From 7f25ade93df5a1a65714d0ddf57f614e7e7263ec Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Mon, 20 Apr 2015 13:14:09 +0300 Subject: [PATCH] Migrate to oslo_context This CR introduces oslo_context as a dependency, in order to be more aligned with the rest of OpenStack. Although, due to the fact that we had some extra fields in the context, the approach that I took was to inherit from oslo_context's RequestContext and add the extra fields that we needed. I also removed the unused fields (which are related to the ownership and the service catalog), which lead to also deleting the context middleware tests; Since it was only one test and the functionality that it was testing is no longer needed. Change-Id: Id439a32f0d21fe7d8adafec71417a3e9d4870ec5 --- barbican/api/middleware/context.py | 36 +++------ barbican/context.py | 76 +++++-------------- barbican/tests/api/middleware/test_context.py | 50 ------------ requirements.txt | 1 + 4 files changed, 28 insertions(+), 135 deletions(-) delete mode 100644 barbican/tests/api/middleware/test_context.py diff --git a/barbican/api/middleware/context.py b/barbican/api/middleware/context.py index 5165aec0e..fedf43aca 100644 --- a/barbican/api/middleware/context.py +++ b/barbican/api/middleware/context.py @@ -15,24 +15,17 @@ import uuid from oslo_config import cfg -from oslo_policy import policy import webob.exc from barbican.api import middleware as mw from barbican.common import utils import barbican.context from barbican import i18n as u -from barbican.openstack.common import jsonutils as json LOG = utils.getLogger(__name__) # TODO(jwood) Need to figure out why config is ignored in this module. context_opts = [ - cfg.BoolOpt('owner_is_project', default=True, - help=u._('When true, this option sets the owner of an image ' - 'to be the project. Otherwise, the owner of the ' - ' image will be the authenticated user issuing the ' - 'request.')), cfg.StrOpt('admin_role', default='admin', help=u._('Role used to identify an authenticated user as ' 'administrator.')), @@ -59,7 +52,6 @@ class BaseContextMiddleware(mw.Middleware): class ContextMiddleware(BaseContextMiddleware): def __init__(self, app): - self.policy_enforcer = policy.Enforcer(CONF) super(ContextMiddleware, self).__init__(app) def process_request(self, req): @@ -91,11 +83,9 @@ class ContextMiddleware(BaseContextMiddleware): def _get_anonymous_context(self): kwargs = { 'user': None, - 'project': None, - 'roles': [], + 'tenant': None, 'is_admin': False, 'read_only': True, - 'policy_enforcer': self.policy_enforcer, } return barbican.context.RequestContext(**kwargs) @@ -109,27 +99,21 @@ class ContextMiddleware(BaseContextMiddleware): # NOTE(mkbhanda): keeping this just-in-case for swift deprecated_token = req.headers.get('X-Storage-Token') - service_catalog = None - if req.headers.get('X-Service-Catalog') is not None: - try: - catalog_header = req.headers.get('X-Service-Catalog') - service_catalog = json.loads(catalog_header) - except ValueError: - msg = u._('Problem processing X-Service-Catalog') - LOG.exception(msg) - raise webob.exc.HTTPInternalServerError(msg) - kwargs = { + 'auth_token': req.headers.get('X-Auth-Token', deprecated_token), 'user': req.headers.get('X-User-Id'), 'project': req.headers.get('X-Project-Id'), 'roles': roles, 'is_admin': CONF.admin_role.strip().lower() in roles, - 'auth_tok': req.headers.get('X-Auth-Token', deprecated_token), - 'owner_is_project': CONF.owner_is_project, - 'service_catalog': service_catalog, - 'policy_enforcer': self.policy_enforcer, } + if req.headers.get('X-Domain-Id'): + kwargs['domain'] = req.headers['X-Domain-Id'] + if req.headers.get('X-User-Domain-Id'): + kwargs['user_domain'] = req.headers['X-User-Domain-Id'] + if req.headers.get('X-Project-Domain-Id'): + kwargs['project_domain'] = req.headers['X-Project-Domain-Id'] + return barbican.context.RequestContext(**kwargs) @@ -156,5 +140,5 @@ class UnauthenticatedContextMiddleware(BaseContextMiddleware): } context = barbican.context.RequestContext(**kwargs) - context.policy_enforcer = None + req.environ['barbican.context'] = context diff --git a/barbican/context.py b/barbican/context.py index 8a25d339f..7a5215de6 100644 --- a/barbican/context.py +++ b/barbican/context.py @@ -14,84 +14,42 @@ # under the License. from oslo_config import cfg +import oslo_context from oslo_policy import policy -from barbican.common import utils -from barbican.openstack.common import local - CONF = cfg.CONF -class RequestContext(object): +class RequestContext(oslo_context.context.RequestContext): """User security context object Stores information about the security context under which the user accesses the system, as well as additional request information. """ - def __init__(self, auth_tok=None, user=None, project=None, roles=None, - is_admin=False, read_only=False, show_deleted=False, - owner_is_project=True, service_catalog=None, - policy_enforcer=None): - self.auth_tok = auth_tok - self.user = user + def __init__(self, roles=None, policy_enforcer=None, project=None, + **kwargs): + # prefer usage of 'project' instead of 'tenant' + if project: + kwargs['tenant'] = project self.project = project self.roles = roles or [] - self.read_only = read_only - # TODO(jwood): self._show_deleted = show_deleted - # (mkbhanda) possibly domain could be owner - # brings us to the key scope question - self.owner_is_project = owner_is_project - self.request_id = utils.generate_uuid() - self.service_catalog = service_catalog self.policy_enforcer = policy_enforcer or policy.Enforcer(CONF) - self.is_admin = is_admin - # TODO(jwood): Is this needed? - # if not self.is_admin: - # self.is_admin = self.policy_enforcer.check_is_admin(self) - - if not hasattr(local.store, 'context'): - self.update_store() + super(RequestContext, self).__init__(**kwargs) def to_dict(self): - # NOTE(ameade): These keys are named to correspond with the default - # format string for logging the context in openstack common - return { - 'request_id': self.request_id, + out_dict = super(RequestContext, self).to_dict() + out_dict['roles'] = self.roles - # NOTE(bcwaldon): openstack-common logging expects 'user' - 'user': self.user, - 'user_id': self.user, - - # NOTE(bcwaldon): openstack-common logging expects 'project' - 'project': self.project, - 'project_id': self.project, - # TODO(jwood): 'is_admin': self.is_admin, - # TODO(jwood): 'read_deleted': self.show_deleted, - 'roles': self.roles, - 'auth_token': self.auth_tok, - 'service_catalog': self.service_catalog, - } + # NOTE(jaosorior): For now, the oslo_context library uses 'tenant' + # instead of project. But in case this changes, this will still issue + # the dict we expect, which would contain 'project'. + if out_dict.get('tenant'): + out_dict['project'] = out_dict['tenant'] + out_dict.pop('tenant') + return out_dict @classmethod def from_dict(cls, values): return cls(**values) - - def update_store(self): - local.store.context = self - - @property - def owner(self): - """Return the owner to correlate with key.""" - if self.owner_is_project: - return self.project - return self.user - -# TODO(jwood): -# @property -# def show_deleted(self): -# """Admins can see deleted by default""" -# if self._show_deleted or self.is_admin: -# return True -# return False diff --git a/barbican/tests/api/middleware/test_context.py b/barbican/tests/api/middleware/test_context.py deleted file mode 100644 index da2bf6444..000000000 --- a/barbican/tests/api/middleware/test_context.py +++ /dev/null @@ -1,50 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import mock -import webob.exc - -from barbican.api.middleware import context -from barbican.tests import utils - - -class WhenTestingBaseContextMiddleware(utils.BaseTestCase): - - def setUp(self): - super(WhenTestingBaseContextMiddleware, self).setUp() - - def test_should_raise_attribute_error(self): - base = context.BaseContextMiddleware(None) - self.assertRaises(AttributeError, base.process_response, None) - - -class WhenTestingContextMiddleware(utils.BaseTestCase): - - def setUp(self): - super(WhenTestingContextMiddleware, self).setUp() - - def test_should_raise_attribute_error(self): - - middle = context.ContextMiddleware(None) - request = mock.MagicMock() - request.headers = { - 'X-Service-Catalog': 'force json error' - } - - exception_result = self.assertRaises( - webob.exc.HTTPInternalServerError, - middle._get_authenticated_context, - request) - - self.assertEqual( - 'Problem processing X-Service-Catalog', exception_result.message) diff --git a/requirements.txt b/requirements.txt index 9d09fd30d..6dbee19bc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,6 +11,7 @@ kombu>=3.0.7 netaddr>=0.7.12 oslo.concurrency>=1.8.0 # Apache-2.0 oslo.config>=1.11.0 # Apache-2.0 +oslo.context>=0.2.0 # Apache-2.0 oslo.i18n>=1.5.0 # Apache-2.0 oslo.messaging>=1.8.0 # Apache-2.0 oslo.log>=1.0.0 # Apache-2.0