openstack/ansible-config_template
Code Issues Proposed changes

Merge "Support users without projects in keystone library"

Browse Source
This commit is contained in:
Jenkins 2016-05-18 09:06:01 +00:00 committed by Gerrit Code Review
commit e8dec55732
1 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
library/keystone
View File

@ -375,14 +375,16 @@ COMMAND_MAP = {
'user_name',
'project_name',
'tenant_name',
'role_name'
'role_name',
'domain_name'
]
},
'ensure_group_role': {
'variables': [
'group_name',
'project_name',
'role_name'
'role_name',
'domain_name'
]
},
'ensure_project': {
@ -739,7 +741,7 @@ class ManageKeystone(object):
domain = self._get_domain_from_vars(variables_dict)
project = self._get_project(name=project_name)
if project is None:
if project is None and project_name is not None:
self.failure(
error='project [ %s ] was not found.' % project_name,
rc=2,
@ -826,7 +828,7 @@ class ManageKeystone(object):
user = None
project = self._get_project(name=project_name)
if project is None:
if project is None and project_name is not None:
self.failure(
error='project [ %s ] was not found.' % project_name,
rc=2,
@ -874,10 +876,11 @@ class ManageKeystone(object):
return self._facts(facts={'id': role.id})
def _get_user_roles(self, name, user, project):
def _get_user_roles(self, name, user, project, domain):
role_list = self.keystone.roles.list(
user=user,
project=project
project=project,
domain=domain
)
for entry in role_list:
if entry.name == name:
@ -909,21 +912,25 @@ class ManageKeystone(object):
variables_dict.pop('tenant_name'))
role_name = variables_dict.pop('role_name')
if project_name is not None:
domain = None
user, project, role, group = self._get_role_data(
user_name=user_name, project_name=project_name,
role_name=role_name, group_name=None, domain=domain
)
user_role = self._get_user_roles(
name=role_name, user=user, project=project
name=role_name, user=user, project=project, domain=domain
)
if user_role is None:
self.state_change = True
self.keystone.roles.grant(
user=user, role=role, project=project
user=user, role=role, project=project, domain=domain
)
user_role = self._get_user_roles(
name=role_name, user=user, project=project
name=role_name, user=user, project=project, domain=domain
)
return self._facts(facts={'id': user_role.id})
@ -937,23 +944,28 @@ class ManageKeystone(object):
project_name = variables_dict.pop('project_name')
role_name = variables_dict.pop('role_name')
if project_name is not None:
domain = None
user, project, role, group = self._get_role_data(
group_name=group_name, project_name=project_name,
role_name=role_name, user_name=None, domain=domain
)
group_role = self._get_group_roles(
name=role_name, group=group, project=project
name=role_name, group=group, project=project, domain=domain
)
if group_role is None:
self.state_change = True
self.keystone.roles.grant(
group=group, role=role, project=project
group=group, role=role, project=project, domain=domain
)
group_role = self._get_group_roles(
name=role_name,
group=group,
project=project
project=project,
domain=domain
)
return self._facts(facts={'id': group_role.id})