diff options
| -rw-r--r-- | keystone/contrib/ec2/core.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/keystone/contrib/ec2/core.py b/keystone/contrib/ec2/core.py index 5bf40103..064474c7 100644 --- a/keystone/contrib/ec2/core.py +++ b/keystone/contrib/ec2/core.py @@ -168,6 +168,16 @@ class Ec2Controller(wsgi.Application): context=context, user_id=user_ref['id'], tenant_id=tenant_ref['id']) + + # TODO(termie): optimize this call at some point and put it into the + # the return for metadata + # fill out the roles in the metadata + roles = metadata_ref.get('roles', []) + if not roles: + raise exception.Unauthorized(message='User not valid for tenant.') + roles_ref = [self.identity_api.get_role(context, role_id) + for role_id in roles] + catalog_ref = self.catalog_api.get_catalog( context=context, user_id=user_ref['id'], @@ -180,13 +190,6 @@ class Ec2Controller(wsgi.Application): tenant=tenant_ref, metadata=metadata_ref)) - # TODO(termie): optimize this call at some point and put it into the - # the return for metadata - # fill out the roles in the metadata - roles_ref = [] - for role_id in metadata_ref.get('roles', []): - roles_ref.append(self.identity_api.get_role(context, role_id)) - # TODO(termie): make this a util function or something # TODO(termie): i don't think the ec2 middleware currently expects a # full return, but it contains a note saying that it |