Merge "More info in RequestContext"

This commit is contained in:
Jenkins 2015-10-15 23:20:44 +00:00 committed by Gerrit Code Review
commit 972e290f2d
2 changed files with 25 additions and 5 deletions
keystone
middleware
tests/unit

View File

@ -173,9 +173,7 @@ class RequestBodySizeLimiter(sizelimit.RequestBodySizeLimiter):
class AuthContextMiddleware(wsgi.Middleware):
"""Build the authentication context from the request auth token."""
def _build_auth_context(self, request):
token_id = request.headers.get(AUTH_TOKEN_HEADER).strip()
def _build_auth_context(self, request, token_id):
if token_id == CONF.admin_token:
# NOTE(gyee): no need to proceed any further as the special admin
# token is being handled by AdminTokenAuthMiddleware. This code
@ -286,7 +284,7 @@ class AuthContextMiddleware(wsgi.Middleware):
def process_request(self, request):
# The request context stores itself in thread-local memory for logging.
oslo_context.RequestContext(
request_context = oslo_context.RequestContext(
request_id=request.environ.get('openstack.request_id'))
if authorization.AUTH_CONTEXT_ENV in request.environ:
@ -302,7 +300,10 @@ class AuthContextMiddleware(wsgi.Middleware):
# certificate is effectively disabled if no trusted issuers are
# provided.
if AUTH_TOKEN_HEADER in request.headers:
auth_context = self._build_auth_context(request)
token_id = request.headers[AUTH_TOKEN_HEADER].strip()
request_context.auth_token = token_id
auth_context = self._build_auth_context(request, token_id)
elif self._validate_trusted_issuer(request.environ):
auth_context = self._build_tokenless_auth_context(
request.environ)
@ -311,5 +312,17 @@ class AuthContextMiddleware(wsgi.Middleware):
'the certificate issuer is not trusted. No auth '
'context will be set.')
return
# The attributes of request_context are put into the logs. This is a
# common pattern for all the OpenStack services. In all the other
# projects these are IDs, so set the attributes to IDs here rather than
# the name.
request_context.user = auth_context.get('user_id')
request_context.tenant = auth_context.get('project_id')
request_context.domain = auth_context.get('domain_id')
request_context.user_domain = auth_context.get('user_domain_id')
request_context.project_domain = auth_context.get('project_domain_id')
request_context.is_admin = request.environ.get('is_admin', False)
LOG.debug('RBAC: auth_context: %s', auth_context)
request.environ[authorization.AUTH_CONTEXT_ENV] = auth_context

View File

@ -1267,6 +1267,13 @@ class AuthContextMiddlewareTestCase(RestfulTestCase):
req_context = oslo_context.context.get_current()
self.assertEqual(request_id, req_context.request_id)
self.assertEqual(token, req_context.auth_token)
self.assertEqual(self.user['id'], req_context.user)
self.assertEqual(self.project['id'], req_context.tenant)
self.assertIsNone(req_context.domain)
self.assertEqual(self.user['domain_id'], req_context.user_domain)
self.assertEqual(self.project['domain_id'], req_context.project_domain)
self.assertFalse(req_context.is_admin)
class JsonHomeTestMixin(object):