From a25804014b1c57c772847b9804f95123f59e7648 Mon Sep 17 00:00:00 2001
From: Steve Baker <sbaker@redhat.com>
Date: Mon, 8 Apr 2013 15:47:46 +1200
Subject: [PATCH] Remove service _user, _password, _tenant from context

These are not currently used anywhere in heat-engine, and I'm
not comfortable with the service password going over the (controller)
network.

If heat-engine needs access to these in the future then they can always
be configured in heat-engine.conf, or the operation can be performed
in the api and the results put into the context.

Change-Id: I81aab6b5a2c9aa7d6412531f70108857cbfa637b
---
 heat/common/auth_token.py |  3 ---
 heat/common/context.py    | 16 +---------------
 heat/db/sqlalchemy/api.py |  2 --
 3 files changed, 1 insertion(+), 20 deletions(-)

diff --git a/heat/common/auth_token.py b/heat/common/auth_token.py
index 3fa38458..ab3e300d 100644
--- a/heat/common/auth_token.py
+++ b/heat/common/auth_token.py
@@ -29,9 +29,6 @@ class AuthProtocol(auth_token.AuthProtocol):
     def _build_user_headers(self, token_info):
         rval = super(AuthProtocol, self)._build_user_headers(token_info)
         rval['X-Auth-Url'] = self.auth_uri
-        rval['X-Admin-User'] = self.admin_user
-        rval['X-Admin-Pass'] = self.admin_password
-        rval['X-Admin-Tenant-Name'] = self.admin_tenant_name
         return rval
 
 
diff --git a/heat/common/context.py b/heat/common/context.py
index 8c28b897..8797fb85 100644
--- a/heat/common/context.py
+++ b/heat/common/context.py
@@ -34,9 +34,7 @@ class RequestContext(object):
     """
 
     def __init__(self, auth_token=None, username=None, password=None,
-                 aws_creds=None, aws_auth_uri=None,
-                 service_user=None, service_password=None,
-                 service_tenant=None, tenant=None,
+                 aws_creds=None, aws_auth_uri=None, tenant=None,
                  tenant_id=None, auth_url=None, roles=None, is_admin=False,
                  read_only=False, show_deleted=False,
                  owner_is_tenant=True, overwrite=True, **kwargs):
@@ -53,9 +51,6 @@ class RequestContext(object):
         self.password = password
         self.aws_creds = aws_creds
         self.aws_auth_uri = aws_auth_uri
-        self.service_user = service_user
-        self.service_password = service_password
-        self.service_tenant = service_tenant
         self.tenant = tenant
         self.tenant_id = tenant_id
         self.auth_url = auth_url
@@ -83,9 +78,6 @@ class RequestContext(object):
                 'password': self.password,
                 'aws_creds': self.aws_creds,
                 'aws_auth_uri': self.aws_auth_uri,
-                'service_user': self.service_user,
-                'service_password': self.service_password,
-                'service_tenant': self.service_tenant,
                 'tenant': self.tenant,
                 'tenant_id': self.tenant_id,
                 'auth_url': self.auth_url,
@@ -180,9 +172,6 @@ class ContextMiddleware(wsgi.Middleware):
                 aws_auth_uri = headers.get('X-Auth-EC2-Url')
 
             token = headers.get('X-Auth-Token')
-            service_user = headers.get('X-Admin-User')
-            service_password = headers.get('X-Admin-Pass')
-            service_tenant = headers.get('X-Admin-Tenant-Name')
             tenant = headers.get('X-Tenant-Name')
             tenant_id = headers.get('X-Tenant-Id')
             auth_url = headers.get('X-Auth-Url')
@@ -199,9 +188,6 @@ class ContextMiddleware(wsgi.Middleware):
                                         aws_auth_uri=aws_auth_uri,
                                         username=username,
                                         password=password,
-                                        service_user=service_user,
-                                        service_password=service_password,
-                                        service_tenant=service_tenant,
                                         auth_url=auth_url, roles=roles,
                                         is_admin=True)
 
diff --git a/heat/db/sqlalchemy/api.py b/heat/db/sqlalchemy/api.py
index 9acc4a3e..9eb8fffa 100644
--- a/heat/db/sqlalchemy/api.py
+++ b/heat/db/sqlalchemy/api.py
@@ -207,7 +207,6 @@ def user_creds_create(context):
     user_creds_ref = models.UserCreds()
     user_creds_ref.update(values)
     user_creds_ref.password = crypt.encrypt(values['password'])
-    user_creds_ref.service_password = crypt.encrypt(values['service_password'])
     user_creds_ref.aws_creds = crypt.encrypt(values['aws_creds'])
     user_creds_ref.save(_session(context))
     return user_creds_ref
@@ -219,7 +218,6 @@ def user_creds_get(user_creds_id):
     # or it can be committed back to the DB in decrypted form
     result = dict(db_result)
     result['password'] = crypt.decrypt(result['password'])
-    result['service_password'] = crypt.decrypt(result['service_password'])
     result['aws_creds'] = crypt.decrypt(result['aws_creds'])
     return result
 
-- 
2.45.2