def __call__(self, req):
if 'X-Auth-Token' not in req.headers:
user_id = req.headers.get('X-Auth-User', 'admin')
project_id = req.headers.get('X-Auth-Project-Id', 'admin')
os_url = os.path.join(req.url, project_id)
res = webob.Response()
# NOTE(vish): This is expecting and returning Auth(1.1), whereas
# keystone uses 2.0 auth. We should probably allow
# 2.0 auth here as well.
res.headers['X-Auth-Token'] = '%s:%s' % (user_id, project_id)
res.headers['X-Server-Management-Url'] = os_url
res.content_type = 'text/plain'
res.status = '204'
return res
token = req.headers['X-Auth-Token']
user_id, _sep, project_id = token.partition(':')
project_id = project_id or user_id
remote_address = getattr(req, 'remote_address', '127.0.0.1')
if CONF.use_forwarded_for:
remote_address = req.headers.get('X-Forwarded-For', remote_address)
ctx = context.RequestContext(user_id,
project_id,
is_admin=True,
remote_address=remote_address)
req.environ['sgservice.context'] = ctx
return self.application
def test_user_identity(self):
ctx = context.RequestContext("user",
"tenant",
domain="domain",
user_domain="user-domain",
project_domain="project-domain")
self.assertEqual('user tenant domain user-domain project-domain',
ctx.to_dict()["user_identity"])
def test_request_context_read_deleted_invalid(self):
self.assertRaises(ValueError,
context.RequestContext,
'111',
'222',
read_deleted=True)
ctxt = context.RequestContext('111', '222')
self.assertRaises(ValueError, setattr, ctxt, 'read_deleted', True)
def test_request_context_elevated(self):
user_context = context.RequestContext('fake_user',
'fake_project',
admin=False)
self.assertFalse(user_context.is_admin)
admin_context = user_context.elevated()
self.assertFalse(user_context.is_admin)
self.assertTrue(admin_context.is_admin)
self.assertFalse('admin' in user_context.roles)
self.assertTrue('admin' in admin_context.roles)
def __call__(self, req):
headers = req.headers
environ = req.environ
user_id = headers.get('X_USER_ID') or headers.get('X_USER')
if user_id is None:
LOG.debug("Neither X_USER_ID nor X_USER found in request")
return webob.exc.HTTPUnauthorized()
# get the roles
roles = [r.strip() for r in headers.get('X_ROLE', '').split(',')]
if 'X_TENANT_ID' in headers:
# This is the new header since Keystone went to ID/Name
project_id = headers['X_TENANT_ID']
else:
# This is for legacy compatibility
project_id = headers['X_TENANT']
project_name = headers.get('X_TENANT_NAME')
req_id = environ.get(request_id.ENV_REQUEST_ID)
# Get the auth token
auth_token = headers.get('X_AUTH_TOKEN',
headers.get('X_STORAGE_TOKEN'))
# Build a context, including the auth_token...
remote_address = req.remote_addr
auth_token_info = environ.get('keystone.token_info')
service_catalog = None
if headers.get('X_SERVICE_CATALOG') is not None:
try:
catalog_header = headers.get('X_SERVICE_CATALOG')
service_catalog = jsonutils.loads(catalog_header)
except ValueError:
raise webob.exc.HTTPInternalServerError(
explanation=_('Invalid service catalog json.'))
if CONF.use_forwarded_for:
remote_address = headers.get('X-Forwarded-For', remote_address)
ctx = context.RequestContext(user_id,
project_id,
project_name=project_name,
roles=roles,
auth_token=auth_token,
remote_address=remote_address,
service_catalog=service_catalog,
request_id=req_id,
auth_token_info=auth_token_info)
environ['sgservice.context'] = ctx
return self.application
def test_service_catalog_nova_and_swift(self):
service_catalog = [{
u'type': u'compute',
u'name': u'nova'
}, {
u'type': u's3',
u'name': u's3'
}, {
u'type': u'image',
u'name': u'glance'
}, {
u'type': u'volume',
u'name': u'cinder'
}, {
u'type': u'ec2',
u'name': u'ec2'
}, {
u'type': u'object-store',
u'name': u'swift'
}, {
u'type': u'identity',
u'name': u'keystone'
}, {
u'type': None,
u'name': u'S_withtypeNone'
}, {
u'type': u'co',
u'name': u'S_partofcompute'
}]
compute_catalog = [{u'type': u'compute', u'name': u'nova'}]
volume_catalog = [{u'name': u'cinder', u'type': u'volume'}]
ctxt = context.RequestContext('111',
'222',
service_catalog=service_catalog)
self.assertEqual(3, len(ctxt.service_catalog))
return_compute = [
v for v in ctxt.service_catalog if v['type'] == u'compute'
]
return_volume = [
v for v in ctxt.service_catalog if v['type'] == u'volume'
]
self.assertEqual(compute_catalog, return_compute)
self.assertEqual(volume_catalog, return_volume)
def setUp(self):
super(VolumeAttachmentDBTestCase, self).setUp()
self.ctxt = context.RequestContext(user_id='user_id',
project_id='project_id',
is_admin=True)
def setUp(self):
super(ServicesDbTestCase, self).setUp()
self.ctxt = context.RequestContext(user_id='user_id',
project_id='project_id',
is_admin=True)
def setUp(self):
super(ReplicationsDBTestCase, self).setUp()
self.ctxt = context.RequestContext(user_id='user_id',
project_id='project_id',
is_admin=True)
def test_request_context_read_deleted(self):
ctxt = context.RequestContext('111', '222', read_deleted='yes')
self.assertEqual('yes', ctxt.read_deleted)
ctxt.read_deleted = 'no'
self.assertEqual('no', ctxt.read_deleted)
def test_request_context_sets_is_admin_upcase(self):
ctxt = context.RequestContext('111', '222', roles=['Admin', 'weasel'])
self.assertEqual(True, ctxt.is_admin)
