Add support for specifying role ids when creating trust
Change-Id: I38e0ac35946ee6e53128babac3ea759a380572e0 Partial-Bug: 1696111
This commit is contained in:
parent
2ab7f6df12
commit
ef49844248
|
@ -64,6 +64,22 @@ class TrustTests(utils.ClientTestCase, utils.CrudTests):
|
|||
req_ref['roles'] = [{'name': 'atestrole'}]
|
||||
super(TrustTests, self).test_create(ref=ref, req_ref=req_ref)
|
||||
|
||||
def test_create_role_id_and_names(self):
|
||||
ref = self.new_ref()
|
||||
ref['trustor_user_id'] = uuid.uuid4().hex
|
||||
ref['trustee_user_id'] = uuid.uuid4().hex
|
||||
ref['impersonation'] = False
|
||||
req_ref = ref.copy()
|
||||
req_ref.pop('id')
|
||||
|
||||
# Note the TrustManager takes a list of role_names, and converts
|
||||
# internally to the slightly odd list-of-dict API format, so we
|
||||
# have to pass the expected request data to allow correct stubbing
|
||||
ref['role_names'] = ['atestrole']
|
||||
ref['role_ids'] = [uuid.uuid4().hex]
|
||||
req_ref['roles'] = [{'name': 'atestrole'}, {'id': ref['role_ids'][0]}]
|
||||
super(TrustTests, self).test_create(ref=ref, req_ref=req_ref)
|
||||
|
||||
def test_create_expires(self):
|
||||
ref = self.new_ref()
|
||||
ref['trustor_user_id'] = uuid.uuid4().hex
|
||||
|
|
|
@ -39,13 +39,14 @@ class TrustManager(base.CrudManager):
|
|||
base_url = '/OS-TRUST'
|
||||
|
||||
def create(self, trustee_user, trustor_user, role_names=None,
|
||||
project=None, impersonation=False, expires_at=None,
|
||||
remaining_uses=None, **kwargs):
|
||||
role_ids=None, project=None, impersonation=False,
|
||||
expires_at=None, remaining_uses=None, **kwargs):
|
||||
"""Create a Trust.
|
||||
|
||||
:param string trustee_user: user who is capable of consuming the trust
|
||||
:param string trustor_user: user who's authorization is being delegated
|
||||
:param string role_names: subset of trustor's roles to be granted
|
||||
:param string role_ids: subset of trustor's roles to be granted
|
||||
:param string project: project which the trustor is delegating
|
||||
:param boolean impersonation: enable explicit impersonation
|
||||
:param datetime.datetime expires_at: expiry time
|
||||
|
@ -55,9 +56,13 @@ class TrustManager(base.CrudManager):
|
|||
|
||||
"""
|
||||
# Convert role_names list into list-of-dict API format
|
||||
roles = []
|
||||
if role_names:
|
||||
roles = [{'name': n} for n in role_names]
|
||||
else:
|
||||
roles.extend([{'name': n} for n in role_names])
|
||||
if role_ids:
|
||||
roles.extend([{'id': i} for i in role_ids])
|
||||
|
||||
if not roles:
|
||||
roles = None
|
||||
|
||||
# Convert datetime.datetime expires_at to iso format string
|
||||
|
|
Loading…
Reference in New Issue