diff options
author | Jenkins <jenkins@review.openstack.org> | 2013-08-10 00:43:16 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2013-08-10 00:43:16 +0000 |
commit | ecb62d3ec07c23d9f02227bd0873e5c4115f7324 (patch) | |
tree | acd13c274b8930564304f93ca7029f21079bdd04 | |
parent | f1cc2255afe33b6faf0db287f011ee304e70057c (diff) | |
parent | 5977b9f2f08ea6e984bebdd17953550adb80df84 (diff) | |
download | keystone-ecb62d3ec07c23d9f02227bd0873e5c4115f7324.tar.gz keystone-ecb62d3ec07c23d9f02227bd0873e5c4115f7324.tar.xz keystone-ecb62d3ec07c23d9f02227bd0873e5c4115f7324.zip |
Merge "Create default role on demand"
-rw-r--r-- | keystone/assignment/core.py | 20 | ||||
-rw-r--r-- | tests/test_backend.py | 12 |
2 files changed, 29 insertions, 3 deletions
diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py index 64edb3fa..0a2ee681 100644 --- a/keystone/assignment/core.py +++ b/keystone/assignment/core.py @@ -178,9 +178,23 @@ class Manager(manager.Manager): keystone.exception.UserNotFound """ - self.driver.add_role_to_user_and_project(user_id, - tenant_id, - config.CONF.member_role_id) + try: + self.driver.add_role_to_user_and_project( + user_id, + tenant_id, + config.CONF.member_role_id) + except exception.RoleNotFound: + LOG.info(_("Creating the default role %s " + "because it does not exist.") % + config.CONF.member_role_id) + role = {'id': CONF.member_role_id, + 'name': CONF.member_role_name} + self.driver.create_role(config.CONF.member_role_id, role) + #now that default role exists, the add should succeed + self.driver.add_role_to_user_and_project( + user_id, + tenant_id, + config.CONF.member_role_id) def remove_user_from_project(self, tenant_id, user_id): """Remove user from a tenant diff --git a/tests/test_backend.py b/tests/test_backend.py index 7e4d820e..75a94773 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -1453,6 +1453,18 @@ class IdentityTests(object): tenants = self.identity_api.get_projects_for_user(self.user_foo['id']) self.assertIn(self.tenant_baz['id'], tenants) + def test_add_user_to_project_missing_default_role(self): + self.assignment_api.delete_role(CONF.member_role_id) + self.assertRaises(exception.RoleNotFound, + self.assignment_api.get_role, + CONF.member_role_id) + self.identity_api.add_user_to_project(self.tenant_baz['id'], + self.user_foo['id']) + tenants = self.identity_api.get_projects_for_user(self.user_foo['id']) + self.assertIn(self.tenant_baz['id'], tenants) + default_role = self.assignment_api.get_role(CONF.member_role_id) + self.assertIsNotNone(default_role) + def test_add_user_to_project_404(self): self.assertRaises(exception.ProjectNotFound, self.identity_api.add_user_to_project, |