Fix auth middleware configuration

Initialze the configuration object before initializing
the middleware, and pass the resulting config in to
the middleware so it can get the configuration settings.

addresses bug #1071047

Change-Id: I2a487d2a2f2d3467e522868ac78dc4645bf7d643
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>

bin/ceilometer-api

@@ -20,14 +20,30 @@
 """
 import sys
 
-from ceilometer.api.app import app
+from ceilometer.api import acl
+from ceilometer.api import app
 from ceilometer.openstack.common import cfg
 from ceilometer.openstack.common import log as logging
 
 
 if __name__ == '__main__':
+    # Register keystone middleware option before
+    # parsing the config file and command line
+    # inputs.
+    acl.register_opts(cfg.CONF)
+
+    # Parse config file and command line options,
+    # then configure logging.
     cfg.CONF(sys.argv[1:])
     logging.setup('ceilometer.api')
+
+    root = app.app
+
+    # Enable debug mode
     if cfg.CONF.verbose or cfg.CONF.debug:
-        app.debug = True
-    app.run(host='0.0.0.0', port=cfg.CONF.metering_api_port)
+        root.debug = True
+
+    # Install the middleware wrapper
+    root = acl.install(root, cfg.CONF)
+
+    root.run(host='0.0.0.0', port=cfg.CONF.metering_api_port)

ceilometer/api/acl.py

@@ -18,22 +18,27 @@
 """Set up the ACL to acces the API server."""
 
 import flask
-from ceilometer.openstack.common import cfg
 from ceilometer import policy
 
 import keystone.middleware.auth_token
 
-# Register keystone middleware option
-cfg.CONF.register_opts(keystone.middleware.auth_token.opts,
-                       group='keystone_authtoken')
-keystone.middleware.auth_token.CONF = cfg.CONF
+
+def register_opts(conf):
+    """Register keystone middleware options
+    """
+    conf.register_opts(keystone.middleware.auth_token.opts,
+                       group='keystone_authtoken',
+                       )
+    keystone.middleware.auth_token.CONF = conf
 
 
-def install(app):
+def install(app, conf):
     """Install ACL check on application."""
     app.wsgi_app = keystone.middleware.auth_token.AuthProtocol(app.wsgi_app,
-                                                               {})
+                                                               conf=conf,
+                                                               )
     app.before_request(check)
+    return app
 
 
 def check():

ceilometer/api/app.py

@@ -24,7 +24,6 @@ from ceilometer.openstack.common import cfg
 from ceilometer.openstack.common import jsonutils
 from ceilometer import storage
 from ceilometer.api import v1
-from ceilometer.api import acl
 
 
 app = flask.Flask('ceilometer.api')
@@ -45,6 +44,3 @@ def attach_config():
 def attach_sources():
     with open("sources.json", "r") as f:
         flask.request.sources = jsonutils.load(f)
-
-
-acl.install(app)

tests/api/test_acl.py

@@ -26,7 +26,7 @@ class TestAPIACL(tests_api.TestBase):
 
     def setUp(self):
         super(TestAPIACL, self).setUp()
-        acl.install(self.app)
+        acl.install(self.app, {})
 
     def test_non_authenticated(self):
         with self.app.test_request_context('/'):