openstack/magnum
Code Issues Proposed changes

Fix authentication

Browse Source 
auth_token is not set in auth.py. this fixes it.

Change-Id: I510541fd6a1b9d499aa32ec18495db867ef50223
This commit is contained in:
OTSUKA, Yuanying 2014-12-17 18:44:03 +09:00
parent d8b0d110b7
commit b4e20a0ef0
4 changed files with 22 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
magnum/api/auth.py
View File

@ -17,7 +17,6 @@ import re
from keystonemiddleware import auth_token from keystonemiddleware import auth_token
from oslo.config import cfg from oslo.config import cfg
from oslo.utils import importutils
from pecan import hooks from pecan import hooks
from magnum.common import context from magnum.common import context
@ -40,6 +39,7 @@ CONF = cfg.CONF
CONF.register_opts(AUTH_OPTS) CONF.register_opts(AUTH_OPTS)
PUBLIC_ENDPOINTS = [ PUBLIC_ENDPOINTS = [
"^/$"
] ]
@ -93,18 +93,15 @@ class AuthInformationHook(hooks.PecanHook):
headers = state.request.headers headers = state.request.headers
user_id = headers.get('X-User-Id') user_id = headers.get('X-User-Id')
user_id = headers.get('X-User', user_id)
if user_id is None: if user_id is None:
LOG.debug("X-User-Id header was not found in the request") LOG.debug("X-User-Id header was not found in the request")
raise Exception('Not authorized') raise Exception('Not authorized')
roles = self._get_roles(state.request) tenant = state.request.headers.get('X-Tenant-Id')
tenant = state.request.headers.get('X-Tenant', tenant)
project_id = headers.get('X-Project-Id') domain_id = state.request.headers.get('X-User-Domain-Id')
user_name = headers.get('X-User-Name', '') domain_name = state.request.headers.get('X-User-Domain-Name')
domain = headers.get('X-Domain-Name')
project_domain_id = headers.get('X-Project-Domain-Id', '')
user_domain_id = headers.get('X-User-Domain-Id', '')
# Get the auth token # Get the auth token
try: try:
@ -114,42 +111,23 @@ class AuthInformationHook(hooks.PecanHook):
except ValueError: except ValueError:
LOG.debug("No auth token found in the request.") LOG.debug("No auth token found in the request.")
raise Exception('Not authorized') raise Exception('Not authorized')
auth_url = headers.get('X-Auth-Url') # auth_url = headers.get('X-Auth-Url')
if auth_url is None: # if auth_url is None:
importutils.import_module('keystonemiddleware.auth_token') # importutils.import_module('keystonemiddleware.auth_token')
auth_url = cfg.CONF.keystone_authtoken.auth_uri # auth_url = cfg.CONF.keystone_authtoken.auth_uri
auth_token_info = state.request.environ.get('keystone.token_info')
identity_status = headers.get('X-Identity-Status') identity_status = headers.get('X-Identity-Status')
if identity_status == 'Confirmed': if identity_status == 'Confirmed':
ctx = context.RequestContext(auth_token=recv_auth_token, ctx = context.RequestContext(auth_token=recv_auth_token,
auth_token_info=auth_token_info,
user=user_id, user=user_id,
tenant=project_id, tenant=tenant,
domain=domain, domain_id=domain_id,
user_domain=user_domain_id, domain_name=domain_name)
project_domain=project_domain_id,
user_name=user_name,
roles=roles,
auth_url=auth_url)
state.request.security_context = ctx state.request.security_context = ctx
else: else:
LOG.debug("The provided identity is not confirmed.") LOG.debug("The provided identity is not confirmed.")
raise Exception('Not authorized. Identity not confirmed.') raise Exception('Not authorized. Identity not confirmed.')
return return
def _get_roles(self, req):
"""Get the list of roles."""
if 'X-Roles' in req.headers:
roles = req.headers.get('X-Roles', '')
else:
# Fallback to deprecated role header:
roles = req.headers.get('X-Role', '')
if roles:
LOG.warn(_("X-Roles is missing. Using deprecated X-Role "
"header"))
return [r.strip() for r in roles.split(',')]
AUTH = AuthHelper() AUTH = AuthHelper()

6
magnum/tests/__init__.py
View File

@ -13,9 +13,14 @@
import os import os
import unittest import unittest
from oslo.config import cfg
import pecan import pecan
from pecan import testing from pecan import testing
cfg.CONF.import_opt('enable_authentication', 'magnum.api.auth')
__all__ = ['FunctionalTest'] __all__ = ['FunctionalTest']
@ -27,6 +32,7 @@ class FunctionalTest(unittest.TestCase):
""" """
def setUp(self): def setUp(self):
cfg.CONF.set_override("enable_authentication", False)
self.app = testing.load_test_app(os.path.join( self.app = testing.load_test_app(os.path.join(
os.path.dirname(__file__), os.path.dirname(__file__),
'config.py' 'config.py'

1
magnum/tests/api/controllers/v1/test_all_objects.py
View File

@ -9,7 +9,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
from magnum.conductor import api from magnum.conductor import api
from magnum import tests from magnum import tests
from magnum.tests.db import base as db_base from magnum.tests.db import base as db_base

3
magnum/tests/db/base.py
View File

@ -31,6 +31,8 @@ from magnum.tests import base
CONF = cfg.CONF CONF = cfg.CONF
CONF.import_opt('enable_authentication', 'magnum.api.auth')
_DB_CACHE = None _DB_CACHE = None
@ -88,6 +90,7 @@ class Database(fixtures.Fixture):
class DbTestCase(base.TestCase): class DbTestCase(base.TestCase):
def setUp(self): def setUp(self):
cfg.CONF.set_override("enable_authentication", False)
super(DbTestCase, self).setUp() super(DbTestCase, self).setUp()
self.dbapi = dbapi.get_instance() self.dbapi = dbapi.get_instance()