diff options
| author | Yogeshwar Srikrishnan <yoga80@yahoo.com> | 2011-06-01 17:29:01 -0500 |
|---|---|---|
| committer | Yogeshwar Srikrishnan <yoga80@yahoo.com> | 2011-06-01 17:29:01 -0500 |
| commit | 9a6f3d54e94d31f7be2b8ccfceeb8b835a89cddc (patch) | |
| tree | a3890e1b90d2639b13265960267ce7a4c5757b7e | |
| parent | 7a38f7438caa979c9b1579a3ab17ce5ed10199d4 (diff) | |
Changes on auth basic middleware component to return roles.Also changes on the application to return roles not tied to a tenant.
| -rw-r--r-- | examples/echo/echo/server.py | 4 | ||||
| -rw-r--r-- | keystone/auth_protocols/auth_token.py | 11 | ||||
| -rwxr-xr-x[-rw-r--r--] | keystone/logic/service.py | 6 |
3 files changed, 19 insertions, 2 deletions
diff --git a/examples/echo/echo/server.py b/examples/echo/echo/server.py index 8c24aa8f..69919a88 100644 --- a/examples/echo/echo/server.py +++ b/examples/echo/echo/server.py @@ -31,6 +31,7 @@ POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'echo', '__init__.py')): # also use the local keystone KEYSTONE_TOPDIR = os.path.normpath(os.path.join(POSSIBLE_TOPDIR, + os.pardir, os.pardir)) if os.path.exists(os.path.join(KEYSTONE_TOPDIR, 'keystone', @@ -75,6 +76,9 @@ class EchoApp(object): print ' Tenant :', self.envr['HTTP_X_TENANT'] if 'HTTP_X_GROUP' in self.envr: print ' Group :', self.envr['HTTP_X_GROUP'] + if 'HTTP_X_ROLES' in self.envr: + print ' Roles :', self.envr['HTTP_X_ROLES'] + accept = self.envr.get("HTTP_ACCEPT", "application/json") if accept == "application/xml": diff --git a/keystone/auth_protocols/auth_token.py b/keystone/auth_protocols/auth_token.py index 1484bf58..e690b335 100644 --- a/keystone/auth_protocols/auth_token.py +++ b/keystone/auth_protocols/auth_token.py @@ -167,6 +167,8 @@ class AuthProtocol(object): self._decorate_request('X_USER', claims['user']) if 'group' in claims: self._decorate_request('X_GROUP', claims['group']) + if 'roles' in claims: + self._decorate_request('X_ROLES', claims['roles']) self.expanded = True #Send request downstream @@ -263,8 +265,15 @@ class AuthProtocol(object): token_info = json.loads(data) #TODO(Ziad): make this more robust #first_group = token_info['auth']['user']['groups']['group'][0] + roles =[] + role_refs =token_info["auth"]["user"]["roleRefs"] + for role_ref in role_refs: + roles.append(role_ref["roleId"]) + verified_claims = {'user': token_info['auth']['user']['username'], - 'tenant': token_info['auth']['user']['tenantId']} + 'tenant': token_info['auth']['user']['tenantId'], 'roles':roles} + + # TODO(Ziad): removed groups for now # ,'group': '%s/%s' % (first_group['id'], # first_group['tenantId'])} diff --git a/keystone/logic/service.py b/keystone/logic/service.py index 926fa4b6..e028705e 100644..100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -129,7 +129,7 @@ class IdentityService(object): ## GET Tenants with Pagination ## def get_tenants(self, admin_token, marker, limit, url): - self.__validate_token(admin_token) + (token, user) = self.__validate_token(admin_token, False) ts = [] dtenants = db_api.tenant_get_page(marker, limit) @@ -848,6 +848,10 @@ class IdentityService(object): for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, droleRef.tenant_id)) + droleRefs = db_api.role_ref_get_all_global_roles(duser.id) + for droleRef in droleRefs: + ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, + droleRef.tenant_id)) user = auth.User(duser.id, duser.tenant_id, None, roles.RoleRefs(ts, [])) return auth.ValidateData(token, user) |