ec2token tolerate fully-qualified ec2authtoken auth_uri
If (as is currently done by the puppet-heat manifiests) the ec2authtoken auth_uri is specified, and it looks like http://127.0.0.1:5000/v2.0/ec2tokens ec2token authentication will fail, because we always append "ec2tokens" to the auth_uri. Instead, only add it when needed. This probably needs to be combined with a change to the puppet manifiests so we don't set the ec2authtoken auth_uri, as it's an optional section - we can derive the correct path with only the auth_uri from the keystone_authtoken section. Change-Id: I8c89772b40523b30f1c46b2ca8b68f9e20d5c213 Closes-Bug: #1318599
This commit is contained in:
parent
b1197da2ad
commit
c908b28700
|
@ -73,6 +73,8 @@ class EC2Token(wsgi.Middleware):
|
|||
|
||||
@staticmethod
|
||||
def _conf_get_keystone_ec2_uri(auth_uri):
|
||||
if auth_uri.endswith('ec2tokens'):
|
||||
return auth_uri
|
||||
if auth_uri.endswith('/'):
|
||||
return '%sec2tokens' % auth_uri
|
||||
return '%s/ec2tokens' % auth_uri
|
||||
|
|
|
@ -469,6 +469,28 @@ class Ec2TokenTest(HeatTestCase):
|
|||
|
||||
self.m.VerifyAll()
|
||||
|
||||
def test_call_ok_auth_uri_ec2authtoken_long(self):
|
||||
# Prove we tolerate a url which already includes the /ec2tokens path
|
||||
dummy_url = 'http://123:5000/v2.0/ec2tokens'
|
||||
cfg.CONF.set_default('auth_uri', dummy_url, group='ec2authtoken')
|
||||
|
||||
ec2 = ec2token.EC2Token(app='woot', conf={})
|
||||
params = {'AWSAccessKeyId': 'foo', 'Signature': 'xyz'}
|
||||
req_env = {'SERVER_NAME': 'heat',
|
||||
'SERVER_PORT': '8000',
|
||||
'PATH_INFO': '/v1'}
|
||||
dummy_req = self._dummy_GET_request(params, req_env)
|
||||
|
||||
ok_resp = json.dumps({'access': {'metadata': {}, 'token': {
|
||||
'id': 123,
|
||||
'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}})
|
||||
self._stub_http_connection(response=ok_resp,
|
||||
params={'AWSAccessKeyId': 'foo'})
|
||||
self.m.ReplayAll()
|
||||
self.assertEqual('woot', ec2.__call__(dummy_req))
|
||||
|
||||
self.m.VerifyAll()
|
||||
|
||||
def test_call_ok_auth_uri_ks_authtoken(self):
|
||||
# Import auth_token to have keystone_authtoken settings setup.
|
||||
importutils.import_module('keystoneclient.middleware.auth_token')
|
||||
|
|
Loading…
Reference in New Issue