def __init__(self,
user_id=None,
tenant_id=None,
is_admin=None,
timestamp=None,
tenant_name=None,
user_name=None,
is_advsvc=None,
**kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
"""
# NOTE(jamielennox): We maintain these arguments in order for tests
# that pass arguments positionally.
kwargs.setdefault('user', user_id)
kwargs.setdefault('tenant', tenant_id)
super(ContextBase, self).__init__(is_admin=is_admin, **kwargs)
self.user_name = user_name
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def __init__(self, user_id, tenant_id, is_admin=None, roles=None,
timestamp=None, request_id=None, tenant_name=None,
user_name=None, overwrite=True, auth_token=None,
is_advsvc=None, **kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id, tenant=tenant_id,
is_admin=is_admin,
request_id=request_id,
overwrite=overwrite)
self.user_name = user_name
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.roles = roles or []
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def __init__(self,
user_id=None,
tenant_id=None,
is_admin=None,
timestamp=None,
tenant_name=None,
user_name=None,
is_advsvc=None,
**kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
"""
# NOTE(jamielennox): We maintain these arguments in order for tests
# that pass arguments positionally.
kwargs.setdefault('user', user_id)
kwargs.setdefault('tenant', tenant_id)
super(ContextBase, self).__init__(is_admin=is_admin, **kwargs)
self.user_name = user_name
# NOTE(sdague): tenant* is a deprecated set of names from
# keystone, and is no longer set in modern keystone middleware
# code, as such this is almost always going to be None.
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def __init__(self, user_id=None, tenant_id=None, is_admin=None,
timestamp=None, tenant_name=None, user_name=None,
is_advsvc=None, **kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
"""
# NOTE(jamielennox): We maintain these arguments in order for tests
# that pass arguments positionally.
kwargs.setdefault('user', user_id)
kwargs.setdefault('tenant', tenant_id)
super(ContextBase, self).__init__(is_admin=is_admin, **kwargs)
self.user_name = user_name
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def __init__(self, user_id, tenant_id, is_admin=None, roles=None,
timestamp=None, request_id=None, tenant_name=None,
user_name=None, overwrite=True, auth_token=None,
is_advsvc=None, **kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id, tenant=tenant_id,
is_admin=is_admin,
request_id=request_id,
overwrite=overwrite)
self.user_name = user_name
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.roles = roles or []
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def load_context(self, req):
super(NeutronContextFilter, self).load_context(req)
tenant_id = req.headers.get('X_TENANT_ID')
user_id = req.headers.get('X_USER_ID')
if tenant_id is None or user_id is None:
if self.require_auth_info:
return False
# get_admin_context() does not provide a parameter to set
# overwrite=True
# set overwrite=True to avoid duplicate request-id's
ctx = self.neutron_ctx.Context(user_id=None,
tenant_id=None,
is_admin=True,
overwrite=True)
else:
# set overwrite=True to avoid duplicate request-id's
ctx = self.neutron_ctx.Context(user_id=user_id,
tenant_id=tenant_id,
overwrite=True)
self.context = ctx
self._process_roles(req.headers.get('X_ROLES', ''))
# By default, the normal neutron context will set is_advcsvc to True if
# it is an admin context. This resets it to what the actual policy
# says it should be. This must be done after _process_roles is called
# because the policy check relies on the roles.
# TODO(blogan): remove this if upstream changes the behavior
# of is_advsvc to only depend on the policy.
self.context.is_advsvc = policy.check_is_advsvc(self.context)
# If not admin, check if current roles provide admin status.
if not self.context.is_admin:
self.context.is_admin = policy.check_is_admin(self.context)
req.environ['neutron.context'] = self.context
return True
def __init__(self,
user_id,
tenant_id,
is_admin=None,
read_deleted="no",
roles=None,
timestamp=None,
load_admin_roles=True,
request_id=None,
tenant_name=None,
user_name=None,
overwrite=True,
auth_token=None,
**kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id,
tenant=tenant_id,
is_admin=is_admin,
request_id=request_id)
self.user_name = user_name
self.tenant_name = tenant_name
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
self.is_advsvc = policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
# Allow openstack.common.log to access the context
if overwrite or not hasattr(local.store, 'context'):
local.store.context = self
# Log only once the context has been configured to prevent
# format errors.
if kwargs:
LOG.debug(_('Arguments dropped when creating '
'context: %s'), kwargs)
def __init__(
self,
user_id,
tenant_id,
is_admin=None,
read_deleted="no",
roles=None,
timestamp=None,
load_admin_roles=True,
request_id=None,
tenant_name=None,
user_name=None,
overwrite=True,
auth_token=None,
**kwargs
):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(
auth_token=auth_token, user=user_id, tenant=tenant_id, is_admin=is_admin, request_id=request_id
)
self.user_name = user_name
self.tenant_name = tenant_name
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
self.is_advsvc = policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
# Allow openstack.common.log to access the context
if overwrite or not hasattr(local.store, "context"):
local.store.context = self
# Log only once the context has been configured to prevent
# format errors.
if kwargs:
LOG.debug(_("Arguments dropped when creating " "context: %s"), kwargs)
def __init__(self,
user_id,
tenant_id,
is_admin=None,
read_deleted="no",
roles=None,
timestamp=None,
load_admin_roles=True,
request_id=None,
tenant_name=None,
user_name=None,
overwrite=True,
auth_token=None,
**kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id,
tenant=tenant_id,
is_admin=is_admin,
request_id=request_id,
overwrite=overwrite)
self.user_name = user_name
self.tenant_name = tenant_name
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
self.is_advsvc = policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no",
roles=None, timestamp=None, load_admin_roles=True,
request_id=None, tenant_name=None, user_name=None,
overwrite=True, auth_token=None, **kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id, tenant=tenant_id,
is_admin=is_admin,
request_id=request_id,
overwrite=overwrite)
self.user_name = user_name
self.tenant_name = tenant_name
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
self.is_advsvc = policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
def load_context(self, req):
super(NeutronContextFilter, self).load_context(req)
tenant_id = req.headers.get('X_TENANT_ID')
user_id = req.headers.get('X_USER_ID')
if tenant_id is None or user_id is None:
if self.require_auth_info:
return False
ctx = self.neutron_ctx.get_admin_context()
else:
ctx = self.neutron_ctx.Context(user_id=user_id,
tenant_id=tenant_id)
self.context = ctx
self._process_roles(req.headers.get('X_ROLES', ''))
# By default, the normal neutron context will set is_advcsvc to True if
# it is an admin context. This resets it to what the actual policy
# says it should be. This must be done after _process_roles is called
# because the policy check relies on the roles.
# TODO(blogan): remove this if upstream changes the behavior
# of is_advsvc to only depend on the policy.
self.context.is_advsvc = policy.check_is_advsvc(self.context)
req.environ['neutron.context'] = self.context
return True
def test_check_is_advsvc_with_no_advsvc_policy_fails(self):
del self.rules[policy.ADVSVC_CTX_POLICY]
svc_context = context.Context('', 'svc', roles=['advsvc'])
self.assertFalse(policy.check_is_advsvc(svc_context))
def test_check_is_advsvc_with_user_context_fails(self):
self.assertFalse(policy.check_is_advsvc(self.context))
def test_check_is_advsvc_with_no_advsvc_policy_fails(self):
del self.rules[policy.ADVSVC_CTX_POLICY]
svc_context = context.Context('', 'svc', roles=['advsvc'])
self.assertFalse(policy.check_is_advsvc(svc_context))
def test_check_is_advsvc_with_svc_context_succeeds(self):
svc_context = context.Context('', 'svc', roles=['advsvc'])
self.assertTrue(policy.check_is_advsvc(svc_context))
def test_check_is_advsvc_with_admin_context_fails(self):
admin_context = context.get_admin_context()
self.assertFalse(policy.check_is_advsvc(admin_context))
def test_check_is_advsvc_with_user_context_fails(self):
self.assertFalse(policy.check_is_advsvc(self.context))
def test_check_is_advsvc_with_svc_context_succeeds(self):
svc_context = context.Context('', 'svc', roles=['advsvc'])
self.assertTrue(policy.check_is_advsvc(svc_context))
def test_check_is_advsvc_with_admin_context_fails(self):
admin_context = context.get_admin_context()
self.assertFalse(policy.check_is_advsvc(admin_context))
