Refernces from tenant to project were made in several
places, including DB, HTTP Headers, configuration items,
json in responses and devstack integration. Additionally,
a migration script using Alembic was included.
Implements: blueprint tenant-to-project-ref
Change-Id: I4b21182f555ccd412a4ca4e0ce753f07edcd07f8
is_admin should not be exlicitely accessed from code. Policies should be
used to check if it's set and context.elevated() to run something in
admin context.
Change-Id: I27754a378073844c3e24d94038a5d24f9a3c6dc3
Currently, DB queries don't filter on project_id, so any user can
request all DB entries.
The proposal here is to filter if the table does support tenant_id
in it and if the user is not admin (based on Nova/Cinder/Oslo)
In order to automatically provide the correct is_admin flag, now
when creating the context we check if policy defines the user as
admin.
Closes-Bug: #1256117
Change-Id: I85c404f5a3365c6a9c575af52f1a116f8350f426
- context data is stored in a dictionary now, so any key is allowed;
- list of allowed key for certain context is stored in special class
variable;
- methods "current" and "elevated" of ClimateContext class are
accessible from module level;
- moved to usage of threading.local instead of emulating one in code (as
long as we use eventlet's monkey-patching, it's specific local() will
be used).
Change-Id: I3c79c9cd0d16dfb5c61208f2aa71b5c59f3f40f3