diff options
author | Jenkins <jenkins@review.openstack.org> | 2016-07-11 15:16:53 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2016-07-11 15:16:53 +0000 |
commit | 9feb9db8d667bc5bc9ca43e2073227c1e8e44bbb (patch) | |
tree | 24ad71e7a8bc0915403ab98ce79b7cf04d58f456 /oslo_context | |
parent | 740b81784be72fff95957e8491863ef9e7f7db1a (diff) | |
parent | d3af1d06b4046c25c199bf1c389a9e440a634bc6 (diff) | |
download | oslo-context-9feb9db8d667bc5bc9ca43e2073227c1e8e44bbb.tar.gz |
Merge "Add is_admin_project to context"2.6.0
Diffstat (limited to 'oslo_context')
-rw-r--r-- | oslo_context/context.py | 21 | ||||
-rw-r--r-- | oslo_context/tests/test_context.py | 37 |
2 files changed, 54 insertions, 4 deletions
diff --git a/oslo_context/context.py b/oslo_context/context.py index e076831..0238533 100644 --- a/oslo_context/context.py +++ b/oslo_context/context.py @@ -73,11 +73,16 @@ class RequestContext(object): read_only=False, show_deleted=False, request_id=None, resource_uuid=None, overwrite=True, roles=None, user_name=None, project_name=None, domain_name=None, - user_domain_name=None, project_domain_name=None): + user_domain_name=None, project_domain_name=None, + is_admin_project=True): """Initialize the RequestContext :param overwrite: Set to False to ensure that the greenthread local copy of the index is not overwritten. + :param is_admin_project: Whether the specified project is specified in + the token as the admin project. Defaults to + True for backwards compatibility. + :type is_admin_project: bool """ self.auth_token = auth_token self.user = user @@ -93,6 +98,7 @@ class RequestContext(object): self.project_domain = project_domain self.project_domain_name = project_domain_name self.is_admin = is_admin + self.is_admin_project = is_admin_project self.read_only = read_only self.show_deleted = show_deleted self.resource_uuid = resource_uuid @@ -123,7 +129,8 @@ class RequestContext(object): 'user_domain_id': self.user_domain, 'project_id': self.tenant, 'project_domain_id': self.project_domain, - 'roles': self.roles} + 'roles': self.roles, + 'is_admin_project': self.is_admin_project} def to_dict(self): """Return a dictionary of context attributes.""" @@ -146,7 +153,8 @@ class RequestContext(object): 'request_id': self.request_id, 'resource_uuid': self.resource_uuid, 'roles': self.roles, - 'user_identity': user_idt} + 'user_identity': user_idt, + 'is_admin_project': self.is_admin_project} def get_logging_values(self): """Return a dictionary of logging specific context attributes.""" @@ -196,6 +204,13 @@ class RequestContext(object): roles = [r.strip() for r in roles.split(',')] if roles else [] kwargs['roles'] = roles + if 'is_admin_project' not in kwargs: + # NOTE(jamielennox): we default is_admin_project to true because if + # nothing is provided we have to assume it is the admin project to + # make old policy continue to work. + is_admin_proj_str = environ.get('HTTP_X_IS_ADMIN_PROJECT', 'true') + kwargs['is_admin_project'] = is_admin_proj_str.lower() == 'true' + return cls(**kwargs) diff --git a/oslo_context/tests/test_context.py b/oslo_context/tests/test_context.py index 439f377..e50b99c 100644 --- a/oslo_context/tests/test_context.py +++ b/oslo_context/tests/test_context.py @@ -244,6 +244,22 @@ class ContextTest(test_base.BaseTestCase): ctx = context.RequestContext.from_environ(environ=environ) self.assertEqual(['abc', 'def', 'ghi'], ctx.roles) + def test_environ_admin_project(self): + environ = {} + ctx = context.RequestContext.from_environ(environ=environ) + self.assertIs(True, ctx.is_admin_project) + self.assertIs(True, ctx.to_policy_values()['is_admin_project']) + + environ = {'HTTP_X_IS_ADMIN_PROJECT': 'True'} + ctx = context.RequestContext.from_environ(environ=environ) + self.assertIs(True, ctx.is_admin_project) + self.assertIs(True, ctx.to_policy_values()['is_admin_project']) + + environ = {'HTTP_X_IS_ADMIN_PROJECT': 'False'} + ctx = context.RequestContext.from_environ(environ=environ) + self.assertIs(False, ctx.is_admin_project) + self.assertIs(False, ctx.to_policy_values()['is_admin_project']) + def test_from_function_and_args(self): ctx = context.RequestContext(user="user1") arg = [] @@ -393,6 +409,7 @@ class ContextTest(test_base.BaseTestCase): project_domain = uuid.uuid4().hex roles = [uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex] + # default is_admin_project is True ctx = context.RequestContext(user=user, user_domain=user_domain, tenant=tenant, @@ -403,4 +420,22 @@ class ContextTest(test_base.BaseTestCase): 'user_domain_id': user_domain, 'project_id': tenant, 'project_domain_id': project_domain, - 'roles': roles}, ctx.to_policy_values()) + 'roles': roles, + 'is_admin_project': True}, + ctx.to_policy_values()) + + # is_admin_project False gets passed through + ctx = context.RequestContext(user=user, + user_domain=user_domain, + tenant=tenant, + project_domain=project_domain, + roles=roles, + is_admin_project=False) + + self.assertEqual({'user_id': user, + 'user_domain_id': user_domain, + 'project_id': tenant, + 'project_domain_id': project_domain, + 'roles': roles, + 'is_admin_project': False}, + ctx.to_policy_values()) |