Skip middleware request processing for admin token
In be558717 the request handling was refactored and more of the token handling was left to keystonemiddleware. However, when using the deprecated admin_token, the token needs to be handled differently. Specifically, there may be no 'token' or 'access' key in the body of the request, which keystoneauth expects to have keystonemiddleware pass to it[1][2]. Luckily the admin_token doesn't need a lot of special processing, so we can just skip that step and move on to fill_context. [1] http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/auth_token/__init__.py#n399 [2] http://git.openstack.org/cgit/openstack/keystoneauth/tree/keystoneauth1/access/access.py#n41 Closes-bug: #1603038 Change-Id: Iac4a5769072925fe2f36768c8f31816e6866f2f6
This commit is contained in:
Colleen Murphy
parent
18a1f1a554
commit
e420b16c22
@ -45,9 +45,6 @@ class AuthContextMiddleware(auth_token.BaseAuthProtocol):
|
|||||||
enforce_token_bind=bind)
|
enforce_token_bind=bind)
|
||||||
|
|
||||||
def fetch_token(self, token):
|
def fetch_token(self, token):
|
||||||
if CONF.admin_token and token == CONF.admin_token:
|
|
||||||
return {}
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
return self.token_provider_api.validate_token(token)
|
return self.token_provider_api.validate_token(token)
|
||||||
except exception.TokenNotFound:
|
except exception.TokenNotFound:
|
||||||
@ -138,6 +135,8 @@ class AuthContextMiddleware(auth_token.BaseAuthProtocol):
|
|||||||
|
|
||||||
@wsgi.middleware_exceptions
|
@wsgi.middleware_exceptions
|
||||||
def process_request(self, request):
|
def process_request(self, request):
|
||||||
|
context_env = request.environ.get(core.CONTEXT_ENV, {})
|
||||||
|
if not context_env.get('is_admin', False):
|
||||||
resp = super(AuthContextMiddleware, self).process_request(request)
|
resp = super(AuthContextMiddleware, self).process_request(request)
|
||||||
|
|
||||||
if resp:
|
if resp:
|
||||||
|
|||||||
@ -16,6 +16,7 @@ import copy
|
|||||||
import hashlib
|
import hashlib
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
|
import fixtures
|
||||||
from six.moves import http_client
|
from six.moves import http_client
|
||||||
import webtest
|
import webtest
|
||||||
|
|
||||||
@ -762,3 +763,11 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests,
|
|||||||
self.assertRaisesRegexp(exception.TokenlessAuthConfigError,
|
self.assertRaisesRegexp(exception.TokenlessAuthConfigError,
|
||||||
expected_msg,
|
expected_msg,
|
||||||
auth._build_idp_id)
|
auth._build_idp_id)
|
||||||
|
|
||||||
|
def test_admin_token_context(self):
|
||||||
|
self.config_fixture.config(admin_token='ADMIN')
|
||||||
|
log_fix = self.useFixture(fixtures.FakeLogger())
|
||||||
|
headers = {middleware.AUTH_TOKEN_HEADER: 'ADMIN'}
|
||||||
|
environ = {middleware.core.CONTEXT_ENV: {'is_admin': True}}
|
||||||
|
self._do_middleware_request(headers=headers, extra_environ=environ)
|
||||||
|
self.assertNotIn('Invalid user token', log_fix.output)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user