Merge "Add ACL check using <tenant_id>:<user> format."

1 files changed, 5 insertions, 3 deletions

diff --git a/keystone/middleware/swift_auth.py b/keystone/middleware/swift_auth.py
index d4be9f1f..798094cd 100644
--- a/keystone/middleware/swift_auth.py
+++ b/keystone/middleware/swift_auth.py
@@ -207,9 +207,11 @@ class SwiftAuth(object):
             return self.denied_response(req)
 
         # Allow ACL at individual user level (tenant:user format)
-        if '%s:%s' % (tenant_name, user) in roles:
-            log_msg = 'user %s:%s allowed in ACL authorizing'
-            self.logger.debug(log_msg % (tenant_name, user))
+        # For backward compatibility, check for ACL in tenant_id:user format
+        if ('%s:%s' % (tenant_name, user) in roles
+             or '%s:%s' % (tenant_id, user) in roles):
+            log_msg = 'user %s:%s or %s:%s allowed in ACL authorizing'
+            self.logger.debug(log_msg % (tenant_name, user, tenant_id, user))
             return
 
         # Check if we have the role in the userroles and allow it