Use the tenant name for X_TENANT

Fixes bug 870351 Change-Id: I2cf12a28c6dc29595ef490acdb511f604d86d3ee
author: Kevin L. Mitchell <kevin.mitchell@rackspace.com> 2011-10-10 14:24:32 -0500
committer: Kevin L. Mitchell <kevin.mitchell@rackspace.com> 2011-10-10 14:24:32 -0500
commit: 625fcebc0c572ecf8fa738d720d5424dc8d39546 (patch)
tree: 1eb57d0d6dd960a461801237e3e51e91a0d93a43
parent: 5fa576a1b772801bf35bd74875b1a1efae3ce086 (diff)
download: keystone-625fcebc0c572ecf8fa738d720d5424dc8d39546.tar.gz
keystone-625fcebc0c572ecf8fa738d720d5424dc8d39546.tar.xz
keystone-625fcebc0c572ecf8fa738d720d5424dc8d39546.zip
4 files changed, 24 insertions, 4 deletions
diff --git a/keystone/logic/service.py b/keystone/logic/service.py
index 6a3b3462..b0c9cd14 100755
--- a/keystone/logic/service.py
+++ b/keystone/logic/service.py
@@ -510,7 +510,7 @@ class IdentityService(object):
             ts.append(UserRole(drole_ref.role_id, drole.name,
                 drole_ref.tenant_id))
 
-        user = auth.User(duser.id, duser.name, None, UserRoles(ts, []))
+        user = auth.User(duser.id, duser.name, None, None, UserRoles(ts, []))
 
         return auth.AuthData(token, user, endpoints)
 
@@ -537,8 +537,14 @@ class IdentityService(object):
             ts.append(UserRole(drole_ref.role_id, drole.name,
                 drole_ref.tenant_id))
 
+        # Also get the user's tenant's name
+        tenant_name = None
+        if duser.tenant_id:
+            utenant = api.TENANT.get(duser.tenant_id)
+            tenant_name = utenant.name
+
         user = auth.User(duser.id, duser.name, duser.tenant_id,
-            UserRoles(ts, []))
+            tenant_name, UserRoles(ts, []))
 
         return auth.ValidateData(token, user)
 
diff --git a/keystone/logic/types/auth.py b/keystone/logic/types/auth.py
index 8ce50552..ead3c3ab 100755
--- a/keystone/logic/types/auth.py
+++ b/keystone/logic/types/auth.py
@@ -293,12 +293,14 @@ class User(object):
     id = None
     username = None
     tenant_id = None
+    tenant_name = None
     role_refs = None
 
-    def __init__(self, id, username, tenant_id, role_refs=None):
+    def __init__(self, id, username, tenant_id, tenant_name, role_refs=None):
         self.id = id
         self.username = username
         self.tenant_id = tenant_id
+        self.tenant_name = tenant_name
         self.role_refs = role_refs
 
 
@@ -444,6 +446,8 @@ class ValidateData(object):
 
         if self.user.tenant_id is not None:
             user.set('tenantId', unicode(self.user.tenant_id))
+            if self.user.tenant_name is not None:
+                user.set('tenantName', unicode(self.user.tenant_name))
 
         if self.user.role_refs is not None:
             user.append(self.user.role_refs.to_dom())
@@ -468,6 +472,8 @@ class ValidateData(object):
 
         if self.user.tenant_id is not None:
             user['tenantId'] = unicode(self.user.tenant_id)
+            if self.user.tenant_name is not None:
+                user['tenantName'] = unicode(self.user.tenant_name)
 
         if self.user.role_refs is not None:
             user["roles"] = self.user.role_refs.to_json_values()
diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
index 30eb0b63..1e0d35e3 100755
--- a/keystone/middleware/auth_token.py
+++ b/keystone/middleware/auth_token.py
@@ -166,6 +166,9 @@ class AuthProtocol(object):
                     self._decorate_request('X_AUTHORIZATION', "Proxy %s" %
                         claims['user'], env, proxy_headers)
                     self._decorate_request('X_TENANT',
+                        claims.get('tenant_name', claims['tenant']),
+                        env, proxy_headers)
+                    self._decorate_request('X_TENANT_ID',
                         claims['tenant'], env, proxy_headers)
                     self._decorate_request('X_USER',
                         claims['user'], env, proxy_headers)
@@ -288,13 +291,18 @@ class AuthProtocol(object):
 
         try:
             tenant = token_info['access']['token']['tenant']['id']
+            tenant_name = token_info['access']['token']['tenant']['name']
         except:
             tenant = None
+            tenant_name = None
         if not tenant:
             tenant = token_info['access']['user'].get('tenantId')
+            tenant_name = token_info['access']['user'].get('tenantName')
         verified_claims = {'user': token_info['access']['user']['username'],
                     'tenant': tenant,
                     'roles': roles}
+        if tenant_name:
+            verified_claims['tenantName'] = tenant_name
         return verified_claims
 
     def _decorate_request(self, index, value, env, proxy_headers):
diff --git a/keystone/test/unit/test_server.py b/keystone/test/unit/test_server.py
index aba0b487..702ca124 100755
--- a/keystone/test/unit/test_server.py
+++ b/keystone/test/unit/test_server.py
@@ -20,7 +20,7 @@ class TestServer(unittest.TestCase):
         environ = {'wsgi.url_scheme': 'http'}
         self.request = webob.Request(environ)
         self.auth_data = auth.ValidateData(auth.Token(datetime.date.today(),
-            "2231312"), auth.User("id", "username", "12345"))
+            "2231312"), auth.User("id", "username", "12345", "aTenant"))
 
     #def tearDown(self):
author	Kevin L. Mitchell <kevin.mitchell@rackspace.com>	2011-10-10 14:24:32 -0500
committer	Kevin L. Mitchell <kevin.mitchell@rackspace.com>	2011-10-10 14:24:32 -0500
commit	625fcebc0c572ecf8fa738d720d5424dc8d39546 (patch)
tree	1eb57d0d6dd960a461801237e3e51e91a0d93a43
parent	5fa576a1b772801bf35bd74875b1a1efae3ce086 (diff)
download	keystone-625fcebc0c572ecf8fa738d720d5424dc8d39546.tar.gz keystone-625fcebc0c572ecf8fa738d720d5424dc8d39546.tar.xz keystone-625fcebc0c572ecf8fa738d720d5424dc8d39546.zip