diff options
author | Adam Young <ayoung@redhat.com> | 2013-07-31 08:52:25 -0400 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2013-08-06 20:21:21 -0400 |
commit | 5977b9f2f08ea6e984bebdd17953550adb80df84 (patch) | |
tree | 4fa90c229757dea8b473899eac76d07243da01ad | |
parent | f1ac78c8992432e5f6d5c29f24f202870cb14a97 (diff) | |
download | keystone-5977b9f2f08ea6e984bebdd17953550adb80df84.tar.gz keystone-5977b9f2f08ea6e984bebdd17953550adb80df84.tar.xz keystone-5977b9f2f08ea6e984bebdd17953550adb80df84.zip |
Create default role on demand
When adding a user to a project, if the default role is missing, create it.
Bug 1176270
Change-Id: Id972ccf9c132c362a0b85049d248530dc2d56d54
-rw-r--r-- | keystone/assignment/core.py | 20 | ||||
-rw-r--r-- | tests/test_backend.py | 12 |
2 files changed, 29 insertions, 3 deletions
diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py index b71e2a18..d47f0e0e 100644 --- a/keystone/assignment/core.py +++ b/keystone/assignment/core.py @@ -181,9 +181,23 @@ class Manager(manager.Manager): keystone.exception.UserNotFound """ - self.driver.add_role_to_user_and_project(user_id, - tenant_id, - config.CONF.member_role_id) + try: + self.driver.add_role_to_user_and_project( + user_id, + tenant_id, + config.CONF.member_role_id) + except exception.RoleNotFound: + LOG.info(_("Creating the default role %s " + "because it does not exist.") % + config.CONF.member_role_id) + role = {'id': CONF.member_role_id, + 'name': CONF.member_role_name} + self.driver.create_role(config.CONF.member_role_id, role) + #now that default role exists, the add should succeed + self.driver.add_role_to_user_and_project( + user_id, + tenant_id, + config.CONF.member_role_id) def remove_user_from_project(self, tenant_id, user_id): """Remove user from a tenant diff --git a/tests/test_backend.py b/tests/test_backend.py index a43e92ae..fea51894 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -1455,6 +1455,18 @@ class IdentityTests(object): tenants = self.identity_api.get_projects_for_user(self.user_foo['id']) self.assertIn(self.tenant_baz['id'], tenants) + def test_add_user_to_project_missing_default_role(self): + self.assignment_api.delete_role(CONF.member_role_id) + self.assertRaises(exception.RoleNotFound, + self.assignment_api.get_role, + CONF.member_role_id) + self.identity_api.add_user_to_project(self.tenant_baz['id'], + self.user_foo['id']) + tenants = self.identity_api.get_projects_for_user(self.user_foo['id']) + self.assertIn(self.tenant_baz['id'], tenants) + default_role = self.assignment_api.get_role(CONF.member_role_id) + self.assertIsNotNone(default_role) + def test_add_user_to_project_404(self): self.assertRaises(exception.ProjectNotFound, self.identity_api.add_user_to_project, |