Read auth_uri from config file and remove is_public_api
1.auth_url can not be obtained from request headers, it can only be read from config file. 2.is_public_api is not used, so let's remove it from context. Change-Id: Ie7207ef5311e3168b64c47aef4041ed2dd0e39c6 Partially-Implements: blueprint generate-keystone-trust
This commit is contained in:
parent
86365ac8b8
commit
a01138ab91
|
@ -14,12 +14,15 @@
|
|||
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_utils import importutils
|
||||
from pecan import hooks
|
||||
|
||||
from magnum.common import context
|
||||
from magnum.conductor import api as conductor_api
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.import_opt('auth_uri', 'keystonemiddleware.auth_token',
|
||||
group='keystone_authtoken')
|
||||
|
||||
|
||||
class ContextHook(hooks.PecanHook):
|
||||
"""Configures a request context and attaches it to the request.
|
||||
|
@ -57,10 +60,7 @@ class ContextHook(hooks.PecanHook):
|
|||
roles = headers.get('X-Roles', '').split(',')
|
||||
auth_token_info = state.request.environ.get('keystone.token_info')
|
||||
|
||||
auth_url = headers.get('X-Auth-Url')
|
||||
if auth_url is None:
|
||||
importutils.import_module('keystonemiddleware.auth_token')
|
||||
auth_url = cfg.CONF.keystone_authtoken.auth_uri
|
||||
auth_url = CONF.keystone_authtoken.auth_uri
|
||||
|
||||
state.request.context = context.make_context(
|
||||
auth_token=auth_token,
|
||||
|
|
|
@ -20,18 +20,15 @@ class RequestContext(context.RequestContext):
|
|||
def __init__(self, auth_token=None, auth_url=None, domain_id=None,
|
||||
domain_name=None, user_name=None, user_id=None,
|
||||
project_name=None, project_id=None, roles=None,
|
||||
is_admin=False, is_public_api=False, read_only=False,
|
||||
show_deleted=False, request_id=None, trust_id=None,
|
||||
auth_token_info=None, all_tenants=False, **kwargs):
|
||||
is_admin=False, read_only=False, show_deleted=False,
|
||||
request_id=None, trust_id=None, auth_token_info=None,
|
||||
all_tenants=False, **kwargs):
|
||||
"""Stores several additional request parameters:
|
||||
|
||||
:param domain_id: The ID of the domain.
|
||||
:param domain_name: The name of the domain.
|
||||
:param is_public_api: Specifies whether the request should be processed
|
||||
without authentication.
|
||||
|
||||
"""
|
||||
self.is_public_api = is_public_api
|
||||
self.user_name = user_name
|
||||
self.user_id = user_id
|
||||
self.project_name = project_name
|
||||
|
@ -63,7 +60,6 @@ class RequestContext(context.RequestContext):
|
|||
'project_name': self.project_name,
|
||||
'project_id': self.project_id,
|
||||
'is_admin': self.is_admin,
|
||||
'is_public_api': self.is_public_api,
|
||||
'read_only': self.read_only,
|
||||
'roles': self.roles,
|
||||
'show_deleted': self.show_deleted,
|
||||
|
|
|
@ -49,8 +49,6 @@ class TestContextHook(base.BaseTestCase):
|
|||
ctx.user_id)
|
||||
self.assertEqual(fakes.fakeAuthTokenHeaders['X-Roles'],
|
||||
','.join(ctx.roles))
|
||||
self.assertEqual(fakes.fakeAuthTokenHeaders['X-Auth-Url'],
|
||||
ctx.auth_url)
|
||||
self.assertEqual(fakes.fakeAuthTokenHeaders['X-User-Domain-Name'],
|
||||
ctx.domain_name)
|
||||
self.assertEqual(fakes.fakeAuthTokenHeaders['X-User-Domain-Id'],
|
||||
|
|
|
@ -29,7 +29,6 @@ class ContextTestCase(base.TestCase):
|
|||
project_id='tenant-id1',
|
||||
roles=['admin', 'service'],
|
||||
is_admin=True,
|
||||
is_public_api=True,
|
||||
read_only=True,
|
||||
show_deleted=True,
|
||||
request_id='request_id1',
|
||||
|
@ -50,7 +49,6 @@ class ContextTestCase(base.TestCase):
|
|||
for role in ctx.roles:
|
||||
self.assertTrue(role in ['admin', 'service'])
|
||||
self.assertTrue(ctx.is_admin)
|
||||
self.assertTrue(ctx.is_public_api)
|
||||
self.assertTrue(ctx.read_only)
|
||||
self.assertTrue(ctx.show_deleted)
|
||||
self.assertEqual("request_id1", ctx.request_id)
|
||||
|
@ -71,7 +69,6 @@ class ContextTestCase(base.TestCase):
|
|||
self.assertEqual(ctx.project_name, ctx2.project_name)
|
||||
self.assertEqual(ctx.project_id, ctx2.project_id)
|
||||
self.assertEqual(ctx.is_admin, ctx2.is_admin)
|
||||
self.assertEqual(ctx.is_public_api, ctx2.is_public_api)
|
||||
self.assertEqual(ctx.read_only, ctx2.read_only)
|
||||
self.assertEqual(ctx.roles, ctx2.roles)
|
||||
self.assertEqual(ctx.show_deleted, ctx2.show_deleted)
|
||||
|
|
Loading…
Reference in New Issue