From e3a5aefcd162d3ad548a92bdffc6547e177ac3ab Mon Sep 17 00:00:00 2001 From: Cedric Brandily Date: Tue, 29 Sep 2015 08:39:13 +0000 Subject: [PATCH] Use oslo.middleware SSLMiddleware This change replaces Heat homemade SSLMiddleware by oslo.middleware one. SSLMiddleware now should be defined in oslo_middleware section instead of DEFAULT one (which is deprecated). DocImpact Related-Bug: #1444490 Change-Id: Ic8ef2c1c5ccbd64cf4c1a2845e2dd5914b88c2da --- heat/api/middleware/ssl.py | 27 ++++-------- .../api/middleware/test_ssl_middleware.py | 44 ------------------- 2 files changed, 9 insertions(+), 62 deletions(-) delete mode 100644 heat/tests/api/middleware/test_ssl_middleware.py diff --git a/heat/api/middleware/ssl.py b/heat/api/middleware/ssl.py index f7dfe4217b..e7c6bcc240 100644 --- a/heat/api/middleware/ssl.py +++ b/heat/api/middleware/ssl.py @@ -12,35 +12,26 @@ # under the License. from oslo_config import cfg - -from heat.common import wsgi +from oslo_middleware import ssl ssl_middleware_opts = [ cfg.StrOpt('secure_proxy_ssl_header', default='X-Forwarded-Proto', + deprecated_group='DEFAULT', help="The HTTP Header that will be used to determine which " "the original request protocol scheme was, even if it was " "removed by an SSL terminator proxy.") ] -cfg.CONF.register_opts(ssl_middleware_opts) -class SSLMiddleware(wsgi.Middleware): - """Replaces request wsgi.url_scheme env variable with value of HTTP header. +class SSLMiddleware(ssl.SSLMiddleware): - A middleware that replaces the request wsgi.url_scheme environment - variable with the value of HTTP header configured in - secure_proxy_ssl_header if exists in the incoming request. - This is useful if the server is behind a SSL termination proxy. - """ - def __init__(self, application): - super(SSLMiddleware, self).__init__(application) - self.secure_proxy_ssl_header = 'HTTP_{0}'.format( - cfg.CONF.secure_proxy_ssl_header.upper().replace('-', '_')) - - def process_request(self, req): - req.environ['wsgi.url_scheme'] = req.environ.get( - self.secure_proxy_ssl_header, req.environ['wsgi.url_scheme']) + def __init__(self, application, *args, **kwargs): + # NOTE(cbrandily): calling super(ssl.SSLMiddleware, self).__init__ + # allows to define our opt (including a deprecation). + super(ssl.SSLMiddleware, self).__init__(application, *args, **kwargs) + self.oslo_conf.register_opts( + ssl_middleware_opts, group='oslo_middleware') def list_opts(): diff --git a/heat/tests/api/middleware/test_ssl_middleware.py b/heat/tests/api/middleware/test_ssl_middleware.py deleted file mode 100644 index 5700f683b7..0000000000 --- a/heat/tests/api/middleware/test_ssl_middleware.py +++ /dev/null @@ -1,44 +0,0 @@ -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from oslo_config import cfg -import webob - -from heat.api.middleware import ssl -from heat.tests import common - - -class SSLMiddlewareTest(common.HeatTestCase): - scenarios = [('with_forwarded_proto_default_header', - dict(forwarded_protocol='https', - secure_proxy_ssl_header=None, - headers={'X-Forwarded-Proto': 'https'})), - ('with_forwarded_proto_non_default_header', - dict(forwarded_protocol='http', - secure_proxy_ssl_header='X-My-Forwarded-Proto', - headers={})), - ('without_forwarded_proto', - dict(forwarded_protocol='http', - secure_proxy_ssl_header=None, - headers={}))] - - def test_ssl_middleware(self): - if self.secure_proxy_ssl_header: - cfg.CONF.set_override('secure_proxy_ssl_header', - self.secure_proxy_ssl_header) - - middleware = ssl.SSLMiddleware(None) - request = webob.Request.blank('/stacks', headers=self.headers) - self.assertIsNone(middleware.process_request(request)) - self.assertEqual(self.forwarded_protocol, - request.environ['wsgi.url_scheme'])