This branch does the final tear out of AuthManager from the main code. The NoAuth middlewares (active by default) allow a user to specify any user and project id through headers (os_api) or access key (ec2_api).

The plan is to leave the auth manager code in but mention that it is deprecated.  There is a sample paste config in ini to still allow old auth.  Immediately after the diablo release we can tear out all of the Auth related code and not support the deprecated auth anymore.

1 files changed, 3 insertions, 6 deletions

diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py
index 2c4673f9e..3eb372844 100644
--- a/nova/cloudpipe/pipelib.py
+++ b/nova/cloudpipe/pipelib.py
@@ -34,7 +34,6 @@ from nova import exception
 from nova import flags
 from nova import log as logging
 from nova import utils
-from nova.auth import manager
 # TODO(eday): Eventually changes these to something not ec2-specific
 from nova.api.ec2 import cloud
 
@@ -57,7 +56,6 @@ LOG = logging.getLogger('nova.cloudpipe')
 class CloudPipe(object):
     def __init__(self):
         self.controller = cloud.CloudController()
-        self.manager = manager.AuthManager()
 
     def get_encoded_zip(self, project_id):
         # Make a payload.zip
@@ -93,11 +91,10 @@ class CloudPipe(object):
         zippy.close()
         return encoded
 
-    def launch_vpn_instance(self, project_id):
+    def launch_vpn_instance(self, project_id, user_id):
         LOG.debug(_("Launching VPN for %s") % (project_id))
-        project = self.manager.get_project(project_id)
-        ctxt = context.RequestContext(user=project.project_manager_id,
-                                      project=project.id)
+        ctxt = context.RequestContext(user_id=user_id,
+                                      project_id=project_id)
         key_name = self.setup_key_pair(ctxt)
         group_name = self.setup_security_group(ctxt)