Create default role on demand

When adding a user to a project, if the default role is missing, create it. Bug 1176270 Change-Id: Id972ccf9c132c362a0b85049d248530dc2d56d54
author: Adam Young <ayoung@redhat.com> 2013-07-31 08:52:25 -0400
committer: Adam Young <ayoung@redhat.com> 2013-08-06 20:21:21 -0400
commit: 5977b9f2f08ea6e984bebdd17953550adb80df84 (patch)
tree: 4fa90c229757dea8b473899eac76d07243da01ad
parent: f1ac78c8992432e5f6d5c29f24f202870cb14a97 (diff)
download: keystone-5977b9f2f08ea6e984bebdd17953550adb80df84.tar.gz
keystone-5977b9f2f08ea6e984bebdd17953550adb80df84.tar.xz
keystone-5977b9f2f08ea6e984bebdd17953550adb80df84.zip
2 files changed, 29 insertions, 3 deletions
diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py
index b71e2a18..d47f0e0e 100644
--- a/keystone/assignment/core.py
+++ b/keystone/assignment/core.py
@@ -181,9 +181,23 @@ class Manager(manager.Manager):
                  keystone.exception.UserNotFound
 
         """
-        self.driver.add_role_to_user_and_project(user_id,
-                                                 tenant_id,
-                                                 config.CONF.member_role_id)
+        try:
+            self.driver.add_role_to_user_and_project(
+                user_id,
+                tenant_id,
+                config.CONF.member_role_id)
+        except exception.RoleNotFound:
+            LOG.info(_("Creating the default role %s "
+                       "because it does not exist.") %
+                     config.CONF.member_role_id)
+            role = {'id': CONF.member_role_id,
+                    'name': CONF.member_role_name}
+            self.driver.create_role(config.CONF.member_role_id, role)
+            #now that default role exists, the add should succeed
+            self.driver.add_role_to_user_and_project(
+                user_id,
+                tenant_id,
+                config.CONF.member_role_id)
 
     def remove_user_from_project(self, tenant_id, user_id):
         """Remove user from a tenant
diff --git a/tests/test_backend.py b/tests/test_backend.py
index a43e92ae..fea51894 100644
--- a/tests/test_backend.py
+++ b/tests/test_backend.py
@@ -1455,6 +1455,18 @@ class IdentityTests(object):
         tenants = self.identity_api.get_projects_for_user(self.user_foo['id'])
         self.assertIn(self.tenant_baz['id'], tenants)
 
+    def test_add_user_to_project_missing_default_role(self):
+        self.assignment_api.delete_role(CONF.member_role_id)
+        self.assertRaises(exception.RoleNotFound,
+                          self.assignment_api.get_role,
+                          CONF.member_role_id)
+        self.identity_api.add_user_to_project(self.tenant_baz['id'],
+                                              self.user_foo['id'])
+        tenants = self.identity_api.get_projects_for_user(self.user_foo['id'])
+        self.assertIn(self.tenant_baz['id'], tenants)
+        default_role = self.assignment_api.get_role(CONF.member_role_id)
+        self.assertIsNotNone(default_role)
+
     def test_add_user_to_project_404(self):
         self.assertRaises(exception.ProjectNotFound,
                           self.identity_api.add_user_to_project,
author	Adam Young <ayoung@redhat.com>	2013-07-31 08:52:25 -0400
committer	Adam Young <ayoung@redhat.com>	2013-08-06 20:21:21 -0400
commit	5977b9f2f08ea6e984bebdd17953550adb80df84 (patch)
tree	4fa90c229757dea8b473899eac76d07243da01ad
parent	f1ac78c8992432e5f6d5c29f24f202870cb14a97 (diff)
download	keystone-5977b9f2f08ea6e984bebdd17953550adb80df84.tar.gz keystone-5977b9f2f08ea6e984bebdd17953550adb80df84.tar.xz keystone-5977b9f2f08ea6e984bebdd17953550adb80df84.zip