Add roles to context
We use oslo.policy to check the policy. Oslo.policy needs roles held for the given token scope [1]. So we should add roles to context. [1]http://docs.openstack.org/developer/oslo.policy/ api/oslo_policy.html#generic-checks Change-Id: I95afbf57f185ca1db9c68781c2fcd78cbafc1e17 Closes-Bug: #1489832
This commit is contained in:
parent
52b0e32db0
commit
86ed292e52
|
@ -43,6 +43,8 @@ class ContextHook(hooks.PecanHook):
|
|||
X-Auth-Token:
|
||||
Used for context.auth_token.
|
||||
|
||||
X-Roles:
|
||||
Used for context.roles.
|
||||
"""
|
||||
|
||||
def before(self, state):
|
||||
|
@ -54,6 +56,7 @@ class ContextHook(hooks.PecanHook):
|
|||
domain_id = headers.get('X-User-Domain-Id')
|
||||
domain_name = headers.get('X-User-Domain-Name')
|
||||
auth_token = headers.get('X-Auth-Token')
|
||||
roles = headers.get('X-Roles', '').split(',')
|
||||
auth_token_info = state.request.environ.get('keystone.token_info')
|
||||
|
||||
auth_url = headers.get('X-Auth-Url')
|
||||
|
@ -70,7 +73,8 @@ class ContextHook(hooks.PecanHook):
|
|||
project_name=project,
|
||||
project_id=project_id,
|
||||
domain_id=domain_id,
|
||||
domain_name=domain_name)
|
||||
domain_name=domain_name,
|
||||
roles=roles)
|
||||
|
||||
|
||||
class RPCHook(hooks.PecanHook):
|
||||
|
|
|
@ -19,10 +19,10 @@ class RequestContext(context.RequestContext):
|
|||
|
||||
def __init__(self, auth_token=None, auth_url=None, domain_id=None,
|
||||
domain_name=None, user_name=None, user_id=None,
|
||||
project_name=None, project_id=None, is_admin=False,
|
||||
is_public_api=False, read_only=False, show_deleted=False,
|
||||
request_id=None, trust_id=None, auth_token_info=None,
|
||||
all_tenants=False, **kwargs):
|
||||
project_name=None, project_id=None, roles=None,
|
||||
is_admin=False, is_public_api=False, read_only=False,
|
||||
show_deleted=False, request_id=None, trust_id=None,
|
||||
auth_token_info=None, all_tenants=False, **kwargs):
|
||||
"""Stores several additional request parameters:
|
||||
|
||||
:param domain_id: The ID of the domain.
|
||||
|
@ -38,6 +38,7 @@ class RequestContext(context.RequestContext):
|
|||
self.project_id = project_id
|
||||
self.domain_id = domain_id
|
||||
self.domain_name = domain_name
|
||||
self.roles = roles
|
||||
self.auth_url = auth_url
|
||||
self.auth_token_info = auth_token_info
|
||||
self.trust_id = trust_id
|
||||
|
|
|
@ -22,6 +22,7 @@ fakeAuthTokenHeaders = {'X-User-Id': u'773a902f022949619b5c2f32cd89d419',
|
|||
'X-Auth-Token': u'5588aebbcdc24e17a061595f80574376',
|
||||
'X-Forwarded-For': u'10.10.10.10, 11.11.11.11',
|
||||
'X-Service-Catalog': u'{test: 12345}',
|
||||
'X-Roles': 'role1,role2',
|
||||
'X-Auth-Url': 'fake_auth_url',
|
||||
'X-Identity-Status': 'Confirmed',
|
||||
'X-User-Domain-Name': 'domain',
|
||||
|
|
|
@ -47,6 +47,8 @@ class TestContextHook(base.BaseTestCase):
|
|||
fakes.fakeAuthTokenHeaders['X-User-Name'])
|
||||
self.assertEqual(ctx.user_id,
|
||||
fakes.fakeAuthTokenHeaders['X-User-Id'])
|
||||
self.assertEqual(','.join(ctx.roles),
|
||||
fakes.fakeAuthTokenHeaders['X-Roles'])
|
||||
self.assertEqual(ctx.auth_url,
|
||||
fakes.fakeAuthTokenHeaders['X-Auth-Url'])
|
||||
self.assertEqual(ctx.domain_name,
|
||||
|
|
Loading…
Reference in New Issue