Merge "Adds NoAuthMiddleware for V3"
This commit is contained in:
commit
2c90bbd3e7
|
@ -71,7 +71,7 @@ keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_a
|
|||
|
||||
[composite:openstack_compute_api_v3]
|
||||
use = call:nova.api.auth:pipeline_factory
|
||||
noauth = faultwrap sizelimit noauth ratelimit osapi_compute_app_v3
|
||||
noauth = faultwrap sizelimit noauth_v3 ratelimit osapi_compute_app_v3
|
||||
keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v3
|
||||
keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3
|
||||
|
||||
|
@ -81,6 +81,9 @@ paste.filter_factory = nova.api.openstack:FaultWrapper.factory
|
|||
[filter:noauth]
|
||||
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
|
||||
|
||||
[filter:noauth_v3]
|
||||
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory
|
||||
|
||||
[filter:ratelimit]
|
||||
paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright 2013 IBM Corp.
|
||||
# Copyright 2010 OpenStack Foundation
|
||||
# All Rights Reserved.
|
||||
#
|
||||
|
@ -15,8 +16,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import os
|
||||
|
||||
from oslo.config import cfg
|
||||
import webob.dec
|
||||
import webob.exc
|
||||
|
@ -29,15 +28,17 @@ CONF = cfg.CONF
|
|||
CONF.import_opt('use_forwarded_for', 'nova.api.auth')
|
||||
|
||||
|
||||
class NoAuthMiddleware(base_wsgi.Middleware):
|
||||
class NoAuthMiddlewareBase(base_wsgi.Middleware):
|
||||
"""Return a fake token if one isn't specified."""
|
||||
|
||||
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
||||
def __call__(self, req):
|
||||
def base_call(self, req, project_id_in_path):
|
||||
if 'X-Auth-Token' not in req.headers:
|
||||
user_id = req.headers.get('X-Auth-User', 'admin')
|
||||
project_id = req.headers.get('X-Auth-Project-Id', 'admin')
|
||||
os_url = os.path.join(req.url, project_id)
|
||||
if project_id_in_path:
|
||||
os_url = '/'.join([req.url.rstrip('/'), project_id])
|
||||
else:
|
||||
os_url = req.url.rstrip('/')
|
||||
res = webob.Response()
|
||||
# NOTE(vish): This is expecting and returning Auth(1.1), whereas
|
||||
# keystone uses 2.0 auth. We should probably allow
|
||||
|
@ -61,3 +62,18 @@ class NoAuthMiddleware(base_wsgi.Middleware):
|
|||
|
||||
req.environ['nova.context'] = ctx
|
||||
return self.application
|
||||
|
||||
|
||||
class NoAuthMiddleware(NoAuthMiddlewareBase):
|
||||
"""Return a fake token if one isn't specified."""
|
||||
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
||||
def __call__(self, req):
|
||||
return self.base_call(req, True)
|
||||
|
||||
|
||||
class NoAuthMiddlewareV3(NoAuthMiddlewareBase):
|
||||
"""Return a fake token if one isn't specified."""
|
||||
|
||||
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
||||
def __call__(self, req):
|
||||
return self.base_call(req, False)
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright 2013 IBM Corp.
|
||||
# Copyright 2010 OpenStack Foundation
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import webob
|
||||
import webob.dec
|
||||
|
||||
from nova import context
|
||||
from nova import test
|
||||
from nova.tests.api.openstack import fakes
|
||||
|
||||
|
||||
class TestNoAuthMiddlewareV3(test.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(TestNoAuthMiddlewareV3, self).setUp()
|
||||
self.stubs.Set(context, 'RequestContext', fakes.FakeRequestContext)
|
||||
fakes.stub_out_rate_limiting(self.stubs)
|
||||
fakes.stub_out_networking(self.stubs)
|
||||
|
||||
def test_authorize_user(self):
|
||||
req = webob.Request.blank('/v3')
|
||||
req.headers['X-Auth-User'] = 'user1'
|
||||
req.headers['X-Auth-Key'] = 'user1_key'
|
||||
req.headers['X-Auth-Project-Id'] = 'user1_project'
|
||||
result = req.get_response(fakes.wsgi_app_v3(use_no_auth=True))
|
||||
self.assertEqual(result.status, '204 No Content')
|
||||
self.assertEqual(result.headers['X-Server-Management-Url'],
|
||||
"http://localhost/v3")
|
||||
|
||||
def test_authorize_user_trailing_slash(self):
|
||||
#make sure it works with trailing slash on the request
|
||||
req = webob.Request.blank('/v3/')
|
||||
req.headers['X-Auth-User'] = 'user1'
|
||||
req.headers['X-Auth-Key'] = 'user1_key'
|
||||
req.headers['X-Auth-Project-Id'] = 'user1_project'
|
||||
result = req.get_response(fakes.wsgi_app_v3(use_no_auth=True))
|
||||
self.assertEqual(result.status, '204 No Content')
|
||||
self.assertEqual(result.headers['X-Server-Management-Url'],
|
||||
"http://localhost/v3")
|
||||
|
||||
def test_auth_token_no_empty_headers(self):
|
||||
req = webob.Request.blank('/v3')
|
||||
req.headers['X-Auth-User'] = 'user1'
|
||||
req.headers['X-Auth-Key'] = 'user1_key'
|
||||
req.headers['X-Auth-Project-Id'] = 'user1_project'
|
||||
result = req.get_response(fakes.wsgi_app_v3(use_no_auth=True))
|
||||
self.assertEqual(result.status, '204 No Content')
|
||||
self.assertFalse('X-CDN-Management-Url' in result.headers)
|
||||
self.assertFalse('X-Storage-Url' in result.headers)
|
|
@ -106,7 +106,7 @@ def wsgi_app_v3(inner_app_v3=None, fake_auth_context=None,
|
|||
inner_app_v3 = compute.APIRouterV3(init_only)
|
||||
|
||||
if use_no_auth:
|
||||
api_v3 = openstack_api.FaultWrapper(auth.NoAuthMiddleware(
|
||||
api_v3 = openstack_api.FaultWrapper(auth.NoAuthMiddlewareV3(
|
||||
limits.RateLimitingMiddleware(inner_app_v3)))
|
||||
else:
|
||||
if fake_auth_context is not None:
|
||||
|
|
Loading…
Reference in New Issue