Coverage for nova/api/openstack/auth.py: 100%

38 statements  

« prev     ^ index     » next       coverage.py v7.6.12, created at 2025-04-17 15:08 +0000

1# Copyright 2013 IBM Corp. 

2# Copyright 2010 OpenStack Foundation 

3# All Rights Reserved. 

4# 

5# Licensed under the Apache License, Version 2.0 (the "License"); you may 

6# not use this file except in compliance with the License. You may obtain 

7# a copy of the License at 

8# 

9# http://www.apache.org/licenses/LICENSE-2.0 

10# 

11# Unless required by applicable law or agreed to in writing, software 

12# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 

13# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 

14# License for the specific language governing permissions and limitations 

15# under the License. 

16 

17from oslo_middleware import request_id 

18import webob.dec 

19import webob.exc 

20 

21from nova.api.openstack import wsgi 

22from nova.api import wsgi as base_wsgi 

23import nova.conf 

24from nova import context 

25 

26CONF = nova.conf.CONF 

27 

28 

29class NoAuthMiddlewareBase(base_wsgi.Middleware): 

30 """Return a fake token if one isn't specified.""" 

31 

32 def base_call(self, req, project_id_in_path, always_admin=True): 

33 if 'X-Auth-Token' not in req.headers: 

34 user_id = req.headers.get('X-Auth-User', 'admin') 

35 project_id = req.headers.get('X-Auth-Project-Id', 'admin') 

36 if project_id_in_path: 

37 os_url = '/'.join([req.url.rstrip('/'), project_id]) 

38 else: 

39 os_url = req.url.rstrip('/') 

40 res = webob.Response() 

41 # NOTE(vish): This is expecting and returning Auth(1.1), whereas 

42 # keystone uses 2.0 auth. We should probably allow 

43 # 2.0 auth here as well. 

44 res.headers['X-Auth-Token'] = '%s:%s' % (user_id, project_id) 

45 res.headers['X-Server-Management-Url'] = os_url 

46 res.content_type = 'text/plain' 

47 res.status = '204' 

48 return res 

49 

50 token = req.headers['X-Auth-Token'] 

51 user_id, _sep, project_id = token.partition(':') 

52 project_id = project_id or user_id 

53 remote_address = getattr(req, 'remote_addr', '127.0.0.1') 

54 is_admin = always_admin or (user_id == 'admin') 

55 ctx = context.RequestContext( 

56 user_id, project_id, is_admin=is_admin, 

57 remote_address=remote_address, 

58 request_id=req.environ.get(request_id.ENV_REQUEST_ID)) 

59 

60 req.environ['nova.context'] = ctx 

61 return self.application 

62 

63 

64class NoAuthMiddleware(NoAuthMiddlewareBase): 

65 """Return a fake token if one isn't specified. 

66 

67 noauth2 provides admin privs if 'admin' is provided as the user id. 

68 

69 """ 

70 @webob.dec.wsgify(RequestClass=wsgi.Request) 

71 def __call__(self, req): 

72 return self.base_call(req, True, always_admin=False) 

73 

74 

75class NoAuthMiddlewareV2_18(NoAuthMiddlewareBase): 

76 """Return a fake token if one isn't specified. 

77 

78 This provides a version of the middleware which does not add 

79 project_id into server management urls. 

80 

81 """ 

82 

83 @webob.dec.wsgify(RequestClass=wsgi.Request) 

84 def __call__(self, req): 

85 return self.base_call(req, False, always_admin=False)