diff options
| author | Kristi Nikolla <knikolla@bu.edu> | 2017-06-16 11:30:56 -0400 |
|---|---|---|
| committer | Kristi Nikolla <knikolla@bu.edu> | 2017-06-16 11:30:56 -0400 |
| commit | ef49844248661671063567f98016e88943955ba0 (patch) | |
| tree | 0679ca79ad63058554d0ac00bc10c3f6aabc49d7 | |
| parent | 2ab7f6df1207f2da38fa893518228a695aea8ecd (diff) | |
| download | python-keystoneclient-ef49844248661671063567f98016e88943955ba0.tar.gz | |
Add support for specifying role ids when creating trust
Change-Id: I38e0ac35946ee6e53128babac3ea759a380572e0
Partial-Bug: 1696111
| -rw-r--r-- | keystoneclient/tests/unit/v3/test_trusts.py | 16 | ||||
| -rw-r--r-- | keystoneclient/v3/contrib/trusts.py | 13 |
2 files changed, 25 insertions, 4 deletions
diff --git a/keystoneclient/tests/unit/v3/test_trusts.py b/keystoneclient/tests/unit/v3/test_trusts.py index 72fb5b7..1c74ac9 100644 --- a/keystoneclient/tests/unit/v3/test_trusts.py +++ b/keystoneclient/tests/unit/v3/test_trusts.py @@ -64,6 +64,22 @@ class TrustTests(utils.ClientTestCase, utils.CrudTests): req_ref['roles'] = [{'name': 'atestrole'}] super(TrustTests, self).test_create(ref=ref, req_ref=req_ref) + def test_create_role_id_and_names(self): + ref = self.new_ref() + ref['trustor_user_id'] = uuid.uuid4().hex + ref['trustee_user_id'] = uuid.uuid4().hex + ref['impersonation'] = False + req_ref = ref.copy() + req_ref.pop('id') + + # Note the TrustManager takes a list of role_names, and converts + # internally to the slightly odd list-of-dict API format, so we + # have to pass the expected request data to allow correct stubbing + ref['role_names'] = ['atestrole'] + ref['role_ids'] = [uuid.uuid4().hex] + req_ref['roles'] = [{'name': 'atestrole'}, {'id': ref['role_ids'][0]}] + super(TrustTests, self).test_create(ref=ref, req_ref=req_ref) + def test_create_expires(self): ref = self.new_ref() ref['trustor_user_id'] = uuid.uuid4().hex diff --git a/keystoneclient/v3/contrib/trusts.py b/keystoneclient/v3/contrib/trusts.py index e236188..a8ef579 100644 --- a/keystoneclient/v3/contrib/trusts.py +++ b/keystoneclient/v3/contrib/trusts.py @@ -39,13 +39,14 @@ class TrustManager(base.CrudManager): base_url = '/OS-TRUST' def create(self, trustee_user, trustor_user, role_names=None, - project=None, impersonation=False, expires_at=None, - remaining_uses=None, **kwargs): + role_ids=None, project=None, impersonation=False, + expires_at=None, remaining_uses=None, **kwargs): """Create a Trust. :param string trustee_user: user who is capable of consuming the trust :param string trustor_user: user who's authorization is being delegated :param string role_names: subset of trustor's roles to be granted + :param string role_ids: subset of trustor's roles to be granted :param string project: project which the trustor is delegating :param boolean impersonation: enable explicit impersonation :param datetime.datetime expires_at: expiry time @@ -55,9 +56,13 @@ class TrustManager(base.CrudManager): """ # Convert role_names list into list-of-dict API format + roles = [] if role_names: - roles = [{'name': n} for n in role_names] - else: + roles.extend([{'name': n} for n in role_names]) + if role_ids: + roles.extend([{'id': i} for i in role_ids]) + + if not roles: roles = None # Convert datetime.datetime expires_at to iso format string |