Clean the deprecated noauth middleware
As The TODO list in source code marked, the noauth middleware has been deprecated and should be removed in Liberty. So we should cleanup it now. Co-Authored-By: Kevin_Zheng <zhengzhenyu@huawei.com> Change-Id: I6288239347ad6766870299eed55300a46129f347 Closes-Bug: 1455308
This commit is contained in:
parent
49873d8f6d
commit
971da87e48
|
@ -21,7 +21,6 @@ use = egg:Paste#urlmap
|
|||
|
||||
[composite:ec2cloud]
|
||||
use = call:nova.api.auth:pipeline_factory
|
||||
noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
|
||||
noauth2 = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
|
||||
keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor
|
||||
|
||||
|
@ -67,14 +66,12 @@ use = call:nova.api.openstack.urlmap:urlmap_factory
|
|||
|
||||
[composite:openstack_compute_api_v2]
|
||||
use = call:nova.api.auth:pipeline_factory
|
||||
noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
|
||||
noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2
|
||||
keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2
|
||||
keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2
|
||||
|
||||
[composite:openstack_compute_api_v21]
|
||||
use = call:nova.api.auth:pipeline_factory_v21
|
||||
noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21
|
||||
noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
|
||||
keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
|
||||
|
||||
|
@ -93,9 +90,6 @@ paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory
|
|||
[filter:faultwrap]
|
||||
paste.filter_factory = nova.api.openstack:FaultWrapper.factory
|
||||
|
||||
[filter:noauth]
|
||||
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareOld.factory
|
||||
|
||||
[filter:noauth2]
|
||||
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
|
||||
|
||||
|
|
|
@ -18,7 +18,6 @@ Common Auth Middleware.
|
|||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_log import versionutils
|
||||
from oslo_middleware import request_id
|
||||
from oslo_serialization import jsonutils
|
||||
import webob.dec
|
||||
|
@ -38,11 +37,9 @@ auth_opts = [
|
|||
cfg.StrOpt('auth_strategy',
|
||||
default='keystone',
|
||||
help='''
|
||||
The strategy to use for auth: keystone, noauth (deprecated), or
|
||||
noauth2. Both noauth and noauth2 are designed for testing only, as
|
||||
they do no actual credential checking. noauth provides administrative
|
||||
credentials regardless of the passed in user, noauth2 only does if
|
||||
'admin' is specified as the username.
|
||||
The strategy to use for auth: keystone or noauth2. noauth2 is designed for
|
||||
testing only, as it does no actual credential checking. noauth2 provides
|
||||
administrative credentials only if 'admin' is specified as the username.
|
||||
'''),
|
||||
cfg.BoolOpt('use_forwarded_for',
|
||||
default=False,
|
||||
|
@ -67,12 +64,7 @@ def _load_pipeline(loader, pipeline):
|
|||
|
||||
def pipeline_factory(loader, global_conf, **local_conf):
|
||||
"""A paste pipeline replica that keys off of auth_strategy."""
|
||||
# TODO(sdague): remove deprecated noauth in Liberty
|
||||
if CONF.auth_strategy == 'noauth':
|
||||
versionutils.report_deprecated_feature(
|
||||
LOG,
|
||||
('The noauth middleware will be removed in Liberty.'
|
||||
' noauth2 should be used instead.'))
|
||||
|
||||
pipeline = local_conf[CONF.auth_strategy]
|
||||
if not CONF.api_rate_limit:
|
||||
limit_name = CONF.auth_strategy + '_nolimit'
|
||||
|
|
|
@ -66,10 +66,7 @@ class NoAuthMiddlewareBase(base_wsgi.Middleware):
|
|||
class NoAuthMiddleware(NoAuthMiddlewareBase):
|
||||
"""Return a fake token if one isn't specified.
|
||||
|
||||
noauth2 is a variation on noauth that only provides admin privs if
|
||||
'admin' is provided as the user id. We will deprecate the
|
||||
NoAuthMiddlewareOld for future removal so we don't need to
|
||||
maintain both code paths.
|
||||
noauth2 provides admin privs if 'admin' is provided as the user id.
|
||||
|
||||
"""
|
||||
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
||||
|
@ -77,19 +74,6 @@ class NoAuthMiddleware(NoAuthMiddlewareBase):
|
|||
return self.base_call(req, True, always_admin=False)
|
||||
|
||||
|
||||
# TODO(sdague): remove in Liberty
|
||||
class NoAuthMiddlewareOld(NoAuthMiddlewareBase):
|
||||
"""Return a fake token if one isn't specified.
|
||||
|
||||
This is the Deprecated version of noauth, and should be removed in
|
||||
the Liberty cycle.
|
||||
|
||||
"""
|
||||
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
||||
def __call__(self, req):
|
||||
return self.base_call(req, True)
|
||||
|
||||
|
||||
class NoAuthMiddlewareV3(NoAuthMiddlewareBase):
|
||||
"""Return a fake token if one isn't specified."""
|
||||
|
||||
|
|
|
@ -152,20 +152,6 @@ class TestPipeLineFactory(test.NoDBTestCase):
|
|||
self.assertEqual(app.name, pipeline.split()[-1])
|
||||
self.assertIsInstance(app, TestPipeLineFactory.FakeApp)
|
||||
|
||||
def test_pipeline_factory_noauthold(self):
|
||||
fake_pipeline = 'test1 test2 test3'
|
||||
CONF.set_override('auth_strategy', 'noauth')
|
||||
app = nova.api.auth.pipeline_factory(
|
||||
TestPipeLineFactory.FakeLoader(), None, noauth=fake_pipeline)
|
||||
self._test_pipeline(fake_pipeline, app)
|
||||
|
||||
def test_pipeline_factory_v21_noauthold(self):
|
||||
fake_pipeline = 'test1 test2 test3'
|
||||
CONF.set_override('auth_strategy', 'noauth')
|
||||
app = nova.api.auth.pipeline_factory_v21(
|
||||
TestPipeLineFactory.FakeLoader(), None, noauth=fake_pipeline)
|
||||
self._test_pipeline(fake_pipeline, app)
|
||||
|
||||
def test_pipeline_factory(self):
|
||||
fake_pipeline = 'test1 test2 test3'
|
||||
CONF.set_override('auth_strategy', 'noauth2')
|
||||
|
|
Loading…
Reference in New Issue