Merge "Add is_admin_project to context"
This commit is contained in:
commit
9feb9db8d6
|
@ -73,11 +73,16 @@ class RequestContext(object):
|
||||||
read_only=False, show_deleted=False, request_id=None,
|
read_only=False, show_deleted=False, request_id=None,
|
||||||
resource_uuid=None, overwrite=True, roles=None,
|
resource_uuid=None, overwrite=True, roles=None,
|
||||||
user_name=None, project_name=None, domain_name=None,
|
user_name=None, project_name=None, domain_name=None,
|
||||||
user_domain_name=None, project_domain_name=None):
|
user_domain_name=None, project_domain_name=None,
|
||||||
|
is_admin_project=True):
|
||||||
"""Initialize the RequestContext
|
"""Initialize the RequestContext
|
||||||
|
|
||||||
:param overwrite: Set to False to ensure that the greenthread local
|
:param overwrite: Set to False to ensure that the greenthread local
|
||||||
copy of the index is not overwritten.
|
copy of the index is not overwritten.
|
||||||
|
:param is_admin_project: Whether the specified project is specified in
|
||||||
|
the token as the admin project. Defaults to
|
||||||
|
True for backwards compatibility.
|
||||||
|
:type is_admin_project: bool
|
||||||
"""
|
"""
|
||||||
self.auth_token = auth_token
|
self.auth_token = auth_token
|
||||||
self.user = user
|
self.user = user
|
||||||
|
@ -93,6 +98,7 @@ class RequestContext(object):
|
||||||
self.project_domain = project_domain
|
self.project_domain = project_domain
|
||||||
self.project_domain_name = project_domain_name
|
self.project_domain_name = project_domain_name
|
||||||
self.is_admin = is_admin
|
self.is_admin = is_admin
|
||||||
|
self.is_admin_project = is_admin_project
|
||||||
self.read_only = read_only
|
self.read_only = read_only
|
||||||
self.show_deleted = show_deleted
|
self.show_deleted = show_deleted
|
||||||
self.resource_uuid = resource_uuid
|
self.resource_uuid = resource_uuid
|
||||||
|
@ -123,7 +129,8 @@ class RequestContext(object):
|
||||||
'user_domain_id': self.user_domain,
|
'user_domain_id': self.user_domain,
|
||||||
'project_id': self.tenant,
|
'project_id': self.tenant,
|
||||||
'project_domain_id': self.project_domain,
|
'project_domain_id': self.project_domain,
|
||||||
'roles': self.roles}
|
'roles': self.roles,
|
||||||
|
'is_admin_project': self.is_admin_project}
|
||||||
|
|
||||||
def to_dict(self):
|
def to_dict(self):
|
||||||
"""Return a dictionary of context attributes."""
|
"""Return a dictionary of context attributes."""
|
||||||
|
@ -146,7 +153,8 @@ class RequestContext(object):
|
||||||
'request_id': self.request_id,
|
'request_id': self.request_id,
|
||||||
'resource_uuid': self.resource_uuid,
|
'resource_uuid': self.resource_uuid,
|
||||||
'roles': self.roles,
|
'roles': self.roles,
|
||||||
'user_identity': user_idt}
|
'user_identity': user_idt,
|
||||||
|
'is_admin_project': self.is_admin_project}
|
||||||
|
|
||||||
def get_logging_values(self):
|
def get_logging_values(self):
|
||||||
"""Return a dictionary of logging specific context attributes."""
|
"""Return a dictionary of logging specific context attributes."""
|
||||||
|
@ -196,6 +204,13 @@ class RequestContext(object):
|
||||||
roles = [r.strip() for r in roles.split(',')] if roles else []
|
roles = [r.strip() for r in roles.split(',')] if roles else []
|
||||||
kwargs['roles'] = roles
|
kwargs['roles'] = roles
|
||||||
|
|
||||||
|
if 'is_admin_project' not in kwargs:
|
||||||
|
# NOTE(jamielennox): we default is_admin_project to true because if
|
||||||
|
# nothing is provided we have to assume it is the admin project to
|
||||||
|
# make old policy continue to work.
|
||||||
|
is_admin_proj_str = environ.get('HTTP_X_IS_ADMIN_PROJECT', 'true')
|
||||||
|
kwargs['is_admin_project'] = is_admin_proj_str.lower() == 'true'
|
||||||
|
|
||||||
return cls(**kwargs)
|
return cls(**kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -244,6 +244,22 @@ class ContextTest(test_base.BaseTestCase):
|
||||||
ctx = context.RequestContext.from_environ(environ=environ)
|
ctx = context.RequestContext.from_environ(environ=environ)
|
||||||
self.assertEqual(['abc', 'def', 'ghi'], ctx.roles)
|
self.assertEqual(['abc', 'def', 'ghi'], ctx.roles)
|
||||||
|
|
||||||
|
def test_environ_admin_project(self):
|
||||||
|
environ = {}
|
||||||
|
ctx = context.RequestContext.from_environ(environ=environ)
|
||||||
|
self.assertIs(True, ctx.is_admin_project)
|
||||||
|
self.assertIs(True, ctx.to_policy_values()['is_admin_project'])
|
||||||
|
|
||||||
|
environ = {'HTTP_X_IS_ADMIN_PROJECT': 'True'}
|
||||||
|
ctx = context.RequestContext.from_environ(environ=environ)
|
||||||
|
self.assertIs(True, ctx.is_admin_project)
|
||||||
|
self.assertIs(True, ctx.to_policy_values()['is_admin_project'])
|
||||||
|
|
||||||
|
environ = {'HTTP_X_IS_ADMIN_PROJECT': 'False'}
|
||||||
|
ctx = context.RequestContext.from_environ(environ=environ)
|
||||||
|
self.assertIs(False, ctx.is_admin_project)
|
||||||
|
self.assertIs(False, ctx.to_policy_values()['is_admin_project'])
|
||||||
|
|
||||||
def test_from_function_and_args(self):
|
def test_from_function_and_args(self):
|
||||||
ctx = context.RequestContext(user="user1")
|
ctx = context.RequestContext(user="user1")
|
||||||
arg = []
|
arg = []
|
||||||
|
@ -393,6 +409,7 @@ class ContextTest(test_base.BaseTestCase):
|
||||||
project_domain = uuid.uuid4().hex
|
project_domain = uuid.uuid4().hex
|
||||||
roles = [uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex]
|
roles = [uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex]
|
||||||
|
|
||||||
|
# default is_admin_project is True
|
||||||
ctx = context.RequestContext(user=user,
|
ctx = context.RequestContext(user=user,
|
||||||
user_domain=user_domain,
|
user_domain=user_domain,
|
||||||
tenant=tenant,
|
tenant=tenant,
|
||||||
|
@ -403,4 +420,22 @@ class ContextTest(test_base.BaseTestCase):
|
||||||
'user_domain_id': user_domain,
|
'user_domain_id': user_domain,
|
||||||
'project_id': tenant,
|
'project_id': tenant,
|
||||||
'project_domain_id': project_domain,
|
'project_domain_id': project_domain,
|
||||||
'roles': roles}, ctx.to_policy_values())
|
'roles': roles,
|
||||||
|
'is_admin_project': True},
|
||||||
|
ctx.to_policy_values())
|
||||||
|
|
||||||
|
# is_admin_project False gets passed through
|
||||||
|
ctx = context.RequestContext(user=user,
|
||||||
|
user_domain=user_domain,
|
||||||
|
tenant=tenant,
|
||||||
|
project_domain=project_domain,
|
||||||
|
roles=roles,
|
||||||
|
is_admin_project=False)
|
||||||
|
|
||||||
|
self.assertEqual({'user_id': user,
|
||||||
|
'user_domain_id': user_domain,
|
||||||
|
'project_id': tenant,
|
||||||
|
'project_domain_id': project_domain,
|
||||||
|
'roles': roles,
|
||||||
|
'is_admin_project': False},
|
||||||
|
ctx.to_policy_values())
|
||||||
|
|
Loading…
Reference in New Issue