diff --git a/cinder/api/middleware/auth.py b/cinder/api/middleware/auth.py index 110e728a21c..d95e481b83d 100644 --- a/cinder/api/middleware/auth.py +++ b/cinder/api/middleware/auth.py @@ -78,28 +78,11 @@ class CinderKeystoneContext(base_wsgi.Middleware): @webob.dec.wsgify(RequestClass=base_wsgi.Request) def __call__(self, req): - user_id = req.headers.get('X_USER') - user_id = req.headers.get('X_USER_ID', user_id) - if user_id is None: - LOG.debug("Neither X_USER_ID nor X_USER found in request") - return webob.exc.HTTPUnauthorized() - # get the roles - roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')] - if 'X_TENANT_ID' in req.headers: - # This is the new header since Keystone went to ID/Name - project_id = req.headers['X_TENANT_ID'] - else: - # This is for legacy compatibility - project_id = req.headers['X_TENANT'] + # NOTE(jamielennox): from_environ handles these in newer versions project_name = req.headers.get('X_TENANT_NAME') - req_id = req.environ.get(request_id.ENV_REQUEST_ID) - # Get the auth token - auth_token = req.headers.get('X_AUTH_TOKEN', - req.headers.get('X_STORAGE_TOKEN')) - # Build a context, including the auth_token... remote_address = req.remote_addr @@ -114,14 +97,17 @@ class CinderKeystoneContext(base_wsgi.Middleware): if CONF.use_forwarded_for: remote_address = req.headers.get('X-Forwarded-For', remote_address) - ctx = context.RequestContext(user_id, - project_id, - project_name=project_name, - roles=roles, - auth_token=auth_token, - remote_address=remote_address, - service_catalog=service_catalog, - request_id=req_id) + + ctx = context.RequestContext.from_environ( + req.environ, + request_id=req_id, + remote_address=remote_address, + project_name=project_name, + service_catalog=service_catalog) + + if ctx.user_id is None: + LOG.debug("Neither X_USER_ID nor X_USER found in request") + return webob.exc.HTTPUnauthorized() req.environ['cinder.context'] = ctx return self.application diff --git a/cinder/context.py b/cinder/context.py index 8f658afdce4..a7a6544638a 100644 --- a/cinder/context.py +++ b/cinder/context.py @@ -49,11 +49,10 @@ class RequestContext(context.RequestContext): Represents the user taking a given action within the system. """ - def __init__(self, user_id, project_id, is_admin=None, read_deleted="no", - roles=None, project_name=None, remote_address=None, - timestamp=None, request_id=None, auth_token=None, - overwrite=True, quota_class=None, service_catalog=None, - domain=None, user_domain=None, project_domain=None): + def __init__(self, user_id=None, project_id=None, is_admin=None, + read_deleted="no", project_name=None, remote_address=None, + timestamp=None, quota_class=None, service_catalog=None, + **kwargs): """Initialize RequestContext. :param read_deleted: 'no' indicates deleted records are hidden, 'yes' @@ -63,17 +62,14 @@ class RequestContext(context.RequestContext): :param overwrite: Set to False to ensure that the greenthread local copy of the index is not overwritten. """ + # NOTE(jamielennox): oslo.context still uses some old variables names. + # These arguments are maintained instead of passed as kwargs to + # maintain the interface for tests. + kwargs.setdefault('user', user_id) + kwargs.setdefault('tenant', project_id) + + super(RequestContext, self).__init__(is_admin=is_admin, **kwargs) - super(RequestContext, self).__init__(auth_token=auth_token, - user=user_id, - tenant=project_id, - domain=domain, - user_domain=user_domain, - project_domain=project_domain, - is_admin=is_admin, - request_id=request_id, - overwrite=overwrite, - roles=roles) self.project_name = project_name self.read_deleted = read_deleted self.remote_address = remote_address