Remove get_auth_context

The controller get_auth_context method simply fetches a dict from the
environment. We can simply put this method on the request now.

Change-Id: Icba3a0286e5af440108c27f41f54de64c922f29a
This commit is contained in:
Jamie Lennox 2016-07-07 12:58:09 +10:00
parent 46b76a3d8e
commit 3a19aa518d
7 changed files with 20 additions and 34 deletions

View File

@ -602,9 +602,9 @@ class Auth(controller.V3Controller):
@controller.protected()
def get_auth_projects(self, request):
auth_context = self.get_auth_context(request.context_dict)
user_id = request.auth_context.get('user_id')
group_ids = request.auth_context.get('group_ids')
user_id = auth_context.get('user_id')
user_refs = []
if user_id:
try:
@ -613,7 +613,6 @@ class Auth(controller.V3Controller):
# federated users have an id but they don't link to anything
pass
group_ids = auth_context.get('group_ids')
grp_refs = []
if group_ids:
grp_refs = self.assignment_api.list_projects_for_groups(group_ids)
@ -624,9 +623,9 @@ class Auth(controller.V3Controller):
@controller.protected()
def get_auth_domains(self, request):
auth_context = self.get_auth_context(request.context_dict)
user_id = request.auth_context.get('user_id')
group_ids = request.auth_context.get('group_ids')
user_id = auth_context.get('user_id')
user_refs = []
if user_id:
try:
@ -635,7 +634,6 @@ class Auth(controller.V3Controller):
# federated users have an id but they don't link to anything
pass
group_ids = auth_context.get('group_ids')
grp_refs = []
if group_ids:
grp_refs = self.assignment_api.list_domains_for_groups(group_ids)
@ -646,9 +644,8 @@ class Auth(controller.V3Controller):
@controller.protected()
def get_auth_catalog(self, request):
auth_context = self.get_auth_context(request.context_dict)
user_id = auth_context.get('user_id')
project_id = auth_context.get('project_id')
user_id = request.auth_context.get('user_id')
project_id = request.auth_context.get('project_id')
if not project_id:
raise exception.Forbidden(

View File

@ -450,12 +450,6 @@ class V3Controller(wsgi.Application):
return '%s/%s/%s' % (endpoint, 'v3', path.lstrip('/'))
def get_auth_context(self, context):
# TODO(dolphm): this method of accessing the auth context is terrible,
# but context needs to be refactored to always have reasonable values.
env_context = context.get('environment', {})
return env_context.get(authorization.AUTH_CONTEXT_ENV, {})
@classmethod
def full_url(cls, context, path=None):
url = cls.base_url(context, path)

View File

@ -13,6 +13,7 @@
import webob
from webob.descriptors import environ_getter
from keystone.common import authorization
import keystone.conf
from keystone import exception
from keystone.i18n import _
@ -66,5 +67,9 @@ class Request(webob.Request):
return self._context_dict
@property
def auth_context(self):
return self.environ.get(authorization.AUTH_CONTEXT_ENV, {})
auth_type = environ_getter('AUTH_TYPE', None)
remote_domain = environ_getter('REMOTE_DOMAIN', None)

View File

@ -19,7 +19,6 @@ from six.moves import urllib
import webob
from keystone.auth import controllers as auth_controllers
from keystone.common import authorization
from keystone.common import controller
from keystone.common import dependency
from keystone.common import utils as k_utils
@ -437,11 +436,10 @@ class DomainV3(controller.V3Controller):
:returns: list of accessible domains
"""
auth_context = request.environ[authorization.AUTH_CONTEXT_ENV]
domains = self.assignment_api.list_domains_for_groups(
auth_context['group_ids'])
request.auth_context['group_ids'])
domains = domains + self.assignment_api.list_domains_for_user(
auth_context['user_id'])
request.auth_context['user_id'])
# remove duplicates
domains = [dict(t) for t in set([tuple(d.items()) for d in domains])]
return DomainV3.wrap_collection(request.context_dict, domains)
@ -464,11 +462,10 @@ class ProjectAssignmentV3(controller.V3Controller):
:returns: list of accessible projects
"""
auth_context = request.environ[authorization.AUTH_CONTEXT_ENV]
projects = self.assignment_api.list_projects_for_groups(
auth_context['group_ids'])
request.auth_context['group_ids'])
projects = projects + self.assignment_api.list_projects_for_user(
auth_context['user_id'])
request.auth_context['user_id'])
# remove duplicates
projects = [dict(t) for t in set([tuple(d.items()) for d in projects])]
return ProjectAssignmentV3.wrap_collection(request.context_dict,

View File

@ -121,9 +121,7 @@ class AccessTokenCrudV3(controller.V3Controller):
@controller.protected()
def list_access_tokens(self, request, user_id):
env = request.context_dict.get('environment', {})
auth_context = env.get('KEYSTONE_AUTH_CONTEXT', {})
if auth_context.get('is_delegated_auth'):
if request.auth_context.get('is_delegated_auth'):
raise exception.Forbidden(
_('Cannot list request tokens'
' with a token issued via delegation.'))
@ -356,9 +354,7 @@ class OAuthControllerV3(controller.V3Controller):
there is not another easy way to make sure the user knows which roles
are being requested before authorizing.
"""
env = request.context_dict.get('environment', {})
auth_context = env.get('KEYSTONE_AUTH_CONTEXT', {})
if auth_context.get('is_delegated_auth'):
if request.auth_context.get('is_delegated_auth'):
raise exception.Forbidden(
_('Cannot authorize a request token'
' with a token issued via delegation.'))

View File

@ -295,7 +295,7 @@ class ProjectV3(controller.V3Controller):
'params at the same time.')
raise exception.ValidationError(msg)
user_id = self.get_auth_context(context).get('user_id')
user_id = request.auth_context.get('user_id')
if parents_as_list:
parents = self.resource_api.list_project_parents(

View File

@ -119,13 +119,10 @@ class TrustV3(controller.V3Controller):
The user creating the trust must be the trustor.
"""
env = request.context_dict.get('environment', {})
auth_context = env.get('KEYSTONE_AUTH_CONTEXT', {})
# Check if delegated via trust
if auth_context.get('is_delegated_auth'):
if request.auth_context.get('is_delegated_auth'):
# Redelegation case
src_trust_id = auth_context['trust_id']
src_trust_id = request.auth_context['trust_id']
if not src_trust_id:
raise exception.Forbidden(
_('Redelegation allowed for delegated by trust only'))