diff options
| author | Colleen Murphy <colleen.murphy@suse.de> | 2019-09-17 14:19:56 -0700 |
|---|---|---|
| committer | Colleen Murphy <colleen@gazlene.net> | 2019-09-17 23:12:47 -0700 |
| commit | 12bda9fc3ac975c251232d41e92dd70c7a4e6e7c (patch) | |
| tree | 8a5b39382ced786bf152c21203070466825cc11f /keystone/api | |
| parent | 5e35efd55f1b674a12e9d7a9da50344d817d342e (diff) | |
| download | keystone-12bda9fc3ac975c251232d41e92dd70c7a4e6e7c.tar.gz | |
Fix validation of role assignment subtree list
Without this patch, if a project ID is not passed as query argument, a
target of {} is passed to the enforcer and causes a type error to be
raised ("'NoneType' object is not callable") which then is emitted as a
validation error to the user rather than as a server error. This patch
fixes the issue by correctly passing in None as the default target,
which is what the enforcer expects, which then allows the validation to
continue and return a more helpful error message about the required
query parameter.
Change-Id: If7f0fa4dd072b0f00172161da4f7b91f8c1e1f10
Diffstat (limited to 'keystone/api')
| -rw-r--r-- | keystone/api/role_assignments.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/keystone/api/role_assignments.py b/keystone/api/role_assignments.py index d1cfd90c4..fe81cca0f 100644 --- a/keystone/api/role_assignments.py +++ b/keystone/api/role_assignments.py @@ -80,12 +80,12 @@ class RoleAssignmentsResource(ks_flask.ResourceBase): 'group.id', 'role.id', 'scope.domain.id', 'scope.project.id', 'scope.OS-INHERIT:inherited_to', 'user.id' ] - target = {} + target = None if 'scope.project.id' in flask.request.args: project_id = flask.request.args['scope.project.id'] if project_id: - target['project'] = PROVIDERS.resource_api.get_project( - project_id) + target = {'project': PROVIDERS.resource_api.get_project( + project_id)} ENFORCER.enforce_call(action='identity:list_role_assignments_for_tree', filters=filters, target_attr=target) if not flask.request.args.get('scope.project.id'): |