diff options
author | Sean Dague <sean@dague.net> | 2015-02-26 09:20:26 -0500 |
---|---|---|
committer | Sean Dague <sean@dague.net> | 2015-03-04 08:09:01 -0500 |
commit | df9181e5646f8cbf55a1f9357b51170c2025c18f (patch) | |
tree | 77e69328528c8fc5393fa9f7f1ae8210ef2d021c /etc/nova/api-paste.ini | |
parent | a5b8f6d3442aa68aad1fd7325736dfcbfa6e0191 (diff) | |
download | nova-df9181e5646f8cbf55a1f9357b51170c2025c18f.tar.gz |
create noauth2
This creates a noauth2 auth_strategy which is similar to noauth,
except it only gives you an admin context if the username passed in is
'admin'. This allows testing of non admin activities.
noauth is deprecated as of this commit. While we expect that it would
only be used in testing, it is exposed as a conf option, so could be
used behind a different auth proxy.
Also make the error path for pipeline loading contain a full
LOG.exception. This is a fatal condition for nova, and the current
error was often quite opaque. The full stack trace during this fatal
error makes addressing paste.ini issues much more straight forward.
DocImpact
Change-Id: I7cb5ab3e43a1e3bd7ccba0480053361743f859b2
Diffstat (limited to 'etc/nova/api-paste.ini')
-rw-r--r-- | etc/nova/api-paste.ini | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini index be00f38735..1a87f0c5a3 100644 --- a/etc/nova/api-paste.ini +++ b/etc/nova/api-paste.ini @@ -22,6 +22,7 @@ use = egg:Paste#urlmap [composite:ec2cloud] use = call:nova.api.auth:pipeline_factory noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor +noauth2 = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor [filter:ec2faultwrap] @@ -67,17 +68,20 @@ use = call:nova.api.openstack.urlmap:urlmap_factory [composite:openstack_compute_api_v2] use = call:nova.api.auth:pipeline_factory noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 +noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2 keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 [composite:openstack_compute_api_v21] use = call:nova.api.auth:pipeline_factory_v21 noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21 +noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 [composite:openstack_compute_api_v3] use = call:nova.api.auth:pipeline_factory_v21 noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 +noauth2 = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 keystone = request_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3 [filter:request_id] @@ -90,6 +94,9 @@ paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory paste.filter_factory = nova.api.openstack:FaultWrapper.factory [filter:noauth] +paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareOld.factory + +[filter:noauth2] paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory [filter:noauth_v3] |