Add support to inherited project role grant calls

Once inherited project role grant calls are
implemented on python-keystoneclient,
python-openstackclient also should support such
calls.
This patch add such support as well as its
related tests.

Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>

Change-Id: Id72670be8640e5c6e2490a6ef849e9ec3493b1a9
Implements: blueprint hierarchical-multitenancy
This commit is contained in:
Samuel de Medeiros Queiroz 2014-09-19 12:29:39 -03:00 committed by Raildo Mascena
parent 3120a0bd2a
commit ed241ef9bc
4 changed files with 62 additions and 0 deletions

View File

@ -19,6 +19,7 @@ List role assignments
[--domain <domain>] [--domain <domain>]
[--project <project>] [--project <project>]
[--effective] [--effective]
[--inherited]
.. option:: --role <role> .. option:: --role <role>
@ -43,3 +44,7 @@ List role assignments
.. option:: --effective .. option:: --effective
Returns only effective role assignments (defaults to False) Returns only effective role assignments (defaults to False)
.. option:: --inherited
Specifies if the role grant is inheritable to the sub projects

View File

@ -139,3 +139,12 @@ def add_project_domain_option_to_parser(parser):
'This can be used in case collisions between project names ' 'This can be used in case collisions between project names '
'exist.') 'exist.')
) )
def add_inherited_option_to_parser(parser):
parser.add_argument(
'--inherited',
action='store_true',
default=False,
help=('Specifies if the role grant is inheritable to the sub projects')
)

View File

@ -55,6 +55,7 @@ def _add_identity_and_resource_options_to_parser(parser):
common.add_group_domain_option_to_parser(parser) common.add_group_domain_option_to_parser(parser)
common.add_project_domain_option_to_parser(parser) common.add_project_domain_option_to_parser(parser)
common.add_user_domain_option_to_parser(parser) common.add_user_domain_option_to_parser(parser)
common.add_inherited_option_to_parser(parser)
def _process_identity_and_resource_options(parsed_args, def _process_identity_and_resource_options(parsed_args,
@ -102,6 +103,7 @@ def _process_identity_and_resource_options(parsed_args,
parsed_args.project, parsed_args.project,
parsed_args.group_domain, parsed_args.group_domain,
).id ).id
kwargs['inherited'] = parsed_args.inherited
return kwargs return kwargs

View File

@ -45,6 +45,15 @@ class TestRole(identity_fakes.TestIdentityv3):
self.roles_mock = self.app.client_manager.identity.roles self.roles_mock = self.app.client_manager.identity.roles
self.roles_mock.reset_mock() self.roles_mock.reset_mock()
def _is_inheritance_testcase(self):
return False
class TestRoleInherited(TestRole):
def _is_inheritance_testcase(self):
return True
class TestRoleAdd(TestRole): class TestRoleAdd(TestRole):
@ -95,12 +104,15 @@ class TestRoleAdd(TestRole):
'--domain', identity_fakes.domain_name, '--domain', identity_fakes.domain_name,
identity_fakes.role_name, identity_fakes.role_name,
] ]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [ verifylist = [
('user', identity_fakes.user_name), ('user', identity_fakes.user_name),
('group', None), ('group', None),
('domain', identity_fakes.domain_name), ('domain', identity_fakes.domain_name),
('project', None), ('project', None),
('role', identity_fakes.role_name), ('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -111,6 +123,7 @@ class TestRoleAdd(TestRole):
kwargs = { kwargs = {
'user': identity_fakes.user_id, 'user': identity_fakes.user_id,
'domain': identity_fakes.domain_id, 'domain': identity_fakes.domain_id,
'inherited': self._is_inheritance_testcase(),
} }
# RoleManager.grant(role, user=, group=, domain=, project=) # RoleManager.grant(role, user=, group=, domain=, project=)
self.roles_mock.grant.assert_called_with( self.roles_mock.grant.assert_called_with(
@ -124,12 +137,15 @@ class TestRoleAdd(TestRole):
'--project', identity_fakes.project_name, '--project', identity_fakes.project_name,
identity_fakes.role_name, identity_fakes.role_name,
] ]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [ verifylist = [
('user', identity_fakes.user_name), ('user', identity_fakes.user_name),
('group', None), ('group', None),
('domain', None), ('domain', None),
('project', identity_fakes.project_name), ('project', identity_fakes.project_name),
('role', identity_fakes.role_name), ('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -140,6 +156,7 @@ class TestRoleAdd(TestRole):
kwargs = { kwargs = {
'user': identity_fakes.user_id, 'user': identity_fakes.user_id,
'project': identity_fakes.project_id, 'project': identity_fakes.project_id,
'inherited': self._is_inheritance_testcase(),
} }
# RoleManager.grant(role, user=, group=, domain=, project=) # RoleManager.grant(role, user=, group=, domain=, project=)
self.roles_mock.grant.assert_called_with( self.roles_mock.grant.assert_called_with(
@ -153,12 +170,15 @@ class TestRoleAdd(TestRole):
'--domain', identity_fakes.domain_name, '--domain', identity_fakes.domain_name,
identity_fakes.role_name, identity_fakes.role_name,
] ]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [ verifylist = [
('user', None), ('user', None),
('group', identity_fakes.group_name), ('group', identity_fakes.group_name),
('domain', identity_fakes.domain_name), ('domain', identity_fakes.domain_name),
('project', None), ('project', None),
('role', identity_fakes.role_name), ('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -169,6 +189,7 @@ class TestRoleAdd(TestRole):
kwargs = { kwargs = {
'group': identity_fakes.group_id, 'group': identity_fakes.group_id,
'domain': identity_fakes.domain_id, 'domain': identity_fakes.domain_id,
'inherited': self._is_inheritance_testcase(),
} }
# RoleManager.grant(role, user=, group=, domain=, project=) # RoleManager.grant(role, user=, group=, domain=, project=)
self.roles_mock.grant.assert_called_with( self.roles_mock.grant.assert_called_with(
@ -182,12 +203,15 @@ class TestRoleAdd(TestRole):
'--project', identity_fakes.project_name, '--project', identity_fakes.project_name,
identity_fakes.role_name, identity_fakes.role_name,
] ]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [ verifylist = [
('user', None), ('user', None),
('group', identity_fakes.group_name), ('group', identity_fakes.group_name),
('domain', None), ('domain', None),
('project', identity_fakes.project_name), ('project', identity_fakes.project_name),
('role', identity_fakes.role_name), ('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -198,6 +222,7 @@ class TestRoleAdd(TestRole):
kwargs = { kwargs = {
'group': identity_fakes.group_id, 'group': identity_fakes.group_id,
'project': identity_fakes.project_id, 'project': identity_fakes.project_id,
'inherited': self._is_inheritance_testcase(),
} }
# RoleManager.grant(role, user=, group=, domain=, project=) # RoleManager.grant(role, user=, group=, domain=, project=)
self.roles_mock.grant.assert_called_with( self.roles_mock.grant.assert_called_with(
@ -206,6 +231,10 @@ class TestRoleAdd(TestRole):
) )
class TestRoleAddInherited(TestRoleAdd, TestRoleInherited):
pass
class TestRoleCreate(TestRole): class TestRoleCreate(TestRole):
def setUp(self): def setUp(self):
@ -550,12 +579,15 @@ class TestRoleRemove(TestRole):
'--domain', identity_fakes.domain_name, '--domain', identity_fakes.domain_name,
identity_fakes.role_name, identity_fakes.role_name,
] ]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [ verifylist = [
('user', identity_fakes.user_name), ('user', identity_fakes.user_name),
('group', None), ('group', None),
('domain', identity_fakes.domain_name), ('domain', identity_fakes.domain_name),
('project', None), ('project', None),
('role', identity_fakes.role_name), ('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -566,6 +598,7 @@ class TestRoleRemove(TestRole):
kwargs = { kwargs = {
'user': identity_fakes.user_id, 'user': identity_fakes.user_id,
'domain': identity_fakes.domain_id, 'domain': identity_fakes.domain_id,
'inherited': self._is_inheritance_testcase(),
} }
# RoleManager.revoke(role, user=, group=, domain=, project=) # RoleManager.revoke(role, user=, group=, domain=, project=)
self.roles_mock.revoke.assert_called_with( self.roles_mock.revoke.assert_called_with(
@ -579,12 +612,15 @@ class TestRoleRemove(TestRole):
'--project', identity_fakes.project_name, '--project', identity_fakes.project_name,
identity_fakes.role_name, identity_fakes.role_name,
] ]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [ verifylist = [
('user', identity_fakes.user_name), ('user', identity_fakes.user_name),
('group', None), ('group', None),
('domain', None), ('domain', None),
('project', identity_fakes.project_name), ('project', identity_fakes.project_name),
('role', identity_fakes.role_name), ('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -595,6 +631,7 @@ class TestRoleRemove(TestRole):
kwargs = { kwargs = {
'user': identity_fakes.user_id, 'user': identity_fakes.user_id,
'project': identity_fakes.project_id, 'project': identity_fakes.project_id,
'inherited': self._is_inheritance_testcase(),
} }
# RoleManager.revoke(role, user=, group=, domain=, project=) # RoleManager.revoke(role, user=, group=, domain=, project=)
self.roles_mock.revoke.assert_called_with( self.roles_mock.revoke.assert_called_with(
@ -608,12 +645,16 @@ class TestRoleRemove(TestRole):
'--domain', identity_fakes.domain_name, '--domain', identity_fakes.domain_name,
identity_fakes.role_name, identity_fakes.role_name,
] ]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [ verifylist = [
('user', None), ('user', None),
('group', identity_fakes.group_name), ('group', identity_fakes.group_name),
('domain', identity_fakes.domain_name), ('domain', identity_fakes.domain_name),
('project', None), ('project', None),
('role', identity_fakes.role_name), ('role', identity_fakes.role_name),
('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -624,6 +665,7 @@ class TestRoleRemove(TestRole):
kwargs = { kwargs = {
'group': identity_fakes.group_id, 'group': identity_fakes.group_id,
'domain': identity_fakes.domain_id, 'domain': identity_fakes.domain_id,
'inherited': self._is_inheritance_testcase(),
} }
# RoleManager.revoke(role, user=, group=, domain=, project=) # RoleManager.revoke(role, user=, group=, domain=, project=)
self.roles_mock.revoke.assert_called_with( self.roles_mock.revoke.assert_called_with(
@ -637,12 +679,15 @@ class TestRoleRemove(TestRole):
'--project', identity_fakes.project_name, '--project', identity_fakes.project_name,
identity_fakes.role_name, identity_fakes.role_name,
] ]
if self._is_inheritance_testcase():
arglist.append('--inherited')
verifylist = [ verifylist = [
('user', None), ('user', None),
('group', identity_fakes.group_name), ('group', identity_fakes.group_name),
('domain', None), ('domain', None),
('project', identity_fakes.project_name), ('project', identity_fakes.project_name),
('role', identity_fakes.role_name), ('role', identity_fakes.role_name),
('inherited', self._is_inheritance_testcase()),
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -653,6 +698,7 @@ class TestRoleRemove(TestRole):
kwargs = { kwargs = {
'group': identity_fakes.group_id, 'group': identity_fakes.group_id,
'project': identity_fakes.project_id, 'project': identity_fakes.project_id,
'inherited': self._is_inheritance_testcase(),
} }
# RoleManager.revoke(role, user=, group=, domain=, project=) # RoleManager.revoke(role, user=, group=, domain=, project=)
self.roles_mock.revoke.assert_called_with( self.roles_mock.revoke.assert_called_with(