From ba2c9cf82475a1d8e2c42da54ee9d87fc40be5c1 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Mon, 5 Mar 2012 22:35:25 -0800 Subject: Replaces pipelines with flag for auth strategy Forcing deployers to modify a paste config file to change auth strategies is very fragile. This simplifies things by keying pipeline construction off of a single flag. Note that this will require a small change to devstack. Change-Id: I49728c356266e6084ecafb6c59542390137f89e9 --- nova/api/auth.py | 12 +++++++++++- nova/api/ec2/__init__.py | 1 - 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'nova/api') diff --git a/nova/api/auth.py b/nova/api/auth.py index e6ad8555f..2d66c0d76 100644 --- a/nova/api/auth.py +++ b/nova/api/auth.py @@ -38,6 +38,17 @@ FLAGS.register_opt(use_forwarded_for_opt) LOG = logging.getLogger(__name__) +def pipeline_factory(loader, global_conf, **local_conf): + """A paste pipeline replica that keys off of auth_strategy.""" + pipeline = local_conf[FLAGS.auth_strategy].split() + filters = [loader.get_filter(n) for n in pipeline[:-1]] + app = loader.get_app(pipeline[-1]) + filters.reverse() + for filter in filters: + app = filter(app) + return app + + class InjectContext(wsgi.Middleware): """Add a 'nova.context' to WSGI environ.""" @@ -82,7 +93,6 @@ class NovaKeystoneContext(wsgi.Middleware): project_id, roles=roles, auth_token=auth_token, - strategy='keystone', remote_address=remote_address) req.environ['nova.context'] = ctx diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py index 6566ab7a9..89ac27542 100644 --- a/nova/api/ec2/__init__.py +++ b/nova/api/ec2/__init__.py @@ -327,7 +327,6 @@ class EC2KeystoneAuth(wsgi.Middleware): project_id, roles=roles, auth_token=token_id, - strategy='keystone', remote_address=remote_address) req.environ['nova.context'] = ctxt -- cgit