Add noauth
Adds noauth option for testing. Change-Id: Idd0ee60ffdc824c9693e998595577b5eca3a24b6
This commit is contained in:
parent
1d1b8a7bf9
commit
5b4eee16b8
|
@ -20,7 +20,7 @@ conf:
|
||||||
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
|
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
|
||||||
filter:noauth:
|
filter:noauth:
|
||||||
forged_roles: admin
|
forged_roles: admin
|
||||||
paste.filter_factory: promenade.control.middleware:no_auth_filter_factory
|
paste.filter_factory: promenade.control.middleware:noauth_filter_factory
|
||||||
app:promenade-api:
|
app:promenade-api:
|
||||||
paste.app_factory: promenade.promenade:paste_start_promenade
|
paste.app_factory: promenade.promenade:paste_start_promenade
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
#PasteDeploy Configuration File
|
||||||
|
#Used to configure uWSGI middleware pipeline
|
||||||
|
|
||||||
|
[filter:noauth]
|
||||||
|
forged_roles = admin
|
||||||
|
paste.filter_factory = promenade.control.middleware:no_auth_filter_factory
|
||||||
|
|
||||||
|
[app:promenade-api]
|
||||||
|
disable = keystone
|
||||||
|
paste.app_factory = promenade.promenade:paste_start_promenade
|
||||||
|
|
||||||
|
[pipeline:main]
|
||||||
|
pipeline = noauth promenade-api
|
|
@ -1070,7 +1070,7 @@ data:
|
||||||
conf:
|
conf:
|
||||||
paste:
|
paste:
|
||||||
pipeline:main:
|
pipeline:main:
|
||||||
pipeline: promenade-api
|
pipeline: noauth promenade-api
|
||||||
images:
|
images:
|
||||||
tags:
|
tags:
|
||||||
api: quay.io/attcomdev/promenade:latest
|
api: quay.io/attcomdev/promenade:latest
|
||||||
|
|
|
@ -124,4 +124,57 @@ class LoggingMiddleware(object):
|
||||||
resp.append_header('X-Promenade-Req', ctx.request_id)
|
resp.append_header('X-Promenade-Req', ctx.request_id)
|
||||||
self.logger.info(
|
self.logger.info(
|
||||||
'%s %s - %s', req.method, req.uri, resp.status, extra=extra)
|
'%s %s - %s', req.method, req.uri, resp.status, extra=extra)
|
||||||
|
|
||||||
self.logger.debug('Response body:\n%s', resp.body, extra=extra)
|
self.logger.debug('Response body:\n%s', resp.body, extra=extra)
|
||||||
|
|
||||||
|
|
||||||
|
class NoAuthFilter(object):
|
||||||
|
"""PasteDeploy filter for NoAuth to be used in testing."""
|
||||||
|
|
||||||
|
def __init__(self, app, forged_roles):
|
||||||
|
self.app = app
|
||||||
|
self.forged_roles = forged_roles
|
||||||
|
|
||||||
|
def __call__(self, environ, start_response):
|
||||||
|
"""Forge headers to make unauthenticated requests look authenticated.
|
||||||
|
|
||||||
|
If the request has a X-AUTH-TOKEN header, assume it is a valid request
|
||||||
|
and noop. Otherwise forge Keystone middleware headers so the request
|
||||||
|
looks valid with the configured forged roles.
|
||||||
|
"""
|
||||||
|
if 'HTTP_X_AUTH_TOKEN' in environ:
|
||||||
|
return self.app(environ, start_response)
|
||||||
|
|
||||||
|
environ['HTTP_X_IDENTITY_STATUS'] = 'Confirmed'
|
||||||
|
|
||||||
|
for envvar in [
|
||||||
|
'USER_NAME', 'USER_ID', 'USER_DOMAIN_ID', 'PROJECT_ID',
|
||||||
|
'PROJECT_DOMAIN_NAME'
|
||||||
|
]:
|
||||||
|
varname = "HTTP_X_%s" % envvar
|
||||||
|
environ[varname] = 'noauth'
|
||||||
|
|
||||||
|
if self.forged_roles:
|
||||||
|
if 'admin' in self.forged_roles:
|
||||||
|
environ['HTTP_X_IS_ADMIN_PROJECT'] = 'True'
|
||||||
|
else:
|
||||||
|
environ['HTTP_X_IS_ADMIN_PROJECT'] = 'False'
|
||||||
|
environ['HTTP_X_ROLES'] = ','.join(self.forged_roles)
|
||||||
|
else:
|
||||||
|
environ['HTTP_X_IS_ADMIN_PROJECT'] = 'True'
|
||||||
|
environ['HTTP_X_ROLES'] = 'admin'
|
||||||
|
|
||||||
|
return self.app(environ, start_response)
|
||||||
|
|
||||||
|
|
||||||
|
def noauth_filter_factory(global_conf, forged_roles):
|
||||||
|
"""Create a NoAuth paste deploy filter
|
||||||
|
|
||||||
|
:param forged_roles: A space seperated list for roles to forge on requests
|
||||||
|
"""
|
||||||
|
forged_roles = forged_roles.split()
|
||||||
|
|
||||||
|
def filter(app):
|
||||||
|
return NoAuthFilter(app, forged_roles)
|
||||||
|
|
||||||
|
return filter
|
||||||
|
|
|
@ -13,6 +13,6 @@ export PROMENADE_DEBUG=${PROMENADE_DEBUG:-1}
|
||||||
exec docker run \
|
exec docker run \
|
||||||
--rm -it \
|
--rm -it \
|
||||||
--publish 9000:9000 \
|
--publish 9000:9000 \
|
||||||
--volume "${SOURCE_DIR}/etc/promenade":/etc/promenade \
|
--volume "${SOURCE_DIR}/etc/promenade/noauth-api-paste.ini":/etc/promenade/api-paste.ini:ro \
|
||||||
quay.io/attcomdev/promenade:latest \
|
quay.io/attcomdev/promenade:latest \
|
||||||
server
|
server
|
||||||
|
|
Loading…
Reference in New Issue