Browse Source

Merge "Implement system-scope"

tags/2.21.0^0
Zuul 1 year ago
parent
commit
b1ba490ac5
2 changed files with 39 additions and 1 deletions
  1. 11
    1
      oslo_context/context.py
  2. 28
    0
      oslo_context/tests/test_context.py

+ 11
- 1
oslo_context/context.py View File

@@ -49,6 +49,7 @@ _ENVIRON_HEADERS = {
49 49
     'project_id': ['HTTP_X_PROJECT_ID',
50 50
                    'HTTP_X_TENANT_ID',
51 51
                    'HTTP_X_TENANT'],
52
+    'system_scope': ['HTTP_OPENSTACK_SYSTEM_SCOPE'],
52 53
     'user_domain_id': ['HTTP_X_USER_DOMAIN_ID'],
53 54
     'project_domain_id': ['HTTP_X_PROJECT_DOMAIN_ID'],
54 55
     'user_name': ['HTTP_X_USER_NAME'],
@@ -219,7 +220,8 @@ class RequestContext(object):
219 220
                  service_project_domain_id=None,
220 221
                  service_project_domain_name=None,
221 222
                  service_roles=None,
222
-                 global_request_id=None):
223
+                 global_request_id=None,
224
+                 system_scope=None):
223 225
         """Initialize the RequestContext
224 226
 
225 227
         :param overwrite: Set to False to ensure that the greenthread local
@@ -228,6 +230,11 @@ class RequestContext(object):
228 230
                                  the token as the admin project. Defaults to
229 231
                                  True for backwards compatibility.
230 232
         :type is_admin_project: bool
233
+        :param system_scope: The system scope of a token. The value ``all``
234
+                             represents the entire deployment system. A service
235
+                             ID represents a specific service within the
236
+                             deployment system.
237
+        :type system_scope: string
231 238
         """
232 239
         # setting to private variables to avoid triggering subclass properties
233 240
         self._user_id = user_id
@@ -240,6 +247,7 @@ class RequestContext(object):
240 247
         self.user_name = user_name
241 248
         self.project_name = project_name
242 249
         self.domain_name = domain_name
250
+        self.system_scope = system_scope
243 251
         self.user_domain_name = user_domain_name
244 252
         self.project_domain_name = project_domain_name
245 253
         self.is_admin = is_admin
@@ -309,6 +317,7 @@ class RequestContext(object):
309 317
         return _DeprecatedPolicyValues({
310 318
             'user_id': self.user_id,
311 319
             'user_domain_id': self.user_domain_id,
320
+            'system_scope': self.system_scope,
312 321
             'project_id': self.project_id,
313 322
             'project_domain_id': self.project_domain_id,
314 323
             'roles': self.roles,
@@ -330,6 +339,7 @@ class RequestContext(object):
330 339
 
331 340
         return {'user': self.user_id,
332 341
                 'tenant': self.project_id,
342
+                'system_scope': self.system_scope,
333 343
                 'project': self.project_id,
334 344
                 'domain': self.domain_id,
335 345
                 'user_domain': self.user_domain_id,

+ 28
- 0
oslo_context/tests/test_context.py View File

@@ -554,6 +554,7 @@ class ContextTest(test_base.BaseTestCase):
554 554
 
555 555
         self.assertEqual({'user_id': user,
556 556
                           'user_domain_id': user_domain,
557
+                          'system_scope': None,
557 558
                           'project_id': tenant,
558 559
                           'project_domain_id': project_domain,
559 560
                           'roles': roles,
@@ -565,6 +566,32 @@ class ContextTest(test_base.BaseTestCase):
565 566
                           'service_roles': service_roles},
566 567
                          ctx.to_policy_values())
567 568
 
569
+        # NOTE(lbragstad): This string has special meaning in that the value
570
+        # ``all`` represents the entire deployment system.
571
+        system_all = 'all'
572
+
573
+        ctx = context.RequestContext(user=user,
574
+                                     user_domain=user_domain,
575
+                                     system_scope=system_all,
576
+                                     roles=roles,
577
+                                     service_user_id=service_user_id,
578
+                                     service_project_id=service_project_id,
579
+                                     service_roles=service_roles)
580
+
581
+        self.assertEqual({'user_id': user,
582
+                          'user_domain_id': user_domain,
583
+                          'system_scope': system_all,
584
+                          'project_id': None,
585
+                          'project_domain_id': None,
586
+                          'roles': roles,
587
+                          'is_admin_project': True,
588
+                          'service_user_id': service_user_id,
589
+                          'service_user_domain_id': None,
590
+                          'service_project_id': service_project_id,
591
+                          'service_project_domain_id': None,
592
+                          'service_roles': service_roles},
593
+                         ctx.to_policy_values())
594
+
568 595
         ctx = context.RequestContext(user=user,
569 596
                                      user_domain=user_domain,
570 597
                                      tenant=tenant,
@@ -577,6 +604,7 @@ class ContextTest(test_base.BaseTestCase):
577 604
 
578 605
         self.assertEqual({'user_id': user,
579 606
                           'user_domain_id': user_domain,
607
+                          'system_scope': None,
580 608
                           'project_id': tenant,
581 609
                           'project_domain_id': project_domain,
582 610
                           'roles': roles,

Loading…
Cancel
Save