Remove [token]/ infer_roles
infer_roles in [token] is deprecated. This patch removes the same. Partial-Bug: #1829453 Change-Id: If77d73eeac6db215d7710b33c6dba926c14ae2b2
This commit is contained in:
parent
5c5d71cce9
commit
be36a939cf
|
@ -646,8 +646,6 @@ class Manager(manager.Manager):
|
|||
indirect['role_id'] = prior_ref['role_id']
|
||||
return implied_ref
|
||||
|
||||
if not CONF.token.infer_roles:
|
||||
return role_refs
|
||||
try:
|
||||
implied_roles_cache = {}
|
||||
role_refs_to_check = list(role_refs)
|
||||
|
|
|
@ -89,23 +89,6 @@ for tokens with a more specific scope) or to provide their credentials in every
|
|||
request for a scoped token to avoid re-scoping altogether.
|
||||
"""))
|
||||
|
||||
infer_roles = cfg.BoolOpt(
|
||||
'infer_roles',
|
||||
default=True,
|
||||
deprecated_since=versionutils.deprecated.ROCKY,
|
||||
deprecated_reason=utils.fmt("""
|
||||
Default roles depend on a chain of implied role assignments. Ex: an admin user
|
||||
will also have the reader and member role. By ensuring that all these roles
|
||||
will always appear on the token validation response, we can improve the
|
||||
simplicity and readability of policy files.
|
||||
"""),
|
||||
deprecated_for_removal=True,
|
||||
help=utils.fmt("""
|
||||
This controls whether roles should be included with tokens that are not
|
||||
directly assigned to the token's scope, but are instead linked implicitly to
|
||||
other role assignments.
|
||||
"""))
|
||||
|
||||
cache_on_issue = cfg.BoolOpt(
|
||||
'cache_on_issue',
|
||||
default=True,
|
||||
|
@ -144,7 +127,6 @@ ALL_OPTS = [
|
|||
cache_time,
|
||||
revoke_by_id,
|
||||
allow_rescope_scoped_token,
|
||||
infer_roles,
|
||||
cache_on_issue,
|
||||
allow_expired_window,
|
||||
]
|
||||
|
|
|
@ -2061,11 +2061,11 @@ class TokenAPITests(object):
|
|||
def test_create_implied_role_shows_in_v3_project_token(self):
|
||||
# regardless of the default chosen, this should always
|
||||
# test with the option set.
|
||||
self.config_fixture.config(group='token', infer_roles=True)
|
||||
self.config_fixture.config(group='token')
|
||||
self._create_implied_role_shows_in_v3_token(False)
|
||||
|
||||
def test_create_implied_role_shows_in_v3_domain_token(self):
|
||||
self.config_fixture.config(group='token', infer_roles=True)
|
||||
self.config_fixture.config(group='token')
|
||||
PROVIDERS.assignment_api.create_grant(
|
||||
self.role['id'], user_id=self.user['id'],
|
||||
domain_id=self.domain['id']
|
||||
|
@ -2074,7 +2074,7 @@ class TokenAPITests(object):
|
|||
self._create_implied_role_shows_in_v3_token(True)
|
||||
|
||||
def test_create_implied_role_shows_in_v3_system_token(self):
|
||||
self.config_fixture.config(group='token', infer_roles=True)
|
||||
self.config_fixture.config(group='token')
|
||||
PROVIDERS.assignment_api.create_system_grant_for_user(
|
||||
self.user['id'], self.role['id']
|
||||
)
|
||||
|
@ -2091,7 +2091,7 @@ class TokenAPITests(object):
|
|||
self.assertEqual(2, len(token_roles))
|
||||
|
||||
def test_group_assigned_implied_role_shows_in_v3_token(self):
|
||||
self.config_fixture.config(group='token', infer_roles=True)
|
||||
self.config_fixture.config(group='token')
|
||||
is_domain = False
|
||||
token_roles = self._get_scoped_token_roles(is_domain)
|
||||
self.assertEqual(1, len(token_roles))
|
||||
|
@ -2130,7 +2130,7 @@ class TokenAPITests(object):
|
|||
self.assertIn(implied2['id'], token_role_ids)
|
||||
|
||||
def test_multiple_implied_roles_show_in_v3_token(self):
|
||||
self.config_fixture.config(group='token', infer_roles=True)
|
||||
self.config_fixture.config(group='token')
|
||||
token_roles = self._get_scoped_token_roles()
|
||||
self.assertEqual(1, len(token_roles))
|
||||
|
||||
|
@ -2149,7 +2149,7 @@ class TokenAPITests(object):
|
|||
self.assertIn(implied3['id'], token_role_ids)
|
||||
|
||||
def test_chained_implied_role_shows_in_v3_token(self):
|
||||
self.config_fixture.config(group='token', infer_roles=True)
|
||||
self.config_fixture.config(group='token')
|
||||
token_roles = self._get_scoped_token_roles()
|
||||
self.assertEqual(1, len(token_roles))
|
||||
|
||||
|
@ -2169,7 +2169,7 @@ class TokenAPITests(object):
|
|||
self.assertIn(implied3['id'], token_role_ids)
|
||||
|
||||
def test_implied_role_disabled_by_config(self):
|
||||
self.config_fixture.config(group='token', infer_roles=False)
|
||||
self.config_fixture.config(group='token')
|
||||
token_roles = self._get_scoped_token_roles()
|
||||
self.assertEqual(1, len(token_roles))
|
||||
|
||||
|
@ -2179,12 +2179,12 @@ class TokenAPITests(object):
|
|||
self._create_implied_role(implied2['id'])
|
||||
|
||||
token_roles = self._get_scoped_token_roles()
|
||||
self.assertEqual(1, len(token_roles))
|
||||
self.assertEqual(4, len(token_roles))
|
||||
token_role_ids = [role['id'] for role in token_roles]
|
||||
self.assertIn(prior, token_role_ids)
|
||||
|
||||
def test_delete_implied_role_do_not_show_in_v3_token(self):
|
||||
self.config_fixture.config(group='token', infer_roles=True)
|
||||
self.config_fixture.config(group='token')
|
||||
token_roles = self._get_scoped_token_roles()
|
||||
prior = token_roles[0]['id']
|
||||
implied = self._create_implied_role(prior)
|
||||
|
@ -2197,7 +2197,7 @@ class TokenAPITests(object):
|
|||
self.assertEqual(1, len(token_roles))
|
||||
|
||||
def test_unrelated_implied_roles_do_not_change_v3_token(self):
|
||||
self.config_fixture.config(group='token', infer_roles=True)
|
||||
self.config_fixture.config(group='token')
|
||||
token_roles = self._get_scoped_token_roles()
|
||||
prior = token_roles[0]['id']
|
||||
implied = self._create_implied_role(prior)
|
||||
|
@ -2217,7 +2217,7 @@ class TokenAPITests(object):
|
|||
self.assertEqual(2, len(token_roles))
|
||||
|
||||
def test_domain_specific_roles_do_not_show_v3_token(self):
|
||||
self.config_fixture.config(group='token', infer_roles=True)
|
||||
self.config_fixture.config(group='token')
|
||||
initial_token_roles = self._get_scoped_token_roles()
|
||||
|
||||
new_role = self._create_role(domain_id=self.domain_id)
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
other:
|
||||
- |
|
||||
[`bug 1829453 <https://bugs.launchpad.net/keystone/+bug/1829453>`_]
|
||||
The deprecated config option `infer_roles` is removed now.
|
Loading…
Reference in New Issue