Tenant to project migration for RequestContext

As of the oslo.context 4.0.0 release, RequestContext objects no
longer have a tenant attribute, instead expecting callers to use
project_id for that purpose. Update all context.tenant references to
context.project_id in order to facilitate this transition.

Change-Id: I2830ccf840bf4d1d8a516287adee51c46d2a5583

.zuul.yaml

@@ -2,7 +2,6 @@
     templates:
       - check-requirements
       - openstack-cover-jobs
-      - openstack-lower-constraints-jobs
       - openstack-python3-yoga-jobs
       - periodic-stable-jobs
       - publish-openstack-docs-pti

murano/api/middleware/context.py

@@ -44,7 +44,7 @@ class ContextMiddleware(wsgi.Middleware):
         roles = [r.strip() for r in req.headers.get('X-Roles').split(',')]
         kwargs = {
             'user': req.headers.get('X-User-Id'),
-            'tenant': req.headers.get('X-Tenant-Id'),
+            'project_id': req.headers.get('X-Tenant-Id'),
             'auth_token': req.headers.get('X-Auth-Token'),
             'session': req.headers.get('X-Configuration-Session'),
             'is_admin': CONF.admin_role in roles,

murano/api/v1/catalog.py

@@ -273,7 +273,7 @@ class Controller(object):
                     raise exc.HTTPBadRequest(explanation=msg)
                 try:
                     package = db_api.package_upload(
-                        package_meta, req.context.tenant)
+                        package_meta, req.context.project_id)
                 except db_exc.DBDuplicateEntry:
                     msg = _('Package with specified full '
                             'name is already registered')

murano/api/v1/deployments.py

@@ -50,7 +50,7 @@ class Controller(object):
         if all_environments:
             query = unit.query(models.Environment) \
                 .options(load_only('tenant_id')) \
-                .filter_by(tenant_id=request.context.tenant) \
+                .filter_by(tenant_id=request.context.project_id) \
                 .join(models.Task) \
                 .order_by(desc(models.Task.created))
             result = query.all()

murano/api/v1/environments.py

@@ -65,7 +65,7 @@ class Controller(object):
         else:
             policy.check('list_environments', request.context)
             # Only environments from same tenant as user should be returned
-            filters = {'tenant_id': request.context.tenant}
+            filters = {'tenant_id': request.context.project_id}
 
         environments = envs.EnvironmentServices.get_environments_by(filters)
         environments = [env.to_dict() for env in environments]

murano/api/v1/request_statistics.py

@@ -55,13 +55,13 @@ def stats_count(api, method):
                 ts = time.time()
                 result = func(*args, **kwargs)
                 te = time.time()
-                tenant = args[1].context.tenant
+                tenant = args[1].context.project_id
                 update_count(api, method, te - ts,
                              tenant)
                 return result
             except Exception:
                 te = time.time()
-                tenant = args[1].context.tenant
+                tenant = args[1].context.project_id
                 LOG.exception('API {api} method {method} raised an '
                               'exception'.format(api=api, method=method))
                 update_error_count(api, method, te - te, tenant)

murano/api/v1/schemas.py

@@ -36,7 +36,7 @@ class Controller(object):
         package_name = request.GET.get('packageName')
         credentials = {
             'token': request.context.auth_token,
-            'project_id': request.context.tenant
+            'project_id': request.context.project_id
         }
 
         try:

murano/api/v1/static_actions.py

@@ -47,7 +47,7 @@ class Controller(object):
 
         credentials = {
             'token': request.context.auth_token,
-            'project_id': request.context.tenant,
+            'project_id': request.context.project_id,
             'user_id': request.context.user
         }
 

murano/api/v1/templates.py

@@ -43,7 +43,7 @@ class Controller(object):
         """
         LOG.debug('EnvTemplates:List')
         policy.check('list_env_templates', request.context)
-        tenant_id = request.context.tenant
+        tenant_id = request.context.project_id
         filters = {}
         if request.GET.get('is_public'):
             is_public = request.GET.get('is_public', 'false').lower() == 'true'
@@ -84,7 +84,7 @@ class Controller(object):
             LOG.debug('ENV TEMP NAME: {templ_name}>'.
                       format(templ_name=body['name']))
             template = env_temps.EnvTemplateServices.create(
-                body.copy(), request.context.tenant)
+                body.copy(), request.context.project_id)
             return template.to_dict()
         except db_exc.DBDuplicateEntry:
             msg = _('Env Template with specified name already exists')
@@ -245,7 +245,7 @@ class Controller(object):
         try:
             is_public = body.get('is_public', False)
             template = env_temps.EnvTemplateServices.clone(
-                env_template_id, request.context.tenant, body['name'],
+                env_template_id, request.context.project_id, body['name'],
                 is_public)
         except db_exc.DBDuplicateEntry:
             msg = _('Env template with specified name already exists')
@@ -258,7 +258,7 @@ class Controller(object):
         env_template = self._validate_exists(env_template_id)
         if env_template.is_public or request.context.is_admin:
             return
-        if env_template.tenant_id != request.context.tenant:
+        if env_template.tenant_id != request.context.project_id:
             msg = _('User has no access to these resources.')
             LOG.error(msg)
             raise exc.HTTPForbidden(explanation=msg)

murano/db/catalog/api.py

@@ -51,17 +51,17 @@ def _package_get(package_id, session):
 
 def _authorize_package(package, context, allow_public=False):
 
-    if package.owner_id != context.tenant:
+    if package.owner_id != context.project_id:
         if not allow_public:
             msg = _("Package '{pkg_id}' is not owned by tenant "
                     "'{tenant}'").format(pkg_id=package.id,
-                                         tenant=context.tenant)
+                                         tenant=context.project_id)
             LOG.error(msg)
             raise exc.HTTPForbidden(explanation=msg)
         if not package.is_public:
             msg = _("Package '{pkg_id}' is not public and not owned by "
                     "tenant '{tenant}' ").format(pkg_id=package.id,
-                                                 tenant=context.tenant)
+                                                 tenant=context.project_id)
             LOG.error(msg)
             raise exc.HTTPForbidden(explanation=msg)
 
@@ -298,23 +298,23 @@ def package_search(filters, context, manage_public=False,
 
     if catalog:
         # Only show packages one can deploy, i.e. own + public
-        query = query.filter(or_(pkg.owner_id == context.tenant,
+        query = query.filter(or_(pkg.owner_id == context.project_id,
                                  pkg.is_public))
     else:
         # Show packages one can edit.
         if not context.is_admin:
             if manage_public:
-                query = query.filter(or_(pkg.owner_id == context.tenant,
+                query = query.filter(or_(pkg.owner_id == context.project_id,
                                          pkg.is_public))
             else:
-                query = query.filter(pkg.owner_id == context.tenant)
+                query = query.filter(pkg.owner_id == context.project_id)
         # No else here admin can edit everything.
 
     if not filters.get('include_disabled', '').lower() == 'true':
         query = query.filter(pkg.enabled)
 
     if filters.get('owned', '').lower() == 'true':
-        query = query.filter(pkg.owner_id == context.tenant)
+        query = query.filter(pkg.owner_id == context.project_id)
 
     if 'type' in filters.keys():
         query = query.filter(pkg.type == filters['type'].title())
@@ -446,10 +446,10 @@ def package_delete(package_id, context):
 
     with session.begin():
         package = _package_get(package_id, session)
-        if not context.is_admin and package.owner_id != context.tenant:
+        if not context.is_admin and package.owner_id != context.project_id:
             raise exc.HTTPForbidden(
                 explanation="Package is not owned by the"
-                            " tenant '{0}'".format(context.tenant))
+                            " tenant '{0}'".format(context.project_id))
         session.delete(package)
 
 

murano/db/services/environments.py

@@ -111,11 +111,11 @@ class EnvironmentServices(object):
         data = {
             'Objects': objects,
             'Attributes': [],
-            'project_id': context.tenant,
+            'project_id': context.project_id,
             'user_id': context.user
         }
 
-        environment_params['tenant_id'] = context.tenant
+        environment_params['tenant_id'] = context.project_id
         environment = models.Environment()
         environment.update(environment_params)
 
@@ -273,7 +273,7 @@ class EnvironmentServices(object):
             return driver
 
         session = auth_utils.get_token_client_session(
-            context.auth_token, context.tenant)
+            context.auth_token, context.project_id)
         try:
             session.get_endpoint(service_type='network')
         except ks_exceptions.EndpointNotFound:

murano/services/actions.py

@@ -31,7 +31,7 @@ class ActionServices(object):
             'action': action,
             'model': session.description,
             'token': context.auth_token,
-            'project_id': context.tenant,
+            'project_id': context.project_id,
             'user_id': context.user,
             'id': environment.id
         }

murano/tests/unit/api/middleware/test_context.py

@@ -30,7 +30,7 @@ class MiddlewareContextTest(base.MuranoTestCase):
         request_headers = {
             'X-Roles': 'admin',
             'X-User-Id': "",
-            'X-Tenant-Id': "",
+            'X-Project-Id': "",
             'X-Configuration-Session': "",
         }
         request = webob.Request.blank('/environments',

murano/tests/unit/api/v1/test_catalog.py

@@ -994,7 +994,7 @@ class TestCatalogApi(test_base.ControllerTest, test_base.MuranoApiTestCase):
                 del test_package_meta[attr]
 
         mock_request = mock.MagicMock(context=mock.MagicMock(
-            tenant=self.tenant))
+            project_id=self.tenant))
         mock_load_from_file.return_value = pkg_to_upload
         mock_policy_check.return_value = True
 

murano/tests/unit/services/test_actions.py

@@ -40,7 +40,7 @@ class TestActions(test_base.MuranoTestCase):
         }
         mock_session = mock.MagicMock(description=mock_description)
         mock_context = mock.Mock(auth_token='test_token',
-                                 tenant='test_tenant',
+                                 project_id='test_tenant',
                                  user='test_user')
         expected_task = {
             'action': {
@@ -123,7 +123,7 @@ class TestActions(test_base.MuranoTestCase):
         test_session = 'test_session'
         context = mock.Mock()
         context.auth_token = 'test_token'
-        context.tenant = 'test_tenant'
+        context.project_id = 'test_tenant'
         context.user = 'test_user'
         test_unit = 'test_unit'
 

murano/tests/unit/test_utils.py

@@ -30,7 +30,7 @@ class TestUtils(test_base.MuranoTestCase):
         """Test check env."""
         mock_request = mock.MagicMock(context=test_utils.dummy_context())
         mock_env = mock.MagicMock(environment_id='test_env_id',
-                                  tenant_id=mock_request.context.tenant)
+                                  tenant_id=mock_request.context.project_id)
         mock_db_session.get_session().query().get.return_value = mock_env
 
         env = utils.check_env(mock_request, mock_env.environment_id)
@@ -117,7 +117,7 @@ class TestUtils(test_base.MuranoTestCase):
     def test_verify_env_template_with_invalid_tenant(self, mock_db_session):
         """Test session validation failure throws expected exception."""
         mock_request = mock.MagicMock(context=test_utils.dummy_context())
-        mock_request.context.tenant = mock.MagicMock(
+        mock_request.context.project_id = mock.MagicMock(
             return_value='test_tenant_id')
         mock_env_template = mock.MagicMock(tenant_id='another_test_tenant_id')
         mock_db_session.get_session().query().get.return_value =\

murano/tests/unit/utils.py

@@ -35,7 +35,7 @@ def dummy_context(user='test_username', tenant_id='test_tenant_id',
     # prevent it being generated by oslo during tests.
     params = {
         'request_id': request_id,
-        'tenant': tenant_id,
+        'project_id': tenant_id,
         'user': user,
     }
     params.update(kwargs)

murano/utils.py

@@ -40,7 +40,7 @@ def check_env(request, environment_id):
         raise exc.HTTPNotFound(explanation=msg)
 
     if hasattr(request, 'context'):
-        if (environment.tenant_id != request.context.tenant and not
+        if (environment.tenant_id != request.context.project_id and not
                 request.context.is_admin):
             msg = _('User is not authorized to access'
                     ' these tenant resources')
@@ -87,7 +87,7 @@ def verify_env_template(func):
             raise exc.HTTPNotFound(explanation=msg)
 
         if hasattr(request, 'context'):
-            if template.tenant_id != request.context.tenant:
+            if template.tenant_id != request.context.project_id:
                 msg = _('User is not authorized to access'
                         ' this tenant resources')
                 LOG.error(msg)