Take context from environment instead of parsing headers

oslo.context can already parse the environment which should have been filled by the wsgi engine. So lets use that instead. Change-Id: Ie4b6e377f1b43c985ec47a47571e026e5285f92e
2017-11-09 17:59:21 +02:00 · 2017-11-09 17:59:21 +02:00 · 55f803d9a8
parent 9ad1f1824b
commit 55f803d9a8
5 changed files with 13 additions and 30 deletions
--- a/barbican/api/controllers/init.py
+++ b/barbican/api/controllers/init.py
@ -48,7 +48,7 @@ def _do_enforce_rbac(inst, req, action_name, ctx, **kwargs):
        credentials = {
            'roles': ctx.roles,
            'user': ctx.user,
-            'project': ctx.project
+            'project': ctx.project_id
        }

        # Enforce special case: secret GET decryption
@ -79,7 +79,7 @@ def enforce_rbac(action_name='default'):
            ctx = _get_barbican_context(pecan.request)
            external_project_id = None
            if ctx:
-                external_project_id = ctx.project
+                external_project_id = ctx.project_id

            _do_enforce_rbac(inst, pecan.request, action_name, ctx, **kwargs)
            # insert external_project_id as the first arg to the guarded method
--- a/barbican/api/controllers/orders.py
+++ b/barbican/api/controllers/orders.py
@ -108,7 +108,7 @@ class OrdersController(controllers.ACLMixin):
        ctx = controllers._get_barbican_context(pecan.request)

        order = self.order_repo.get(entity_id=order_id,
-                                    external_project_id=ctx.project,
+                                    external_project_id=ctx.project_id,
                                    suppress_exception=True)
        if not order:
            _order_not_found()
--- a/barbican/api/middleware/context.py
+++ b/barbican/api/middleware/context.py
@ -82,32 +82,15 @@ class ContextMiddleware(BaseContextMiddleware):
        return barbican.context.RequestContext(**kwargs)

    def _get_authenticated_context(self, req):
-        # NOTE(bcwaldon): X-Roles is a csv string, but we need to parse
-        # it into a list to be useful
-        roles_header = req.headers.get('X-Roles', '')
-        roles = [r.strip().lower() for r in roles_header.split(',')]
+        ctx = barbican.context.RequestContext.from_environ(req.environ)

-        # NOTE(bcwaldon): This header is deprecated in favor of X-Auth-Token
-        # NOTE(mkbhanda): keeping this just-in-case for swift
-        deprecated_token = req.headers.get('X-Storage-Token')
+        if ctx.project_id is None:
+            LOG.debug("X_PROJECT_ID not found in request")
+            return webob.exc.HTTPUnauthorized()

-        kwargs = {
-            'auth_token': req.headers.get('X-Auth-Token', deprecated_token),
-            'user': req.headers.get('X-User-Id'),
-            'project': req.headers.get('X-Project-Id'),
-            'roles': roles,
-            'is_admin': CONF.admin_role.strip().lower() in roles,
-            'request_id': req.request_id
-        }
+        ctx.is_admin = CONF.admin_role.strip().lower() in ctx.roles

-        if req.headers.get('X-Domain-Id'):
-            kwargs['domain'] = req.headers['X-Domain-Id']
-        if req.headers.get('X-User-Domain-Id'):
-            kwargs['user_domain'] = req.headers['X-User-Domain-Id']
-        if req.headers.get('X-Project-Domain-Id'):
-            kwargs['project_domain'] = req.headers['X-Project-Domain-Id']
-
-        return barbican.context.RequestContext(**kwargs)
+        return ctx


 class UnauthenticatedContextMiddleware(BaseContextMiddleware):
@ -140,7 +123,7 @@ class UnauthenticatedContextMiddleware(BaseContextMiddleware):
            'domain': req.headers.get('X-Domain-Id'),
            'user_domain': req.headers.get('X-User-Domain-Id'),
            'project_domain': req.headers.get('X-Project-Domain-Id'),
-            'project': project_id,
+            'project_id': project_id,
            'roles': roles,
            'is_admin': config_admin_role in roles,
            'request_id': req.request_id
--- a/barbican/tests/api/middleware/test_context.py
+++ b/barbican/tests/api/middleware/test_context.py
@ -33,7 +33,7 @@ class TestUnauthenticatedContextMiddleware(oslotest.BaseTestCase):
        with mock.patch('barbican.context.RequestContext') as rc:
            self.middleware.process_request(request)
            rc.assert_called_with(
-                project='trace',
+                project_id='trace',
                is_admin=True,
                user=None,
                roles=['admin'],
@ -51,7 +51,7 @@ class TestUnauthenticatedContextMiddleware(oslotest.BaseTestCase):
        with mock.patch('barbican.context.RequestContext') as rc:
            self.middleware.process_request(request)
            rc.assert_called_with(
-                project='trace',
+                project_id='trace',
                is_admin=False,
                user=None,
                roles=['something'],
--- a/barbican/tests/utils.py
+++ b/barbican/tests/utils.py
@ -67,7 +67,7 @@ class BarbicanAPIBaseTestCase(oslotest.BaseTestCase):
        context = barbican.context.RequestContext(
            roles=roles,
            user=user,
-            project=project_id,
+            project_id=project_id,
            is_admin=is_admin
        )
        context.policy_enforcer = policy_enforcer