Pass serviceCatalog in auth_token middleware
* This will allow for chained requests (novaclient -> nova -> cinder) * Fixes bug 1010237 Change-Id: Iab126cb1f2fb01ca7da24fa9fe97ec81ee96e455
This commit is contained in:
parent
720b7648a5
commit
cc91786a5b
|
@ -76,6 +76,9 @@ HTTP_X_USER_NAME
|
|||
HTTP_X_ROLES
|
||||
Comma delimited list of case-sensitive Roles
|
||||
|
||||
HTTP_X_SERVICE_CATALOG
|
||||
json encoded keystone service catalog (optional).
|
||||
|
||||
HTTP_X_TENANT
|
||||
*Deprecated* in favor of HTTP_X_TENANT_ID and HTTP_X_TENANT_NAME
|
||||
Keystone-assigned unique identifier, deprecated
|
||||
|
@ -394,6 +397,7 @@ class AuthProtocol(object):
|
|||
* X_USER_ID: id of user
|
||||
* X_USER_NAME: name of user
|
||||
* X_ROLES: list of roles
|
||||
* X_SERVICE_CATALOG: service catalog
|
||||
|
||||
Additional (deprecated) headers include:
|
||||
* X_USER: name of user
|
||||
|
@ -435,7 +439,7 @@ class AuthProtocol(object):
|
|||
user_id = user['id']
|
||||
user_name = user['name']
|
||||
|
||||
return {
|
||||
rval = {
|
||||
'X-Identity-Status': 'Confirmed',
|
||||
'X-Tenant-Id': tenant_id,
|
||||
'X-Tenant-Name': tenant_name,
|
||||
|
@ -448,6 +452,14 @@ class AuthProtocol(object):
|
|||
'X-Role': roles,
|
||||
}
|
||||
|
||||
try:
|
||||
catalog = token_info['access']['serviceCatalog']
|
||||
rval['X-Service-Catalog'] = json.dumps(catalog)
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
return rval
|
||||
|
||||
def _header_to_env_var(self, key):
|
||||
"""Convert header to wsgi env variable.
|
||||
|
||||
|
|
|
@ -414,10 +414,10 @@ class TokenController(wsgi.Application):
|
|||
for role_id in metadata_ref.get('roles', []):
|
||||
roles_ref.append(self.identity_api.get_role(context, role_id))
|
||||
|
||||
# Get a service catalog if belongs_to is not none
|
||||
# Get a service catalog if possible
|
||||
# This is needed for on-behalf-of requests
|
||||
catalog_ref = None
|
||||
if belongs_to is not None:
|
||||
if token_ref.get('tenant'):
|
||||
catalog_ref = self.catalog_api.get_catalog(
|
||||
context=context,
|
||||
user_id=token_ref['user']['id'],
|
||||
|
|
|
@ -43,6 +43,7 @@ TOKEN_RESPONSES = {
|
|||
{'name': 'role2'},
|
||||
],
|
||||
},
|
||||
'serviceCatalog': {}
|
||||
},
|
||||
},
|
||||
'default-tenant-token': {
|
||||
|
@ -244,6 +245,7 @@ class AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest):
|
|||
req.headers['X-Auth-Token'] = 'valid-token'
|
||||
body = self.middleware(req.environ, self.start_fake_response)
|
||||
self.assertEqual(self.response_status, 200)
|
||||
self.assertTrue(req.headers.get('X-Service-Catalog'))
|
||||
self.assertEqual(body, ['SUCCESS'])
|
||||
|
||||
def test_default_tenant_token(self):
|
||||
|
|
|
@ -375,6 +375,13 @@ class CoreApiTests(object):
|
|||
self.assertValidAuthenticationResponse(r,
|
||||
require_service_catalog=True)
|
||||
|
||||
def test_validate_token_no_belongs_to_still_returns_catalog(self):
|
||||
token = self.get_scoped_token()
|
||||
path = ('/v2.0/tokens/%s' % token)
|
||||
r = self.admin_request(path=path, token=token)
|
||||
self.assertValidAuthenticationResponse(r,
|
||||
require_service_catalog=True)
|
||||
|
||||
def test_validate_token_head(self):
|
||||
"""The same call as above, except using HEAD.
|
||||
|
||||
|
|
Loading…
Reference in New Issue