Create default role as a part of bootstrap
Closes-Bug: #1635306
cherry-picked from 357bb561b8
Change-Id: Ib9b7fd3695799766c91e2fbeaaa9015c575b2829
This commit is contained in:
parent
18d6eb76ce
commit
3609439599
|
@ -180,21 +180,9 @@ class Manager(manager.Manager):
|
|||
role_ids = list(set([x['role_id'] for x in assignment_list]))
|
||||
return self.role_api.list_roles_from_ids(role_ids)
|
||||
|
||||
def add_user_to_project(self, tenant_id, user_id):
|
||||
"""Add user to a tenant by creating a default role relationship.
|
||||
|
||||
:raises keystone.exception.ProjectNotFound: If the project doesn't
|
||||
exist.
|
||||
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
||||
|
||||
"""
|
||||
self.resource_api.get_project(tenant_id)
|
||||
def ensure_default_role(self):
|
||||
try:
|
||||
self.role_api.get_role(CONF.member_role_id)
|
||||
self.driver.add_role_to_user_and_project(
|
||||
user_id,
|
||||
tenant_id,
|
||||
CONF.member_role_id)
|
||||
except exception.RoleNotFound:
|
||||
LOG.info(_LI("Creating the default role %s "
|
||||
"because it does not exist."),
|
||||
|
@ -207,11 +195,23 @@ class Manager(manager.Manager):
|
|||
LOG.info(_LI("Creating the default role %s failed because it "
|
||||
"was already created"),
|
||||
CONF.member_role_id)
|
||||
# now that default role exists, the add should succeed
|
||||
self.driver.add_role_to_user_and_project(
|
||||
user_id,
|
||||
tenant_id,
|
||||
CONF.member_role_id)
|
||||
|
||||
def add_user_to_project(self, tenant_id, user_id):
|
||||
"""Add user to a tenant by creating a default role relationship.
|
||||
|
||||
:raises keystone.exception.ProjectNotFound: If the project doesn't
|
||||
exist.
|
||||
:raises keystone.exception.UserNotFound: If the user doesn't exist.
|
||||
|
||||
"""
|
||||
self.resource_api.get_project(tenant_id)
|
||||
self.ensure_default_role()
|
||||
|
||||
# now that default role exists, the add should succeed
|
||||
self.driver.add_role_to_user_and_project(
|
||||
user_id,
|
||||
tenant_id,
|
||||
CONF.member_role_id)
|
||||
COMPUTED_ASSIGNMENTS_REGION.invalidate()
|
||||
|
||||
@notifications.role_assignment('created')
|
||||
|
|
|
@ -357,6 +357,8 @@ class BootStrap(BaseApp):
|
|||
|
||||
self.endpoints[interface] = endpoint_ref['id']
|
||||
|
||||
self.assignment_manager.ensure_default_role()
|
||||
|
||||
@classmethod
|
||||
def main(cls):
|
||||
klass = cls()
|
||||
|
|
|
@ -27,6 +27,7 @@ from keystone.cmd import cli
|
|||
from keystone.common import dependency
|
||||
from keystone.common.sql import migration_helpers
|
||||
import keystone.conf
|
||||
from keystone import exception
|
||||
from keystone.i18n import _
|
||||
from keystone.identity.mapping_backends import mapping as identity_mapping
|
||||
from keystone.tests import unit
|
||||
|
@ -183,6 +184,19 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
|
|||
user_id,
|
||||
bootstrap.password)
|
||||
|
||||
def test_bootstrap_creates_default_role(self):
|
||||
bootstrap = cli.BootStrap()
|
||||
try:
|
||||
role = bootstrap.role_manager.get_role(CONF.member_role_id)
|
||||
self.fail('Member Role is created and should not be.')
|
||||
except exception.RoleNotFound:
|
||||
pass
|
||||
|
||||
self._do_test_bootstrap(bootstrap)
|
||||
role = bootstrap.role_manager.get_role(CONF.member_role_id)
|
||||
self.assertEqual(role['name'], CONF.member_role_name)
|
||||
self.assertEqual(role['id'], CONF.member_role_id)
|
||||
|
||||
|
||||
class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase):
|
||||
|
||||
|
|
Loading…
Reference in New Issue