From d94b53c31289f9bf322a7f3549763580d68dd63a Mon Sep 17 00:00:00 2001 From: Angus Salkeld Date: Thu, 29 Mar 2012 22:20:59 +1100 Subject: [PATCH] Copy some glance/common fixes Signed-off-by: Angus Salkeld --- heat/common/auth.py | 9 ++++++++- heat/common/context.py | 18 ++++++++---------- heat/common/exception.py | 20 +++++++++++++++++--- 3 files changed, 33 insertions(+), 14 deletions(-) diff --git a/heat/common/auth.py b/heat/common/auth.py index 1462e0c6..02de27ee 100644 --- a/heat/common/auth.py +++ b/heat/common/auth.py @@ -193,7 +193,14 @@ class KeystoneStrategy(BaseStrategy): endpoint = None region = self.creds.get('region') for service in service_catalog: - if service['type'] == 'image': + try: + service_type = service['type'] + except KeyError: + msg = _('Encountered service with no "type": %s' % service) + logger.warn(msg) + continue + + if service_type == 'image': for ep in service['endpoints']: if region is None or region == ep['region']: if endpoint is not None: diff --git a/heat/common/context.py b/heat/common/context.py index accf6b86..8af24d91 100644 --- a/heat/common/context.py +++ b/heat/common/context.py @@ -54,6 +54,7 @@ class ContextMiddleware(wsgi.Middleware): opts = [ cfg.BoolOpt('owner_is_tenant', default=True), + cfg.StrOpt('admin_role', default='admin'), ] def __init__(self, app, conf, **local_conf): @@ -86,30 +87,27 @@ class ContextMiddleware(wsgi.Middleware): to determine permissions. 2. An X-Auth-Token was passed in, but the Identity-Status is not - confirmed. For now, just raising a NotAuthorized exception. + confirmed. For now, just raising a NotAuthenticated exception. 3. X-Auth-Token is omitted. If we were using Keystone, then the tokenauth middleware would have rejected the request, so we must be using NoAuth. In that case, assume that is_admin=True. """ - # TODO(sirp): should we be using the heat_tokeauth shim from - # Keystone here? If we do, we need to make sure it handles the NoAuth - # case auth_tok = req.headers.get('X-Auth-Token', req.headers.get('X-Storage-Token')) if auth_tok: if req.headers.get('X-Identity-Status') == 'Confirmed': # 1. Auth-token is passed, check other headers - user = req.headers.get('X-User') - tenant = req.headers.get('X-Tenant') + user = req.headers.get('X-User-Id') + tenant = req.headers.get('X-Tenant-Id') roles = [r.strip() - for r in req.headers.get('X-Role', '').split(',')] - is_admin = 'Admin' in roles + for r in req.headers.get('X-Roles', '').split(',')] + is_admin = self.conf.admin_role in roles else: # 2. Indentity-Status not confirmed # FIXME(sirp): not sure what the correct behavior in this case - # is; just raising NotAuthorized for now - raise exception.NotAuthorized() + # is; just raising NotAuthenticated for now + raise exception.NotAuthenticated() else: # 3. Auth-token is ommited, assume NoAuth user = None diff --git a/heat/common/exception.py b/heat/common/exception.py index bf338729..e924a956 100644 --- a/heat/common/exception.py +++ b/heat/common/exception.py @@ -108,11 +108,14 @@ class AuthorizationFailure(HeatException): message = _("Authorization failed.") -class NotAuthorized(HeatException): - message = _("You are not authorized to complete this action.") +class NotAuthenticated(HeatException): + message = _("You are not authenticated.") +class Forbidden(HeatException): + message = _("You are not authorized to complete this action.") -class NotAuthorizedPublicImage(NotAuthorized): +#NOTE(bcwaldon): here for backwards-compatability, need to deprecate. +class NotAuthorized(Forbidden): message = _("You are not authorized to complete this action.") @@ -165,6 +168,17 @@ class ServiceUnavailable(HeatException): class RequestUriTooLong(HeatException): message = _("The URI was too long.") + +class ServerError(HeatException): + message = _("The request returned 500 Internal Server Error" + "\n\nThe response body:\n%(body)s") + + +class UnexpectedStatus(HeatException): + message = _("The request returned an unexpected status: %(status)s." + "\n\nThe response body:\n%(body)s") + + class InvalidContentType(HeatException): message = _("Invalid content type %(content_type)s") -- 2.45.2