Updates to middleware to deprecate X_USER

- There is an outstanding issue where we return the user id for the legacy X-User header, but the documentation says it should be the 'name the user logged in with'. I did not fix this in this commit until we discuss with other teams. Change-Id: Ibf2acf5bb594b889b5c220ea00d777ac528175b0
2012-01-13 14:34:30 -06:00 · 2012-01-13 14:34:30 -06:00 · e03ff6e291
parent 45c62a8e86
commit e03ff6e291
5 changed files with 13 additions and 6 deletions
--- a/doc/source/middleware.rst
+++ b/doc/source/middleware.rst
@ -58,9 +58,15 @@ X-Tenant-Id
 X-Tenant-Name
    The unique, but mutable (it can change) tenant name.

-X-User
+X-User-Id
+    The user id of the user used to log in
+
+X-User-Name
    The username used to log in

+X-User
+    The username used to log in. This is to support any legacy implementations before Keystone switched to an ID/Name schema for tenants.
+
 X-Roles
    The roles associated with that user

--- a/keystone/middleware/auth_token.py
+++ b/keystone/middleware/auth_token.py
@ -318,6 +318,8 @@ class AuthProtocol(object):
                        claims['tenant']['id'], env, proxy_headers)

                    # Deprecated in favor of X_USER_ID and _NAME
+                    # TODO(zns): documentation says this should be the username
+                    # the user logged in with. We've been returning the id...
                    self._decorate_request('X_USER',
                        claims['user']['id'], env, proxy_headers)

--- a/keystone/middleware/glance_auth_token.py
+++ b/keystone/middleware/glance_auth_token.py
@ -57,7 +57,7 @@ class KeystoneContextMiddleware(context.ContextMiddleware):
        # OK, let's extract the information we need
        auth_tok = req.headers.get('X_AUTH_TOKEN',
                                   req.headers.get('X_STORAGE_TOKEN'))
-        user = req.headers.get('X_USER')
+        user = req.headers.get('X_USER_ID') or req.headers.get('X_USER')
        tenant = req.headers.get('X_TENANT')
        roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')]
        is_admin = 'Admin' in roles
--- a/keystone/middleware/nova_auth_token.py
+++ b/keystone/middleware/nova_auth_token.py
@ -37,7 +37,6 @@ from nova import flags
 from nova import utils
 from nova import wsgi
 # pylint: disable=W0611
-from nova import exception

 logger = logging.getLogger(__name__)  # pylint: disable=C0103

@ -63,13 +62,13 @@ class KeystoneAuthShim(wsgi.Middleware):
    def __call__(self, req):
        # find or create user
        try:
-            user_id = req.headers.get('X_USER')
+            user_id = req.headers.get('X_USER_ID') or req.headers['X_USER']
        except Exception as e:
            logger.exception("Unexpected error trying to get user from "
                             "request: %s" % e)
            raise
        if not user_id:
-             return webob.exc.HTTPUnauthorized()
+            return webob.exc.HTTPUnauthorized()

        try:
            user_ref = self.auth.get_user(user_id)
--- a/keystone/middleware/nova_keystone_context.py
+++ b/keystone/middleware/nova_keystone_context.py
@ -39,7 +39,7 @@ class NovaKeystoneContext(wsgi.Middleware):
    @webob.dec.wsgify(RequestClass=wsgi.Request)
    def __call__(self, req):
        try:
-            user_id = req.headers['X_USER']
+            user_id = req.headers.get('X_USER_ID') or req.headers['X_USER']
        except KeyError:
            logger.debug("X_USER not found in request")
            return webob.exc.HTTPUnauthorized()