Remove get_auth_context

The controller get_auth_context method simply fetches a dict from the environment. We can simply put this method on the request now. Change-Id: Icba3a0286e5af440108c27f41f54de64c922f29a
7 years ago · 3a19aa518d
parent 46b76a3d8e
commit 3a19aa518d
7 changed files with 20 additions and 34 deletions
--- a/keystone/auth/controllers.py
+++ b/keystone/auth/controllers.py
@ -602,9 +602,9 @@ class Auth(controller.V3Controller):

    @controller.protected()
    def get_auth_projects(self, request):
-        auth_context = self.get_auth_context(request.context_dict)
+        user_id = request.auth_context.get('user_id')
+        group_ids = request.auth_context.get('group_ids')

-        user_id = auth_context.get('user_id')
        user_refs = []
        if user_id:
            try:
@ -613,7 +613,6 @@ class Auth(controller.V3Controller):
                # federated users have an id but they don't link to anything
                pass

-        group_ids = auth_context.get('group_ids')
        grp_refs = []
        if group_ids:
            grp_refs = self.assignment_api.list_projects_for_groups(group_ids)
@ -624,9 +623,9 @@ class Auth(controller.V3Controller):

    @controller.protected()
    def get_auth_domains(self, request):
-        auth_context = self.get_auth_context(request.context_dict)
+        user_id = request.auth_context.get('user_id')
+        group_ids = request.auth_context.get('group_ids')

-        user_id = auth_context.get('user_id')
        user_refs = []
        if user_id:
            try:
@ -635,7 +634,6 @@ class Auth(controller.V3Controller):
                # federated users have an id but they don't link to anything
                pass

-        group_ids = auth_context.get('group_ids')
        grp_refs = []
        if group_ids:
            grp_refs = self.assignment_api.list_domains_for_groups(group_ids)
@ -646,9 +644,8 @@ class Auth(controller.V3Controller):

    @controller.protected()
    def get_auth_catalog(self, request):
-        auth_context = self.get_auth_context(request.context_dict)
-        user_id = auth_context.get('user_id')
-        project_id = auth_context.get('project_id')
+        user_id = request.auth_context.get('user_id')
+        project_id = request.auth_context.get('project_id')

        if not project_id:
            raise exception.Forbidden(
--- a/keystone/common/controller.py
+++ b/keystone/common/controller.py
@ -450,12 +450,6 @@ class V3Controller(wsgi.Application):

        return '%s/%s/%s' % (endpoint, 'v3', path.lstrip('/'))

-    def get_auth_context(self, context):
-        # TODO(dolphm): this method of accessing the auth context is terrible,
-        # but context needs to be refactored to always have reasonable values.
-        env_context = context.get('environment', {})
-        return env_context.get(authorization.AUTH_CONTEXT_ENV, {})
-
    @classmethod
    def full_url(cls, context, path=None):
        url = cls.base_url(context, path)
--- a/keystone/common/request.py
+++ b/keystone/common/request.py
@ -13,6 +13,7 @@
 import webob
 from webob.descriptors import environ_getter

+from keystone.common import authorization
 import keystone.conf
 from keystone import exception
 from keystone.i18n import _
@ -66,5 +67,9 @@ class Request(webob.Request):

        return self._context_dict

+    @property
+    def auth_context(self):
+        return self.environ.get(authorization.AUTH_CONTEXT_ENV, {})
+
    auth_type = environ_getter('AUTH_TYPE', None)
    remote_domain = environ_getter('REMOTE_DOMAIN', None)
--- a/keystone/federation/controllers.py
+++ b/keystone/federation/controllers.py
@ -19,7 +19,6 @@ from six.moves import urllib
 import webob

 from keystone.auth import controllers as auth_controllers
-from keystone.common import authorization
 from keystone.common import controller
 from keystone.common import dependency
 from keystone.common import utils as k_utils
@ -437,11 +436,10 @@ class DomainV3(controller.V3Controller):
        :returns: list of accessible domains

        """
-        auth_context = request.environ[authorization.AUTH_CONTEXT_ENV]
        domains = self.assignment_api.list_domains_for_groups(
-            auth_context['group_ids'])
+            request.auth_context['group_ids'])
        domains = domains + self.assignment_api.list_domains_for_user(
-            auth_context['user_id'])
+            request.auth_context['user_id'])
        # remove duplicates
        domains = [dict(t) for t in set([tuple(d.items()) for d in domains])]
        return DomainV3.wrap_collection(request.context_dict, domains)
@ -464,11 +462,10 @@ class ProjectAssignmentV3(controller.V3Controller):
        :returns: list of accessible projects

        """
-        auth_context = request.environ[authorization.AUTH_CONTEXT_ENV]
        projects = self.assignment_api.list_projects_for_groups(
-            auth_context['group_ids'])
+            request.auth_context['group_ids'])
        projects = projects + self.assignment_api.list_projects_for_user(
-            auth_context['user_id'])
+            request.auth_context['user_id'])
        # remove duplicates
        projects = [dict(t) for t in set([tuple(d.items()) for d in projects])]
        return ProjectAssignmentV3.wrap_collection(request.context_dict,
--- a/keystone/oauth1/controllers.py
+++ b/keystone/oauth1/controllers.py
@ -121,9 +121,7 @@ class AccessTokenCrudV3(controller.V3Controller):

    @controller.protected()
    def list_access_tokens(self, request, user_id):
-        env = request.context_dict.get('environment', {})
-        auth_context = env.get('KEYSTONE_AUTH_CONTEXT', {})
-        if auth_context.get('is_delegated_auth'):
+        if request.auth_context.get('is_delegated_auth'):
            raise exception.Forbidden(
                _('Cannot list request tokens'
                  ' with a token issued via delegation.'))
@ -356,9 +354,7 @@ class OAuthControllerV3(controller.V3Controller):
        there is not another easy way to make sure the user knows which roles
        are being requested before authorizing.
        """
-        env = request.context_dict.get('environment', {})
-        auth_context = env.get('KEYSTONE_AUTH_CONTEXT', {})
-        if auth_context.get('is_delegated_auth'):
+        if request.auth_context.get('is_delegated_auth'):
            raise exception.Forbidden(
                _('Cannot authorize a request token'
                  ' with a token issued via delegation.'))
--- a/keystone/resource/controllers.py
+++ b/keystone/resource/controllers.py
@ -295,7 +295,7 @@ class ProjectV3(controller.V3Controller):
                    'params at the same time.')
            raise exception.ValidationError(msg)

-        user_id = self.get_auth_context(context).get('user_id')
+        user_id = request.auth_context.get('user_id')

        if parents_as_list:
            parents = self.resource_api.list_project_parents(
--- a/keystone/trust/controllers.py
+++ b/keystone/trust/controllers.py
@ -119,13 +119,10 @@ class TrustV3(controller.V3Controller):
        The user creating the trust must be the trustor.

        """
-        env = request.context_dict.get('environment', {})
-        auth_context = env.get('KEYSTONE_AUTH_CONTEXT', {})
-
        # Check if delegated via trust
-        if auth_context.get('is_delegated_auth'):
+        if request.auth_context.get('is_delegated_auth'):
            # Redelegation case
-            src_trust_id = auth_context['trust_id']
+            src_trust_id = request.auth_context['trust_id']
            if not src_trust_id:
                raise exception.Forbidden(
                    _('Redelegation allowed for delegated by trust only'))