Remove _keystone_identity method

_keystone_identity method has been maintained for backward compatibility. But there is no place to use it now so this patch replace _keystone_identity method to _integrated_keystone_identity method as _keystone_identity. Change-Id: I9464c047401f92ae31a5d3bb7aacaeb0624150e0
2015-07-21 21:00:01 +09:00 · 2015-07-21 21:00:01 +09:00 · b96fd0d7d8
commit b96fd0d7d8
parent a094560f0c
2 changed files with 14 additions and 49 deletions
--- a/swift/common/middleware/keystoneauth.py
+++ b/swift/common/middleware/keystoneauth.py
@ -196,7 +196,7 @@ class KeystoneAuth(object):
            conf.get('allow_names_in_acls', 'true'))

    def __call__(self, environ, start_response):
-        identity = self._keystone_identity(environ)
+        env_identity = self._keystone_identity(environ)

        # Check if one of the middleware like tempurl or formpost have
        # set the swift.authorize_override environ and want to control the
@ -207,14 +207,13 @@ class KeystoneAuth(object):
            self.logger.debug(msg)
            return self.app(environ, start_response)

-        if identity:
-            self.logger.debug('Using identity: %r', identity)
-            environ['keystone.identity'] = identity
-            environ['REMOTE_USER'] = identity.get('tenant')
-            env_identity = self._integral_keystone_identity(environ)
+        if env_identity:
+            self.logger.debug('Using identity: %r', env_identity)
+            environ['REMOTE_USER'] = env_identity.get('tenant')
+            environ['keystone.identity'] = env_identity
            environ['swift.authorize'] = functools.partial(
                self.authorize, env_identity)
-            user_roles = (r.lower() for r in identity.get('roles', []))
+            user_roles = (r.lower() for r in env_identity.get('roles', []))
            if self.reseller_admin_role in user_roles:
                environ['reseller_request'] = True
        else:
@ -238,26 +237,11 @@ class KeystoneAuth(object):

    def _keystone_identity(self, environ):
        """Extract the identity from the Keystone auth component."""
-        # In next release, we would add user id in env['keystone.identity'] by
-        # using _integral_keystone_identity to replace current
-        # _keystone_identity. The purpose of keeping it in this release it for
-        # back compatibility.
        if (environ.get('HTTP_X_IDENTITY_STATUS') != 'Confirmed'
            or environ.get(
                'HTTP_X_SERVICE_IDENTITY_STATUS') not in (None, 'Confirmed')):
            return
        roles = list_from_csv(environ.get('HTTP_X_ROLES', ''))
-        identity = {'user': environ.get('HTTP_X_USER_NAME'),
-                    'tenant': (environ.get('HTTP_X_TENANT_ID'),
-                               environ.get('HTTP_X_TENANT_NAME')),
-                    'roles': roles}
-        return identity
-
-    def _integral_keystone_identity(self, environ):
-        """Extract the identity from the Keystone auth component."""
-        if environ.get('HTTP_X_IDENTITY_STATUS') != 'Confirmed':
-            return
-        roles = list_from_csv(environ.get('HTTP_X_ROLES', ''))
        service_roles = list_from_csv(environ.get('HTTP_X_SERVICE_ROLES', ''))
        identity = {'user': (environ.get('HTTP_X_USER_ID'),
                             environ.get('HTTP_X_USER_NAME')),
--- a/test/unit/common/middleware/test_keystoneauth.py
+++ b/test/unit/common/middleware/test_keystoneauth.py
@ -582,7 +582,7 @@ class BaseTestAuthorize(unittest.TestCase):
                                 user_domain_id)
        token_info = _fake_token_info(version=auth_version)
        env.update({'keystone.token_info': token_info})
-        return self.test_auth._integral_keystone_identity(env)
+        return self.test_auth._keystone_identity(env)


 class TestAuthorize(BaseTestAuthorize):
@ -604,7 +604,7 @@ class TestAuthorize(BaseTestAuthorize):
        req = self._make_request(path, headers=headers, environ=default_env)
        req.acl = acl

-        env_identity = self.test_auth._integral_keystone_identity(req.environ)
+        env_identity = self.test_auth._keystone_identity(req.environ)
        result = self.test_auth.authorize(env_identity, req)

        # if we have requested an exception but nothing came back then
@ -912,25 +912,6 @@ class TestAuthorize(BaseTestAuthorize):
        self._check_authenticate(acl=acl, identity=id, env=env)

    def test_keystone_identity(self):
-        user_name = 'U_NAME'
-        project = ('P_ID', 'P_NAME')
-        roles = ('ROLE1', 'ROLE2')
-
-        req = Request.blank('/v/a/c/o')
-        req.headers.update({'X-Identity-Status': 'Confirmed',
-                            'X-Roles': ' %s , %s ' % roles,
-                            'X-User-Name': user_name,
-                            'X-Tenant-Id': project[0],
-                            'X-Tenant-Name': project[1]})
-
-        expected = {'user': user_name,
-                    'tenant': project,
-                    'roles': list(roles)}
-        data = self.test_auth._keystone_identity(req.environ)
-
-        self.assertEqual(expected, data)
-
-    def test_integral_keystone_identity(self):
        user = ('U_ID', 'U_NAME')
        roles = ('ROLE1', 'ROLE2')
        service_roles = ('ROLE3', 'ROLE4')
@ -940,7 +921,7 @@ class TestAuthorize(BaseTestAuthorize):

        # no valid identity info in headers
        req = Request.blank('/v/a/c/o')
-        data = self.test_auth._integral_keystone_identity(req.environ)
+        data = self.test_auth._keystone_identity(req.environ)
        self.assertEqual(None, data)

        # valid identity info in headers, but status unconfirmed
@ -954,7 +935,7 @@ class TestAuthorize(BaseTestAuthorize):
                            'X-User-Domain-Name': user_domain[1],
                            'X-Project-Domain-Id': project_domain[0],
                            'X-Project-Domain-Name': project_domain[1]})
-        data = self.test_auth._integral_keystone_identity(req.environ)
+        data = self.test_auth._keystone_identity(req.environ)
        self.assertEqual(None, data)

        # valid identity info in headers, no token info in environ
@ -966,7 +947,7 @@ class TestAuthorize(BaseTestAuthorize):
                    'user_domain': (None, None),
                    'project_domain': (None, None),
                    'auth_version': 0}
-        data = self.test_auth._integral_keystone_identity(req.environ)
+        data = self.test_auth._keystone_identity(req.environ)
        self.assertEqual(expected, data)

        # v2 token info in environ
@ -978,7 +959,7 @@ class TestAuthorize(BaseTestAuthorize):
                    'user_domain': (None, None),
                    'project_domain': (None, None),
                    'auth_version': 2}
-        data = self.test_auth._integral_keystone_identity(req.environ)
+        data = self.test_auth._keystone_identity(req.environ)
        self.assertEqual(expected, data)

        # v3 token info in environ
@ -990,7 +971,7 @@ class TestAuthorize(BaseTestAuthorize):
                    'user_domain': user_domain,
                    'project_domain': project_domain,
                    'auth_version': 3}
-        data = self.test_auth._integral_keystone_identity(req.environ)
+        data = self.test_auth._keystone_identity(req.environ)
        self.assertEqual(expected, data)

        # service token in environ
@ -1002,7 +983,7 @@ class TestAuthorize(BaseTestAuthorize):
                    'user_domain': user_domain,
                    'project_domain': project_domain,
                    'auth_version': 3}
-        data = self.test_auth._integral_keystone_identity(req.environ)
+        data = self.test_auth._keystone_identity(req.environ)
        self.assertEqual(expected, data)

    def test_get_project_domain_id(self):