Merge "Add user_domain_id, project_domain_id to auth context"

This commit is contained in:
Jenkins 2015-10-07 19:36:55 +00:00 committed by Gerrit Code Review
commit 7a3b2a2092
2 changed files with 12 additions and 0 deletions

View File

@ -31,8 +31,12 @@ It is a dictionary with the following attributes:
* ``token``: Token from the request
* ``user_id``: user ID of the principal
* ``user_domain_id`` (optional): Domain ID of the principal if the principal
has a domain.
* ``project_id`` (optional): project ID of the scoped project if auth is
project-scoped
* ``project_domain_id`` (optional): Domain ID of the scoped project if auth is
project-scoped.
* ``domain_id`` (optional): domain ID of the scoped domain if auth is
domain-scoped
* ``domain_name`` (optional): domain name of the scoped domain if auth is
@ -64,9 +68,11 @@ def token_to_auth_context(token):
except KeyError:
LOG.warning(_LW('RBAC: Invalid user data in token'))
raise exception.Unauthorized()
auth_context['user_domain_id'] = token.user_domain_id
if token.project_scoped:
auth_context['project_id'] = token.project_id
auth_context['project_domain_id'] = token.project_domain_id
elif token.domain_scoped:
auth_context['domain_id'] = token.domain_id
auth_context['domain_name'] = token.domain_name

View File

@ -40,8 +40,12 @@ class TestTokenToAuthContext(unit.BaseTestCase):
self.assertTrue(auth_context['is_delegated_auth'])
self.assertEqual(token_data['token']['user']['id'],
auth_context['user_id'])
self.assertEqual(token_data['token']['user']['domain']['id'],
auth_context['user_domain_id'])
self.assertEqual(token_data['token']['project']['id'],
auth_context['project_id'])
self.assertEqual(token_data['token']['project']['domain']['id'],
auth_context['project_domain_id'])
self.assertNotIn('domain_id', auth_context)
self.assertNotIn('domain_name', auth_context)
self.assertEqual(token_data['token']['OS-TRUST:trust']['id'],
@ -74,6 +78,7 @@ class TestTokenToAuthContext(unit.BaseTestCase):
auth_context = authorization.token_to_auth_context(token)
self.assertNotIn('project_id', auth_context)
self.assertNotIn('project_domain_id', auth_context)
self.assertEqual(domain_id, auth_context['domain_id'])
self.assertEqual(domain_name, auth_context['domain_name'])
@ -89,6 +94,7 @@ class TestTokenToAuthContext(unit.BaseTestCase):
auth_context = authorization.token_to_auth_context(token)
self.assertNotIn('project_id', auth_context)
self.assertNotIn('project_domain_id', auth_context)
self.assertNotIn('domain_id', auth_context)
self.assertNotIn('domain_name', auth_context)