예제 #1
0
 def _test_context_hook(self,
                        mock_policy,
                        mock_ctx,
                        is_admin=False,
                        is_public_api=False,
                        auth_strategy='keystone',
                        request_id=None):
     cfg.CONF.set_override('auth_strategy', auth_strategy)
     headers = fake_headers(admin=is_admin)
     environ = headers_to_environ(headers, is_public_api=is_public_api)
     reqstate = FakeRequestState(headers=headers, environ=environ)
     context_hook = hooks.ContextHook(None)
     ctx = mock.Mock()
     if request_id:
         ctx.request_id = request_id
     mock_ctx.from_environ.return_value = ctx
     policy_dict = {'user_id': 'foo'}  # Lots of other values here
     ctx.to_policy_values.return_value = policy_dict
     mock_policy.return_value = is_admin
     context_hook.before(reqstate)
     creds_dict = {'is_public_api': is_public_api}
     mock_ctx.from_environ.assert_called_once_with(environ, **creds_dict)
     mock_policy.assert_called_once_with('is_admin', policy_dict,
                                         policy_dict)
     self.assertIs(is_admin, ctx.is_admin)
     if auth_strategy == 'noauth':
         self.assertIsNone(ctx.auth_token)
     return context_hook, reqstate
예제 #2
0
파일: app.py 프로젝트: skw0rm/ironic
def setup_app(pecan_config=None, extra_hooks=None):
    app_hooks = [
        hooks.ConfigHook(),
        hooks.DBHook(),
        hooks.ContextHook(pecan_config.app.acl_public_routes),
        hooks.RPCHook(),
        hooks.NoExceptionTracebackHook()
    ]
    if extra_hooks:
        app_hooks.extend(extra_hooks)

    if not pecan_config:
        pecan_config = get_pecan_config()

    if pecan_config.app.enable_acl:
        app_hooks.append(hooks.TrustedCallHook())

    pecan.configuration.set_config(dict(pecan_config), overwrite=True)

    app = pecan.make_app(
        pecan_config.app.root,
        static_root=pecan_config.app.static_root,
        debug=CONF.debug,
        force_canonical=getattr(pecan_config.app, 'force_canonical', True),
        hooks=app_hooks,
        wrap_app=middleware.ParsableErrorMiddleware,
    )

    if pecan_config.app.enable_acl:
        return acl.install(app, cfg.CONF, pecan_config.app.acl_public_routes)

    return app
예제 #3
0
def setup_app(pecan_config=None, extra_hooks=None):
    app_hooks = [
        hooks.ConfigHook(),
        hooks.DBHook(),
        hooks.ContextHook(),
        hooks.RPCHook()
    ]
    if extra_hooks:
        app_hooks.extend(extra_hooks)

    if not pecan_config:
        pecan_config = get_pecan_config()

    if pecan_config.app.enable_acl:
        app_hooks.append(acl.AdminAuthHook())

    pecan.configuration.set_config(dict(pecan_config), overwrite=True)

    app = pecan.make_app(
        pecan_config.app.root,
        static_root=pecan_config.app.static_root,
        template_path=pecan_config.app.template_path,
        debug=CONF.debug,
        force_canonical=getattr(pecan_config.app, 'force_canonical', True),
        hooks=app_hooks,
        wrap_app=middleware.ParsableErrorMiddleware,
    )

    if pecan_config.app.enable_acl:
        return acl.install(app, cfg.CONF)

    return app
예제 #4
0
파일: app.py 프로젝트: stackhpc/ironic
def setup_app(pecan_config=None, extra_hooks=None):
    app_hooks = [
        hooks.ConfigHook(),
        hooks.DBHook(),
        hooks.ContextHook(pecan_config.app.acl_public_routes),
        hooks.RPCHook(),
        hooks.NoExceptionTracebackHook(),
        hooks.PublicUrlHook()
    ]
    if extra_hooks:
        app_hooks.extend(extra_hooks)

    if not pecan_config:
        pecan_config = get_pecan_config()

    pecan.configuration.set_config(dict(pecan_config), overwrite=True)

    app = pecan.make_app(
        pecan_config.app.root,
        debug=CONF.pecan_debug,
        static_root=pecan_config.app.static_root if CONF.pecan_debug else None,
        force_canonical=getattr(pecan_config.app, 'force_canonical', True),
        hooks=app_hooks,
        wrap_app=middleware.ParsableErrorMiddleware,
    )

    if CONF.audit.enabled:
        try:
            app = audit_middleware.AuditMiddleware(
                app,
                audit_map_file=CONF.audit.audit_map_file,
                ignore_req_list=CONF.audit.ignore_req_list)
        except (EnvironmentError, OSError,
                audit_middleware.PycadfAuditApiConfigError) as e:
            raise exception.InputFileError(file_name=CONF.audit.audit_map_file,
                                           reason=e)

    if CONF.auth_strategy == "keystone":
        app = auth_token.AuthTokenMiddleware(
            app,
            dict(cfg.CONF),
            public_api_routes=pecan_config.app.acl_public_routes)

    # Create a CORS wrapper, and attach ironic-specific defaults that must be
    # included in all CORS responses.
    app = cors_middleware.CORS(app, CONF)
    cors_middleware.set_defaults(
        allow_headers=[
            base.Version.max_string, base.Version.min_string,
            base.Version.string
        ],
        allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
        expose_headers=[
            base.Version.max_string, base.Version.min_string,
            base.Version.string
        ])

    return app
예제 #5
0
 def test_context_hook_after_add_request_id(self, mock_ctx):
     headers = fake_headers(admin=True)
     reqstate = FakeRequestState(headers=headers)
     reqstate.set_context()
     reqstate.request.context.request_id = 'fake-id'
     context_hook = hooks.ContextHook(None)
     context_hook.after(reqstate)
     self.assertIn('Openstack-Request-Id', reqstate.response.headers)
     self.assertEqual('fake-id',
                      reqstate.response.headers['Openstack-Request-Id'])
예제 #6
0
 def test_context_hook_admin(self, mock_ctx):
     headers = fake_headers(admin=True)
     reqstate = FakeRequestState(headers=headers)
     context_hook = hooks.ContextHook(None)
     context_hook.before(reqstate)
     mock_ctx.assert_called_with(auth_token=headers['X-Auth-Token'],
                                 user=headers['X-User'],
                                 tenant=headers['X-Tenant'],
                                 domain_id=headers['X-User-Domain-Id'],
                                 domain_name=headers['X-User-Domain-Name'],
                                 is_public_api=False,
                                 is_admin=True,
                                 roles=headers['X-Roles'].split(','))
예제 #7
0
 def test_context_hook_noauth_token_removed(self, mock_ctx):
     cfg.CONF.set_override('auth_strategy', 'noauth')
     headers = fake_headers(admin=False)
     reqstate = FakeRequestState(headers=headers)
     context_hook = hooks.ContextHook(None)
     context_hook.before(reqstate)
     mock_ctx.assert_called_with(auth_token=None,
                                 user=headers['X-User'],
                                 tenant=headers['X-Tenant'],
                                 domain_id=headers['X-User-Domain-Id'],
                                 domain_name=headers['X-User-Domain-Name'],
                                 is_public_api=False,
                                 is_admin=False,
                                 roles=headers['X-Roles'].split(','))
예제 #8
0
 def test_context_hook_public_api(self, mock_ctx):
     cfg.CONF.set_override('auth_strategy', 'keystone')
     headers = fake_headers(admin=True)
     env = {'is_public_api': True}
     reqstate = FakeRequestState(headers=headers, environ=env)
     context_hook = hooks.ContextHook(None)
     context_hook.before(reqstate)
     mock_ctx.assert_called_with(auth_token=headers['X-Auth-Token'],
                                 user=headers['X-User'],
                                 tenant=headers['X-Tenant'],
                                 domain_id=headers['X-User-Domain-Id'],
                                 domain_name=headers['X-User-Domain-Name'],
                                 is_public_api=True,
                                 is_admin=True,
                                 roles=headers['X-Roles'].split(','))
예제 #9
0
def setup_app(pecan_config=None, extra_hooks=None):
    app_hooks = [
        hooks.ConfigHook(),
        hooks.DBHook(),
        hooks.ContextHook(pecan_config.app.acl_public_routes),
        hooks.RPCHook(),
        hooks.NoExceptionTracebackHook(),
        hooks.PublicUrlHook()
    ]
    if extra_hooks:
        app_hooks.extend(extra_hooks)

    if not pecan_config:
        pecan_config = get_pecan_config()

    if pecan_config.app.enable_acl:
        app_hooks.append(hooks.TrustedCallHook())

    pecan.configuration.set_config(dict(pecan_config), overwrite=True)

    app = pecan.make_app(
        pecan_config.app.root,
        static_root=pecan_config.app.static_root,
        debug=CONF.pecan_debug,
        force_canonical=getattr(pecan_config.app, 'force_canonical', True),
        hooks=app_hooks,
        wrap_app=middleware.ParsableErrorMiddleware,
    )

    if pecan_config.app.enable_acl:
        app = acl.install(app, cfg.CONF, pecan_config.app.acl_public_routes)

    # Create a CORS wrapper, and attach ironic-specific defaults that must be
    # included in all CORS responses.
    app = cors_middleware.CORS(app, CONF)
    app.set_latent(
        allow_headers=[Version.max_string, Version.min_string, Version.string],
        allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
        expose_headers=[
            Version.max_string, Version.min_string, Version.string
        ])

    # Insert the proxy support middleware to generate decent application links.
    app = proxy_middleware.HTTPProxyToWSGI(app, CONF)

    return app
예제 #10
0
파일: app.py 프로젝트: liuchin/ironic
def setup_app(pecan_config=None, extra_hooks=None):
    app_hooks = [
        hooks.ConfigHook(),
        hooks.DBHook(),
        hooks.ContextHook(pecan_config.app.acl_public_routes),
        hooks.RPCHook(),
        hooks.NoExceptionTracebackHook(),
        hooks.PublicUrlHook()
    ]
    if extra_hooks:
        app_hooks.extend(extra_hooks)

    if not pecan_config:
        pecan_config = get_pecan_config()

    pecan.configuration.set_config(dict(pecan_config), overwrite=True)

    app = pecan.make_app(
        pecan_config.app.root,
        debug=CONF.pecan_debug,
        static_root=pecan_config.app.static_root if CONF.pecan_debug else None,
        force_canonical=getattr(pecan_config.app, 'force_canonical', True),
        hooks=app_hooks,
        wrap_app=middleware.ParsableErrorMiddleware,
        # NOTE(dtantsur): enabling this causes weird issues with nodes named
        # as if they had a known mime extension, e.g. "mynode.1". We do
        # simulate the same behaviour for .json extensions for backward
        # compatibility through JsonExtensionMiddleware.
        guess_content_type_from_ext=False,
    )

    if CONF.audit.enabled:
        try:
            app = audit_middleware.AuditMiddleware(
                app,
                audit_map_file=CONF.audit.audit_map_file,
                ignore_req_list=CONF.audit.ignore_req_list)
        except (EnvironmentError, OSError,
                audit_middleware.PycadfAuditApiConfigError) as e:
            raise exception.InputFileError(file_name=CONF.audit.audit_map_file,
                                           reason=e)

    if CONF.auth_strategy == "keystone":
        app = auth_token.AuthTokenMiddleware(
            app, {"oslo_config_config": cfg.CONF},
            public_api_routes=pecan_config.app.acl_public_routes)

    if CONF.profiler.enabled:
        app = osprofiler_web.WsgiMiddleware(app)

    # Create a CORS wrapper, and attach ironic-specific defaults that must be
    # included in all CORS responses.
    app = IronicCORS(app, CONF)
    cors_middleware.set_defaults(
        allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
        expose_headers=[
            base.Version.max_string, base.Version.min_string,
            base.Version.string
        ])

    app = json_ext.JsonExtensionMiddleware(app)

    return app
예제 #11
0
파일: app.py 프로젝트: younkun/ironic
def setup_app(pecan_config=None, extra_hooks=None):
    app_hooks = [
        hooks.ConfigHook(),
        hooks.DBHook(),
        hooks.ContextHook(pecan_config.app.acl_public_routes),
        hooks.RPCHook(),
        hooks.NoExceptionTracebackHook(),
        hooks.PublicUrlHook()
    ]
    if extra_hooks:
        app_hooks.extend(extra_hooks)

    if not pecan_config:
        pecan_config = get_pecan_config()

    pecan.configuration.set_config(dict(pecan_config), overwrite=True)

    app = pecan.make_app(
        pecan_config.app.root,
        debug=CONF.pecan_debug,
        static_root=pecan_config.app.static_root if CONF.pecan_debug else None,
        force_canonical=getattr(pecan_config.app, 'force_canonical', True),
        hooks=app_hooks,
        wrap_app=middleware.ParsableErrorMiddleware,
        # NOTE(dtantsur): enabling this causes weird issues with nodes named
        # as if they had a known mime extension, e.g. "mynode.1". We do
        # simulate the same behaviour for .json extensions for backward
        # compatibility through JsonExtensionMiddleware.
        guess_content_type_from_ext=False,
    )

    if CONF.audit.enabled:
        try:
            app = audit_middleware.AuditMiddleware(
                app,
                audit_map_file=CONF.audit.audit_map_file,
                ignore_req_list=CONF.audit.ignore_req_list)
        except (EnvironmentError, OSError,
                audit_middleware.PycadfAuditApiConfigError) as e:
            raise exception.InputFileError(file_name=CONF.audit.audit_map_file,
                                           reason=e)

    auth_middleware = None
    if CONF.auth_strategy == "keystone":
        auth_middleware = auth_token.AuthProtocol(
            app, {"oslo_config_config": cfg.CONF})
    elif CONF.auth_strategy == "http_basic":
        auth_middleware = auth_basic.BasicAuthMiddleware(
            app, cfg.CONF.http_basic_auth_user_file)

    if auth_middleware:
        app = auth_public_routes.AuthPublicRoutes(
            app,
            auth=auth_middleware,
            public_api_routes=pecan_config.app.acl_public_routes)

    if CONF.profiler.enabled:
        app = osprofiler_web.WsgiMiddleware(app)

    # NOTE(pas-ha) this registers oslo_middleware.enable_proxy_headers_parsing
    # option, when disabled (default) this is noop middleware
    app = http_proxy_to_wsgi.HTTPProxyToWSGI(app, CONF)

    # add in the healthcheck middleware if enabled
    # NOTE(jroll) this is after the auth token middleware as we don't want auth
    # in front of this, and WSGI works from the outside in. Requests to
    # /healthcheck will be handled and returned before the auth middleware
    # is reached.
    if CONF.healthcheck.enabled:
        app = healthcheck.Healthcheck(app, CONF)

    # Create a CORS wrapper, and attach ironic-specific defaults that must be
    # included in all CORS responses.
    app = IronicCORS(app, CONF)
    cors_middleware.set_defaults(
        allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'],
        expose_headers=[
            base.Version.max_string, base.Version.min_string,
            base.Version.string
        ])

    app = json_ext.JsonExtensionMiddleware(app)

    return app