Merge "Do not add auth token in context for noauth API mode"

ironic/api/hooks.py

@@ -65,12 +65,16 @@ class ContextHook(hooks.PecanHook):
     def before(self, state):
         headers = state.request.headers
 
+        # Do not pass any token with context for noauth mode
+        auth_token = (None if cfg.CONF.auth_strategy == 'noauth' else
+                      headers.get('X-Auth-Token'))
+
         creds = {
             'user': headers.get('X-User') or headers.get('X-User-Id'),
             'tenant': headers.get('X-Tenant') or headers.get('X-Tenant-Id'),
             'domain_id': headers.get('X-User-Domain-Id'),
             'domain_name': headers.get('X-User-Domain-Name'),
-            'auth_token': headers.get('X-Auth-Token'),
+            'auth_token': auth_token,
             'roles': headers.get('X-Roles', '').split(','),
         }
 

ironic/tests/api/test_hooks.py

@@ -228,6 +228,24 @@ class TestContextHook(base.FunctionalTest):
             is_admin=True,
             roles=headers['X-Roles'].split(','))
 
+    @mock.patch.object(context, 'RequestContext')
+    def test_context_hook_noauth_token_removed(self, mock_ctx):
+        cfg.CONF.set_override('auth_strategy', 'noauth')
+        headers = fake_headers(admin=False)
+        reqstate = FakeRequestState(headers=headers)
+        context_hook = hooks.ContextHook(None)
+        context_hook.before(reqstate)
+        mock_ctx.assert_called_with(
+            auth_token=None,
+            user=headers['X-User'],
+            tenant=headers['X-Tenant'],
+            domain_id=headers['X-User-Domain-Id'],
+            domain_name=headers['X-User-Domain-Name'],
+            is_public_api=False,
+            show_password=False,
+            is_admin=False,
+            roles=headers['X-Roles'].split(','))
+
 
 class TestContextHookCompatJuno(TestContextHook):
     def setUp(self):