openstack
/
keystone
Code Issues Proposed changes

Create default role as a part of bootstrap 

Closes-Bug: #1635306

cherry-picked from 357bb561b8

Change-Id: Ib9b7fd3695799766c91e2fbeaaa9015c575b2829
This commit is contained in:
Adam Young 2016-10-21 12:28:39 -04:00 committed by Steve Martinelli
parent 18d6eb76ce
commit 3609439599
3 changed files with 34 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
keystone/assignment/core.py
View File

@ -180,21 +180,9 @@ class Manager(manager.Manager):
role_ids = list(set([x['role_id'] for x in assignment_list]))
return self.role_api.list_roles_from_ids(role_ids)
def add_user_to_project(self, tenant_id, user_id):
"""Add user to a tenant by creating a default role relationship.
:raises keystone.exception.ProjectNotFound: If the project doesn't
exist.
:raises keystone.exception.UserNotFound: If the user doesn't exist.
"""
self.resource_api.get_project(tenant_id)
def ensure_default_role(self):
try:
self.role_api.get_role(CONF.member_role_id)
self.driver.add_role_to_user_and_project(
user_id,
tenant_id,
CONF.member_role_id)
except exception.RoleNotFound:
LOG.info(_LI("Creating the default role %s "
"because it does not exist."),
@ -207,11 +195,23 @@ class Manager(manager.Manager):
LOG.info(_LI("Creating the default role %s failed because it "
"was already created"),
CONF.member_role_id)
# now that default role exists, the add should succeed
self.driver.add_role_to_user_and_project(
user_id,
tenant_id,
CONF.member_role_id)
def add_user_to_project(self, tenant_id, user_id):
"""Add user to a tenant by creating a default role relationship.
:raises keystone.exception.ProjectNotFound: If the project doesn't
exist.
:raises keystone.exception.UserNotFound: If the user doesn't exist.
"""
self.resource_api.get_project(tenant_id)
self.ensure_default_role()
# now that default role exists, the add should succeed
self.driver.add_role_to_user_and_project(
user_id,
tenant_id,
CONF.member_role_id)
COMPUTED_ASSIGNMENTS_REGION.invalidate()
@notifications.role_assignment('created')

2
keystone/cmd/cli.py
View File

@ -357,6 +357,8 @@ class BootStrap(BaseApp):
self.endpoints[interface] = endpoint_ref['id']
self.assignment_manager.ensure_default_role()
@classmethod
def main(cls):
klass = cls()

14
keystone/tests/unit/test_cli.py
View File

@ -27,6 +27,7 @@ from keystone.cmd import cli
from keystone.common import dependency
from keystone.common.sql import migration_helpers
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.identity.mapping_backends import mapping as identity_mapping
from keystone.tests import unit
@ -183,6 +184,19 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
user_id,
bootstrap.password)
def test_bootstrap_creates_default_role(self):
bootstrap = cli.BootStrap()
try:
role = bootstrap.role_manager.get_role(CONF.member_role_id)
self.fail('Member Role is created and should not be.')
except exception.RoleNotFound:
pass
self._do_test_bootstrap(bootstrap)
role = bootstrap.role_manager.get_role(CONF.member_role_id)
self.assertEqual(role['name'], CONF.member_role_name)
self.assertEqual(role['id'], CONF.member_role_id)
class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase):