When creating a trust, send role_ids instead or role_names

This changes create a trust to use ids instead of names because of the possibility of roles sharing a name. Even if the user uniquely identified a role by inputting the id, the request sent to the identity service would used the name, therefore the command would fail in the case that two roles share a name. This does not change how trusts are displayed during trust list or trust show, a name will still be shown instead of an id. Depends-On: I38e0ac35946ee6e53128babac3ea759a380572e0 Change-Id: I5bdf89f1e288954a7f5c2704231f270bc7d196f5 Closes-Bug: 1696111
2017-06-16 15:33:46 -04:00 · 2017-06-16 15:33:46 -04:00 · da53c2b334
parent eb793dc8c6
commit da53c2b334
3 changed files with 14 additions and 7 deletions
--- a/openstackclient/identity/v3/trust.py
+++ b/openstackclient/identity/v3/trust.py
@ -104,16 +104,16 @@ class CreateTrust(command.ShowOne):
                                         parsed_args.project,
                                         parsed_args.project_domain).id

-        role_names = []
+        role_ids = []
        for role in parsed_args.role:
            try:
-                role_name = utils.find_resource(
+                role_id = utils.find_resource(
                    identity_client.roles,
                    role,
-                ).name
+                ).id
            except identity_exc.Forbidden:
-                role_name = role
-            role_names.append(role_name)
+                role_id = role
+            role_ids.append(role_id)

        expires_at = None
        if parsed_args.expiration:
@ -124,7 +124,7 @@ class CreateTrust(command.ShowOne):
            trustee_id, trustor_id,
            impersonation=parsed_args.impersonate,
            project=project_id,
-            role_names=role_names,
+            role_ids=role_ids,
            expires_at=expires_at,
        )

--- a/openstackclient/tests/unit/identity/v3/test_trust.py
+++ b/openstackclient/tests/unit/identity/v3/test_trust.py
@ -94,7 +94,7 @@ class TestTrustCreate(TestTrust):
        kwargs = {
            'impersonation': False,
            'project': identity_fakes.project_id,
-            'role_names': [identity_fakes.role_name],
+            'role_ids': [identity_fakes.role_id],
            'expires_at': None,
        }
        # TrustManager.create(trustee_id, trustor_id, impersonation=,
--- a/releasenotes/notes/bug-1696111-e2cf9233fa872eb7.yaml
+++ b/releasenotes/notes/bug-1696111-e2cf9233fa872eb7.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixed an issue where a trust could not be created if multiple roles had
+    the same name. A role's ID is now sent to the identity service instead.
+
+    [Bug '1696111 <https://bugs.launchpad.net/keystone/+bug/1696111>'_]