diff --git a/oslo_context/context.py b/oslo_context/context.py index 6475c2c..731b36e 100644 --- a/oslo_context/context.py +++ b/oslo_context/context.py @@ -49,6 +49,7 @@ _ENVIRON_HEADERS = { 'project_id': ['HTTP_X_PROJECT_ID', 'HTTP_X_TENANT_ID', 'HTTP_X_TENANT'], + 'system_scope': ['HTTP_OPENSTACK_SYSTEM_SCOPE'], 'user_domain_id': ['HTTP_X_USER_DOMAIN_ID'], 'project_domain_id': ['HTTP_X_PROJECT_DOMAIN_ID'], 'user_name': ['HTTP_X_USER_NAME'], @@ -219,7 +220,8 @@ class RequestContext(object): service_project_domain_id=None, service_project_domain_name=None, service_roles=None, - global_request_id=None): + global_request_id=None, + system_scope=None): """Initialize the RequestContext :param overwrite: Set to False to ensure that the greenthread local @@ -228,6 +230,11 @@ class RequestContext(object): the token as the admin project. Defaults to True for backwards compatibility. :type is_admin_project: bool + :param system_scope: The system scope of a token. The value ``all`` + represents the entire deployment system. A service + ID represents a specific service within the + deployment system. + :type system_scope: string """ # setting to private variables to avoid triggering subclass properties self._user_id = user_id @@ -240,6 +247,7 @@ class RequestContext(object): self.user_name = user_name self.project_name = project_name self.domain_name = domain_name + self.system_scope = system_scope self.user_domain_name = user_domain_name self.project_domain_name = project_domain_name self.is_admin = is_admin @@ -309,6 +317,7 @@ class RequestContext(object): return _DeprecatedPolicyValues({ 'user_id': self.user_id, 'user_domain_id': self.user_domain_id, + 'system_scope': self.system_scope, 'project_id': self.project_id, 'project_domain_id': self.project_domain_id, 'roles': self.roles, @@ -330,6 +339,7 @@ class RequestContext(object): return {'user': self.user_id, 'tenant': self.project_id, + 'system_scope': self.system_scope, 'project': self.project_id, 'domain': self.domain_id, 'user_domain': self.user_domain_id, diff --git a/oslo_context/tests/test_context.py b/oslo_context/tests/test_context.py index 7fb8d60..d7bab78 100644 --- a/oslo_context/tests/test_context.py +++ b/oslo_context/tests/test_context.py @@ -554,6 +554,7 @@ class ContextTest(test_base.BaseTestCase): self.assertEqual({'user_id': user, 'user_domain_id': user_domain, + 'system_scope': None, 'project_id': tenant, 'project_domain_id': project_domain, 'roles': roles, @@ -565,6 +566,32 @@ class ContextTest(test_base.BaseTestCase): 'service_roles': service_roles}, ctx.to_policy_values()) + # NOTE(lbragstad): This string has special meaning in that the value + # ``all`` represents the entire deployment system. + system_all = 'all' + + ctx = context.RequestContext(user=user, + user_domain=user_domain, + system_scope=system_all, + roles=roles, + service_user_id=service_user_id, + service_project_id=service_project_id, + service_roles=service_roles) + + self.assertEqual({'user_id': user, + 'user_domain_id': user_domain, + 'system_scope': system_all, + 'project_id': None, + 'project_domain_id': None, + 'roles': roles, + 'is_admin_project': True, + 'service_user_id': service_user_id, + 'service_user_domain_id': None, + 'service_project_id': service_project_id, + 'service_project_domain_id': None, + 'service_roles': service_roles}, + ctx.to_policy_values()) + ctx = context.RequestContext(user=user, user_domain=user_domain, tenant=tenant, @@ -577,6 +604,7 @@ class ContextTest(test_base.BaseTestCase): self.assertEqual({'user_id': user, 'user_domain_id': user_domain, + 'system_scope': None, 'project_id': tenant, 'project_domain_id': project_domain, 'roles': roles,