From ec550f5f52c5377f57499eeadd7e0d665dcdb73d Mon Sep 17 00:00:00 2001 From: ramishra Date: Fri, 2 Jul 2021 11:07:22 +0530 Subject: [PATCH] Add fake_project_id middleware for noauth This adds a middleware for noauth that would inject a fake project_id for create requests. This would ensure that api consumers don't have to provide a fake project_id in requests. Closes-Bug: #1934039 Change-Id: I5e1de571034be41f1147c130fce66e6cf70b1369 --- etc/api-paste.ini | 5 ++++- neutron/auth.py | 15 +++++++++++++++ ...-work-without-project-id-f92fac5df37810f0.yaml | 7 +++++++ 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/allow-noauth-work-without-project-id-f92fac5df37810f0.yaml diff --git a/etc/api-paste.ini b/etc/api-paste.ini index 07d612e12b4..2f9da210438 100644 --- a/etc/api-paste.ini +++ b/etc/api-paste.ini @@ -6,7 +6,7 @@ use = egg:Paste#urlmap [composite:neutronapi_v2_0] use = call:neutron.auth:pipeline_factory -noauth = cors http_proxy_to_wsgi request_id catch_errors osprofiler extensions neutronapiapp_v2_0 +noauth = cors http_proxy_to_wsgi request_id fake_project_id catch_errors osprofiler extensions neutronapiapp_v2_0 keystone = cors http_proxy_to_wsgi request_id catch_errors osprofiler authtoken keystonecontext extensions neutronapiapp_v2_0 [composite:neutronversions_composite] @@ -28,6 +28,9 @@ oslo_config_project = neutron paste.filter_factory = neutron.api.extensions:ProjectIdMiddleware.factory oslo_config_project = neutron +[filter:fake_project_id] +paste.filter_factory = neutron.auth:NoauthFakeProjectId.factory + [filter:http_proxy_to_wsgi] paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory diff --git a/neutron/auth.py b/neutron/auth.py index ae5a1898fd8..d9b81ef0dc5 100644 --- a/neutron/auth.py +++ b/neutron/auth.py @@ -39,6 +39,21 @@ class NeutronKeystoneContext(base.ConfigurableMiddleware): return self.application +class NoauthFakeProjectId(base.ConfigurableMiddleware): + """Add fake project_id for noauth auth_strategy.""" + + @webob.dec.wsgify + def __call__(self, req): + ctx = context.Context.from_environ(req.environ) + if not ctx.project_id: + # Inject project_id + ctx.project_id = 'fake_project_id' + # Inject the context with the admin flag set + req.environ['neutron.context'] = ctx.elevated() + + return self.application + + def pipeline_factory(loader, global_conf, **local_conf): """Create a paste pipeline based on the 'auth_strategy' config option.""" pipeline = local_conf[cfg.CONF.auth_strategy] diff --git a/releasenotes/notes/allow-noauth-work-without-project-id-f92fac5df37810f0.yaml b/releasenotes/notes/allow-noauth-work-without-project-id-f92fac5df37810f0.yaml new file mode 100644 index 00000000000..3eb2355cb8b --- /dev/null +++ b/releasenotes/notes/allow-noauth-work-without-project-id-f92fac5df37810f0.yaml @@ -0,0 +1,7 @@ +--- +features: + - When ``noauth`` auth_strategy is used, neutron no longer requires + a resource creation request to include a dummy 'project_id' in + request body. A default project_id ``fake_project_id`` would be + populated automatically in that case and would make the use of + ``noauth`` usage simpler.