From 9f1e37669c183f96e7167cc7875ae4b42fcedd9d Mon Sep 17 00:00:00 2001 From: Sam Yaple Date: Mon, 11 Dec 2017 22:25:17 +0000 Subject: [PATCH] Revert "Allow grant_role to select users outside default domain" Im purposing a revert so we can implement something closer to: Related-Id: I43c97981d9e76f595efa2051b17a8425404179c4 This way we can handle it for user/role/group/project at the same time. The correct way to deal with different projects in different domains than users is to pass in IDs/objects as noted[0] I do this in the upstream salt modules[1] [0] https://github.com/openstack/python-openstacksdk/blob/master/openstack/cloud/operatorcloud.py#L1822-L1825 [1] https://github.com/saltstack/salt/blob/develop/salt/states/keystone_role_grant.py#L41-L94 This reverts commit d4148ff9d6d2236d50bfe5bbe9c6cef17bf765bd. Change-Id: Ia9f0bdf58a0df539d14b14a3b7e368a06ff6ed88 --- shade/openstackcloud.py | 6 +- shade/tests/unit/test_role_assignment.py | 97 +++++------------------- 2 files changed, 21 insertions(+), 82 deletions(-) diff --git a/shade/openstackcloud.py b/shade/openstackcloud.py index 278fa1d50..c8492e2a1 100644 --- a/shade/openstackcloud.py +++ b/shade/openstackcloud.py @@ -10711,11 +10711,7 @@ class OpenStackCloud( self.get_domain(domain)['id'] if user: - if 'domain' in data: - data['user'] = self.get_user( - user, filters=filters, domain_id=data['domain']) - else: - data['user'] = self.get_user(user, filters=filters) + data['user'] = self.get_user(user, filters=filters) if project: # drop domain in favor of project diff --git a/shade/tests/unit/test_role_assignment.py b/shade/tests/unit/test_role_assignment.py index 8af5bda17..3aedd0fd9 100644 --- a/shade/tests/unit/test_role_assignment.py +++ b/shade/tests/unit/test_role_assignment.py @@ -436,7 +436,6 @@ class TestRoleAssignment(base.RequestsMockTestCase): self.assert_calls() def test_grant_role_user_project_exists(self): - self.assertEqual(len(self.calls), 2) self.register_uris([ dict(method='GET', uri=self.get_mock_url(resource='roles'), @@ -497,7 +496,6 @@ class TestRoleAssignment(base.RequestsMockTestCase): entity_type='user', entity_id=self.user_data.user_id)}), ]) - self.assertEqual(len(self.calls), 10) self.assertFalse(self.op_cloud.grant_role( self.role_data.role_name, user=self.user_data.name, @@ -664,10 +662,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -693,16 +688,12 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json={'roles': [self.role_data.json_response['role']]}), dict(method='GET', - uri=self.get_mock_url( - resource='domains', - append=[self.domain_data.domain_id]), + uri=self.get_mock_url(resource='domains', + append=[self.domain_data.domain_id]), status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -733,10 +724,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -767,10 +755,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -822,10 +807,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -854,10 +836,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -886,10 +865,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -918,10 +894,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -1795,10 +1768,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -1821,10 +1791,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -1847,10 +1814,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -1873,10 +1837,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -1920,10 +1881,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -1959,10 +1917,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -1998,10 +1953,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -2037,10 +1989,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -2529,10 +2478,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET', @@ -2581,10 +2527,7 @@ class TestRoleAssignment(base.RequestsMockTestCase): status_code=200, json=self.domain_data.json_response), dict(method='GET', - uri=self.get_mock_url( - resource='users', - qs_elements=[ - 'domain_id=%s' % self.domain_data.domain_id]), + uri=self.get_mock_url(resource='users'), status_code=200, json={'users': [self.user_data.json_response['user']]}), dict(method='GET',