diff options
| author | Jenkins <jenkins@review.openstack.org> | 2011-08-03 18:07:01 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2011-08-03 18:07:01 +0000 |
| commit | 5997d943294647bc80b7d8ce68db91946ba9c032 (patch) | |
| tree | 758564c0ba153edb33ea23eb44b086f6bae0c32c | |
| parent | b4491d96705aa6070802d2c5a798723de261a9dc (diff) | |
| parent | f9ca57105e49a1640eb4e04a801591069064f352 (diff) | |
Merge "Determine is_admin based on 'Admin' role; remove dead project_ref code; pass auth_token into request context; pass user_id/project_id into request context instead of their refs"
| -rw-r--r-- | keystone/middleware/nova_auth_token.py | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/keystone/middleware/nova_auth_token.py b/keystone/middleware/nova_auth_token.py index bd4d1048..703aa14b 100644 --- a/keystone/middleware/nova_auth_token.py +++ b/keystone/middleware/nova_auth_token.py @@ -62,21 +62,28 @@ class KeystoneAuthShim(wsgi.Middleware): except: user_ref = self.auth.create_user(user_id) + # get the roles + roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')] + # set user admin-ness to keystone admin-ness - if user_ref.is_admin() != (req.headers.get('X_ROLE', None) == 'Admin'): - self.auth.modify_user(user_ref, - admin=req.headers.get('X_ROLE') == 'Admin') + if user_ref.is_admin() != ('Admin' in roles): + self.auth.modify_user(user_ref, ('Admin' in roles)) # create a project for tenant project_id = req.headers['X_TENANT'] - try: - project_ref = self.auth.get_project(project_id) - except: - project_ref = self.auth.create_project(project_id, user_id) # ensure user is a member of project if not self.auth.is_project_member(user_id, project_id): self.auth.add_to_project(user_id, project_id) - req.environ['nova.context'] = context.RequestContext(user_ref, project_ref) + # Get the auth token + auth_token = req.headers.get('X_AUTH_TOKEN', + req.headers.get('X_STORAGE_TOKEN')) + + # Build a context, including the auth_token... + ctx = context.RequestContext(user_id, project_id, + is_admin=('Admin' in roles), + auth_token=auth_token) + + req.environ['nova.context'] = ctx return self.application |