diff options
author | Jenkins <jenkins@review.openstack.org> | 2015-04-03 07:41:28 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2015-04-03 07:41:28 +0000 |
commit | d22d0fff63cf3f3737854fd146b1b539a2c436ce (patch) | |
tree | d28821a4a3da561f28cd14f45db5f008467c7c57 | |
parent | f3a4775f9c2cbf7f5bff3b795944e06bcefca1b4 (diff) | |
parent | 93587bf1683ae9d9e764ca51113dabe71cef7521 (diff) | |
download | keystone-d22d0fff63cf3f3737854fd146b1b539a2c436ce.tar.gz |
Merge "Fixes bug in Federation list projects endpoint"
-rw-r--r-- | keystone/assignment/core.py | 19 | ||||
-rw-r--r-- | keystone/tests/unit/test_v3_federation.py | 2 |
2 files changed, 15 insertions, 6 deletions
diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py index ea7bf5a38..b14697c65 100644 --- a/keystone/assignment/core.py +++ b/keystone/assignment/core.py @@ -349,17 +349,28 @@ class Manager(manager.Manager): if not CONF.os_inherit.enabled: return self.resource_api.list_projects_from_ids(project_ids) - # Inherited roles are enabled, so check to see if these groups have any - # roles on any domain, in which case we must add in all the projects - # in that domain. + # os_inherit extension is enabled, so check to see if these groups have + # any inherited role assignment on: i) any domain, in which case we + # must add in all the projects in that domain; ii) any project, in + # which case we must add in all the subprojects under that project in + # the hierarchy. domain_ids = self.list_domain_ids_for_groups(group_ids, inherited=True) project_ids_from_domains = ( self.resource_api.list_project_ids_from_domain_ids(domain_ids)) + parents_ids = self.list_project_ids_for_groups(group_ids, + driver_hints.Hints(), + inherited=True) + + subproject_ids = [] + for parent_id in parents_ids: + subtree = self.resource_api.list_projects_in_subtree(parent_id) + subproject_ids += [subproject['id'] for subproject in subtree] + return self.resource_api.list_projects_from_ids( - list(set(project_ids + project_ids_from_domains))) + list(set(project_ids + project_ids_from_domains + subproject_ids))) def list_role_assignments_for_role(self, role_id=None): # NOTE(henry-nash): Currently the efficiency of the key driver diff --git a/keystone/tests/unit/test_v3_federation.py b/keystone/tests/unit/test_v3_federation.py index d8fb8c054..e19086338 100644 --- a/keystone/tests/unit/test_v3_federation.py +++ b/keystone/tests/unit/test_v3_federation.py @@ -41,7 +41,6 @@ from keystone.tests.unit import federation_fixtures from keystone.tests.unit import ksfixtures from keystone.tests.unit import mapping_fixtures from keystone.tests.unit import test_v3 -from keystone.tests.unit import utils from keystone.token.providers import common as token_common @@ -2295,7 +2294,6 @@ class FederatedTokenTests(FederationTests, FederatedSetupMixin): # The advantage would be to reduce the complexity of this test class and # have tests specific to this fuctionality grouped, easing readability and # maintenability. - @utils.wip('waiting on bug #1424500') def test_list_projects_for_inherited_project_assignment(self): # Enable os_inherit extension self.config_fixture.config(group='os_inherit', enabled=True) |