Remove deprecated attributes from context

The oslo.context emits a warning for attributes that are not listed in
[1] and considered to be deprecated. According to the warning message,
the policy file should be modified to use $(project_id)s instead of
$(tenant_id)s. Also, context.user is deprecated. We should remove lines
using context.user and use context.user_id only.

The following deprecation warnings are gone with the patch:

- context.py💯 DeprecationWarning: Policy enforcement is depending on
  the value of tenant_id. This key is deprecated. Please update your
  policy file to use the standard policy values.

- test_auth.py:75: DeprecationWarning: Property ‘user’ has moved to
  ‘user_id’ in version ‘2.6’ and will be removed in version ‘3.0’

[1] https://github.com/openstack/oslo.context/blob/master/oslo_context/context.py#L313-L327

Change-Id: Ib06cd0d54772d17838789943b6a09c581b899435
Closes-Bug: #1976219
(cherry picked from commit 39925d1141)

tacker/api/v1/base.py

@@ -488,6 +488,7 @@ class Controller(object):
         if is_create and 'tenant_id' not in res_dict:
             if context.tenant_id:
                 res_dict['tenant_id'] = context.tenant_id
+                res_dict['project_id'] = context.tenant_id
             else:
                 msg = _("Running without keystone AuthN requires "
                         "that tenant_id is specified")
@@ -591,7 +592,13 @@ class Controller(object):
 
     @staticmethod
     def _verify_attributes(res_dict, attr_info):
-        extra_keys = set(res_dict.keys()) - set(attr_info.keys())
+        # TODO(h-asahina): The `project_id` is not included in attr_info, but
+        # it is used as an alternative of `tenant_id` which is already
+        # deprecated in oslo.context. Excluding `project_id` from the
+        # verification is a workaround to avoid directly modifying attr_info
+        # which has a strong influence on the existing code.
+        excluded = {'project_id'}
+        extra_keys = set(res_dict.keys()) - set(attr_info.keys()) - excluded
         if extra_keys:
             msg = _("Unrecognized attribute(s) '%s'") % ', '.join(extra_keys)
             raise webob.exc.HTTPBadRequest(msg)

tacker/context.py

@@ -103,7 +103,6 @@ class ContextBase(oslo_context.RequestContext):
 
     def to_policy_values(self):
         values = super(ContextBase, self).to_policy_values()
-        values['tenant_id'] = self.project_id
         values['is_admin'] = self.is_admin
 
         # NOTE(jamielennox): These are almost certainly unused and non-standard
@@ -150,7 +149,7 @@ class ContextBase(oslo_context.RequestContext):
             authorized and False if not authorized and fatal is False.
         """
         if target is None:
-            target = {'tenant_id': self.tenant_id,
+            target = {'project_id': self.tenant_id,
                       'user_id': self.user_id}
         try:
             return policy.authorize(self, action, target)

tacker/policies/base.py

@@ -28,7 +28,7 @@ rules = [
         "Decides what is required for the 'is_admin:True' check to succeed."),
     policy.RuleDefault(
         "admin_or_owner",
-        "is_admin:True or tenant_id:%(tenant_id)s",
+        "is_admin:True or project_id:%(project_id)s",
         "Default rule for most non-Admin APIs."),
     policy.RuleDefault(
         "admin_only",

tacker/tests/etc/policy.yaml

@@ -1,4 +1,4 @@
-"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s"
+"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s"
 "admin_only": "rule:context_is_admin"
 "regular_user": ""
 "shared": "field:vims:shared=True"

tacker/tests/unit/test_auth.py

@@ -72,7 +72,6 @@ class TackerKeystoneContextTestCase(test_base.BaseTestCase):
         response = self.request.get_response(self.middleware)
         self.assertEqual('200 OK', response.status)
         self.assertEqual('testuserid', self.context.user_id)
-        self.assertEqual('testuserid', self.context.user)
 
     def test_with_tenant_id(self):
         self.request.headers['X_PROJECT_ID'] = 'testtenantid'