diff options
author | Jenkins <jenkins@review.openstack.org> | 2015-04-14 22:44:10 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2015-04-14 22:44:10 +0000 |
commit | 7518213be11451865377103d5085e1c00dd44364 (patch) | |
tree | 97555f7a756cc40faf8ced3201ccbd8451ff4fcf | |
parent | bc2c9ba2a561d391760bd0e2af02c7c4370d3af7 (diff) | |
parent | 749bdac1df3571324af6bdcf64e1d283f9ec6cb9 (diff) | |
download | swift-7518213be11451865377103d5085e1c00dd44364.tar.gz |
Merge "Refactor the getting roles logic in _keystone_identity"
-rw-r--r-- | swift/common/middleware/keystoneauth.py | 4 | ||||
-rw-r--r-- | test/unit/common/middleware/test_keystoneauth.py | 19 |
2 files changed, 20 insertions, 3 deletions
diff --git a/swift/common/middleware/keystoneauth.py b/swift/common/middleware/keystoneauth.py index 9887cdd06..6f70ede5f 100644 --- a/swift/common/middleware/keystoneauth.py +++ b/swift/common/middleware/keystoneauth.py @@ -246,9 +246,7 @@ class KeystoneAuth(object): or environ.get( 'HTTP_X_SERVICE_IDENTITY_STATUS') not in (None, 'Confirmed')): return - roles = [] - if 'HTTP_X_ROLES' in environ: - roles = environ['HTTP_X_ROLES'].split(',') + roles = list_from_csv(environ.get('HTTP_X_ROLES', '')) identity = {'user': environ.get('HTTP_X_USER_NAME'), 'tenant': (environ.get('HTTP_X_TENANT_ID'), environ.get('HTTP_X_TENANT_NAME')), diff --git a/test/unit/common/middleware/test_keystoneauth.py b/test/unit/common/middleware/test_keystoneauth.py index 76b520518..078c275a7 100644 --- a/test/unit/common/middleware/test_keystoneauth.py +++ b/test/unit/common/middleware/test_keystoneauth.py @@ -879,6 +879,25 @@ class TestAuthorize(BaseTestAuthorize): acl = '%s:%s' % (id['HTTP_X_TENANT_ID'], id['HTTP_X_USER_ID']) self._check_authenticate(acl=acl, identity=id, env=env) + def test_keystone_identity(self): + user_name = 'U_NAME' + project = ('P_ID', 'P_NAME') + roles = ('ROLE1', 'ROLE2') + + req = Request.blank('/v/a/c/o') + req.headers.update({'X-Identity-Status': 'Confirmed', + 'X-Roles': ' %s , %s ' % roles, + 'X-User-Name': user_name, + 'X-Tenant-Id': project[0], + 'X-Tenant-Name': project[1]}) + + expected = {'user': user_name, + 'tenant': project, + 'roles': list(roles)} + data = self.test_auth._keystone_identity(req.environ) + + self.assertEquals(expected, data) + def test_integral_keystone_identity(self): user = ('U_ID', 'U_NAME') roles = ('ROLE1', 'ROLE2') |