openstack/senlin
Code Issues Proposed changes

Fix trust creation error

Browse Source 
For some unclear reasons, when we pass roles to trust_create, the SDK
will report a 'role not found' error. As a workaround, we don't pass
roles by default.

Change-Id: I40b47eae880c8319d2c045fdb20eb5124c8be8ec
This commit is contained in:
tengqm 2015-07-17 04:04:08 -04:00
parent d55233a2fc
commit cd9b278410
3 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
senlin/api/middleware/trust.py
View File

@ -84,7 +84,7 @@ class TrustMiddleware(wsgi.Middleware):
try: try:
trusts = kc.trust_get_by_trustor(ctx.user, admin_id, ctx.project) trusts = kc.trust_get_by_trustor(ctx.user, admin_id, ctx.project)
except exception.TrustNotFound: except exception.TrustNotFound:
# No trust found is okay # Trust not found is okay
trusts = [] trusts = []
if len(trusts) > 0: if len(trusts) > 0:
@ -92,12 +92,9 @@ class TrustMiddleware(wsgi.Middleware):
else: else:
# Create a trust if no existing one found # Create a trust if no existing one found
try: try:
trust = kc.trust_create(ctx.user, admin_id, ctx.project, trust = kc.trust_create(ctx.user, admin_id, ctx.project)
ctx.roles) except exception.TrustCreationFailure as ex:
except exception.Error as ex: raise webob.exc.HTTPInternalServerError(six.text_type(ex))
msg = _("Failed building trust from user: "
"%s.") % six.text_type(ex)
raise webob.exc.HTTPInternalServerError(msg)
# update cache # update cache
if cred_exists: if cred_exists:

11
senlin/common/exception.py
View File

@ -251,11 +251,12 @@ class EventNotFound(SenlinException):
class InternalError(SenlinException): class InternalError(SenlinException):
'''A base class for internal exceptions in senlin. '''A base class for internal exceptions in senlin.
The internal exception classes which inherit from InternalError The internal exception classes which inherit from :class:`InternalError`
class should be translated to a user facing exception. class should be translated to a user facing exception type if need to be
made user visible.
''' '''
def __init__(self, **kwargs): def __init__(self, message=None, **kwargs):
super(InternalError, self).__init__(**kwargs) super(InternalError, self).__init__(**kwargs)
@ -273,6 +274,10 @@ class TrustNotFound(InternalError):
msg_fmt = _("The trust for trustor (%(trustor)s) could not be found.") msg_fmt = _("The trust for trustor (%(trustor)s) could not be found.")
class TrustCreationFailure(InternalError):
msg_fmt = _("Failed in creating trust: %(reason)s.")
class ResourceNotFound(InternalError): class ResourceNotFound(InternalError):
# Used when retrieving resources from other services # Used when retrieving resources from other services
msg_fmt = _("The resource (%(resource)s) could not be found.") msg_fmt = _("The resource (%(resource)s) could not be found.")

16
senlin/drivers/openstack/keystone_v3.py
View File

@ -67,7 +67,7 @@ class KeystoneClient(base.DriverBase):
if interface: if interface:
filters['interface'] = interface filters['interface'] = interface
endpoints = [e for e in self.conn.identity.endpoints(filters=filters)] endpoints = [e for e in self.conn.identity.endpoints(**filters)]
if len(endpoints) == 0: if len(endpoints) == 0:
resource = _('endpoint: service=%(service)s,region=' resource = _('endpoint: service=%(service)s,region='
'%(region)s,visibility=%(interface)s.' '%(region)s,visibility=%(interface)s.'
@ -86,7 +86,7 @@ class KeystoneClient(base.DriverBase):
if name: if name:
filters['name'] = name filters['name'] = name
services = [s for s in self.conn.identity.services(filters=filters)] services = [s for s in self.conn.identity.services(**filters)]
if len(services) == 0: if len(services) == 0:
resource = _('service:type=%(type)s%(name)s' resource = _('service:type=%(type)s%(name)s'
) % {'type': service_type, ) % {'type': service_type,
@ -111,13 +111,13 @@ class KeystoneClient(base.DriverBase):
filters['project'] = project filters['project'] = project
try: try:
trusts = [t for t in self.conn.identity.trusts(filters=filters)] trusts = [t for t in self.conn.identity.trusts(**filters)]
except sdk.exc.HttpException: except sdk.exc.HttpException:
raise exception.TrustNotFound(trustor=trustor) raise exception.TrustNotFound(trustor=trustor)
return trusts return trusts
def trust_create(self, trustor, trustee, project, roles, def trust_create(self, trustor, trustee, project, roles=None,
impersonation=True): impersonation=True):
'''Create trust between two users. '''Create trust between two users.
@ -129,19 +129,23 @@ class KeystoneClient(base.DriverBase):
the trustor. the trustor.
''' '''
if roles:
role_list = [{'name': role} for role in roles]
else:
role_list = []
params = { params = {
'trustor_user_id': trustor, 'trustor_user_id': trustor,
'trustee_user_id': trustee, 'trustee_user_id': trustee,
'project': project, 'project': project,
'impersonation': impersonation, 'impersonation': impersonation,
'allow_redelegation': True, 'allow_redelegation': True,
'roles': [{'name': role} for role in roles] 'roles': role_list
} }
try: try:
result = self.conn.identity.create_trust(**params) result = self.conn.identity.create_trust(**params)
except sdk.exc.HttpException as ex: except sdk.exc.HttpException as ex:
raise exception.Error(message=six.text_type(ex)) raise exception.TrustCreationFailure(reason=six.text_type(ex))
return result return result