Add is_admin to redacted context

Heat is known to override RequestContext in a strange way and it attempts to run policy check, which loads full request context, in case is_admin is not given. This ensures is_admin is copied during redactation, to avoid failures in unit tests. is_admin is not a secret field so can appear in notifications. This also adds **kwargs interface to redacted_copy, so that we can inject a few more arguments in subclasses. Change-Id: I19f83d7b0a13f14df16ac805998d5b3751801c12
2024-02-26 18:17:51 +09:00 · 2024-02-26 18:17:51 +09:00 · e31a7a1af2
commit e31a7a1af2
parent 92252485bd
1 changed files with 4 additions and 2 deletions
--- a/oslo_context/context.py
+++ b/oslo_context/context.py
@ -387,7 +387,7 @@ class RequestContext(object):
        """
        return self.global_request_id or self.request_id

-    def redacted_copy(self) -> 'RequestContext':
+    def redacted_copy(self, **kwargs: ty.Any) -> 'RequestContext':
        """Return a copy of the context with sensitive fields redacted.

        This is useful for creating a context that can be safely logged.
@ -420,7 +420,9 @@ class RequestContext(object):
            user=self.user,
            domain=self.domain,
            user_domain=self.user_domain,
-            project_domain=self.project_domain
+            project_domain=self.project_domain,
+            is_admin=self.is_admin,
+            **kwargs
        )

    @classmethod