yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1543318] [NEW] Token for trust does not expand implied roles

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Adam Young <1543318@xxxxxxxxxxxxxxxxxx>
Date: Mon, 08 Feb 2016 22:24:31 -0000
Reply-to: Bug 1543318 <1543318@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

def test_trusts_from_implied_role(self):
        self._create_three_roles()
        self._create_implied_role(self.role_list[0], self.role_list[1])
        self._create_implied_role(self.role_list[1], self.role_list[2])
        self._assign_top_role_to_user_on_project(self.user, self.project)

        # Create a trustee and assign the prior role to her
        trustee = unit.create_user(self.identity_api, domain_id=self.domain_id)
        ref = unit.new_trust_ref(
            trustor_user_id=self.user['id'],
            trustee_user_id=trustee['id'],
            project_id=self.project['id'],
            role_ids=[self.role_list[0]['id']])
        r = self.post('/OS-TRUST/trusts', body={'trust': ref})
        trust = r.result['trust']

        # Only the role that was specified is in the trust, NOT implies roles
        self.assertEqual(self.role_list[0]['id'], trust['roles'][0]['id'])
        self.assertThat(trust['roles'], matchers.HasLength(1))

        # Authenticate as the trustee
        auth_data = self.build_authentication_request(
            user_id=trustee['id'],
            password=trustee['password'],
            trust_id=trust['id'])
        r = self.v3_create_token(auth_data)
        token = r.result['token']

        # This fails
        self.assertThat(token['roles'], matchers.HasLength(3))

** Affects: keystone
     Importance: Undecided
     Assignee: Adam Young (ayoung)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Adam Young (ayoung)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1543318

Title:
  Token for trust does not expand implied roles

Status in OpenStack Identity (keystone):
  New

Bug description:
  def test_trusts_from_implied_role(self):
          self._create_three_roles()
          self._create_implied_role(self.role_list[0], self.role_list[1])
          self._create_implied_role(self.role_list[1], self.role_list[2])
          self._assign_top_role_to_user_on_project(self.user, self.project)

          # Create a trustee and assign the prior role to her
          trustee = unit.create_user(self.identity_api, domain_id=self.domain_id)
          ref = unit.new_trust_ref(
              trustor_user_id=self.user['id'],
              trustee_user_id=trustee['id'],
              project_id=self.project['id'],
              role_ids=[self.role_list[0]['id']])
          r = self.post('/OS-TRUST/trusts', body={'trust': ref})
          trust = r.result['trust']

          # Only the role that was specified is in the trust, NOT implies roles
          self.assertEqual(self.role_list[0]['id'], trust['roles'][0]['id'])
          self.assertThat(trust['roles'], matchers.HasLength(1))

          # Authenticate as the trustee
          auth_data = self.build_authentication_request(
              user_id=trustee['id'],
              password=trustee['password'],
              trust_id=trust['id'])
          r = self.v3_create_token(auth_data)
          token = r.result['token']

          # This fails
          self.assertThat(token['roles'], matchers.HasLength(3))

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1543318/+subscriptions

Follow ups

[Bug 1543318] Re: Token for trust does not expand implied roles
From: OpenStack Infra, 2016-02-15