Tenant name is set to None in post keystone validated environment for a

domain-scoped token. Skip sharing if tenant id missing from token. This should handle domain or project scoped token. Also fix bug in vnc api V3 token generation Change-Id: I05a1182d58ce0a50b78a2aec36e0665e28fc2cb6 Closes-Bug: #1612531
Juniper · Aug 31, 2016 · 335118c · 335118c
1 parent 0cceea1
commit 335118c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 12 deletions.
diff --git a/src/api-lib/vnc_api.py b/src/api-lib/vnc_api.py
@@ -258,15 +258,15 @@ def __init__(self, username=None, password=None, tenant_name=None,
                           ' "password":{' + \
                             ' "user":{' + \
                                ' "name": "%s",' % (self._username) + \
-                               ' "domain": { "id": "%s" },' % (self._domain_name) + \
+                               ' "domain": { "name": "%s" },' % (self._domain_name) + \
                                ' "password": "%s"' % (self._password) + \
                              '}' + \
                             '}' + \
                           '},' + \
                           ' "scope":{' + \
                             ' "project":{' + \
-                              ' "domain": { "id": "%s" },' % (self._domain_name) + \
-                              ' "name": "%s"' % (self._username) + \
+                              ' "domain": { "name": "%s" },' % (self._domain_name) + \
+                              ' "name": "%s"' % (self._tenant_name) + \
                             '}' + \
                           '}' + \
                         '}' + \

diff --git a/src/config/api-server/vnc_cfg_api_server.py b/src/config/api-server/vnc_cfg_api_server.py
@@ -493,7 +493,7 @@ def stateful_create():
             obj_ids.update(result)
 
             env = get_request().headers.environ
-            tenant_name = env.get(hdr_server_tenant(), 'default-project')
+            tenant_name = env.get(hdr_server_tenant()) or 'default-project'
 
             get_context().set_state('PRE_DBE_CREATE')
             # type-specific hook
@@ -971,7 +971,6 @@ def http_resource_list(self, obj_type):
 
         db_conn = self._db_conn
         env = get_request().headers.environ
-        tenant_name = env.get(hdr_server_tenant(), 'default-project')
         parent_uuids = None
         back_ref_uuids = None
         obj_uuids = None
@@ -2808,13 +2807,8 @@ def _list_collection(self, obj_type, parent_uuids=None,
 
         # include objects shared with tenant
         env = get_request().headers.environ
-        tenant_name = env.get(hdr_server_tenant(), 'default-project')
-        tenant_fq_name = ['default-domain', tenant_name]
-        try:
-            tenant_uuid = self._db_conn.fq_name_to_uuid('project', tenant_fq_name)
-            shares = self._db_conn.get_shared_objects(obj_type, tenant_uuid)
-        except NoIdError:
-            shares = []
+        tenant_uuid = env.get('HTTP_X_PROJECT_ID', None)
+        shares = self._db_conn.get_shared_objects(obj_type, tenant_uuid) if tenant_uuid else []
         owned_objs = set([obj_uuid for (fq_name, obj_uuid) in result])
         for (obj_uuid, obj_perm) in shares:
             # skip owned objects already included in results