summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-05-30 22:26:01 +0000
committerGerrit Code Review <review@openstack.org>2018-05-30 22:26:01 +0000
commitb1ba490ac5520f34f560b1be9290f020f6c8e2e7 (patch)
tree4ec82d9c9ab5730215d98e5c8a89dc2cac4e14c5
parentbcf546548a1adc79e90592c825a9f69a96f64088 (diff)
parent1a40b3d43bac5244bcba6bdbc4802fb76430d8d3 (diff)
Merge "Implement system-scope"2.21.0
-rw-r--r--oslo_context/context.py12
-rw-r--r--oslo_context/tests/test_context.py28
2 files changed, 39 insertions, 1 deletions
diff --git a/oslo_context/context.py b/oslo_context/context.py
index 6475c2c..731b36e 100644
--- a/oslo_context/context.py
+++ b/oslo_context/context.py
@@ -49,6 +49,7 @@ _ENVIRON_HEADERS = {
49 'project_id': ['HTTP_X_PROJECT_ID', 49 'project_id': ['HTTP_X_PROJECT_ID',
50 'HTTP_X_TENANT_ID', 50 'HTTP_X_TENANT_ID',
51 'HTTP_X_TENANT'], 51 'HTTP_X_TENANT'],
52 'system_scope': ['HTTP_OPENSTACK_SYSTEM_SCOPE'],
52 'user_domain_id': ['HTTP_X_USER_DOMAIN_ID'], 53 'user_domain_id': ['HTTP_X_USER_DOMAIN_ID'],
53 'project_domain_id': ['HTTP_X_PROJECT_DOMAIN_ID'], 54 'project_domain_id': ['HTTP_X_PROJECT_DOMAIN_ID'],
54 'user_name': ['HTTP_X_USER_NAME'], 55 'user_name': ['HTTP_X_USER_NAME'],
@@ -219,7 +220,8 @@ class RequestContext(object):
219 service_project_domain_id=None, 220 service_project_domain_id=None,
220 service_project_domain_name=None, 221 service_project_domain_name=None,
221 service_roles=None, 222 service_roles=None,
222 global_request_id=None): 223 global_request_id=None,
224 system_scope=None):
223 """Initialize the RequestContext 225 """Initialize the RequestContext
224 226
225 :param overwrite: Set to False to ensure that the greenthread local 227 :param overwrite: Set to False to ensure that the greenthread local
@@ -228,6 +230,11 @@ class RequestContext(object):
228 the token as the admin project. Defaults to 230 the token as the admin project. Defaults to
229 True for backwards compatibility. 231 True for backwards compatibility.
230 :type is_admin_project: bool 232 :type is_admin_project: bool
233 :param system_scope: The system scope of a token. The value ``all``
234 represents the entire deployment system. A service
235 ID represents a specific service within the
236 deployment system.
237 :type system_scope: string
231 """ 238 """
232 # setting to private variables to avoid triggering subclass properties 239 # setting to private variables to avoid triggering subclass properties
233 self._user_id = user_id 240 self._user_id = user_id
@@ -240,6 +247,7 @@ class RequestContext(object):
240 self.user_name = user_name 247 self.user_name = user_name
241 self.project_name = project_name 248 self.project_name = project_name
242 self.domain_name = domain_name 249 self.domain_name = domain_name
250 self.system_scope = system_scope
243 self.user_domain_name = user_domain_name 251 self.user_domain_name = user_domain_name
244 self.project_domain_name = project_domain_name 252 self.project_domain_name = project_domain_name
245 self.is_admin = is_admin 253 self.is_admin = is_admin
@@ -309,6 +317,7 @@ class RequestContext(object):
309 return _DeprecatedPolicyValues({ 317 return _DeprecatedPolicyValues({
310 'user_id': self.user_id, 318 'user_id': self.user_id,
311 'user_domain_id': self.user_domain_id, 319 'user_domain_id': self.user_domain_id,
320 'system_scope': self.system_scope,
312 'project_id': self.project_id, 321 'project_id': self.project_id,
313 'project_domain_id': self.project_domain_id, 322 'project_domain_id': self.project_domain_id,
314 'roles': self.roles, 323 'roles': self.roles,
@@ -330,6 +339,7 @@ class RequestContext(object):
330 339
331 return {'user': self.user_id, 340 return {'user': self.user_id,
332 'tenant': self.project_id, 341 'tenant': self.project_id,
342 'system_scope': self.system_scope,
333 'project': self.project_id, 343 'project': self.project_id,
334 'domain': self.domain_id, 344 'domain': self.domain_id,
335 'user_domain': self.user_domain_id, 345 'user_domain': self.user_domain_id,
diff --git a/oslo_context/tests/test_context.py b/oslo_context/tests/test_context.py
index 7fb8d60..d7bab78 100644
--- a/oslo_context/tests/test_context.py
+++ b/oslo_context/tests/test_context.py
@@ -554,6 +554,7 @@ class ContextTest(test_base.BaseTestCase):
554 554
555 self.assertEqual({'user_id': user, 555 self.assertEqual({'user_id': user,
556 'user_domain_id': user_domain, 556 'user_domain_id': user_domain,
557 'system_scope': None,
557 'project_id': tenant, 558 'project_id': tenant,
558 'project_domain_id': project_domain, 559 'project_domain_id': project_domain,
559 'roles': roles, 560 'roles': roles,
@@ -565,6 +566,32 @@ class ContextTest(test_base.BaseTestCase):
565 'service_roles': service_roles}, 566 'service_roles': service_roles},
566 ctx.to_policy_values()) 567 ctx.to_policy_values())
567 568
569 # NOTE(lbragstad): This string has special meaning in that the value
570 # ``all`` represents the entire deployment system.
571 system_all = 'all'
572
573 ctx = context.RequestContext(user=user,
574 user_domain=user_domain,
575 system_scope=system_all,
576 roles=roles,
577 service_user_id=service_user_id,
578 service_project_id=service_project_id,
579 service_roles=service_roles)
580
581 self.assertEqual({'user_id': user,
582 'user_domain_id': user_domain,
583 'system_scope': system_all,
584 'project_id': None,
585 'project_domain_id': None,
586 'roles': roles,
587 'is_admin_project': True,
588 'service_user_id': service_user_id,
589 'service_user_domain_id': None,
590 'service_project_id': service_project_id,
591 'service_project_domain_id': None,
592 'service_roles': service_roles},
593 ctx.to_policy_values())
594
568 ctx = context.RequestContext(user=user, 595 ctx = context.RequestContext(user=user,
569 user_domain=user_domain, 596 user_domain=user_domain,
570 tenant=tenant, 597 tenant=tenant,
@@ -577,6 +604,7 @@ class ContextTest(test_base.BaseTestCase):
577 604
578 self.assertEqual({'user_id': user, 605 self.assertEqual({'user_id': user,
579 'user_domain_id': user_domain, 606 'user_domain_id': user_domain,
607 'system_scope': None,
580 'project_id': tenant, 608 'project_id': tenant,
581 'project_domain_id': project_domain, 609 'project_domain_id': project_domain,
582 'roles': roles, 610 'roles': roles,