From 5b45d5477cfff946ada581676db54fb254be6522 Mon Sep 17 00:00:00 2001 From: Lvov Maxim Date: Wed, 1 Jun 2011 16:40:19 +0400 Subject: osapi: added support for header X-Auth-Project-Id --- nova/api/openstack/auth.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'nova/api') diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py index 6c6ee22a2..e220ffcc2 100644 --- a/nova/api/openstack/auth.py +++ b/nova/api/openstack/auth.py @@ -50,19 +50,21 @@ class AuthMiddleware(wsgi.Middleware): if not self.has_authentication(req): return self.authenticate(req) user = self.get_user_by_authentication(req) - accounts = self.auth.get_projects(user=user) if not user: token = req.headers["X-Auth-Token"] msg = _("%(user)s could not be found with token '%(token)s'") LOG.warn(msg % locals()) return faults.Fault(webob.exc.HTTPUnauthorized()) - if accounts: - #we are punting on this til auth is settled, - #and possibly til api v1.1 (mdragon) - account = accounts[0] - else: - return faults.Fault(webob.exc.HTTPUnauthorized()) + try: + account = req.headers["X-Auth-Project-Id"] + except KeyError: + # FIXME: It needed only for compatibility + accounts = self.auth.get_projects(user=user) + if accounts: + account = accounts[0] + else: + return faults.Fault(webob.exc.HTTPUnauthorized()) if not self.auth.is_admin(user) and \ not self.auth.is_project_member(user, account): -- cgit From a1ea80431ea46aea5ec67cf152c7a7af5fd5aeac Mon Sep 17 00:00:00 2001 From: Lvov Maxim Date: Fri, 3 Jun 2011 21:13:16 +0400 Subject: fix comment --- nova/api/openstack/auth.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nova/api') diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py index e220ffcc2..774426d58 100644 --- a/nova/api/openstack/auth.py +++ b/nova/api/openstack/auth.py @@ -59,7 +59,8 @@ class AuthMiddleware(wsgi.Middleware): try: account = req.headers["X-Auth-Project-Id"] except KeyError: - # FIXME: It needed only for compatibility + # FIXME(usrleon): It needed only for compatibility + # while osapi clients don't use this header accounts = self.auth.get_projects(user=user) if accounts: account = accounts[0] -- cgit From b7556544d222741c9bc0d312ae75ab5f84b4cd2d Mon Sep 17 00:00:00 2001 From: Alex Meade Date: Tue, 7 Jun 2011 14:48:13 -0400 Subject: Removed use of super --- nova/api/openstack/versions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nova/api') diff --git a/nova/api/openstack/versions.py b/nova/api/openstack/versions.py index 9db160102..4c682302f 100644 --- a/nova/api/openstack/versions.py +++ b/nova/api/openstack/versions.py @@ -35,7 +35,7 @@ class Versions(wsgi.Resource): 'application/xml': wsgi.XMLDictSerializer(metadata=metadata), } - super(Versions, self).__init__(None, serializers=serializers) + wsgi.Resource.__init__(self, None, serializers=serializers) def dispatch(self, request, *args): """Respond to a request for all OpenStack API versions.""" -- cgit From a90974347dd396990d8e6fadeac15abd07cb19ea Mon Sep 17 00:00:00 2001 From: John Tran Date: Tue, 7 Jun 2011 14:36:40 -0700 Subject: adding Authorizer key for ImportPublicKey --- nova/api/ec2/__init__.py | 1 + 1 file changed, 1 insertion(+) (limited to 'nova/api') diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py index 1915d007d..890d57fe7 100644 --- a/nova/api/ec2/__init__.py +++ b/nova/api/ec2/__init__.py @@ -242,6 +242,7 @@ class Authorizer(wsgi.Middleware): 'CreateKeyPair': ['all'], 'DeleteKeyPair': ['all'], 'DescribeSecurityGroups': ['all'], + 'ImportPublicKey': ['all'], 'AuthorizeSecurityGroupIngress': ['netadmin'], 'RevokeSecurityGroupIngress': ['netadmin'], 'CreateSecurityGroup': ['netadmin'], -- cgit