diff --git a/cinder/api/middleware/auth.py b/cinder/api/middleware/auth.py index 8d145701d89..7f8cecda542 100644 --- a/cinder/api/middleware/auth.py +++ b/cinder/api/middleware/auth.py @@ -110,6 +110,18 @@ class CinderKeystoneContext(base_wsgi.Middleware): LOG.debug("Neither X_USER_ID nor X_USER found in request") return webob.exc.HTTPUnauthorized() + if req.environ.get('X_PROJECT_DOMAIN_ID'): + ctx.project_domain = req.environ['X_PROJECT_DOMAIN_ID'] + + if req.environ.get('X_PROJECT_DOMAIN_NAME'): + ctx.project_domain_name = req.environ['X_PROJECT_DOMAIN_NAME'] + + if req.environ.get('X_USER_DOMAIN_ID'): + ctx.user_domain = req.environ['X_USER_DOMAIN_ID'] + + if req.environ.get('X_USER_DOMAIN_NAME'): + ctx.user_domain_name = req.environ['X_USER_DOMAIN_NAME'] + req.environ['cinder.context'] = ctx return self.application diff --git a/cinder/context.py b/cinder/context.py index 11872b1b8d3..130a1d9708d 100644 --- a/cinder/context.py +++ b/cinder/context.py @@ -180,8 +180,11 @@ class RequestContext(context.RequestContext): is_admin=values.get('is_admin'), roles=values.get('roles'), auth_token=values.get('auth_token'), - user_domain_id=values.get('user_domain_id'), - project_domain_id=values.get('project_domain_id')) + user_domain_id=values.get('user_domain'), + project_domain_id=values.get('project_domain'), + user_domain=values.get('user_domain'), + project_domain=values.get('project_domain'), + ) def authorize(self, action, target=None, target_obj=None, fatal=True): """Verifies that the given action is valid on the target in this context. diff --git a/cinder/tests/unit/api/middleware/test_auth.py b/cinder/tests/unit/api/middleware/test_auth.py index cb17b5da450..024ad4c83a7 100644 --- a/cinder/tests/unit/api/middleware/test_auth.py +++ b/cinder/tests/unit/api/middleware/test_auth.py @@ -75,3 +75,35 @@ class TestCinderKeystoneContextMiddleware(test.TestCase): self.request.environ[request_id.ENV_REQUEST_ID] = req_id self.request.get_response(self.middleware) self.assertEqual(req_id, self.context.request_id) + + def test_request_project_domain_id(self): + self.request.headers['X_USER_ID'] = 'testuserid' + self.request.headers['X_PROJECT_DOMAIN_ID'] = 'domain1' + + self.request.get_response(self.middleware) + + self.assertEqual('domain1', self.context.project_domain) + + def test_request_project_domain_name(self): + self.request.headers['X_USER_ID'] = 'testuserid' + self.request.headers['X_PROJECT_DOMAIN_NAME'] = 'mydomain' + + self.request.get_response(self.middleware) + + self.assertEqual('mydomain', self.context.project_domain_name) + + def test_request_user_domain_id(self): + self.request.headers['X_USER_ID'] = 'testuserid' + self.request.headers['X_USER_DOMAIN_ID'] = 'domain2' + + self.request.get_response(self.middleware) + + self.assertEqual('domain2', self.context.user_domain) + + def test_request_user_domain_name(self): + self.request.headers['X_USER_ID'] = 'testuserid' + self.request.headers['X_USER_DOMAIN_NAME'] = 'mydomain2' + + self.request.get_response(self.middleware) + + self.assertEqual('mydomain2', self.context.user_domain_name)