From f9ca57105e49a1640eb4e04a801591069064f352 Mon Sep 17 00:00:00 2001 From: "Kevin L. Mitchell" Date: Tue, 2 Aug 2011 15:34:18 -0500 Subject: Determine is_admin based on 'Admin' role; remove dead project_ref code; pass auth_token into request context; pass user_id/project_id into request context instead of their refs Change-Id: Ib23f59694301dcfc91cf8e8deff8ae0a090e82df --- keystone/middleware/nova_auth_token.py | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/keystone/middleware/nova_auth_token.py b/keystone/middleware/nova_auth_token.py index bd4d1048..703aa14b 100644 --- a/keystone/middleware/nova_auth_token.py +++ b/keystone/middleware/nova_auth_token.py @@ -62,21 +62,28 @@ class KeystoneAuthShim(wsgi.Middleware): except: user_ref = self.auth.create_user(user_id) + # get the roles + roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')] + # set user admin-ness to keystone admin-ness - if user_ref.is_admin() != (req.headers.get('X_ROLE', None) == 'Admin'): - self.auth.modify_user(user_ref, - admin=req.headers.get('X_ROLE') == 'Admin') + if user_ref.is_admin() != ('Admin' in roles): + self.auth.modify_user(user_ref, ('Admin' in roles)) # create a project for tenant project_id = req.headers['X_TENANT'] - try: - project_ref = self.auth.get_project(project_id) - except: - project_ref = self.auth.create_project(project_id, user_id) # ensure user is a member of project if not self.auth.is_project_member(user_id, project_id): self.auth.add_to_project(user_id, project_id) - req.environ['nova.context'] = context.RequestContext(user_ref, project_ref) + # Get the auth token + auth_token = req.headers.get('X_AUTH_TOKEN', + req.headers.get('X_STORAGE_TOKEN')) + + # Build a context, including the auth_token... + ctx = context.RequestContext(user_id, project_id, + is_admin=('Admin' in roles), + auth_token=auth_token) + + req.environ['nova.context'] = ctx return self.application -- cgit