Clean the deprecated noauth middleware

As The TODO list in source code marked, the noauth middleware has been
deprecated and should be removed in Liberty. So we should cleanup it now.

Co-Authored-By: Kevin_Zheng <zhengzhenyu@huawei.com>

Change-Id: I6288239347ad6766870299eed55300a46129f347
Closes-Bug: 1455308

etc/nova/api-paste.ini

@@ -21,7 +21,6 @@ use = egg:Paste#urlmap
 
 [composite:ec2cloud]
 use = call:nova.api.auth:pipeline_factory
-noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
 noauth2 = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
 keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor
 
@@ -67,14 +66,12 @@ use = call:nova.api.openstack.urlmap:urlmap_factory
 
 [composite:openstack_compute_api_v2]
 use = call:nova.api.auth:pipeline_factory
-noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
 noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2
 keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2
 keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2
 
 [composite:openstack_compute_api_v21]
 use = call:nova.api.auth:pipeline_factory_v21
-noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21
 noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
 keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
 
@@ -93,9 +90,6 @@ paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory
 [filter:faultwrap]
 paste.filter_factory = nova.api.openstack:FaultWrapper.factory
 
-[filter:noauth]
-paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareOld.factory
-
 [filter:noauth2]
 paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
 

nova/api/auth.py

@@ -18,7 +18,6 @@ Common Auth Middleware.
 
 from oslo_config import cfg
 from oslo_log import log as logging
-from oslo_log import versionutils
 from oslo_middleware import request_id
 from oslo_serialization import jsonutils
 import webob.dec
@@ -38,11 +37,9 @@ auth_opts = [
     cfg.StrOpt('auth_strategy',
                default='keystone',
                help='''
-The strategy to use for auth: keystone, noauth (deprecated), or
+The strategy to use for auth: keystone or noauth2. noauth2 is designed for
-noauth2. Both noauth and noauth2 are designed for testing only, as
+testing only, as it does no actual credential checking. noauth2 provides
-they do no actual credential checking. noauth provides administrative
+administrative credentials only if 'admin' is specified as the username.
-credentials regardless of the passed in user, noauth2 only does if
-'admin' is specified as the username.
 '''),
     cfg.BoolOpt('use_forwarded_for',
                 default=False,
@@ -67,12 +64,7 @@ def _load_pipeline(loader, pipeline):
 
 def pipeline_factory(loader, global_conf, **local_conf):
     """A paste pipeline replica that keys off of auth_strategy."""
-    # TODO(sdague): remove deprecated noauth in Liberty
+
-    if CONF.auth_strategy == 'noauth':
-        versionutils.report_deprecated_feature(
-            LOG,
-            ('The noauth middleware will be removed in Liberty.'
-             ' noauth2 should be used instead.'))
     pipeline = local_conf[CONF.auth_strategy]
     if not CONF.api_rate_limit:
         limit_name = CONF.auth_strategy + '_nolimit'

nova/api/openstack/auth.py

@@ -66,10 +66,7 @@ class NoAuthMiddlewareBase(base_wsgi.Middleware):
 class NoAuthMiddleware(NoAuthMiddlewareBase):
     """Return a fake token if one isn't specified.
 
-    noauth2 is a variation on noauth that only provides admin privs if
+    noauth2 provides admin privs if 'admin' is provided as the user id.
-    'admin' is provided as the user id. We will deprecate the
-    NoAuthMiddlewareOld for future removal so we don't need to
-    maintain both code paths.
 
     """
     @webob.dec.wsgify(RequestClass=wsgi.Request)
@@ -77,19 +74,6 @@ class NoAuthMiddleware(NoAuthMiddlewareBase):
         return self.base_call(req, True, always_admin=False)
 
 
-# TODO(sdague): remove in Liberty
-class NoAuthMiddlewareOld(NoAuthMiddlewareBase):
-    """Return a fake token if one isn't specified.
-
-    This is the Deprecated version of noauth, and should be removed in
-    the Liberty cycle.
-
-    """
-    @webob.dec.wsgify(RequestClass=wsgi.Request)
-    def __call__(self, req):
-        return self.base_call(req, True)
-
-
 class NoAuthMiddlewareV3(NoAuthMiddlewareBase):
     """Return a fake token if one isn't specified."""
 

nova/tests/unit/api/test_auth.py

@@ -152,20 +152,6 @@ class TestPipeLineFactory(test.NoDBTestCase):
         self.assertEqual(app.name, pipeline.split()[-1])
         self.assertIsInstance(app, TestPipeLineFactory.FakeApp)
 
-    def test_pipeline_factory_noauthold(self):
-        fake_pipeline = 'test1 test2 test3'
-        CONF.set_override('auth_strategy', 'noauth')
-        app = nova.api.auth.pipeline_factory(
-            TestPipeLineFactory.FakeLoader(), None, noauth=fake_pipeline)
-        self._test_pipeline(fake_pipeline, app)
-
-    def test_pipeline_factory_v21_noauthold(self):
-        fake_pipeline = 'test1 test2 test3'
-        CONF.set_override('auth_strategy', 'noauth')
-        app = nova.api.auth.pipeline_factory_v21(
-            TestPipeLineFactory.FakeLoader(), None, noauth=fake_pipeline)
-        self._test_pipeline(fake_pipeline, app)
-
     def test_pipeline_factory(self):
         fake_pipeline = 'test1 test2 test3'
         CONF.set_override('auth_strategy', 'noauth2')