Merge "Remove deprecated SSLMiddleware"
This commit is contained in:
commit
fdd7e462e5
@ -18,8 +18,7 @@ __all__ = ['BasicAuthMiddleware',
|
||||
'Healthcheck',
|
||||
'HTTPProxyToWSGI',
|
||||
'RequestId',
|
||||
'RequestBodySizeLimiter',
|
||||
'SSLMiddleware']
|
||||
'RequestBodySizeLimiter']
|
||||
|
||||
from oslo_middleware.basic_auth import BasicAuthMiddleware
|
||||
from oslo_middleware.catch_errors import CatchErrors
|
||||
@ -30,4 +29,3 @@ from oslo_middleware.healthcheck import Healthcheck
|
||||
from oslo_middleware.http_proxy_to_wsgi import HTTPProxyToWSGI
|
||||
from oslo_middleware.request_id import RequestId
|
||||
from oslo_middleware.sizelimit import RequestBodySizeLimiter
|
||||
from oslo_middleware.ssl import SSLMiddleware
|
||||
|
@ -20,12 +20,10 @@ from oslo_middleware import cors
|
||||
from oslo_middleware.healthcheck import opts as healthcheck_opts
|
||||
from oslo_middleware import http_proxy_to_wsgi
|
||||
from oslo_middleware import sizelimit
|
||||
from oslo_middleware import ssl
|
||||
|
||||
__all__ = [
|
||||
'list_opts',
|
||||
'list_opts_sizelimit',
|
||||
'list_opts_ssl',
|
||||
'list_opts_cors',
|
||||
'list_opts_http_proxy_to_wsgi',
|
||||
'list_opts_healthcheck',
|
||||
@ -55,7 +53,6 @@ def list_opts():
|
||||
return list(
|
||||
itertools.chain(
|
||||
list_opts_sizelimit(),
|
||||
list_opts_ssl(),
|
||||
list_opts_cors(),
|
||||
list_opts_http_proxy_to_wsgi(),
|
||||
list_opts_healthcheck(),
|
||||
@ -88,30 +85,6 @@ def list_opts_sizelimit():
|
||||
]
|
||||
|
||||
|
||||
def list_opts_ssl():
|
||||
"""Return a list of oslo.config options for the SSL middleware.
|
||||
|
||||
The returned list includes all oslo.config options which may be registered
|
||||
at runtime by the library.
|
||||
|
||||
Each element of the list is a tuple. The first element is the name of the
|
||||
group under which the list of elements in the second element will be
|
||||
registered. A group name of None corresponds to the [DEFAULT] group in
|
||||
config files.
|
||||
|
||||
This function is also discoverable via the 'oslo.middleware' entry point
|
||||
under the 'oslo.config.opts' namespace.
|
||||
|
||||
The purpose of this is to allow tools like the Oslo sample config file
|
||||
generator to discover the options exposed to users by this library.
|
||||
|
||||
:returns: a list of (group_name, opts) tuples
|
||||
"""
|
||||
return [
|
||||
('oslo_middleware', copy.deepcopy(ssl.OPTS)),
|
||||
]
|
||||
|
||||
|
||||
def list_opts_cors():
|
||||
"""Return a list of oslo.config options for the cors middleware.
|
||||
|
||||
|
@ -1,45 +0,0 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied. See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
from debtcollector import removals
|
||||
from oslo_config import cfg
|
||||
from oslo_middleware import base
|
||||
|
||||
|
||||
OPTS = [
|
||||
cfg.StrOpt('secure_proxy_ssl_header',
|
||||
default='X-Forwarded-Proto',
|
||||
deprecated_for_removal=True,
|
||||
help="The HTTP Header that will be used to determine what "
|
||||
"the original request protocol scheme was, even if it was "
|
||||
"hidden by a SSL termination proxy.")
|
||||
]
|
||||
|
||||
|
||||
class SSLMiddleware(base.ConfigurableMiddleware):
|
||||
"""SSL termination proxies middleware.
|
||||
|
||||
This middleware overloads wsgi.url_scheme with the one provided in
|
||||
secure_proxy_ssl_header header. This is useful when behind a SSL
|
||||
termination proxy.
|
||||
"""
|
||||
|
||||
def __init__(self, application, *args, **kwargs):
|
||||
removals.removed_module(__name__, "oslo_middleware.http_proxy_to_wsgi")
|
||||
super(SSLMiddleware, self).__init__(application, *args, **kwargs)
|
||||
self.oslo_conf.register_opts(OPTS, group='oslo_middleware')
|
||||
|
||||
def process_request(self, req):
|
||||
self.header_name = 'HTTP_{0}'.format(
|
||||
self._conf_get('secure_proxy_ssl_header').upper()
|
||||
.replace('-', '_'))
|
||||
req.environ['wsgi.url_scheme'] = req.environ.get(
|
||||
self.header_name, req.environ['wsgi.url_scheme'])
|
@ -27,7 +27,6 @@ class TestPasteDeploymentEntryPoints(base.BaseTestCase):
|
||||
'http_proxy_to_wsgi': 'HTTPProxyToWSGI',
|
||||
'request_id': 'RequestId',
|
||||
'sizelimit': 'RequestBodySizeLimiter',
|
||||
'ssl': 'SSLMiddleware',
|
||||
}
|
||||
|
||||
em = stevedore.ExtensionManager('paste.filter_factory')
|
||||
|
@ -26,6 +26,3 @@ class TestOptionDiscovery(BaseTestCase):
|
||||
|
||||
def test_cors(self):
|
||||
opts.list_opts_cors()
|
||||
|
||||
def test_ssl(self):
|
||||
opts.list_opts_ssl()
|
||||
|
@ -1,57 +0,0 @@
|
||||
# Copyright (c) 2015 Thales Services SAS
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import fixture as config
|
||||
from oslotest import base
|
||||
import webob
|
||||
|
||||
from oslo_middleware import ssl
|
||||
|
||||
|
||||
class SSLMiddlewareTest(base.BaseTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(SSLMiddlewareTest, self).setUp()
|
||||
self.useFixture(config.Config())
|
||||
|
||||
def _test_scheme(self, expected, headers, secure_proxy_ssl_header=None):
|
||||
middleware = ssl.SSLMiddleware(None)
|
||||
if secure_proxy_ssl_header:
|
||||
middleware.oslo_conf.set_override(
|
||||
'secure_proxy_ssl_header', secure_proxy_ssl_header,
|
||||
group='oslo_middleware')
|
||||
request = webob.Request.blank('http://example.com/', headers=headers)
|
||||
|
||||
# Ensure ssl middleware does not stop pipeline execution
|
||||
self.assertIsNone(middleware.process_request(request))
|
||||
|
||||
self.assertEqual(expected, request.scheme)
|
||||
|
||||
def test_without_forwarded_protocol(self):
|
||||
self._test_scheme('http', {})
|
||||
|
||||
def test_with_forwarded_protocol(self):
|
||||
headers = {'X-Forwarded-Proto': 'https'}
|
||||
self._test_scheme('https', headers)
|
||||
|
||||
def test_with_custom_header(self):
|
||||
headers = {'X-Forwarded-Proto': 'https'}
|
||||
self._test_scheme('http', headers,
|
||||
secure_proxy_ssl_header='X-My-Header')
|
||||
|
||||
def test_with_custom_header_and_forwarded_protocol(self):
|
||||
headers = {'X-My-Header': 'https'}
|
||||
self._test_scheme('https', headers,
|
||||
secure_proxy_ssl_header='X-My-Header')
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
deprecations:
|
||||
- |
|
||||
The SSL middleware has been removed. It was deprecated in favor of
|
||||
the HTTPProxyToWSGI middleware.
|
@ -30,7 +30,6 @@ oslo.config.opts =
|
||||
oslo.middleware = oslo_middleware.opts:list_opts
|
||||
oslo.middleware.cors = oslo_middleware.opts:list_opts_cors
|
||||
oslo.middleware.sizelimit = oslo_middleware.opts:list_opts_sizelimit
|
||||
oslo.middleware.ssl = oslo_middleware.opts:list_opts_ssl
|
||||
oslo.middleware.http_proxy_to_wsgi = oslo_middleware.opts:list_opts_http_proxy_to_wsgi
|
||||
oslo.middleware.healthcheck = oslo_middleware.opts:list_opts_healthcheck
|
||||
oslo.middleware.basic_auth = oslo_middleware.opts:list_opts_basic_auth
|
||||
@ -52,5 +51,4 @@ paste.filter_factory =
|
||||
http_proxy_to_wsgi = oslo_middleware:HTTPProxyToWSGI.factory
|
||||
request_id = oslo_middleware:RequestId.factory
|
||||
sizelimit = oslo_middleware:RequestBodySizeLimiter.factory
|
||||
ssl = oslo_middleware:SSLMiddleware.factory
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user