diff --git a/keystonemiddleware/s3_token.py b/keystonemiddleware/s3_token.py index d71ab276..39871102 100644 --- a/keystonemiddleware/s3_token.py +++ b/keystonemiddleware/s3_token.py @@ -40,7 +40,7 @@ import requests import six from six.moves import urllib -from keystonemiddleware.i18n import _, _LI +from keystonemiddleware.i18n import _, _LI, _LW PROTOCOL_NAME = 'S3 Token Authentication' @@ -109,12 +109,19 @@ class S3Token(object): self._reseller_prefix = conf.get('reseller_prefix', 'AUTH_') # where to find the auth service (we use this to validate tokens) - auth_host = conf.get('auth_host') - auth_port = int(conf.get('auth_port', 35357)) - auth_protocol = conf.get('auth_protocol', 'https') + self._request_uri = conf.get('auth_uri') + if not self._request_uri: + self._logger.warning(_LW( + "Use of the auth_host, auth_port, and auth_protocol " + "configuration options was deprecated in the Newton release " + "in favor of auth_uri. These options may be removed in a " + "future release.")) + auth_host = conf.get('auth_host') + auth_port = int(conf.get('auth_port', 35357)) + auth_protocol = conf.get('auth_protocol', 'https') - self._request_uri = '%s://%s:%s' % (auth_protocol, auth_host, - auth_port) + self._request_uri = '%s://%s:%s' % (auth_protocol, auth_host, + auth_port) # SSL insecure = strutils.bool_from_string(conf.get('insecure', False)) diff --git a/keystonemiddleware/tests/unit/test_s3_token_middleware.py b/keystonemiddleware/tests/unit/test_s3_token_middleware.py index b0993886..af790931 100644 --- a/keystonemiddleware/tests/unit/test_s3_token_middleware.py +++ b/keystonemiddleware/tests/unit/test_s3_token_middleware.py @@ -38,20 +38,14 @@ class FakeApp(object): class S3TokenMiddlewareTestBase(utils.TestCase): - TEST_PROTOCOL = 'https' - TEST_HOST = 'fakehost' - TEST_PORT = 35357 - TEST_URL = '%s://%s:%d/v2.0/s3tokens' % (TEST_PROTOCOL, - TEST_HOST, - TEST_PORT) + TEST_AUTH_URI = 'https://fakehost/identity' + TEST_URL = '%s/v2.0/s3tokens' % (TEST_AUTH_URI, ) def setUp(self): super(S3TokenMiddlewareTestBase, self).setUp() self.conf = { - 'auth_host': self.TEST_HOST, - 'auth_port': self.TEST_PORT, - 'auth_protocol': self.TEST_PROTOCOL, + 'auth_uri': self.TEST_AUTH_URI, } self.requests_mock = self.useFixture(rm_fixture.Fixture()) @@ -100,14 +94,17 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase): self.assertEqual(req.headers['X-Auth-Token'], 'TOKEN_ID') def test_authorized_http(self): - self.requests_mock.post(self.TEST_URL.replace('https', 'http'), - status_code=201, - json=GOOD_RESPONSE) + protocol = 'http' + host = 'fakehost' + port = 35357 + self.requests_mock.post( + '%s://%s:%s/v2.0/s3tokens' % (protocol, host, port), + status_code=201, json=GOOD_RESPONSE) self.middleware = ( - s3_token.filter_factory({'auth_protocol': 'http', - 'auth_host': self.TEST_HOST, - 'auth_port': self.TEST_PORT})(FakeApp())) + s3_token.filter_factory({'auth_protocol': protocol, + 'auth_host': host, + 'auth_port': port})(FakeApp())) req = webob.Request.blank('/v1/AUTH_cfa/c/o') req.headers['Authorization'] = 'access:signature' req.headers['X-Storage-Token'] = 'token' diff --git a/releasenotes/notes/s3token_auth_uri-490c1287d90b9df7.yaml b/releasenotes/notes/s3token_auth_uri-490c1287d90b9df7.yaml new file mode 100644 index 00000000..e052c382 --- /dev/null +++ b/releasenotes/notes/s3token_auth_uri-490c1287d90b9df7.yaml @@ -0,0 +1,8 @@ +--- +features: + - A new configuration option for the s3token middleware called auth_uri can + be used to set the URI to be used for authentication. This replaces + auth_host, auth_port, and auth_protocol. +deprecations: + - The auth_host, auth_port, and auth_protocol configuration options to the + s3token middleware are now deprecated.