diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini index 6871947816c7..cd25a0f0dcb8 100644 --- a/etc/nova/api-paste.ini +++ b/etc/nova/api-paste.ini @@ -21,7 +21,6 @@ use = egg:Paste#urlmap [composite:ec2cloud] use = call:nova.api.auth:pipeline_factory -noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor noauth2 = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor @@ -67,14 +66,12 @@ use = call:nova.api.openstack.urlmap:urlmap_factory [composite:openstack_compute_api_v2] use = call:nova.api.auth:pipeline_factory -noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2 keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 [composite:openstack_compute_api_v21] use = call:nova.api.auth:pipeline_factory_v21 -noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21 noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 @@ -93,9 +90,6 @@ paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory [filter:faultwrap] paste.filter_factory = nova.api.openstack:FaultWrapper.factory -[filter:noauth] -paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareOld.factory - [filter:noauth2] paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory diff --git a/nova/api/auth.py b/nova/api/auth.py index 4b2e251b9b0d..201d57fbde4d 100644 --- a/nova/api/auth.py +++ b/nova/api/auth.py @@ -18,7 +18,6 @@ Common Auth Middleware. from oslo_config import cfg from oslo_log import log as logging -from oslo_log import versionutils from oslo_middleware import request_id from oslo_serialization import jsonutils import webob.dec @@ -38,11 +37,9 @@ auth_opts = [ cfg.StrOpt('auth_strategy', default='keystone', help=''' -The strategy to use for auth: keystone, noauth (deprecated), or -noauth2. Both noauth and noauth2 are designed for testing only, as -they do no actual credential checking. noauth provides administrative -credentials regardless of the passed in user, noauth2 only does if -'admin' is specified as the username. +The strategy to use for auth: keystone or noauth2. noauth2 is designed for +testing only, as it does no actual credential checking. noauth2 provides +administrative credentials only if 'admin' is specified as the username. '''), cfg.BoolOpt('use_forwarded_for', default=False, @@ -67,12 +64,7 @@ def _load_pipeline(loader, pipeline): def pipeline_factory(loader, global_conf, **local_conf): """A paste pipeline replica that keys off of auth_strategy.""" - # TODO(sdague): remove deprecated noauth in Liberty - if CONF.auth_strategy == 'noauth': - versionutils.report_deprecated_feature( - LOG, - ('The noauth middleware will be removed in Liberty.' - ' noauth2 should be used instead.')) + pipeline = local_conf[CONF.auth_strategy] if not CONF.api_rate_limit: limit_name = CONF.auth_strategy + '_nolimit' diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py index 6f53a9d26145..12e6b21f1dae 100644 --- a/nova/api/openstack/auth.py +++ b/nova/api/openstack/auth.py @@ -66,10 +66,7 @@ class NoAuthMiddlewareBase(base_wsgi.Middleware): class NoAuthMiddleware(NoAuthMiddlewareBase): """Return a fake token if one isn't specified. - noauth2 is a variation on noauth that only provides admin privs if - 'admin' is provided as the user id. We will deprecate the - NoAuthMiddlewareOld for future removal so we don't need to - maintain both code paths. + noauth2 provides admin privs if 'admin' is provided as the user id. """ @webob.dec.wsgify(RequestClass=wsgi.Request) @@ -77,19 +74,6 @@ class NoAuthMiddleware(NoAuthMiddlewareBase): return self.base_call(req, True, always_admin=False) -# TODO(sdague): remove in Liberty -class NoAuthMiddlewareOld(NoAuthMiddlewareBase): - """Return a fake token if one isn't specified. - - This is the Deprecated version of noauth, and should be removed in - the Liberty cycle. - - """ - @webob.dec.wsgify(RequestClass=wsgi.Request) - def __call__(self, req): - return self.base_call(req, True) - - class NoAuthMiddlewareV3(NoAuthMiddlewareBase): """Return a fake token if one isn't specified.""" diff --git a/nova/tests/unit/api/test_auth.py b/nova/tests/unit/api/test_auth.py index 76ef16d3e91e..d26bfc40fab4 100644 --- a/nova/tests/unit/api/test_auth.py +++ b/nova/tests/unit/api/test_auth.py @@ -152,20 +152,6 @@ class TestPipeLineFactory(test.NoDBTestCase): self.assertEqual(app.name, pipeline.split()[-1]) self.assertIsInstance(app, TestPipeLineFactory.FakeApp) - def test_pipeline_factory_noauthold(self): - fake_pipeline = 'test1 test2 test3' - CONF.set_override('auth_strategy', 'noauth') - app = nova.api.auth.pipeline_factory( - TestPipeLineFactory.FakeLoader(), None, noauth=fake_pipeline) - self._test_pipeline(fake_pipeline, app) - - def test_pipeline_factory_v21_noauthold(self): - fake_pipeline = 'test1 test2 test3' - CONF.set_override('auth_strategy', 'noauth') - app = nova.api.auth.pipeline_factory_v21( - TestPipeLineFactory.FakeLoader(), None, noauth=fake_pipeline) - self._test_pipeline(fake_pipeline, app) - def test_pipeline_factory(self): fake_pipeline = 'test1 test2 test3' CONF.set_override('auth_strategy', 'noauth2')