Merge "Adds NoAuthMiddleware for V3"
This commit is contained in:
commit
2c90bbd3e7
|
@ -71,7 +71,7 @@ keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_a
|
||||||
|
|
||||||
[composite:openstack_compute_api_v3]
|
[composite:openstack_compute_api_v3]
|
||||||
use = call:nova.api.auth:pipeline_factory
|
use = call:nova.api.auth:pipeline_factory
|
||||||
noauth = faultwrap sizelimit noauth ratelimit osapi_compute_app_v3
|
noauth = faultwrap sizelimit noauth_v3 ratelimit osapi_compute_app_v3
|
||||||
keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v3
|
keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v3
|
||||||
keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3
|
keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3
|
||||||
|
|
||||||
|
@ -81,6 +81,9 @@ paste.filter_factory = nova.api.openstack:FaultWrapper.factory
|
||||||
[filter:noauth]
|
[filter:noauth]
|
||||||
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
|
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
|
||||||
|
|
||||||
|
[filter:noauth_v3]
|
||||||
|
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory
|
||||||
|
|
||||||
[filter:ratelimit]
|
[filter:ratelimit]
|
||||||
paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
|
paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||||
|
|
||||||
|
# Copyright 2013 IBM Corp.
|
||||||
# Copyright 2010 OpenStack Foundation
|
# Copyright 2010 OpenStack Foundation
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
|
@ -15,8 +16,6 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import os
|
|
||||||
|
|
||||||
from oslo.config import cfg
|
from oslo.config import cfg
|
||||||
import webob.dec
|
import webob.dec
|
||||||
import webob.exc
|
import webob.exc
|
||||||
|
@ -29,15 +28,17 @@ CONF = cfg.CONF
|
||||||
CONF.import_opt('use_forwarded_for', 'nova.api.auth')
|
CONF.import_opt('use_forwarded_for', 'nova.api.auth')
|
||||||
|
|
||||||
|
|
||||||
class NoAuthMiddleware(base_wsgi.Middleware):
|
class NoAuthMiddlewareBase(base_wsgi.Middleware):
|
||||||
"""Return a fake token if one isn't specified."""
|
"""Return a fake token if one isn't specified."""
|
||||||
|
|
||||||
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
def base_call(self, req, project_id_in_path):
|
||||||
def __call__(self, req):
|
|
||||||
if 'X-Auth-Token' not in req.headers:
|
if 'X-Auth-Token' not in req.headers:
|
||||||
user_id = req.headers.get('X-Auth-User', 'admin')
|
user_id = req.headers.get('X-Auth-User', 'admin')
|
||||||
project_id = req.headers.get('X-Auth-Project-Id', 'admin')
|
project_id = req.headers.get('X-Auth-Project-Id', 'admin')
|
||||||
os_url = os.path.join(req.url, project_id)
|
if project_id_in_path:
|
||||||
|
os_url = '/'.join([req.url.rstrip('/'), project_id])
|
||||||
|
else:
|
||||||
|
os_url = req.url.rstrip('/')
|
||||||
res = webob.Response()
|
res = webob.Response()
|
||||||
# NOTE(vish): This is expecting and returning Auth(1.1), whereas
|
# NOTE(vish): This is expecting and returning Auth(1.1), whereas
|
||||||
# keystone uses 2.0 auth. We should probably allow
|
# keystone uses 2.0 auth. We should probably allow
|
||||||
|
@ -61,3 +62,18 @@ class NoAuthMiddleware(base_wsgi.Middleware):
|
||||||
|
|
||||||
req.environ['nova.context'] = ctx
|
req.environ['nova.context'] = ctx
|
||||||
return self.application
|
return self.application
|
||||||
|
|
||||||
|
|
||||||
|
class NoAuthMiddleware(NoAuthMiddlewareBase):
|
||||||
|
"""Return a fake token if one isn't specified."""
|
||||||
|
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
||||||
|
def __call__(self, req):
|
||||||
|
return self.base_call(req, True)
|
||||||
|
|
||||||
|
|
||||||
|
class NoAuthMiddlewareV3(NoAuthMiddlewareBase):
|
||||||
|
"""Return a fake token if one isn't specified."""
|
||||||
|
|
||||||
|
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
||||||
|
def __call__(self, req):
|
||||||
|
return self.base_call(req, False)
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||||
|
|
||||||
|
# Copyright 2013 IBM Corp.
|
||||||
|
# Copyright 2010 OpenStack Foundation
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import webob
|
||||||
|
import webob.dec
|
||||||
|
|
||||||
|
from nova import context
|
||||||
|
from nova import test
|
||||||
|
from nova.tests.api.openstack import fakes
|
||||||
|
|
||||||
|
|
||||||
|
class TestNoAuthMiddlewareV3(test.TestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(TestNoAuthMiddlewareV3, self).setUp()
|
||||||
|
self.stubs.Set(context, 'RequestContext', fakes.FakeRequestContext)
|
||||||
|
fakes.stub_out_rate_limiting(self.stubs)
|
||||||
|
fakes.stub_out_networking(self.stubs)
|
||||||
|
|
||||||
|
def test_authorize_user(self):
|
||||||
|
req = webob.Request.blank('/v3')
|
||||||
|
req.headers['X-Auth-User'] = 'user1'
|
||||||
|
req.headers['X-Auth-Key'] = 'user1_key'
|
||||||
|
req.headers['X-Auth-Project-Id'] = 'user1_project'
|
||||||
|
result = req.get_response(fakes.wsgi_app_v3(use_no_auth=True))
|
||||||
|
self.assertEqual(result.status, '204 No Content')
|
||||||
|
self.assertEqual(result.headers['X-Server-Management-Url'],
|
||||||
|
"http://localhost/v3")
|
||||||
|
|
||||||
|
def test_authorize_user_trailing_slash(self):
|
||||||
|
#make sure it works with trailing slash on the request
|
||||||
|
req = webob.Request.blank('/v3/')
|
||||||
|
req.headers['X-Auth-User'] = 'user1'
|
||||||
|
req.headers['X-Auth-Key'] = 'user1_key'
|
||||||
|
req.headers['X-Auth-Project-Id'] = 'user1_project'
|
||||||
|
result = req.get_response(fakes.wsgi_app_v3(use_no_auth=True))
|
||||||
|
self.assertEqual(result.status, '204 No Content')
|
||||||
|
self.assertEqual(result.headers['X-Server-Management-Url'],
|
||||||
|
"http://localhost/v3")
|
||||||
|
|
||||||
|
def test_auth_token_no_empty_headers(self):
|
||||||
|
req = webob.Request.blank('/v3')
|
||||||
|
req.headers['X-Auth-User'] = 'user1'
|
||||||
|
req.headers['X-Auth-Key'] = 'user1_key'
|
||||||
|
req.headers['X-Auth-Project-Id'] = 'user1_project'
|
||||||
|
result = req.get_response(fakes.wsgi_app_v3(use_no_auth=True))
|
||||||
|
self.assertEqual(result.status, '204 No Content')
|
||||||
|
self.assertFalse('X-CDN-Management-Url' in result.headers)
|
||||||
|
self.assertFalse('X-Storage-Url' in result.headers)
|
|
@ -106,7 +106,7 @@ def wsgi_app_v3(inner_app_v3=None, fake_auth_context=None,
|
||||||
inner_app_v3 = compute.APIRouterV3(init_only)
|
inner_app_v3 = compute.APIRouterV3(init_only)
|
||||||
|
|
||||||
if use_no_auth:
|
if use_no_auth:
|
||||||
api_v3 = openstack_api.FaultWrapper(auth.NoAuthMiddleware(
|
api_v3 = openstack_api.FaultWrapper(auth.NoAuthMiddlewareV3(
|
||||||
limits.RateLimitingMiddleware(inner_app_v3)))
|
limits.RateLimitingMiddleware(inner_app_v3)))
|
||||||
else:
|
else:
|
||||||
if fake_auth_context is not None:
|
if fake_auth_context is not None:
|
||||||
|
|
Loading…
Reference in New Issue