Merge "Create default role on demand"

author: Jenkins <jenkins@review.openstack.org> 2013-08-10 00:43:16 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-08-10 00:43:16 +0000
commit: ecb62d3ec07c23d9f02227bd0873e5c4115f7324 (patch)
tree: acd13c274b8930564304f93ca7029f21079bdd04
parent: f1cc2255afe33b6faf0db287f011ee304e70057c (diff)
parent: 5977b9f2f08ea6e984bebdd17953550adb80df84 (diff)
download: keystone-ecb62d3ec07c23d9f02227bd0873e5c4115f7324.tar.gz
keystone-ecb62d3ec07c23d9f02227bd0873e5c4115f7324.tar.xz
keystone-ecb62d3ec07c23d9f02227bd0873e5c4115f7324.zip
2 files changed, 29 insertions, 3 deletions
diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py
index 64edb3fa..0a2ee681 100644
--- a/keystone/assignment/core.py
+++ b/keystone/assignment/core.py
@@ -178,9 +178,23 @@ class Manager(manager.Manager):
                  keystone.exception.UserNotFound
 
         """
-        self.driver.add_role_to_user_and_project(user_id,
-                                                 tenant_id,
-                                                 config.CONF.member_role_id)
+        try:
+            self.driver.add_role_to_user_and_project(
+                user_id,
+                tenant_id,
+                config.CONF.member_role_id)
+        except exception.RoleNotFound:
+            LOG.info(_("Creating the default role %s "
+                       "because it does not exist.") %
+                     config.CONF.member_role_id)
+            role = {'id': CONF.member_role_id,
+                    'name': CONF.member_role_name}
+            self.driver.create_role(config.CONF.member_role_id, role)
+            #now that default role exists, the add should succeed
+            self.driver.add_role_to_user_and_project(
+                user_id,
+                tenant_id,
+                config.CONF.member_role_id)
 
     def remove_user_from_project(self, tenant_id, user_id):
         """Remove user from a tenant
diff --git a/tests/test_backend.py b/tests/test_backend.py
index 7e4d820e..75a94773 100644
--- a/tests/test_backend.py
+++ b/tests/test_backend.py
@@ -1453,6 +1453,18 @@ class IdentityTests(object):
         tenants = self.identity_api.get_projects_for_user(self.user_foo['id'])
         self.assertIn(self.tenant_baz['id'], tenants)
 
+    def test_add_user_to_project_missing_default_role(self):
+        self.assignment_api.delete_role(CONF.member_role_id)
+        self.assertRaises(exception.RoleNotFound,
+                          self.assignment_api.get_role,
+                          CONF.member_role_id)
+        self.identity_api.add_user_to_project(self.tenant_baz['id'],
+                                              self.user_foo['id'])
+        tenants = self.identity_api.get_projects_for_user(self.user_foo['id'])
+        self.assertIn(self.tenant_baz['id'], tenants)
+        default_role = self.assignment_api.get_role(CONF.member_role_id)
+        self.assertIsNotNone(default_role)
+
     def test_add_user_to_project_404(self):
         self.assertRaises(exception.ProjectNotFound,
                           self.identity_api.add_user_to_project,
author	Jenkins <jenkins@review.openstack.org>	2013-08-10 00:43:16 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-08-10 00:43:16 +0000
commit	ecb62d3ec07c23d9f02227bd0873e5c4115f7324 (patch)
tree	acd13c274b8930564304f93ca7029f21079bdd04
parent	f1cc2255afe33b6faf0db287f011ee304e70057c (diff)
parent	5977b9f2f08ea6e984bebdd17953550adb80df84 (diff)
download	keystone-ecb62d3ec07c23d9f02227bd0873e5c4115f7324.tar.gz keystone-ecb62d3ec07c23d9f02227bd0873e5c4115f7324.tar.xz keystone-ecb62d3ec07c23d9f02227bd0873e5c4115f7324.zip