Work without admin_token_auth middleware

Requests would fail with a 500 Internal Server Error if the admin_token_auth middleware was removed from the paste pipeline. The requests would fail because the code assumed that the context contained an 'is_admin' element, but that element was only in the context if the admin_token_auth middleware was in the pipeline. This change makes it so that if the admin_token_auth middleware isn't in the paste pipeline requests will not fail with a 500 Internal Server Error. Change-Id: Ic064785226ee70ee475d8f72fea3c2ae6971a07f Fixes: bug 1190708
2013-06-13 17:45:20 -05:00 · 2013-06-13 17:45:20 -05:00 · 19fb6fc377
parent 62d948a66b
commit 19fb6fc377
3 changed files with 50 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -25,5 +25,6 @@ dist/
 etc/keystone.conf
 etc/logging.conf
 tests/test.db.pristine
+tests/no_admin_token_auth-paste.ini
 .project
 .pydevproject
--- a/keystone/common/wsgi.py
+++ b/keystone/common/wsgi.py
@ -173,6 +173,8 @@ class Application(BaseApplication):
            del context['REMOTE_USER']
        params.update(arg_dict)

+        context.setdefault('is_admin', False)
+
        # TODO(termie): do some basic normalization on methods
        method = getattr(self, action)

--- a/tests/test_no_admin_token_auth.py
+++ b/tests/test_no_admin_token_auth.py
@ -0,0 +1,47 @@
+
+import os
+import webtest
+
+from keystone import test
+
+
+def _generate_paste_config():
+    # Generate a file, based on keystone-paste.ini, that doesn't include
+    # admin_token_auth in the pipeline
+
+    with open(test.etcdir('keystone-paste.ini'), 'r') as f:
+        contents = f.read()
+
+    new_contents = contents.replace(' admin_token_auth ', ' ')
+
+    with open('no_admin_token_auth-paste.ini', 'w') as f:
+        f.write(new_contents)
+
+
+class TestNoAdminTokenAuth(test.TestCase):
+    def setUp(self):
+        super(TestNoAdminTokenAuth, self).setUp()
+        self.load_backends()
+
+        _generate_paste_config()
+
+        self.admin_app = webtest.TestApp(
+            self.loadapp('no_admin_token_auth', name='admin'),
+            extra_environ=dict(REMOTE_ADDR='127.0.0.1'))
+
+    def tearDown(self):
+        self.admin_app = None
+        os.remove('no_admin_token_auth-paste.ini')
+
+    def test_request_no_admin_token_auth(self):
+        # This test verifies that if the admin_token_auth middleware isn't
+        # in the paste pipeline that users can still make requests.
+
+        # Note(blk-u): Picked /v2.0/tenants because it's an operation that
+        # requires is_admin in the context, any operation that requires
+        # is_admin would work for this test.
+        REQ_PATH = '/v2.0/tenants'
+
+        # If the following does not raise, then the test is successful.
+        self.admin_app.get(REQ_PATH, headers={'X-Auth-Token': 'NotAdminToken'},
+                           status=401)