summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGage Hugo <gagehugo@gmail.com>2017-05-11 10:34:26 -0400
committerGage Hugo <gagehugo@gmail.com>2017-05-11 10:46:03 -0400
commit4a82ab9065a659bbcb838240da113a0509f651aa (patch)
treef8dac67f82b13e0911f23e537135b478b15b7ec4
parent6e00d3c94d55a28a48016494447015fc57edec38 (diff)
Revert change 438035 is_admin_project default
This change reverts having is_admin_project default to False [0] since we currently need to have it revert to True in order to account for anyone who has not configured an admin project. This will be truely fixed at a later date. This also adds comments from another change [1] which clarifies the for why this should not be changed at this moment. [0] https://review.openstack.org/#/c/438035/ [1] https://review.openstack.org/#/c/257636/ Partial-Bug: 968696 Change-Id: I039bfc8a41d43634ebad545725b9188a82afb990 Co-Authored-By: Adam Young <ayoung@redhat.com> Co-Authored-By: Matthew Edmonds <edmondsw@us.ibm.com>
Notes
Notes (review): Code-Review+2: ayoung <ayoung@redhat.com> Code-Review+1: Kristi Nikolla <knikolla@bu.edu> Workflow+1: Boris Bobrov <breton@cynicmansion.ru> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Sun, 14 May 2017 17:13:47 +0000 Reviewed-on: https://review.openstack.org/464009 Project: openstack/keystone Branch: refs/heads/master
-rw-r--r--keystone/models/token_model.py9
-rw-r--r--keystone/tests/unit/token/test_token_model.py4
2 files changed, 9 insertions, 4 deletions
diff --git a/keystone/models/token_model.py b/keystone/models/token_model.py
index c869a63..00d5429 100644
--- a/keystone/models/token_model.py
+++ b/keystone/models/token_model.py
@@ -192,10 +192,15 @@ class KeystoneToken(dict):
192 192
193 @property 193 @property
194 def is_admin_project(self): 194 def is_admin_project(self):
195 # Prevent domain scoped tokens from acting as is_admin_project
195 if self.domain_scoped: 196 if self.domain_scoped:
196 # Currently, domain scoped tokens cannot act as is_admin_project
197 return False 197 return False
198 return self.get('is_admin_project', False) 198 # TODO(ayoung/edmondsw): Having is_admin_project default to True is
199 # essential for fixing bug #968696. If an admin project is not
200 # configured, we can add checks for is_admin_project:True and not
201 # block anyone that hasn't configured an admin_project. Do not change
202 # this until we can assume admin_project is actually set
203 return self.get('is_admin_project', True)
199 204
200 @property 205 @property
201 def trust_id(self): 206 def trust_id(self):
diff --git a/keystone/tests/unit/token/test_token_model.py b/keystone/tests/unit/token/test_token_model.py
index 702953a..75b7a06 100644
--- a/keystone/tests/unit/token/test_token_model.py
+++ b/keystone/tests/unit/token/test_token_model.py
@@ -87,8 +87,8 @@ class TestKeystoneTokenModel(core.TestCase):
87 self.assertTrue(token_data.scoped) 87 self.assertTrue(token_data.scoped)
88 self.assertTrue(token_data.trust_scoped) 88 self.assertTrue(token_data.trust_scoped)
89 89
90 # by default admin project is False for project scoped tokens 90 # by default admin project is True for project scoped tokens
91 self.assertFalse(token_data.is_admin_project) 91 self.assertTrue(token_data.is_admin_project)
92 92
93 self.assertEqual( 93 self.assertEqual(
94 [r['id'] for r in self.v3_sample_token['token']['roles']], 94 [r['id'] for r in self.v3_sample_token['token']['roles']],