Take context from environment instead of parsing headers
oslo.context can already parse the environment which should have been filled by the wsgi engine. So lets use that instead. Change-Id: Ie4b6e377f1b43c985ec47a47571e026e5285f92e
This commit is contained in:
parent
9ad1f1824b
commit
55f803d9a8
|
@ -48,7 +48,7 @@ def _do_enforce_rbac(inst, req, action_name, ctx, **kwargs):
|
|||
credentials = {
|
||||
'roles': ctx.roles,
|
||||
'user': ctx.user,
|
||||
'project': ctx.project
|
||||
'project': ctx.project_id
|
||||
}
|
||||
|
||||
# Enforce special case: secret GET decryption
|
||||
|
@ -79,7 +79,7 @@ def enforce_rbac(action_name='default'):
|
|||
ctx = _get_barbican_context(pecan.request)
|
||||
external_project_id = None
|
||||
if ctx:
|
||||
external_project_id = ctx.project
|
||||
external_project_id = ctx.project_id
|
||||
|
||||
_do_enforce_rbac(inst, pecan.request, action_name, ctx, **kwargs)
|
||||
# insert external_project_id as the first arg to the guarded method
|
||||
|
|
|
@ -108,7 +108,7 @@ class OrdersController(controllers.ACLMixin):
|
|||
ctx = controllers._get_barbican_context(pecan.request)
|
||||
|
||||
order = self.order_repo.get(entity_id=order_id,
|
||||
external_project_id=ctx.project,
|
||||
external_project_id=ctx.project_id,
|
||||
suppress_exception=True)
|
||||
if not order:
|
||||
_order_not_found()
|
||||
|
|
|
@ -82,32 +82,15 @@ class ContextMiddleware(BaseContextMiddleware):
|
|||
return barbican.context.RequestContext(**kwargs)
|
||||
|
||||
def _get_authenticated_context(self, req):
|
||||
# NOTE(bcwaldon): X-Roles is a csv string, but we need to parse
|
||||
# it into a list to be useful
|
||||
roles_header = req.headers.get('X-Roles', '')
|
||||
roles = [r.strip().lower() for r in roles_header.split(',')]
|
||||
ctx = barbican.context.RequestContext.from_environ(req.environ)
|
||||
|
||||
# NOTE(bcwaldon): This header is deprecated in favor of X-Auth-Token
|
||||
# NOTE(mkbhanda): keeping this just-in-case for swift
|
||||
deprecated_token = req.headers.get('X-Storage-Token')
|
||||
if ctx.project_id is None:
|
||||
LOG.debug("X_PROJECT_ID not found in request")
|
||||
return webob.exc.HTTPUnauthorized()
|
||||
|
||||
kwargs = {
|
||||
'auth_token': req.headers.get('X-Auth-Token', deprecated_token),
|
||||
'user': req.headers.get('X-User-Id'),
|
||||
'project': req.headers.get('X-Project-Id'),
|
||||
'roles': roles,
|
||||
'is_admin': CONF.admin_role.strip().lower() in roles,
|
||||
'request_id': req.request_id
|
||||
}
|
||||
ctx.is_admin = CONF.admin_role.strip().lower() in ctx.roles
|
||||
|
||||
if req.headers.get('X-Domain-Id'):
|
||||
kwargs['domain'] = req.headers['X-Domain-Id']
|
||||
if req.headers.get('X-User-Domain-Id'):
|
||||
kwargs['user_domain'] = req.headers['X-User-Domain-Id']
|
||||
if req.headers.get('X-Project-Domain-Id'):
|
||||
kwargs['project_domain'] = req.headers['X-Project-Domain-Id']
|
||||
|
||||
return barbican.context.RequestContext(**kwargs)
|
||||
return ctx
|
||||
|
||||
|
||||
class UnauthenticatedContextMiddleware(BaseContextMiddleware):
|
||||
|
@ -140,7 +123,7 @@ class UnauthenticatedContextMiddleware(BaseContextMiddleware):
|
|||
'domain': req.headers.get('X-Domain-Id'),
|
||||
'user_domain': req.headers.get('X-User-Domain-Id'),
|
||||
'project_domain': req.headers.get('X-Project-Domain-Id'),
|
||||
'project': project_id,
|
||||
'project_id': project_id,
|
||||
'roles': roles,
|
||||
'is_admin': config_admin_role in roles,
|
||||
'request_id': req.request_id
|
||||
|
|
|
@ -33,7 +33,7 @@ class TestUnauthenticatedContextMiddleware(oslotest.BaseTestCase):
|
|||
with mock.patch('barbican.context.RequestContext') as rc:
|
||||
self.middleware.process_request(request)
|
||||
rc.assert_called_with(
|
||||
project='trace',
|
||||
project_id='trace',
|
||||
is_admin=True,
|
||||
user=None,
|
||||
roles=['admin'],
|
||||
|
@ -51,7 +51,7 @@ class TestUnauthenticatedContextMiddleware(oslotest.BaseTestCase):
|
|||
with mock.patch('barbican.context.RequestContext') as rc:
|
||||
self.middleware.process_request(request)
|
||||
rc.assert_called_with(
|
||||
project='trace',
|
||||
project_id='trace',
|
||||
is_admin=False,
|
||||
user=None,
|
||||
roles=['something'],
|
||||
|
|
|
@ -67,7 +67,7 @@ class BarbicanAPIBaseTestCase(oslotest.BaseTestCase):
|
|||
context = barbican.context.RequestContext(
|
||||
roles=roles,
|
||||
user=user,
|
||||
project=project_id,
|
||||
project_id=project_id,
|
||||
is_admin=is_admin
|
||||
)
|
||||
context.policy_enforcer = policy_enforcer
|
||||
|
|
Loading…
Reference in New Issue