Merge "Remove deprecated secure_proxy_ssl_header config"

This commit is contained in:
Zuul 2018-12-06 23:44:24 +00:00 committed by Gerrit Code Review
commit 2afaa36348
3 changed files with 6 additions and 64 deletions

View File

@ -16,11 +16,6 @@ from oslo_log import versionutils
from keystone.conf import utils
_DEPRECATE_PROXY_SSL = utils.fmt("""
This option has been deprecated in the N release and will be removed in the P
release. Use oslo.middleware.http_proxy_to_wsgi configuration instead.
""")
admin_token = cfg.StrOpt(
'admin_token',
secret=True,
@ -112,17 +107,6 @@ with an HTTP 403 Forbidden error. If set to false, passwords are automatically
truncated to the maximum length.
"""))
secure_proxy_ssl_header = cfg.StrOpt(
'secure_proxy_ssl_header',
default='HTTP_X_FORWARDED_PROTO',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_PROXY_SSL,
deprecated_since=versionutils.deprecated.NEWTON,
help=utils.fmt("""
The HTTP header used to determine the scheme for the original request, even if
it was removed by an SSL terminating proxy.
"""))
insecure_debug = cfg.BoolOpt(
'insecure_debug',
default=False,
@ -182,7 +166,6 @@ ALL_OPTS = [
max_token_size,
list_limit,
strict_password_check,
secure_proxy_ssl_header,
insecure_debug,
default_publisher_id,
notification_format,

View File

@ -926,50 +926,3 @@ class VersionSingleAppTestCase(unit.TestCase):
def test_admin(self):
self._test_version('admin')
class VersionBehindSslTestCase(unit.TestCase):
def setUp(self):
super(VersionBehindSslTestCase, self).setUp()
self.load_backends()
self.public_app = self.loadapp('public')
def config_overrides(self):
super(VersionBehindSslTestCase, self).config_overrides()
self.config_fixture.config(
secure_proxy_ssl_header='HTTP_X_FORWARDED_PROTO')
def _paste_in_port(self, response, port):
for link in response['links']:
if link['rel'] == 'self':
link['href'] = port
def _get_expected(self, host):
expected = VERSIONS_RESPONSE
for version in expected['versions']['values']:
if version['id'].startswith('v3'):
self._paste_in_port(version, host + 'v3/')
return expected
def test_versions_without_headers(self):
client = TestClient(self.public_app)
host_name = 'host-%d' % random.randint(10, 30)
host_port = random.randint(10000, 30000)
host = 'http://%s:%s/' % (host_name, host_port)
resp = client.get(host)
self.assertEqual(300, resp.status_int)
data = jsonutils.loads(resp.body)
expected = self._get_expected(host)
self.assertThat(data, _VersionsEqual(expected))
def test_versions_with_header(self):
client = TestClient(self.public_app)
host_name = 'host-%d' % random.randint(10, 30)
host_port = random.randint(10000, 30000)
resp = client.get('http://%s:%s/' % (host_name, host_port),
headers={'X-Forwarded-Proto': 'https'})
self.assertEqual(300, resp.status_int)
data = jsonutils.loads(resp.body)
expected = self._get_expected('https://%s:%s/' % (host_name,
host_port))
self.assertThat(data, _VersionsEqual(expected))

View File

@ -11,6 +11,12 @@ other:
[`blueprint removed-as-of-stein <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-stein>`_]
The deprecated config option `bind` is removed now.
- >
[`blueprint removed-as-of-stein <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-stein>`_]
The deprecated option `crypt_strength` is removed now. It was only useful
for `sha512_crypt` password hashes which has been superseded by more secure
hashing implementations.
- >
[`blueprint removed-as-of-stein <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-stein>`_]
The ``keystone.conf [DEFAULT] secure_proxy_ssl_header`` configuration
option was slated for removal in Pike and has now officially been removed.
Please use ``oslo.middleware.http_proxy_to_wsgi`` instead.