openstack/neutron
Code Issues Proposed changes

Add fake_project_id middleware for noauth

Browse Source 
This adds a middleware for noauth that would inject a fake
project_id for create requests. This would ensure that api
consumers don't have to provide a fake project_id in requests.

Closes-Bug: #1934039
Change-Id: I5e1de571034be41f1147c130fce66e6cf70b1369
This commit is contained in:
ramishra 2021-07-02 11:07:22 +05:30
parent 13e96bf6bd
commit ec550f5f52
3 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/api-paste.ini
View File

@ -6,7 +6,7 @@ use = egg:Paste#urlmap
[composite:neutronapi_v2_0] [composite:neutronapi_v2_0]
use = call:neutron.auth:pipeline_factory use = call:neutron.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id catch_errors osprofiler extensions neutronapiapp_v2_0 noauth = cors http_proxy_to_wsgi request_id fake_project_id catch_errors osprofiler extensions neutronapiapp_v2_0
keystone = cors http_proxy_to_wsgi request_id catch_errors osprofiler authtoken keystonecontext extensions neutronapiapp_v2_0 keystone = cors http_proxy_to_wsgi request_id catch_errors osprofiler authtoken keystonecontext extensions neutronapiapp_v2_0
[composite:neutronversions_composite] [composite:neutronversions_composite]
@ -28,6 +28,9 @@ oslo_config_project = neutron
paste.filter_factory = neutron.api.extensions:ProjectIdMiddleware.factory paste.filter_factory = neutron.api.extensions:ProjectIdMiddleware.factory
oslo_config_project = neutron oslo_config_project = neutron
[filter:fake_project_id]
paste.filter_factory = neutron.auth:NoauthFakeProjectId.factory
[filter:http_proxy_to_wsgi] [filter:http_proxy_to_wsgi]
paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory

15
neutron/auth.py
View File

@ -39,6 +39,21 @@ class NeutronKeystoneContext(base.ConfigurableMiddleware):
return self.application return self.application
class NoauthFakeProjectId(base.ConfigurableMiddleware):
"""Add fake project_id for noauth auth_strategy."""
@webob.dec.wsgify
def __call__(self, req):
ctx = context.Context.from_environ(req.environ)
if not ctx.project_id:
# Inject project_id
ctx.project_id = 'fake_project_id'
# Inject the context with the admin flag set
req.environ['neutron.context'] = ctx.elevated()
return self.application
def pipeline_factory(loader, global_conf, **local_conf): def pipeline_factory(loader, global_conf, **local_conf):
"""Create a paste pipeline based on the 'auth_strategy' config option.""" """Create a paste pipeline based on the 'auth_strategy' config option."""
pipeline = local_conf[cfg.CONF.auth_strategy] pipeline = local_conf[cfg.CONF.auth_strategy]

7
releasenotes/notes/allow-noauth-work-without-project-id-f92fac5df37810f0.yaml Normal file
View File

@ -0,0 +1,7 @@
---
features:
- When ``noauth`` auth_strategy is used, neutron no longer requires
a resource creation request to include a dummy 'project_id' in
request body. A default project_id ``fake_project_id`` would be
populated automatically in that case and would make the use of
``noauth`` usage simpler.