diff options
| author | Jamie Lennox <jamielennox@gmail.com> | 2016-01-25 18:56:26 +1100 |
|---|---|---|
| committer | Ronald Bradford <ronald.bradford@gmail.com> | 2016-02-24 17:01:33 +0000 |
| commit | 187d5740632073750ccd4a5f8f1b4abed51f24b0 (patch) | |
| tree | 7e62f1ad75289474721d6167308a42908c92e338 /oslo_context | |
| parent | 410d14ff05a2b1f8b3c1c94f3a4849af867fdceb (diff) | |
| download | oslo-context-187d5740632073750ccd4a5f8f1b4abed51f24b0.tar.gz | |
Standardize an oslo.policy credentials dictionary2.2.0
Currently all the services pass there own dictionary to the oslo.policy
enforcement engine. This means that there is no standard policy language
between services.
Create a dictionary with the standard credential items that may be
required in policy enforcement. This method will need to be overriden
from individual services for backwards compatibility for some time.
Change-Id: I7bc31764e79eb61f602c7b8601149ac75bee9f9f
Closes-Bug: #1537653
Diffstat (limited to 'oslo_context')
| -rw-r--r-- | oslo_context/context.py | 18 | ||||
| -rw-r--r-- | oslo_context/tests/test_context.py | 19 |
2 files changed, 37 insertions, 0 deletions
diff --git a/oslo_context/context.py b/oslo_context/context.py index 9564abd..24aa64e 100644 --- a/oslo_context/context.py +++ b/oslo_context/context.py @@ -80,6 +80,24 @@ class RequestContext(object): """Store the context in the current thread.""" _request_store.context = self + def to_policy_values(self): + """A dictionary of context attributes to enforce policy with. + + oslo.policy enforcement requires a dictionary of attributes + representing the current logged in user on which it applies policy + enforcement. This dictionary defines a standard list of attributes that + should be available for enforcement across services. + + It is expected that services will often have to override this method + with either deprecated values or additional attributes used by that + service specific policy. + """ + return {'user_id': self.user, + 'user_domain_id': self.user_domain, + 'project_id': self.tenant, + 'project_domain_id': self.project_domain, + 'roles': self.roles} + def to_dict(self): """Return a dictionary of context attributes.""" user_idt = ( diff --git a/oslo_context/tests/test_context.py b/oslo_context/tests/test_context.py index 6b18820..e4f49c9 100644 --- a/oslo_context/tests/test_context.py +++ b/oslo_context/tests/test_context.py @@ -318,3 +318,22 @@ class ContextTest(test_base.BaseTestCase): id1 = context.generate_request_id() id2 = context.generate_request_id() self.assertNotEqual(id1, id2) + + def test_policy_dict(self): + user = uuid.uuid4().hex + user_domain = uuid.uuid4().hex + tenant = uuid.uuid4().hex + project_domain = uuid.uuid4().hex + roles = [uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex] + + ctx = context.RequestContext(user=user, + user_domain=user_domain, + tenant=tenant, + project_domain=project_domain, + roles=roles) + + self.assertEqual({'user_id': user, + 'user_domain_id': user_domain, + 'project_id': tenant, + 'project_domain_id': project_domain, + 'roles': roles}, ctx.to_policy_values()) |