Remove deprecated attributes from context
The oslo.context emits a warning for attributes that are not listed in [1] and considered to be deprecated. According to the warning message, the policy file should be modified to use $(project_id)s instead of $(tenant_id)s. Also, context.user is deprecated. We should remove lines using context.user and use context.user_id only. The following deprecation warnings are gone with the patch: - context.py💯 DeprecationWarning: Policy enforcement is depending on the value of tenant_id. This key is deprecated. Please update your policy file to use the standard policy values. - test_auth.py:75: DeprecationWarning: Property ‘user’ has moved to ‘user_id’ in version ‘2.6’ and will be removed in version ‘3.0’ [1] https://github.com/openstack/oslo.context/blob/master/oslo_context/context.py#L313-L327 Change-Id: Ib06cd0d54772d17838789943b6a09c581b899435 Closes-Bug: #1976219
This commit is contained in:
parent
f10ac5fd56
commit
39925d1141
|
@ -488,6 +488,7 @@ class Controller(object):
|
|||
if is_create and 'tenant_id' not in res_dict:
|
||||
if context.tenant_id:
|
||||
res_dict['tenant_id'] = context.tenant_id
|
||||
res_dict['project_id'] = context.tenant_id
|
||||
else:
|
||||
msg = _("Running without keystone AuthN requires "
|
||||
"that tenant_id is specified")
|
||||
|
@ -591,7 +592,13 @@ class Controller(object):
|
|||
|
||||
@staticmethod
|
||||
def _verify_attributes(res_dict, attr_info):
|
||||
extra_keys = set(res_dict.keys()) - set(attr_info.keys())
|
||||
# TODO(h-asahina): The `project_id` is not included in attr_info, but
|
||||
# it is used as an alternative of `tenant_id` which is already
|
||||
# deprecated in oslo.context. Excluding `project_id` from the
|
||||
# verification is a workaround to avoid directly modifying attr_info
|
||||
# which has a strong influence on the existing code.
|
||||
excluded = {'project_id'}
|
||||
extra_keys = set(res_dict.keys()) - set(attr_info.keys()) - excluded
|
||||
if extra_keys:
|
||||
msg = _("Unrecognized attribute(s) '%s'") % ', '.join(extra_keys)
|
||||
raise webob.exc.HTTPBadRequest(msg)
|
||||
|
|
|
@ -103,7 +103,6 @@ class ContextBase(oslo_context.RequestContext):
|
|||
|
||||
def to_policy_values(self):
|
||||
values = super(ContextBase, self).to_policy_values()
|
||||
values['tenant_id'] = self.project_id
|
||||
values['is_admin'] = self.is_admin
|
||||
|
||||
# NOTE(jamielennox): These are almost certainly unused and non-standard
|
||||
|
@ -150,7 +149,7 @@ class ContextBase(oslo_context.RequestContext):
|
|||
authorized and False if not authorized and fatal is False.
|
||||
"""
|
||||
if target is None:
|
||||
target = {'tenant_id': self.tenant_id,
|
||||
target = {'project_id': self.tenant_id,
|
||||
'user_id': self.user_id}
|
||||
try:
|
||||
return policy.authorize(self, action, target)
|
||||
|
|
|
@ -28,7 +28,7 @@ rules = [
|
|||
"Decides what is required for the 'is_admin:True' check to succeed."),
|
||||
policy.RuleDefault(
|
||||
"admin_or_owner",
|
||||
"is_admin:True or tenant_id:%(tenant_id)s",
|
||||
"is_admin:True or project_id:%(project_id)s",
|
||||
"Default rule for most non-Admin APIs."),
|
||||
policy.RuleDefault(
|
||||
"admin_only",
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s"
|
||||
"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s"
|
||||
"admin_only": "rule:context_is_admin"
|
||||
"regular_user": ""
|
||||
"shared": "field:vims:shared=True"
|
||||
|
|
|
@ -72,7 +72,6 @@ class TackerKeystoneContextTestCase(test_base.BaseTestCase):
|
|||
response = self.request.get_response(self.middleware)
|
||||
self.assertEqual('200 OK', response.status)
|
||||
self.assertEqual('testuserid', self.context.user_id)
|
||||
self.assertEqual('testuserid', self.context.user)
|
||||
|
||||
def test_with_tenant_id(self):
|
||||
self.request.headers['X_PROJECT_ID'] = 'testtenantid'
|
||||
|
|
Loading…
Reference in New Issue