Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Kilo
openstack-tempest
0001-Ensure-a-role-is-assigned-to-created-users...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Ensure-a-role-is-assigned-to-created-users-with-v3-a.patch of Package openstack-tempest
From 9ef8aeb8e4847414b4f1d392738c8d31aea4a118 Mon Sep 17 00:00:00 2001 From: Matthew Treinish <mtreinish@kortar.org> Date: Tue, 14 Jul 2015 19:58:46 -0400 Subject: [PATCH] Ensure a role is assigned to created users with v3 auth This commit adds a default role assign to created users and projects in the isolated credentials path if no other role will be assigned. The issue previously was that when running with v3 auth tempest was not assigning a role on the project for the newly created users. So unless this was done out of band the created users would not be able to get a token because they didn't have access to the project. By always assigning a role to the user on the project this will no longer be an issue. Additionally, we need to ensure that the default role membership role we're using, "Member" exists before we try to use it. If it does not it will be created before using it. Change-Id: I4081cbd61f078bcc457062e2a55adb7b6f249a59 Closes-Bug: #1474193 (cherry picked from commit 32f98a43d313bac1b657c2e0525003a8657b36a1) --- tempest/common/isolated_creds.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tempest/common/isolated_creds.py b/tempest/common/isolated_creds.py index fee1467..9f70e2e 100644 --- a/tempest/common/isolated_creds.py +++ b/tempest/common/isolated_creds.py @@ -51,11 +51,21 @@ class CredsClient(object): def create_project(self, name, description): pass - def assign_user_role(self, user, project, role_name): + def _check_role_exists(self, role_name): try: roles = self._list_roles() role = next(r for r in roles if r['name'] == role_name) except StopIteration: + return None + return role + + def create_user_role(self, role_name): + if not self._check_role_exists(role_name): + self.identity_client.create_role(role_name) + + def assign_user_role(self, user, project, role_name): + role = self._check_role_exists(role_name) + if not role: msg = 'No "%s" role found' % role_name raise lib_exc.NotFound(msg) try: @@ -196,16 +206,27 @@ class IsolatedCreds(cred_provider.CredentialProvider): email = data_utils.rand_name(root) + suffix + "@example.com" user = self.creds_client.create_user( username, self.password, project, email) + role_assigned = False if admin: self.creds_client.assign_user_role(user, project, CONF.identity.admin_role) + role_assigned = True # Add roles specified in config file for conf_role in CONF.auth.tempest_roles: self.creds_client.assign_user_role(user, project, conf_role) + role_assigned = True # Add roles requested by caller if roles: for role in roles: self.creds_client.assign_user_role(user, project, role) + role_assigned = True + # NOTE(mtreinish) For a user to have access to a project with v3 auth + # it must beassigned a role on the project. So we need to ensure that + # our newly created user has a role on the newly created project. + if self.identity_version == 'v3' and not role_assigned: + self.creds_client.create_user_role('Member') + self.creds_client.assign_user_role(user, project, 'Member') + creds = self.creds_client.get_credentials(user, project, self.password) return cred_provider.TestResources(creds) -- 2.4.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor