ef6f4e4c8e
The file nova/api/openstack/__init__.py had imported a lot of modules, notably nova.utils. This means that any code which runs within that package, notably the placement service, imports all those modules, even if it is not going to use them. This results in scripts/binaries that are heavier than they need to be and in some cases including modules, like eventlet, that it would feel safe to not have in the stack. Unfortunately we cannot sinply rename nova/api/openstack/__init__.py to another name because it contains FaultWrapper and FaultWrapper is referred to, by package path, from the paste.ini file and that file is out there in config land, and something we prefer not to change. Therefore alternate methods of cleaning up were explored and this has led to some useful changes: Fault wrapper is the only consumer of walk_class_hierarchy so there is no reason for it it to be in nova.utils. nova.wsgi contains a mismash of WSGI middleware and applications, which need only a small number of imports, and Server classes which are more complex and not required by the WSGI wares. Therefore nova.wsgi was split into nova.wsgi and nova.api.wsgi. The name choices may not be ideal, but they were chosen to limit the cascades of changes that are needed across code and tests. Where utils.utf8 was used it has been replaced with the similar (but not exactly equivalient) method from oslo_utils.encodeutils. Change-Id: I297f30aa6eb01fe3b53fd8c9b7853949be31156d Partial-Bug: #1743120
107 lines
3.5 KiB
Python
107 lines
3.5 KiB
Python
# Copyright (c) 2011 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
"""
|
|
Common Auth Middleware.
|
|
|
|
"""
|
|
|
|
from oslo_log import log as logging
|
|
from oslo_log import versionutils
|
|
from oslo_serialization import jsonutils
|
|
import webob.dec
|
|
import webob.exc
|
|
|
|
from nova.api import wsgi
|
|
import nova.conf
|
|
from nova import context
|
|
from nova.i18n import _
|
|
|
|
|
|
CONF = nova.conf.CONF
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
def _load_pipeline(loader, pipeline):
|
|
filters = [loader.get_filter(n) for n in pipeline[:-1]]
|
|
app = loader.get_app(pipeline[-1])
|
|
filters.reverse()
|
|
for filter in filters:
|
|
app = filter(app)
|
|
return app
|
|
|
|
|
|
def pipeline_factory(loader, global_conf, **local_conf):
|
|
"""A paste pipeline replica that keys off of auth_strategy."""
|
|
versionutils.report_deprecated_feature(
|
|
LOG,
|
|
"The legacy V2 API code tree has been removed in Newton. "
|
|
"Please remove legacy v2 API entry from api-paste.ini, and use "
|
|
"V2.1 API or V2.1 API compat mode instead"
|
|
)
|
|
|
|
|
|
def pipeline_factory_v21(loader, global_conf, **local_conf):
|
|
"""A paste pipeline replica that keys off of auth_strategy."""
|
|
return _load_pipeline(loader, local_conf[CONF.api.auth_strategy].split())
|
|
|
|
|
|
class InjectContext(wsgi.Middleware):
|
|
"""Add a 'nova.context' to WSGI environ."""
|
|
|
|
def __init__(self, context, *args, **kwargs):
|
|
self.context = context
|
|
super(InjectContext, self).__init__(*args, **kwargs)
|
|
|
|
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
|
def __call__(self, req):
|
|
req.environ['nova.context'] = self.context
|
|
return self.application
|
|
|
|
|
|
class NovaKeystoneContext(wsgi.Middleware):
|
|
"""Make a request context from keystone headers."""
|
|
|
|
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
|
def __call__(self, req):
|
|
# Build a context, including the auth_token...
|
|
remote_address = req.remote_addr
|
|
if CONF.api.use_forwarded_for:
|
|
remote_address = req.headers.get('X-Forwarded-For', remote_address)
|
|
|
|
service_catalog = None
|
|
if req.headers.get('X_SERVICE_CATALOG') is not None:
|
|
try:
|
|
catalog_header = req.headers.get('X_SERVICE_CATALOG')
|
|
service_catalog = jsonutils.loads(catalog_header)
|
|
except ValueError:
|
|
raise webob.exc.HTTPInternalServerError(
|
|
_('Invalid service catalog json.'))
|
|
|
|
# NOTE(jamielennox): This is a full auth plugin set by auth_token
|
|
# middleware in newer versions.
|
|
user_auth_plugin = req.environ.get('keystone.token_auth')
|
|
|
|
ctx = context.RequestContext.from_environ(
|
|
req.environ,
|
|
user_auth_plugin=user_auth_plugin,
|
|
remote_address=remote_address,
|
|
service_catalog=service_catalog)
|
|
|
|
if ctx.user_id is None:
|
|
LOG.debug("Neither X_USER_ID nor X_USER found in request")
|
|
return webob.exc.HTTPUnauthorized()
|
|
|
|
req.environ['nova.context'] = ctx
|
|
return self.application
|