yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1543318] Re: Token for trust does not expand implied roles

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1543318@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Feb 2016 10:56:26 -0000
Reply-to: Bug 1543318 <1543318@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/279835
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=790b8c22bea9336abe2ce301fda5962021974ded
Submitter: Jenkins
Branch:    master

commit 790b8c22bea9336abe2ce301fda5962021974ded
Author: Adam Young <ayoung@xxxxxxxxxx>
Date:   Fri Feb 12 18:16:05 2016 -0500

    Expand implied roles in trust tokens
    
    Closes-Bug: 1543318
    
    Change-Id: Iadcedaec184c7ca14ecd6ad5035265a310e2d5d2


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1543318

Title:
  Token for trust does not expand implied roles

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  def test_trusts_from_implied_role(self):
          self._create_three_roles()
          self._create_implied_role(self.role_list[0], self.role_list[1])
          self._create_implied_role(self.role_list[1], self.role_list[2])
          self._assign_top_role_to_user_on_project(self.user, self.project)

          # Create a trustee and assign the prior role to her
          trustee = unit.create_user(self.identity_api, domain_id=self.domain_id)
          ref = unit.new_trust_ref(
              trustor_user_id=self.user['id'],
              trustee_user_id=trustee['id'],
              project_id=self.project['id'],
              role_ids=[self.role_list[0]['id']])
          r = self.post('/OS-TRUST/trusts', body={'trust': ref})
          trust = r.result['trust']

          # Only the role that was specified is in the trust, NOT implies roles
          self.assertEqual(self.role_list[0]['id'], trust['roles'][0]['id'])
          self.assertThat(trust['roles'], matchers.HasLength(1))

          # Authenticate as the trustee
          auth_data = self.build_authentication_request(
              user_id=trustee['id'],
              password=trustee['password'],
              trust_id=trust['id'])
          r = self.v3_create_token(auth_data)
          token = r.result['token']

          # This fails
          self.assertThat(token['roles'], matchers.HasLength(3))

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1543318/+subscriptions

References

[Bug 1543318] [NEW] Token for trust does not expand implied roles
From: Adam Young, 2016-02-08