Fix issue with v3 tokens and group membership roles
The driver calls used by v3 token controllers to obtain roles
for a user on both project and domain were incorrectly implemented,
leading to roles being missed out of the token. v2 tokens are not
affected, since they don't use the same driver calls.
This fixes these functions and adds additonal tests to cover the
cases (all of which would fail without this patch). As part of this
fix, the implementation of "get_roles_for_user_and_project() is
pulled up into the driver class (like the domain equivalent is already),
since, for all implementations, it is independant of backend technology.
Reviewed: https:/ /review. openstack. org/38484 github. com/openstack/ keystone/ commit/ 27a5b42dbbdcb1f 10138542cfa2fc5 584470bace
Committed: http://
Submitter: Jenkins
Branch: stable/grizzly
commit 27a5b42dbbdcb1f 10138542cfa2fc5 584470bace
Author: Henry Nash <email address hidden>
Date: Fri Jul 5 06:04:25 2013 +0100
Fix issue with v3 tokens and group membership roles
The driver calls used by v3 token controllers to obtain roles
for a user on both project and domain were incorrectly implemented,
leading to roles being missed out of the token. v2 tokens are not
affected, since they don't use the same driver calls.
This fixes these functions and adds additonal tests to cover the for_user_ and_project( ) is
cases (all of which would fail without this patch). As part of this
fix, the implementation of "get_roles_
pulled up into the driver class (like the domain equivalent is already),
since, for all implementations, it is independant of backend technology.
Fixes bug 1197874
Change-Id: I48aaf79241c873 77c6940ab6193fc 3acd4006c94