diff --git a/ironic/api/hooks.py b/ironic/api/hooks.py index ddf81a9860..0132e14fb7 100644 --- a/ironic/api/hooks.py +++ b/ironic/api/hooks.py @@ -65,12 +65,16 @@ class ContextHook(hooks.PecanHook): def before(self, state): headers = state.request.headers + # Do not pass any token with context for noauth mode + auth_token = (None if cfg.CONF.auth_strategy == 'noauth' else + headers.get('X-Auth-Token')) + creds = { 'user': headers.get('X-User') or headers.get('X-User-Id'), 'tenant': headers.get('X-Tenant') or headers.get('X-Tenant-Id'), 'domain_id': headers.get('X-User-Domain-Id'), 'domain_name': headers.get('X-User-Domain-Name'), - 'auth_token': headers.get('X-Auth-Token'), + 'auth_token': auth_token, 'roles': headers.get('X-Roles', '').split(','), } diff --git a/ironic/tests/api/test_hooks.py b/ironic/tests/api/test_hooks.py index ea0b089c0d..ba915eec2d 100644 --- a/ironic/tests/api/test_hooks.py +++ b/ironic/tests/api/test_hooks.py @@ -228,6 +228,24 @@ class TestContextHook(base.FunctionalTest): is_admin=True, roles=headers['X-Roles'].split(',')) + @mock.patch.object(context, 'RequestContext') + def test_context_hook_noauth_token_removed(self, mock_ctx): + cfg.CONF.set_override('auth_strategy', 'noauth') + headers = fake_headers(admin=False) + reqstate = FakeRequestState(headers=headers) + context_hook = hooks.ContextHook(None) + context_hook.before(reqstate) + mock_ctx.assert_called_with( + auth_token=None, + user=headers['X-User'], + tenant=headers['X-Tenant'], + domain_id=headers['X-User-Domain-Id'], + domain_name=headers['X-User-Domain-Name'], + is_public_api=False, + show_password=False, + is_admin=False, + roles=headers['X-Roles'].split(',')) + class TestContextHookCompatJuno(TestContextHook): def setUp(self):