Merge "Implement system-scope"

This commit is contained in:
Zuul 2018-05-30 22:26:01 +00:00 committed by Gerrit Code Review
commit b1ba490ac5
2 changed files with 39 additions and 1 deletions

View File

@ -49,6 +49,7 @@ _ENVIRON_HEADERS = {
'project_id': ['HTTP_X_PROJECT_ID',
'HTTP_X_TENANT_ID',
'HTTP_X_TENANT'],
'system_scope': ['HTTP_OPENSTACK_SYSTEM_SCOPE'],
'user_domain_id': ['HTTP_X_USER_DOMAIN_ID'],
'project_domain_id': ['HTTP_X_PROJECT_DOMAIN_ID'],
'user_name': ['HTTP_X_USER_NAME'],
@ -219,7 +220,8 @@ class RequestContext(object):
service_project_domain_id=None,
service_project_domain_name=None,
service_roles=None,
global_request_id=None):
global_request_id=None,
system_scope=None):
"""Initialize the RequestContext
:param overwrite: Set to False to ensure that the greenthread local
@ -228,6 +230,11 @@ class RequestContext(object):
the token as the admin project. Defaults to
True for backwards compatibility.
:type is_admin_project: bool
:param system_scope: The system scope of a token. The value ``all``
represents the entire deployment system. A service
ID represents a specific service within the
deployment system.
:type system_scope: string
"""
# setting to private variables to avoid triggering subclass properties
self._user_id = user_id
@ -240,6 +247,7 @@ class RequestContext(object):
self.user_name = user_name
self.project_name = project_name
self.domain_name = domain_name
self.system_scope = system_scope
self.user_domain_name = user_domain_name
self.project_domain_name = project_domain_name
self.is_admin = is_admin
@ -309,6 +317,7 @@ class RequestContext(object):
return _DeprecatedPolicyValues({
'user_id': self.user_id,
'user_domain_id': self.user_domain_id,
'system_scope': self.system_scope,
'project_id': self.project_id,
'project_domain_id': self.project_domain_id,
'roles': self.roles,
@ -330,6 +339,7 @@ class RequestContext(object):
return {'user': self.user_id,
'tenant': self.project_id,
'system_scope': self.system_scope,
'project': self.project_id,
'domain': self.domain_id,
'user_domain': self.user_domain_id,

View File

@ -554,6 +554,7 @@ class ContextTest(test_base.BaseTestCase):
self.assertEqual({'user_id': user,
'user_domain_id': user_domain,
'system_scope': None,
'project_id': tenant,
'project_domain_id': project_domain,
'roles': roles,
@ -565,6 +566,32 @@ class ContextTest(test_base.BaseTestCase):
'service_roles': service_roles},
ctx.to_policy_values())
# NOTE(lbragstad): This string has special meaning in that the value
# ``all`` represents the entire deployment system.
system_all = 'all'
ctx = context.RequestContext(user=user,
user_domain=user_domain,
system_scope=system_all,
roles=roles,
service_user_id=service_user_id,
service_project_id=service_project_id,
service_roles=service_roles)
self.assertEqual({'user_id': user,
'user_domain_id': user_domain,
'system_scope': system_all,
'project_id': None,
'project_domain_id': None,
'roles': roles,
'is_admin_project': True,
'service_user_id': service_user_id,
'service_user_domain_id': None,
'service_project_id': service_project_id,
'service_project_domain_id': None,
'service_roles': service_roles},
ctx.to_policy_values())
ctx = context.RequestContext(user=user,
user_domain=user_domain,
tenant=tenant,
@ -577,6 +604,7 @@ class ContextTest(test_base.BaseTestCase):
self.assertEqual({'user_id': user,
'user_domain_id': user_domain,
'system_scope': None,
'project_id': tenant,
'project_domain_id': project_domain,
'roles': roles,