initial version

Change-Id: I699e0ab082657880998d8618fe29eb7f56c6c661

watcher/api/middleware/__init__.py

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from watcher.api.middleware import auth_token
+from watcher.api.middleware import parsable_error
+
+
+ParsableErrorMiddleware = parsable_error.ParsableErrorMiddleware
+AuthTokenMiddleware = auth_token.AuthTokenMiddleware
+
+__all__ = (ParsableErrorMiddleware,
+           AuthTokenMiddleware)

watcher/api/middleware/auth_token.py

@@ -0,0 +1,61 @@
+# -*- encoding: utf-8 -*-
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import re
+
+from keystonemiddleware import auth_token
+
+from watcher.common import exception
+from watcher.common.i18n import _
+from watcher.common import utils
+from watcher.openstack.common import log
+
+LOG = log.getLogger(__name__)
+
+
+class AuthTokenMiddleware(auth_token.AuthProtocol):
+    """A wrapper on Keystone auth_token middleware.
+
+    Does not perform verification of authentication tokens
+    for public routes in the API.
+
+    """
+    def __init__(self, app, conf, public_api_routes=[]):
+        route_pattern_tpl = '%s(\.json|\.xml)?$'
+
+        try:
+            self.public_api_routes = [re.compile(route_pattern_tpl % route_tpl)
+                                      for route_tpl in public_api_routes]
+        except re.error as e:
+            msg = _('Cannot compile public API routes: %s') % e
+
+            LOG.error(msg)
+            raise exception.ConfigInvalid(error_msg=msg)
+
+        super(AuthTokenMiddleware, self).__init__(app, conf)
+
+    def __call__(self, env, start_response):
+        path = utils.safe_rstrip(env.get('PATH_INFO'), '/')
+
+        # The information whether the API call is being performed against the
+        # public API is required for some other components. Saving it to the
+        # WSGI environment is reasonable thereby.
+        env['is_public_api'] = any(map(lambda pattern: re.match(pattern, path),
+                                       self.public_api_routes))
+
+        if env['is_public_api']:
+            return self._app(env, start_response)
+
+        return super(AuthTokenMiddleware, self).__call__(env, start_response)

watcher/api/middleware/parsable_error.py

@@ -0,0 +1,90 @@
+# -*- encoding: utf-8 -*-
+#
+# Copyright © 2012 New Dream Network, LLC (DreamHost)
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""
+Middleware to replace the plain text message body of an error
+response with one formatted so the client can parse it.
+
+Based on pecan.middleware.errordocument
+"""
+
+import json
+from xml import etree as et
+
+import webob
+
+from watcher.common.i18n import _
+from watcher.common.i18n import _LE
+from watcher.openstack.common import log
+
+LOG = log.getLogger(__name__)
+
+
+class ParsableErrorMiddleware(object):
+    """Replace error body with something the client can parse."""
+    def __init__(self, app):
+        self.app = app
+
+    def __call__(self, environ, start_response):
+        # Request for this state, modified by replace_start_response()
+        # and used when an error is being reported.
+        state = {}
+
+        def replacement_start_response(status, headers, exc_info=None):
+            """Overrides the default response to make errors parsable."""
+            try:
+                status_code = int(status.split(' ')[0])
+                state['status_code'] = status_code
+            except (ValueError, TypeError):  # pragma: nocover
+                raise Exception(_(
+                    'ErrorDocumentMiddleware received an invalid '
+                    'status %s') % status)
+            else:
+                if (state['status_code'] // 100) not in (2, 3):
+                    # Remove some headers so we can replace them later
+                    # when we have the full error message and can
+                    # compute the length.
+                    headers = [(h, v)
+                               for (h, v) in headers
+                               if h not in ('Content-Length', 'Content-Type')
+                               ]
+                # Save the headers in case we need to modify them.
+                state['headers'] = headers
+                return start_response(status, headers, exc_info)
+
+        app_iter = self.app(environ, replacement_start_response)
+        if (state['status_code'] // 100) not in (2, 3):
+            req = webob.Request(environ)
+            if (req.accept.best_match(['application/json', 'application/xml'])
+                    == 'application/xml'):
+                try:
+                    # simple check xml is valid
+                    body = [et.ElementTree.tostring(
+                            et.ElementTree.fromstring('<error_message>'
+                                                      + '\n'.join(app_iter)
+                                                      + '</error_message>'))]
+                except et.ElementTree.ParseError as err:
+                    LOG.error(_LE('Error parsing HTTP response: %s'), err)
+                    body = ['<error_message>%s' % state['status_code']
+                            + '</error_message>']
+                state['headers'].append(('Content-Type', 'application/xml'))
+            else:
+                body = [json.dumps({'error_message': '\n'.join(app_iter)})]
+                state['headers'].append(('Content-Type', 'application/json'))
+            state['headers'].append(('Content-Length', len(body[0])))
+        else:
+            body = app_iter
+        return body