Add admin role to see hidden resources

Add admin role to: - local keystone auth API - default auth service to be able to see hidden resources. Change-Id: I7e7e8cb29ae105702c7680fa7ab9fb1303ca671c Partial-Bug: #1377139
Juniper · Oct 3, 2014 · 024279e · 024279e
1 parent 52c5e05
commit 024279e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/src/config/api-server/vnc_auth_keystone.py b/src/config/api-server/vnc_auth_keystone.py
@@ -54,6 +54,9 @@ def local_auth_check(*args, **kwargs):
             if (not self._conf_info.get('admin_user') == user or
                 not self._conf_info.get('admin_password') == passwd):
                 bottle.abort(401, 'Authentication check failed')
+
+            # Add admin role to the request
+            bottle.request.environ['HTTP_X_ROLE'] = 'admin'
     # end __init__
 
     def start_http_server(self):

diff --git a/src/config/api-server/vnc_cfg_api_server.py b/src/config/api-server/vnc_cfg_api_server.py
@@ -395,6 +395,15 @@ def __init__(self, args_str=None):
         self._pipe_start_app = auth_svc.get_middleware_app()
         if not self._pipe_start_app:
             self._pipe_start_app = bottle.app()
+            # When the multi tenancy is disable, add 'admin' role into the
+            # header for all requests to see all resources
+            @self._pipe_start_app.hook('before_request')
+            @bottle.hook('before_request')
+            def set_admin_role(*args, **kwargs):
+                if bottle.request.app != self._pipe_start_app:
+                    return
+                bottle.request.environ['HTTP_X_ROLE'] = 'admin'
+
         self._auth_svc = auth_svc
 
         # API/Permissions check