diff options
author | Jenkins <jenkins@review.openstack.org> | 2015-04-07 18:38:40 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2015-04-07 18:38:40 +0000 |
commit | 7ed6717076c09bd5adc961b7b026dcdf78832bd3 (patch) | |
tree | ddfce8c9e5774f9b9b45f7de89e5984e5f79799a | |
parent | 347ef5ad46ddf47064e5c7ae2c33108de8f9303b (diff) | |
parent | 2e859e17f97d78a4146e6bf4e7711bb1806c5ab1 (diff) | |
download | keystone-7ed6717076c09bd5adc961b7b026dcdf78832bd3.tar.gz |
Merge "Fix for notifications for v2 role grant/delete"
-rw-r--r-- | keystone/assignment/core.py | 41 | ||||
-rw-r--r-- | keystone/tests/unit/common/test_notifications.py | 34 |
2 files changed, 69 insertions, 6 deletions
diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py index b14697c65..901cbfad1 100644 --- a/keystone/assignment/core.py +++ b/keystone/assignment/core.py @@ -261,10 +261,24 @@ class Manager(manager.Manager): tenant_id, CONF.member_role_id) - def add_role_to_user_and_project(self, user_id, tenant_id, role_id): - self.resource_api.get_project(tenant_id) + @notifications.role_assignment('created') + def _add_role_to_user_and_project_adapter(self, role_id, user_id=None, + group_id=None, domain_id=None, + project_id=None, + inherited_to_projects=False, + context=None): + + # The parameters for this method must match the parameters for + # create_grant so that the notifications.role_assignment decorator + # will work. + + self.resource_api.get_project(project_id) self.role_api.get_role(role_id) - self.driver.add_role_to_user_and_project(user_id, tenant_id, role_id) + self.driver.add_role_to_user_and_project(user_id, project_id, role_id) + + def add_role_to_user_and_project(self, user_id, tenant_id, role_id): + self._add_role_to_user_and_project_adapter( + role_id, user_id=user_id, project_id=tenant_id) def remove_user_from_project(self, tenant_id, user_id): """Remove user from a tenant @@ -383,12 +397,27 @@ class Manager(manager.Manager): return [r for r in self.driver.list_role_assignments() if r['role_id'] == role_id] - def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): - self.driver.remove_role_from_user_and_project(user_id, tenant_id, + @notifications.role_assignment('deleted') + def _remove_role_from_user_and_project_adapter(self, role_id, user_id=None, + group_id=None, + domain_id=None, + project_id=None, + inherited_to_projects=False, + context=None): + + # The parameters for this method must match the parameters for + # delete_grant so that the notifications.role_assignment decorator + # will work. + + self.driver.remove_role_from_user_and_project(user_id, project_id, role_id) self.identity_api.emit_invalidate_user_token_persistence(user_id) self.revoke_api.revoke_by_grant(role_id, user_id=user_id, - project_id=tenant_id) + project_id=project_id) + + def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): + self._remove_role_from_user_and_project_adapter( + role_id, user_id=user_id, project_id=tenant_id) @notifications.internal(notifications.INVALIDATE_USER_TOKEN_PERSISTENCE) def _emit_invalidate_user_token_persistence(self, user_id): diff --git a/keystone/tests/unit/common/test_notifications.py b/keystone/tests/unit/common/test_notifications.py index 6c5e74221..1b4040951 100644 --- a/keystone/tests/unit/common/test_notifications.py +++ b/keystone/tests/unit/common/test_notifications.py @@ -887,6 +887,40 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase): domain=self.domain_id, group=group['id']) + def test_add_role_to_user_and_project(self): + # A notification is sent when add_role_to_user_and_project is called on + # the assignment manager. + + project_ref = self.new_project_ref(self.domain_id) + project = self.resource_api.create_project( + project_ref['id'], project_ref) + tenant_id = project['id'] + + self.assignment_api.add_role_to_user_and_project( + self.user_id, tenant_id, self.role_id) + + self.assertTrue(self._notifications) + note = self._notifications[-1] + self.assertEqual(note['action'], 'created.role_assignment') + self.assertTrue(note['send_notification_called']) + + self._assert_event(self.role_id, project=tenant_id, user=self.user_id) + + def test_remove_role_from_user_and_project(self): + # A notification is sent when remove_role_from_user_and_project is + # called on the assignment manager. + + self.assignment_api.remove_role_from_user_and_project( + self.user_id, self.project_id, self.role_id) + + self.assertTrue(self._notifications) + note = self._notifications[-1] + self.assertEqual(note['action'], 'deleted.role_assignment') + self.assertTrue(note['send_notification_called']) + + self._assert_event(self.role_id, project=self.project_id, + user=self.user_id) + class TestCallbackRegistration(testtools.TestCase): def setUp(self): |