Remove service _user, _password, _tenant from context

These are not currently used anywhere in heat-engine, and I'm
not comfortable with the service password going over the (controller)
network.

If heat-engine needs access to these in the future then they can always
be configured in heat-engine.conf, or the operation can be performed
in the api and the results put into the context.

Change-Id: I81aab6b5a2c9aa7d6412531f70108857cbfa637b

diff --git a/heat/common/auth_token.py b/heat/common/auth_token.py
index 3fa3845821f1bbd2fe8cde73cf14fc234cdcdb3c..ab3e300d62995f518e2f310fd69f94909a72f000 100644 (file)
--- a/heat/common/auth_token.py
+++ b/heat/common/auth_token.py
@@ -29,9 +29,6 @@ class AuthProtocol(auth_token.AuthProtocol):
     def _build_user_headers(self, token_info):
         rval = super(AuthProtocol, self)._build_user_headers(token_info)
         rval['X-Auth-Url'] = self.auth_uri
-        rval['X-Admin-User'] = self.admin_user
-        rval['X-Admin-Pass'] = self.admin_password
-        rval['X-Admin-Tenant-Name'] = self.admin_tenant_name
         return rval
 
 

diff --git a/heat/common/context.py b/heat/common/context.py
index 8c28b897d05cfe690419703a93d5ec1ed1096dbd..8797fb856e1f4457399075570eea411a32a55aa1 100644 (file)
--- a/heat/common/context.py
+++ b/heat/common/context.py
@@ -34,9 +34,7 @@ class RequestContext(object):
     """
 
     def __init__(self, auth_token=None, username=None, password=None,
-                 aws_creds=None, aws_auth_uri=None,
-                 service_user=None, service_password=None,
-                 service_tenant=None, tenant=None,
+                 aws_creds=None, aws_auth_uri=None, tenant=None,
                  tenant_id=None, auth_url=None, roles=None, is_admin=False,
                  read_only=False, show_deleted=False,
                  owner_is_tenant=True, overwrite=True, **kwargs):
@@ -53,9 +51,6 @@ class RequestContext(object):
         self.password = password
         self.aws_creds = aws_creds
         self.aws_auth_uri = aws_auth_uri
-        self.service_user = service_user
-        self.service_password = service_password
-        self.service_tenant = service_tenant
         self.tenant = tenant
         self.tenant_id = tenant_id
         self.auth_url = auth_url
@@ -83,9 +78,6 @@ class RequestContext(object):
                 'password': self.password,
                 'aws_creds': self.aws_creds,
                 'aws_auth_uri': self.aws_auth_uri,
-                'service_user': self.service_user,
-                'service_password': self.service_password,
-                'service_tenant': self.service_tenant,
                 'tenant': self.tenant,
                 'tenant_id': self.tenant_id,
                 'auth_url': self.auth_url,
@@ -180,9 +172,6 @@ class ContextMiddleware(wsgi.Middleware):
                 aws_auth_uri = headers.get('X-Auth-EC2-Url')
 
             token = headers.get('X-Auth-Token')
-            service_user = headers.get('X-Admin-User')
-            service_password = headers.get('X-Admin-Pass')
-            service_tenant = headers.get('X-Admin-Tenant-Name')
             tenant = headers.get('X-Tenant-Name')
             tenant_id = headers.get('X-Tenant-Id')
             auth_url = headers.get('X-Auth-Url')
@@ -199,9 +188,6 @@ class ContextMiddleware(wsgi.Middleware):
                                         aws_auth_uri=aws_auth_uri,
                                         username=username,
                                         password=password,
-                                        service_user=service_user,
-                                        service_password=service_password,
-                                        service_tenant=service_tenant,
                                         auth_url=auth_url, roles=roles,
                                         is_admin=True)
 

diff --git a/heat/db/sqlalchemy/api.py b/heat/db/sqlalchemy/api.py
index 9acc4a3e0aa289415109d30da9837ce9505f641a..9eb8fffa5176f96847d233918814601d942074ea 100644 (file)
--- a/heat/db/sqlalchemy/api.py
+++ b/heat/db/sqlalchemy/api.py
@@ -207,7 +207,6 @@ def user_creds_create(context):
     user_creds_ref = models.UserCreds()
     user_creds_ref.update(values)
     user_creds_ref.password = crypt.encrypt(values['password'])
-    user_creds_ref.service_password = crypt.encrypt(values['service_password'])
     user_creds_ref.aws_creds = crypt.encrypt(values['aws_creds'])
     user_creds_ref.save(_session(context))
     return user_creds_ref
@@ -219,7 +218,6 @@ def user_creds_get(user_creds_id):
     # or it can be committed back to the DB in decrypted form
     result = dict(db_result)
     result['password'] = crypt.decrypt(result['password'])
-    result['service_password'] = crypt.decrypt(result['service_password'])
     result['aws_creds'] = crypt.decrypt(result['aws_creds'])
     return result