diff --git a/keystone/logic/service.py b/keystone/logic/service.py index 6a3b346263..b0c9cd14cc 100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -510,7 +510,7 @@ class IdentityService(object): ts.append(UserRole(drole_ref.role_id, drole.name, drole_ref.tenant_id)) - user = auth.User(duser.id, duser.name, None, UserRoles(ts, [])) + user = auth.User(duser.id, duser.name, None, None, UserRoles(ts, [])) return auth.AuthData(token, user, endpoints) @@ -537,8 +537,14 @@ class IdentityService(object): ts.append(UserRole(drole_ref.role_id, drole.name, drole_ref.tenant_id)) + # Also get the user's tenant's name + tenant_name = None + if duser.tenant_id: + utenant = api.TENANT.get(duser.tenant_id) + tenant_name = utenant.name + user = auth.User(duser.id, duser.name, duser.tenant_id, - UserRoles(ts, [])) + tenant_name, UserRoles(ts, [])) return auth.ValidateData(token, user) diff --git a/keystone/logic/types/auth.py b/keystone/logic/types/auth.py index 8ce505521d..ead3c3ab65 100755 --- a/keystone/logic/types/auth.py +++ b/keystone/logic/types/auth.py @@ -293,12 +293,14 @@ class User(object): id = None username = None tenant_id = None + tenant_name = None role_refs = None - def __init__(self, id, username, tenant_id, role_refs=None): + def __init__(self, id, username, tenant_id, tenant_name, role_refs=None): self.id = id self.username = username self.tenant_id = tenant_id + self.tenant_name = tenant_name self.role_refs = role_refs @@ -444,6 +446,8 @@ class ValidateData(object): if self.user.tenant_id is not None: user.set('tenantId', unicode(self.user.tenant_id)) + if self.user.tenant_name is not None: + user.set('tenantName', unicode(self.user.tenant_name)) if self.user.role_refs is not None: user.append(self.user.role_refs.to_dom()) @@ -468,6 +472,8 @@ class ValidateData(object): if self.user.tenant_id is not None: user['tenantId'] = unicode(self.user.tenant_id) + if self.user.tenant_name is not None: + user['tenantName'] = unicode(self.user.tenant_name) if self.user.role_refs is not None: user["roles"] = self.user.role_refs.to_json_values() diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py index 30eb0b6391..1e0d35e3ec 100755 --- a/keystone/middleware/auth_token.py +++ b/keystone/middleware/auth_token.py @@ -166,6 +166,9 @@ class AuthProtocol(object): self._decorate_request('X_AUTHORIZATION', "Proxy %s" % claims['user'], env, proxy_headers) self._decorate_request('X_TENANT', + claims.get('tenant_name', claims['tenant']), + env, proxy_headers) + self._decorate_request('X_TENANT_ID', claims['tenant'], env, proxy_headers) self._decorate_request('X_USER', claims['user'], env, proxy_headers) @@ -288,13 +291,18 @@ class AuthProtocol(object): try: tenant = token_info['access']['token']['tenant']['id'] + tenant_name = token_info['access']['token']['tenant']['name'] except: tenant = None + tenant_name = None if not tenant: tenant = token_info['access']['user'].get('tenantId') + tenant_name = token_info['access']['user'].get('tenantName') verified_claims = {'user': token_info['access']['user']['username'], 'tenant': tenant, 'roles': roles} + if tenant_name: + verified_claims['tenantName'] = tenant_name return verified_claims def _decorate_request(self, index, value, env, proxy_headers): diff --git a/keystone/test/unit/test_server.py b/keystone/test/unit/test_server.py index aba0b487f8..702ca124c7 100755 --- a/keystone/test/unit/test_server.py +++ b/keystone/test/unit/test_server.py @@ -20,7 +20,7 @@ class TestServer(unittest.TestCase): environ = {'wsgi.url_scheme': 'http'} self.request = webob.Request(environ) self.auth_data = auth.ValidateData(auth.Token(datetime.date.today(), - "2231312"), auth.User("id", "username", "12345")) + "2231312"), auth.User("id", "username", "12345", "aTenant")) #def tearDown(self):