Remove authurl middleware
Change-Id: I6bc24680ed6b4e5783ad40613e180adcaa1115ca
This commit is contained in:
parent
79e2ba712d
commit
9fe9cddd70
|
@ -1,7 +1,7 @@
|
|||
|
||||
# senlin-api pipeline
|
||||
[pipeline:senlin-api]
|
||||
pipeline = request_id faultwrap ssl versionnegotiation authurl authtoken context trust apiv1app
|
||||
pipeline = request_id faultwrap ssl versionnegotiation authtoken context trust apiv1app
|
||||
|
||||
[app:apiv1app]
|
||||
paste.app_factory = senlin.common.wsgi:app_factory
|
||||
|
@ -29,10 +29,6 @@ senlin.filter_factory = senlin.api.openstack:version_negotiation_filter
|
|||
[filter:trust]
|
||||
paste.filter_factory = senlin.common.trust:TrustMiddleware_filter_factory
|
||||
|
||||
# Middleware to set auth_url header appropriately
|
||||
[filter:authurl]
|
||||
paste.filter_factory = senlin.common.auth_url:filter_factory
|
||||
|
||||
# Auth middleware that validates token against keystone
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
#
|
||||
# Copyright 2013 OpenStack Foundation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_utils import importutils
|
||||
|
||||
from senlin.common import wsgi
|
||||
|
||||
|
||||
class AuthUrlFilter(wsgi.Middleware):
|
||||
|
||||
def __init__(self, app, conf):
|
||||
super(AuthUrlFilter, self).__init__(app)
|
||||
self.conf = conf
|
||||
|
||||
if 'auth_uri' in self.conf:
|
||||
self.auth_url = self.conf['auth_uri']
|
||||
else:
|
||||
# Import auth_token to have keystone_authtoken settings setup.
|
||||
auth_token_module = 'keystonemiddleware.auth_token'
|
||||
importutils.import_module(auth_token_module)
|
||||
self.auth_url = cfg.CONF.keystone_authtoken.auth_uri
|
||||
|
||||
def process_request(self, req):
|
||||
req.headers['X-Auth-Url'] = self.auth_url
|
||||
return None
|
||||
|
||||
|
||||
def filter_factory(global_conf, **local_conf):
|
||||
conf = global_conf.copy()
|
||||
conf.update(local_conf)
|
||||
|
||||
def auth_url_filter(app):
|
||||
return AuthUrlFilter(app, conf)
|
||||
return auth_url_filter
|
|
@ -149,6 +149,11 @@ class ContextMiddleware(wsgi.Middleware):
|
|||
environ = req.environ
|
||||
try:
|
||||
auth_url = headers.get('X-Auth-Url')
|
||||
if not auth_url:
|
||||
# Use auth_url defined in senlin.conf
|
||||
importutils.import_module('keystonemiddleware.auth_token')
|
||||
auth_url = cfg.CONF.keystone_authtoken.auth_uri
|
||||
|
||||
auth_token = headers.get('X-Auth-Token')
|
||||
auth_token_info = environ.get('keystone.token_info')
|
||||
|
||||
|
|
|
@ -1,64 +0,0 @@
|
|||
#
|
||||
# Copyright 2013 OpenStack Foundation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import mock
|
||||
from oslo_utils import encodeutils
|
||||
import webob
|
||||
|
||||
from senlin.common import auth_url
|
||||
from senlin.tests.common import base
|
||||
|
||||
|
||||
class FakeApp(object):
|
||||
"""This represents a WSGI app protected by our auth middleware."""
|
||||
|
||||
def __call__(self, environ, start_response):
|
||||
"""Assert that headers are correctly set up when finally called."""
|
||||
resp = webob.Response()
|
||||
resp.body = encodeutils.safe_encode('SUCCESS')
|
||||
return resp(environ, start_response)
|
||||
|
||||
|
||||
class AuthUrlFilterTest(base.SenlinTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(AuthUrlFilterTest, self).setUp()
|
||||
self.app = FakeApp()
|
||||
self.config = {'auth_uri': 'foobar'}
|
||||
self.middleware = auth_url.AuthUrlFilter(self.app, self.config)
|
||||
|
||||
@mock.patch.object(auth_url.cfg, 'CONF')
|
||||
def test_adds_default_auth_url_from_keystone_authtoken(self, mock_cfg):
|
||||
self.config = {}
|
||||
mock_cfg.keystone_authtoken.auth_uri = 'foobar'
|
||||
mock_cfg.auth_password.multi_cloud = False
|
||||
self.middleware = auth_url.AuthUrlFilter(self.app, self.config)
|
||||
req = webob.Request.blank('/tenant_id/')
|
||||
self.middleware(req)
|
||||
self.assertIn('X-Auth-Url', req.headers)
|
||||
self.assertEqual('foobar', req.headers['X-Auth-Url'])
|
||||
|
||||
def test_overwrites_auth_url_from_headers_with_local_config(self):
|
||||
req = webob.Request.blank('/tenant_id/')
|
||||
req.headers['X-Auth-Url'] = 'should_be_overwritten'
|
||||
self.middleware(req)
|
||||
self.assertEqual('foobar', req.headers['X-Auth-Url'])
|
||||
|
||||
def test_reads_auth_url_from_local_config(self):
|
||||
req = webob.Request.blank('/tenant_id/')
|
||||
self.middleware(req)
|
||||
self.assertIn('X-Auth-Url', req.headers)
|
||||
self.assertEqual('foobar', req.headers['X-Auth-Url'])
|
Loading…
Reference in New Issue