diff options
author | Adam Young <ayoung@redhat.com> | 2016-10-21 12:28:39 -0400 |
---|---|---|
committer | Steve Martinelli <s.martinelli@gmail.com> | 2016-10-31 15:44:11 +0000 |
commit | 3609439599571a5919c4e1d328c1f06a8e4422c9 (patch) | |
tree | d223509f29e607ad0bf9190eac2c19b8f7b092f4 | |
parent | 18d6eb76ce7bf46e9ced352b7af366112df62b11 (diff) | |
download | keystone-3609439599571a5919c4e1d328c1f06a8e4422c9.tar.gz |
Create default role as a part of bootstrap
Closes-Bug: #1635306
cherry-picked from 357bb561b8cf0f9d9cb62bf96f346e62f0122965
Change-Id: Ib9b7fd3695799766c91e2fbeaaa9015c575b2829
-rw-r--r-- | keystone/assignment/core.py | 36 | ||||
-rw-r--r-- | keystone/cmd/cli.py | 2 | ||||
-rw-r--r-- | keystone/tests/unit/test_cli.py | 14 |
3 files changed, 34 insertions, 18 deletions
diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py index 56c457809..e549abbe6 100644 --- a/keystone/assignment/core.py +++ b/keystone/assignment/core.py @@ -180,21 +180,9 @@ class Manager(manager.Manager): role_ids = list(set([x['role_id'] for x in assignment_list])) return self.role_api.list_roles_from_ids(role_ids) - def add_user_to_project(self, tenant_id, user_id): - """Add user to a tenant by creating a default role relationship. - - :raises keystone.exception.ProjectNotFound: If the project doesn't - exist. - :raises keystone.exception.UserNotFound: If the user doesn't exist. - - """ - self.resource_api.get_project(tenant_id) + def ensure_default_role(self): try: self.role_api.get_role(CONF.member_role_id) - self.driver.add_role_to_user_and_project( - user_id, - tenant_id, - CONF.member_role_id) except exception.RoleNotFound: LOG.info(_LI("Creating the default role %s " "because it does not exist."), @@ -207,11 +195,23 @@ class Manager(manager.Manager): LOG.info(_LI("Creating the default role %s failed because it " "was already created"), CONF.member_role_id) - # now that default role exists, the add should succeed - self.driver.add_role_to_user_and_project( - user_id, - tenant_id, - CONF.member_role_id) + + def add_user_to_project(self, tenant_id, user_id): + """Add user to a tenant by creating a default role relationship. + + :raises keystone.exception.ProjectNotFound: If the project doesn't + exist. + :raises keystone.exception.UserNotFound: If the user doesn't exist. + + """ + self.resource_api.get_project(tenant_id) + self.ensure_default_role() + + # now that default role exists, the add should succeed + self.driver.add_role_to_user_and_project( + user_id, + tenant_id, + CONF.member_role_id) COMPUTED_ASSIGNMENTS_REGION.invalidate() @notifications.role_assignment('created') diff --git a/keystone/cmd/cli.py b/keystone/cmd/cli.py index 83f4da4da..d04e447a5 100644 --- a/keystone/cmd/cli.py +++ b/keystone/cmd/cli.py @@ -357,6 +357,8 @@ class BootStrap(BaseApp): self.endpoints[interface] = endpoint_ref['id'] + self.assignment_manager.ensure_default_role() + @classmethod def main(cls): klass = cls() diff --git a/keystone/tests/unit/test_cli.py b/keystone/tests/unit/test_cli.py index 6b187ece0..5f51f90e2 100644 --- a/keystone/tests/unit/test_cli.py +++ b/keystone/tests/unit/test_cli.py @@ -27,6 +27,7 @@ from keystone.cmd import cli from keystone.common import dependency from keystone.common.sql import migration_helpers import keystone.conf +from keystone import exception from keystone.i18n import _ from keystone.identity.mapping_backends import mapping as identity_mapping from keystone.tests import unit @@ -183,6 +184,19 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase): user_id, bootstrap.password) + def test_bootstrap_creates_default_role(self): + bootstrap = cli.BootStrap() + try: + role = bootstrap.role_manager.get_role(CONF.member_role_id) + self.fail('Member Role is created and should not be.') + except exception.RoleNotFound: + pass + + self._do_test_bootstrap(bootstrap) + role = bootstrap.role_manager.get_role(CONF.member_role_id) + self.assertEqual(role['name'], CONF.member_role_name) + self.assertEqual(role['id'], CONF.member_role_id) + class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase): |