Add support to inherited project role grant calls
Once inherited project role grant calls are implemented on python-keystoneclient, python-openstackclient also should support such calls. This patch add such support as well as its related tests. Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br> Change-Id: Id72670be8640e5c6e2490a6ef849e9ec3493b1a9 Implements: blueprint hierarchical-multitenancy
This commit is contained in:
parent
3120a0bd2a
commit
ed241ef9bc
@ -19,6 +19,7 @@ List role assignments
|
|||||||
[--domain <domain>]
|
[--domain <domain>]
|
||||||
[--project <project>]
|
[--project <project>]
|
||||||
[--effective]
|
[--effective]
|
||||||
|
[--inherited]
|
||||||
|
|
||||||
.. option:: --role <role>
|
.. option:: --role <role>
|
||||||
|
|
||||||
@ -43,3 +44,7 @@ List role assignments
|
|||||||
.. option:: --effective
|
.. option:: --effective
|
||||||
|
|
||||||
Returns only effective role assignments (defaults to False)
|
Returns only effective role assignments (defaults to False)
|
||||||
|
|
||||||
|
.. option:: --inherited
|
||||||
|
|
||||||
|
Specifies if the role grant is inheritable to the sub projects
|
||||||
|
@ -139,3 +139,12 @@ def add_project_domain_option_to_parser(parser):
|
|||||||
'This can be used in case collisions between project names '
|
'This can be used in case collisions between project names '
|
||||||
'exist.')
|
'exist.')
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def add_inherited_option_to_parser(parser):
|
||||||
|
parser.add_argument(
|
||||||
|
'--inherited',
|
||||||
|
action='store_true',
|
||||||
|
default=False,
|
||||||
|
help=('Specifies if the role grant is inheritable to the sub projects')
|
||||||
|
)
|
||||||
|
@ -55,6 +55,7 @@ def _add_identity_and_resource_options_to_parser(parser):
|
|||||||
common.add_group_domain_option_to_parser(parser)
|
common.add_group_domain_option_to_parser(parser)
|
||||||
common.add_project_domain_option_to_parser(parser)
|
common.add_project_domain_option_to_parser(parser)
|
||||||
common.add_user_domain_option_to_parser(parser)
|
common.add_user_domain_option_to_parser(parser)
|
||||||
|
common.add_inherited_option_to_parser(parser)
|
||||||
|
|
||||||
|
|
||||||
def _process_identity_and_resource_options(parsed_args,
|
def _process_identity_and_resource_options(parsed_args,
|
||||||
@ -102,6 +103,7 @@ def _process_identity_and_resource_options(parsed_args,
|
|||||||
parsed_args.project,
|
parsed_args.project,
|
||||||
parsed_args.group_domain,
|
parsed_args.group_domain,
|
||||||
).id
|
).id
|
||||||
|
kwargs['inherited'] = parsed_args.inherited
|
||||||
return kwargs
|
return kwargs
|
||||||
|
|
||||||
|
|
||||||
|
@ -45,6 +45,15 @@ class TestRole(identity_fakes.TestIdentityv3):
|
|||||||
self.roles_mock = self.app.client_manager.identity.roles
|
self.roles_mock = self.app.client_manager.identity.roles
|
||||||
self.roles_mock.reset_mock()
|
self.roles_mock.reset_mock()
|
||||||
|
|
||||||
|
def _is_inheritance_testcase(self):
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
class TestRoleInherited(TestRole):
|
||||||
|
|
||||||
|
def _is_inheritance_testcase(self):
|
||||||
|
return True
|
||||||
|
|
||||||
|
|
||||||
class TestRoleAdd(TestRole):
|
class TestRoleAdd(TestRole):
|
||||||
|
|
||||||
@ -95,12 +104,15 @@ class TestRoleAdd(TestRole):
|
|||||||
'--domain', identity_fakes.domain_name,
|
'--domain', identity_fakes.domain_name,
|
||||||
identity_fakes.role_name,
|
identity_fakes.role_name,
|
||||||
]
|
]
|
||||||
|
if self._is_inheritance_testcase():
|
||||||
|
arglist.append('--inherited')
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('user', identity_fakes.user_name),
|
('user', identity_fakes.user_name),
|
||||||
('group', None),
|
('group', None),
|
||||||
('domain', identity_fakes.domain_name),
|
('domain', identity_fakes.domain_name),
|
||||||
('project', None),
|
('project', None),
|
||||||
('role', identity_fakes.role_name),
|
('role', identity_fakes.role_name),
|
||||||
|
('inherited', self._is_inheritance_testcase()),
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
@ -111,6 +123,7 @@ class TestRoleAdd(TestRole):
|
|||||||
kwargs = {
|
kwargs = {
|
||||||
'user': identity_fakes.user_id,
|
'user': identity_fakes.user_id,
|
||||||
'domain': identity_fakes.domain_id,
|
'domain': identity_fakes.domain_id,
|
||||||
|
'inherited': self._is_inheritance_testcase(),
|
||||||
}
|
}
|
||||||
# RoleManager.grant(role, user=, group=, domain=, project=)
|
# RoleManager.grant(role, user=, group=, domain=, project=)
|
||||||
self.roles_mock.grant.assert_called_with(
|
self.roles_mock.grant.assert_called_with(
|
||||||
@ -124,12 +137,15 @@ class TestRoleAdd(TestRole):
|
|||||||
'--project', identity_fakes.project_name,
|
'--project', identity_fakes.project_name,
|
||||||
identity_fakes.role_name,
|
identity_fakes.role_name,
|
||||||
]
|
]
|
||||||
|
if self._is_inheritance_testcase():
|
||||||
|
arglist.append('--inherited')
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('user', identity_fakes.user_name),
|
('user', identity_fakes.user_name),
|
||||||
('group', None),
|
('group', None),
|
||||||
('domain', None),
|
('domain', None),
|
||||||
('project', identity_fakes.project_name),
|
('project', identity_fakes.project_name),
|
||||||
('role', identity_fakes.role_name),
|
('role', identity_fakes.role_name),
|
||||||
|
('inherited', self._is_inheritance_testcase()),
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
@ -140,6 +156,7 @@ class TestRoleAdd(TestRole):
|
|||||||
kwargs = {
|
kwargs = {
|
||||||
'user': identity_fakes.user_id,
|
'user': identity_fakes.user_id,
|
||||||
'project': identity_fakes.project_id,
|
'project': identity_fakes.project_id,
|
||||||
|
'inherited': self._is_inheritance_testcase(),
|
||||||
}
|
}
|
||||||
# RoleManager.grant(role, user=, group=, domain=, project=)
|
# RoleManager.grant(role, user=, group=, domain=, project=)
|
||||||
self.roles_mock.grant.assert_called_with(
|
self.roles_mock.grant.assert_called_with(
|
||||||
@ -153,12 +170,15 @@ class TestRoleAdd(TestRole):
|
|||||||
'--domain', identity_fakes.domain_name,
|
'--domain', identity_fakes.domain_name,
|
||||||
identity_fakes.role_name,
|
identity_fakes.role_name,
|
||||||
]
|
]
|
||||||
|
if self._is_inheritance_testcase():
|
||||||
|
arglist.append('--inherited')
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('user', None),
|
('user', None),
|
||||||
('group', identity_fakes.group_name),
|
('group', identity_fakes.group_name),
|
||||||
('domain', identity_fakes.domain_name),
|
('domain', identity_fakes.domain_name),
|
||||||
('project', None),
|
('project', None),
|
||||||
('role', identity_fakes.role_name),
|
('role', identity_fakes.role_name),
|
||||||
|
('inherited', self._is_inheritance_testcase()),
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
@ -169,6 +189,7 @@ class TestRoleAdd(TestRole):
|
|||||||
kwargs = {
|
kwargs = {
|
||||||
'group': identity_fakes.group_id,
|
'group': identity_fakes.group_id,
|
||||||
'domain': identity_fakes.domain_id,
|
'domain': identity_fakes.domain_id,
|
||||||
|
'inherited': self._is_inheritance_testcase(),
|
||||||
}
|
}
|
||||||
# RoleManager.grant(role, user=, group=, domain=, project=)
|
# RoleManager.grant(role, user=, group=, domain=, project=)
|
||||||
self.roles_mock.grant.assert_called_with(
|
self.roles_mock.grant.assert_called_with(
|
||||||
@ -182,12 +203,15 @@ class TestRoleAdd(TestRole):
|
|||||||
'--project', identity_fakes.project_name,
|
'--project', identity_fakes.project_name,
|
||||||
identity_fakes.role_name,
|
identity_fakes.role_name,
|
||||||
]
|
]
|
||||||
|
if self._is_inheritance_testcase():
|
||||||
|
arglist.append('--inherited')
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('user', None),
|
('user', None),
|
||||||
('group', identity_fakes.group_name),
|
('group', identity_fakes.group_name),
|
||||||
('domain', None),
|
('domain', None),
|
||||||
('project', identity_fakes.project_name),
|
('project', identity_fakes.project_name),
|
||||||
('role', identity_fakes.role_name),
|
('role', identity_fakes.role_name),
|
||||||
|
('inherited', self._is_inheritance_testcase()),
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
@ -198,6 +222,7 @@ class TestRoleAdd(TestRole):
|
|||||||
kwargs = {
|
kwargs = {
|
||||||
'group': identity_fakes.group_id,
|
'group': identity_fakes.group_id,
|
||||||
'project': identity_fakes.project_id,
|
'project': identity_fakes.project_id,
|
||||||
|
'inherited': self._is_inheritance_testcase(),
|
||||||
}
|
}
|
||||||
# RoleManager.grant(role, user=, group=, domain=, project=)
|
# RoleManager.grant(role, user=, group=, domain=, project=)
|
||||||
self.roles_mock.grant.assert_called_with(
|
self.roles_mock.grant.assert_called_with(
|
||||||
@ -206,6 +231,10 @@ class TestRoleAdd(TestRole):
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class TestRoleAddInherited(TestRoleAdd, TestRoleInherited):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
class TestRoleCreate(TestRole):
|
class TestRoleCreate(TestRole):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
@ -550,12 +579,15 @@ class TestRoleRemove(TestRole):
|
|||||||
'--domain', identity_fakes.domain_name,
|
'--domain', identity_fakes.domain_name,
|
||||||
identity_fakes.role_name,
|
identity_fakes.role_name,
|
||||||
]
|
]
|
||||||
|
if self._is_inheritance_testcase():
|
||||||
|
arglist.append('--inherited')
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('user', identity_fakes.user_name),
|
('user', identity_fakes.user_name),
|
||||||
('group', None),
|
('group', None),
|
||||||
('domain', identity_fakes.domain_name),
|
('domain', identity_fakes.domain_name),
|
||||||
('project', None),
|
('project', None),
|
||||||
('role', identity_fakes.role_name),
|
('role', identity_fakes.role_name),
|
||||||
|
('inherited', self._is_inheritance_testcase()),
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
@ -566,6 +598,7 @@ class TestRoleRemove(TestRole):
|
|||||||
kwargs = {
|
kwargs = {
|
||||||
'user': identity_fakes.user_id,
|
'user': identity_fakes.user_id,
|
||||||
'domain': identity_fakes.domain_id,
|
'domain': identity_fakes.domain_id,
|
||||||
|
'inherited': self._is_inheritance_testcase(),
|
||||||
}
|
}
|
||||||
# RoleManager.revoke(role, user=, group=, domain=, project=)
|
# RoleManager.revoke(role, user=, group=, domain=, project=)
|
||||||
self.roles_mock.revoke.assert_called_with(
|
self.roles_mock.revoke.assert_called_with(
|
||||||
@ -579,12 +612,15 @@ class TestRoleRemove(TestRole):
|
|||||||
'--project', identity_fakes.project_name,
|
'--project', identity_fakes.project_name,
|
||||||
identity_fakes.role_name,
|
identity_fakes.role_name,
|
||||||
]
|
]
|
||||||
|
if self._is_inheritance_testcase():
|
||||||
|
arglist.append('--inherited')
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('user', identity_fakes.user_name),
|
('user', identity_fakes.user_name),
|
||||||
('group', None),
|
('group', None),
|
||||||
('domain', None),
|
('domain', None),
|
||||||
('project', identity_fakes.project_name),
|
('project', identity_fakes.project_name),
|
||||||
('role', identity_fakes.role_name),
|
('role', identity_fakes.role_name),
|
||||||
|
('inherited', self._is_inheritance_testcase()),
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
@ -595,6 +631,7 @@ class TestRoleRemove(TestRole):
|
|||||||
kwargs = {
|
kwargs = {
|
||||||
'user': identity_fakes.user_id,
|
'user': identity_fakes.user_id,
|
||||||
'project': identity_fakes.project_id,
|
'project': identity_fakes.project_id,
|
||||||
|
'inherited': self._is_inheritance_testcase(),
|
||||||
}
|
}
|
||||||
# RoleManager.revoke(role, user=, group=, domain=, project=)
|
# RoleManager.revoke(role, user=, group=, domain=, project=)
|
||||||
self.roles_mock.revoke.assert_called_with(
|
self.roles_mock.revoke.assert_called_with(
|
||||||
@ -608,12 +645,16 @@ class TestRoleRemove(TestRole):
|
|||||||
'--domain', identity_fakes.domain_name,
|
'--domain', identity_fakes.domain_name,
|
||||||
identity_fakes.role_name,
|
identity_fakes.role_name,
|
||||||
]
|
]
|
||||||
|
if self._is_inheritance_testcase():
|
||||||
|
arglist.append('--inherited')
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('user', None),
|
('user', None),
|
||||||
('group', identity_fakes.group_name),
|
('group', identity_fakes.group_name),
|
||||||
('domain', identity_fakes.domain_name),
|
('domain', identity_fakes.domain_name),
|
||||||
('project', None),
|
('project', None),
|
||||||
('role', identity_fakes.role_name),
|
('role', identity_fakes.role_name),
|
||||||
|
('role', identity_fakes.role_name),
|
||||||
|
('inherited', self._is_inheritance_testcase()),
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
@ -624,6 +665,7 @@ class TestRoleRemove(TestRole):
|
|||||||
kwargs = {
|
kwargs = {
|
||||||
'group': identity_fakes.group_id,
|
'group': identity_fakes.group_id,
|
||||||
'domain': identity_fakes.domain_id,
|
'domain': identity_fakes.domain_id,
|
||||||
|
'inherited': self._is_inheritance_testcase(),
|
||||||
}
|
}
|
||||||
# RoleManager.revoke(role, user=, group=, domain=, project=)
|
# RoleManager.revoke(role, user=, group=, domain=, project=)
|
||||||
self.roles_mock.revoke.assert_called_with(
|
self.roles_mock.revoke.assert_called_with(
|
||||||
@ -637,12 +679,15 @@ class TestRoleRemove(TestRole):
|
|||||||
'--project', identity_fakes.project_name,
|
'--project', identity_fakes.project_name,
|
||||||
identity_fakes.role_name,
|
identity_fakes.role_name,
|
||||||
]
|
]
|
||||||
|
if self._is_inheritance_testcase():
|
||||||
|
arglist.append('--inherited')
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('user', None),
|
('user', None),
|
||||||
('group', identity_fakes.group_name),
|
('group', identity_fakes.group_name),
|
||||||
('domain', None),
|
('domain', None),
|
||||||
('project', identity_fakes.project_name),
|
('project', identity_fakes.project_name),
|
||||||
('role', identity_fakes.role_name),
|
('role', identity_fakes.role_name),
|
||||||
|
('inherited', self._is_inheritance_testcase()),
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
@ -653,6 +698,7 @@ class TestRoleRemove(TestRole):
|
|||||||
kwargs = {
|
kwargs = {
|
||||||
'group': identity_fakes.group_id,
|
'group': identity_fakes.group_id,
|
||||||
'project': identity_fakes.project_id,
|
'project': identity_fakes.project_id,
|
||||||
|
'inherited': self._is_inheritance_testcase(),
|
||||||
}
|
}
|
||||||
# RoleManager.revoke(role, user=, group=, domain=, project=)
|
# RoleManager.revoke(role, user=, group=, domain=, project=)
|
||||||
self.roles_mock.revoke.assert_called_with(
|
self.roles_mock.revoke.assert_called_with(
|
||||||
|
Loading…
x
Reference in New Issue
Block a user