Permalink
Browse files

Create default role as a part of bootstrap

Closes-Bug: #1635306

cherry-picked from 357bb56

Change-Id: Ib9b7fd3695799766c91e2fbeaaa9015c575b2829
  • Loading branch information...
Adam Young authored and stevemart committed Oct 21, 2016
1 parent 18d6eb7 commit 3609439599571a5919c4e1d328c1f06a8e4422c9
Showing with 34 additions and 18 deletions.
  1. +18 −18 keystone/assignment/core.py
  2. +2 −0 keystone/cmd/cli.py
  3. +14 −0 keystone/tests/unit/test_cli.py
@@ -180,21 +180,9 @@ def get_roles_for_groups(self, group_ids, project_id=None, domain_id=None):
role_ids = list(set([x['role_id'] for x in assignment_list]))
return self.role_api.list_roles_from_ids(role_ids)
- def add_user_to_project(self, tenant_id, user_id):
- """Add user to a tenant by creating a default role relationship.
-
- :raises keystone.exception.ProjectNotFound: If the project doesn't
- exist.
- :raises keystone.exception.UserNotFound: If the user doesn't exist.
-
- """
- self.resource_api.get_project(tenant_id)
+ def ensure_default_role(self):
try:
self.role_api.get_role(CONF.member_role_id)
- self.driver.add_role_to_user_and_project(
- user_id,
- tenant_id,
- CONF.member_role_id)
except exception.RoleNotFound:
LOG.info(_LI("Creating the default role %s "
"because it does not exist."),
@@ -207,11 +195,23 @@ def add_user_to_project(self, tenant_id, user_id):
LOG.info(_LI("Creating the default role %s failed because it "
"was already created"),
CONF.member_role_id)
- # now that default role exists, the add should succeed
- self.driver.add_role_to_user_and_project(
- user_id,
- tenant_id,
- CONF.member_role_id)
+
+ def add_user_to_project(self, tenant_id, user_id):
+ """Add user to a tenant by creating a default role relationship.
+
+ :raises keystone.exception.ProjectNotFound: If the project doesn't
+ exist.
+ :raises keystone.exception.UserNotFound: If the user doesn't exist.
+
+ """
+ self.resource_api.get_project(tenant_id)
+ self.ensure_default_role()
+
+ # now that default role exists, the add should succeed
+ self.driver.add_role_to_user_and_project(
+ user_id,
+ tenant_id,
+ CONF.member_role_id)
COMPUTED_ASSIGNMENTS_REGION.invalidate()
@notifications.role_assignment('created')
View
@@ -357,6 +357,8 @@ def do_bootstrap(self):
self.endpoints[interface] = endpoint_ref['id']
+ self.assignment_manager.ensure_default_role()
+
@classmethod
def main(cls):
klass = cls()
@@ -27,6 +27,7 @@
from keystone.common import dependency
from keystone.common.sql import migration_helpers
import keystone.conf
+from keystone import exception
from keystone.i18n import _
from keystone.identity.mapping_backends import mapping as identity_mapping
from keystone.tests import unit
@@ -183,6 +184,19 @@ def test_bootstrap_recovers_user(self):
user_id,
bootstrap.password)
+ def test_bootstrap_creates_default_role(self):
+ bootstrap = cli.BootStrap()
+ try:
+ role = bootstrap.role_manager.get_role(CONF.member_role_id)
+ self.fail('Member Role is created and should not be.')
+ except exception.RoleNotFound:
+ pass
+
+ self._do_test_bootstrap(bootstrap)
+ role = bootstrap.role_manager.get_role(CONF.member_role_id)
+ self.assertEqual(role['name'], CONF.member_role_name)
+ self.assertEqual(role['id'], CONF.member_role_id)
+
class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase):

0 comments on commit 3609439

Please sign in to comment.