From ad33f2550d1131db613761e9cfa47c0a719806b6 Mon Sep 17 00:00:00 2001 From: Kevin Benton Date: Thu, 11 Jun 2015 01:57:05 -0700 Subject: [PATCH] Add keystone middleware wrapper to pecan app Adds keystone middleware to enforce authentication if auth_strategy is set to keystone. Partially-Implements: blueprint wsgi-pecan-switch Change-Id: I59a97579b1f2397597a127f02d00e99468f1e4a0 --- neutron/newapi/app.py | 11 +++++++ .../functional/newapi/test_functional.py | 32 +++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/neutron/newapi/app.py b/neutron/newapi/app.py index f434c3dea..517f2690e 100644 --- a/neutron/newapi/app.py +++ b/neutron/newapi/app.py @@ -13,10 +13,14 @@ # License for the specific language governing permissions and limitations # under the License. +from keystonemiddleware import auth_token from oslo_config import cfg from oslo_middleware import request_id import pecan +from neutron.common import exceptions as n_exc + + CONF = cfg.CONF CONF.import_opt('bind_host', 'neutron.common.config') CONF.import_opt('bind_port', 'neutron.common.config') @@ -52,4 +56,11 @@ def setup_app(*args, **kwargs): def _wrap_app(app): app = request_id.RequestId(app) + if cfg.CONF.auth_strategy == 'noauth': + pass + elif cfg.CONF.auth_strategy == 'keystone': + app = auth_token.AuthProtocol(app, {}) + else: + raise n_exc.InvalidConfigurationOption( + opt_name='auth_strategy', opt_value=cfg.CONF.auth_strategy) return app diff --git a/neutron/tests/functional/newapi/test_functional.py b/neutron/tests/functional/newapi/test_functional.py index cf87425fa..0dde0bf9f 100644 --- a/neutron/tests/functional/newapi/test_functional.py +++ b/neutron/tests/functional/newapi/test_functional.py @@ -15,10 +15,13 @@ import os +from oslo_config import cfg from oslo_utils import uuidutils from pecan import set_config from pecan.testing import load_test_app +import testtools +from neutron.common import exceptions as n_exc from neutron.tests.unit import testlib_api @@ -28,11 +31,18 @@ class PecanFunctionalTest(testlib_api.SqlTestCase): self.setup_coreplugin('neutron.plugins.ml2.plugin.Ml2Plugin') super(PecanFunctionalTest, self).setUp() self.addCleanup(set_config, {}, overwrite=True) + self.set_config_overrides() + self.setup_app() + + def setup_app(self): self.app = load_test_app(os.path.join( os.path.dirname(__file__), 'config.py' )) + def set_config_overrides(self): + cfg.CONF.set_override('auth_strategy', 'noauth') + class TestV2Controller(PecanFunctionalTest): @@ -76,3 +86,25 @@ class TestRequestID(PecanFunctionalTest): response.headers['x-openstack-request-id'].startswith('req-')) id_part = response.headers['x-openstack-request-id'].split('req-')[1] self.assertTrue(uuidutils.is_uuid_like(id_part)) + + +class TestKeystoneAuth(PecanFunctionalTest): + + def set_config_overrides(self): + # default auth strategy is keystone so we pass + pass + + def test_auth_enforced(self): + response = self.app.get('/', expect_errors=True) + self.assertEqual(response.status_int, 401) + + +class TestInvalidAuth(PecanFunctionalTest): + def setup_app(self): + # disable normal app setup since it will fail + pass + + def test_invalid_auth_strategy(self): + cfg.CONF.set_override('auth_strategy', 'badvalue') + with testtools.ExpectedException(n_exc.InvalidConfigurationOption): + load_test_app(os.path.join(os.path.dirname(__file__), 'config.py')) -- 2.45.2