- Automatically add underscore if there wasn't one already.
- This makes consistent with tempauth.
- Fixes bug 1198878.
- This should probably need to be mentioned in the release changelog for
upgrades.
Change-Id: Ia82f14f82c380c7ed2ddd190116f1493e410cfbe
Below three bug reports talk about one thing.
Current keystoneauth ACL supports as:
tenant_name:user_id ok
tenant_name:user_name no
tenant_name:* no
tenant_id:user_id ok
tenant_id:user_name no
tenant_id:* no
*:user_id ok
*:user_name no
*:* no
This patch will make all of above work fine.
Applying (tenant/user)name could let user put or get their data in a
more readable way. The tenant_name:* and *:user_name is suitable for
many usage.
note: to keep compatibility here add a new keystone.identity just for
authorize() itself and leave env['keystone.identity'] to other
middlerwares.
Fixes: bug #1020709
Fixes: bug #1075362
Fixes: bug #1155389
Change-Id: I9354dedaad875117f6a9072c67e9ecf69bfca77e
Using insensitive case could tolerate human error. For example,
user maybe set like this "operator_roles = Admin, swiftoperator"
- also fix a mistake in test, ['admin'] is correct value for roles, not
'admin' (it will be looped as ['a', 'd', 'm', 'i', 'n'])
- add test for insensitive cases
Fixes: bug #1013120
Change-Id: I56d71da8bc503e48e92dd743692ba6fc237f029e
The recent account_quotas (https://review.openstack.org/23434)
patch added a new setting request.environ[reseller_request].
This patch adds tests for tempauth and keystoneauth as well as
an updated overview_auth.rst.
Change-Id: Icdb7ec9948ae7424b0721fc51a143782b2fdc5a6
- When a user as a valid token it would go to authorize but the acl
check was after the reseller_check and due fail. Check this before
reseller_check and add a test for it.
- Fixes bug 1020722.
Change-Id: Iaff9f35f5ee690e9b729c36d05fb9adf3368dc79
This change replaces WebOb with a mostly compatible local library,
swift.common.swob. Subtle changes to WebOb's API over the years have been a
huge headache. Swift doesn't even run on the current version.
There are a few incompatibilities to simplify the implementation/interface:
* It only implements the header properties we use. More can be easily added.
* Casts header values to str on assignment.
* Response classes ("HTTPNotFound") are no longer subclasses, but partials
on Response, so things like isinstance no longer work on them.
* Unlike newer webob versions, will never return unicode objects.
Change-Id: I76617a0903ee2286b25a821b3c935c86ff95233f
