← Back to branch summary

~ubuntu-cloud-archive/ubuntu/precise/nova/trunk

« back to all changes in this revision

Viewing changes to nova/api/auth.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short, Chuck Short, Soren Hansen
  • Date: 2012-09-07 17:49:53 UTC
  • mfrom: (1.1.61)
  • Revision ID: package-import@ubuntu.com-20120907174953-oapuvix1jxm830he
Tags: 2012.2~rc1~20120907.15996-0ubuntu1
https://launchpad.net/bugs/995285
[ Chuck Short ]
* New upstream release.
* debian/nova-common.postinst: Drop nova_sudoers permission changing
  since we do it in the debian/rules. (LP: #995285)

[ Soren Hansen ]
* Update debian/watch to account for symbolically named tarballs and
  use newer URL.
* Fix Launchpad URLs in debian/watch.

Show diffs side-by-side

added added

removed removed

Lines of Context:
nova/api/auth.py
77
77
        if user_id is None:
78
78
            LOG.debug("Neither X_USER_ID nor X_USER found in request")
79
79
            return webob.exc.HTTPUnauthorized()
80
 
        # get the roles
81
 
        roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')]
 
80
 
 
81
        roles = self._get_roles(req)
 
82
 
82
83
        if 'X_TENANT_ID' in req.headers:
83
84
            # This is the new header since Keystone went to ID/Name
84
85
            project_id = req.headers['X_TENANT_ID']
117
118
 
118
119
        req.environ['nova.context'] = ctx
119
120
        return self.application
 
121
 
 
122
    def _get_roles(self, req):
 
123
        """Get the list of roles"""
 
124
 
 
125
        if 'X_ROLES' in req.headers:
 
126
            roles = req.headers.get('X_ROLES', '')
 
127
        else:
 
128
            # Fallback to deprecated role header:
 
129
            roles = req.headers.get('X_ROLE', '')
 
130
            if roles:
 
131
                LOG.warn(_("Sourcing roles from deprecated X-Role HTTP "
 
132
                           "header"))
 
133
        return [r.strip() for r in roles.split(',')]