Cleanup keystonemiddleware configuration

This set the name of the project in the paste configuration
to allow keystonemiddleware to find its configuration.

This option will be introduced in version 2.2.0.

This change also removes all keystonemiddleware workarounds.

Change-Id: Ic4cb466ef911378e404ba20cb9a910fb599ad3c5

aodh/service.py

@@ -17,7 +17,6 @@
 import os
 import socket
 
-from keystonemiddleware import opts as ks_opts
 from oslo_config import cfg
 from oslo_db import options as db_options
 import oslo_i18n
@@ -105,8 +104,6 @@ def prepare_service(argv=None):
     log.set_defaults(default_log_levels=log_levels)
     db_options.set_defaults(conf)
     policy_opts.set_defaults(conf)
-    for group, options in ks_opts.list_auth_token_opts():
-        conf.register_opts(list(options), group=group)
     from aodh import opts
     # Register our own Aodh options
     for group, options in opts.list_opts():

aodh/tests/api/__init__.py

@@ -39,7 +39,6 @@ class FunctionalTest(db_test_base.TestBase):
         self.CONF = self.useFixture(fixture_config.Config(conf)).conf
         self.setup_messaging(self.CONF)
 
-        self.CONF.set_override("auth_version", "v2.0", 'keystone_authtoken')
         self.CONF.set_override("policy_file",
                                self.path_get('etc/aodh/policy.json'),
                                group='oslo_policy')

aodh/tests/api/v2/test_acl_scenarios.py

@@ -15,82 +15,18 @@
 # under the License.
 """Test ACL."""
 
-import datetime
-import hashlib
-import json
-
 import mock
-from oslo_utils import timeutils
 import webtest
 
 from aodh.api import app
 from aodh.tests.api import v2
 from aodh.tests import db as tests_db
 
-VALID_TOKEN = '4562138218392831'
-VALID_TOKEN2 = '4562138218392832'
-
-
-class FakeMemcache(object):
-
-    TOKEN_HASH = hashlib.sha256(VALID_TOKEN.encode('utf-8')).hexdigest()
-    TOKEN2_HASH = hashlib.sha256(VALID_TOKEN2.encode('utf-8')).hexdigest()
-
-    def get(self, key):
-        if (key == "tokens/%s" % VALID_TOKEN or
-                key == "tokens/%s" % self.TOKEN_HASH):
-            dt = timeutils.utcnow() + datetime.timedelta(minutes=5)
-            return json.dumps(({'access': {
-                'token': {'id': VALID_TOKEN,
-                          'expires': timeutils.isotime(dt)},
-                'user': {
-                    'id': 'user_id1',
-                    'name': 'user_name1',
-                    'tenantId': '123i2910',
-                    'tenantName': 'mytenant',
-                    'roles': [
-                        {'name': 'admin'},
-                    ]},
-            }}, timeutils.isotime(dt)))
-        if (key == "tokens/%s" % VALID_TOKEN2 or
-                key == "tokens/%s" % self.TOKEN2_HASH):
-            dt = timeutils.utcnow() + datetime.timedelta(minutes=5)
-            return json.dumps(({'access': {
-                'token': {'id': VALID_TOKEN2,
-                          'expires': timeutils.isotime(dt)},
-                'user': {
-                    'id': 'user_id2',
-                    'name': 'user-good',
-                    'tenantId': 'project-good',
-                    'tenantName': 'goodies',
-                    'roles': [
-                        {'name': 'Member'},
-                    ]},
-            }}, timeutils.isotime(dt)))
-
-    @staticmethod
-    def set(key, value, **kwargs):
-        pass
-
 
 class TestAPIACL(v2.FunctionalTest,
                  tests_db.MixinTestsWithBackendScenarios):
 
-    def setUp(self):
-        super(TestAPIACL, self).setUp()
-        self.environ = {'fake.cache': FakeMemcache()}
-
-    def get_json(self, path, expect_errors=False, headers=None,
-                 q=None, **params):
-        return super(TestAPIACL, self).get_json(path,
-                                                expect_errors=expect_errors,
-                                                headers=headers,
-                                                q=q or [],
-                                                extra_environ=self.environ,
-                                                **params)
-
     def _make_app(self):
-        self.CONF.set_override("cache", "fake.cache", 'keystone_authtoken')
         file_name = self.path_get('etc/aodh/api_paste.ini')
         self.CONF.set_override("paste_config", file_name, "api")
         # We need the other call to prepare_service in app.py to return the

devstack/plugin.sh

@@ -189,14 +189,7 @@ function configure_aodh {
     iniset $AODH_CONF service_credentials os_region_name $REGION_NAME
     iniset $AODH_CONF service_credentials os_auth_url $KEYSTONE_SERVICE_URI/v2.0
 
-    # TODO(chdent): Until
-    # https://bugs.launchpad.net/keystonemiddleware/+bug/1482078
-    # and
-    # https://bugs.launchpad.net/keystonemiddleware/+bug/1406218
-    # are resolved the easiest way to deal with the auth_token
-    # middleware when using a non-global conf is to put it in the
-    # paste file.
-    configure_auth_token_middleware $AODH_CONF_DIR/api_paste.ini aodh $AODH_AUTH_CACHE_DIR filter:authtoken
+    configure_auth_token_middleware $AODH_CONF aodh $AODH_AUTH_CACHE_DIR 
 
     iniset $AODH_CONF notification store_events $AODH_EVENTS
 

etc/aodh/api_paste.ini

@@ -12,6 +12,7 @@ paste.app_factory = aodh.api.app:app_factory
 
 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+oslo_config_project = aodh
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware:RequestId.factory

requirements.txt

@@ -7,7 +7,7 @@ retrying!=1.3.0,>=1.2.3 # Apache-2.0
 croniter>=0.3.4 # MIT License
 eventlet>=0.17.4
 jsonschema!=2.5.0,<3.0.0,>=2.0.0
-keystonemiddleware>=1.5.0
+keystonemiddleware>=2.2.0
 lxml>=2.3
 oslo.context>=0.2.0 # Apache-2.0
 oslo.db>=1.12.0 # Apache-2.0