Skip middleware request processing for admin token

In be558717 the request handling was refactored and more of the token
handling was left to keystonemiddleware. However, when using the
deprecated admin_token, the token needs to be handled differently.
Specifically, there may be no 'token' or 'access' key in the body of
the request, which keystoneauth expects to have keystonemiddleware pass
to it[1][2]. Luckily the admin_token doesn't need a lot of special
processing, so we can just skip that step and move on to fill_context.

[1] http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/auth_token/__init__.py#n399
[2] http://git.openstack.org/cgit/openstack/keystoneauth/tree/keystoneauth1/access/access.py#n41

Closes-bug: #1603038

Change-Id: Iac4a5769072925fe2f36768c8f31816e6866f2f6
This commit is contained in:
Colleen Murphy 2016-07-19 15:41:24 -07:00
parent 18a1f1a554
commit e420b16c22
2 changed files with 14 additions and 6 deletions

View File

@ -45,9 +45,6 @@ class AuthContextMiddleware(auth_token.BaseAuthProtocol):
enforce_token_bind=bind) enforce_token_bind=bind)
def fetch_token(self, token): def fetch_token(self, token):
if CONF.admin_token and token == CONF.admin_token:
return {}
try: try:
return self.token_provider_api.validate_token(token) return self.token_provider_api.validate_token(token)
except exception.TokenNotFound: except exception.TokenNotFound:
@ -138,10 +135,12 @@ class AuthContextMiddleware(auth_token.BaseAuthProtocol):
@wsgi.middleware_exceptions @wsgi.middleware_exceptions
def process_request(self, request): def process_request(self, request):
resp = super(AuthContextMiddleware, self).process_request(request) context_env = request.environ.get(core.CONTEXT_ENV, {})
if not context_env.get('is_admin', False):
resp = super(AuthContextMiddleware, self).process_request(request)
if resp: if resp:
return resp return resp
# NOTE(jamielennox): function is split so testing can check errors from # NOTE(jamielennox): function is split so testing can check errors from
# fill_context. There is no actual reason for fill_context to raise # fill_context. There is no actual reason for fill_context to raise

View File

@ -16,6 +16,7 @@ import copy
import hashlib import hashlib
import uuid import uuid
import fixtures
from six.moves import http_client from six.moves import http_client
import webtest import webtest
@ -762,3 +763,11 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests,
self.assertRaisesRegexp(exception.TokenlessAuthConfigError, self.assertRaisesRegexp(exception.TokenlessAuthConfigError,
expected_msg, expected_msg,
auth._build_idp_id) auth._build_idp_id)
def test_admin_token_context(self):
self.config_fixture.config(admin_token='ADMIN')
log_fix = self.useFixture(fixtures.FakeLogger())
headers = {middleware.AUTH_TOKEN_HEADER: 'ADMIN'}
environ = {middleware.core.CONTEXT_ENV: {'is_admin': True}}
self._do_middleware_request(headers=headers, extra_environ=environ)
self.assertNotIn('Invalid user token', log_fix.output)