diff options
| -rw-r--r-- | nova/api/auth.py | 8 | ||||
| -rw-r--r-- | nova/api/ec2/__init__.py | 5 | ||||
| -rw-r--r-- | nova/context.py | 4 | ||||
| -rw-r--r-- | nova/tests/api/test_auth.py | 2 |
4 files changed, 16 insertions, 3 deletions
diff --git a/nova/api/auth.py b/nova/api/auth.py index d8b5342c6..81e0a0377 100644 --- a/nova/api/auth.py +++ b/nova/api/auth.py @@ -18,6 +18,7 @@ Common Auth Middleware. """ +import json import webob.dec import webob.exc @@ -95,13 +96,18 @@ class NovaKeystoneContext(wsgi.Middleware): remote_address = req.remote_addr if FLAGS.use_forwarded_for: remote_address = req.headers.get('X-Forwarded-For', remote_address) + + if req.headers.get('X_SERVICE_CATALOG') is not None: + service_catalog = json.loads(req.headers.get('X_SERVICE_CATALOG')) + ctx = context.RequestContext(user_id, project_id, user_name=user_name, project_name=project_name, roles=roles, auth_token=auth_token, - remote_address=remote_address) + remote_address=remote_address, + service_catalog=service_catalog) req.environ['nova.context'] = ctx return self.application diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py index 11fa9d6d5..9613d0f8b 100644 --- a/nova/api/ec2/__init__.py +++ b/nova/api/ec2/__init__.py @@ -261,13 +261,16 @@ class EC2KeystoneAuth(wsgi.Middleware): if FLAGS.use_forwarded_for: remote_address = req.headers.get('X-Forwarded-For', remote_address) + + catalog = result['access']['serviceCatalog'] ctxt = context.RequestContext(user_id, project_id, user_name=user_name, project_name=project_name, roles=roles, auth_token=token_id, - remote_address=remote_address) + remote_address=remote_address, + service_catalog=catalog) req.environ['nova.context'] = ctxt diff --git a/nova/context.py b/nova/context.py index cb3ee5ebc..5712193fb 100644 --- a/nova/context.py +++ b/nova/context.py @@ -45,7 +45,7 @@ class RequestContext(object): roles=None, remote_address=None, timestamp=None, request_id=None, auth_token=None, overwrite=True, quota_class=None, user_name=None, project_name=None, - **kwargs): + service_catalog=None, **kwargs): """ :param read_deleted: 'no' indicates deleted records are hidden, 'yes' indicates deleted records are visible, 'only' indicates that @@ -80,6 +80,7 @@ class RequestContext(object): request_id = generate_request_id() self.request_id = request_id self.auth_token = auth_token + self.service_catalog = service_catalog # NOTE(markmc): this attribute is currently only used by the # rs_limits turnstile pre-processor. @@ -121,6 +122,7 @@ class RequestContext(object): 'auth_token': self.auth_token, 'quota_class': self.quota_class, 'user_name': self.user_name, + 'service_catalog': self.service_catalog, 'project_name': self.project_name} @classmethod diff --git a/nova/tests/api/test_auth.py b/nova/tests/api/test_auth.py index 10d2cecbf..e937da541 100644 --- a/nova/tests/api/test_auth.py +++ b/nova/tests/api/test_auth.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +import json import webob import nova.api.auth @@ -33,6 +34,7 @@ class TestNovaKeystoneContextMiddleware(test.TestCase): self.request = webob.Request.blank('/') self.request.headers['X_TENANT_ID'] = 'testtenantid' self.request.headers['X_AUTH_TOKEN'] = 'testauthtoken' + self.request.headers['X_SERVICE_CATALOG'] = json.dumps({}) def test_no_user_or_user_id(self): response = self.request.get_response(self.middleware) |