Use auth_token from keystonemiddleware

auth_token middleware in python-keystoneclient is deprecated and has
been moved to the keystonemiddleware repo.

This patch updates Ironic to use the new keystonemiddleware package.

Change-Id: Ifb48996867f9f51c4dbedde0e0d9476c2d2818b4
Closes-Bug: #1342274
This commit is contained in:
Devananda van der Veen 2014-07-15 15:35:45 -07:00
parent dc8418d22c
commit 50003a107d
9 changed files with 18 additions and 31 deletions

View File

@ -854,7 +854,7 @@
[keystone_authtoken]
#
# Options defined in keystoneclient.middleware.auth_token
# Options defined in keystonemiddleware.auth_token
#
# Prefix to prepend at the beginning of the path. Deprecated,

View File

@ -18,36 +18,19 @@
"""Access Control Lists (ACL's) control access the API server."""
from keystoneclient.middleware import auth_token as keystone_auth_token
from oslo.config import cfg
from ironic.api.middleware import auth_token
OPT_GROUP_NAME = 'keystone_authtoken'
def register_opts(conf):
"""Register keystoneclient middleware options
:param conf: Ironic settings.
"""
conf.register_opts(keystone_auth_token.opts, group=OPT_GROUP_NAME)
keystone_auth_token.CONF = conf
def install(app, conf, public_routes):
"""Install ACL check on application.
:param app: A WSGI applicatin.
:param conf: Settings. Must include OPT_GROUP_NAME section.
:param conf: Settings. Dict'ified and passed to keystonemiddleware
:param public_routes: The list of the routes which will be allowed to
access without authentication.
:return: The same WSGI application with ACL installed.
"""
register_opts(cfg.CONF)
keystone_config = dict(conf.get(OPT_GROUP_NAME))
return auth_token.AuthTokenMiddleware(app,
conf=keystone_config,
conf=dict(conf),
public_api_routes=public_routes)

View File

@ -14,7 +14,7 @@
import re
from keystoneclient.middleware import auth_token
from keystonemiddleware import auth_token
from ironic.common import exception
from ironic.common import utils
@ -54,6 +54,6 @@ class AuthTokenMiddleware(auth_token.AuthProtocol):
self.public_api_routes))
if env['is_public_api']:
return self.app(env, start_response)
return self._app(env, start_response)
return super(AuthTokenMiddleware, self).__call__(env, start_response)

View File

@ -13,14 +13,14 @@
# under the License.
from keystoneclient import exceptions as ksexception
# NOTE(deva): import auth_token so oslo.config pulls in keystone_authtoken
from keystonemiddleware import auth_token # noqa
from oslo.config import cfg
from six.moves.urllib import parse
from ironic.api import acl
from ironic.common import exception
CONF = cfg.CONF
acl.register_opts(CONF)
def get_service_url(service_type='baremetal', endpoint_type='internal'):

View File

@ -20,7 +20,6 @@ from neutronclient.common import exceptions as neutron_client_exc
from neutronclient.v2_0 import client as clientv20
from oslo.config import cfg
from ironic.api import acl
from ironic.common import exception
from ironic.common import keystone
from ironic.drivers.modules import ssh
@ -46,7 +45,6 @@ neutron_opts = [
CONF = cfg.CONF
CONF.import_opt('my_ip', 'ironic.netconf')
CONF.register_opts(neutron_opts, group='neutron')
acl.register_opts(CONF)
LOG = logging.getLogger(__name__)

View File

@ -20,12 +20,13 @@
# ceilometer/tests/api/__init__.py). This should be oslo'ified:
# https://bugs.launchpad.net/ironic/+bug/1255115.
# NOTE(deva): import auth_token so we can override a config option
from keystonemiddleware import auth_token # noqa
from oslo.config import cfg
import pecan
import pecan.testing
from six.moves.urllib import parse as urlparse
from ironic.api import acl
from ironic.db import api as dbapi
from ironic.tests.db import base
@ -42,7 +43,8 @@ class FunctionalTest(base.DbTestCase):
def setUp(self):
super(FunctionalTest, self).setUp()
cfg.CONF.set_override("auth_version", "v2.0", group=acl.OPT_GROUP_NAME)
cfg.CONF.set_override("auth_version", "v2.0",
group='keystone_authtoken')
self.app = self._make_app()
self.dbapi = dbapi.get_instance()

View File

@ -18,9 +18,11 @@ are blocked or allowed to be processed.
import mock
# NOTE(deva): import auth_token so we can override a config option
from keystonemiddleware import auth_token # noqa
from oslo.config import cfg
from ironic.api import acl
from ironic.db import api as db_api
from ironic.tests.api import base
from ironic.tests.api import utils
@ -46,7 +48,8 @@ class TestACL(base.FunctionalTest):
**param)
def _make_app(self):
cfg.CONF.set_override('cache', 'fake.cache', group=acl.OPT_GROUP_NAME)
cfg.CONF.set_override('cache', 'fake.cache',
group='keystone_authtoken')
return super(TestACL, self)._make_app(enable_acl=True)
def test_non_authenticated(self):

View File

@ -31,6 +31,7 @@ six>=1.7.0
jsonpatch>=1.1
WSME>=0.6
Jinja2
keystonemiddleware>=1.0.0
oslo.messaging>=1.4.0.0a3
retrying>=1.2.2 # Apache-2.0
posix_ipc

View File

@ -1,2 +1,2 @@
export IRONIC_CONFIG_GENERATOR_EXTRA_LIBRARIES='oslo.db oslo.messaging'
export IRONIC_CONFIG_GENERATOR_EXTRA_MODULES=keystoneclient.middleware.auth_token
export IRONIC_CONFIG_GENERATOR_EXTRA_MODULES=keystonemiddleware.auth_token