add auth token to context

As discussed at http://lists.openstack.org/pipermail/openstack-dev/2014-July/040644.html SerivceVM project (and other routervm plugins) need auth token in context. The first user will be l3 routervm plugin. Closes-Bug: #1343854 Closes-Bug: #1352698 Change-Id: Id5a4c98059894eef33faf19d5ab063780b362f4a
2014-08-04 23:44:18 +09:00 · 2014-08-04 23:44:18 +09:00 · 9dc4115aac
commit 9dc4115aac
parent 7c8c169578
5 changed files with 44 additions and 4 deletions
--- a/neutron/auth.py
+++ b/neutron/auth.py
@ -48,10 +48,14 @@ class NeutronKeystoneContext(wsgi.Middleware):
        # Use request_id if already set
        req_id = req.environ.get(request_id.ENV_REQUEST_ID)

+        # Get the auth token
+        auth_token = req.headers.get('X_AUTH_TOKEN',
+                                     req.headers.get('X_STORAGE_TOKEN'))
+
        # Create a context with the authentication data
        ctx = context.Context(user_id, tenant_id, roles=roles,
                              user_name=user_name, tenant_name=tenant_name,
-                              request_id=req_id)
+                              request_id=req_id, auth_token=auth_token)

        # Inject the context...
        req.environ['neutron.context'] = ctx
--- a/neutron/common/rpc.py
+++ b/neutron/common/rpc.py
@ -106,7 +106,12 @@ def get_notifier(service=None, host=None, publisher_id=None):

 class RPCDispatcher(rpc_dispatcher.RPCDispatcher):
    def __call__(self, incoming):
-        LOG.debug('Incoming RPC: ctxt:%s message:%s', incoming.ctxt,
+        # NOTE(yamahata): '***' is chosen for consistency with
+        # openstack.common.strutils.mask_password
+        sanitize_key_list = ('auth_token', )
+        sanitized_ctxt = dict((k, '***' if k in sanitize_key_list else v)
+                              for (k, v) in incoming.ctxt.items())
+        LOG.debug('Incoming RPC: ctxt:%s message:%s', sanitized_ctxt,
                  incoming.message)
        return super(RPCDispatcher, self).__call__(incoming)

--- a/neutron/context.py
+++ b/neutron/context.py
@ -39,7 +39,7 @@ class ContextBase(common_context.RequestContext):
    def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no",
                 roles=None, timestamp=None, load_admin_roles=True,
                 request_id=None, tenant_name=None, user_name=None,
-                 overwrite=True, **kwargs):
+                 overwrite=True, auth_token=None, **kwargs):
        """Object initialization.

        :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
@ -52,7 +52,8 @@ class ContextBase(common_context.RequestContext):
        :param kwargs: Extra arguments that might be present, but we ignore
            because they possibly came in from older rpc messages.
        """
-        super(ContextBase, self).__init__(user=user_id, tenant=tenant_id,
+        super(ContextBase, self).__init__(auth_token=auth_token,
+                                          user=user_id, tenant=tenant_id,
                                          is_admin=is_admin,
                                          request_id=request_id)
        self.user_name = user_name
@ -130,6 +131,7 @@ class ContextBase(common_context.RequestContext):
                'tenant_name': self.tenant_name,
                'project_name': self.tenant_name,
                'user_name': self.user_name,
+                'auth_token': self.auth_token,
                }

    @classmethod
--- a/neutron/tests/unit/test_auth.py
+++ b/neutron/tests/unit/test_auth.py
@ -95,3 +95,17 @@ class NeutronKeystoneContextTestCase(base.BaseTestCase):
        self.request.environ[request_id.ENV_REQUEST_ID] = req_id
        self.request.get_response(self.middleware)
        self.assertEqual(req_id, self.context.request_id)
+
+    def test_with_auth_token(self):
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
+        self.request.headers['X_USER_ID'] = 'testuserid'
+        response = self.request.get_response(self.middleware)
+        self.assertEqual(response.status, '200 OK')
+        self.assertEqual(self.context.auth_token, 'testauthtoken')
+
+    def test_without_auth_token(self):
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
+        self.request.headers['X_USER_ID'] = 'testuserid'
+        del self.request.headers['X_AUTH_TOKEN']
+        self.request.get_response(self.middleware)
+        self.assertIsNone(self.context.auth_token)
--- a/neutron/tests/unit/test_neutron_context.py
+++ b/neutron/tests/unit/test_neutron_context.py
@ -39,6 +39,7 @@ class TestNeutronContext(base.BaseTestCase):
        self.assertEqual('tenant_id', ctx.tenant)
        self.assertIsNone(ctx.user_name)
        self.assertIsNone(ctx.tenant_name)
+        self.assertIsNone(ctx.auth_token)

    def test_neutron_context_create_logs_unknown_kwarg(self):
        with mock.patch.object(context.LOG, 'debug') as mock_log:
@ -59,6 +60,11 @@ class TestNeutronContext(base.BaseTestCase):
        ctx = context.Context('user_id', 'tenant_id', request_id='req_id_xxx')
        self.assertEqual('req_id_xxx', ctx.request_id)

+    def test_neutron_context_create_with_auth_token(self):
+        ctx = context.Context('user_id', 'tenant_id',
+                              auth_token='auth_token_xxx')
+        self.assertEqual('auth_token_xxx', ctx.auth_token)
+
    def test_neutron_context_to_dict(self):
        ctx = context.Context('user_id', 'tenant_id')
        ctx_dict = ctx.to_dict()
@ -70,6 +76,7 @@ class TestNeutronContext(base.BaseTestCase):
        self.assertIsNone(ctx_dict['user_name'])
        self.assertIsNone(ctx_dict['tenant_name'])
        self.assertIsNone(ctx_dict['project_name'])
+        self.assertIsNone(ctx_dict['auth_token'])

    def test_neutron_context_to_dict_with_name(self):
        ctx = context.Context('user_id', 'tenant_id',
@ -79,12 +86,19 @@ class TestNeutronContext(base.BaseTestCase):
        self.assertEqual('tenant_name', ctx_dict['tenant_name'])
        self.assertEqual('tenant_name', ctx_dict['project_name'])

+    def test_neutron_context_to_dict_with_auth_token(self):
+        ctx = context.Context('user_id', 'tenant_id',
+                              auth_token='auth_token_xxx')
+        ctx_dict = ctx.to_dict()
+        self.assertEqual('auth_token_xxx', ctx_dict['auth_token'])
+
    def test_neutron_context_admin_to_dict(self):
        self.db_api_session.return_value = 'fakesession'
        ctx = context.get_admin_context()
        ctx_dict = ctx.to_dict()
        self.assertIsNone(ctx_dict['user_id'])
        self.assertIsNone(ctx_dict['tenant_id'])
+        self.assertIsNone(ctx_dict['auth_token'])
        self.assertIsNotNone(ctx.session)
        self.assertNotIn('session', ctx_dict)

@ -93,6 +107,7 @@ class TestNeutronContext(base.BaseTestCase):
        ctx_dict = ctx.to_dict()
        self.assertIsNone(ctx_dict['user_id'])
        self.assertIsNone(ctx_dict['tenant_id'])
+        self.assertIsNone(ctx_dict['auth_token'])
        self.assertFalse(hasattr(ctx, 'session'))

    def test_neutron_context_with_load_roles_true(self):