remove "admin_token_auth" related content"
as "admin_token_auth" is removed from paste file. some related contents are useless and shoud be removed also. Change-Id: Ia2263eda93559603a31d9a492e5501424613188e bp: removed-as-of-queens
This commit is contained in:
wangqiangbj
parent
3cc3986a89
commit
4fc045f820
@ -66,7 +66,7 @@ application in the ``public_api`` WSGI pipeline in
|
||||
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
|
||||
pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service
|
||||
|
||||
Each user can then change their own password with a HTTP PATCH.
|
||||
|
||||
|
||||
@ -172,9 +172,9 @@ authentication.
|
||||
For example, if the original pipeline looks like this::
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = url_normalize token_auth admin_token_auth json_body debug ec2_extension user_crud_extension public_service
|
||||
pipeline = url_normalize token_auth json_body debug ec2_extension user_crud_extension public_service
|
||||
|
||||
Your modified pipeline might then look like this::
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = url_normalize token_auth admin_token_auth json_body my_auth debug ec2_extension user_crud_extension public_service
|
||||
pipeline = url_normalize token_auth json_body my_auth debug ec2_extension user_crud_extension public_service
|
||||
|
||||
@ -13,7 +13,6 @@
|
||||
# under the License.
|
||||
|
||||
from oslo_log import log
|
||||
from oslo_log import versionutils
|
||||
from oslo_serialization import jsonutils
|
||||
|
||||
from keystone.common import authorization
|
||||
@ -36,32 +35,6 @@ class TokenAuthMiddleware(wsgi.Middleware):
|
||||
context['subject_token_id'] = subject_token
|
||||
|
||||
|
||||
class AdminTokenAuthMiddleware(wsgi.Middleware):
|
||||
# NOTE(notmorgan): DEPRECATED FOR REMOVAL does nothing but warn to remove
|
||||
# from pipeline
|
||||
|
||||
@versionutils.deprecated(
|
||||
as_of=versionutils.deprecated.PIKE,
|
||||
what='AdminTokenAuthMiddleware in the paste-ini pipeline.',
|
||||
remove_in=+1)
|
||||
def __init__(self, application):
|
||||
super(AdminTokenAuthMiddleware, self).__init__(application)
|
||||
# NOTE(notmorgan): This is deprecated and emits a significant error
|
||||
# message to make sure deployers update their deployments so in the
|
||||
# future release upgrade the deployment does not break.
|
||||
LOG.error('The admin_token_auth middleware functionality has been '
|
||||
'merged into the main auth middleware '
|
||||
'(keystone.middleware.auth.AuthContextMiddleware). '
|
||||
'`admin_token_auth` must be removed from the '
|
||||
'[pipeline:api_v3], [pipeline:admin_api], and '
|
||||
'[pipeline:public_api] sections of your paste ini '
|
||||
'file. The [filter:admin_token_auth] block will also '
|
||||
'need to be removed from your paste ini file. Failure '
|
||||
'to remove these elements from your paste ini file will '
|
||||
'result in keystone to no longer start/run when the '
|
||||
'`admin_token_auth` is removed in the Queens release.')
|
||||
|
||||
|
||||
class JsonBodyMiddleware(wsgi.Middleware):
|
||||
"""Middleware to allow method arguments to be passed as serialized JSON.
|
||||
|
||||
|
||||
@ -20,7 +20,6 @@ class TestPasteDeploymentEntryPoints(test.TestCase):
|
||||
def test_entry_point_middleware(self):
|
||||
"""Assert that our list of expected middleware is present."""
|
||||
expected_names = [
|
||||
'admin_token_auth',
|
||||
'build_auth_context',
|
||||
'cors',
|
||||
'debug',
|
||||
|
||||
@ -25,7 +25,6 @@ from keystone import auth
|
||||
from keystone.common import authorization
|
||||
from keystone.common import cache
|
||||
from keystone.common.validation import validators
|
||||
from keystone.common import wsgi
|
||||
from keystone import exception
|
||||
from keystone import middleware
|
||||
from keystone.tests.common import auth as common_auth
|
||||
@ -1219,45 +1218,6 @@ class VersionTestCase(RestfulTestCase):
|
||||
pass
|
||||
|
||||
|
||||
# NOTE(morganfainberg): To be removed when admin_token_auth is removed. This
|
||||
# has been split out to allow testing admin_token auth without enabling it
|
||||
# for other tests.
|
||||
class AuthContextMiddlewareAdminTokenTestCase(RestfulTestCase):
|
||||
|
||||
def config_overrides(self):
|
||||
super(AuthContextMiddlewareAdminTokenTestCase, self).config_overrides()
|
||||
self.config_fixture.config(
|
||||
admin_token='ADMIN')
|
||||
|
||||
# NOTE(morganfainberg): This is knowingly copied from below for simplicity
|
||||
# during the deprecation cycle.
|
||||
def _middleware_request(self, token, extra_environ=None):
|
||||
|
||||
def application(environ, start_response):
|
||||
body = b'body'
|
||||
headers = [('Content-Type', 'text/html; charset=utf8'),
|
||||
('Content-Length', str(len(body)))]
|
||||
start_response('200 OK', headers)
|
||||
return [body]
|
||||
|
||||
app = webtest.TestApp(middleware.AuthContextMiddleware(application),
|
||||
extra_environ=extra_environ)
|
||||
resp = app.get('/', headers={authorization.AUTH_TOKEN_HEADER: token})
|
||||
self.assertEqual('body', resp.text) # just to make sure it worked
|
||||
return resp.request
|
||||
|
||||
def test_admin_auth_context(self):
|
||||
# test to make sure AuthContextMiddleware does not attempt to build the
|
||||
# auth context if the admin_token middleware indicates it's admin
|
||||
# already.
|
||||
token_id = uuid.uuid4().hex # token doesn't matter.
|
||||
# the admin_token middleware sets is_admin in the context.
|
||||
extra_environ = {wsgi.CONTEXT_ENV: {'is_admin': True}}
|
||||
req = self._middleware_request(token_id, extra_environ)
|
||||
auth_context = req.environ.get(authorization.AUTH_CONTEXT_ENV)
|
||||
self.assertDictEqual({}, auth_context)
|
||||
|
||||
|
||||
# NOTE(gyee): test AuthContextMiddleware here instead of test_middleware.py
|
||||
# because we need the token
|
||||
class AuthContextMiddlewareTestCase(RestfulTestCase):
|
||||
|
||||
@ -40,25 +40,6 @@ from keystone.tests.unit import test_v3
|
||||
CONF = keystone.conf.CONF
|
||||
|
||||
|
||||
# NOTE(morganfainberg): To be removed when admin_token_auth middleware is
|
||||
# removed. This was moved to it's own testcase so it can setup the
|
||||
# admin_token_auth pipeline without impacting other tests.
|
||||
class IdentityTestCaseStaticAdminToken(test_v3.RestfulTestCase):
|
||||
|
||||
def config_overrides(self):
|
||||
super(IdentityTestCaseStaticAdminToken, self).config_overrides()
|
||||
self.config_fixture.config(
|
||||
admin_token='ADMIN')
|
||||
|
||||
def test_list_users_with_static_admin_token_and_multiple_backends(self):
|
||||
# domain-specific operations with the bootstrap ADMIN token is
|
||||
# disallowed when domain-specific drivers are enabled
|
||||
self.config_fixture.config(group='identity',
|
||||
domain_specific_drivers_enabled=True)
|
||||
self.get('/users', token=CONF.admin_token,
|
||||
expected_status=exception.Unauthorized.code)
|
||||
|
||||
|
||||
class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
"""Test users and groups."""
|
||||
|
||||
|
||||
@ -0,0 +1,5 @@
|
||||
---
|
||||
other:
|
||||
- >
|
||||
[`blueprint removed-as-of-queens <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-queens>`_]
|
||||
The ``admin_token_auth`` middleware is removed now. The related doc is removed as well.
|
||||
@ -193,7 +193,6 @@ paste.filter_factory =
|
||||
osprofiler = osprofiler.web:WsgiMiddleware.factory
|
||||
url_normalize = keystone.middleware:NormalizingFilter.factory
|
||||
request_id = oslo_middleware:RequestId.factory
|
||||
admin_token_auth = keystone.middleware:AdminTokenAuthMiddleware.factory
|
||||
build_auth_context = keystone.middleware:AuthContextMiddleware.factory
|
||||
token_auth = keystone.middleware:TokenAuthMiddleware.factory
|
||||
json_body = keystone.middleware:JsonBodyMiddleware.factory
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user