From 5d76284261cbfedd3f8a6363e89be079db93eeae Mon Sep 17 00:00:00 2001 From: Chris Dent Date: Tue, 28 Nov 2017 12:44:44 +0000 Subject: [PATCH] [placement] re-use existing conf with auth token middleware If 'oslo_config_project' is passed to the auth_token filter factory, the mechanism in nova.api.openstack.placement.wsgi for overriding the location of the configuration file is ignored meaning that expected custom configuration is also ignored. Instead pass the already existing conf with 'olso_config_config' parameter. The unit test in test_deploy.py shows that the configuration settings get passed to the middleware and used by testing the value of the 'WWW-Authenticate' header (which comes from a few different configuration settings, of which is 'auth_uri') in a response generated by the placement WSGI application. The same test against the previous deploy.py code fails. Change-Id: I61d20c5d19797f7e66648c7864a632f3328be8ce Closes-Bug: #1734491 (cherry picked from commit b2e02f5147d79eaf4fd935507590fec5a0ba7ccf) --- nova/api/openstack/placement/deploy.py | 6 ++- .../api/openstack/placement/test_deploy.py | 43 +++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 nova/tests/unit/api/openstack/placement/test_deploy.py diff --git a/nova/api/openstack/placement/deploy.py b/nova/api/openstack/placement/deploy.py index 34001f34a018..821aeb61f8ed 100644 --- a/nova/api/openstack/placement/deploy.py +++ b/nova/api/openstack/placement/deploy.py @@ -38,9 +38,11 @@ def deploy(conf, project_name): if conf.api.auth_strategy == 'noauth2': auth_middleware = auth.NoAuthMiddleware else: - # Do not provide global conf to middleware here. + # Do not use 'oslo_config_project' param here as the conf + # location may have been overridden earlier in the deployment + # process with OS_PLACEMENT_CONFIG_DIR in wsgi.py. auth_middleware = auth_token.filter_factory( - {}, oslo_config_project=project_name) + {}, oslo_config_config=conf) # Pass in our CORS config, if any, manually as that's a) # explicit, b) makes testing more straightfoward, c) let's diff --git a/nova/tests/unit/api/openstack/placement/test_deploy.py b/nova/tests/unit/api/openstack/placement/test_deploy.py new file mode 100644 index 000000000000..938b8b1fd0b4 --- /dev/null +++ b/nova/tests/unit/api/openstack/placement/test_deploy.py @@ -0,0 +1,43 @@ +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +"""Unit tests for the deply function used to build the Placement service.""" + +from oslo_config import cfg +import webob + +from nova.api.openstack.placement import deploy +from nova import test + + +CONF = cfg.CONF + + +class DeployTest(test.NoDBTestCase): + + def test_auth_middleware_factory(self): + """Make sure that configuration settings make their way to + the keystone middleware correctly. + """ + auth_uri = 'http://example.com/identity' + authenticate_header_value = "Keystone uri='%s'" % auth_uri + self.flags(auth_uri=auth_uri, group='keystone_authtoken') + # ensure that the auth_token middleware is chosen + self.flags(auth_strategy='keystone', group='api') + app = deploy.deploy(CONF, 'nova') + req = webob.Request.blank('/', method="GET") + + response = req.get_response(app) + + self.assertEqual(authenticate_header_value, + response.headers['www-authenticate'])