Merge "Populate user, project and domain names from token into context"
This commit is contained in:
commit
70fe4ec09b
|
@ -43,12 +43,19 @@ It is a dictionary with the following attributes:
|
||||||
|
|
||||||
* ``token``: Token from the request
|
* ``token``: Token from the request
|
||||||
* ``user_id``: user ID of the principal
|
* ``user_id``: user ID of the principal
|
||||||
|
* ``user_name``: user name of the principal
|
||||||
* ``user_domain_id`` (optional): Domain ID of the principal if the principal
|
* ``user_domain_id`` (optional): Domain ID of the principal if the principal
|
||||||
has a domain.
|
has a domain.
|
||||||
|
* ``user_domain_name`` (optional): Domain name of the principal if the
|
||||||
|
principal has a domain.
|
||||||
* ``project_id`` (optional): project ID of the scoped project if auth is
|
* ``project_id`` (optional): project ID of the scoped project if auth is
|
||||||
project-scoped
|
project-scoped
|
||||||
|
* ``project_name`` (optional): project name of the scoped project if auth is
|
||||||
|
project-scoped
|
||||||
* ``project_domain_id`` (optional): Domain ID of the scoped project if auth is
|
* ``project_domain_id`` (optional): Domain ID of the scoped project if auth is
|
||||||
project-scoped.
|
project-scoped.
|
||||||
|
* ``project_domain_name`` (optional): Domain name of the scoped project if auth
|
||||||
|
is project-scoped.
|
||||||
* ``domain_id`` (optional): domain ID of the scoped domain if auth is
|
* ``domain_id`` (optional): domain ID of the scoped domain if auth is
|
||||||
domain-scoped
|
domain-scoped
|
||||||
* ``domain_name`` (optional): domain name of the scoped domain if auth is
|
* ``domain_name`` (optional): domain name of the scoped domain if auth is
|
||||||
|
@ -80,11 +87,15 @@ def token_to_auth_context(token):
|
||||||
except KeyError:
|
except KeyError:
|
||||||
LOG.warning('RBAC: Invalid user data in token')
|
LOG.warning('RBAC: Invalid user data in token')
|
||||||
raise exception.Unauthorized(_('No user_id in token'))
|
raise exception.Unauthorized(_('No user_id in token'))
|
||||||
|
auth_context['user_name'] = token.user_name
|
||||||
auth_context['user_domain_id'] = token.user_domain_id
|
auth_context['user_domain_id'] = token.user_domain_id
|
||||||
|
auth_context['user_domain_name'] = token.user_domain_name
|
||||||
|
|
||||||
if token.project_scoped:
|
if token.project_scoped:
|
||||||
auth_context['project_id'] = token.project_id
|
auth_context['project_id'] = token.project_id
|
||||||
|
auth_context['project_name'] = token.project_name
|
||||||
auth_context['project_domain_id'] = token.project_domain_id
|
auth_context['project_domain_id'] = token.project_domain_id
|
||||||
|
auth_context['project_domain_name'] = token.project_domain_name
|
||||||
auth_context['is_domain'] = token.is_domain
|
auth_context['is_domain'] = token.is_domain
|
||||||
elif token.domain_scoped:
|
elif token.domain_scoped:
|
||||||
auth_context['domain_id'] = token.domain_id
|
auth_context['domain_id'] = token.domain_id
|
||||||
|
|
|
@ -40,12 +40,18 @@ class TestTokenToAuthContext(unit.BaseTestCase):
|
||||||
self.assertTrue(auth_context['is_delegated_auth'])
|
self.assertTrue(auth_context['is_delegated_auth'])
|
||||||
self.assertEqual(token_data['token']['user']['id'],
|
self.assertEqual(token_data['token']['user']['id'],
|
||||||
auth_context['user_id'])
|
auth_context['user_id'])
|
||||||
|
self.assertEqual(token_data['token']['user']['name'],
|
||||||
|
auth_context['user_name'])
|
||||||
self.assertEqual(token_data['token']['user']['domain']['id'],
|
self.assertEqual(token_data['token']['user']['domain']['id'],
|
||||||
auth_context['user_domain_id'])
|
auth_context['user_domain_id'])
|
||||||
|
self.assertEqual(token_data['token']['user']['domain']['name'],
|
||||||
|
auth_context['user_domain_name'])
|
||||||
self.assertEqual(token_data['token']['project']['id'],
|
self.assertEqual(token_data['token']['project']['id'],
|
||||||
auth_context['project_id'])
|
auth_context['project_id'])
|
||||||
self.assertEqual(token_data['token']['project']['domain']['id'],
|
self.assertEqual(token_data['token']['project']['domain']['id'],
|
||||||
auth_context['project_domain_id'])
|
auth_context['project_domain_id'])
|
||||||
|
self.assertEqual(token_data['token']['project']['domain']['name'],
|
||||||
|
auth_context['project_domain_name'])
|
||||||
self.assertNotIn('domain_id', auth_context)
|
self.assertNotIn('domain_id', auth_context)
|
||||||
self.assertNotIn('domain_name', auth_context)
|
self.assertNotIn('domain_name', auth_context)
|
||||||
self.assertEqual(token_data['token']['OS-TRUST:trust']['id'],
|
self.assertEqual(token_data['token']['OS-TRUST:trust']['id'],
|
||||||
|
|
Loading…
Reference in New Issue