OpenStack Compute (nova)

Merge lp:~vishvananda/nova/remove-keystone-middleware into lp:~hudson-openstack/nova/trunk

  1. remove-keystone-middleware
  2. Merge into trunk
Proposed by Vish Ishaya
Status: Merged
Approved by: Soren Hansen
Approved revision: 1544
Merged at revision: 1606
Proposed branch: lp:~vishvananda/nova/remove-keystone-middleware
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 176 lines (+0/-113)
3 files modified
etc/nova/api-paste.ini (+0/-30)
nova/api/auth.py (+0/-32)
nova/api/ec2/__init__.py (+0/-51)
To merge this branch: bzr merge lp:~vishvananda/nova/remove-keystone-middleware
Reviewer Review Type Date Requested Status
Soren Hansen (community) Approve
Devin Carlen (community) Approve
Review via email: mp+76297@code.launchpad.net

Description of the change

Remove keystone middlewares.

To post a comment you must log in.
lp:~vishvananda/nova/remove-keystone-middleware updated
1543. By Vish Ishaya

merge trunk, fix conflicts

1544. By Vish Ishaya

remove keystone url flag

Revision history for this message
Devin Carlen (devcamcar) wrote :

yes indeed

review: Approve
Revision history for this message
Soren Hansen (soren) wrote :

This correctly removes the keystone middleware, which, per our fearless leader, is what we want.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'etc/nova/api-paste.ini'
2--- etc/nova/api-paste.ini 2011-08-24 02:43:10 +0000
3+++ etc/nova/api-paste.ini 2011-09-20 22:55:27 +0000
4@@ -22,15 +22,11 @@
5 pipeline = logrequest ec2noauth cloudrequest authorizer ec2executor
6 # NOTE(vish): use the following pipeline for deprecated auth
7 #pipeline = logrequest authenticate cloudrequest authorizer ec2executor
8-# NOTE(vish): use the following pipeline for keystone
9-# pipeline = logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor
10
11 [pipeline:ec2admin]
12 pipeline = logrequest ec2noauth adminrequest authorizer ec2executor
13 # NOTE(vish): use the following pipeline for deprecated auth
14 #pipeline = logrequest authenticate adminrequest authorizer ec2executor
15-# NOTE(vish): use the following pipeline for keystone
16-#pipeline = logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor
17
18 [pipeline:ec2metadata]
19 pipeline = logrequest ec2md
20@@ -44,9 +40,6 @@
21 [filter:ec2lockout]
22 paste.filter_factory = nova.api.ec2:Lockout.factory
23
24-[filter:totoken]
25-paste.filter_factory = nova.api.ec2:ToToken.factory
26-
27 [filter:ec2noauth]
28 paste.filter_factory = nova.api.ec2:NoAuth.factory
29
30@@ -87,15 +80,11 @@
31 pipeline = faultwrap noauth ratelimit osapiapp10
32 # NOTE(vish): use the following pipeline for deprecated auth
33 # pipeline = faultwrap auth ratelimit osapiapp10
34-# NOTE(vish): use the following pipeline for keystone
35-#pipeline = faultwrap authtoken keystonecontext ratelimit osapiapp10
36
37 [pipeline:openstackapi11]
38 pipeline = faultwrap noauth ratelimit extensions osapiapp11
39 # NOTE(vish): use the following pipeline for deprecated auth
40 # pipeline = faultwrap auth ratelimit extensions osapiapp11
41-# NOTE(vish): use the following pipeline for keystone
42-# pipeline = faultwrap authtoken keystonecontext ratelimit extensions osapiapp11
43
44 [filter:faultwrap]
45 paste.filter_factory = nova.api.openstack:FaultWrapper.factory
46@@ -123,22 +112,3 @@
47
48 [app:osversionapp]
49 paste.app_factory = nova.api.openstack.versions:Versions.factory
50-
51-##########
52-# Shared #
53-##########
54-
55-[filter:keystonecontext]
56-paste.filter_factory = nova.api.auth:KeystoneContext.factory
57-
58-[filter:authtoken]
59-paste.filter_factory = keystone.middleware.auth_token:filter_factory
60-service_protocol = http
61-service_host = 127.0.0.1
62-service_port = 808
63-auth_host = 127.0.0.1
64-auth_port = 5001
65-auth_protocol = http
66-auth_uri = http://127.0.0.1:5000/
67-admin_token = 999888777666
68-
69
70=== modified file 'nova/api/auth.py'
71--- nova/api/auth.py 2011-09-10 17:56:54 +0000
72+++ nova/api/auth.py 2011-09-20 22:55:27 +0000
73@@ -43,35 +43,3 @@
74 def __call__(self, req):
75 req.environ['nova.context'] = self.context
76 return self.application
77-
78-
79-class KeystoneContext(wsgi.Middleware):
80- """Make a request context from keystone headers"""
81-
82- @webob.dec.wsgify(RequestClass=wsgi.Request)
83- def __call__(self, req):
84- try:
85- user_id = req.headers['X_USER']
86- except KeyError:
87- return webob.exc.HTTPUnauthorized()
88- # get the roles
89- roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')]
90- project_id = req.headers['X_TENANT']
91- # Get the auth token
92- auth_token = req.headers.get('X_AUTH_TOKEN',
93- req.headers.get('X_STORAGE_TOKEN'))
94-
95- # Build a context, including the auth_token...
96- remote_address = getattr(req, 'remote_address', '127.0.0.1')
97- remote_address = req.remote_addr
98- if FLAGS.use_forwarded_for:
99- remote_address = req.headers.get('X-Forwarded-For', remote_address)
100- ctx = context.RequestContext(user_id,
101- project_id,
102- roles=roles,
103- auth_token=auth_token,
104- strategy='keystone',
105- remote_address=remote_address)
106-
107- req.environ['nova.context'] = ctx
108- return self.application
109
110=== modified file 'nova/api/ec2/__init__.py'
111--- nova/api/ec2/__init__.py 2011-09-01 14:02:02 +0000
112+++ nova/api/ec2/__init__.py 2011-09-20 22:55:27 +0000
113@@ -46,9 +46,6 @@
114 'Number of minutes to lockout if triggered.')
115 flags.DEFINE_integer('lockout_window', 15,
116 'Number of minutes for lockout window.')
117-flags.DEFINE_string('keystone_ec2_url',
118- 'http://localhost:5000/v2.0/ec2tokens',
119- 'URL to get token from ec2 request.')
120 flags.DECLARE('use_forwarded_for', 'nova.api.auth')
121
122
123@@ -142,54 +139,6 @@
124 return res
125
126
127-class ToToken(wsgi.Middleware):
128- """Authenticate an EC2 request with keystone and convert to token."""
129-
130- @webob.dec.wsgify(RequestClass=wsgi.Request)
131- def __call__(self, req):
132- # Read request signature and access id.
133- try:
134- signature = req.params['Signature']
135- access = req.params['AWSAccessKeyId']
136- except KeyError:
137- raise webob.exc.HTTPBadRequest()
138-
139- # Make a copy of args for authentication and signature verification.
140- auth_params = dict(req.params)
141- # Not part of authentication args
142- auth_params.pop('Signature')
143-
144- # Authenticate the request.
145- creds = {'ec2Credentials': {'access': access,
146- 'signature': signature,
147- 'host': req.host,
148- 'verb': req.method,
149- 'path': req.path,
150- 'params': auth_params,
151- }}
152- creds_json = utils.dumps(creds)
153- headers = {'Content-Type': 'application/json'}
154- o = urlparse(FLAGS.keystone_ec2_url)
155- if o.scheme == "http":
156- conn = httplib.HTTPConnection(o.netloc)
157- else:
158- conn = httplib.HTTPSConnection(o.netloc)
159- conn.request('POST', o.path, body=creds_json, headers=headers)
160- response = conn.getresponse().read()
161- conn.close()
162-
163- # NOTE(vish): We could save a call to keystone by
164- # having keystone return token, tenant,
165- # user, and roles from this call.
166- result = utils.loads(response)
167- # TODO(vish): check for errors
168-
169- token_id = result['auth']['token']['id']
170- # Authenticated!
171- req.headers['X-Auth-Token'] = token_id
172- return self.application
173-
174-
175 class NoAuth(wsgi.Middleware):
176 """Add user:project as 'nova.context' to WSGI environ."""
177