Keystone middleware added

For auth purposes keystone middleware is used.
Auth configuration added into example config.
Keystone auth is disabled in tests.

Change-Id: Id6e8da1529b35f66eb0192622f05662858b63b79
Closes-Bug: #1583106

examples/etc/tuningbox/tuningbox_config.py

@@ -1,4 +1,25 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
 LOG_LEVEL = 'DEBUG'
 
 SQLALCHEMY_DATABASE_URI = \
     'postgresql://tuningbox:tuningbox@localhost/tuningbox'
+
+AUTH = {
+    'auth_host': '127.0.0.1',
+    'auth_protocol': 'http',
+    'auth_version': 'v2.0',
+    'admin_user': 'tuningbox',
+    'admin_password': 'tuningbox',
+    'admin_tenant_name': 'services'
+}

requirements.txt

@@ -9,3 +9,4 @@ flask-restful
 alembic
 cliff
 requests
+keystonemiddleware>=4.0.0,!=4.1.0,!=4.5.0

tuning_box/app.py

@@ -22,6 +22,7 @@ from werkzeug import exceptions
 from tuning_box import converters
 from tuning_box import db
 from tuning_box import logger
+from tuning_box.middleware import keystone
 
 # These handlers work if PROPAGATE_EXCEPTIONS is off (non-Nailgun case)
 api_errors = {
@@ -291,7 +292,7 @@ def handle_integrity_error(exc):
     return response
 
 
-def build_app(configure_logging=True):
+def build_app(configure_logging=True, with_keystone=True):
     app = flask.Flask(__name__)
     app.url_map.converters.update(converters.ALL)
     api.init_app(app)  # init_app spoils Api object if app is a blueprint
@@ -304,6 +305,8 @@ def build_app(configure_logging=True):
     if configure_logging:
         log_level = app.config.get('LOG_LEVEL', 'INFO')
         logger.init_logger(log_level)
+    if with_keystone:
+        app.wsgi_app = keystone.KeystoneMiddleware(app)
     return app
 
 

tuning_box/middleware/keystone.py

@@ -0,0 +1,21 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystonemiddleware import auth_token
+
+
+class KeystoneMiddleware(auth_token.AuthProtocol):
+
+    def __init__(self, app):
+        self.app = app.wsgi_app
+        auth_settings = app.config.get('AUTH')
+        super(KeystoneMiddleware, self).__init__(self.app, auth_settings)

tuning_box/tests/test_app.py

@@ -43,7 +43,8 @@ class Client(testing.FlaskClient):
 class TestApp(base.TestCase):
     def setUp(self):
         super(TestApp, self).setUp()
-        self.app = app.build_app(configure_logging=False)
+        self.app = app.build_app(configure_logging=False,
+                                 with_keystone=False)
         self.app.config["SQLALCHEMY_DATABASE_URI"] = 'sqlite:///'
         with self.app.app_context():
             db.fix_sqlite()