2 files changed, 26 insertions, 10 deletions

diff --git a/keystone-moon/keystone/resource/backends/ldap.py b/keystone-moon/keystone/resource/backends/ldap.py
index 434c2b04..43684035 100644
--- a/keystone-moon/keystone/resource/backends/ldap.py
+++ b/keystone-moon/keystone/resource/backends/ldap.py
@@ -17,7 +17,7 @@ import uuid
 from oslo_config import cfg
 from oslo_log import log
 
-from keystone import clean
+from keystone.common import clean
 from keystone.common import driver_hints
 from keystone.common import ldap as common_ldap
 from keystone.common import models
@@ -47,7 +47,7 @@ class Resource(resource.Driver):
         self.project = ProjectApi(CONF)
 
     def default_assignment_driver(self):
-        return 'keystone.assignment.backends.ldap.Assignment'
+        return 'ldap'
 
     def _set_default_parent_project(self, ref):
         """If the parent project ID has not been set, set it to None."""
@@ -60,6 +60,14 @@ class Resource(resource.Driver):
         else:
             raise ValueError(_('Expected dict or list: %s') % type(ref))
 
+    def _set_default_is_domain_project(self, ref):
+        if isinstance(ref, dict):
+            return dict(ref, is_domain=False)
+        elif isinstance(ref, list):
+            return [self._set_default_is_domain_project(x) for x in ref]
+        else:
+            raise ValueError(_('Expected dict or list: %s') % type(ref))
+
     def _validate_parent_project_is_none(self, ref):
         """If a parent_id different from None was given,
            raises InvalidProjectException.
@@ -69,8 +77,15 @@ class Resource(resource.Driver):
         if parent_id is not None:
             raise exception.InvalidParentProject(parent_id)
 
+    def _validate_is_domain_field_is_false(self, ref):
+        is_domain = ref.pop('is_domain', None)
+        if is_domain:
+            raise exception.ValidationError(_('LDAP does not support projects '
+                                              'with is_domain flag enabled'))
+
     def _set_default_attributes(self, project_ref):
         project_ref = self._set_default_domain(project_ref)
+        project_ref = self._set_default_is_domain_project(project_ref)
         return self._set_default_parent_project(project_ref)
 
     def get_project(self, tenant_id):
@@ -116,8 +131,8 @@ class Resource(resource.Driver):
 
     def create_project(self, tenant_id, tenant):
         self.project.check_allow_create()
-        tenant = self._validate_default_domain(tenant)
         self._validate_parent_project_is_none(tenant)
+        self._validate_is_domain_field_is_false(tenant)
         tenant['name'] = clean.project_name(tenant['name'])
         data = tenant.copy()
         if 'id' not in data or data['id'] is None:
@@ -130,6 +145,7 @@ class Resource(resource.Driver):
     def update_project(self, tenant_id, tenant):
         self.project.check_allow_update()
         tenant = self._validate_default_domain(tenant)
+        self._validate_is_domain_field_is_false(tenant)
         if 'name' in tenant:
             tenant['name'] = clean.project_name(tenant['name'])
         return self._set_default_attributes(
diff --git a/keystone-moon/keystone/resource/backends/sql.py b/keystone-moon/keystone/resource/backends/sql.py
index fb117240..3a0d8cea 100644
--- a/keystone-moon/keystone/resource/backends/sql.py
+++ b/keystone-moon/keystone/resource/backends/sql.py
@@ -13,7 +13,7 @@
 from oslo_config import cfg
 from oslo_log import log
 
-from keystone import clean
+from keystone.common import clean
 from keystone.common import sql
 from keystone import exception
 from keystone.i18n import _LE
@@ -27,7 +27,7 @@ LOG = log.getLogger(__name__)
 class Resource(keystone_resource.Driver):
 
     def default_assignment_driver(self):
-        return 'keystone.assignment.backends.sql.Assignment'
+        return 'sql'
 
     def _get_project(self, session, project_id):
         project_ref = session.query(Project).get(project_id)
@@ -91,10 +91,9 @@ class Resource(keystone_resource.Driver):
 
     def list_projects_in_subtree(self, project_id):
         with sql.transaction() as session:
-            project = self._get_project(session, project_id).to_dict()
-            children = self._get_children(session, [project['id']])
+            children = self._get_children(session, [project_id])
             subtree = []
-            examined = set(project['id'])
+            examined = set([project_id])
             while children:
                 children_ids = set()
                 for ref in children:
@@ -106,7 +105,7 @@ class Resource(keystone_resource.Driver):
                         return
                     children_ids.add(ref['id'])
 
-                examined.union(children_ids)
+                examined.update(children_ids)
                 subtree += children
                 children = self._get_children(session, children_ids)
             return subtree
@@ -246,7 +245,7 @@ class Domain(sql.ModelBase, sql.DictBase):
 class Project(sql.ModelBase, sql.DictBase):
     __tablename__ = 'project'
     attributes = ['id', 'name', 'domain_id', 'description', 'enabled',
-                  'parent_id']
+                  'parent_id', 'is_domain']
     id = sql.Column(sql.String(64), primary_key=True)
     name = sql.Column(sql.String(64), nullable=False)
     domain_id = sql.Column(sql.String(64), sql.ForeignKey('domain.id'),
@@ -255,6 +254,7 @@ class Project(sql.ModelBase, sql.DictBase):
     enabled = sql.Column(sql.Boolean)
     extra = sql.Column(sql.JsonBlob())
     parent_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'))
+    is_domain = sql.Column(sql.Boolean, default=False, nullable=False)
     # Unique constraint across two columns to create the separation
     # rather than just only 'name' being unique
     __table_args__ = (sql.UniqueConstraint('domain_id', 'name'), {})