diff options
author | Jenkins <jenkins@review.openstack.org> | 2012-05-29 21:38:26 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2012-05-29 21:38:26 +0000 |
commit | b6dbb103e1c1779474c5d26f3acf47e704cc601c (patch) | |
tree | d04c03f27662ba9dda7261e36aa18792350a7feb /keystone/middleware | |
parent | 081c541603c439a0eaa4608eec9225d0626c075d (diff) | |
parent | 30654a65eac7166b0bd0567ef1d3cabb43031fd3 (diff) | |
download | keystone-b6dbb103e1c1779474c5d26f3acf47e704cc601c.tar.gz keystone-b6dbb103e1c1779474c5d26f3acf47e704cc601c.tar.xz keystone-b6dbb103e1c1779474c5d26f3acf47e704cc601c.zip |
Merge "Add ACL check using <tenant_id>:<user> format."
Diffstat (limited to 'keystone/middleware')
-rw-r--r-- | keystone/middleware/swift_auth.py | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/keystone/middleware/swift_auth.py b/keystone/middleware/swift_auth.py index d4be9f1f..798094cd 100644 --- a/keystone/middleware/swift_auth.py +++ b/keystone/middleware/swift_auth.py @@ -207,9 +207,11 @@ class SwiftAuth(object): return self.denied_response(req) # Allow ACL at individual user level (tenant:user format) - if '%s:%s' % (tenant_name, user) in roles: - log_msg = 'user %s:%s allowed in ACL authorizing' - self.logger.debug(log_msg % (tenant_name, user)) + # For backward compatibility, check for ACL in tenant_id:user format + if ('%s:%s' % (tenant_name, user) in roles + or '%s:%s' % (tenant_id, user) in roles): + log_msg = 'user %s:%s or %s:%s allowed in ACL authorizing' + self.logger.debug(log_msg % (tenant_name, user, tenant_id, user)) return # Check if we have the role in the userroles and allow it |