Fix keystoneclient auth_token middleware changes

Things changed, and the configuration wasn't read anymore. This patch fixes
that. It also remove duplicated code in acl.py, so the problem is fixed only
in one place. Finally, it uses prepare_service() to find the right
configuration file for ceilometer.

This fixes bug #1098204

Change-Id: I0d6c30ad443a4d0db201e60d12b275625a4bee6e
Signed-off-by: Julien Danjou <julien@danjou.info>

bin/ceilometer-api

@@ -20,8 +20,9 @@
 """
 import sys
 
-from ceilometer.api.v1 import acl
+from ceilometer.api import acl
 from ceilometer.api.v1 import app
+from ceilometer import service
 from ceilometer.openstack.common import cfg
 from ceilometer.openstack.common import log as logging
 
@@ -34,8 +35,7 @@ if __name__ == '__main__':
 
     # Parse config file and command line options,
     # then configure logging.
-    cfg.CONF(sys.argv[1:])
+    service.prepare_service()
-    logging.setup('ceilometer.api')
 
     root = app.make_app()
 

bin/ceilometer-api-v2

@@ -26,6 +26,7 @@ from pecan import configuration
 
 from ceilometer.api import acl
 from ceilometer.api import app
+from ceilometer import service
 from ceilometer.api import config as api_config
 from ceilometer.openstack.common import cfg
 from ceilometer.openstack.common import log as logging
@@ -39,8 +40,7 @@ if __name__ == '__main__':
 
     # Parse OpenStack config file and command line options, then
     # configure logging.
-    cfg.CONF(sys.argv[1:])
+    service.prepare_service()
-    logging.setup('ceilometer.api')
 
     # Set up the pecan configuration
     filename = api_config.__file__.replace('.pyc', '.py')
@@ -49,7 +49,7 @@ if __name__ == '__main__':
     # Build the WSGI app
     root = app.setup_app(pecan_config,
                          extra_hooks=[acl.AdminAuthHook()])
-    root = acl.install(root, dict(cfg.CONF))
+    root = acl.install(root, cfg.CONF)
 
     # Create the WSGI server and start it
     host, port = '0.0.0.0', int(cfg.CONF.metering_api_port)

ceilometer/api/acl.py

@@ -25,22 +25,22 @@ from webob import exc
 
 import keystoneclient.middleware.auth_token as auth_token
 
+OPT_GROUP_NAME = 'keystone_authtoken'
+
 
 def register_opts(conf):
     """Register keystoneclient middleware options
     """
     conf.register_opts(auth_token.opts,
-                       group='keystone_authtoken',
+                       group=OPT_GROUP_NAME)
-                       )
     auth_token.CONF = conf
 
 
 def install(app, conf):
     """Install ACL check on application."""
-    new_app = auth_token.AuthProtocol(app,
+    register_opts(conf)
-                                      conf=conf,
+    return auth_token.AuthProtocol(app,
-                                      )
+                                   conf=dict(conf.get(OPT_GROUP_NAME)))
-    return new_app
 
 
 class AdminAuthHook(hooks.PecanHook):

ceilometer/api/v1/acl.py

@@ -15,28 +15,10 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-"""Set up the ACL to acces the API server."""
+"""Handle the ACL to acces the API server."""
 
 from ceilometer import policy
-
+from ceilometer.api import acl
-import keystoneclient.middleware.auth_token as auth_token
-
-
-def register_opts(conf):
-    """Register keystoneclient middleware options
-    """
-    conf.register_opts(auth_token.opts,
-                       group='keystone_authtoken',
-                       )
-    auth_token.CONF = conf
-
-
-def install(app, conf):
-    """Install ACL check on application."""
-    app.wsgi_app = auth_token.AuthProtocol(app.wsgi_app,
-                                           conf=conf,
-                                          )
-    return app
 
 
 def get_limited_to_project(headers):

ceilometer/api/v1/app.py

@@ -24,7 +24,7 @@ from ceilometer.openstack.common import cfg
 from ceilometer.openstack.common import jsonutils
 from ceilometer import storage
 from ceilometer.api.v1 import blueprint as v1_blueprint
-from ceilometer.api.v1 import acl
+from ceilometer.api import acl
 
 
 storage.register_opts(cfg.CONF)
@@ -55,7 +55,7 @@ def make_app(enable_acl=True, attach_storage=True):
 
     # Install the middleware wrapper
     if enable_acl:
-        return acl.install(app, dict(cfg.CONF))
+        app.wsgi_app = acl.install(app.wsgi_app, cfg.CONF)
     return app
 
 # For documentation

tests/api/v2/test_acl.py

@@ -19,6 +19,7 @@
 
 from ceilometer.api import acl
 from ceilometer.api import app
+from ceilometer.openstack.common import cfg
 from .base import FunctionalTest
 
 
@@ -39,7 +40,7 @@ class TestAPIACL(FunctionalTest):
 
         self.stubs.Set(app, 'setup_app', setup_app)
         result = super(TestAPIACL, self)._make_app()
-        acl.install(result, {})
+        acl.install(result, cfg.CONF)
         return result
 
     def test_non_authenticated(self):