Use tenant name and user name for user id

Currently, swift3 abuses an access key as a S3 user id, which is not human readable string in the case of keystone auth. Let's use the following form: [tenant name]:[user name] This is the same format as what the tempauth middleware uses. Change-Id: I026bd28f0be81a38be515276c1dab532dcff7130
2014-07-07 09:16:56 +09:00 · 2014-07-07 09:16:56 +09:00 · dbc94b7098
parent 272ea27a8e
commit dbc94b7098
3 changed files with 13 additions and 2 deletions
--- a/swift3/controllers/acl.py
+++ b/swift3/controllers/acl.py
@ -138,7 +138,7 @@ class AclController(Controller):
        """
        resp = req.get_response(self.app, method='HEAD')

-        return get_acl(req.access_key, resp.headers)
+        return get_acl(req.user_id, resp.headers)

    def PUT(self, req):
        """
--- a/swift3/controllers/bucket.py
+++ b/swift3/controllers/bucket.py
@ -81,7 +81,7 @@ class BucketController(Controller):
                    o['last_modified'] + 'Z'
                SubElement(contents, 'ETag').text = o['hash']
                SubElement(contents, 'Size').text = str(o['bytes'])
-                add_canonical_user(contents, 'Owner', req.access_key)
+                add_canonical_user(contents, 'Owner', req.user_id)

        for o in objects[:max_keys]:
            if 'subdir' in o:
--- a/swift3/request.py
+++ b/swift3/request.py
@ -61,6 +61,7 @@ class Request(swob.Request):
        self.container_name, self.object_name = self.split_path(0, 2, True)
        self._validate_headers()
        self.token = base64.urlsafe_b64encode(self._canonical_string())
+        self.user_id = None

    def _parse_authorization(self):
        if 'AWSAccessKeyId' in self.params:
@ -372,6 +373,16 @@ class Request(swob.Request):
        resp = Response.from_swift_resp(sw_resp)
        status = resp.status_int  # pylint: disable-msg=E1101

+        if 'HTTP_X_USER_NAME' in sw_resp.environ:
+            # keystone
+            self.user_id = "%s:%s" % (sw_resp.environ['HTTP_X_TENANT_NAME'],
+                                      sw_resp.environ['HTTP_X_USER_NAME'])
+            if isinstance(self.user_id, unicode):
+                self.user_id = self.user_id.encode('utf8')
+        else:
+            # tempauth
+            self.user_id = self.access_key
+
        success_codes = self._swift_success_codes(method)
        error_codes = self._swift_error_codes(method)