openstack/ansible-config_template
Code Issues Proposed changes

Merge "Support users without projects in keystone library"

Browse Source
This commit is contained in:
Jenkins 2016-05-18 09:06:01 +00:00 committed by Gerrit Code Review
commit e8dec55732
1 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
library/keystone
View File

@ -375,14 +375,16 @@ COMMAND_MAP = {
'user_name', 'user_name',
'project_name', 'project_name',
'tenant_name', 'tenant_name',
'role_name' 'role_name',
'domain_name'
] ]
}, },
'ensure_group_role': { 'ensure_group_role': {
'variables': [ 'variables': [
'group_name', 'group_name',
'project_name', 'project_name',
'role_name' 'role_name',
'domain_name'
] ]
}, },
'ensure_project': { 'ensure_project': {
@ -739,7 +741,7 @@ class ManageKeystone(object):
domain = self._get_domain_from_vars(variables_dict) domain = self._get_domain_from_vars(variables_dict)
project = self._get_project(name=project_name) project = self._get_project(name=project_name)
if project is None: if project is None and project_name is not None:
self.failure( self.failure(
error='project [ %s ] was not found.' % project_name, error='project [ %s ] was not found.' % project_name,
rc=2, rc=2,
@ -826,7 +828,7 @@ class ManageKeystone(object):
user = None user = None
project = self._get_project(name=project_name) project = self._get_project(name=project_name)
if project is None: if project is None and project_name is not None:
self.failure( self.failure(
error='project [ %s ] was not found.' % project_name, error='project [ %s ] was not found.' % project_name,
rc=2, rc=2,
@ -874,10 +876,11 @@ class ManageKeystone(object):
return self._facts(facts={'id': role.id}) return self._facts(facts={'id': role.id})
def _get_user_roles(self, name, user, project): def _get_user_roles(self, name, user, project, domain):
role_list = self.keystone.roles.list( role_list = self.keystone.roles.list(
user=user, user=user,
project=project project=project,
domain=domain
) )
for entry in role_list: for entry in role_list:
if entry.name == name: if entry.name == name:
@ -909,21 +912,25 @@ class ManageKeystone(object):
variables_dict.pop('tenant_name')) variables_dict.pop('tenant_name'))
role_name = variables_dict.pop('role_name') role_name = variables_dict.pop('role_name')
if project_name is not None:
domain = None
user, project, role, group = self._get_role_data( user, project, role, group = self._get_role_data(
user_name=user_name, project_name=project_name, user_name=user_name, project_name=project_name,
role_name=role_name, group_name=None, domain=domain role_name=role_name, group_name=None, domain=domain
) )
user_role = self._get_user_roles( user_role = self._get_user_roles(
name=role_name, user=user, project=project name=role_name, user=user, project=project, domain=domain
) )
if user_role is None: if user_role is None:
self.state_change = True
self.keystone.roles.grant( self.keystone.roles.grant(
user=user, role=role, project=project user=user, role=role, project=project, domain=domain
) )
user_role = self._get_user_roles( user_role = self._get_user_roles(
name=role_name, user=user, project=project name=role_name, user=user, project=project, domain=domain
) )
return self._facts(facts={'id': user_role.id}) return self._facts(facts={'id': user_role.id})
@ -937,23 +944,28 @@ class ManageKeystone(object):
project_name = variables_dict.pop('project_name') project_name = variables_dict.pop('project_name')
role_name = variables_dict.pop('role_name') role_name = variables_dict.pop('role_name')
if project_name is not None:
domain = None
user, project, role, group = self._get_role_data( user, project, role, group = self._get_role_data(
group_name=group_name, project_name=project_name, group_name=group_name, project_name=project_name,
role_name=role_name, user_name=None, domain=domain role_name=role_name, user_name=None, domain=domain
) )
group_role = self._get_group_roles( group_role = self._get_group_roles(
name=role_name, group=group, project=project name=role_name, group=group, project=project, domain=domain
) )
if group_role is None: if group_role is None:
self.state_change = True
self.keystone.roles.grant( self.keystone.roles.grant(
group=group, role=role, project=project group=group, role=role, project=project, domain=domain
) )
group_role = self._get_group_roles( group_role = self._get_group_roles(
name=role_name, name=role_name,
group=group, group=group,
project=project project=project,
domain=domain
) )
return self._facts(facts={'id': group_role.id}) return self._facts(facts={'id': group_role.id})