Ensure X-Moniker-Sudo-Tenant-ID values are either a UUID or int

Change-Id: I39d4cb3a9dd1e63b725615b65839e64216d36471

moniker/api/auth.py

@@ -16,6 +16,7 @@
 from moniker.openstack.common import cfg
 from moniker.openstack.common import local
 from moniker.openstack.common import log as logging
+from moniker.openstack.common import uuidutils
 from moniker import wsgi
 from moniker.context import MonikerContext
 
@@ -55,7 +56,8 @@ class KeystoneContextMiddleware(wsgi.Middleware):
         # Attempt to sudo, if requested.
         sudo_tenant_id = headers.get('X-Moniker-Sudo-Tenant-ID', None)
 
-        if sudo_tenant_id:
+        if sudo_tenant_id and (uuidutils.is_uuid_like(sudo_tenant_id)
+                               or sudo_tenant_id.isdigit()):
             context.sudo(sudo_tenant_id)
 
         # Attach the context to the request environment

moniker/tests/test_api/test_auth.py

@@ -65,7 +65,7 @@ class KeystoneContextMiddlewareTest(ApiTestCase):
             'X-User-ID': 'UserID',
             'X-Tenant-ID': 'TenantID',
             'X-Roles': 'admin,Member',
-            'X-Moniker-Sudo-Tenant-ID': 'SudoTenantID'
+            'X-Moniker-Sudo-Tenant-ID': '5a993bf8-d521-420a-81e1-192d9cc3d5a0'
         }
 
         # Process the request
@@ -79,7 +79,8 @@ class KeystoneContextMiddlewareTest(ApiTestCase):
         self.assertEqual('AuthToken', context.auth_tok)
         self.assertEqual('UserID', context.user_id)
         self.assertEqual('TenantID', context.original_tenant_id)
-        self.assertEqual('SudoTenantID', context.tenant_id)
+        self.assertEqual('5a993bf8-d521-420a-81e1-192d9cc3d5a0',
+                         context.tenant_id)
         self.assertEqual(['admin', 'Member'], context.roles)