Add support for specifying role ids when creating trust

Change-Id: I38e0ac35946ee6e53128babac3ea759a380572e0 Partial-Bug: 1696111
2017-06-16 11:30:56 -04:00 · 2017-06-16 11:30:56 -04:00 · ef49844248
parent 2ab7f6df12
commit ef49844248
2 changed files with 25 additions and 4 deletions
--- a/keystoneclient/tests/unit/v3/test_trusts.py
+++ b/keystoneclient/tests/unit/v3/test_trusts.py
@ -64,6 +64,22 @@ class TrustTests(utils.ClientTestCase, utils.CrudTests):
        req_ref['roles'] = [{'name': 'atestrole'}]
        super(TrustTests, self).test_create(ref=ref, req_ref=req_ref)

+    def test_create_role_id_and_names(self):
+        ref = self.new_ref()
+        ref['trustor_user_id'] = uuid.uuid4().hex
+        ref['trustee_user_id'] = uuid.uuid4().hex
+        ref['impersonation'] = False
+        req_ref = ref.copy()
+        req_ref.pop('id')
+
+        # Note the TrustManager takes a list of role_names, and converts
+        # internally to the slightly odd list-of-dict API format, so we
+        # have to pass the expected request data to allow correct stubbing
+        ref['role_names'] = ['atestrole']
+        ref['role_ids'] = [uuid.uuid4().hex]
+        req_ref['roles'] = [{'name': 'atestrole'}, {'id': ref['role_ids'][0]}]
+        super(TrustTests, self).test_create(ref=ref, req_ref=req_ref)
+
    def test_create_expires(self):
        ref = self.new_ref()
        ref['trustor_user_id'] = uuid.uuid4().hex
--- a/keystoneclient/v3/contrib/trusts.py
+++ b/keystoneclient/v3/contrib/trusts.py
@ -39,13 +39,14 @@ class TrustManager(base.CrudManager):
    base_url = '/OS-TRUST'

    def create(self, trustee_user, trustor_user, role_names=None,
-               project=None, impersonation=False, expires_at=None,
-               remaining_uses=None, **kwargs):
+               role_ids=None, project=None, impersonation=False,
+               expires_at=None, remaining_uses=None, **kwargs):
        """Create a Trust.

        :param string trustee_user: user who is capable of consuming the trust
        :param string trustor_user: user who's authorization is being delegated
        :param string role_names: subset of trustor's roles to be granted
+        :param string role_ids: subset of trustor's roles to be granted
        :param string project: project which the trustor is delegating
        :param boolean impersonation: enable explicit impersonation
        :param datetime.datetime expires_at: expiry time
@ -55,9 +56,13 @@ class TrustManager(base.CrudManager):

        """
        # Convert role_names list into list-of-dict API format
+        roles = []
        if role_names:
-            roles = [{'name': n} for n in role_names]
-        else:
+            roles.extend([{'name': n} for n in role_names])
+        if role_ids:
+            roles.extend([{'id': i} for i in role_ids])
+
+        if not roles:
            roles = None

        # Convert datetime.datetime expires_at to iso format string