commit e1eb3b2c0bdb7462d330703702677b3354ceb9ff
author tierno <alfonso.tiernosepulveda@telefonica.com> Mon Aug 26 15:59:24 2019 +0000
committer tierno <alfonso.tiernosepulveda@telefonica.com> Wed Aug 28 09:55:02 2019 +0000
tree 553e52786cc90416b7eb53eb8392464f1a944c31
parent 1546f2a46d99a4741b23857e6ceb4b813223e297

bug 832. Fixing non-authorized configuration for testing

Change-Id: I3c851031e902da8dddf542ee40c64699e088f6e8
Signed-off-by: tierno <alfonso.tiernosepulveda@telefonica.com>

osm_nbi/auth.py

diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py
index fde7455..c320d50 100644
--- a/osm_nbi/auth.py
+++ b/osm_nbi/auth.py
@@ -348,6 +348,12 @@
                 if cherrypy.session.get('Authorization'):
                     del cherrypy.session['Authorization']
                 cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
+            elif self.config.get("user_not_authorized"):
+                # TODO provide user_id, roles id (not name), project_id
+                return {"id": "fake-token-id-for-test",
+                        "project_id": self.config.get("project_not_authorized", "admin"),
+                        "username": self.config["user_not_authorized"],
+                        "roles": ["system_admin"]}
             raise
 
     def new_token(self, token_info, indata, remote):

osm_nbi/authconn_internal.py

diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py
index 40d3215..2d2ddab 100644
--- a/osm_nbi/authconn_internal.py
+++ b/osm_nbi/authconn_internal.py
@@ -47,9 +47,6 @@
 
         self.logger = logging.getLogger("nbi.authenticator.internal")
 
-        # Get Configuration
-        # self.xxx = config.get("xxx", "default")
-
         self.db = db
         self.token_cache = token_cache
 
@@ -99,12 +96,7 @@
             else:
                 raise
         except AuthException:
-            if self.config["global"].get("test.user_not_authorized"):
-                return {"id": "fake-token-id-for-test",
-                        "project_id": self.config["global"].get("test.project_not_authorized", "admin"),
-                        "username": self.config["global"]["test.user_not_authorized"], "admin": True}
-            else:
-                raise
+            raise
         except Exception:
             self.logger.exception("Error during token validation using internal backend")
             raise AuthException("Error during token validation using internal backend",

osm_nbi/nbi.cfg

diff --git a/osm_nbi/nbi.cfg b/osm_nbi/nbi.cfg
index a65e1d5..b8db711 100644
--- a/osm_nbi/nbi.cfg
+++ b/osm_nbi/nbi.cfg
@@ -41,10 +41,6 @@
 server.ssl_pass_phrase: "osm4u"
 server.thread_pool: 10
 
-# Only for test. It works without authorization using the provided user and project:
-# test.user_not_authorized: "admin"
-# test.project_not_authorized: "admin"
-
 # Uncomment for allow basic authentication apart from bearer
 # auth.allow_basic_authentication: True
 
@@ -93,7 +89,10 @@
 group_id: "nbi-server"
 
 [authentication]
-backend: "internal"
+backend: "internal"         # internal or keystone
+# Only for test. It works without authorization using the provided user and project:
+# user_not_authorized: "admin"
+# project_not_authorized: "admin"
 
 [rbac]
 # roles_to_operations: "roles_to_operations.yml"  # initial role generation when database