← Back to branch summary

~ubuntu-branches/ubuntu/trusty/swift/trusty-updates

« back to all changes in this revision

Viewing changes to swift/common/middleware/keystoneauth.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short, James Page, Chuck Short
  • Date: 2013-08-13 10:37:13 UTC
  • mfrom: (1.2.21)
  • Revision ID: package-import@ubuntu.com-20130813103713-1ctbx4zifyljs2aq
Tags: 1.9.1-0ubuntu1
[ James Page ]
* d/control: Update VCS fields for new branch locations.

[ Chuck Short ]
* New upstream release.

Show diffs side-by-side

added added

removed removed

Lines of Context:
swift/common/middleware/keystoneauth.py
66
66
    mix different auth servers you can configure the option
67
67
    ``reseller_prefix`` in your keystoneauth entry like this::
68
68
 
69
 
        reseller_prefix = NEWAUTH_
70
 
 
71
 
    Make sure you have a underscore at the end of your new
72
 
    ``reseller_prefix`` option.
 
69
        reseller_prefix = NEWAUTH
73
70
 
74
71
    :param app: The next WSGI app in the pipeline
75
72
    :param conf: The dict of configuration values
79
76
        self.conf = conf
80
77
        self.logger = swift_utils.get_logger(conf, log_route='keystoneauth')
81
78
        self.reseller_prefix = conf.get('reseller_prefix', 'AUTH_').strip()
 
79
        if self.reseller_prefix and self.reseller_prefix[-1] != '_':
 
80
            self.reseller_prefix += '_'
82
81
        self.operator_roles = conf.get('operator_roles',
83
82
                                       'admin, swiftoperator').lower()
84
83
        self.reseller_admin_role = conf.get('reseller_admin_role',
156
155
 
157
156
    def _authorize_cross_tenant(self, user_id, user_name,
158
157
                                tenant_id, tenant_name, roles):
159
 
        """ Check cross-tenant ACLs
 
158
        """Check cross-tenant ACLs.
160
159
 
161
160
        Match tenant:user, tenant and user could be its id, name or '*'
162
161
 
205
204
            req.environ['swift_owner'] = True
206
205
            return
207
206
 
 
207
        # If we are not reseller admin and user is trying to delete its own
 
208
        # account then deny it.
 
209
        if not container and not obj and req.method == 'DELETE':
 
210
            # User is not allowed to issue a DELETE on its own account
 
211
            msg = 'User %s:%s is not allowed to delete its own account'
 
212
            self.logger.debug(msg % (tenant_name, user_name))
 
213
            return self.denied_response(req)
 
214
 
208
215
        # cross-tenant authorization
209
216
        matched_acl = self._authorize_cross_tenant(user_id, user_name,
210
217
                                                   tenant_id, tenant_name,