diff options
| author | Kevin L. Mitchell <kevin.mitchell@rackspace.com> | 2011-08-02 15:34:18 -0500 |
|---|---|---|
| committer | Kevin L. Mitchell <kevin.mitchell@rackspace.com> | 2011-08-02 15:34:18 -0500 |
| commit | f9ca57105e49a1640eb4e04a801591069064f352 (patch) | |
| tree | 0b7cc9015c747b68df411fbf2430a02ee9a7f64a | |
| parent | 8ff14cde887ac59adf3d682f0b4f81dae0d4dd76 (diff) | |
Determine is_admin based on 'Admin' role; remove dead project_ref code;
pass auth_token into request context; pass user_id/project_id into
request context instead of their refs
Change-Id: Ib23f59694301dcfc91cf8e8deff8ae0a090e82df
| -rw-r--r-- | keystone/middleware/nova_auth_token.py | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/keystone/middleware/nova_auth_token.py b/keystone/middleware/nova_auth_token.py index bd4d1048..703aa14b 100644 --- a/keystone/middleware/nova_auth_token.py +++ b/keystone/middleware/nova_auth_token.py @@ -62,21 +62,28 @@ class KeystoneAuthShim(wsgi.Middleware): except: user_ref = self.auth.create_user(user_id) + # get the roles + roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')] + # set user admin-ness to keystone admin-ness - if user_ref.is_admin() != (req.headers.get('X_ROLE', None) == 'Admin'): - self.auth.modify_user(user_ref, - admin=req.headers.get('X_ROLE') == 'Admin') + if user_ref.is_admin() != ('Admin' in roles): + self.auth.modify_user(user_ref, ('Admin' in roles)) # create a project for tenant project_id = req.headers['X_TENANT'] - try: - project_ref = self.auth.get_project(project_id) - except: - project_ref = self.auth.create_project(project_id, user_id) # ensure user is a member of project if not self.auth.is_project_member(user_id, project_id): self.auth.add_to_project(user_id, project_id) - req.environ['nova.context'] = context.RequestContext(user_ref, project_ref) + # Get the auth token + auth_token = req.headers.get('X_AUTH_TOKEN', + req.headers.get('X_STORAGE_TOKEN')) + + # Build a context, including the auth_token... + ctx = context.RequestContext(user_id, project_id, + is_admin=('Admin' in roles), + auth_token=auth_token) + + req.environ['nova.context'] = ctx return self.application |