diff options
Diffstat (limited to 'keystone/assignment/core.py')
-rw-r--r-- | keystone/assignment/core.py | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py index b71e2a18..0a2ee681 100644 --- a/keystone/assignment/core.py +++ b/keystone/assignment/core.py @@ -35,6 +35,7 @@ DEFAULT_DOMAIN = {'description': @dependency.provider('assignment_api') +@dependency.requires('identity_api') class Manager(manager.Manager): """Default pivot point for the Assignment backend. @@ -45,18 +46,14 @@ class Manager(manager.Manager): api object by both managers. """ - def __init__(self, identity_api=None): - if identity_api is None: - from keystone import identity - identity_api = identity.Manager(self) - + def __init__(self): assignment_driver = CONF.assignment.driver + if assignment_driver is None: - assignment_driver = identity_api.default_assignment_driver() + identity_driver = dependency.REGISTRY['identity_api'].driver + assignment_driver = identity_driver.default_assignment_driver() + super(Manager, self).__init__(assignment_driver) - self.driver.identity_api = identity_api - self.identity_api = identity_api - self.identity_api.assignment_api = self def get_roles_for_user_and_project(self, user_id, tenant_id): """Get the roles associated with a user within given project. @@ -181,9 +178,23 @@ class Manager(manager.Manager): keystone.exception.UserNotFound """ - self.driver.add_role_to_user_and_project(user_id, - tenant_id, - config.CONF.member_role_id) + try: + self.driver.add_role_to_user_and_project( + user_id, + tenant_id, + config.CONF.member_role_id) + except exception.RoleNotFound: + LOG.info(_("Creating the default role %s " + "because it does not exist.") % + config.CONF.member_role_id) + role = {'id': CONF.member_role_id, + 'name': CONF.member_role_name} + self.driver.create_role(config.CONF.member_role_id, role) + #now that default role exists, the add should succeed + self.driver.add_role_to_user_and_project( + user_id, + tenant_id, + config.CONF.member_role_id) def remove_user_from_project(self, tenant_id, user_id): """Remove user from a tenant |