Remove deprecated fields in keystone auth middleware

This commit makes the following changes:

Use X_PROJECT_ID instead of X_TENANT_ID:
  In the latest keystone auth_token middleware it is recommended to
  use X_PROJECT_ID instead of X_TENANT_ID. X_PROJECT_ID is supported
  in auth_token middleware for both keystone v2 and v3 API.
  The corresponding change was done in keystoneclient before Grizzly
  release, so we don't need to take care of X_TENANT_ID now.

USE X_ROLES instead of X_ROLE:
  X_ROLES is now recommended.
  X_ROLE exists just for diablo backward compatibility.

Remove X_TENANT and X_USER:
  X_TENANT and X_USER are for diablo backward compatibility.
  We no longer need take care of them in Icehouse Neutron.

Change-Id: Ie714b1323ff8c44dbee66b54e683226cf675b104
Closes-Bug: #1242447

diff --git a/neutron/auth.py b/neutron/auth.py
index b5d9dcc150987b3f2507ba67d53acdfa67bbdbf1..c434337048ebfa1fa80c837ed5dd4b66759ffdd7 100644 (file)
--- a/neutron/auth.py
+++ b/neutron/auth.py
@@ -31,16 +31,16 @@ class NeutronKeystoneContext(wsgi.Middleware):
     @webob.dec.wsgify
     def __call__(self, req):
         # Determine the user ID
-        user_id = req.headers.get('X_USER_ID', req.headers.get('X_USER'))
+        user_id = req.headers.get('X_USER_ID')
         if not user_id:
-            LOG.debug(_("Neither X_USER_ID nor X_USER found in request"))
+            LOG.debug(_("X_USER_ID is not found in request"))
             return webob.exc.HTTPUnauthorized()
 
         # Determine the tenant
-        tenant_id = req.headers.get('X_TENANT_ID', req.headers.get('X_TENANT'))
+        tenant_id = req.headers.get('X_PROJECT_ID')
 
         # Suck out the roles
-        roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')]
+        roles = [r.strip() for r in req.headers.get('X_ROLES', '').split(',')]
 
         # Create a context with the authentication data
         ctx = context.Context(user_id, tenant_id, roles=roles)

diff --git a/neutron/tests/unit/test_auth.py b/neutron/tests/unit/test_auth.py
index 0db600864d09bcda3262f2da9e197c87ef403836..fc262ec7d8e4b615efc9d4c946598f405cbbd519 100644 (file)
--- a/neutron/tests/unit/test_auth.py
+++ b/neutron/tests/unit/test_auth.py
@@ -36,58 +36,28 @@ class NeutronKeystoneContextTestCase(base.BaseTestCase):
         self.request.headers['X_AUTH_TOKEN'] = 'testauthtoken'
 
     def test_no_user_no_user_id(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
         response = self.request.get_response(self.middleware)
         self.assertEqual(response.status, '401 Unauthorized')
 
-    def test_with_user(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
-        self.request.headers['X_USER_ID'] = 'testuserid'
-        response = self.request.get_response(self.middleware)
-        self.assertEqual(response.status, '200 OK')
-        self.assertEqual(self.context.user_id, 'testuserid')
-
     def test_with_user_id(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
-        self.request.headers['X_USER'] = 'testuser'
-        response = self.request.get_response(self.middleware)
-        self.assertEqual(response.status, '200 OK')
-        self.assertEqual(self.context.user_id, 'testuser')
-
-    def test_user_id_trumps_user(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
         self.request.headers['X_USER_ID'] = 'testuserid'
-        self.request.headers['X_USER'] = 'testuser'
         response = self.request.get_response(self.middleware)
         self.assertEqual(response.status, '200 OK')
         self.assertEqual(self.context.user_id, 'testuserid')
 
     def test_with_tenant_id(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
         self.request.headers['X_USER_ID'] = 'test_user_id'
         response = self.request.get_response(self.middleware)
         self.assertEqual(response.status, '200 OK')
         self.assertEqual(self.context.tenant_id, 'testtenantid')
 
-    def test_with_tenant(self):
-        self.request.headers['X_TENANT'] = 'testtenant'
-        self.request.headers['X_USER_ID'] = 'test_user_id'
-        response = self.request.get_response(self.middleware)
-        self.assertEqual(response.status, '200 OK')
-        self.assertEqual(self.context.tenant_id, 'testtenant')
-
-    def test_tenant_id_trumps_tenant(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
-        self.request.headers['X_TENANT'] = 'testtenant'
-        self.request.headers['X_USER_ID'] = 'testuserid'
-        response = self.request.get_response(self.middleware)
-        self.assertEqual(response.status, '200 OK')
-        self.assertEqual(self.context.tenant_id, 'testtenantid')
-
     def test_roles_no_admin(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
         self.request.headers['X_USER_ID'] = 'testuserid'
-        self.request.headers['X_ROLE'] = 'role1, role2 , role3,role4,role5'
+        self.request.headers['X_ROLES'] = 'role1, role2 , role3,role4,role5'
         response = self.request.get_response(self.middleware)
         self.assertEqual(response.status, '200 OK')
         self.assertEqual(self.context.roles, ['role1', 'role2', 'role3',
@@ -95,10 +65,10 @@ class NeutronKeystoneContextTestCase(base.BaseTestCase):
         self.assertEqual(self.context.is_admin, False)
 
     def test_roles_with_admin(self):
-        self.request.headers['X_TENANT_ID'] = 'testtenantid'
+        self.request.headers['X_PROJECT_ID'] = 'testtenantid'
         self.request.headers['X_USER_ID'] = 'testuserid'
-        self.request.headers['X_ROLE'] = ('role1, role2 , role3,role4,role5,'
-                                          'AdMiN')
+        self.request.headers['X_ROLES'] = ('role1, role2 , role3,role4,role5,'
+                                           'AdMiN')
         response = self.request.get_response(self.middleware)
         self.assertEqual(response.status, '200 OK')
         self.assertEqual(self.context.roles, ['role1', 'role2', 'role3',