diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-08-29 00:12:40 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-08-29 00:12:40 +0000 |
| commit | 64cec8194385a1d30317a10e64a58f6d122a2b42 (patch) | |
| tree | 796b257604bbcf27652aa567d1417ba748600453 /nova/api | |
| parent | 151f1467ac65d9fc317656b2c7346ccc1b8dce80 (diff) | |
| parent | bc0ba55ae6ce7b9b9bf5c9dd359f9d812ac8d18d (diff) | |
Merge "Accept role list from either X-Roles or X-Role"
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/auth.py | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/nova/api/auth.py b/nova/api/auth.py index 8bc3c9d94..be99f7041 100644 --- a/nova/api/auth.py +++ b/nova/api/auth.py @@ -77,8 +77,9 @@ class NovaKeystoneContext(wsgi.Middleware): if user_id is None: LOG.debug("Neither X_USER_ID nor X_USER found in request") return webob.exc.HTTPUnauthorized() - # get the roles - roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')] + + roles = self._get_roles(req) + if 'X_TENANT_ID' in req.headers: # This is the new header since Keystone went to ID/Name project_id = req.headers['X_TENANT_ID'] @@ -117,3 +118,16 @@ class NovaKeystoneContext(wsgi.Middleware): req.environ['nova.context'] = ctx return self.application + + def _get_roles(self, req): + """Get the list of roles""" + + if 'X_ROLES' in req.headers: + roles = req.headers.get('X_ROLES', '') + else: + # Fallback to deprecated role header: + roles = req.headers.get('X_ROLE', '') + if roles: + LOG.warn(_("Sourcing roles from deprecated X-Role HTTP " + "header")) + return [r.strip() for r in roles.split(',')] |