Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Assign X-Auth-Url header in a separate middleware
authtoken middleware's current purpose is to set X-Auth-Url header to a value read from heat.conf. Since this value is not really related to anything the keystone middleware does and is instead read from a config file, it makes sense to move it from the authtoken middleware into its own middleware This change is the first step to grouping all X-Auth-Url related logic into one single middleware as opposed to have it scattered (or possibly repeated) in auth_token and auth_password. For example, auth_password also has some logic around it related to multi-cloud, which can be extracted and moved to auth_url middleware in a later patch, so that all handling of X-Auth-Url occurs in one place. Also, by extracting the X-Auth-Url logic, it allows cloud providers to remove auth_token or auth_password without side-effects. Closes-Bug: #1259364 Change-Id: Ieb251c18aa091391a28a90c495b61cf41436f8b9
- Loading branch information
1 parent
589a2cc
commit 1e71566
Showing
4 changed files
with
118 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
# Copyright 2013 OpenStack Foundation | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or | ||
# implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
from oslo.config import cfg | ||
|
||
from heat.common import wsgi | ||
from heat.openstack.common import importutils | ||
|
||
|
||
class AuthUrlFilter(wsgi.Middleware): | ||
|
||
def __init__(self, app, conf): | ||
super(AuthUrlFilter, self).__init__(app) | ||
self.conf = conf | ||
self.auth_url = self._get_auth_url() | ||
|
||
def _get_auth_url(self): | ||
if 'auth_uri' in self.conf: | ||
return self.conf['auth_uri'] | ||
else: | ||
# Import auth_token to have keystone_authtoken settings setup. | ||
auth_token_module = 'keystoneclient.middleware.auth_token' | ||
importutils.import_module(auth_token_module) | ||
return cfg.CONF.keystone_authtoken.auth_uri | ||
|
||
def process_request(self, req): | ||
req.headers['X-Auth-Url'] = self.auth_url | ||
return None | ||
|
||
|
||
def filter_factory(global_conf, **local_conf): | ||
conf = global_conf.copy() | ||
conf.update(local_conf) | ||
|
||
def auth_url_filter(app): | ||
return AuthUrlFilter(app, conf) | ||
return auth_url_filter |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
# Copyright 2013 OpenStack Foundation | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or | ||
# implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
import mock | ||
import webob | ||
|
||
from heat.common import auth_url | ||
from heat.tests.common import HeatTestCase | ||
|
||
|
||
class FakeApp(object): | ||
"""This represents a WSGI app protected by our auth middleware.""" | ||
|
||
def __call__(self, environ, start_response): | ||
"""Assert that headers are correctly set up when finally called.""" | ||
resp = webob.Response() | ||
resp.body = 'SUCCESS' | ||
return resp(environ, start_response) | ||
|
||
|
||
class AuthUrlFilterTest(HeatTestCase): | ||
|
||
def setUp(self): | ||
super(AuthUrlFilterTest, self).setUp() | ||
self.app = FakeApp() | ||
self.config = {'auth_uri': 'foobar'} | ||
|
||
@mock.patch.object(auth_url.cfg, 'CONF') | ||
def test_adds_default_auth_url_from_keystone_authtoken(self, mock_cfg): | ||
self.config = {} | ||
mock_cfg.keystone_authtoken.auth_uri = 'foobar' | ||
mock_cfg.auth_password.multi_cloud = False | ||
self.middleware = auth_url.AuthUrlFilter(self.app, self.config) | ||
req = webob.Request.blank('/tenant_id/') | ||
self.middleware(req) | ||
self.assertIn('X-Auth-Url', req.headers) | ||
self.assertEqual('foobar', req.headers['X-Auth-Url']) | ||
|
||
def test_overwrites_auth_url_from_headers_with_local_config(self): | ||
self.middleware = auth_url.AuthUrlFilter(self.app, self.config) | ||
req = webob.Request.blank('/tenant_id/') | ||
req.headers['X-Auth-Url'] = 'should_be_overwritten' | ||
self.middleware(req) | ||
self.assertEqual('foobar', req.headers['X-Auth-Url']) | ||
|
||
def test_reads_auth_url_from_local_config(self): | ||
self.middleware = auth_url.AuthUrlFilter(self.app, self.config) | ||
req = webob.Request.blank('/tenant_id/') | ||
self.middleware(req) | ||
self.assertIn('X-Auth-Url', req.headers) | ||
self.assertEqual('foobar', req.headers['X-Auth-Url']) |