Fix trust creation error

For some unclear reasons, when we pass roles to trust_create, the SDK
will report a 'role not found' error. As a workaround, we don't pass
roles by default.

Change-Id: I40b47eae880c8319d2c045fdb20eb5124c8be8ec
This commit is contained in:
tengqm 2015-07-17 04:04:08 -04:00
parent d55233a2fc
commit cd9b278410
3 changed files with 22 additions and 16 deletions

View File

@ -84,7 +84,7 @@ class TrustMiddleware(wsgi.Middleware):
try:
trusts = kc.trust_get_by_trustor(ctx.user, admin_id, ctx.project)
except exception.TrustNotFound:
# No trust found is okay
# Trust not found is okay
trusts = []
if len(trusts) > 0:
@ -92,12 +92,9 @@ class TrustMiddleware(wsgi.Middleware):
else:
# Create a trust if no existing one found
try:
trust = kc.trust_create(ctx.user, admin_id, ctx.project,
ctx.roles)
except exception.Error as ex:
msg = _("Failed building trust from user: "
"%s.") % six.text_type(ex)
raise webob.exc.HTTPInternalServerError(msg)
trust = kc.trust_create(ctx.user, admin_id, ctx.project)
except exception.TrustCreationFailure as ex:
raise webob.exc.HTTPInternalServerError(six.text_type(ex))
# update cache
if cred_exists:

View File

@ -251,11 +251,12 @@ class EventNotFound(SenlinException):
class InternalError(SenlinException):
'''A base class for internal exceptions in senlin.
The internal exception classes which inherit from InternalError
class should be translated to a user facing exception.
The internal exception classes which inherit from :class:`InternalError`
class should be translated to a user facing exception type if need to be
made user visible.
'''
def __init__(self, **kwargs):
def __init__(self, message=None, **kwargs):
super(InternalError, self).__init__(**kwargs)
@ -273,6 +274,10 @@ class TrustNotFound(InternalError):
msg_fmt = _("The trust for trustor (%(trustor)s) could not be found.")
class TrustCreationFailure(InternalError):
msg_fmt = _("Failed in creating trust: %(reason)s.")
class ResourceNotFound(InternalError):
# Used when retrieving resources from other services
msg_fmt = _("The resource (%(resource)s) could not be found.")

View File

@ -67,7 +67,7 @@ class KeystoneClient(base.DriverBase):
if interface:
filters['interface'] = interface
endpoints = [e for e in self.conn.identity.endpoints(filters=filters)]
endpoints = [e for e in self.conn.identity.endpoints(**filters)]
if len(endpoints) == 0:
resource = _('endpoint: service=%(service)s,region='
'%(region)s,visibility=%(interface)s.'
@ -86,7 +86,7 @@ class KeystoneClient(base.DriverBase):
if name:
filters['name'] = name
services = [s for s in self.conn.identity.services(filters=filters)]
services = [s for s in self.conn.identity.services(**filters)]
if len(services) == 0:
resource = _('service:type=%(type)s%(name)s'
) % {'type': service_type,
@ -111,13 +111,13 @@ class KeystoneClient(base.DriverBase):
filters['project'] = project
try:
trusts = [t for t in self.conn.identity.trusts(filters=filters)]
trusts = [t for t in self.conn.identity.trusts(**filters)]
except sdk.exc.HttpException:
raise exception.TrustNotFound(trustor=trustor)
return trusts
def trust_create(self, trustor, trustee, project, roles,
def trust_create(self, trustor, trustee, project, roles=None,
impersonation=True):
'''Create trust between two users.
@ -129,19 +129,23 @@ class KeystoneClient(base.DriverBase):
the trustor.
'''
if roles:
role_list = [{'name': role} for role in roles]
else:
role_list = []
params = {
'trustor_user_id': trustor,
'trustee_user_id': trustee,
'project': project,
'impersonation': impersonation,
'allow_redelegation': True,
'roles': [{'name': role} for role in roles]
'roles': role_list
}
try:
result = self.conn.identity.create_trust(**params)
except sdk.exc.HttpException as ex:
raise exception.Error(message=six.text_type(ex))
raise exception.TrustCreationFailure(reason=six.text_type(ex))
return result