openstack/barbican
Code Issues Proposed changes

Merge "Migrate to oslo_context"

Browse Source
This commit is contained in:
Jenkins
2015-05-08 14:32:49 +00:00
committed by Gerrit Code Review
parent e175eb3b17 7f25ade93d
commit 01417a89ca
4 changed files with 28 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
barbican/api/middleware/context.py
View File

@@ -15,24 +15,17 @@
import uuid
from oslo_config import cfg
from oslo_policy import policy
import webob.exc
from barbican.api import middleware as mw
from barbican.common import utils
import barbican.context
from barbican import i18n as u
from barbican.openstack.common import jsonutils as json
LOG = utils.getLogger(__name__)
# TODO(jwood) Need to figure out why config is ignored in this module.
context_opts = [
cfg.BoolOpt('owner_is_project', default=True,
help=u._('When true, this option sets the owner of an image '
'to be the project. Otherwise, the owner of the '
' image will be the authenticated user issuing the '
'request.')),
cfg.StrOpt('admin_role', default='admin',
help=u._('Role used to identify an authenticated user as '
'administrator.')),
@@ -62,7 +55,6 @@ class BaseContextMiddleware(mw.Middleware):
class ContextMiddleware(BaseContextMiddleware):
def __init__(self, app):
self.policy_enforcer = policy.Enforcer(CONF)
super(ContextMiddleware, self).__init__(app)
def process_request(self, req):
@@ -94,11 +86,9 @@ class ContextMiddleware(BaseContextMiddleware):
def _get_anonymous_context(self):
kwargs = {
'user': None,
'project': None,
'roles': [],
'tenant': None,
'is_admin': False,
'read_only': True,
'policy_enforcer': self.policy_enforcer,
}
return barbican.context.RequestContext(**kwargs)
@@ -112,27 +102,21 @@ class ContextMiddleware(BaseContextMiddleware):
# NOTE(mkbhanda): keeping this just-in-case for swift
deprecated_token = req.headers.get('X-Storage-Token')
service_catalog = None
if req.headers.get('X-Service-Catalog') is not None:
try:
catalog_header = req.headers.get('X-Service-Catalog')
service_catalog = json.loads(catalog_header)
except ValueError:
msg = u._('Problem processing X-Service-Catalog')
LOG.exception(msg)
raise webob.exc.HTTPInternalServerError(msg)
kwargs = {
'auth_token': req.headers.get('X-Auth-Token', deprecated_token),
'user': req.headers.get('X-User-Id'),
'project': req.headers.get('X-Project-Id'),
'roles': roles,
'is_admin': CONF.admin_role.strip().lower() in roles,
'auth_tok': req.headers.get('X-Auth-Token', deprecated_token),
'owner_is_project': CONF.owner_is_project,
'service_catalog': service_catalog,
'policy_enforcer': self.policy_enforcer,
}
if req.headers.get('X-Domain-Id'):
kwargs['domain'] = req.headers['X-Domain-Id']
if req.headers.get('X-User-Domain-Id'):
kwargs['user_domain'] = req.headers['X-User-Domain-Id']
if req.headers.get('X-Project-Domain-Id'):
kwargs['project_domain'] = req.headers['X-Project-Domain-Id']
return barbican.context.RequestContext(**kwargs)
@@ -159,5 +143,5 @@ class UnauthenticatedContextMiddleware(BaseContextMiddleware):
}
context = barbican.context.RequestContext(**kwargs)
context.policy_enforcer = None
req.environ['barbican.context'] = context

76
barbican/context.py
View File

@@ -14,84 +14,42 @@
# under the License.
from oslo_config import cfg
import oslo_context
from oslo_policy import policy
from barbican.common import utils
from barbican.openstack.common import local
CONF = cfg.CONF
class RequestContext(object):
class RequestContext(oslo_context.context.RequestContext):
"""User security context object
Stores information about the security context under which the user
accesses the system, as well as additional request information.
"""
def __init__(self, auth_tok=None, user=None, project=None, roles=None,
is_admin=False, read_only=False, show_deleted=False,
owner_is_project=True, service_catalog=None,
policy_enforcer=None):
self.auth_tok = auth_tok
self.user = user
def __init__(self, roles=None, policy_enforcer=None, project=None,
**kwargs):
# prefer usage of 'project' instead of 'tenant'
if project:
kwargs['tenant'] = project
self.project = project
self.roles = roles or []
self.read_only = read_only
# TODO(jwood): self._show_deleted = show_deleted
# (mkbhanda) possibly domain could be owner
# brings us to the key scope question
self.owner_is_project = owner_is_project
self.request_id = utils.generate_uuid()
self.service_catalog = service_catalog
self.policy_enforcer = policy_enforcer or policy.Enforcer(CONF)
self.is_admin = is_admin
# TODO(jwood): Is this needed?
# if not self.is_admin:
# self.is_admin = self.policy_enforcer.check_is_admin(self)
if not hasattr(local.store, 'context'):
self.update_store()
super(RequestContext, self).__init__(**kwargs)
def to_dict(self):
# NOTE(ameade): These keys are named to correspond with the default
# format string for logging the context in openstack common
return {
'request_id': self.request_id,
out_dict = super(RequestContext, self).to_dict()
out_dict['roles'] = self.roles
# NOTE(bcwaldon): openstack-common logging expects 'user'
'user': self.user,
'user_id': self.user,
# NOTE(bcwaldon): openstack-common logging expects 'project'
'project': self.project,
'project_id': self.project,
# TODO(jwood): 'is_admin': self.is_admin,
# TODO(jwood): 'read_deleted': self.show_deleted,
'roles': self.roles,
'auth_token': self.auth_tok,
'service_catalog': self.service_catalog,
}
# NOTE(jaosorior): For now, the oslo_context library uses 'tenant'
# instead of project. But in case this changes, this will still issue
# the dict we expect, which would contain 'project'.
if out_dict.get('tenant'):
out_dict['project'] = out_dict['tenant']
out_dict.pop('tenant')
return out_dict
@classmethod
def from_dict(cls, values):
return cls(**values)
def update_store(self):
local.store.context = self
@property
def owner(self):
"""Return the owner to correlate with key."""
if self.owner_is_project:
return self.project
return self.user
# TODO(jwood):
# @property
# def show_deleted(self):
# """Admins can see deleted by default"""
# if self._show_deleted or self.is_admin:
# return True
# return False

50
barbican/tests/api/middleware/test_context.py
View File

@@ -1,50 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import mock
import webob.exc
from barbican.api.middleware import context
from barbican.tests import utils
class WhenTestingBaseContextMiddleware(utils.BaseTestCase):
def setUp(self):
super(WhenTestingBaseContextMiddleware, self).setUp()
def test_should_raise_attribute_error(self):
base = context.BaseContextMiddleware(None)
self.assertRaises(AttributeError, base.process_response, None)
class WhenTestingContextMiddleware(utils.BaseTestCase):
def setUp(self):
super(WhenTestingContextMiddleware, self).setUp()
def test_should_raise_attribute_error(self):
middle = context.ContextMiddleware(None)
request = mock.MagicMock()
request.headers = {
'X-Service-Catalog': 'force json error'
}
exception_result = self.assertRaises(
webob.exc.HTTPInternalServerError,
middle._get_authenticated_context,
request)
self.assertEqual(
'Problem processing X-Service-Catalog', exception_result.message)

1
requirements.txt
View File

@@ -11,6 +11,7 @@ kombu>=3.0.7
netaddr>=0.7.12
oslo.concurrency>=1.8.0 # Apache-2.0
oslo.config>=1.11.0 # Apache-2.0
oslo.context>=0.2.0 # Apache-2.0
oslo.i18n>=1.5.0 # Apache-2.0
oslo.messaging>=1.8.0 # Apache-2.0
oslo.log>=1.0.0 # Apache-2.0