From e1eb3b2c0bdb7462d330703702677b3354ceb9ff Mon Sep 17 00:00:00 2001 From: tierno Date: Mon, 26 Aug 2019 15:59:24 +0000 Subject: [PATCH] bug 832. Fixing non-authorized configuration for testing Change-Id: I3c851031e902da8dddf542ee40c64699e088f6e8 Signed-off-by: tierno --- osm_nbi/auth.py | 6 ++++++ osm_nbi/authconn_internal.py | 10 +--------- osm_nbi/nbi.cfg | 9 ++++----- 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py index fde7455..c320d50 100644 --- a/osm_nbi/auth.py +++ b/osm_nbi/auth.py @@ -348,6 +348,12 @@ class Authenticator: if cherrypy.session.get('Authorization'): del cherrypy.session['Authorization'] cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e) + elif self.config.get("user_not_authorized"): + # TODO provide user_id, roles id (not name), project_id + return {"id": "fake-token-id-for-test", + "project_id": self.config.get("project_not_authorized", "admin"), + "username": self.config["user_not_authorized"], + "roles": ["system_admin"]} raise def new_token(self, token_info, indata, remote): diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py index 40d3215..2d2ddab 100644 --- a/osm_nbi/authconn_internal.py +++ b/osm_nbi/authconn_internal.py @@ -47,9 +47,6 @@ class AuthconnInternal(Authconn): self.logger = logging.getLogger("nbi.authenticator.internal") - # Get Configuration - # self.xxx = config.get("xxx", "default") - self.db = db self.token_cache = token_cache @@ -99,12 +96,7 @@ class AuthconnInternal(Authconn): else: raise except AuthException: - if self.config["global"].get("test.user_not_authorized"): - return {"id": "fake-token-id-for-test", - "project_id": self.config["global"].get("test.project_not_authorized", "admin"), - "username": self.config["global"]["test.user_not_authorized"], "admin": True} - else: - raise + raise except Exception: self.logger.exception("Error during token validation using internal backend") raise AuthException("Error during token validation using internal backend", diff --git a/osm_nbi/nbi.cfg b/osm_nbi/nbi.cfg index a65e1d5..b8db711 100644 --- a/osm_nbi/nbi.cfg +++ b/osm_nbi/nbi.cfg @@ -41,10 +41,6 @@ server.ssl_private_key: "./http/privkey.pem" server.ssl_pass_phrase: "osm4u" server.thread_pool: 10 -# Only for test. It works without authorization using the provided user and project: -# test.user_not_authorized: "admin" -# test.project_not_authorized: "admin" - # Uncomment for allow basic authentication apart from bearer # auth.allow_basic_authentication: True @@ -93,7 +89,10 @@ loglevel: "DEBUG" group_id: "nbi-server" [authentication] -backend: "internal" +backend: "internal" # internal or keystone +# Only for test. It works without authorization using the provided user and project: +# user_not_authorized: "admin" +# project_not_authorized: "admin" [rbac] # roles_to_operations: "roles_to_operations.yml" # initial role generation when database -- 2.25.1