['OS-INHERIT',
|
||||
'projects', project_id, 'users', user_id,
|
||||
self.collection_key, ref['id'],
|
||||
'inherited_to_projects'],
|
||||
status_code=204)
|
||||
|
||||
self.manager.check(role=ref['id'], project=project_id,
|
||||
user=user_id, os_inherit_extension_inherited=True)
|
||||
|
||||
def test_domain_group_role_check(self):
|
||||
return
|
||||
group_id = uuid.uuid4().hex
|
||||
|
@ -197,6 +274,21 @@ class RoleTests(utils.TestCase, utils.CrudTests):
|
|||
self.manager.check(role=ref['id'], domain=domain_id,
|
||||
group=group_id, os_inherit_extension_inherited=True)
|
||||
|
||||
def test_project_group_role_check_inherited(self):
|
||||
group_id = uuid.uuid4().hex
|
||||
project_id = uuid.uuid4().hex
|
||||
ref = self.new_ref()
|
||||
|
||||
self.stub_url('HEAD',
|
||||
['OS-INHERIT',
|
||||
'projects', project_id, 'groups', group_id,
|
||||
self.collection_key, ref['id'],
|
||||
'inherited_to_projects'],
|
||||
status_code=204)
|
||||
|
||||
self.manager.check(role=ref['id'], project=project_id,
|
||||
group=group_id, os_inherit_extension_inherited=True)
|
||||
|
||||
def test_domain_role_revoke(self):
|
||||
user_id = uuid.uuid4().hex
|
||||
domain_id = uuid.uuid4().hex
|
||||
|
@ -235,6 +327,20 @@ class RoleTests(utils.TestCase, utils.CrudTests):
|
|||
self.manager.revoke(role=ref['id'], domain=domain_id,
|
||||
user=user_id, os_inherit_extension_inherited=True)
|
||||
|
||||
def test_project_role_revoke_inherited(self):
|
||||
user_id = uuid.uuid4().hex
|
||||
project_id = uuid.uuid4().hex
|
||||
ref = self.new_ref()
|
||||
|
||||
self.stub_url('DELETE',
|
||||
['OS-INHERIT', 'projects', project_id, 'users', user_id,
|
||||
self.collection_key, ref['id'],
|
||||
'inherited_to_projects'],
|
||||
status_code=204)
|
||||
|
||||
self.manager.revoke(role=ref['id'], project=project_id,
|
||||
user=user_id, os_inherit_extension_inherited=True)
|
||||
|
||||
def test_domain_group_role_revoke_inherited(self):
|
||||
group_id = uuid.uuid4().hex
|
||||
domain_id = uuid.uuid4().hex
|
||||
|
@ -250,6 +356,21 @@ class RoleTests(utils.TestCase, utils.CrudTests):
|
|||
group=group_id,
|
||||
os_inherit_extension_inherited=True)
|
||||
|
||||
def test_project_group_role_revoke_inherited(self):
|
||||
group_id = uuid.uuid4().hex
|
||||
project_id = uuid.uuid4().hex
|
||||
ref = self.new_ref()
|
||||
|
||||
self.stub_url('DELETE',
|
||||
['OS-INHERIT', 'projects', project_id, 'groups',
|
||||
group_id, self.collection_key, ref['id'],
|
||||
'inherited_to_projects'],
|
||||
status_code=204)
|
||||
|
||||
self.manager.revoke(role=ref['id'], project=project_id,
|
||||
group=group_id,
|
||||
os_inherit_extension_inherited=True)
|
||||
|
||||
def test_project_role_grant(self):
|
||||
user_id = uuid.uuid4().hex
|
||||
project_id = uuid.uuid4().hex
|
||||
|
|
|
@ -50,8 +50,8 @@ class RoleManager(base.CrudManager):
|
|||
params['domain_id'] = base.getid(domain)
|
||||
base_url = '/domains/%(domain_id)s'
|
||||
|
||||
if use_inherit_extension:
|
||||
base_url = '/OS-INHERIT' + base_url
|
||||
if use_inherit_extension:
|
||||
base_url = '/OS-INHERIT' + base_url
|
||||
|
||||
if user:
|
||||
params['user_id'] = base.getid(user)
|
||||
|
|
Loading…
Reference in New Issue