diff options
author | Adam Young <ayoung@redhat.com> | 2013-02-01 11:18:16 -0500 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2013-02-18 15:11:43 -0500 |
commit | b20302aa3e08421295140576d0aeea2fa9e34188 (patch) | |
tree | 50459bb43b70c4ae82cf3fc6d5228c9ba1dc4dbf /tests/test_keystoneclient.py | |
parent | b1bfca2501ad11a861c9064b97b7fa06fc6d958e (diff) | |
download | keystone-b20302aa3e08421295140576d0aeea2fa9e34188.tar.gz keystone-b20302aa3e08421295140576d0aeea2fa9e34188.tar.xz keystone-b20302aa3e08421295140576d0aeea2fa9e34188.zip |
project membership to role conversion
Changes the relationship between users and projects.
There is no more direct membership in projects. Instead,
all membership is now done via roles.
A default role has been created called _member_ with a uuid (both
configurable) that will be added in place of the group membership
for databse upgrades.
DocImpact: https://bugs.launchpad.net/openstack-manuals/+bug/1087483
Change-Id: I2482f9ef7b838e5dade5096d6d00e81db71604d1
Diffstat (limited to 'tests/test_keystoneclient.py')
-rw-r--r-- | tests/test_keystoneclient.py | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py index 3863ff54..14089759 100644 --- a/tests/test_keystoneclient.py +++ b/tests/test_keystoneclient.py @@ -804,16 +804,19 @@ class KcMasterTestCase(CompatTestCase, KeystoneClientTests): def test_tenant_add_and_remove_user(self): client = self.get_client(admin=True) - client.roles.add_user_role(tenant=self.tenant_baz['id'], + client.roles.add_user_role(tenant=self.tenant_bar['id'], user=self.user_two['id'], - role=self.role_member['id']) - user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) + role=self.role_other['id']) + user_refs = client.tenants.list_users(tenant=self.tenant_bar['id']) self.assert_(self.user_two['id'] in [x.id for x in user_refs]) - client.roles.remove_user_role(tenant=self.tenant_baz['id'], + client.roles.remove_user_role(tenant=self.tenant_bar['id'], user=self.user_two['id'], - role=self.role_member['id']) - user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) - self.assert_(self.user_two['id'] not in [x.id for x in user_refs]) + role=self.role_other['id']) + roles = client.roles.roles_for_user(user=self.user_foo['id'], + tenant=self.tenant_bar['id']) + self.assertNotIn(self.role_other['id'], roles) + user_refs = client.tenants.list_users(tenant=self.tenant_bar['id']) + self.assertNotIn(self.user_two['id'], [x.id for x in user_refs]) def test_user_role_add_404(self): from keystoneclient import exceptions as client_exceptions @@ -1013,7 +1016,7 @@ class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): def test_tenant_add_and_remove_user(self): client = self.get_client(admin=True) - client.roles.add_user_to_tenant(tenant_id=self.tenant_baz['id'], + client.roles.add_user_to_tenant(tenant_id=self.tenant_bar['id'], user_id=self.user_two['id'], role_id=self.role_member['id']) role_refs = client.roles.get_user_role_refs( @@ -1030,7 +1033,7 @@ class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): # use python's scope fall through to leave roleref_ref set break - client.roles.remove_user_from_tenant(tenant_id=self.tenant_baz['id'], + client.roles.remove_user_from_tenant(tenant_id=self.tenant_bar['id'], user_id=self.user_two['id'], role_id=roleref_ref.id) |