Merge "Implement system-scope"
This commit is contained in:
commit
b1ba490ac5
|
@ -49,6 +49,7 @@ _ENVIRON_HEADERS = {
|
||||||
'project_id': ['HTTP_X_PROJECT_ID',
|
'project_id': ['HTTP_X_PROJECT_ID',
|
||||||
'HTTP_X_TENANT_ID',
|
'HTTP_X_TENANT_ID',
|
||||||
'HTTP_X_TENANT'],
|
'HTTP_X_TENANT'],
|
||||||
|
'system_scope': ['HTTP_OPENSTACK_SYSTEM_SCOPE'],
|
||||||
'user_domain_id': ['HTTP_X_USER_DOMAIN_ID'],
|
'user_domain_id': ['HTTP_X_USER_DOMAIN_ID'],
|
||||||
'project_domain_id': ['HTTP_X_PROJECT_DOMAIN_ID'],
|
'project_domain_id': ['HTTP_X_PROJECT_DOMAIN_ID'],
|
||||||
'user_name': ['HTTP_X_USER_NAME'],
|
'user_name': ['HTTP_X_USER_NAME'],
|
||||||
|
@ -219,7 +220,8 @@ class RequestContext(object):
|
||||||
service_project_domain_id=None,
|
service_project_domain_id=None,
|
||||||
service_project_domain_name=None,
|
service_project_domain_name=None,
|
||||||
service_roles=None,
|
service_roles=None,
|
||||||
global_request_id=None):
|
global_request_id=None,
|
||||||
|
system_scope=None):
|
||||||
"""Initialize the RequestContext
|
"""Initialize the RequestContext
|
||||||
|
|
||||||
:param overwrite: Set to False to ensure that the greenthread local
|
:param overwrite: Set to False to ensure that the greenthread local
|
||||||
|
@ -228,6 +230,11 @@ class RequestContext(object):
|
||||||
the token as the admin project. Defaults to
|
the token as the admin project. Defaults to
|
||||||
True for backwards compatibility.
|
True for backwards compatibility.
|
||||||
:type is_admin_project: bool
|
:type is_admin_project: bool
|
||||||
|
:param system_scope: The system scope of a token. The value ``all``
|
||||||
|
represents the entire deployment system. A service
|
||||||
|
ID represents a specific service within the
|
||||||
|
deployment system.
|
||||||
|
:type system_scope: string
|
||||||
"""
|
"""
|
||||||
# setting to private variables to avoid triggering subclass properties
|
# setting to private variables to avoid triggering subclass properties
|
||||||
self._user_id = user_id
|
self._user_id = user_id
|
||||||
|
@ -240,6 +247,7 @@ class RequestContext(object):
|
||||||
self.user_name = user_name
|
self.user_name = user_name
|
||||||
self.project_name = project_name
|
self.project_name = project_name
|
||||||
self.domain_name = domain_name
|
self.domain_name = domain_name
|
||||||
|
self.system_scope = system_scope
|
||||||
self.user_domain_name = user_domain_name
|
self.user_domain_name = user_domain_name
|
||||||
self.project_domain_name = project_domain_name
|
self.project_domain_name = project_domain_name
|
||||||
self.is_admin = is_admin
|
self.is_admin = is_admin
|
||||||
|
@ -309,6 +317,7 @@ class RequestContext(object):
|
||||||
return _DeprecatedPolicyValues({
|
return _DeprecatedPolicyValues({
|
||||||
'user_id': self.user_id,
|
'user_id': self.user_id,
|
||||||
'user_domain_id': self.user_domain_id,
|
'user_domain_id': self.user_domain_id,
|
||||||
|
'system_scope': self.system_scope,
|
||||||
'project_id': self.project_id,
|
'project_id': self.project_id,
|
||||||
'project_domain_id': self.project_domain_id,
|
'project_domain_id': self.project_domain_id,
|
||||||
'roles': self.roles,
|
'roles': self.roles,
|
||||||
|
@ -330,6 +339,7 @@ class RequestContext(object):
|
||||||
|
|
||||||
return {'user': self.user_id,
|
return {'user': self.user_id,
|
||||||
'tenant': self.project_id,
|
'tenant': self.project_id,
|
||||||
|
'system_scope': self.system_scope,
|
||||||
'project': self.project_id,
|
'project': self.project_id,
|
||||||
'domain': self.domain_id,
|
'domain': self.domain_id,
|
||||||
'user_domain': self.user_domain_id,
|
'user_domain': self.user_domain_id,
|
||||||
|
|
|
@ -554,6 +554,7 @@ class ContextTest(test_base.BaseTestCase):
|
||||||
|
|
||||||
self.assertEqual({'user_id': user,
|
self.assertEqual({'user_id': user,
|
||||||
'user_domain_id': user_domain,
|
'user_domain_id': user_domain,
|
||||||
|
'system_scope': None,
|
||||||
'project_id': tenant,
|
'project_id': tenant,
|
||||||
'project_domain_id': project_domain,
|
'project_domain_id': project_domain,
|
||||||
'roles': roles,
|
'roles': roles,
|
||||||
|
@ -565,6 +566,32 @@ class ContextTest(test_base.BaseTestCase):
|
||||||
'service_roles': service_roles},
|
'service_roles': service_roles},
|
||||||
ctx.to_policy_values())
|
ctx.to_policy_values())
|
||||||
|
|
||||||
|
# NOTE(lbragstad): This string has special meaning in that the value
|
||||||
|
# ``all`` represents the entire deployment system.
|
||||||
|
system_all = 'all'
|
||||||
|
|
||||||
|
ctx = context.RequestContext(user=user,
|
||||||
|
user_domain=user_domain,
|
||||||
|
system_scope=system_all,
|
||||||
|
roles=roles,
|
||||||
|
service_user_id=service_user_id,
|
||||||
|
service_project_id=service_project_id,
|
||||||
|
service_roles=service_roles)
|
||||||
|
|
||||||
|
self.assertEqual({'user_id': user,
|
||||||
|
'user_domain_id': user_domain,
|
||||||
|
'system_scope': system_all,
|
||||||
|
'project_id': None,
|
||||||
|
'project_domain_id': None,
|
||||||
|
'roles': roles,
|
||||||
|
'is_admin_project': True,
|
||||||
|
'service_user_id': service_user_id,
|
||||||
|
'service_user_domain_id': None,
|
||||||
|
'service_project_id': service_project_id,
|
||||||
|
'service_project_domain_id': None,
|
||||||
|
'service_roles': service_roles},
|
||||||
|
ctx.to_policy_values())
|
||||||
|
|
||||||
ctx = context.RequestContext(user=user,
|
ctx = context.RequestContext(user=user,
|
||||||
user_domain=user_domain,
|
user_domain=user_domain,
|
||||||
tenant=tenant,
|
tenant=tenant,
|
||||||
|
@ -577,6 +604,7 @@ class ContextTest(test_base.BaseTestCase):
|
||||||
|
|
||||||
self.assertEqual({'user_id': user,
|
self.assertEqual({'user_id': user,
|
||||||
'user_domain_id': user_domain,
|
'user_domain_id': user_domain,
|
||||||
|
'system_scope': None,
|
||||||
'project_id': tenant,
|
'project_id': tenant,
|
||||||
'project_domain_id': project_domain,
|
'project_domain_id': project_domain,
|
||||||
'roles': roles,
|
'roles': roles,
|
||||||
|
|
Loading…
Reference in New Issue