Use oslo.context's from_environ for creating context
The oslo.context from_environ method is designed to pick up the environment variables set by auth_token middleware and other common oslo middleware and correctly set those values on the context object. By using from_environ context and policy picks up values from the request without heat having to directly handle them. The malformed_role tests here are removed. The roles header is provided by auth_token middleware and now handled by oslo.context and do error handling their own way. We shouldn't need to test this handling in heat. Change-Id: I2707bda09a01bf79e75f36b98a48a02adcde5908
This commit is contained in:
parent
07399d4de5
commit
dd093f1891
|
@ -87,12 +87,15 @@ class RequestContext(context.RequestContext):
|
|||
:param overwrite: Set to False to ensure that the greenthread local
|
||||
copy of the index is not overwritten.
|
||||
"""
|
||||
if user_domain_id:
|
||||
kwargs['user_domain'] = user_domain_id
|
||||
if project_domain_id:
|
||||
kwargs['project_domain'] = project_domain_id
|
||||
|
||||
super(RequestContext, self).__init__(is_admin=is_admin,
|
||||
read_only=read_only,
|
||||
show_deleted=show_deleted,
|
||||
request_id=request_id,
|
||||
user_domain=user_domain_id,
|
||||
project_domain=project_domain_id,
|
||||
roles=roles,
|
||||
overwrite=overwrite,
|
||||
**kwargs)
|
||||
|
@ -330,10 +333,6 @@ class ContextMiddleware(wsgi.Middleware):
|
|||
|
||||
super(ContextMiddleware, self).__init__(app)
|
||||
|
||||
def make_context(self, *args, **kwargs):
|
||||
"""Create a context with the given arguments."""
|
||||
return self.ctxcls(*args, **kwargs)
|
||||
|
||||
def process_request(self, req):
|
||||
"""Constructs an appropriate context from extracted auth information.
|
||||
|
||||
|
@ -343,52 +342,36 @@ class ContextMiddleware(wsgi.Middleware):
|
|||
headers = req.headers
|
||||
environ = req.environ
|
||||
|
||||
try:
|
||||
username = None
|
||||
password = None
|
||||
aws_creds = None
|
||||
username = None
|
||||
password = None
|
||||
aws_creds = None
|
||||
|
||||
if headers.get('X-Auth-User') is not None:
|
||||
username = headers.get('X-Auth-User')
|
||||
password = headers.get('X-Auth-Key')
|
||||
elif headers.get('X-Auth-EC2-Creds') is not None:
|
||||
aws_creds = headers.get('X-Auth-EC2-Creds')
|
||||
if headers.get('X-Auth-User') is not None:
|
||||
username = headers.get('X-Auth-User')
|
||||
password = headers.get('X-Auth-Key')
|
||||
elif headers.get('X-Auth-EC2-Creds') is not None:
|
||||
aws_creds = headers.get('X-Auth-EC2-Creds')
|
||||
|
||||
user_id = headers.get('X-User-Id')
|
||||
user_domain_id = headers.get('X_User_Domain_Id')
|
||||
token = headers.get('X-Auth-Token')
|
||||
project_name = headers.get('X-Project-Name')
|
||||
tenant_id = headers.get('X-Project-Id')
|
||||
project_domain_id = headers.get('X_Project_Domain_Id')
|
||||
region_name = headers.get('X-Region-Name')
|
||||
auth_url = headers.get('X-Auth-Url')
|
||||
project_name = headers.get('X-Project-Name')
|
||||
region_name = headers.get('X-Region-Name')
|
||||
auth_url = headers.get('X-Auth-Url')
|
||||
|
||||
roles = headers.get('X-Roles')
|
||||
if roles is not None:
|
||||
roles = roles.split(',')
|
||||
token_info = environ.get('keystone.token_info')
|
||||
auth_plugin = environ.get('keystone.token_auth')
|
||||
req_id = environ.get(oslo_request_id.ENV_REQUEST_ID)
|
||||
token_info = environ.get('keystone.token_info')
|
||||
auth_plugin = environ.get('keystone.token_auth')
|
||||
req_id = environ.get(oslo_request_id.ENV_REQUEST_ID)
|
||||
|
||||
except Exception:
|
||||
raise exception.NotAuthenticated()
|
||||
|
||||
req.context = self.make_context(
|
||||
auth_token=token,
|
||||
tenant=tenant_id,
|
||||
req.context = self.ctxcls.from_environ(
|
||||
environ,
|
||||
project_name=project_name,
|
||||
aws_creds=aws_creds,
|
||||
username=username,
|
||||
user=user_id,
|
||||
password=password,
|
||||
auth_url=auth_url,
|
||||
roles=roles,
|
||||
request_id=req_id,
|
||||
auth_token_info=token_info,
|
||||
region_name=region_name,
|
||||
auth_plugin=auth_plugin,
|
||||
user_domain_id=user_domain_id,
|
||||
project_domain_id=project_domain_id)
|
||||
)
|
||||
|
||||
|
||||
def ContextMiddleware_filter_factory(global_conf, **local_conf):
|
||||
|
|
|
@ -241,7 +241,6 @@ class RequestContextMiddlewareTest(common.HeatTestCase):
|
|||
dict(
|
||||
environ=None,
|
||||
headers={},
|
||||
expected_exception=None,
|
||||
context_dict={
|
||||
'auth_token': None,
|
||||
'auth_token_info': None,
|
||||
|
@ -274,7 +273,6 @@ class RequestContextMiddlewareTest(common.HeatTestCase):
|
|||
'X-Auth-Url': 'http://192.0.2.1:5000/v1',
|
||||
'X-Roles': 'role1,role2,role3'
|
||||
},
|
||||
expected_exception=None,
|
||||
context_dict={
|
||||
'auth_token': 'atoken',
|
||||
'auth_url': 'http://192.0.2.1:5000/v1',
|
||||
|
@ -304,7 +302,6 @@ class RequestContextMiddlewareTest(common.HeatTestCase):
|
|||
'X-Auth-Url': 'http://192.0.2.1:5000/v1',
|
||||
'X-Roles': 'role1,role2,role3',
|
||||
},
|
||||
expected_exception=None,
|
||||
context_dict={
|
||||
'auth_token': 'atoken',
|
||||
'auth_url': 'http://192.0.2.1:5000/v1',
|
||||
|
@ -333,7 +330,6 @@ class RequestContextMiddlewareTest(common.HeatTestCase):
|
|||
'X-Auth-Url': 'http://192.0.2.1:5000/v1',
|
||||
'X-Roles': 'role1,role2,role3',
|
||||
},
|
||||
expected_exception=None,
|
||||
context_dict={
|
||||
'auth_token': 'atoken2',
|
||||
'auth_token_info': {'info': 123},
|
||||
|
@ -351,14 +347,6 @@ class RequestContextMiddlewareTest(common.HeatTestCase):
|
|||
'user_id': '7a87ff18-31c6-45ce-a186-ec7987f488c3',
|
||||
'username': None
|
||||
})
|
||||
), (
|
||||
'malformed_roles',
|
||||
dict(
|
||||
environ=None,
|
||||
headers={
|
||||
'X-Roles': [],
|
||||
},
|
||||
expected_exception=exception.NotAuthenticated)
|
||||
)]
|
||||
|
||||
def setUp(self):
|
||||
|
@ -372,15 +360,12 @@ class RequestContextMiddlewareTest(common.HeatTestCase):
|
|||
middleware = context.ContextMiddleware(None, None)
|
||||
request = webob.Request.blank('/stacks', headers=self.headers,
|
||||
environ=self.environ)
|
||||
if self.expected_exception:
|
||||
self.assertRaises(
|
||||
self.expected_exception, middleware.process_request, request)
|
||||
else:
|
||||
self.assertIsNone(middleware.process_request(request))
|
||||
ctx = request.context.to_dict()
|
||||
for k, v in self.context_dict.items():
|
||||
self.assertEqual(v, ctx[k], 'Key %s values do not match' % k)
|
||||
self.assertIsNotNone(ctx.get('request_id'))
|
||||
|
||||
self.assertIsNone(middleware.process_request(request))
|
||||
ctx = request.context.to_dict()
|
||||
for k, v in self.context_dict.items():
|
||||
self.assertEqual(v, ctx[k], 'Key %s values do not match' % k)
|
||||
self.assertIsNotNone(ctx.get('request_id'))
|
||||
|
||||
def test_context_middleware_with_requestid(self):
|
||||
|
||||
|
@ -389,14 +374,11 @@ class RequestContextMiddlewareTest(common.HeatTestCase):
|
|||
environ=self.environ)
|
||||
req_id = 'req-5a63f0d7-1b69-447b-b621-4ea87cc7186d'
|
||||
request.environ[request_id.ENV_REQUEST_ID] = req_id
|
||||
if self.expected_exception:
|
||||
self.assertRaises(
|
||||
self.expected_exception, middleware.process_request, request)
|
||||
else:
|
||||
self.assertIsNone(middleware.process_request(request))
|
||||
ctx = request.context.to_dict()
|
||||
for k, v in self.context_dict.items():
|
||||
self.assertEqual(v, ctx[k], 'Key %s values do not match' % k)
|
||||
self.assertEqual(
|
||||
ctx.get('request_id'), req_id,
|
||||
'Key request_id values do not match')
|
||||
|
||||
self.assertIsNone(middleware.process_request(request))
|
||||
ctx = request.context.to_dict()
|
||||
for k, v in self.context_dict.items():
|
||||
self.assertEqual(v, ctx[k], 'Key %s values do not match' % k)
|
||||
self.assertEqual(
|
||||
ctx.get('request_id'), req_id,
|
||||
'Key request_id values do not match')
|
||||
|
|
Loading…
Reference in New Issue