From a4822f486c53e559025683a48c2b5280a3934308 Mon Sep 17 00:00:00 2001
From: Chris Dent <cdent@anticdent.org>
Date: Tue, 28 Nov 2017 12:44:44 +0000
Subject: [PATCH] [placement] re-use existing conf with auth token middleware
If 'oslo_config_project' is passed to the auth_token filter
factory, the mechanism in nova.api.openstack.placement.wsgi for
overriding the location of the configuration file is ignored
meaning that expected custom configuration is also ignored.
Instead pass the already existing conf with 'olso_config_config'
parameter.
The unit test in test_deploy.py shows that the configuration
settings get passed to the middleware and used by testing the
value of the 'WWW-Authenticate' header (which comes from a few
different configuration settings, of which is 'auth_uri') in
a response generated by the placement WSGI application.
The same test against the previous deploy.py code fails.
Change-Id: I61d20c5d19797f7e66648c7864a632f3328be8ce
Closes-Bug: #1734491
---
nova/api/openstack/placement/deploy.py | 6 ++-
.../api/openstack/placement/test_deploy.py | 43 +++++++++++++++++++
2 files changed, 47 insertions(+), 2 deletions(-)
create mode 100644 nova/tests/unit/api/openstack/placement/test_deploy.py
diff --git a/nova/api/openstack/placement/deploy.py b/nova/api/openstack/placement/deploy.py
index 34001f34a..821aeb61f 100644
--- a/nova/api/openstack/placement/deploy.py
+++ b/nova/api/openstack/placement/deploy.py
@@ -38,9 +38,11 @@ def deploy(conf, project_name):
if conf.api.auth_strategy == 'noauth2':
auth_middleware = auth.NoAuthMiddleware
else:
- # Do not provide global conf to middleware here.
+ # Do not use 'oslo_config_project' param here as the conf
+ # location may have been overridden earlier in the deployment
+ # process with OS_PLACEMENT_CONFIG_DIR in wsgi.py.
auth_middleware = auth_token.filter_factory(
- {}, oslo_config_project=project_name)
+ {}, oslo_config_config=conf)
# Pass in our CORS config, if any, manually as that's a)
# explicit, b) makes testing more straightfoward, c) let's
diff --git a/nova/tests/unit/api/openstack/placement/test_deploy.py b/nova/tests/unit/api/openstack/placement/test_deploy.py
new file mode 100644
index 000000000..938b8b1fd
--- /dev/null
+++ b/nova/tests/unit/api/openstack/placement/test_deploy.py
@@ -0,0 +1,43 @@
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""Unit tests for the deply function used to build the Placement service."""
+
+from oslo_config import cfg
+import webob
+
+from nova.api.openstack.placement import deploy
+from nova import test
+
+
+CONF = cfg.CONF
+
+
+class DeployTest(test.NoDBTestCase):
+
+ def test_auth_middleware_factory(self):
+ """Make sure that configuration settings make their way to
+ the keystone middleware correctly.
+ """
+ auth_uri = 'http://example.com/identity'
+ authenticate_header_value = "Keystone uri='%s'" % auth_uri
+ self.flags(auth_uri=auth_uri, group='keystone_authtoken')
+ # ensure that the auth_token middleware is chosen
+ self.flags(auth_strategy='keystone', group='api')
+ app = deploy.deploy(CONF, 'nova')
+ req = webob.Request.blank('/', method="GET")
+
+ response = req.get_response(app)
+
+ self.assertEqual(authenticate_header_value,
+ response.headers['www-authenticate'])