Merge "More info in RequestContext"
This commit is contained in:
commit
972e290f2d
keystone
@ -173,9 +173,7 @@ class RequestBodySizeLimiter(sizelimit.RequestBodySizeLimiter):
|
||||
class AuthContextMiddleware(wsgi.Middleware):
|
||||
"""Build the authentication context from the request auth token."""
|
||||
|
||||
def _build_auth_context(self, request):
|
||||
token_id = request.headers.get(AUTH_TOKEN_HEADER).strip()
|
||||
|
||||
def _build_auth_context(self, request, token_id):
|
||||
if token_id == CONF.admin_token:
|
||||
# NOTE(gyee): no need to proceed any further as the special admin
|
||||
# token is being handled by AdminTokenAuthMiddleware. This code
|
||||
@ -286,7 +284,7 @@ class AuthContextMiddleware(wsgi.Middleware):
|
||||
def process_request(self, request):
|
||||
|
||||
# The request context stores itself in thread-local memory for logging.
|
||||
oslo_context.RequestContext(
|
||||
request_context = oslo_context.RequestContext(
|
||||
request_id=request.environ.get('openstack.request_id'))
|
||||
|
||||
if authorization.AUTH_CONTEXT_ENV in request.environ:
|
||||
@ -302,7 +300,10 @@ class AuthContextMiddleware(wsgi.Middleware):
|
||||
# certificate is effectively disabled if no trusted issuers are
|
||||
# provided.
|
||||
if AUTH_TOKEN_HEADER in request.headers:
|
||||
auth_context = self._build_auth_context(request)
|
||||
token_id = request.headers[AUTH_TOKEN_HEADER].strip()
|
||||
request_context.auth_token = token_id
|
||||
|
||||
auth_context = self._build_auth_context(request, token_id)
|
||||
elif self._validate_trusted_issuer(request.environ):
|
||||
auth_context = self._build_tokenless_auth_context(
|
||||
request.environ)
|
||||
@ -311,5 +312,17 @@ class AuthContextMiddleware(wsgi.Middleware):
|
||||
'the certificate issuer is not trusted. No auth '
|
||||
'context will be set.')
|
||||
return
|
||||
|
||||
# The attributes of request_context are put into the logs. This is a
|
||||
# common pattern for all the OpenStack services. In all the other
|
||||
# projects these are IDs, so set the attributes to IDs here rather than
|
||||
# the name.
|
||||
request_context.user = auth_context.get('user_id')
|
||||
request_context.tenant = auth_context.get('project_id')
|
||||
request_context.domain = auth_context.get('domain_id')
|
||||
request_context.user_domain = auth_context.get('user_domain_id')
|
||||
request_context.project_domain = auth_context.get('project_domain_id')
|
||||
request_context.is_admin = request.environ.get('is_admin', False)
|
||||
|
||||
LOG.debug('RBAC: auth_context: %s', auth_context)
|
||||
request.environ[authorization.AUTH_CONTEXT_ENV] = auth_context
|
||||
|
@ -1267,6 +1267,13 @@ class AuthContextMiddlewareTestCase(RestfulTestCase):
|
||||
|
||||
req_context = oslo_context.context.get_current()
|
||||
self.assertEqual(request_id, req_context.request_id)
|
||||
self.assertEqual(token, req_context.auth_token)
|
||||
self.assertEqual(self.user['id'], req_context.user)
|
||||
self.assertEqual(self.project['id'], req_context.tenant)
|
||||
self.assertIsNone(req_context.domain)
|
||||
self.assertEqual(self.user['domain_id'], req_context.user_domain)
|
||||
self.assertEqual(self.project['domain_id'], req_context.project_domain)
|
||||
self.assertFalse(req_context.is_admin)
|
||||
|
||||
|
||||
class JsonHomeTestMixin(object):
|
||||
|
Loading…
Reference in New Issue
Block a user