Browse Source

Make RequestContext use auth_token (not auth_tok)

The RequestContext class from oslo-incubator uses 'auth_token'.
Glance's RequestContext uses 'auth_tok' -- which is inconsistent.

glance_store currently uses the oslo 'auth_token'.

We should not assume a 1-1 mapping from the glance_store to glance,
nor should we have glance_store support both 'auth_token' and
'auth_tok'. Therefore Glance should be updated to use 'auth_token'.

This change was generated automatically with:

$ for file in `find glance -name '*\.py' -exec grep -wl auth_tok "{}" \;` ; \
  do sed --in-place 's/\<auth_tok\>/auth_token/g' $file ; done

In addition, the set_auth_token function was removed. This had been used
by Nova to work around the auth_tok <-> auth_token inconsistency, but
was removed in mid-2012 as part of the move to python-glanceclient so
is no longer needed.

In conjuction with other changes this fixes image upload when
using the multi-tenant Swift store.

Change-Id: Ic8a5f44088990fd8f6290a5622b823f59ef365fc
Partial-bug: #1385213
changes/78/131478/1
Stuart McLaren 8 years ago
parent
commit
cc7ae2abd5
  1. 2
      glance/api/middleware/context.py
  2. 29
      glance/common/client.py
  3. 6
      glance/context.py
  4. 2
      glance/image_cache/client.py
  5. 2
      glance/registry/client/v1/api.py
  6. 2
      glance/registry/client/v2/api.py
  7. 8
      glance/scrubber.py
  8. 64
      glance/tests/functional/db/base.py
  9. 4
      glance/tests/functional/db/base_metadef.py
  10. 2
      glance/tests/unit/common/test_client.py
  11. 6
      glance/tests/unit/test_context_middleware.py
  12. 22
      glance/tests/unit/v1/test_registry_api.py
  13. 8
      glance/tests/utils.py

2
glance/api/middleware/context.py

@ -113,7 +113,7 @@ class ContextMiddleware(BaseContextMiddleware):
'tenant': req.headers.get('X-Tenant-Id'),
'roles': roles,
'is_admin': CONF.admin_role.strip().lower() in roles,
'auth_tok': req.headers.get('X-Auth-Token', deprecated_token),
'auth_token': req.headers.get('X-Auth-Token', deprecated_token),
'owner_is_tenant': CONF.owner_is_tenant,
'service_catalog': service_catalog,
'policy_enforcer': self.policy_enforcer,

29
glance/common/client.py

@ -163,7 +163,7 @@ class BaseClient(object):
)
def __init__(self, host, port=None, timeout=None, use_ssl=False,
auth_tok=None, creds=None, doc_root=None, key_file=None,
auth_token=None, creds=None, doc_root=None, key_file=None,
cert_file=None, ca_file=None, insecure=False,
configure_via_auth=True):
"""
@ -173,7 +173,7 @@ class BaseClient(object):
:param port: The port where service resides
:param timeout: Connection timeout.
:param use_ssl: Should we use HTTPS?
:param auth_tok: The auth token to pass to the server
:param auth_token: The auth token to pass to the server
:param creds: The credentials to pass to the auth plugin
:param doc_root: Prefix for all URLs we request from host
:param key_file: Optional PEM-formatted file that contains the private
@ -207,7 +207,7 @@ class BaseClient(object):
if timeout == 0:
self.timeout = None
self.use_ssl = use_ssl
self.auth_tok = auth_tok
self.auth_token = auth_token
self.creds = creds or {}
self.connection = None
self.configure_via_auth = configure_via_auth
@ -285,21 +285,6 @@ class BaseClient(object):
return connect_kwargs
def set_auth_token(self, auth_tok):
"""
Updates the authentication token for this client connection.
"""
# FIXME(sirp): Nova image/glance.py currently calls this. Since this
# method isn't really doing anything useful[1], we should go ahead and
# rip it out, first in Nova, then here. Steps:
#
# 1. Change auth_tok in Glance to auth_token
# 2. Change image/glance.py in Nova to use client.auth_token
# 3. Remove this method
#
# [1] http://mail.python.org/pipermail/tutor/2003-October/025932.html
self.auth_tok = auth_tok
def configure_from_url(self, url):
"""
Setups the connection based on the given url.
@ -357,7 +342,7 @@ class BaseClient(object):
if not auth_plugin.is_authenticated or force_reauth:
auth_plugin.authenticate()
self.auth_tok = auth_plugin.auth_token
self.auth_token = auth_plugin.auth_token
management_url = auth_plugin.management_url
if management_url and self.configure_via_auth:
@ -376,7 +361,7 @@ class BaseClient(object):
:param params: Key/value pairs to use in query string
:returns: HTTP response object
"""
if not self.auth_tok:
if not self.auth_token:
self._authenticate()
url = self._construct_url(action, params)
@ -461,8 +446,8 @@ class BaseClient(object):
headers = self._encode_headers(headers or {})
headers.update(osprofiler.web.get_trace_id_headers())
if 'x-auth-token' not in headers and self.auth_tok:
headers['x-auth-token'] = self.auth_tok
if 'x-auth-token' not in headers and self.auth_token:
headers['x-auth-token'] = self.auth_token
c = connection_type(url.hostname, url.port, **self.connect_kwargs)

6
glance/context.py

@ -29,12 +29,12 @@ class RequestContext(object):
user_idt_format = '{user} {tenant} {domain} {user_domain} {p_domain}'
def __init__(self, auth_tok=None, user=None, tenant=None, roles=None,
def __init__(self, auth_token=None, user=None, tenant=None, roles=None,
is_admin=False, read_only=False, show_deleted=False,
owner_is_tenant=True, service_catalog=None,
policy_enforcer=None, domain=None, user_domain=None,
project_domain=None):
self.auth_tok = auth_tok
self.auth_token = auth_token
self.user = user
self.tenant = tenant
self.roles = roles or []
@ -80,7 +80,7 @@ class RequestContext(object):
'is_admin': self.is_admin,
'read_deleted': self.show_deleted,
'roles': self.roles,
'auth_token': self.auth_tok,
'auth_token': self.auth_token,
'service_catalog': self.service_catalog,
'user_identity': user_idt
}

2
glance/image_cache/client.py vendored

@ -124,7 +124,7 @@ def get_client(host, port=None, timeout=None, use_ssl=False, username=None,
port=port,
timeout=timeout,
use_ssl=use_ssl,
auth_tok=auth_token or
auth_token=auth_token or
os.getenv('OS_TOKEN'),
creds=creds,
insecure=insecure)

2
glance/registry/client/v1/api.py

@ -123,7 +123,7 @@ def get_registry_client(cxt):
global _METADATA_ENCRYPTION_KEY
kwargs = _CLIENT_KWARGS.copy()
if CONF.use_user_token:
kwargs['auth_tok'] = cxt.auth_tok
kwargs['auth_token'] = cxt.auth_token
if _CLIENT_CREDS:
kwargs['creds'] = _CLIENT_CREDS

2
glance/registry/client/v2/api.py

@ -103,7 +103,7 @@ def get_registry_client(cxt):
global _CLIENT_CREDS, _CLIENT_KWARGS, _CLIENT_HOST, _CLIENT_PORT
kwargs = _CLIENT_KWARGS.copy()
if CONF.use_user_token:
kwargs['auth_tok'] = cxt.auth_tok
kwargs['auth_token'] = cxt.auth_token
if _CLIENT_CREDS:
kwargs['creds'] = _CLIENT_CREDS
return client.RegistryClient(_CLIENT_HOST, _CLIENT_PORT, **kwargs)

8
glance/scrubber.py

@ -321,10 +321,10 @@ class ScrubDBQueue(ScrubQueue):
def __init__(self):
super(ScrubDBQueue, self).__init__()
admin_tenant_name = CONF.admin_tenant_name
admin_token = self.registry.auth_tok
admin_token = self.registry.auth_token
self.admin_context = context.RequestContext(user=CONF.admin_user,
tenant=admin_tenant_name,
auth_tok=admin_token)
auth_token=admin_token)
def add_location(self, image_id, location, user_context=None):
"""Adding image location to scrub queue.
@ -499,10 +499,10 @@ class Scrubber(object):
# Here we create a request context with credentials to support
# delayed delete when using multi-tenant backend storage
admin_tenant = CONF.admin_tenant_name
auth_token = self.registry.auth_tok
auth_token = self.registry.auth_token
self.admin_context = context.RequestContext(user=CONF.admin_user,
tenant=admin_tenant,
auth_tok=auth_token)
auth_token=auth_token)
(self.file_queue, self.db_queue) = get_scrub_queues()

64
glance/tests/functional/db/base.py

@ -84,9 +84,9 @@ class TestDriver(test_utils.BaseTestCase):
super(TestDriver, self).setUp()
context_cls = context.RequestContext
self.adm_context = context_cls(is_admin=True,
auth_tok='user:user:admin')
auth_token='user:user:admin')
self.context = context_cls(is_admin=False,
auth_tok='user:user:user')
auth_token='user:user:user')
self.db_api = db_tests.get_db(self.config)
db_tests.reset_db(self.db_api)
self.fixtures = self.build_image_fixtures()
@ -305,9 +305,9 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4())
TENANT2 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
ctxt2 = context.RequestContext(is_admin=False, tenant=TENANT2,
auth_tok='user:%s:user' % TENANT2)
auth_token='user:%s:user' % TENANT2)
image = self.db_api.image_create(
ctxt1, {'status': 'queued', 'owner': TENANT1})
self.assertRaises(exception.Forbidden,
@ -459,7 +459,7 @@ class DriverTests(object):
"""
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
UUIDX = str(uuid.uuid4())
self.db_api.image_create(ctxt1, {'id': UUIDX,
'status': 'queued',
@ -481,7 +481,7 @@ class DriverTests(object):
"""
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
UUIDX = str(uuid.uuid4())
self.db_api.image_create(ctxt1, {'id': UUIDX,
'status': 'queued',
@ -503,7 +503,7 @@ class DriverTests(object):
"""
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
UUIDX = str(uuid.uuid4())
self.db_api.image_create(ctxt1, {'id': UUIDX,
'status': 'queued',
@ -525,7 +525,7 @@ class DriverTests(object):
"""
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
UUIDX = str(uuid.uuid4())
self.db_api.image_create(ctxt1, {'id': UUIDX,
'status': 'queued',
@ -547,7 +547,7 @@ class DriverTests(object):
"""
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
UUIDX = str(uuid.uuid4())
self.db_api.image_create(ctxt1, {'id': UUIDX,
'status': 'queued',
@ -569,7 +569,7 @@ class DriverTests(object):
"""
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
UUIDX = str(uuid.uuid4())
self.db_api.image_create(ctxt1, {'id': UUIDX,
'status': 'queued',
@ -599,7 +599,7 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False,
tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
UUIDX = str(uuid.uuid4())
image_meta_data = {'id': UUIDX, 'status': 'queued', 'owner': TENANT1}
self.db_api.image_create(ctxt1, image_meta_data)
@ -607,7 +607,7 @@ class DriverTests(object):
TENANT2 = str(uuid.uuid4())
ctxt2 = context.RequestContext(is_admin=False,
tenant=TENANT2,
auth_tok='user:%s:user' % TENANT2)
auth_token='user:%s:user' % TENANT2)
UUIDY = str(uuid.uuid4())
image_meta_data = {'id': UUIDY, 'status': 'queued', 'owner': TENANT2}
self.db_api.image_create(ctxt2, image_meta_data)
@ -622,7 +622,7 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False,
tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
UUIDX = str(uuid.uuid4())
CHECKSUM1 = '91264c3edf5972c9f1cb309543d38a5c'
image_meta_data = {
@ -643,7 +643,7 @@ class DriverTests(object):
TENANT2 = str(uuid.uuid4())
ctxt2 = context.RequestContext(is_admin=False,
tenant=TENANT2,
auth_tok='user:%s:user' % TENANT2)
auth_token='user:%s:user' % TENANT2)
UUIDY = str(uuid.uuid4())
CHECKSUM2 = '92264c3edf5972c9f1cb309543d38a5c'
image_meta_data = {
@ -818,7 +818,7 @@ class DriverTests(object):
prop = image['properties'][0]
self.assertEqual(('ping', IMG_ID, True),
(prop['name'], prop['image_id'], prop['deleted']))
self.context.auth_tok = 'user:%s:user' % TENANT2
self.context.auth_token = 'user:%s:user' % TENANT2
members = self.db_api.image_member_find(self.context, IMG_ID)
self.assertEqual([], members)
tags = self.db_api.image_tag_get_all(self.context, IMG_ID)
@ -874,7 +874,7 @@ class DriverTests(object):
prop['image_id']))
self.assertEqual((False, None),
(prop['deleted'], prop['deleted_at']))
self.context.auth_tok = 'user:%s:user' % TENANT2
self.context.auth_token = 'user:%s:user' % TENANT2
members = self.db_api.image_member_find(self.context, ACTIVE_IMG_ID)
self.assertEqual(1, len(members))
member = members[0]
@ -888,10 +888,10 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4())
TENANT2 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1,
auth_token='user:%s:user' % TENANT1,
owner_is_tenant=True)
ctxt2 = context.RequestContext(is_admin=False, user=TENANT2,
auth_tok='user:%s:user' % TENANT2,
auth_token='user:%s:user' % TENANT2,
owner_is_tenant=False)
UUIDX = str(uuid.uuid4())
# We need private image and context.owner should not match image
@ -941,10 +941,10 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4())
TENANT2 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1,
auth_token='user:%s:user' % TENANT1,
owner_is_tenant=True)
ctxt2 = context.RequestContext(is_admin=False, user=TENANT2,
auth_tok='user:%s:user' % TENANT2,
auth_token='user:%s:user' % TENANT2,
owner_is_tenant=False)
UUIDX = str(uuid.uuid4())
# We need private image and context.owner should not match image
@ -1020,7 +1020,7 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4())
# NOTE(flaper87): Update auth token, otherwise
# non visible members won't be returned.
self.context.auth_tok = 'user:%s:user' % TENANT1
self.context.auth_token = 'user:%s:user' % TENANT1
self.db_api.image_member_create(self.context,
{'member': TENANT1, 'image_id': UUID1})
@ -1045,7 +1045,7 @@ class DriverTests(object):
# NOTE(flaper87): Update auth token, otherwise
# non visible members won't be returned.
self.context.auth_tok = 'user:%s:user' % TENANT1
self.context.auth_token = 'user:%s:user' % TENANT1
member = self.db_api.image_member_create(self.context,
{'member': TENANT1,
'image_id': UUID1})
@ -1086,7 +1086,7 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4())
# NOTE(flaper87): Update auth token, otherwise
# non visible members won't be returned.
self.context.auth_tok = 'user:%s:user' % TENANT1
self.context.auth_token = 'user:%s:user' % TENANT1
member = self.db_api.image_member_create(self.context,
{'member': TENANT1,
'image_id': UUID1})
@ -1143,7 +1143,7 @@ class DriverTests(object):
# NOTE(flaper87): Update auth token, otherwise
# non visible members won't be returned.
self.context.auth_tok = 'user:%s:user' % TENANT1
self.context.auth_token = 'user:%s:user' % TENANT1
output = self.db_api.image_member_find(self.context, member=TENANT1)
_assertMemberListMatch([fixtures[0], fixtures[1]], output)
@ -1153,7 +1153,7 @@ class DriverTests(object):
# NOTE(flaper87): Update auth token, otherwise
# non visible members won't be returned.
self.context.auth_tok = 'user:%s:user' % TENANT2
self.context.auth_token = 'user:%s:user' % TENANT2
output = self.db_api.image_member_find(self.context,
member=TENANT2,
image_id=UUID1)
@ -1165,7 +1165,7 @@ class DriverTests(object):
# NOTE(flaper87): Update auth token, otherwise
# non visible members won't be returned.
self.context.auth_tok = 'user:%s:user' % TENANT1
self.context.auth_token = 'user:%s:user' % TENANT1
output = self.db_api.image_member_find(self.context,
status='rejected')
_assertMemberListMatch([fixtures[1]], output)
@ -1217,7 +1217,7 @@ class DriverTests(object):
TENANT1 = str(uuid.uuid4())
# NOTE(flaper87): Update auth token, otherwise
# non visible members won't be returned.
self.context.auth_tok = 'user:%s:user' % TENANT1
self.context.auth_token = 'user:%s:user' % TENANT1
fixture = {'member': TENANT1, 'image_id': UUID1, 'can_share': True}
member = self.db_api.image_member_create(self.context, fixture)
self.assertEqual(1, len(self.db_api.image_member_find(self.context)))
@ -1232,7 +1232,7 @@ class DriverQuotaTests(test_utils.BaseTestCase):
self.owner_id1 = str(uuid.uuid4())
self.context1 = context.RequestContext(
is_admin=False, user=self.owner_id1, tenant=self.owner_id1,
auth_tok='%s:%s:user' % (self.owner_id1, self.owner_id1))
auth_token='%s:%s:user' % (self.owner_id1, self.owner_id1))
self.db_api = db_tests.get_db(self.config)
db_tests.reset_db(self.db_api)
dt1 = timeutils.utcnow()
@ -1330,9 +1330,9 @@ class TaskTests(test_utils.BaseTestCase):
super(TaskTests, self).setUp()
self.owner_id = str(uuid.uuid4())
self.adm_context = context.RequestContext(is_admin=True,
auth_tok='user:user:admin')
auth_token='user:user:admin')
self.context = context.RequestContext(
is_admin=False, auth_tok='user:user:user', user=self.owner_id)
is_admin=False, auth_token='user:user:user', user=self.owner_id)
self.db_api = db_tests.get_db(self.config)
self.fixtures = self.build_task_fixtures()
db_tests.reset_db(self.db_api)
@ -1427,7 +1427,7 @@ class TaskTests(test_utils.BaseTestCase):
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False,
tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1)
auth_token='user:%s:user' % TENANT1)
task_values = {'type': 'import', 'status': 'pending',
'input': '{"loc": "fake"}', 'owner': TENANT1}
@ -1436,7 +1436,7 @@ class TaskTests(test_utils.BaseTestCase):
TENANT2 = str(uuid.uuid4())
ctxt2 = context.RequestContext(is_admin=False,
tenant=TENANT2,
auth_tok='user:%s:user' % TENANT2)
auth_token='user:%s:user' % TENANT2)
task_values = {'type': 'export', 'status': 'pending',
'input': '{"loc": "fake"}', 'owner': TENANT2}

4
glance/tests/functional/db/base_metadef.py

@ -87,9 +87,9 @@ class TestMetadefDriver(test_utils.BaseTestCase):
config.parse_args(args=[])
context_cls = context.RequestContext
self.adm_context = context_cls(is_admin=True,
auth_tok='user:user:admin')
auth_token='user:user:admin')
self.context = context_cls(is_admin=False,
auth_tok='user:user:user')
auth_token='user:user:user')
self.db_api = db_tests.get_db(self.config)
db_tests.reset_db(self.db_api)

2
glance/tests/unit/common/test_client.py

@ -33,7 +33,7 @@ class TestClient(testtools.TestCase):
self.endpoint = 'example.com'
self.client = client.BaseClient(self.endpoint, port=9191,
auth_tok=u'abc123')
auth_token=u'abc123')
def tearDown(self):
super(TestClient, self).tearDown()

6
glance/tests/unit/test_context_middleware.py

@ -40,7 +40,7 @@ class TestContextMiddleware(base.IsolatedUnitTest):
def test_header_parsing(self):
req = self._build_request()
self._build_middleware().process_request(req)
self.assertEqual('token1', req.context.auth_tok)
self.assertEqual('token1', req.context.auth_token)
self.assertEqual('user1', req.context.user)
self.assertEqual('tenant1', req.context.tenant)
self.assertEqual(['role1', 'role2'], req.context.roles)
@ -92,7 +92,7 @@ class TestContextMiddleware(base.IsolatedUnitTest):
self.config(allow_anonymous_access=True)
middleware = self._build_middleware()
middleware.process_request(req)
self.assertIsNone(req.context.auth_tok)
self.assertIsNone(req.context.auth_token)
self.assertIsNone(req.context.user)
self.assertIsNone(req.context.tenant)
self.assertEqual([], req.context.roles)
@ -124,7 +124,7 @@ class TestUnauthenticatedContextMiddleware(base.IsolatedUnitTest):
middleware = context.UnauthenticatedContextMiddleware(None)
req = webob.Request.blank('/')
middleware.process_request(req)
self.assertIsNone(req.context.auth_tok)
self.assertIsNone(req.context.auth_token)
self.assertIsNone(req.context.user)
self.assertIsNone(req.context.tenant)
self.assertEqual([], req.context.roles)

22
glance/tests/unit/v1/test_registry_api.py

@ -1933,10 +1933,10 @@ class TestSharability(test_utils.BaseTestCase):
TENANT1 = str(uuid.uuid4())
TENANT2 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1,
auth_token='user:%s:user' % TENANT1,
owner_is_tenant=True)
ctxt2 = context.RequestContext(is_admin=True, user=TENANT2,
auth_tok='user:%s:admin' % TENANT2,
auth_token='user:%s:admin' % TENANT2,
owner_is_tenant=False)
UUIDX = str(uuid.uuid4())
# We need private image and context.owner should not match image
@ -1952,7 +1952,7 @@ class TestSharability(test_utils.BaseTestCase):
def test_is_image_sharable_owner_can_share(self):
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1,
auth_token='user:%s:user' % TENANT1,
owner_is_tenant=True)
UUIDX = str(uuid.uuid4())
# We need private image and context.owner should not match image
@ -1969,10 +1969,10 @@ class TestSharability(test_utils.BaseTestCase):
TENANT1 = str(uuid.uuid4())
TENANT2 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1,
auth_token='user:%s:user' % TENANT1,
owner_is_tenant=True)
ctxt2 = context.RequestContext(is_admin=False, user=TENANT2,
auth_tok='user:%s:user' % TENANT2,
auth_token='user:%s:user' % TENANT2,
owner_is_tenant=False)
UUIDX = str(uuid.uuid4())
# We need private image and context.owner should not match image
@ -1989,10 +1989,10 @@ class TestSharability(test_utils.BaseTestCase):
TENANT1 = str(uuid.uuid4())
TENANT2 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1,
auth_token='user:%s:user' % TENANT1,
owner_is_tenant=True)
ctxt2 = context.RequestContext(is_admin=False, user=TENANT2,
auth_tok='user:%s:user' % TENANT2,
auth_token='user:%s:user' % TENANT2,
owner_is_tenant=False)
UUIDX = str(uuid.uuid4())
# We need private image and context.owner should not match image
@ -2015,10 +2015,10 @@ class TestSharability(test_utils.BaseTestCase):
TENANT1 = str(uuid.uuid4())
TENANT2 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1,
auth_token='user:%s:user' % TENANT1,
owner_is_tenant=True)
ctxt2 = context.RequestContext(is_admin=False, user=TENANT2,
auth_tok='user:%s:user' % TENANT2,
auth_token='user:%s:user' % TENANT2,
owner_is_tenant=False)
UUIDX = str(uuid.uuid4())
# We need private image and context.owner should not match image
@ -2040,10 +2040,10 @@ class TestSharability(test_utils.BaseTestCase):
def test_is_image_sharable_owner_is_none(self):
TENANT1 = str(uuid.uuid4())
ctxt1 = context.RequestContext(is_admin=False, tenant=TENANT1,
auth_tok='user:%s:user' % TENANT1,
auth_token='user:%s:user' % TENANT1,
owner_is_tenant=True)
ctxt2 = context.RequestContext(is_admin=False, tenant=None,
auth_tok='user:%s:user' % TENANT1,
auth_token='user:%s:user' % TENANT1,
owner_is_tenant=True)
UUIDX = str(uuid.uuid4())
# We need private image and context.owner should not match image

8
glance/tests/utils.py

@ -480,12 +480,12 @@ class FakeAuthMiddleware(wsgi.Middleware):
self.is_admin = is_admin
def process_request(self, req):
auth_tok = req.headers.get('X-Auth-Token')
auth_token = req.headers.get('X-Auth-Token')
user = None
tenant = None
roles = []
if auth_tok:
user, tenant, role = auth_tok.split(':')
if auth_token:
user, tenant, role = auth_token.split(':')
if tenant.lower() == 'none':
tenant = None
roles = [role]
@ -498,7 +498,7 @@ class FakeAuthMiddleware(wsgi.Middleware):
'tenant': tenant,
'roles': roles,
'is_admin': self.is_admin,
'auth_tok': auth_tok,
'auth_token': auth_token,
}
req.context = context.RequestContext(**kwargs)

Loading…
Cancel
Save