remove "admin_token_auth" related content"
as "admin_token_auth" is removed from paste file. some related contents are useless and shoud be removed also. Change-Id: Ia2263eda93559603a31d9a492e5501424613188e bp: removed-as-of-queens
This commit is contained in:
parent
3cc3986a89
commit
4fc045f820
|
@ -66,7 +66,7 @@ application in the ``public_api`` WSGI pipeline in
|
||||||
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
||||||
|
|
||||||
[pipeline:public_api]
|
[pipeline:public_api]
|
||||||
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
|
pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service
|
||||||
|
|
||||||
Each user can then change their own password with a HTTP PATCH.
|
Each user can then change their own password with a HTTP PATCH.
|
||||||
|
|
||||||
|
|
|
@ -172,9 +172,9 @@ authentication.
|
||||||
For example, if the original pipeline looks like this::
|
For example, if the original pipeline looks like this::
|
||||||
|
|
||||||
[pipeline:public_api]
|
[pipeline:public_api]
|
||||||
pipeline = url_normalize token_auth admin_token_auth json_body debug ec2_extension user_crud_extension public_service
|
pipeline = url_normalize token_auth json_body debug ec2_extension user_crud_extension public_service
|
||||||
|
|
||||||
Your modified pipeline might then look like this::
|
Your modified pipeline might then look like this::
|
||||||
|
|
||||||
[pipeline:public_api]
|
[pipeline:public_api]
|
||||||
pipeline = url_normalize token_auth admin_token_auth json_body my_auth debug ec2_extension user_crud_extension public_service
|
pipeline = url_normalize token_auth json_body my_auth debug ec2_extension user_crud_extension public_service
|
||||||
|
|
|
@ -13,7 +13,6 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
from oslo_log import log
|
from oslo_log import log
|
||||||
from oslo_log import versionutils
|
|
||||||
from oslo_serialization import jsonutils
|
from oslo_serialization import jsonutils
|
||||||
|
|
||||||
from keystone.common import authorization
|
from keystone.common import authorization
|
||||||
|
@ -36,32 +35,6 @@ class TokenAuthMiddleware(wsgi.Middleware):
|
||||||
context['subject_token_id'] = subject_token
|
context['subject_token_id'] = subject_token
|
||||||
|
|
||||||
|
|
||||||
class AdminTokenAuthMiddleware(wsgi.Middleware):
|
|
||||||
# NOTE(notmorgan): DEPRECATED FOR REMOVAL does nothing but warn to remove
|
|
||||||
# from pipeline
|
|
||||||
|
|
||||||
@versionutils.deprecated(
|
|
||||||
as_of=versionutils.deprecated.PIKE,
|
|
||||||
what='AdminTokenAuthMiddleware in the paste-ini pipeline.',
|
|
||||||
remove_in=+1)
|
|
||||||
def __init__(self, application):
|
|
||||||
super(AdminTokenAuthMiddleware, self).__init__(application)
|
|
||||||
# NOTE(notmorgan): This is deprecated and emits a significant error
|
|
||||||
# message to make sure deployers update their deployments so in the
|
|
||||||
# future release upgrade the deployment does not break.
|
|
||||||
LOG.error('The admin_token_auth middleware functionality has been '
|
|
||||||
'merged into the main auth middleware '
|
|
||||||
'(keystone.middleware.auth.AuthContextMiddleware). '
|
|
||||||
'`admin_token_auth` must be removed from the '
|
|
||||||
'[pipeline:api_v3], [pipeline:admin_api], and '
|
|
||||||
'[pipeline:public_api] sections of your paste ini '
|
|
||||||
'file. The [filter:admin_token_auth] block will also '
|
|
||||||
'need to be removed from your paste ini file. Failure '
|
|
||||||
'to remove these elements from your paste ini file will '
|
|
||||||
'result in keystone to no longer start/run when the '
|
|
||||||
'`admin_token_auth` is removed in the Queens release.')
|
|
||||||
|
|
||||||
|
|
||||||
class JsonBodyMiddleware(wsgi.Middleware):
|
class JsonBodyMiddleware(wsgi.Middleware):
|
||||||
"""Middleware to allow method arguments to be passed as serialized JSON.
|
"""Middleware to allow method arguments to be passed as serialized JSON.
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,6 @@ class TestPasteDeploymentEntryPoints(test.TestCase):
|
||||||
def test_entry_point_middleware(self):
|
def test_entry_point_middleware(self):
|
||||||
"""Assert that our list of expected middleware is present."""
|
"""Assert that our list of expected middleware is present."""
|
||||||
expected_names = [
|
expected_names = [
|
||||||
'admin_token_auth',
|
|
||||||
'build_auth_context',
|
'build_auth_context',
|
||||||
'cors',
|
'cors',
|
||||||
'debug',
|
'debug',
|
||||||
|
|
|
@ -25,7 +25,6 @@ from keystone import auth
|
||||||
from keystone.common import authorization
|
from keystone.common import authorization
|
||||||
from keystone.common import cache
|
from keystone.common import cache
|
||||||
from keystone.common.validation import validators
|
from keystone.common.validation import validators
|
||||||
from keystone.common import wsgi
|
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone import middleware
|
from keystone import middleware
|
||||||
from keystone.tests.common import auth as common_auth
|
from keystone.tests.common import auth as common_auth
|
||||||
|
@ -1219,45 +1218,6 @@ class VersionTestCase(RestfulTestCase):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
# NOTE(morganfainberg): To be removed when admin_token_auth is removed. This
|
|
||||||
# has been split out to allow testing admin_token auth without enabling it
|
|
||||||
# for other tests.
|
|
||||||
class AuthContextMiddlewareAdminTokenTestCase(RestfulTestCase):
|
|
||||||
|
|
||||||
def config_overrides(self):
|
|
||||||
super(AuthContextMiddlewareAdminTokenTestCase, self).config_overrides()
|
|
||||||
self.config_fixture.config(
|
|
||||||
admin_token='ADMIN')
|
|
||||||
|
|
||||||
# NOTE(morganfainberg): This is knowingly copied from below for simplicity
|
|
||||||
# during the deprecation cycle.
|
|
||||||
def _middleware_request(self, token, extra_environ=None):
|
|
||||||
|
|
||||||
def application(environ, start_response):
|
|
||||||
body = b'body'
|
|
||||||
headers = [('Content-Type', 'text/html; charset=utf8'),
|
|
||||||
('Content-Length', str(len(body)))]
|
|
||||||
start_response('200 OK', headers)
|
|
||||||
return [body]
|
|
||||||
|
|
||||||
app = webtest.TestApp(middleware.AuthContextMiddleware(application),
|
|
||||||
extra_environ=extra_environ)
|
|
||||||
resp = app.get('/', headers={authorization.AUTH_TOKEN_HEADER: token})
|
|
||||||
self.assertEqual('body', resp.text) # just to make sure it worked
|
|
||||||
return resp.request
|
|
||||||
|
|
||||||
def test_admin_auth_context(self):
|
|
||||||
# test to make sure AuthContextMiddleware does not attempt to build the
|
|
||||||
# auth context if the admin_token middleware indicates it's admin
|
|
||||||
# already.
|
|
||||||
token_id = uuid.uuid4().hex # token doesn't matter.
|
|
||||||
# the admin_token middleware sets is_admin in the context.
|
|
||||||
extra_environ = {wsgi.CONTEXT_ENV: {'is_admin': True}}
|
|
||||||
req = self._middleware_request(token_id, extra_environ)
|
|
||||||
auth_context = req.environ.get(authorization.AUTH_CONTEXT_ENV)
|
|
||||||
self.assertDictEqual({}, auth_context)
|
|
||||||
|
|
||||||
|
|
||||||
# NOTE(gyee): test AuthContextMiddleware here instead of test_middleware.py
|
# NOTE(gyee): test AuthContextMiddleware here instead of test_middleware.py
|
||||||
# because we need the token
|
# because we need the token
|
||||||
class AuthContextMiddlewareTestCase(RestfulTestCase):
|
class AuthContextMiddlewareTestCase(RestfulTestCase):
|
||||||
|
|
|
@ -40,25 +40,6 @@ from keystone.tests.unit import test_v3
|
||||||
CONF = keystone.conf.CONF
|
CONF = keystone.conf.CONF
|
||||||
|
|
||||||
|
|
||||||
# NOTE(morganfainberg): To be removed when admin_token_auth middleware is
|
|
||||||
# removed. This was moved to it's own testcase so it can setup the
|
|
||||||
# admin_token_auth pipeline without impacting other tests.
|
|
||||||
class IdentityTestCaseStaticAdminToken(test_v3.RestfulTestCase):
|
|
||||||
|
|
||||||
def config_overrides(self):
|
|
||||||
super(IdentityTestCaseStaticAdminToken, self).config_overrides()
|
|
||||||
self.config_fixture.config(
|
|
||||||
admin_token='ADMIN')
|
|
||||||
|
|
||||||
def test_list_users_with_static_admin_token_and_multiple_backends(self):
|
|
||||||
# domain-specific operations with the bootstrap ADMIN token is
|
|
||||||
# disallowed when domain-specific drivers are enabled
|
|
||||||
self.config_fixture.config(group='identity',
|
|
||||||
domain_specific_drivers_enabled=True)
|
|
||||||
self.get('/users', token=CONF.admin_token,
|
|
||||||
expected_status=exception.Unauthorized.code)
|
|
||||||
|
|
||||||
|
|
||||||
class IdentityTestCase(test_v3.RestfulTestCase):
|
class IdentityTestCase(test_v3.RestfulTestCase):
|
||||||
"""Test users and groups."""
|
"""Test users and groups."""
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
other:
|
||||||
|
- >
|
||||||
|
[`blueprint removed-as-of-queens <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-queens>`_]
|
||||||
|
The ``admin_token_auth`` middleware is removed now. The related doc is removed as well.
|
|
@ -193,7 +193,6 @@ paste.filter_factory =
|
||||||
osprofiler = osprofiler.web:WsgiMiddleware.factory
|
osprofiler = osprofiler.web:WsgiMiddleware.factory
|
||||||
url_normalize = keystone.middleware:NormalizingFilter.factory
|
url_normalize = keystone.middleware:NormalizingFilter.factory
|
||||||
request_id = oslo_middleware:RequestId.factory
|
request_id = oslo_middleware:RequestId.factory
|
||||||
admin_token_auth = keystone.middleware:AdminTokenAuthMiddleware.factory
|
|
||||||
build_auth_context = keystone.middleware:AuthContextMiddleware.factory
|
build_auth_context = keystone.middleware:AuthContextMiddleware.factory
|
||||||
token_auth = keystone.middleware:TokenAuthMiddleware.factory
|
token_auth = keystone.middleware:TokenAuthMiddleware.factory
|
||||||
json_body = keystone.middleware:JsonBodyMiddleware.factory
|
json_body = keystone.middleware:JsonBodyMiddleware.factory
|
||||||
|
|
Loading…
Reference in New Issue