Merge "Refactor the getting roles logic in _keystone_identity"

author: Jenkins <jenkins@review.openstack.org> 2015-04-14 22:44:10 +0000
committer: Gerrit Code Review <review@openstack.org> 2015-04-14 22:44:10 +0000
commit: 7518213be11451865377103d5085e1c00dd44364 (patch)
tree: 97555f7a756cc40faf8ced3201ccbd8451ff4fcf
parent: bc2c9ba2a561d391760bd0e2af02c7c4370d3af7 (diff)
parent: 749bdac1df3571324af6bdcf64e1d283f9ec6cb9 (diff)
download: swift-7518213be11451865377103d5085e1c00dd44364.tar.gz
2 files changed, 20 insertions, 3 deletions
diff --git a/swift/common/middleware/keystoneauth.py b/swift/common/middleware/keystoneauth.py
index 9887cdd06..6f70ede5f 100644
--- a/swift/common/middleware/keystoneauth.py
+++ b/swift/common/middleware/keystoneauth.py
@@ -246,9 +246,7 @@ class KeystoneAuth(object):
             or environ.get(
                 'HTTP_X_SERVICE_IDENTITY_STATUS') not in (None, 'Confirmed')):
             return
-        roles = []
-        if 'HTTP_X_ROLES' in environ:
-            roles = environ['HTTP_X_ROLES'].split(',')
+        roles = list_from_csv(environ.get('HTTP_X_ROLES', ''))
         identity = {'user': environ.get('HTTP_X_USER_NAME'),
                     'tenant': (environ.get('HTTP_X_TENANT_ID'),
                                environ.get('HTTP_X_TENANT_NAME')),
diff --git a/test/unit/common/middleware/test_keystoneauth.py b/test/unit/common/middleware/test_keystoneauth.py
index 76b520518..078c275a7 100644
--- a/test/unit/common/middleware/test_keystoneauth.py
+++ b/test/unit/common/middleware/test_keystoneauth.py
@@ -879,6 +879,25 @@ class TestAuthorize(BaseTestAuthorize):
         acl = '%s:%s' % (id['HTTP_X_TENANT_ID'], id['HTTP_X_USER_ID'])
         self._check_authenticate(acl=acl, identity=id, env=env)
 
+    def test_keystone_identity(self):
+        user_name = 'U_NAME'
+        project = ('P_ID', 'P_NAME')
+        roles = ('ROLE1', 'ROLE2')
+
+        req = Request.blank('/v/a/c/o')
+        req.headers.update({'X-Identity-Status': 'Confirmed',
+                            'X-Roles': ' %s , %s ' % roles,
+                            'X-User-Name': user_name,
+                            'X-Tenant-Id': project[0],
+                            'X-Tenant-Name': project[1]})
+
+        expected = {'user': user_name,
+                    'tenant': project,
+                    'roles': list(roles)}
+        data = self.test_auth._keystone_identity(req.environ)
+
+        self.assertEquals(expected, data)
+
     def test_integral_keystone_identity(self):
         user = ('U_ID', 'U_NAME')
         roles = ('ROLE1', 'ROLE2')
author	Jenkins <jenkins@review.openstack.org>	2015-04-14 22:44:10 +0000
committer	Gerrit Code Review <review@openstack.org>	2015-04-14 22:44:10 +0000
commit	7518213be11451865377103d5085e1c00dd44364 (patch)
tree	97555f7a756cc40faf8ced3201ccbd8451ff4fcf
parent	bc2c9ba2a561d391760bd0e2af02c7c4370d3af7 (diff)
parent	749bdac1df3571324af6bdcf64e1d283f9ec6cb9 (diff)
download	swift-7518213be11451865377103d5085e1c00dd44364.tar.gz