2 files changed, 37 insertions, 0 deletions

diff --git a/oslo_context/context.py b/oslo_context/context.py
index 9564abd..24aa64e 100644
--- a/oslo_context/context.py
+++ b/oslo_context/context.py
@@ -80,6 +80,24 @@ class RequestContext(object):
         """Store the context in the current thread."""
         _request_store.context = self
 
+    def to_policy_values(self):
+        """A dictionary of context attributes to enforce policy with.
+
+        oslo.policy enforcement requires a dictionary of attributes
+        representing the current logged in user on which it applies policy
+        enforcement. This dictionary defines a standard list of attributes that
+        should be available for enforcement across services.
+
+        It is expected that services will often have to override this method
+        with either deprecated values or additional attributes used by that
+        service specific policy.
+        """
+        return {'user_id': self.user,
+                'user_domain_id': self.user_domain,
+                'project_id': self.tenant,
+                'project_domain_id': self.project_domain,
+                'roles': self.roles}
+
     def to_dict(self):
         """Return a dictionary of context attributes."""
         user_idt = (
diff --git a/oslo_context/tests/test_context.py b/oslo_context/tests/test_context.py
index 6b18820..e4f49c9 100644
--- a/oslo_context/tests/test_context.py
+++ b/oslo_context/tests/test_context.py
@@ -318,3 +318,22 @@ class ContextTest(test_base.BaseTestCase):
         id1 = context.generate_request_id()
         id2 = context.generate_request_id()
         self.assertNotEqual(id1, id2)
+
+    def test_policy_dict(self):
+        user = uuid.uuid4().hex
+        user_domain = uuid.uuid4().hex
+        tenant = uuid.uuid4().hex
+        project_domain = uuid.uuid4().hex
+        roles = [uuid.uuid4().hex, uuid.uuid4().hex, uuid.uuid4().hex]
+
+        ctx = context.RequestContext(user=user,
+                                     user_domain=user_domain,
+                                     tenant=tenant,
+                                     project_domain=project_domain,
+                                     roles=roles)
+
+        self.assertEqual({'user_id': user,
+                          'user_domain_id': user_domain,
+                          'project_id': tenant,
+                          'project_domain_id': project_domain,
+                          'roles': roles}, ctx.to_policy_values())