diff options
| author | Brian Waldon <bcwaldon@gmail.com> | 2012-05-07 14:58:15 -0700 |
|---|---|---|
| committer | Brian Waldon <bcwaldon@gmail.com> | 2012-05-07 14:59:57 -0700 |
| commit | dac602738e17691266673147eaaa780272d67367 (patch) | |
| tree | f60b69dc4d2aa3eb66cdaa15230afe95cef75c7b | |
| parent | f729925f5a3231c1b8ec2cb3c9c5fcd2bc68dbbb (diff) | |
| download | nova-dac602738e17691266673147eaaa780272d67367.tar.gz nova-dac602738e17691266673147eaaa780272d67367.tar.xz nova-dac602738e17691266673147eaaa780272d67367.zip | |
Remove Deprecated AuthMiddleware
* Remove nova.api.openstack.auth:AuthMiddleware
* Remove associated tests
* Remove 'deprecated' api pipelines
* Partially implements bp remove-deprecated-auth
Change-Id: Ifcfac573a569f982c2626bbd0bc740d3c908c9fa
| -rw-r--r-- | etc/nova/api-paste.ini | 5 | ||||
| -rw-r--r-- | nova/api/openstack/auth.py | 198 | ||||
| -rw-r--r-- | nova/api/openstack/compute/contrib/hosts.py | 2 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_accounts.py | 1 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_snapshots.py | 1 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_users.py | 1 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_volumes.py | 1 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/test_auth.py | 262 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/test_server_actions.py | 1 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/test_versions.py | 1 | ||||
| -rw-r--r-- | nova/tests/api/openstack/fakes.py | 23 |
11 files changed, 8 insertions, 488 deletions
diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini index b0693b4c9..84c4ed973 100644 --- a/etc/nova/api-paste.ini +++ b/etc/nova/api-paste.ini @@ -93,23 +93,18 @@ use = call:nova.api.openstack.urlmap:urlmap_factory [composite:openstack_compute_api_v2] use = call:nova.api.auth:pipeline_factory noauth = faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 -deprecated = faultwrap sizelimit auth ratelimit osapi_compute_app_v2 keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 [composite:openstack_volume_api_v1] use = call:nova.api.auth:pipeline_factory noauth = faultwrap sizelimit noauth ratelimit osapi_volume_app_v1 -deprecated = faultwrap sizelimit auth ratelimit osapi_volume_app_v1 keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_volume_app_v1 keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1 [filter:faultwrap] paste.filter_factory = nova.api.openstack:FaultWrapper.factory -[filter:auth] -paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory - [filter:noauth] paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py index 89afb682a..9e9e4d978 100644 --- a/nova/api/openstack/auth.py +++ b/nova/api/openstack/auth.py @@ -15,21 +15,15 @@ # License for the specific language governing permissions and limitations # under the License. -import hashlib import os -import time import webob.dec import webob.exc from nova.api.openstack import wsgi -from nova.auth import manager from nova import context -from nova import exception from nova import flags from nova import log as logging -from nova.openstack.common import importutils -from nova import utils from nova import wsgi as base_wsgi LOG = logging.getLogger(__name__) @@ -69,195 +63,3 @@ class NoAuthMiddleware(base_wsgi.Middleware): req.environ['nova.context'] = ctx return self.application - - -class AuthMiddleware(base_wsgi.Middleware): - """Authorize the openstack API request or return an HTTP Forbidden.""" - - def __init__(self, application, db_driver=None): - if not db_driver: - db_driver = FLAGS.db_driver - self.db = importutils.import_module(db_driver) - self.auth = manager.AuthManager() - super(AuthMiddleware, self).__init__(application) - - @webob.dec.wsgify(RequestClass=wsgi.Request) - def __call__(self, req): - if not self.has_authentication(req): - return self.authenticate(req) - user_id = self.get_user_by_authentication(req) - if not user_id: - token = req.headers["X-Auth-Token"] - msg = _("%(user_id)s could not be found with token '%(token)s'") - LOG.warn(msg % locals()) - return wsgi.Fault(webob.exc.HTTPUnauthorized()) - - # Get all valid projects for the user - projects = self.auth.get_projects(user_id) - if not projects: - return wsgi.Fault(webob.exc.HTTPUnauthorized()) - - project_id = "" - path_parts = req.path.split('/') - # TODO(wwolf): this v1.1 check will be temporary as - # keystone should be taking this over at some point - if len(path_parts) > 1 and path_parts[1] in ('v1.1', 'v2'): - project_id = path_parts[2] - # Check that the project for project_id exists, and that user - # is authorized to use it - try: - self.auth.get_project(project_id) - except exception.ProjectNotFound: - return wsgi.Fault(webob.exc.HTTPUnauthorized()) - if project_id not in [p.id for p in projects]: - return wsgi.Fault(webob.exc.HTTPUnauthorized()) - else: - # As a fallback, set project_id from the headers, which is the v1.0 - # behavior. As a last resort, be forgiving to the user and set - # project_id based on a valid project of theirs. - try: - project_id = req.headers["X-Auth-Project-Id"] - except KeyError: - project_id = projects[0].id - - is_admin = self.auth.is_admin(user_id) - remote_address = getattr(req, 'remote_address', '127.0.0.1') - if FLAGS.use_forwarded_for: - remote_address = req.headers.get('X-Forwarded-For', remote_address) - ctx = context.RequestContext(user_id, - project_id, - is_admin=is_admin, - remote_address=remote_address) - req.environ['nova.context'] = ctx - - if not is_admin and not self.auth.is_project_member(user_id, - project_id): - msg = _("%(user_id)s must be an admin or a " - "member of %(project_id)s") - LOG.warn(msg % locals()) - return wsgi.Fault(webob.exc.HTTPUnauthorized()) - - return self.application - - def has_authentication(self, req): - return 'X-Auth-Token' in req.headers - - def get_user_by_authentication(self, req): - return self.authorize_token(req.headers["X-Auth-Token"]) - - def authenticate(self, req): - # Unless the request is explicitly made against /<version>/ don't - # honor it - path_info = req.path_info - if len(path_info) > 1: - msg = _("Authentication requests must be made against a version " - "root (e.g. /v2).") - LOG.warn(msg) - return wsgi.Fault(webob.exc.HTTPUnauthorized(explanation=msg)) - - def _get_auth_header(key): - """Ensures that the KeyError returned is meaningful.""" - try: - return req.headers[key] - except KeyError: - raise KeyError(key) - try: - username = _get_auth_header('X-Auth-User') - key = _get_auth_header('X-Auth-Key') - except KeyError as ex: - msg = _("Could not find %s in request.") % ex - LOG.warn(msg) - return wsgi.Fault(webob.exc.HTTPUnauthorized(explanation=msg)) - - token, user = self._authorize_user(username, key, req) - if user and token: - res = webob.Response() - res.headers['X-Auth-Token'] = token['token_hash'] - _x_server_url = 'X-Server-Management-Url' - _server_url = 'server_management_url' - res.headers[_x_server_url] = token[_server_url] - - if token['storage_url']: - _x_storage_url = 'X-Storage-Url' - _storage_url = 'storage_url' - res.headers[_x_storage_url] = token[_storage_url] - - if token['cdn_management_url']: - _x_cdn_url = 'X-CDN-Management-Url' - _cdn_url = 'cdn_management_url' - res.headers[_x_cdn_url] = token[_cdn_url] - - res.content_type = 'text/plain' - res.status = '204' - LOG.debug(_("Successfully authenticated '%s'") % username) - return res - else: - return wsgi.Fault(webob.exc.HTTPUnauthorized()) - - def authorize_token(self, token_hash): - """ retrieves user information from the datastore given a token - - If the token has expired, returns None - If the token is not found, returns None - Otherwise returns dict(id=(the authorized user's id)) - - This method will also remove the token if the timestamp is older than - 2 days ago. - """ - ctxt = context.get_admin_context() - try: - token = self.db.auth_token_get(ctxt, token_hash) - except exception.NotFound: - return None - if token: - delta = utils.utcnow() - token['created_at'] - if delta.days >= 2: - self.db.auth_token_destroy(ctxt, token['token_hash']) - else: - return token['user_id'] - return None - - def _authorize_user(self, username, key, req): - """Generates a new token and assigns it to a user. - - username - string - key - string API key - req - wsgi.Request object - """ - ctxt = context.get_admin_context() - - project_id = req.headers.get('X-Auth-Project-Id') - if project_id is None: - # If the project_id is not provided in the headers, be forgiving to - # the user and set project_id based on a valid project of theirs. - user = self.auth.get_user_from_access_key(key) - projects = self.auth.get_projects(user.id) - if not projects: - raise webob.exc.HTTPUnauthorized() - project_id = projects[0].id - - try: - user = self.auth.get_user_from_access_key(key) - except exception.NotFound: - LOG.warn(_("User not found with provided API key.")) - user = None - - if user and utils.strcmp_const_time(user.name, username): - token_hash = hashlib.sha1('%s%s%f' % (username, key, - time.time())).hexdigest() - token_dict = {} - token_dict['token_hash'] = token_hash - token_dict['cdn_management_url'] = '' - os_url = req.url.strip('/') - os_url += '/' + project_id - token_dict['server_management_url'] = os_url - token_dict['storage_url'] = '' - token_dict['user_id'] = user.id - token = self.db.auth_token_create(ctxt, token_dict) - return token, user - elif user and user.name != username: - msg = _("Provided API key is valid, but not for user " - "'%(username)s'") % locals() - LOG.warn(msg) - - return None, None diff --git a/nova/api/openstack/compute/contrib/hosts.py b/nova/api/openstack/compute/contrib/hosts.py index a93da9e01..b93d3a48c 100644 --- a/nova/api/openstack/compute/contrib/hosts.py +++ b/nova/api/openstack/compute/contrib/hosts.py @@ -224,8 +224,6 @@ class HostController(object): """ host = id context = req.environ['nova.context'] - # Expected to use AuthMiddleware. - # Otherwise, non-admin user can use describe-resource if not context.is_admin: msg = _("Describe-resource is admin only functionality") raise webob.exc.HTTPForbidden(explanation=msg) diff --git a/nova/tests/api/openstack/compute/contrib/test_accounts.py b/nova/tests/api/openstack/compute/contrib/test_accounts.py index a5e653ab7..0d8270db4 100644 --- a/nova/tests/api/openstack/compute/contrib/test_accounts.py +++ b/nova/tests/api/openstack/compute/contrib/test_accounts.py @@ -39,7 +39,6 @@ class AccountsTest(test.TestCase): fakes.FakeAuthDatabase.data = {} fakes.stub_out_networking(self.stubs) fakes.stub_out_rate_limiting(self.stubs) - fakes.stub_out_auth(self.stubs) fakemgr = fakes.FakeAuthManager() joeuser = auth_manager.User('id1', 'guy1', 'acc1', 'secret1', False) diff --git a/nova/tests/api/openstack/compute/contrib/test_snapshots.py b/nova/tests/api/openstack/compute/contrib/test_snapshots.py index 789d1b17b..ed0c8d33c 100644 --- a/nova/tests/api/openstack/compute/contrib/test_snapshots.py +++ b/nova/tests/api/openstack/compute/contrib/test_snapshots.py @@ -95,7 +95,6 @@ class SnapshotApiTest(test.TestCase): fakes.FakeAuthDatabase.data = {} fakes.stub_out_networking(self.stubs) fakes.stub_out_rate_limiting(self.stubs) - fakes.stub_out_auth(self.stubs) self.stubs.Set(volume.api.API, "create_snapshot", stub_snapshot_create) self.stubs.Set(volume.api.API, "create_snapshot_force", stub_snapshot_create) diff --git a/nova/tests/api/openstack/compute/contrib/test_users.py b/nova/tests/api/openstack/compute/contrib/test_users.py index c67cdf692..bec52f5f7 100644 --- a/nova/tests/api/openstack/compute/contrib/test_users.py +++ b/nova/tests/api/openstack/compute/contrib/test_users.py @@ -42,7 +42,6 @@ class UsersTest(test.TestCase): fakes.FakeAuthDatabase.data = {} fakes.stub_out_networking(self.stubs) fakes.stub_out_rate_limiting(self.stubs) - fakes.stub_out_auth(self.stubs) fakemgr = fakes.FakeAuthManager() fakemgr.add_user(auth_manager.User('id1', 'guy1', diff --git a/nova/tests/api/openstack/compute/contrib/test_volumes.py b/nova/tests/api/openstack/compute/contrib/test_volumes.py index 451bde481..9cc914e79 100644 --- a/nova/tests/api/openstack/compute/contrib/test_volumes.py +++ b/nova/tests/api/openstack/compute/contrib/test_volumes.py @@ -104,7 +104,6 @@ class VolumeApiTest(test.TestCase): fakes.FakeAuthDatabase.data = {} fakes.stub_out_networking(self.stubs) fakes.stub_out_rate_limiting(self.stubs) - fakes.stub_out_auth(self.stubs) self.stubs.Set(nova.db, 'volume_get', return_volume) self.stubs.Set(volume.api.API, "delete", fakes.stub_volume_delete) diff --git a/nova/tests/api/openstack/compute/test_auth.py b/nova/tests/api/openstack/compute/test_auth.py index 21abbd2ea..076b69611 100644 --- a/nova/tests/api/openstack/compute/test_auth.py +++ b/nova/tests/api/openstack/compute/test_auth.py @@ -15,267 +15,14 @@ # License for the specific language governing permissions and limitations # under the License. -import datetime - import webob import webob.dec -import nova.api.openstack.compute -import nova.auth.manager -from nova.api.openstack import auth from nova import context -from nova import db from nova import test from nova.tests.api.openstack import fakes -class Test(test.TestCase): - - def setUp(self): - super(Test, self).setUp() - self.stubs.Set(auth.AuthMiddleware, - '__init__', fakes.fake_auth_init) - self.stubs.Set(context, 'RequestContext', fakes.FakeRequestContext) - fakes.FakeAuthManager.clear_fakes() - fakes.FakeAuthDatabase.data = {} - fakes.stub_out_rate_limiting(self.stubs) - fakes.stub_out_networking(self.stubs) - - def test_authorize_user(self): - f = fakes.FakeAuthManager() - user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None) - f.add_user(user) - - req = webob.Request.blank('/v2/') - req.headers['X-Auth-User'] = 'user1' - req.headers['X-Auth-Key'] = 'user1_key' - req.headers['X-Auth-Project-Id'] = 'user1_project' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '204 No Content') - self.assertEqual(len(result.headers['X-Auth-Token']), 40) - - def test_authorize_token(self): - f = fakes.FakeAuthManager() - user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None) - f.add_user(user) - f.create_project('user1_project', user) - - req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'}) - req.headers['X-Auth-User'] = 'user1' - req.headers['X-Auth-Key'] = 'user1_key' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '204 No Content') - self.assertEqual(len(result.headers['X-Auth-Token']), 40) - self.assertEqual(result.headers['X-Server-Management-Url'], - "http://foo/v2/user1_project") - - token = result.headers['X-Auth-Token'] - self.stubs.Set(nova.api.openstack.compute, 'APIRouter', - fakes.FakeRouter) - req = webob.Request.blank('/v2/user1_project') - req.headers['X-Auth-Token'] = token - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '200 OK') - self.assertEqual(result.headers['X-Test-Success'], 'True') - - def test_token_expiry(self): - self.destroy_called = False - - def destroy_token_mock(meh, context, token): - self.destroy_called = True - - def bad_token(meh, context, token_hash): - return fakes.FakeToken( - token_hash=token_hash, - created_at=datetime.datetime(1990, 1, 1)) - - self.stubs.Set(fakes.FakeAuthDatabase, 'auth_token_destroy', - destroy_token_mock) - - self.stubs.Set(fakes.FakeAuthDatabase, 'auth_token_get', - bad_token) - - req = webob.Request.blank('/v2/') - req.headers['X-Auth-Token'] = 'token_hash' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '401 Unauthorized') - self.assertEqual(self.destroy_called, True) - - def test_authorize_project(self): - f = fakes.FakeAuthManager() - user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None) - f.add_user(user) - f.create_project('user1_project', user) - f.create_project('user2_project', user) - - req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'}) - req.headers['X-Auth-User'] = 'user1' - req.headers['X-Auth-Key'] = 'user1_key' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '204 No Content') - - token = result.headers['X-Auth-Token'] - self.stubs.Set(nova.api.openstack.compute, 'APIRouter', - fakes.FakeRouter) - req = webob.Request.blank('/v2/user2_project') - req.headers['X-Auth-Token'] = token - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '200 OK') - self.assertEqual(result.headers['X-Test-Success'], 'True') - - def test_bad_user_bad_key(self): - req = webob.Request.blank('/v2/') - req.headers['X-Auth-User'] = 'unknown_user' - req.headers['X-Auth-Key'] = 'unknown_user_key' - req.headers['X-Auth-Project-Id'] = 'user_project' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '401 Unauthorized') - - def test_bad_user_good_key(self): - f = fakes.FakeAuthManager() - user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None) - f.add_user(user) - - req = webob.Request.blank('/v2/') - req.headers['X-Auth-User'] = 'unknown_user' - req.headers['X-Auth-Key'] = 'user1_key' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '401 Unauthorized') - - def test_no_user(self): - req = webob.Request.blank('/v2/') - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '401 Unauthorized') - - def test_bad_token(self): - req = webob.Request.blank('/v2/') - req.headers['X-Auth-Token'] = 'unknown_token' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '401 Unauthorized') - - def test_bad_project(self): - f = fakes.FakeAuthManager() - user1 = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None) - user2 = nova.auth.manager.User('id2', 'user2', 'user2_key', None, None) - f.add_user(user1) - f.add_user(user2) - f.create_project('user1_project', user1) - f.create_project('user2_project', user2) - - req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'}) - req.headers['X-Auth-User'] = 'user1' - req.headers['X-Auth-Key'] = 'user1_key' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '204 No Content') - - token = result.headers['X-Auth-Token'] - self.stubs.Set(nova.api.openstack.compute, 'APIRouter', - fakes.FakeRouter) - req = webob.Request.blank('/v2/user2_project') - req.headers['X-Auth-Token'] = token - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '401 Unauthorized') - - def test_not_authorized_project(self): - f = fakes.FakeAuthManager() - user1 = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None) - f.add_user(user1) - f.create_project('user1_project', user1) - - user2 = nova.auth.manager.User('id2', 'user2', 'user2_key', None, None) - f.add_user(user2) - f.create_project('user2_project', user2) - - req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'}) - req.headers['X-Auth-User'] = 'user1' - req.headers['X-Auth-Key'] = 'user1_key' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '204 No Content') - - token = result.headers['X-Auth-Token'] - self.stubs.Set(nova.api.openstack.compute, 'APIRouter', - fakes.FakeRouter) - req = webob.Request.blank('/v2/user2_project') - req.headers['X-Auth-Token'] = token - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '401 Unauthorized') - - def test_auth_token_no_empty_headers(self): - f = fakes.FakeAuthManager() - user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None) - f.add_user(user) - - req = webob.Request.blank('/v2/') - req.headers['X-Auth-User'] = 'user1' - req.headers['X-Auth-Key'] = 'user1_key' - req.headers['X-Auth-Project-Id'] = 'user1_project' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '204 No Content') - self.assertEqual(len(result.headers['X-Auth-Token']), 40) - self.assertFalse('X-CDN-Management-Url' in result.headers) - self.assertFalse('X-Storage-Url' in result.headers) - - -class TestFunctional(test.TestCase): - def test_token_expiry(self): - ctx = context.get_admin_context() - tok = db.auth_token_create(ctx, dict( - token_hash='test_token_hash', - cdn_management_url='', - server_management_url='', - storage_url='', - user_id='user1', - )) - - db.auth_token_update(ctx, tok.token_hash, dict( - created_at=datetime.datetime(2000, 1, 1, 12, 0, 0), - )) - - req = webob.Request.blank('/v2/') - req.headers['X-Auth-Token'] = 'test_token_hash' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '401 Unauthorized') - - def test_token_doesnotexist(self): - req = webob.Request.blank('/v2/') - req.headers['X-Auth-Token'] = 'nonexistant_token_hash' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '401 Unauthorized') - - -class TestLimiter(test.TestCase): - def setUp(self): - super(TestLimiter, self).setUp() - self.stubs.Set(auth.AuthMiddleware, - '__init__', fakes.fake_auth_init) - self.stubs.Set(context, 'RequestContext', fakes.FakeRequestContext) - fakes.FakeAuthManager.clear_fakes() - fakes.FakeAuthDatabase.data = {} - fakes.stub_out_networking(self.stubs) - - def test_authorize_token(self): - f = fakes.FakeAuthManager() - user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None) - f.add_user(user) - f.create_project('test', user) - - req = webob.Request.blank('/v2/') - req.headers['X-Auth-User'] = 'user1' - req.headers['X-Auth-Key'] = 'user1_key' - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(len(result.headers['X-Auth-Token']), 40) - - token = result.headers['X-Auth-Token'] - self.stubs.Set(nova.api.openstack.compute, 'APIRouter', - fakes.FakeRouter) - req = webob.Request.blank('/v2/test') - req.method = 'POST' - req.headers['X-Auth-Token'] = token - result = req.get_response(fakes.wsgi_app(fake_auth=False)) - self.assertEqual(result.status, '200 OK') - self.assertEqual(result.headers['X-Test-Success'], 'True') - - class TestNoAuthMiddleware(test.TestCase): def setUp(self): @@ -291,8 +38,7 @@ class TestNoAuthMiddleware(test.TestCase): req.headers['X-Auth-User'] = 'user1' req.headers['X-Auth-Key'] = 'user1_key' req.headers['X-Auth-Project-Id'] = 'user1_project' - result = req.get_response(fakes.wsgi_app(fake_auth=False, - use_no_auth=True)) + result = req.get_response(fakes.wsgi_app(use_no_auth=True)) self.assertEqual(result.status, '204 No Content') self.assertEqual(result.headers['X-Server-Management-Url'], "http://localhost/v2/user1_project") @@ -303,8 +49,7 @@ class TestNoAuthMiddleware(test.TestCase): req.headers['X-Auth-User'] = 'user1' req.headers['X-Auth-Key'] = 'user1_key' req.headers['X-Auth-Project-Id'] = 'user1_project' - result = req.get_response(fakes.wsgi_app(fake_auth=False, - use_no_auth=True)) + result = req.get_response(fakes.wsgi_app(use_no_auth=True)) self.assertEqual(result.status, '204 No Content') self.assertEqual(result.headers['X-Server-Management-Url'], "http://localhost/v2/user1_project") @@ -314,8 +59,7 @@ class TestNoAuthMiddleware(test.TestCase): req.headers['X-Auth-User'] = 'user1' req.headers['X-Auth-Key'] = 'user1_key' req.headers['X-Auth-Project-Id'] = 'user1_project' - result = req.get_response(fakes.wsgi_app(fake_auth=False, - use_no_auth=True)) + result = req.get_response(fakes.wsgi_app(use_no_auth=True)) self.assertEqual(result.status, '204 No Content') self.assertFalse('X-CDN-Management-Url' in result.headers) self.assertFalse('X-Storage-Url' in result.headers) diff --git a/nova/tests/api/openstack/compute/test_server_actions.py b/nova/tests/api/openstack/compute/test_server_actions.py index ed0583a62..774700361 100644 --- a/nova/tests/api/openstack/compute/test_server_actions.py +++ b/nova/tests/api/openstack/compute/test_server_actions.py @@ -56,7 +56,6 @@ class ServerActionsControllerTest(test.TestCase): def setUp(self): super(ServerActionsControllerTest, self).setUp() - fakes.stub_out_auth(self.stubs) self.stubs.Set(nova.db, 'instance_get_by_uuid', fakes.fake_instance_get(vm_state=vm_states.ACTIVE, host='fake_host')) diff --git a/nova/tests/api/openstack/compute/test_versions.py b/nova/tests/api/openstack/compute/test_versions.py index 8c71e553f..1680226d8 100644 --- a/nova/tests/api/openstack/compute/test_versions.py +++ b/nova/tests/api/openstack/compute/test_versions.py @@ -80,7 +80,6 @@ VERSIONS = { class VersionsTest(test.TestCase): def setUp(self): super(VersionsTest, self).setUp() - fakes.stub_out_auth(self.stubs) self.stubs.Set(versions, 'VERSIONS', VERSIONS) def test_get_version_list(self): diff --git a/nova/tests/api/openstack/fakes.py b/nova/tests/api/openstack/fakes.py index af79df9cd..90ee86676 100644 --- a/nova/tests/api/openstack/fakes.py +++ b/nova/tests/api/openstack/fakes.py @@ -77,24 +77,21 @@ def fake_wsgi(self, req): return self.application -def wsgi_app(inner_app_v2=None, fake_auth=True, fake_auth_context=None, +def wsgi_app(inner_app_v2=None, fake_auth_context=None, use_no_auth=False, ext_mgr=None): if not inner_app_v2: inner_app_v2 = compute.APIRouter(ext_mgr) - if fake_auth: + if use_no_auth: + api_v2 = openstack_api.FaultWrapper(auth.NoAuthMiddleware( + limits.RateLimitingMiddleware(inner_app_v2))) + else: if fake_auth_context is not None: ctxt = fake_auth_context else: ctxt = context.RequestContext('fake', 'fake', auth_token=True) api_v2 = openstack_api.FaultWrapper(api_auth.InjectContext(ctxt, limits.RateLimitingMiddleware(inner_app_v2))) - elif use_no_auth: - api_v2 = openstack_api.FaultWrapper(auth.NoAuthMiddleware( - limits.RateLimitingMiddleware(inner_app_v2))) - else: - api_v2 = openstack_api.FaultWrapper(auth.AuthMiddleware( - limits.RateLimitingMiddleware(inner_app_v2))) mapper = urlmap.URLMap() mapper['/v2'] = api_v2 @@ -131,16 +128,6 @@ def stub_out_image_service(stubs): lambda: nova.image.fake.FakeImageService()) -def stub_out_auth(stubs): - def fake_auth_init(self, app): - self.application = app - - stubs.Set(auth.AuthMiddleware, - '__init__', fake_auth_init) - stubs.Set(auth.AuthMiddleware, - '__call__', fake_wsgi) - - def stub_out_rate_limiting(stubs): def fake_rate_init(self, app): super(limits.RateLimitingMiddleware, self).__init__(app) |