Merge pull request #22894 from 0xf10e/2014.7

Fix issue #22782
2025-04-17 10:10:20 +00:00 · 2015-04-21 12:55:18 -06:00 · 2015-04-21 12:55:18 -06:00 · f0939754a0
commit f0939754a0
parent c802ba7514 58fa24c7fa
1 changed files with 19 additions and 10 deletions
--- a/salt/states/keystone.py
+++ b/salt/states/keystone.py
@ -102,7 +102,16 @@ def user_present(name,
        Availability state for this user

    roles
-        The roles the user should have under tenants
+        The roles the user should have under given tenants.
+        Passed as a dictionary mapping tenant names to a list
+        of roles in this tenant, i.e.::
+
+            roles:
+                admin:   # tenant
+                  - admin  # role
+                service:
+                  - admin
+                  - Member
    '''
    ret = {'name': name,
           'changes': {},
@ -173,11 +182,11 @@ def user_present(name,
            ret['comment'] = 'User "{0}" has been updated'.format(name)
            ret['changes']['Password'] = 'Updated'
        if roles:
-            for tenant_role in roles:
+            for tenant in roles.keys():
                args = dict({'user_name': name, 'tenant_name':
-                             tenant_role, 'profile': profile}, **connection_args)
+                             tenant, 'profile': profile}, **connection_args)
                tenant_roles = __salt__['keystone.user_role_list'](**args)
-                for role in roles[tenant_role]:
+                for role in roles[tenant]:
                    if role not in tenant_roles:
                        if __opts__['test']:
                            ret['result'] = None
@ -187,7 +196,7 @@ def user_present(name,
                                ret['changes']['roles'] = [role]
                            continue
                        addargs = dict({'user': name, 'role': role,
-                                        'tenant': tenant_role,
+                                        'tenant': tenant,
                                        'profile': profile},
                                       **connection_args)
                        newrole = __salt__['keystone.user_role_add'](**addargs)
@ -195,7 +204,7 @@ def user_present(name,
                            ret['changes']['roles'].append(newrole)
                        else:
                            ret['changes']['roles'] = [newrole]
-                roles_to_remove = list(set(tenant_roles) - set(roles[tenant_role]))
+                roles_to_remove = list(set(tenant_roles) - set(roles[tenant]))
                for role in roles_to_remove:
                    if __opts__['test']:
                        ret['result'] = None
@ -205,7 +214,7 @@ def user_present(name,
                            ret['changes']['roles'] = [role]
                        continue
                    addargs = dict({'user': name, 'role': role,
-                                    'tenant': tenant_role,
+                                    'tenant': tenant,
                                    'profile': profile},
                                   **connection_args)
                    oldrole = __salt__['keystone.user_role_remove'](**addargs)
@ -228,11 +237,11 @@ def user_present(name,
                                         profile=profile,
                                         **connection_args)
        if roles:
-            for tenant_role in roles:
-                for role in roles[tenant_role]:
+            for tenant in roles.keys():
+                for role in roles[tenant]:
                    __salt__['keystone.user_role_add'](user=name,
                                                       role=role,
-                                                       tenant=tenant_role,
+                                                       tenant=tenant,
                                                       profile=profile,
                                                       **connection_args)
        ret['comment'] = 'Keystone user {0} has been added'.format(name)