diff options
author | Hisashi Osanai <osanai.hisashi@jp.fujitsu.com> | 2015-03-23 13:47:22 +0900 |
---|---|---|
committer | John Dickinson <me@not.mn> | 2015-04-14 13:15:15 -0700 |
commit | 749bdac1df3571324af6bdcf64e1d283f9ec6cb9 (patch) | |
tree | f007e3c5678421e459f027aa63d48e5de6aee8d3 | |
parent | 8a1453e61e95956fd8a87546e068a60a275ae665 (diff) | |
download | swift-749bdac1df3571324af6bdcf64e1d283f9ec6cb9.tar.gz |
Refactor the getting roles logic in _keystone_identity
The list_from_csv in swift.common.utils is used from the composite
auth token support and this method has been used in
_integral_keystone_identity. There is same logic in
_keystone_identity so the logic would be replaced with list_from_csv.
Change-Id: I3d72a34e6fc21fbe1d7331954695b1e3e1b67816
-rw-r--r-- | swift/common/middleware/keystoneauth.py | 4 | ||||
-rw-r--r-- | test/unit/common/middleware/test_keystoneauth.py | 19 |
2 files changed, 20 insertions, 3 deletions
diff --git a/swift/common/middleware/keystoneauth.py b/swift/common/middleware/keystoneauth.py index 221251d44..85e1f8b1f 100644 --- a/swift/common/middleware/keystoneauth.py +++ b/swift/common/middleware/keystoneauth.py @@ -246,9 +246,7 @@ class KeystoneAuth(object): or environ.get( 'HTTP_X_SERVICE_IDENTITY_STATUS') not in (None, 'Confirmed')): return - roles = [] - if 'HTTP_X_ROLES' in environ: - roles = environ['HTTP_X_ROLES'].split(',') + roles = list_from_csv(environ.get('HTTP_X_ROLES', '')) identity = {'user': environ.get('HTTP_X_USER_NAME'), 'tenant': (environ.get('HTTP_X_TENANT_ID'), environ.get('HTTP_X_TENANT_NAME')), diff --git a/test/unit/common/middleware/test_keystoneauth.py b/test/unit/common/middleware/test_keystoneauth.py index 76b520518..078c275a7 100644 --- a/test/unit/common/middleware/test_keystoneauth.py +++ b/test/unit/common/middleware/test_keystoneauth.py @@ -879,6 +879,25 @@ class TestAuthorize(BaseTestAuthorize): acl = '%s:%s' % (id['HTTP_X_TENANT_ID'], id['HTTP_X_USER_ID']) self._check_authenticate(acl=acl, identity=id, env=env) + def test_keystone_identity(self): + user_name = 'U_NAME' + project = ('P_ID', 'P_NAME') + roles = ('ROLE1', 'ROLE2') + + req = Request.blank('/v/a/c/o') + req.headers.update({'X-Identity-Status': 'Confirmed', + 'X-Roles': ' %s , %s ' % roles, + 'X-User-Name': user_name, + 'X-Tenant-Id': project[0], + 'X-Tenant-Name': project[1]}) + + expected = {'user': user_name, + 'tenant': project, + 'roles': list(roles)} + data = self.test_auth._keystone_identity(req.environ) + + self.assertEquals(expected, data) + def test_integral_keystone_identity(self): user = ('U_ID', 'U_NAME') roles = ('ROLE1', 'ROLE2') |