def _wrap_app(app): """Wraps wsgi app with additional middlewares.""" app = request_id.RequestId(app) if CONF.audit.enabled: try: app = audit_middleware.AuditMiddleware( app, audit_map_file=CONF.audit.audit_map_file, ignore_req_list=CONF.audit.ignore_req_list) except (EnvironmentError, OSError, audit_middleware.PycadfAuditApiConfigError) as e: raise exceptions.InputFileError( file_name=CONF.audit.audit_map_file, reason=e) if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE: app = keystone.SkippingAuthProtocol(app, {}) # This should be the last middleware in the list (which results in # it being the first in the middleware chain). This is to ensure # that any errors thrown by other middleware, such as an auth # middleware - are annotated with CORS headers, and thus accessible # by the browser. app = cors.CORS(app, cfg.CONF) cors.set_defaults( allow_headers=['X-Auth-Token', 'X-Openstack-Request-Id'], allow_methods=['GET', 'PUT', 'POST', 'DELETE'], expose_headers=['X-Auth-Token', 'X-Openstack-Request-Id']) return app
def _wrap_app(app): app = request_id.RequestId(app) if cfg.CONF.auth_strategy == 'noauth': pass elif cfg.CONF.auth_strategy == 'keystone': app = auth_token.AuthProtocol(app, {}) else: raise n_exc.InvalidConfigurationOption( opt_name='auth_strategy', opt_value=cfg.CONF.auth_strategy) # version can be unauthenticated so it goes outside of auth app = versions.Versions(app) # This should be the last middleware in the list (which results in # it being the first in the middleware chain). This is to ensure # that any errors thrown by other middleware, such as an auth # middleware - are annotated with CORS headers, and thus accessible # by the browser. app = cors.CORS(app, cfg.CONF) app.set_latent(allow_headers=[ 'X-Auth-Token', 'X-Identity-Status', 'X-Roles', 'X-Service-Catalog', 'X-User-Id', 'X-Tenant-Id', 'X-OpenStack-Request-ID', 'X-Trace-Info', 'X-Trace-HMAC' ], allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'], expose_headers=[ 'X-Auth-Token', 'X-Subject-Token', 'X-Service-Token', 'X-OpenStack-Request-ID', 'X-Trace-Info', 'X-Trace-HMAC' ]) return app
def _wrap_app(app): app = request_id.RequestId(app) if cfg.CONF.auth_strategy == 'noauth': pass elif cfg.CONF.auth_strategy == 'keystone': app = auth_token.AuthProtocol(app, {}) else: raise n_exc.InvalidConfigurationOption( opt_name='auth_strategy', opt_value=cfg.CONF.auth_strategy) return app
def _wrap_app(app): app = request_id.RequestId(app) if cfg.CONF.auth_strategy == 'noauth': pass elif cfg.CONF.auth_strategy == 'keystone': p_excp.NotImplemented(func_name='keystone as auth_strategy') else: raise p_excp.InvalidConfigurationOption( opt_name='auth_strategy', opt_value=cfg.CONF.auth_strategy) return app
def test_generate_request_id(self): @webob.dec.wsgify def application(req): return req.environ[request_id.ENV_REQUEST_ID] app = request_id.RequestId(application) req = webob.Request.blank('/test') res = req.get_response(app) res_req_id = res.headers.get(request_id.HTTP_RESP_HEADER_REQUEST_ID) self.assertThat(res_req_id, matchers.StartsWith(b'req-')) # request-id in request environ is returned as response body self.assertEqual(res_req_id, res.body)
def _wrap_app(app): app = request_id.RequestId(app) if cfg.CONF.pecan.auth_enable and cfg.CONF.auth_strategy == 'keystone': conf = dict(cfg.CONF.keystone_authtoken) # Change auth decisions of requests to the app itself. conf.update({'delay_auth_decision': True}) # NOTE: Policy enforcement works only if Keystone # authentication is enabled. No support for other authentication # types at this point. return auth_token.AuthProtocol(app, conf) else: return app
def make_app(): """App builder (wsgi) Entry point for Sahara REST API server """ app = flask.Flask('sahara.api') @app.route('/', methods=['GET']) def version_list(): context.set_ctx(None) return api_utils.render( {"versions": [{ "id": "v1.0", "status": "CURRENT" }]}) @app.teardown_request def teardown_request(_ex=None): context.set_ctx(None) app.register_blueprint(api_v10.rest, url_prefix='/v1.0') app.register_blueprint(api_v10.rest, url_prefix='/v1.1') app.register_blueprint(api_v11.rest, url_prefix='/v1.1') def make_json_error(ex): status_code = (ex.code if isinstance( ex, werkzeug_exceptions.HTTPException) else 500) description = (ex.description if isinstance( ex, werkzeug_exceptions.HTTPException) else str(ex)) return api_utils.render( { 'error': status_code, 'error_message': description }, status=status_code) for code in six.iterkeys(werkzeug_exceptions.default_exceptions): app.error_handler_spec[None][code] = make_json_error if CONF.debug and not CONF.log_exchange: LOG.debug('Logging of request/response exchange could be enabled using' ' flag --log-exchange') if CONF.log_exchange: app.wsgi_app = log_exchange.LogExchange.factory(CONF)(app.wsgi_app) app.wsgi_app = auth_valid.wrap(app.wsgi_app) app.wsgi_app = acl.wrap(app.wsgi_app) app.wsgi_app = request_id.RequestId(app.wsgi_app) return app
def auth_app(app): app = request_id.RequestId(app) if cfg.CONF.auth_strategy == 'noauth': pass elif cfg.CONF.auth_strategy == 'keystone': # NOTE(zhiyuan) pkg_resources will try to load tricircle to get module # version, passing "project" as empty string to bypass it app = auth_token.AuthProtocol(app, {'project': ''}) else: raise t_exceptions.InvalidConfigurationOption( opt_name='auth_strategy', opt_value=cfg.CONF.auth_strategy) return app
def test_global_request_id_set(self): """Test that global request_id is set.""" @webob.dec.wsgify def application(req): return req.environ[request_id.GLOBAL_REQ_ID] global_req = "req-%s" % uuid.uuid4() app = request_id.RequestId(application) req = webob.Request.blank( '/test', headers={"X-OpenStack-Request-ID": global_req}) res = req.get_response(app) res_req_id = res.headers.get(request_id.HTTP_RESP_HEADER_REQUEST_ID) if isinstance(res_req_id, bytes): res_req_id = res_req_id.decode('utf-8') # global-request-id in request environ is returned as response body self.assertEqual(res.body.decode('utf-8'), global_req) self.assertNotEqual(res.body.decode('utf-8'), res_req_id)
def _wrap_app(app): """Wraps wsgi app with additional middlewares.""" app = request_id.RequestId(app) if cfg.CONF.auth_strategy == constants.KEYSTONE: app = auth_token.AuthProtocol(app, {}) # This should be the last middleware in the list (which results in # it being the first in the middleware chain). This is to ensure # that any errors thrown by other middleware, such as an auth # middleware - are annotated with CORS headers, and thus accessible # by the browser. app = cors.CORS(app, cfg.CONF) app.set_latent(allow_headers=['X-Auth-Token', 'X-Openstack-Request-Id'], allow_methods=['GET', 'PUT', 'POST', 'DELETE'], expose_headers=['X-Auth-Token', 'X-Openstack-Request-Id']) return app
def test_global_request_id_drop(self): """Test that bad format ids are dropped. This ensures that badly formatted ids are dropped entirely. """ @webob.dec.wsgify def application(req): return req.environ.get(request_id.GLOBAL_REQ_ID) global_req = "req-%s-bad" % uuid.uuid4() app = request_id.RequestId(application) req = webob.Request.blank( '/test', headers={"X-OpenStack-Request-ID": global_req}) res = req.get_response(app) res_req_id = res.headers.get(request_id.HTTP_RESP_HEADER_REQUEST_ID) if isinstance(res_req_id, bytes): res_req_id = res_req_id.decode('utf-8') # global-request-id in request environ is returned as response body self.assertEqual(res.body.decode('utf-8'), '')
def _wrap_app(app): app = request_id.RequestId(app) if cfg.CONF.auth_strategy == 'noauth': pass elif cfg.CONF.auth_strategy == 'keystone': app = auth_token.AuthProtocol(app, {}) else: raise n_exc.InvalidConfigurationOption( opt_name='auth_strategy', opt_value=cfg.CONF.auth_strategy) # This should be the last middleware in the list (which results in # it being the first in the middleware chain). This is to ensure # that any errors thrown by other middleware, such as an auth # middleware - are annotated with CORS headers, and thus accessible # by the browser. app = cors.CORS(app, cfg.CONF) app.set_latent(allow_headers=['X-Auth-Token', 'X-Openstack-Request-Id'], allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'], expose_headers=['X-Auth-Token', 'X-Openstack-Request-Id']) return app
def _wrap_app(app): app = request_id.RequestId(app) if CONF.api.auth_strategy == 'noauth': pass elif CONF.api.auth_strategy == 'keystone': app = auth_token.AuthProtocol(app, {}) LOG.info("Keystone authentication is enabled") else: raise g_exc.InvalidConfigurationOption(opt_name='auth_strategy', opt_value=CONF.auth_strategy) # dont bother authenticating version # app = versions.Versions(app) # gluon server is behind the proxy app = http_proxy_to_wsgi.HTTPProxyToWSGI(app) # This should be the last middleware in the list (which results in # it being the first in the middleware chain). This is to ensure # that any errors thrown by other middleware, such as an auth # middleware - are annotated with CORS headers, and thus accessible # by the browser. app = cors.CORS(app, CONF) cors.set_defaults(allow_headers=[ 'X-Auth-Token', 'X-Identity-Status', 'X-Roles', 'X-Service-Catalog', 'X-User-Id', 'X-Tenant-Id', 'X-OpenStack-Request-ID', 'X-Trace-Info', 'X-Trace-HMAC' ], allow_methods=['GET', 'PUT', 'POST', 'DELETE', 'PATCH'], expose_headers=[ 'X-Auth-Token', 'X-Subject-Token', 'X-Service-Token', 'X-OpenStack-Request-ID', 'X-Trace-Info', 'X-Trace-HMAC' ]) return app
def _wrap_app(app): """Wraps wsgi app with additional middlewares.""" app = request_id.RequestId(app) return app