Disable Admin tokens set to None
Partial-Bug: 1545761 Change-Id: Ie292f447f2fe1357824b322817b1585c82d0c552
This commit is contained in:
parent
a14d761387
commit
37e9d6bbf1
@ -46,10 +46,13 @@ _DEPRECATE_EP_MSG = ('The option to enable the OS-ENDPOINT-POLICY extension '
|
||||
|
||||
FILE_OPTIONS = {
|
||||
None: [
|
||||
cfg.StrOpt('admin_token', secret=True, default='ADMIN',
|
||||
cfg.StrOpt('admin_token', secret=True, default=None,
|
||||
help='A "shared secret" that can be used to bootstrap '
|
||||
'Keystone. This "token" does not represent a user, '
|
||||
'and carries no explicit authorization. To disable '
|
||||
'and carries no explicit authorization. If set '
|
||||
'to `None`, the value is ignored and the '
|
||||
'`admin_token` log in mechanism is effectively '
|
||||
'disabled. To completely disable `admin_token` '
|
||||
'in production (highly recommended), remove '
|
||||
'AdminTokenAuthMiddleware from your paste '
|
||||
'application pipelines (for example, in '
|
||||
|
@ -69,7 +69,7 @@ class AdminTokenAuthMiddleware(wsgi.Middleware):
|
||||
def process_request(self, request):
|
||||
token = request.headers.get(AUTH_TOKEN_HEADER)
|
||||
context = request.environ.get(CONTEXT_ENV, {})
|
||||
context['is_admin'] = (token == CONF.admin_token)
|
||||
context['is_admin'] = CONF.admin_token and (token == CONF.admin_token)
|
||||
request.environ[CONTEXT_ENV] = context
|
||||
|
||||
|
||||
|
@ -114,8 +114,13 @@ class AdminTokenAuthMiddlewareTest(MiddlewareRequestTestBase):
|
||||
|
||||
MIDDLEWARE_CLASS = middleware.AdminTokenAuthMiddleware
|
||||
|
||||
def config_overrides(self):
|
||||
super(AdminTokenAuthMiddlewareTest, self).config_overrides()
|
||||
self.config_fixture.config(
|
||||
admin_token='ADMIN')
|
||||
|
||||
def test_request_admin(self):
|
||||
headers = {middleware.AUTH_TOKEN_HEADER: CONF.admin_token}
|
||||
headers = {middleware.AUTH_TOKEN_HEADER: 'ADMIN'}
|
||||
req = self._do_middleware_request(headers=headers)
|
||||
self.assertTrue(req.environ[middleware.CONTEXT_ENV]['is_admin'])
|
||||
|
||||
|
@ -1330,6 +1330,11 @@ class VersionTestCase(RestfulTestCase):
|
||||
class AuthContextMiddlewareAdminTokenTestCase(RestfulTestCase):
|
||||
EXTENSION_TO_ADD = 'admin_token_auth'
|
||||
|
||||
def config_overrides(self):
|
||||
super(AuthContextMiddlewareAdminTokenTestCase, self).config_overrides()
|
||||
self.config_fixture.config(
|
||||
admin_token='ADMIN')
|
||||
|
||||
# NOTE(morganfainberg): This is knowingly copied from below for simplicity
|
||||
# during the deprecation cycle.
|
||||
def _middleware_request(self, token, extra_environ=None):
|
||||
@ -1364,7 +1369,7 @@ class AuthContextMiddlewareAdminTokenTestCase(RestfulTestCase):
|
||||
# For backwards compatibility AuthContextMiddleware will check that the
|
||||
# admin token (as configured in the CONF file) is present and not
|
||||
# attempt to build the auth context. This is deprecated.
|
||||
req = self._middleware_request(CONF.admin_token)
|
||||
req = self._middleware_request('ADMIN')
|
||||
auth_context = req.environ.get(authorization.AUTH_CONTEXT_ENV)
|
||||
self.assertDictEqual({}, auth_context)
|
||||
self.assertEqual(1, mock_report_deprecated.call_count)
|
||||
|
@ -36,6 +36,11 @@ CONF = cfg.CONF
|
||||
class IdentityTestCaseStaticAdminToken(test_v3.RestfulTestCase):
|
||||
EXTENSION_TO_ADD = 'admin_token_auth'
|
||||
|
||||
def config_overrides(self):
|
||||
super(IdentityTestCaseStaticAdminToken, self).config_overrides()
|
||||
self.config_fixture.config(
|
||||
admin_token='ADMIN')
|
||||
|
||||
def test_list_users_with_static_admin_token_and_multiple_backends(self):
|
||||
# domain-specific operations with the bootstrap ADMIN token is
|
||||
# disallowed when domain-specific drivers are enabled
|
||||
|
11
releasenotes/notes/admin_token-c634ec12fc714255.yaml
Normal file
11
releasenotes/notes/admin_token-c634ec12fc714255.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
security:
|
||||
- The admin_token method of authentication was never intended to be
|
||||
used for any purpose other than bootstrapping an install. However
|
||||
many deployments had to leave the admin_token method enabled due
|
||||
to restrictions on editing the paste file used to configure the
|
||||
web pipelines. To minimize the risk from this mechanism, the
|
||||
`admin_token` configuration value now defaults to a python `None`
|
||||
value. In addition, if the value is set to `None`, either explicitly or
|
||||
implicitly, the `admin_token` will not be enabled, and an attempt to
|
||||
use it will lead to a failed authentication.
|
Loading…
x
Reference in New Issue
Block a user