From 94a34e0e69a520e403a2d8e579186fad9acf14c7 Mon Sep 17 00:00:00 2001
From: Anthony Young <sleepsonthefloor@gmail.com>
Date: Fri, 29 Jun 2012 21:32:08 -0600
Subject: Add ServiceCatalog entries to enable Cinder usage

 * Part of of blueprint extract-nova-volumes
 * Adds usage of service catalog to ec2
 * Adds entries to auth.py
 * Implements tests for new authorization mods

Change-Id: I2efb375bbb130cde6a1ba119fa862ca45b126a1e
---
 nova/api/auth.py            | 8 +++++++-
 nova/api/ec2/__init__.py    | 5 ++++-
 nova/context.py             | 4 +++-
 nova/tests/api/test_auth.py | 2 ++
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/nova/api/auth.py b/nova/api/auth.py
index 72eba1d9c..c0ea1680d 100644
--- a/nova/api/auth.py
+++ b/nova/api/auth.py
@@ -18,6 +18,7 @@ Common Auth Middleware.
 
 """
 
+import json
 import webob.dec
 import webob.exc
 
@@ -95,13 +96,18 @@ class NovaKeystoneContext(wsgi.Middleware):
         remote_address = req.remote_addr
         if FLAGS.use_forwarded_for:
             remote_address = req.headers.get('X-Forwarded-For', remote_address)
+
+        if req.headers.get('X_SERVICE_CATALOG') is not None:
+            service_catalog = json.loads(req.headers.get('X_SERVICE_CATALOG'))
+
         ctx = context.RequestContext(user_id,
                                      project_id,
                                      user_name=user_name,
                                      project_name=project_name,
                                      roles=roles,
                                      auth_token=auth_token,
-                                     remote_address=remote_address)
+                                     remote_address=remote_address,
+                                     service_catalog=service_catalog)
 
         req.environ['nova.context'] = ctx
         return self.application
diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
index 6bb19e7b3..d21c575cd 100644
--- a/nova/api/ec2/__init__.py
+++ b/nova/api/ec2/__init__.py
@@ -261,13 +261,16 @@ class EC2KeystoneAuth(wsgi.Middleware):
         if FLAGS.use_forwarded_for:
             remote_address = req.headers.get('X-Forwarded-For',
                                              remote_address)
+
+        catalog = result['access']['serviceCatalog']
         ctxt = context.RequestContext(user_id,
                                       project_id,
                                       user_name=user_name,
                                       project_name=project_name,
                                       roles=roles,
                                       auth_token=token_id,
-                                      remote_address=remote_address)
+                                      remote_address=remote_address,
+                                      service_catalog=catalog)
 
         req.environ['nova.context'] = ctxt
 
diff --git a/nova/context.py b/nova/context.py
index f2bb6b5d6..cb957caf7 100644
--- a/nova/context.py
+++ b/nova/context.py
@@ -45,7 +45,7 @@ class RequestContext(object):
                  roles=None, remote_address=None, timestamp=None,
                  request_id=None, auth_token=None, overwrite=True,
                  quota_class=None, user_name=None, project_name=None,
-                 **kwargs):
+                 service_catalog=None, **kwargs):
         """
         :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
             indicates deleted records are visible, 'only' indicates that
@@ -80,6 +80,7 @@ class RequestContext(object):
             request_id = generate_request_id()
         self.request_id = request_id
         self.auth_token = auth_token
+        self.service_catalog = service_catalog
 
         # NOTE(markmc): this attribute is currently only used by the
         # rs_limits turnstile pre-processor.
@@ -121,6 +122,7 @@ class RequestContext(object):
                 'auth_token': self.auth_token,
                 'quota_class': self.quota_class,
                 'user_name': self.user_name,
+                'service_catalog': self.service_catalog,
                 'project_name': self.project_name}
 
     @classmethod
diff --git a/nova/tests/api/test_auth.py b/nova/tests/api/test_auth.py
index 10d2cecbf..e937da541 100644
--- a/nova/tests/api/test_auth.py
+++ b/nova/tests/api/test_auth.py
@@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import json
 import webob
 
 import nova.api.auth
@@ -33,6 +34,7 @@ class TestNovaKeystoneContextMiddleware(test.TestCase):
         self.request = webob.Request.blank('/')
         self.request.headers['X_TENANT_ID'] = 'testtenantid'
         self.request.headers['X_AUTH_TOKEN'] = 'testauthtoken'
+        self.request.headers['X_SERVICE_CATALOG'] = json.dumps({})
 
     def test_no_user_or_user_id(self):
         response = self.request.get_response(self.middleware)
-- 
cgit