Fix authentication

auth_token is not set in auth.py. this fixes it. Change-Id: I510541fd6a1b9d499aa32ec18495db867ef50223
2014-12-17 18:44:03 +09:00 · 2014-12-17 18:44:03 +09:00 · b4e20a0ef0
commit b4e20a0ef0
parent d8b0d110b7
4 changed files with 22 additions and 36 deletions
--- a/magnum/api/auth.py
+++ b/magnum/api/auth.py
@ -17,7 +17,6 @@ import re

 from keystonemiddleware import auth_token
 from oslo.config import cfg
-from oslo.utils import importutils
 from pecan import hooks

 from magnum.common import context
@ -40,6 +39,7 @@ CONF = cfg.CONF
 CONF.register_opts(AUTH_OPTS)

 PUBLIC_ENDPOINTS = [
+    "^/$"
 ]


@ -93,18 +93,15 @@ class AuthInformationHook(hooks.PecanHook):

        headers = state.request.headers
        user_id = headers.get('X-User-Id')
+        user_id = headers.get('X-User', user_id)
        if user_id is None:
            LOG.debug("X-User-Id header was not found in the request")
            raise Exception('Not authorized')

-        roles = self._get_roles(state.request)
-
-        project_id = headers.get('X-Project-Id')
-        user_name = headers.get('X-User-Name', '')
-
-        domain = headers.get('X-Domain-Name')
-        project_domain_id = headers.get('X-Project-Domain-Id', '')
-        user_domain_id = headers.get('X-User-Domain-Id', '')
+        tenant = state.request.headers.get('X-Tenant-Id')
+        tenant = state.request.headers.get('X-Tenant', tenant)
+        domain_id = state.request.headers.get('X-User-Domain-Id')
+        domain_name = state.request.headers.get('X-User-Domain-Name')

        # Get the auth token
        try:
@ -114,42 +111,23 @@ class AuthInformationHook(hooks.PecanHook):
        except ValueError:
            LOG.debug("No auth token found in the request.")
            raise Exception('Not authorized')
-        auth_url = headers.get('X-Auth-Url')
-        if auth_url is None:
-            importutils.import_module('keystonemiddleware.auth_token')
-            auth_url = cfg.CONF.keystone_authtoken.auth_uri
+        # auth_url = headers.get('X-Auth-Url')
+        # if auth_url is None:
+        #     importutils.import_module('keystonemiddleware.auth_token')
+        #     auth_url = cfg.CONF.keystone_authtoken.auth_uri

-        auth_token_info = state.request.environ.get('keystone.token_info')
        identity_status = headers.get('X-Identity-Status')
        if identity_status == 'Confirmed':
            ctx = context.RequestContext(auth_token=recv_auth_token,
-                                         auth_token_info=auth_token_info,
                                         user=user_id,
-                                         tenant=project_id,
-                                         domain=domain,
-                                         user_domain=user_domain_id,
-                                         project_domain=project_domain_id,
-                                         user_name=user_name,
-                                         roles=roles,
-                                         auth_url=auth_url)
+                                         tenant=tenant,
+                                         domain_id=domain_id,
+                                         domain_name=domain_name)
            state.request.security_context = ctx
        else:
            LOG.debug("The provided identity is not confirmed.")
            raise Exception('Not authorized. Identity not confirmed.')
        return

-    def _get_roles(self, req):
-        """Get the list of roles."""
-
-        if 'X-Roles' in req.headers:
-            roles = req.headers.get('X-Roles', '')
-        else:
-            # Fallback to deprecated role header:
-            roles = req.headers.get('X-Role', '')
-            if roles:
-                LOG.warn(_("X-Roles is missing. Using deprecated X-Role "
-                           "header"))
-        return [r.strip() for r in roles.split(',')]
-

 AUTH = AuthHelper()
--- a/magnum/tests/init.py
+++ b/magnum/tests/init.py
@ -13,9 +13,14 @@
 import os
 import unittest

+from oslo.config import cfg
 import pecan
 from pecan import testing

+
+cfg.CONF.import_opt('enable_authentication', 'magnum.api.auth')
+
+
 __all__ = ['FunctionalTest']


@ -27,6 +32,7 @@ class FunctionalTest(unittest.TestCase):
    """

    def setUp(self):
+        cfg.CONF.set_override("enable_authentication", False)
        self.app = testing.load_test_app(os.path.join(
            os.path.dirname(__file__),
            'config.py'
--- a/magnum/tests/api/controllers/v1/test_all_objects.py
+++ b/magnum/tests/api/controllers/v1/test_all_objects.py
@ -9,7 +9,6 @@
 #    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #    See the License for the specific language governing permissions and
 #    limitations under the License.
-
 from magnum.conductor import api
 from magnum import tests
 from magnum.tests.db import base as db_base
--- a/magnum/tests/db/base.py
+++ b/magnum/tests/db/base.py
@ -31,6 +31,8 @@ from magnum.tests import base

 CONF = cfg.CONF

+CONF.import_opt('enable_authentication', 'magnum.api.auth')
+
 _DB_CACHE = None


@ -88,6 +90,7 @@ class Database(fixtures.Fixture):
 class DbTestCase(base.TestCase):

    def setUp(self):
+        cfg.CONF.set_override("enable_authentication", False)
        super(DbTestCase, self).setUp()

        self.dbapi = dbapi.get_instance()