ec2token tolerate fully-qualified ec2authtoken auth_uri

If (as is currently done by the puppet-heat manifiests) the ec2authtoken auth_uri is specified, and it looks like http://127.0.0.1:5000/v2.0/ec2tokens ec2token authentication will fail, because we always append "ec2tokens" to the auth_uri. Instead, only add it when needed. This probably needs to be combined with a change to the puppet manifiests so we don't set the ec2authtoken auth_uri, as it's an optional section - we can derive the correct path with only the auth_uri from the keystone_authtoken section. Change-Id: I8c89772b40523b30f1c46b2ca8b68f9e20d5c213 Closes-Bug: #1318599
2014-06-09 17:18:55 +01:00 · 2014-06-09 17:18:55 +01:00 · c908b28700
parent b1197da2ad
commit c908b28700
2 changed files with 24 additions and 0 deletions
--- a/heat/api/aws/ec2token.py
+++ b/heat/api/aws/ec2token.py
@ -73,6 +73,8 @@ class EC2Token(wsgi.Middleware):

    @staticmethod
    def _conf_get_keystone_ec2_uri(auth_uri):
+        if auth_uri.endswith('ec2tokens'):
+            return auth_uri
        if auth_uri.endswith('/'):
            return '%sec2tokens' % auth_uri
        return '%s/ec2tokens' % auth_uri
--- a/heat/tests/test_api_ec2token.py
+++ b/heat/tests/test_api_ec2token.py
@ -469,6 +469,28 @@ class Ec2TokenTest(HeatTestCase):

        self.m.VerifyAll()

+    def test_call_ok_auth_uri_ec2authtoken_long(self):
+        # Prove we tolerate a url which already includes the /ec2tokens path
+        dummy_url = 'http://123:5000/v2.0/ec2tokens'
+        cfg.CONF.set_default('auth_uri', dummy_url, group='ec2authtoken')
+
+        ec2 = ec2token.EC2Token(app='woot', conf={})
+        params = {'AWSAccessKeyId': 'foo', 'Signature': 'xyz'}
+        req_env = {'SERVER_NAME': 'heat',
+                   'SERVER_PORT': '8000',
+                   'PATH_INFO': '/v1'}
+        dummy_req = self._dummy_GET_request(params, req_env)
+
+        ok_resp = json.dumps({'access': {'metadata': {}, 'token': {
+            'id': 123,
+            'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}})
+        self._stub_http_connection(response=ok_resp,
+                                   params={'AWSAccessKeyId': 'foo'})
+        self.m.ReplayAll()
+        self.assertEqual('woot', ec2.__call__(dummy_req))
+
+        self.m.VerifyAll()
+
    def test_call_ok_auth_uri_ks_authtoken(self):
        # Import auth_token to have keystone_authtoken settings setup.
        importutils.import_module('keystoneclient.middleware.auth_token')