def test_add_auth_middleware_with_deprecated_items(self, mock_auth):
CONF.set_override('os_password', 'os_password', 'ironic')
CONF.set_override('admin_password', 'admin_password',
'keystone_authtoken')
CONF.set_override('os_username', 'os_username', 'ironic')
CONF.set_override('admin_user', 'admin_user', 'keystone_authtoken')
CONF.set_override('os_auth_url', 'os_auth_url', 'ironic')
CONF.set_override('auth_uri', 'auth_uri', 'keystone_authtoken')
CONF.set_override('os_tenant_name', 'os_tenant_name', 'ironic')
CONF.set_override('admin_tenant_name', 'admin_tenant_name',
'keystone_authtoken')
CONF.set_override('identity_uri', 'identity_uri_ironic', 'ironic')
CONF.set_override('identity_uri', 'identity_uri', 'keystone_authtoken')
app = mock.Mock(wsgi_app=mock.sentinel.app)
utils.add_auth_middleware(app)
call_args = mock_auth.call_args_list[0]
args = call_args[0]
self.assertEqual(mock.sentinel.app, args[0])
args1 = args[1]
self.assertEqual('os_password', args1['admin_password'])
self.assertEqual('os_username', args1['admin_user'])
self.assertEqual('os_auth_url', args1['auth_uri'])
self.assertEqual('os_tenant_name', args1['admin_tenant_name'])
self.assertTrue(args1['delay_auth_decision'])
self.assertEqual('identity_uri_ironic', args1['identity_uri'])
def test_add_auth_middleware_with_deprecated_items(self, mock_auth):
CONF.set_override('os_password', 'os_password', 'ironic')
CONF.set_override('admin_password', 'admin_password',
'keystone_authtoken')
CONF.set_override('os_username', 'os_username', 'ironic')
CONF.set_override('admin_user', 'admin_user', 'keystone_authtoken')
CONF.set_override('os_auth_url', 'os_auth_url', 'ironic')
CONF.set_override('auth_uri', 'auth_uri', 'keystone_authtoken')
CONF.set_override('os_tenant_name', 'os_tenant_name', 'ironic')
CONF.set_override('admin_tenant_name', 'admin_tenant_name',
'keystone_authtoken')
CONF.set_override('identity_uri', 'identity_uri_ironic', 'ironic')
CONF.set_override('identity_uri', 'identity_uri', 'keystone_authtoken')
app = mock.Mock(wsgi_app=mock.sentinel.app)
utils.add_auth_middleware(app)
call_args = mock_auth.call_args_list[0]
args = call_args[0]
self.assertEqual(mock.sentinel.app, args[0])
args1 = args[1]
self.assertEqual('os_password', args1['admin_password'])
self.assertEqual('os_username', args1['admin_user'])
self.assertEqual('os_auth_url', args1['auth_uri'])
self.assertEqual('os_tenant_name', args1['admin_tenant_name'])
self.assertTrue(args1['delay_auth_decision'])
self.assertEqual('identity_uri_ironic', args1['identity_uri'])
def test_add_auth_middleware_with_deprecated_items(self, mock_auth):
CONF.set_override("os_password", "os_password", "ironic")
CONF.set_override("admin_password", "admin_password", "keystone_authtoken")
CONF.set_override("os_username", "os_username", "ironic")
CONF.set_override("admin_user", "admin_user", "keystone_authtoken")
CONF.set_override("os_auth_url", "os_auth_url", "ironic")
CONF.set_override("auth_uri", "auth_uri", "keystone_authtoken")
CONF.set_override("os_tenant_name", "os_tenant_name", "ironic")
CONF.set_override("admin_tenant_name", "admin_tenant_name", "keystone_authtoken")
CONF.set_override("identity_uri", "identity_uri_ironic", "ironic")
CONF.set_override("identity_uri", "identity_uri", "keystone_authtoken")
app = mock.Mock(wsgi_app=mock.sentinel.app)
utils.add_auth_middleware(app)
call_args = mock_auth.call_args_list[0]
args = call_args[0]
self.assertEqual(mock.sentinel.app, args[0])
args1 = args[1]
self.assertEqual("os_password", args1["admin_password"])
self.assertEqual("os_username", args1["admin_user"])
self.assertEqual("os_auth_url", args1["auth_uri"])
self.assertEqual("os_tenant_name", args1["admin_tenant_name"])
self.assertTrue(args1["delay_auth_decision"])
self.assertEqual("identity_uri_ironic", args1["identity_uri"])
def _init_middleware():
"""Initialize WSGI middleware.
:returns: None
"""
# Ensure original root app is restored and wrap it with ProxyFix,
# respecting only the last entry in each header if it contains a list of
# values. The following headers are respected: X-Forwarded-For,
# X-Forwarded-Proto, X-Forwarded-Host, X-Forwarded-Port,
# X-Forwarded-Prefix (the last one sets SCRIPT_NAME environment variable
# that is used to construct links).
_app.wsgi_app = proxy_fix.ProxyFix(_wsgi_app,
x_for=1,
x_proto=1,
x_host=1,
x_port=1,
x_prefix=1)
if CONF.auth_strategy == 'keystone':
utils.add_auth_middleware(_app)
elif CONF.auth_strategy == 'http_basic':
utils.add_basic_auth_middleware(_app)
else:
LOG.warning('Starting unauthenticated, please check' ' configuration')
utils.add_cors_middleware(_app)
def _init_middleware():
"""Initialize WSGI middleware.
:returns: None
"""
if CONF.auth_strategy != 'noauth':
utils.add_auth_middleware(_app)
else:
LOG.warning('Starting unauthenticated, please check' ' configuration')
utils.add_cors_middleware(_app)
def _init_middleware(self):
"""Initialize WSGI middleware.
:returns: None
"""
if CONF.auth_strategy != 'noauth':
utils.add_auth_middleware(self.app)
else:
LOG.warning('Starting unauthenticated, please check'
' configuration')
utils.add_cors_middleware(self.app)
def _init_middleware():
"""Initialize WSGI middleware.
:returns: None
"""
# ensure original root app is restored before wrapping it
_app.wsgi_app = _wsgi_app
if CONF.auth_strategy == 'keystone':
utils.add_auth_middleware(_app)
elif CONF.auth_strategy == 'http_basic':
utils.add_basic_auth_middleware(_app)
else:
LOG.warning('Starting unauthenticated, please check' ' configuration')
utils.add_cors_middleware(_app)
def init(self):
if CONF.auth_strategy != 'noauth':
utils.add_auth_middleware(app)
else:
LOG.warning('Starting unauthenticated, please check'
' configuration')
if CONF.processing.store_data == 'none':
LOG.warning('Introspection data will not be stored. Change '
'"[processing] store_data" option if this is not '
'the desired behavior')
elif CONF.processing.store_data == 'swift':
LOG.info(
'Introspection data will be stored in Swift in the '
'container %s', CONF.swift.container)
utils.add_cors_middleware(app)
db.init()
try:
hooks = [
ext.name for ext in plugins_base.processing_hooks_manager()
]
except KeyError as exc:
# callback function raises MissingHookError derived from KeyError
# on missing hook
LOG.critical('Hook(s) %s failed to load or was not found',
str(exc))
sys.exit(1)
LOG.info('Enabled processing hooks: %s', hooks)
if CONF.firewall.manage_firewall:
firewall.init()
periodic_update_ = periodics.periodic(
spacing=CONF.firewall.firewall_update_period,
enabled=CONF.firewall.manage_firewall)(periodic_update)
periodic_clean_up_ = periodics.periodic(
spacing=CONF.clean_up_period)(periodic_clean_up)
self._periodics_worker = periodics.PeriodicWorker(
callables=[(periodic_update_, None, None),
(periodic_clean_up_, None, None)],
executor_factory=periodics.ExistingExecutor(utils.executor()))
utils.executor().submit(self._periodics_worker.start)
def init(self):
if utils.get_auth_strategy() != 'noauth':
utils.add_auth_middleware(app)
else:
LOG.warning(_LW('Starting unauthenticated, please check'
' configuration'))
if CONF.processing.store_data == 'none':
LOG.warning(_LW('Introspection data will not be stored. Change '
'"[processing] store_data" option if this is not '
'the desired behavior'))
elif CONF.processing.store_data == 'swift':
LOG.info(_LI('Introspection data will be stored in Swift in the '
'container %s'), CONF.swift.container)
utils.add_cors_middleware(app)
db.init()
try:
hooks = [ext.name for ext in
plugins_base.processing_hooks_manager()]
except KeyError as exc:
# callback function raises MissingHookError derived from KeyError
# on missing hook
LOG.critical(_LC('Hook(s) %s failed to load or was not found'),
str(exc))
sys.exit(1)
LOG.info(_LI('Enabled processing hooks: %s'), hooks)
if CONF.firewall.manage_firewall:
firewall.init()
periodic_update_ = periodics.periodic(
spacing=CONF.firewall.firewall_update_period,
enabled=CONF.firewall.manage_firewall
)(periodic_update)
periodic_clean_up_ = periodics.periodic(
spacing=CONF.clean_up_period
)(periodic_clean_up)
self._periodics_worker = periodics.PeriodicWorker(
callables=[(periodic_update_, None, None),
(periodic_clean_up_, None, None)],
executor_factory=periodics.ExistingExecutor(utils.executor()))
utils.executor().submit(self._periodics_worker.start)
def init(self):
if utils.get_auth_strategy() != 'noauth':
utils.add_auth_middleware(app)
else:
LOG.warning(
_LW('Starting unauthenticated, please check'
' configuration'))
if CONF.processing.store_data == 'none':
LOG.warning(
_LW('Introspection data will not be stored. Change '
'"[processing] store_data" option if this is not '
'the desired behavior'))
elif CONF.processing.store_data == 'swift':
LOG.info(
_LI('Introspection data will be stored in Swift in the '
'container %s'), CONF.swift.container)
utils.add_cors_middleware(app)
db.init()
try:
hooks = [
ext.name for ext in plugins_base.processing_hooks_manager()
]
except KeyError as exc:
# stevedore raises KeyError on missing hook
LOG.critical(_LC('Hook %s failed to load or was not found'),
str(exc))
sys.exit(1)
LOG.info(_LI('Enabled processing hooks: %s'), hooks)
if CONF.firewall.manage_firewall:
firewall.init()
self._periodics_worker = periodics.PeriodicWorker(
callables=[(periodic_update, None, None),
(periodic_clean_up, None, None)],
executor_factory=periodics.ExistingExecutor(utils.executor()))
utils.executor().submit(self._periodics_worker.start)
def test_middleware(self, mock_auth):
CONF.set_override("admin_user", "admin", "keystone_authtoken")
CONF.set_override("admin_tenant_name", "admin", "keystone_authtoken")
CONF.set_override("admin_password", "password", "keystone_authtoken")
CONF.set_override("auth_uri", "http://127.0.0.1:5000/v2.0", "keystone_authtoken")
CONF.set_override("identity_uri", "http://127.0.0.1:35357", "keystone_authtoken")
app = mock.Mock(wsgi_app=mock.sentinel.app)
utils.add_auth_middleware(app)
call_args = mock_auth.call_args_list[0]
args = call_args[0]
self.assertEqual(mock.sentinel.app, args[0])
args1 = args[1]
self.assertEqual("admin", args1["admin_user"])
self.assertEqual("admin", args1["admin_tenant_name"])
self.assertEqual("password", args1["admin_password"])
self.assertEqual(True, args1["delay_auth_decision"])
self.assertEqual("http://127.0.0.1:5000/v2.0", args1["auth_uri"])
self.assertEqual("http://127.0.0.1:35357", args1["identity_uri"])
def _init_middleware(self):
"""Initialize WSGI middleware.
:returns: None
"""
if CONF.auth_strategy != 'noauth':
utils.add_auth_middleware(self.app)
else:
LOG.warning('Starting unauthenticated, please check'
' configuration')
# TODO(aarefiev): move to WorkerService once we split service
if CONF.processing.store_data == 'none':
LOG.warning('Introspection data will not be stored. Change '
'"[processing] store_data" option if this is not '
'the desired behavior')
elif CONF.processing.store_data == 'swift':
LOG.info(
'Introspection data will be stored in Swift in the '
'container %s', CONF.swift.container)
utils.add_cors_middleware(self.app)
def init():
if utils.get_auth_strategy() != 'noauth':
utils.add_auth_middleware(app)
else:
LOG.warning(
_LW('Starting unauthenticated, please check'
' configuration'))
if CONF.processing.store_data == 'none':
LOG.warning(
_LW('Introspection data will not be stored. Change '
'"[processing] store_data" option if this is not the '
'desired behavior'))
elif CONF.processing.store_data == 'swift':
LOG.info(
_LI('Introspection data will be stored in Swift in the '
'container %s'), CONF.swift.container)
db.init()
try:
hooks = [ext.name for ext in plugins_base.processing_hooks_manager()]
except KeyError as exc:
# stevedore raises KeyError on missing hook
LOG.critical(_LC('Hook %s failed to load or was not found'), str(exc))
sys.exit(1)
LOG.info(_LI('Enabled processing hooks: %s'), hooks)
if CONF.firewall.manage_firewall:
firewall.init()
period = CONF.firewall.firewall_update_period
utils.spawn_n(periodic_update, period)
if CONF.timeout > 0:
period = CONF.clean_up_period
utils.spawn_n(periodic_clean_up, period)
else:
LOG.warning(_LW('Timeout is disabled in configuration'))
def test_middleware(self, mock_auth):
self.cfg.config(group='keystone_authtoken',
admin_user='******',
admin_tenant_name='admin',
admin_password='******',
auth_uri='http://127.0.0.1:5000',
identity_uri='http://127.0.0.1:35357')
app = mock.Mock(wsgi_app=mock.sentinel.app)
utils.add_auth_middleware(app)
call_args = mock_auth.call_args_list[0]
args = call_args[0]
self.assertEqual(mock.sentinel.app, args[0])
args1 = args[1]
self.assertEqual('admin', args1['admin_user'])
self.assertEqual('admin', args1['admin_tenant_name'])
self.assertEqual('password', args1['admin_password'])
self.assertTrue(args1['delay_auth_decision'])
self.assertEqual('http://127.0.0.1:5000', args1['auth_uri'])
self.assertEqual('http://127.0.0.1:35357', args1['identity_uri'])
def test_middleware(self, mock_auth):
CONF.set_override('admin_user', 'admin', 'keystone_authtoken')
CONF.set_override('admin_tenant_name', 'admin', 'keystone_authtoken')
CONF.set_override('admin_password', 'password', 'keystone_authtoken')
CONF.set_override('auth_uri', 'http://127.0.0.1:5000',
'keystone_authtoken')
CONF.set_override('identity_uri', 'http://127.0.0.1:35357',
'keystone_authtoken')
app = mock.Mock(wsgi_app=mock.sentinel.app)
utils.add_auth_middleware(app)
call_args = mock_auth.call_args_list[0]
args = call_args[0]
self.assertEqual(mock.sentinel.app, args[0])
args1 = args[1]
self.assertEqual('admin', args1['admin_user'])
self.assertEqual('admin', args1['admin_tenant_name'])
self.assertEqual('password', args1['admin_password'])
self.assertTrue(args1['delay_auth_decision'])
self.assertEqual('http://127.0.0.1:5000', args1['auth_uri'])
self.assertEqual('http://127.0.0.1:35357', args1['identity_uri'])
def test_middleware(self, mock_auth):
self.cfg.config(group='keystone_authtoken',
admin_user='******',
admin_tenant_name='admin',
admin_password='******',
www_authenticate_uri='http://127.0.0.1:5000',
identity_uri='http://127.0.0.1:35357')
app = mock.Mock(wsgi_app=mock.sentinel.app)
utils.add_auth_middleware(app)
call_args = mock_auth.call_args_list[0]
args = call_args[0]
self.assertEqual(mock.sentinel.app, args[0])
args1 = args[1]
self.assertEqual('admin', args1['admin_user'])
self.assertEqual('admin', args1['admin_tenant_name'])
self.assertEqual('password', args1['admin_password'])
self.assertTrue(args1['delay_auth_decision'])
self.assertEqual('http://127.0.0.1:5000',
args1['www_authenticate_uri'])
self.assertEqual('http://127.0.0.1:35357', args1['identity_uri'])
def test_middleware(self, mock_auth):
CONF.set_override('admin_user', 'admin', 'keystone_authtoken')
CONF.set_override('admin_tenant_name', 'admin', 'keystone_authtoken')
CONF.set_override('admin_password', 'password', 'keystone_authtoken')
CONF.set_override('auth_uri', 'http://127.0.0.1:5000',
'keystone_authtoken')
CONF.set_override('identity_uri', 'http://127.0.0.1:35357',
'keystone_authtoken')
app = mock.Mock(wsgi_app=mock.sentinel.app)
utils.add_auth_middleware(app)
call_args = mock_auth.call_args_list[0]
args = call_args[0]
self.assertEqual(mock.sentinel.app, args[0])
args1 = args[1]
self.assertEqual('admin', args1['admin_user'])
self.assertEqual('admin', args1['admin_tenant_name'])
self.assertEqual('password', args1['admin_password'])
self.assertTrue(args1['delay_auth_decision'])
self.assertEqual('http://127.0.0.1:5000', args1['auth_uri'])
self.assertEqual('http://127.0.0.1:35357', args1['identity_uri'])
def init():
if utils.get_auth_strategy() != 'noauth':
utils.add_auth_middleware(app)
else:
LOG.warning(_LW('Starting unauthenticated, please check'
' configuration'))
if CONF.processing.store_data == 'none':
LOG.warning(_LW('Introspection data will not be stored. Change '
'"[processing] store_data" option if this is not the '
'desired behavior'))
elif CONF.processing.store_data == 'swift':
LOG.info(_LI('Introspection data will be stored in Swift in the '
'container %s'), CONF.swift.container)
db.init()
try:
hooks = [ext.name for ext in plugins_base.processing_hooks_manager()]
except KeyError as exc:
# stevedore raises KeyError on missing hook
LOG.critical(_LC('Hook %s failed to load or was not found'), str(exc))
sys.exit(1)
LOG.info(_LI('Enabled processing hooks: %s'), hooks)
if CONF.firewall.manage_firewall:
firewall.init()
period = CONF.firewall.firewall_update_period
utils.spawn_n(periodic_update, period)
if CONF.timeout > 0:
period = CONF.clean_up_period
utils.spawn_n(periodic_clean_up, period)
else:
LOG.warning(_LW('Timeout is disabled in configuration'))