Merge "Remove deprecated secure_proxy_ssl_header config"
This commit is contained in:
commit
2afaa36348
keystone
releasenotes/notes
@ -16,11 +16,6 @@ from oslo_log import versionutils
|
||||
from keystone.conf import utils
|
||||
|
||||
|
||||
_DEPRECATE_PROXY_SSL = utils.fmt("""
|
||||
This option has been deprecated in the N release and will be removed in the P
|
||||
release. Use oslo.middleware.http_proxy_to_wsgi configuration instead.
|
||||
""")
|
||||
|
||||
admin_token = cfg.StrOpt(
|
||||
'admin_token',
|
||||
secret=True,
|
||||
@ -112,17 +107,6 @@ with an HTTP 403 Forbidden error. If set to false, passwords are automatically
|
||||
truncated to the maximum length.
|
||||
"""))
|
||||
|
||||
secure_proxy_ssl_header = cfg.StrOpt(
|
||||
'secure_proxy_ssl_header',
|
||||
default='HTTP_X_FORWARDED_PROTO',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason=_DEPRECATE_PROXY_SSL,
|
||||
deprecated_since=versionutils.deprecated.NEWTON,
|
||||
help=utils.fmt("""
|
||||
The HTTP header used to determine the scheme for the original request, even if
|
||||
it was removed by an SSL terminating proxy.
|
||||
"""))
|
||||
|
||||
insecure_debug = cfg.BoolOpt(
|
||||
'insecure_debug',
|
||||
default=False,
|
||||
@ -182,7 +166,6 @@ ALL_OPTS = [
|
||||
max_token_size,
|
||||
list_limit,
|
||||
strict_password_check,
|
||||
secure_proxy_ssl_header,
|
||||
insecure_debug,
|
||||
default_publisher_id,
|
||||
notification_format,
|
||||
|
@ -926,50 +926,3 @@ class VersionSingleAppTestCase(unit.TestCase):
|
||||
|
||||
def test_admin(self):
|
||||
self._test_version('admin')
|
||||
|
||||
|
||||
class VersionBehindSslTestCase(unit.TestCase):
|
||||
def setUp(self):
|
||||
super(VersionBehindSslTestCase, self).setUp()
|
||||
self.load_backends()
|
||||
self.public_app = self.loadapp('public')
|
||||
|
||||
def config_overrides(self):
|
||||
super(VersionBehindSslTestCase, self).config_overrides()
|
||||
self.config_fixture.config(
|
||||
secure_proxy_ssl_header='HTTP_X_FORWARDED_PROTO')
|
||||
|
||||
def _paste_in_port(self, response, port):
|
||||
for link in response['links']:
|
||||
if link['rel'] == 'self':
|
||||
link['href'] = port
|
||||
|
||||
def _get_expected(self, host):
|
||||
expected = VERSIONS_RESPONSE
|
||||
for version in expected['versions']['values']:
|
||||
if version['id'].startswith('v3'):
|
||||
self._paste_in_port(version, host + 'v3/')
|
||||
return expected
|
||||
|
||||
def test_versions_without_headers(self):
|
||||
client = TestClient(self.public_app)
|
||||
host_name = 'host-%d' % random.randint(10, 30)
|
||||
host_port = random.randint(10000, 30000)
|
||||
host = 'http://%s:%s/' % (host_name, host_port)
|
||||
resp = client.get(host)
|
||||
self.assertEqual(300, resp.status_int)
|
||||
data = jsonutils.loads(resp.body)
|
||||
expected = self._get_expected(host)
|
||||
self.assertThat(data, _VersionsEqual(expected))
|
||||
|
||||
def test_versions_with_header(self):
|
||||
client = TestClient(self.public_app)
|
||||
host_name = 'host-%d' % random.randint(10, 30)
|
||||
host_port = random.randint(10000, 30000)
|
||||
resp = client.get('http://%s:%s/' % (host_name, host_port),
|
||||
headers={'X-Forwarded-Proto': 'https'})
|
||||
self.assertEqual(300, resp.status_int)
|
||||
data = jsonutils.loads(resp.body)
|
||||
expected = self._get_expected('https://%s:%s/' % (host_name,
|
||||
host_port))
|
||||
self.assertThat(data, _VersionsEqual(expected))
|
||||
|
@ -11,6 +11,12 @@ other:
|
||||
[`blueprint removed-as-of-stein <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-stein>`_]
|
||||
The deprecated config option `bind` is removed now.
|
||||
- >
|
||||
[`blueprint removed-as-of-stein <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-stein>`_]
|
||||
The deprecated option `crypt_strength` is removed now. It was only useful
|
||||
for `sha512_crypt` password hashes which has been superseded by more secure
|
||||
hashing implementations.
|
||||
- >
|
||||
[`blueprint removed-as-of-stein <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-stein>`_]
|
||||
The ``keystone.conf [DEFAULT] secure_proxy_ssl_header`` configuration
|
||||
option was slated for removal in Pike and has now officially been removed.
|
||||
Please use ``oslo.middleware.http_proxy_to_wsgi`` instead.
|
||||
|
Loading…
Reference in New Issue
Block a user