diff options
-rw-r--r-- | keystoneclient/tests/unit/v3/test_trusts.py | 16 | ||||
-rw-r--r-- | keystoneclient/v3/contrib/trusts.py | 13 |
2 files changed, 25 insertions, 4 deletions
diff --git a/keystoneclient/tests/unit/v3/test_trusts.py b/keystoneclient/tests/unit/v3/test_trusts.py index 72fb5b7..1c74ac9 100644 --- a/keystoneclient/tests/unit/v3/test_trusts.py +++ b/keystoneclient/tests/unit/v3/test_trusts.py @@ -64,6 +64,22 @@ class TrustTests(utils.ClientTestCase, utils.CrudTests): req_ref['roles'] = [{'name': 'atestrole'}] super(TrustTests, self).test_create(ref=ref, req_ref=req_ref) + def test_create_role_id_and_names(self): + ref = self.new_ref() + ref['trustor_user_id'] = uuid.uuid4().hex + ref['trustee_user_id'] = uuid.uuid4().hex + ref['impersonation'] = False + req_ref = ref.copy() + req_ref.pop('id') + + # Note the TrustManager takes a list of role_names, and converts + # internally to the slightly odd list-of-dict API format, so we + # have to pass the expected request data to allow correct stubbing + ref['role_names'] = ['atestrole'] + ref['role_ids'] = [uuid.uuid4().hex] + req_ref['roles'] = [{'name': 'atestrole'}, {'id': ref['role_ids'][0]}] + super(TrustTests, self).test_create(ref=ref, req_ref=req_ref) + def test_create_expires(self): ref = self.new_ref() ref['trustor_user_id'] = uuid.uuid4().hex diff --git a/keystoneclient/v3/contrib/trusts.py b/keystoneclient/v3/contrib/trusts.py index e236188..a8ef579 100644 --- a/keystoneclient/v3/contrib/trusts.py +++ b/keystoneclient/v3/contrib/trusts.py @@ -39,13 +39,14 @@ class TrustManager(base.CrudManager): base_url = '/OS-TRUST' def create(self, trustee_user, trustor_user, role_names=None, - project=None, impersonation=False, expires_at=None, - remaining_uses=None, **kwargs): + role_ids=None, project=None, impersonation=False, + expires_at=None, remaining_uses=None, **kwargs): """Create a Trust. :param string trustee_user: user who is capable of consuming the trust :param string trustor_user: user who's authorization is being delegated :param string role_names: subset of trustor's roles to be granted + :param string role_ids: subset of trustor's roles to be granted :param string project: project which the trustor is delegating :param boolean impersonation: enable explicit impersonation :param datetime.datetime expires_at: expiry time @@ -55,9 +56,13 @@ class TrustManager(base.CrudManager): """ # Convert role_names list into list-of-dict API format + roles = [] if role_names: - roles = [{'name': n} for n in role_names] - else: + roles.extend([{'name': n} for n in role_names]) + if role_ids: + roles.extend([{'id': i} for i in role_ids]) + + if not roles: roles = None # Convert datetime.datetime expires_at to iso format string |