Merge "Work without admin_token_auth middleware"

2013-07-09 00:13:00 +00:00 · 2013-07-09 00:13:00 +00:00 · 0862b372db
commit 0862b372db
parent 699b48380f 19fb6fc377
3 changed files with 50 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -25,5 +25,6 @@ dist/
 etc/keystone.conf
 etc/logging.conf
 tests/test.db.pristine
+tests/no_admin_token_auth-paste.ini
 .project
 .pydevproject
--- a/keystone/common/wsgi.py
+++ b/keystone/common/wsgi.py
@ -173,6 +173,8 @@ class Application(BaseApplication):
            del context['REMOTE_USER']
        params.update(arg_dict)

+        context.setdefault('is_admin', False)
+
        # TODO(termie): do some basic normalization on methods
        method = getattr(self, action)

--- a/tests/test_no_admin_token_auth.py
+++ b/tests/test_no_admin_token_auth.py
@ -0,0 +1,47 @@
+
+import os
+import webtest
+
+from keystone import test
+
+
+def _generate_paste_config():
+    # Generate a file, based on keystone-paste.ini, that doesn't include
+    # admin_token_auth in the pipeline
+
+    with open(test.etcdir('keystone-paste.ini'), 'r') as f:
+        contents = f.read()
+
+    new_contents = contents.replace(' admin_token_auth ', ' ')
+
+    with open('no_admin_token_auth-paste.ini', 'w') as f:
+        f.write(new_contents)
+
+
+class TestNoAdminTokenAuth(test.TestCase):
+    def setUp(self):
+        super(TestNoAdminTokenAuth, self).setUp()
+        self.load_backends()
+
+        _generate_paste_config()
+
+        self.admin_app = webtest.TestApp(
+            self.loadapp('no_admin_token_auth', name='admin'),
+            extra_environ=dict(REMOTE_ADDR='127.0.0.1'))
+
+    def tearDown(self):
+        self.admin_app = None
+        os.remove('no_admin_token_auth-paste.ini')
+
+    def test_request_no_admin_token_auth(self):
+        # This test verifies that if the admin_token_auth middleware isn't
+        # in the paste pipeline that users can still make requests.
+
+        # Note(blk-u): Picked /v2.0/tenants because it's an operation that
+        # requires is_admin in the context, any operation that requires
+        # is_admin would work for this test.
+        REQ_PATH = '/v2.0/tenants'
+
+        # If the following does not raise, then the test is successful.
+        self.admin_app.get(REQ_PATH, headers={'X-Auth-Token': 'NotAdminToken'},
+                           status=401)