Add fake_project_id middleware for noauth

This adds a middleware for noauth that would inject a fake project_id for create requests. This would ensure that api consumers don't have to provide a fake project_id in requests. Closes-Bug: #1934039 Change-Id: I5e1de571034be41f1147c130fce66e6cf70b1369
2021-07-02 11:07:22 +05:30 · 2021-07-02 11:07:22 +05:30 · ec550f5f52
parent 13e96bf6bd
commit ec550f5f52
3 changed files with 26 additions and 1 deletions
--- a/etc/api-paste.ini
+++ b/etc/api-paste.ini
@ -6,7 +6,7 @@ use = egg:Paste#urlmap

 [composite:neutronapi_v2_0]
 use = call:neutron.auth:pipeline_factory
-noauth = cors http_proxy_to_wsgi request_id catch_errors osprofiler extensions neutronapiapp_v2_0
+noauth = cors http_proxy_to_wsgi request_id fake_project_id catch_errors osprofiler extensions neutronapiapp_v2_0
 keystone = cors http_proxy_to_wsgi request_id catch_errors osprofiler authtoken keystonecontext extensions neutronapiapp_v2_0

 [composite:neutronversions_composite]
@ -28,6 +28,9 @@ oslo_config_project = neutron
 paste.filter_factory = neutron.api.extensions:ProjectIdMiddleware.factory
 oslo_config_project = neutron

+[filter:fake_project_id]
+paste.filter_factory = neutron.auth:NoauthFakeProjectId.factory
+
 [filter:http_proxy_to_wsgi]
 paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory

--- a/neutron/auth.py
+++ b/neutron/auth.py
@ -39,6 +39,21 @@ class NeutronKeystoneContext(base.ConfigurableMiddleware):
        return self.application


+class NoauthFakeProjectId(base.ConfigurableMiddleware):
+    """Add fake project_id for noauth auth_strategy."""
+
+    @webob.dec.wsgify
+    def __call__(self, req):
+        ctx = context.Context.from_environ(req.environ)
+        if not ctx.project_id:
+            # Inject project_id
+            ctx.project_id = 'fake_project_id'
+            # Inject the context with the admin flag set
+            req.environ['neutron.context'] = ctx.elevated()
+
+        return self.application
+
+
 def pipeline_factory(loader, global_conf, **local_conf):
    """Create a paste pipeline based on the 'auth_strategy' config option."""
    pipeline = local_conf[cfg.CONF.auth_strategy]
--- a/releasenotes/notes/allow-noauth-work-without-project-id-f92fac5df37810f0.yaml
+++ b/releasenotes/notes/allow-noauth-work-without-project-id-f92fac5df37810f0.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - When ``noauth`` auth_strategy is used, neutron no longer requires
+    a resource creation request to include a dummy 'project_id' in
+    request body. A default project_id ``fake_project_id`` would be
+    populated automatically in that case and would make the use of
+    ``noauth`` usage simpler.