Populate user, project and domain names from token into context

These are useful for logging purposes and were not being populated before. Change-Id: I7a5ae7f3f79f047d27eb7b4229c81b060edee0a4
2017-11-09 17:43:23 +02:00 · 2017-11-09 17:43:23 +02:00 · 43bac9afd6
parent a6c4b75e1b
commit 43bac9afd6
2 changed files with 17 additions and 0 deletions
--- a/keystone/common/authorization.py
+++ b/keystone/common/authorization.py
@ -43,12 +43,19 @@ It is a dictionary with the following attributes:

 * ``token``: Token from the request
 * ``user_id``: user ID of the principal
+* ``user_name``: user name of the principal
 * ``user_domain_id`` (optional): Domain ID of the principal if the principal
                                 has a domain.
+* ``user_domain_name`` (optional): Domain name of the principal if the
+                                   principal has a domain.
 * ``project_id`` (optional): project ID of the scoped project if auth is
                             project-scoped
+* ``project_name`` (optional): project name of the scoped project if auth is
+                               project-scoped
 * ``project_domain_id`` (optional): Domain ID of the scoped project if auth is
                                    project-scoped.
+* ``project_domain_name`` (optional): Domain name of the scoped project if auth
+                                      is project-scoped.
 * ``domain_id`` (optional): domain ID of the scoped domain if auth is
                            domain-scoped
 * ``domain_name`` (optional): domain name of the scoped domain if auth is
@ -80,11 +87,15 @@ def token_to_auth_context(token):
    except KeyError:
        LOG.warning('RBAC: Invalid user data in token')
        raise exception.Unauthorized(_('No user_id in token'))
+    auth_context['user_name'] = token.user_name
    auth_context['user_domain_id'] = token.user_domain_id
+    auth_context['user_domain_name'] = token.user_domain_name

    if token.project_scoped:
        auth_context['project_id'] = token.project_id
+        auth_context['project_name'] = token.project_name
        auth_context['project_domain_id'] = token.project_domain_id
+        auth_context['project_domain_name'] = token.project_domain_name
        auth_context['is_domain'] = token.is_domain
    elif token.domain_scoped:
        auth_context['domain_id'] = token.domain_id
--- a/keystone/tests/unit/common/test_authorization.py
+++ b/keystone/tests/unit/common/test_authorization.py
@ -40,12 +40,18 @@ class TestTokenToAuthContext(unit.BaseTestCase):
        self.assertTrue(auth_context['is_delegated_auth'])
        self.assertEqual(token_data['token']['user']['id'],
                         auth_context['user_id'])
+        self.assertEqual(token_data['token']['user']['name'],
+                         auth_context['user_name'])
        self.assertEqual(token_data['token']['user']['domain']['id'],
                         auth_context['user_domain_id'])
+        self.assertEqual(token_data['token']['user']['domain']['name'],
+                         auth_context['user_domain_name'])
        self.assertEqual(token_data['token']['project']['id'],
                         auth_context['project_id'])
        self.assertEqual(token_data['token']['project']['domain']['id'],
                         auth_context['project_domain_id'])
+        self.assertEqual(token_data['token']['project']['domain']['name'],
+                         auth_context['project_domain_name'])
        self.assertNotIn('domain_id', auth_context)
        self.assertNotIn('domain_name', auth_context)
        self.assertEqual(token_data['token']['OS-TRUST:trust']['id'],