Remove deprecated fields in keystone auth middleware

This commit makes the following changes: Use X_PROJECT_ID instead of X_TENANT_ID: In the latest keystone auth_token middleware it is recommended to use X_PROJECT_ID instead of X_TENANT_ID. X_PROJECT_ID is supported in auth_token middleware for both keystone v2 and v3 API. The corresponding change was done in keystoneclient before Grizzly release, so we don't need to take care of X_TENANT_ID now. USE X_ROLES instead of X_ROLE: X_ROLES is now recommended. X_ROLE exists just for diablo backward compatibility. Remove X_TENANT and X_USER: X_TENANT and X_USER are for diablo backward compatibility. We no longer need take care of them in Icehouse Neutron. Change-Id: Ie714b1323ff8c44dbee66b54e683226cf675b104 Closes-Bug: #1242447
2013-10-26 15:22:45 +09:00 · 2013-10-26 15:22:45 +09:00 · 83a3e77e63
commit 83a3e77e63
parent 7ce5368ee0
2 changed files with 12 additions and 42 deletions
--- a/neutron/auth.py
+++ b/neutron/auth.py
@ -31,16 +31,16 @@ class NeutronKeystoneContext(wsgi.Middleware):
    @webob.dec.wsgify
    def __call__(self, req):
        # Determine the user ID
-        user_id = req.headers.get('X_USER_ID', req.headers.get('X_USER'))
+        user_id = req.headers.get('X_USER_ID')
        if not user_id:
-            LOG.debug(_("Neither X_USER_ID nor X_USER found in request"))
+            LOG.debug(_("X_USER_ID is not found in request"))
            return webob.exc.HTTPUnauthorized()

        # Determine the tenant
-        tenant_id = req.headers.get('X_TENANT_ID', req.headers.get('X_TENANT'))
+        tenant_id = req.headers.get('X_PROJECT_ID')

        # Suck out the roles
-        roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')]
+        roles = [r.strip() for r in req.headers.get('X_ROLES', '').split(',')]

        # Create a context with the authentication data
        ctx = context.Context(user_id, tenant_id, roles=roles)
--- a/neutron/tests/unit/test_auth.py
+++ b/neutron/tests/unit/test_auth.py
@ -36,58 +36,28 @@ class NeutronKeystoneContextTestCase(base.BaseTestCase):
        self.request.headers['X_AUTH_TOKEN'] = 'testauthtoken'

    def test_no_user_no_user_id(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
        response = self.request.get_response(self.middleware)
        self.assertEqual(response.status, '401 Unauthorized')

-    def test_with_user(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
-        self.request.headers['X_USER_ID'] = 'testuserid'
-        response = self.request.get_response(self.middleware)
-        self.assertEqual(response.status, '200 OK')
-        self.assertEqual(self.context.user_id, 'testuserid')
-
    def test_with_user_id(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
-        self.request.headers['X_USER'] = 'testuser'
-        response = self.request.get_response(self.middleware)
-        self.assertEqual(response.status, '200 OK')
-        self.assertEqual(self.context.user_id, 'testuser')
-
-    def test_user_id_trumps_user(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
        self.request.headers['X_USER_ID'] = 'testuserid'
-        self.request.headers['X_USER'] = 'testuser'
        response = self.request.get_response(self.middleware)
        self.assertEqual(response.status, '200 OK')
        self.assertEqual(self.context.user_id, 'testuserid')

    def test_with_tenant_id(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
        self.request.headers['X_USER_ID'] = 'test_user_id'
        response = self.request.get_response(self.middleware)
        self.assertEqual(response.status, '200 OK')
        self.assertEqual(self.context.tenant_id, 'testtenantid')

-    def test_with_tenant(self):
-        self.request.headers['X_TENANT'] = 'testtenant'
-        self.request.headers['X_USER_ID'] = 'test_user_id'
-        response = self.request.get_response(self.middleware)
-        self.assertEqual(response.status, '200 OK')
-        self.assertEqual(self.context.tenant_id, 'testtenant')
-
-    def test_tenant_id_trumps_tenant(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
-        self.request.headers['X_TENANT'] = 'testtenant'
-        self.request.headers['X_USER_ID'] = 'testuserid'
-        response = self.request.get_response(self.middleware)
-        self.assertEqual(response.status, '200 OK')
-        self.assertEqual(self.context.tenant_id, 'testtenantid')
-
    def test_roles_no_admin(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
        self.request.headers['X_USER_ID'] = 'testuserid'
-        self.request.headers['X_ROLE'] = 'role1, role2 , role3,role4,role5'
+        self.request.headers['X_ROLES'] = 'role1, role2 , role3,role4,role5'
        response = self.request.get_response(self.middleware)
        self.assertEqual(response.status, '200 OK')
        self.assertEqual(self.context.roles, ['role1', 'role2', 'role3',
@ -95,10 +65,10 @@ class NeutronKeystoneContextTestCase(base.BaseTestCase):
        self.assertEqual(self.context.is_admin, False)

    def test_roles_with_admin(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
        self.request.headers['X_USER_ID'] = 'testuserid'
-        self.request.headers['X_ROLE'] = ('role1, role2 , role3,role4,role5,'
-                                          'AdMiN')
+        self.request.headers['X_ROLES'] = ('role1, role2 , role3,role4,role5,'
+                                           'AdMiN')
        response = self.request.get_response(self.middleware)
        self.assertEqual(response.status, '200 OK')
        self.assertEqual(self.context.roles, ['role1', 'role2', 'role3',