From 4255d5b28ffb4f18498bf2b733a3dd6f454d7f3b Mon Sep 17 00:00:00 2001
From: licanwei <li.canwei2@zte.com.cn>
Date: Fri, 14 Feb 2020 16:03:45 +0800
Subject: [PATCH] Add config option enable_webhooks_auth

Partially Implements: blueprint event-driven-optimization-based

Change-Id: I6cdfc18661b279f0d7200f39212ecdb31e500723
---
 watcher/api/config.py            |  9 ++++----
 watcher/conf/api.py              |  5 +++++
 watcher/tests/api/test_config.py | 35 ++++++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+), 4 deletions(-)
 create mode 100644 watcher/tests/api/test_config.py

diff --git a/watcher/api/config.py b/watcher/api/config.py
index 101d17a86..e1aeb8ccb 100644
--- a/watcher/api/config.py
+++ b/watcher/api/config.py
@@ -27,6 +27,10 @@ server = {
 
 # Pecan Application Configurations
 # See https://pecan.readthedocs.org/en/latest/configuration.html#application-configuration # noqa
+acl_public_routes = ['/']
+if not cfg.CONF.api.get("enable_webhooks_auth"):
+    acl_public_routes.append('/v1/webhooks/.*')
+
 app = {
     'root': 'watcher.api.controllers.root.RootController',
     'modules': ['watcher.api'],
@@ -36,10 +40,7 @@ app = {
     ],
     'static_root': '%(confdir)s/public',
     'enable_acl': True,
-    'acl_public_routes': [
-        '/',
-        '/v1/webhooks/.*',
-    ],
+    'acl_public_routes': acl_public_routes,
 }
 
 # WSME Configurations
diff --git a/watcher/conf/api.py b/watcher/conf/api.py
index 0fb48beab..ceffc7fe3 100644
--- a/watcher/conf/api.py
+++ b/watcher/conf/api.py
@@ -55,6 +55,11 @@ API_SERVICE_OPTS = [
                      "the service, this option should be False; note, you "
                      "will want to change public API endpoint to represent "
                      "SSL termination URL with 'public_endpoint' option."),
+
+    cfg.BoolOpt('enable_webhooks_auth',
+                default=True,
+                help='This option enables or disables webhook request '
+                     'authentication via keystone. Default value is True.'),
 ]
 
 
diff --git a/watcher/tests/api/test_config.py b/watcher/tests/api/test_config.py
new file mode 100644
index 000000000..ed62cd37d
--- /dev/null
+++ b/watcher/tests/api/test_config.py
@@ -0,0 +1,35 @@
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import imp
+from oslo_config import cfg
+from watcher.api import config as api_config
+from watcher.tests.api import base
+
+
+class TestRoot(base.FunctionalTest):
+
+    def test_config_enable_webhooks_auth(self):
+        acl_public_routes = ['/']
+        cfg.CONF.set_override('enable_webhooks_auth', True, 'api')
+        imp.reload(api_config)
+        self.assertEqual(acl_public_routes,
+                         api_config.app['acl_public_routes'])
+
+    def test_config_disable_webhooks_auth(self):
+        acl_public_routes = ['/', '/v1/webhooks/.*']
+        cfg.CONF.set_override('enable_webhooks_auth', False, 'api')
+        imp.reload(api_config)
+        self.assertEqual(acl_public_routes,
+                         api_config.app['acl_public_routes'])