summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2017-10-20 17:34:52 +0000
committerGerrit Code Review <review@openstack.org>2017-10-20 17:34:52 +0000
commit6be663a79db4abf277c6fd8d9a7cc0187f8dc7a2 (patch)
tree1a55a102f9f25e734c69f3ead9f1c8707c908cb5
parentaa91b4d28b0ce15afad9f34d02b9d77922a35523 (diff)
parent409b482253dec248ed828e92e52b09d4c02e51dd (diff)
Merge "Rename auth_uri to www_authenticate_uri"
-rw-r--r--doc/source/middlewarearchitecture.rst3
-rw-r--r--keystonemiddleware/auth_token/__init__.py15
-rw-r--r--keystonemiddleware/auth_token/_identity.py10
-rw-r--r--keystonemiddleware/auth_token/_opts.py20
-rw-r--r--keystonemiddleware/s3_token.py13
-rw-r--r--keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py27
-rw-r--r--keystonemiddleware/tests/unit/auth_token/test_cache.py2
-rw-r--r--keystonemiddleware/tests/unit/auth_token/test_config.py12
-rw-r--r--keystonemiddleware/tests/unit/test_opts.py2
-rw-r--r--keystonemiddleware/tests/unit/test_s3_token_middleware.py30
-rw-r--r--releasenotes/notes/rename-auth-uri-d223d883f5898aee.yaml9
11 files changed, 106 insertions, 37 deletions
diff --git a/doc/source/middlewarearchitecture.rst b/doc/source/middlewarearchitecture.rst
index 61882c1..e9ec7c8 100644
--- a/doc/source/middlewarearchitecture.rst
+++ b/doc/source/middlewarearchitecture.rst
@@ -259,7 +259,8 @@ swift/cloud files and for legacy Rackspace use. If the token isn't present and
259the middleware is configured to not delegate auth responsibility, it will 259the middleware is configured to not delegate auth responsibility, it will
260respond to the HTTP request with HTTPUnauthorized, returning the header 260respond to the HTTP request with HTTPUnauthorized, returning the header
261``WWW-Authenticate`` with the value `Keystone uri='...'` to indicate where to 261``WWW-Authenticate`` with the value `Keystone uri='...'` to indicate where to
262request a token. The auth_uri returned is configured with the middleware. 262request a token. The URI returned is configured with the
263``www_authenticate_uri`` option.
263 264
264The authentication middleware extends the HTTP request with the header 265The authentication middleware extends the HTTP request with the header
265``X-Identity-Status``. If a request is successfully authenticated, the value 266``X-Identity-Status``. If a request is successfully authenticated, the value
diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index 689c817..343bec2 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -583,17 +583,20 @@ class AuthProtocol(BaseAuthProtocol):
583 self._session = self._create_session() 583 self._session = self._create_session()
584 self._identity_server = self._create_identity_server() 584 self._identity_server = self._create_identity_server()
585 585
586 self._auth_uri = self._conf.get('auth_uri') 586 self._www_authenticate_uri = self._conf.get('www_authenticate_uri')
587 if not self._auth_uri: 587 if not self._www_authenticate_uri:
588 self._www_authenticate_uri = self._conf.get('auth_uri')
589 if not self._www_authenticate_uri:
588 self.log.warning( 590 self.log.warning(
589 'Configuring auth_uri to point to the public identity ' 591 'Configuring www_authenticate_uri to point to the public '
590 'endpoint is required; clients may not be able to ' 592 'identity endpoint is required; clients may not be able to '
591 'authenticate against an admin endpoint') 593 'authenticate against an admin endpoint')
592 594
593 # FIXME(dolph): drop support for this fallback behavior as 595 # FIXME(dolph): drop support for this fallback behavior as
594 # documented in bug 1207517. 596 # documented in bug 1207517.
595 597
596 self._auth_uri = self._identity_server.auth_uri 598 self._www_authenticate_uri = \
599 self._identity_server.www_authenticate_uri
597 600
598 self._signing_directory = _signing_dir.SigningDirectory( 601 self._signing_directory = _signing_dir.SigningDirectory(
599 directory_name=self._conf.get('signing_dir'), log=self.log) 602 directory_name=self._conf.get('signing_dir'), log=self.log)
@@ -687,7 +690,7 @@ class AuthProtocol(BaseAuthProtocol):
687 690
688 @property 691 @property
689 def _reject_auth_headers(self): 692 def _reject_auth_headers(self):
690 header_val = 'Keystone uri=\'%s\'' % self._auth_uri 693 header_val = 'Keystone uri=\'%s\'' % self._www_authenticate_uri
691 return [('WWW-Authenticate', header_val)] 694 return [('WWW-Authenticate', header_val)]
692 695
693 def _token_hashes(self, token): 696 def _token_hashes(self, token):
diff --git a/keystonemiddleware/auth_token/_identity.py b/keystonemiddleware/auth_token/_identity.py
index 88d7f62..d02dcfc 100644
--- a/keystonemiddleware/auth_token/_identity.py
+++ b/keystonemiddleware/auth_token/_identity.py
@@ -147,16 +147,18 @@ class IdentityServer(object):
147 self._request_strategy_obj = None 147 self._request_strategy_obj = None
148 148
149 @property 149 @property
150 def auth_uri(self): 150 def www_authenticate_uri(self):
151 auth_uri = self._adapter.get_endpoint(interface=plugin.AUTH_INTERFACE) 151 www_authenticate_uri = self._adapter.get_endpoint(
152 interface=plugin.AUTH_INTERFACE)
152 153
153 # NOTE(jamielennox): This weird stripping of the prefix hack is 154 # NOTE(jamielennox): This weird stripping of the prefix hack is
154 # only relevant to the legacy case. We urljoin '/' to get just the 155 # only relevant to the legacy case. We urljoin '/' to get just the
155 # base URI as this is the original behaviour. 156 # base URI as this is the original behaviour.
156 if isinstance(self._adapter.auth, _auth.AuthTokenPlugin): 157 if isinstance(self._adapter.auth, _auth.AuthTokenPlugin):
157 auth_uri = urllib.parse.urljoin(auth_uri, '/').rstrip('/') 158 www_authenticate_uri = urllib.parse.urljoin(
159 www_authenticate_uri, '/').rstrip('/')
158 160
159 return auth_uri 161 return www_authenticate_uri
160 162
161 @property 163 @property
162 def auth_version(self): 164 def auth_version(self):
diff --git a/keystonemiddleware/auth_token/_opts.py b/keystonemiddleware/auth_token/_opts.py
index 488a482..7e68795 100644
--- a/keystonemiddleware/auth_token/_opts.py
+++ b/keystonemiddleware/auth_token/_opts.py
@@ -28,7 +28,7 @@ from keystonemiddleware.auth_token import _base
28# options via CONF. 28# options via CONF.
29 29
30_OPTS = [ 30_OPTS = [
31 cfg.StrOpt('auth_uri', 31 cfg.StrOpt('www_authenticate_uri',
32 # FIXME(dolph): should be default='http://127.0.0.1:5000/v2.0/', 32 # FIXME(dolph): should be default='http://127.0.0.1:5000/v2.0/',
33 # or (depending on client support) an unversioned, publicly 33 # or (depending on client support) an unversioned, publicly
34 # accessible identity endpoint (see bug 1207517). Further, we 34 # accessible identity endpoint (see bug 1207517). Further, we
@@ -38,6 +38,7 @@ _OPTS = [
38 # This wasn't an option originally when many auth_token 38 # This wasn't an option originally when many auth_token
39 # deployments were configured with the "ADMIN" token and 39 # deployments were configured with the "ADMIN" token and
40 # endpoint combination. 40 # endpoint combination.
41 deprecated_name='auth_uri',
41 help='Complete "public" Identity API endpoint. This endpoint' 42 help='Complete "public" Identity API endpoint. This endpoint'
42 ' should not be an "admin" endpoint, as it should be accessible' 43 ' should not be an "admin" endpoint, as it should be accessible'
43 ' by all end users. Unauthenticated clients are redirected to' 44 ' by all end users. Unauthenticated clients are redirected to'
@@ -47,6 +48,23 @@ _OPTS = [
47 ' should *not* be the same endpoint the service user utilizes' 48 ' should *not* be the same endpoint the service user utilizes'
48 ' for validating tokens, because normal end users may not be' 49 ' for validating tokens, because normal end users may not be'
49 ' able to reach that endpoint.'), 50 ' able to reach that endpoint.'),
51 cfg.StrOpt('auth_uri',
52 deprecated_for_removal=True,
53 deprecated_reason='The auth_uri option is deprecated in favor'
54 ' of www_authenticate_uri and will be removed in the S '
55 ' release.',
56 deprecated_since='Queens',
57 help='Complete "public" Identity API endpoint. This endpoint'
58 ' should not be an "admin" endpoint, as it should be accessible'
59 ' by all end users. Unauthenticated clients are redirected to'
60 ' this endpoint to authenticate. Although this endpoint should'
61 ' ideally be unversioned, client support in the wild varies.'
62 ' If you\'re using a versioned v2 endpoint here, then this'
63 ' should *not* be the same endpoint the service user utilizes'
64 ' for validating tokens, because normal end users may not be'
65 ' able to reach that endpoint. This option is deprecated in'
66 ' favor of www_authenticate_uri and will be removed in the S'
67 ' release.'),
50 cfg.StrOpt('auth_version', 68 cfg.StrOpt('auth_version',
51 help='API version of the admin Identity API endpoint.'), 69 help='API version of the admin Identity API endpoint.'),
52 cfg.BoolOpt('delay_auth_decision', 70 cfg.BoolOpt('delay_auth_decision',
diff --git a/keystonemiddleware/s3_token.py b/keystonemiddleware/s3_token.py
index be44473..d8d8e78 100644
--- a/keystonemiddleware/s3_token.py
+++ b/keystonemiddleware/s3_token.py
@@ -57,13 +57,20 @@ class S3Token(object):
57 self._reseller_prefix = conf.get('reseller_prefix', 'AUTH_') 57 self._reseller_prefix = conf.get('reseller_prefix', 'AUTH_')
58 # where to find the auth service (we use this to validate tokens) 58 # where to find the auth service (we use this to validate tokens)
59 59
60 self._request_uri = conf.get('auth_uri') 60 self._request_uri = conf.get('www_authenticate_uri')
61 auth_uri = conf.get('auth_uri')
62 if not self._request_uri and auth_uri:
63 self._logger.warning(
64 "Use of the auth_uri option was deprecated "
65 "in the Queens release in favor of www_authenticate_uri. This "
66 "option will be removed in the S release.")
67 self._request_uri = auth_uri
61 if not self._request_uri: 68 if not self._request_uri:
62 self._logger.warning( 69 self._logger.warning(
63 "Use of the auth_host, auth_port, and auth_protocol " 70 "Use of the auth_host, auth_port, and auth_protocol "
64 "configuration options was deprecated in the Newton release " 71 "configuration options was deprecated in the Newton release "
65 "in favor of auth_uri. These options may be removed in a " 72 "in favor of www_authenticate_uri. These options will be "
66 "future release.") 73 "removed in the S release.")
67 auth_host = conf.get('auth_host') 74 auth_host = conf.get('auth_host')
68 auth_port = int(conf.get('auth_port', 35357)) 75 auth_port = int(conf.get('auth_port', 35357))
69 auth_protocol = conf.get('auth_protocol', 'https') 76 auth_protocol = conf.get('auth_protocol', 'https')
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 2a3a66d..a130b19 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -280,7 +280,7 @@ class BaseAuthTokenMiddlewareTest(base.BaseAuthTokenTestCase):
280 'identity_uri': 'https://keystone.example.com:1234/testadmin/', 280 'identity_uri': 'https://keystone.example.com:1234/testadmin/',
281 'signing_dir': signing_dir, 281 'signing_dir': signing_dir,
282 'auth_version': auth_version, 282 'auth_version': auth_version,
283 'auth_uri': 'https://keystone.example.com:1234', 283 'www_authenticate_uri': 'https://keystone.example.com:1234',
284 'admin_user': uuid.uuid4().hex, 284 'admin_user': uuid.uuid4().hex,
285 } 285 }
286 286
@@ -460,7 +460,7 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
460 def test_config_revocation_cache_timeout(self): 460 def test_config_revocation_cache_timeout(self):
461 conf = { 461 conf = {
462 'revocation_cache_time': '24', 462 'revocation_cache_time': '24',
463 'auth_uri': 'https://keystone.example.com:1234', 463 'www_authenticate_uri': 'https://keystone.example.com:1234',
464 'admin_user': uuid.uuid4().hex 464 'admin_user': uuid.uuid4().hex
465 } 465 }
466 middleware = auth_token.AuthProtocol(self.fake_app, conf) 466 middleware = auth_token.AuthProtocol(self.fake_app, conf)
@@ -591,12 +591,12 @@ class CommonAuthTokenMiddlewareTest(object):
591 'auth_host': '2001:2013:1:f101::1', 591 'auth_host': '2001:2013:1:f101::1',
592 'auth_port': '1234', 592 'auth_port': '1234',
593 'auth_protocol': 'http', 593 'auth_protocol': 'http',
594 'auth_uri': None, 594 'www_authenticate_uri': None,
595 'auth_version': 'v3.0', 595 'auth_version': 'v3.0',
596 } 596 }
597 middleware = self.create_simple_middleware(conf=conf) 597 middleware = self.create_simple_middleware(conf=conf)
598 self.assertEqual('http://[2001:2013:1:f101::1]:1234', 598 self.assertEqual('http://[2001:2013:1:f101::1]:1234',
599 middleware._auth_uri) 599 middleware._www_authenticate_uri)
600 600
601 def assert_valid_request_200(self, token, with_catalog=True): 601 def assert_valid_request_200(self, token, with_catalog=True):
602 resp = self.call_middleware(headers={'X-Auth-Token': token}) 602 resp = self.call_middleware(headers={'X-Auth-Token': token})
@@ -1982,10 +1982,10 @@ class DelayedAuthTests(BaseAuthTokenMiddlewareTest):
1982 1982
1983 def test_header_in_401(self): 1983 def test_header_in_401(self):
1984 body = uuid.uuid4().hex 1984 body = uuid.uuid4().hex
1985 auth_uri = 'http://local.test' 1985 www_authenticate_uri = 'http://local.test'
1986 conf = {'delay_auth_decision': 'True', 1986 conf = {'delay_auth_decision': 'True',
1987 'auth_version': 'v3.0', 1987 'auth_version': 'v3.0',
1988 'auth_uri': auth_uri} 1988 'www_authenticate_uri': www_authenticate_uri}
1989 1989
1990 middleware = self.create_simple_middleware(status='401 Unauthorized', 1990 middleware = self.create_simple_middleware(status='401 Unauthorized',
1991 body=body, 1991 body=body,
@@ -1993,11 +1993,11 @@ class DelayedAuthTests(BaseAuthTokenMiddlewareTest):
1993 resp = self.call(middleware, expected_status=401) 1993 resp = self.call(middleware, expected_status=401)
1994 self.assertEqual(six.b(body), resp.body) 1994 self.assertEqual(six.b(body), resp.body)
1995 1995
1996 self.assertEqual("Keystone uri='%s'" % auth_uri, 1996 self.assertEqual("Keystone uri='%s'" % www_authenticate_uri,
1997 resp.headers['WWW-Authenticate']) 1997 resp.headers['WWW-Authenticate'])
1998 1998
1999 def test_delayed_auth_values(self): 1999 def test_delayed_auth_values(self):
2000 conf = {'auth_uri': 'http://local.test'} 2000 conf = {'www_authenticate_uri': 'http://local.test'}
2001 status = '401 Unauthorized' 2001 status = '401 Unauthorized'
2002 2002
2003 middleware = self.create_simple_middleware(status=status, conf=conf) 2003 middleware = self.create_simple_middleware(status=status, conf=conf)
@@ -2005,7 +2005,7 @@ class DelayedAuthTests(BaseAuthTokenMiddlewareTest):
2005 2005
2006 for v in ('True', '1', 'on', 'yes'): 2006 for v in ('True', '1', 'on', 'yes'):
2007 conf = {'delay_auth_decision': v, 2007 conf = {'delay_auth_decision': v,
2008 'auth_uri': 'http://local.test'} 2008 'www_authenticate_uri': 'http://local.test'}
2009 2009
2010 middleware = self.create_simple_middleware(status=status, 2010 middleware = self.create_simple_middleware(status=status,
2011 conf=conf) 2011 conf=conf)
@@ -2013,7 +2013,7 @@ class DelayedAuthTests(BaseAuthTokenMiddlewareTest):
2013 2013
2014 for v in ('False', '0', 'no'): 2014 for v in ('False', '0', 'no'):
2015 conf = {'delay_auth_decision': v, 2015 conf = {'delay_auth_decision': v,
2016 'auth_uri': 'http://local.test'} 2016 'www_authenticate_uri': 'http://local.test'}
2017 2017
2018 middleware = self.create_simple_middleware(status=status, 2018 middleware = self.create_simple_middleware(status=status,
2019 conf=conf) 2019 conf=conf)
@@ -2021,8 +2021,11 @@ class DelayedAuthTests(BaseAuthTokenMiddlewareTest):
2021 2021
2022 def test_auth_plugin_with_no_tokens(self): 2022 def test_auth_plugin_with_no_tokens(self):
2023 body = uuid.uuid4().hex 2023 body = uuid.uuid4().hex
2024 auth_uri = 'http://local.test' 2024 www_authenticate_uri = 'http://local.test'
2025 conf = {'delay_auth_decision': True, 'auth_uri': auth_uri} 2025 conf = {
2026 'delay_auth_decision': True,
2027 'www_authenticate_uri': www_authenticate_uri
2028 }
2026 2029
2027 middleware = self.create_simple_middleware(body=body, conf=conf) 2030 middleware = self.create_simple_middleware(body=body, conf=conf)
2028 resp = self.call(middleware) 2031 resp = self.call(middleware)
diff --git a/keystonemiddleware/tests/unit/auth_token/test_cache.py b/keystonemiddleware/tests/unit/auth_token/test_cache.py
index df677bf..6fa1ef2 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_cache.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_cache.py
@@ -80,7 +80,7 @@ class NoMemcacheAuthToken(base.BaseAuthTokenTestCase):
80 'auth_host': 'keystone.example.com', 80 'auth_host': 'keystone.example.com',
81 'auth_port': '1234', 81 'auth_port': '1234',
82 'memcached_servers': ','.join(MEMCACHED_SERVERS), 82 'memcached_servers': ','.join(MEMCACHED_SERVERS),
83 'auth_uri': 'https://keystone.example.com:1234', 83 'www_authenticate_uri': 'https://keystone.example.com:1234',
84 } 84 }
85 85
86 self.create_simple_middleware(conf=conf) 86 self.create_simple_middleware(conf=conf)
diff --git a/keystonemiddleware/tests/unit/auth_token/test_config.py b/keystonemiddleware/tests/unit/auth_token/test_config.py
index 8cfa35d..6b824af 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_config.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_config.py
@@ -36,7 +36,7 @@ class TestAuthPluginLocalOsloConfig(base.BaseAuthTokenTestCase):
36 # in the 'keystone_authtoken' group. Additional options, from 36 # in the 'keystone_authtoken' group. Additional options, from
37 # plugins, are registered dynamically so must not be used here. 37 # plugins, are registered dynamically so must not be used here.
38 self.oslo_options = { 38 self.oslo_options = {
39 'auth_uri': uuid.uuid4().hex, 39 'www_authenticate_uri': uuid.uuid4().hex,
40 'identity_uri': uuid.uuid4().hex, 40 'identity_uri': uuid.uuid4().hex,
41 } 41 }
42 42
@@ -56,14 +56,14 @@ class TestAuthPluginLocalOsloConfig(base.BaseAuthTokenTestCase):
56 56
57 self.file_options = { 57 self.file_options = {
58 'auth_type': 'password', 58 'auth_type': 'password',
59 'auth_uri': uuid.uuid4().hex, 59 'www_authenticate_uri': uuid.uuid4().hex,
60 'password': uuid.uuid4().hex, 60 'password': uuid.uuid4().hex,
61 } 61 }
62 62
63 content = ("[keystone_authtoken]\n" 63 content = ("[keystone_authtoken]\n"
64 "auth_type=%(auth_type)s\n" 64 "auth_type=%(auth_type)s\n"
65 "auth_uri=%(auth_uri)s\n" 65 "www_authenticate_uri=%(www_authenticate_uri)s\n"
66 "auth_url=%(auth_uri)s\n" 66 "auth_url=%(www_authenticate_uri)s\n"
67 "password=%(password)s\n" % self.file_options) 67 "password=%(password)s\n" % self.file_options)
68 68
69 self.conf_file_fixture = self.useFixture( 69 self.conf_file_fixture = self.useFixture(
@@ -108,5 +108,5 @@ class TestAuthPluginLocalOsloConfig(base.BaseAuthTokenTestCase):
108 for option in self.oslo_options: 108 for option in self.oslo_options:
109 self.assertEqual(self.oslo_options[option], 109 self.assertEqual(self.oslo_options[option],
110 conf_get(app, option)) 110 conf_get(app, option))
111 self.assertNotEqual(self.file_options['auth_uri'], 111 self.assertNotEqual(self.file_options['www_authenticate_uri'],
112 conf_get(app, 'auth_uri')) 112 conf_get(app, 'www_authenticate_uri'))
diff --git a/keystonemiddleware/tests/unit/test_opts.py b/keystonemiddleware/tests/unit/test_opts.py
index 18c4046..5768011 100644
--- a/keystonemiddleware/tests/unit/test_opts.py
+++ b/keystonemiddleware/tests/unit/test_opts.py
@@ -35,6 +35,7 @@ class OptsTestCase(utils.TestCase):
35 'auth_host', 35 'auth_host',
36 'auth_port', 36 'auth_port',
37 'auth_protocol', 37 'auth_protocol',
38 'www_authenticate_uri',
38 'auth_uri', 39 'auth_uri',
39 'identity_uri', 40 'identity_uri',
40 'auth_version', 41 'auth_version',
@@ -86,6 +87,7 @@ class OptsTestCase(utils.TestCase):
86 87
87 # This is the sample config generator list WITHOUT deprecations 88 # This is the sample config generator list WITHOUT deprecations
88 expected_opt_names = [ 89 expected_opt_names = [
90 'www_authenticate_uri',
89 'auth_uri', 91 'auth_uri',
90 'auth_version', 92 'auth_version',
91 'delay_auth_decision', 93 'delay_auth_decision',
diff --git a/keystonemiddleware/tests/unit/test_s3_token_middleware.py b/keystonemiddleware/tests/unit/test_s3_token_middleware.py
index bb8fcc3..f9857a9 100644
--- a/keystonemiddleware/tests/unit/test_s3_token_middleware.py
+++ b/keystonemiddleware/tests/unit/test_s3_token_middleware.py
@@ -12,12 +12,14 @@
12# License for the specific language governing permissions and limitations 12# License for the specific language governing permissions and limitations
13# under the License. 13# under the License.
14 14
15import fixtures
15import mock 16import mock
16from oslo_serialization import jsonutils 17from oslo_serialization import jsonutils
17import requests 18import requests
18from requests_mock.contrib import fixture as rm_fixture 19from requests_mock.contrib import fixture as rm_fixture
19import six 20import six
20from six.moves import urllib 21from six.moves import urllib
22from testtools import matchers
21import webob 23import webob
22 24
23from keystonemiddleware import s3_token 25from keystonemiddleware import s3_token
@@ -39,14 +41,14 @@ class FakeApp(object):
39 41
40class S3TokenMiddlewareTestBase(utils.TestCase): 42class S3TokenMiddlewareTestBase(utils.TestCase):
41 43
42 TEST_AUTH_URI = 'https://fakehost/identity' 44 TEST_WWW_AUTHENTICATE_URI = 'https://fakehost/identity'
43 TEST_URL = '%s/v2.0/s3tokens' % (TEST_AUTH_URI, ) 45 TEST_URL = '%s/v2.0/s3tokens' % (TEST_WWW_AUTHENTICATE_URI, )
44 46
45 def setUp(self): 47 def setUp(self):
46 super(S3TokenMiddlewareTestBase, self).setUp() 48 super(S3TokenMiddlewareTestBase, self).setUp()
47 49
48 self.conf = { 50 self.conf = {
49 'auth_uri': self.TEST_AUTH_URI, 51 'www_authenticate_uri': self.TEST_WWW_AUTHENTICATE_URI,
50 } 52 }
51 53
52 self.requests_mock = self.useFixture(rm_fixture.Fixture()) 54 self.requests_mock = self.useFixture(rm_fixture.Fixture())
@@ -225,3 +227,25 @@ class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase):
225 s3_invalid_req = self.middleware._deny_request('InvalidURI') 227 s3_invalid_req = self.middleware._deny_request('InvalidURI')
226 self.assertEqual(resp.body, s3_invalid_req.body) 228 self.assertEqual(resp.body, s3_invalid_req.body)
227 self.assertEqual(resp.status_int, s3_invalid_req.status_int) 229 self.assertEqual(resp.status_int, s3_invalid_req.status_int)
230
231
232class S3TokenMiddlewareTestDeprecatedOptions(S3TokenMiddlewareTestBase):
233 def setUp(self):
234 super(S3TokenMiddlewareTestDeprecatedOptions, self).setUp()
235 self.conf = {
236 'auth_uri': self.TEST_WWW_AUTHENTICATE_URI,
237 }
238 self.logger = self.useFixture(fixtures.FakeLogger())
239 self.middleware = s3_token.S3Token(FakeApp(), self.conf)
240
241 self.requests_mock.post(self.TEST_URL,
242 status_code=201,
243 json=GOOD_RESPONSE)
244
245 def test_logs_warning(self):
246 req = webob.Request.blank('/')
247 self.middleware(req.environ, self.start_fake_response)
248 self.assertEqual(self.response_status, 200)
249 log = "Use of the auth_uri option was deprecated in the Queens " \
250 "release in favor of www_authenticate_uri."
251 self.assertThat(self.logger.output, matchers.Contains(log))
diff --git a/releasenotes/notes/rename-auth-uri-d223d883f5898aee.yaml b/releasenotes/notes/rename-auth-uri-d223d883f5898aee.yaml
new file mode 100644
index 0000000..1c3e3fa
--- /dev/null
+++ b/releasenotes/notes/rename-auth-uri-d223d883f5898aee.yaml
@@ -0,0 +1,9 @@
1---
2deprecations:
3 - |
4 The auth_uri parameter of keystone_authtoken is deprecated in favor of
5 www_authenticate_uri. The auth_uri option was often confused with the
6 auth_url parameter of the keystoneauth plugin, which was also effectively
7 always required. The parameter refers to the WWW-Authenticate header that is
8 returned when the user needs to be redirected to the Identity service for
9 authentication.