[placement] re-use existing conf with auth token middleware

If 'oslo_config_project' is passed to the auth_token filter factory, the mechanism in nova.api.openstack.placement.wsgi for overriding the location of the configuration file is ignored meaning that expected custom configuration is also ignored. Instead pass the already existing conf with 'olso_config_config' parameter. The unit test in test_deploy.py shows that the configuration settings get passed to the middleware and used by testing the value of the 'WWW-Authenticate' header (which comes from a few different configuration settings, of which is 'auth_uri') in a response generated by the placement WSGI application. The same test against the previous deploy.py code fails. Change-Id: I61d20c5d19797f7e66648c7864a632f3328be8ce Closes-Bug: #1734491 (cherry picked from commit b2e02f5147)
2017-11-28 12:44:44 +00:00 · 2017-11-28 12:44:44 +00:00 · 5d76284261
parent 8f7f4b3ba6
commit 5d76284261
2 changed files with 47 additions and 2 deletions
--- a/nova/api/openstack/placement/deploy.py
+++ b/nova/api/openstack/placement/deploy.py
@ -38,9 +38,11 @@ def deploy(conf, project_name):
    if conf.api.auth_strategy == 'noauth2':
        auth_middleware = auth.NoAuthMiddleware
    else:
-        # Do not provide global conf to middleware here.
+        # Do not use 'oslo_config_project' param here as the conf
+        # location may have been overridden earlier in the deployment
+        # process with OS_PLACEMENT_CONFIG_DIR in wsgi.py.
        auth_middleware = auth_token.filter_factory(
-            {}, oslo_config_project=project_name)
+            {}, oslo_config_config=conf)

    # Pass in our CORS config, if any, manually as that's a)
    # explicit, b) makes testing more straightfoward, c) let's
--- a/nova/tests/unit/api/openstack/placement/test_deploy.py
+++ b/nova/tests/unit/api/openstack/placement/test_deploy.py
@ -0,0 +1,43 @@
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+"""Unit tests for the deply function used to build the Placement service."""
+
+from oslo_config import cfg
+import webob
+
+from nova.api.openstack.placement import deploy
+from nova import test
+
+
+CONF = cfg.CONF
+
+
+class DeployTest(test.NoDBTestCase):
+
+    def test_auth_middleware_factory(self):
+        """Make sure that configuration settings make their way to
+        the keystone middleware correctly.
+        """
+        auth_uri = 'http://example.com/identity'
+        authenticate_header_value = "Keystone uri='%s'" % auth_uri
+        self.flags(auth_uri=auth_uri, group='keystone_authtoken')
+        # ensure that the auth_token middleware is chosen
+        self.flags(auth_strategy='keystone', group='api')
+        app = deploy.deploy(CONF, 'nova')
+        req = webob.Request.blank('/', method="GET")
+
+        response = req.get_response(app)
+
+        self.assertEqual(authenticate_header_value,
+                         response.headers['www-authenticate'])