Add noauth

Adds noauth option for testing. Change-Id: Idd0ee60ffdc824c9693e998595577b5eca3a24b6
2017-11-03 15:04:39 -04:00 · 2017-11-03 15:04:39 -04:00 · 5b4eee16b8
parent 1d1b8a7bf9
commit 5b4eee16b8
5 changed files with 83 additions and 3 deletions
--- a/charts/promenade/values.yaml
+++ b/charts/promenade/values.yaml
@ -20,7 +20,7 @@ conf:
      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
    filter:noauth:
      forged_roles: admin
-      paste.filter_factory: promenade.control.middleware:no_auth_filter_factory
+      paste.filter_factory: promenade.control.middleware:noauth_filter_factory
    app:promenade-api:
      paste.app_factory: promenade.promenade:paste_start_promenade

--- a/etc/promenade/noauth-api-paste.ini
+++ b/etc/promenade/noauth-api-paste.ini
@ -0,0 +1,27 @@
+# Copyright 2017 AT&T Intellectual Property.  All other rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#PasteDeploy Configuration File
+#Used to configure uWSGI middleware pipeline
+
+[filter:noauth]
+forged_roles = admin
+paste.filter_factory = promenade.control.middleware:no_auth_filter_factory
+
+[app:promenade-api]
+disable = keystone
+paste.app_factory = promenade.promenade:paste_start_promenade
+
+[pipeline:main]
+pipeline = noauth promenade-api
--- a/examples/basic/armada-resources.yaml
+++ b/examples/basic/armada-resources.yaml
@ -1070,7 +1070,7 @@ data:
    conf:
      paste:
        pipeline:main:
-          pipeline: promenade-api
+          pipeline: noauth promenade-api
    images:
      tags:
        api: quay.io/attcomdev/promenade:latest
--- a/promenade/control/middleware.py
+++ b/promenade/control/middleware.py
@ -124,4 +124,57 @@ class LoggingMiddleware(object):
        resp.append_header('X-Promenade-Req', ctx.request_id)
        self.logger.info(
            '%s %s - %s', req.method, req.uri, resp.status, extra=extra)
+
        self.logger.debug('Response body:\n%s', resp.body, extra=extra)
+
+
+class NoAuthFilter(object):
+    """PasteDeploy filter for NoAuth to be used in testing."""
+
+    def __init__(self, app, forged_roles):
+        self.app = app
+        self.forged_roles = forged_roles
+
+    def __call__(self, environ, start_response):
+        """Forge headers to make unauthenticated requests look authenticated.
+
+        If the request has a X-AUTH-TOKEN header, assume it is a valid request
+        and noop. Otherwise forge Keystone middleware headers so the request
+        looks valid with the configured forged roles.
+        """
+        if 'HTTP_X_AUTH_TOKEN' in environ:
+            return self.app(environ, start_response)
+
+        environ['HTTP_X_IDENTITY_STATUS'] = 'Confirmed'
+
+        for envvar in [
+                'USER_NAME', 'USER_ID', 'USER_DOMAIN_ID', 'PROJECT_ID',
+                'PROJECT_DOMAIN_NAME'
+        ]:
+            varname = "HTTP_X_%s" % envvar
+            environ[varname] = 'noauth'
+
+        if self.forged_roles:
+            if 'admin' in self.forged_roles:
+                environ['HTTP_X_IS_ADMIN_PROJECT'] = 'True'
+            else:
+                environ['HTTP_X_IS_ADMIN_PROJECT'] = 'False'
+            environ['HTTP_X_ROLES'] = ','.join(self.forged_roles)
+        else:
+            environ['HTTP_X_IS_ADMIN_PROJECT'] = 'True'
+            environ['HTTP_X_ROLES'] = 'admin'
+
+        return self.app(environ, start_response)
+
+
+def noauth_filter_factory(global_conf, forged_roles):
+    """Create a NoAuth paste deploy filter
+
+    :param forged_roles: A space seperated list for roles to forge on requests
+    """
+    forged_roles = forged_roles.split()
+
+    def filter(app):
+        return NoAuthFilter(app, forged_roles)
+
+    return filter
--- a/tools/dev/server.sh
+++ b/tools/dev/server.sh
@ -13,6 +13,6 @@ export PROMENADE_DEBUG=${PROMENADE_DEBUG:-1}
 exec docker run \
    --rm -it \
    --publish 9000:9000 \
-    --volume "${SOURCE_DIR}/etc/promenade":/etc/promenade \
+    --volume "${SOURCE_DIR}/etc/promenade/noauth-api-paste.ini":/etc/promenade/api-paste.ini:ro \
    quay.io/attcomdev/promenade:latest \
        server