Fix environ keys missing HTTP_ prefix

The _fmt_msg() function constructs a debug message using
identity attributes from the request environ dict, but
accesses these using keys such as X_USER_ID, when the
correct key should be HTTP_X_USER_ID. Consequently no
identity attribute values are ever included in the debug
log message.

This patch adds the missing HTTP_ prefix to the keys and
adds an assertion to the unit tests to verify that the debug
log is generated as expected.

Closes-Bug: 1408602
Change-Id: Ib309abcb3d0f15a20ae581105de1f8964497e5a2

keystonemiddleware/auth_token.py

@@ -767,10 +767,10 @@ class AuthProtocol(object):
         def _fmt_msg(env):
             msg = ('user: user_id %s, project_id %s, roles %s '
                    'service: user_id %s, project_id %s, roles %s' % (
-                   env.get('X_USER_ID'), env.get('X_PROJECT_ID'),
-                   env.get('X_ROLES'), env.get('X_SERVICE_USER_ID'),
-                   env.get('X_SERVICE_PROJECT_ID'),
-                   env.get('X_SERVICE_ROLES')))
+                   env.get('HTTP_X_USER_ID'), env.get('HTTP_X_PROJECT_ID'),
+                   env.get('HTTP_X_ROLES'), env.get('HTTP_X_SERVICE_USER_ID'),
+                   env.get('HTTP_X_SERVICE_PROJECT_ID'),
+                   env.get('HTTP_X_SERVICE_ROLES')))
             return msg
 
         self._token_cache.initialize(env)

keystonemiddleware/tests/test_auth_token_middleware.py

@@ -2133,9 +2133,21 @@ class CommonCompositeAuthTests(object):
         service_token = self.token_dict['uuid_service_token_default']
         req.headers['X-Auth-Token'] = token
         req.headers['X-Service-Token'] = service_token
+        fake_logger = fixtures.FakeLogger(level=logging.DEBUG)
+        self.middleware.logger = self.useFixture(fake_logger)
         body = self.middleware(req.environ, self.start_fake_response)
         self.assertEqual(200, self.response_status)
         self.assertEqual([FakeApp.SUCCESS], body)
+        expected_env = dict(EXPECTED_V2_DEFAULT_ENV_RESPONSE)
+        expected_env.update(EXPECTED_V2_DEFAULT_SERVICE_ENV_RESPONSE)
+        self.assertIn('Received request from user: '
+                      'user_id %(HTTP_X_USER_ID)s, '
+                      'project_id %(HTTP_X_TENANT_ID)s, '
+                      'roles %(HTTP_X_ROLES)s '
+                      'service: user_id %(HTTP_X_SERVICE_USER_ID)s, '
+                      'project_id %(HTTP_X_SERVICE_PROJECT_ID)s, '
+                      'roles %(HTTP_X_SERVICE_ROLES)s' % expected_env,
+                      fake_logger.output)
 
     def test_composite_auth_invalid_service_token(self):
         req = webob.Request.blank('/')