Merge "Remove deprecated SSLMiddleware"

This commit is contained in:
Zuul 2023-12-19 19:02:07 +00:00 committed by Gerrit Code Review
commit fdd7e462e5
8 changed files with 6 additions and 138 deletions

View File

@ -18,8 +18,7 @@ __all__ = ['BasicAuthMiddleware',
'Healthcheck',
'HTTPProxyToWSGI',
'RequestId',
'RequestBodySizeLimiter',
'SSLMiddleware']
'RequestBodySizeLimiter']
from oslo_middleware.basic_auth import BasicAuthMiddleware
from oslo_middleware.catch_errors import CatchErrors
@ -30,4 +29,3 @@ from oslo_middleware.healthcheck import Healthcheck
from oslo_middleware.http_proxy_to_wsgi import HTTPProxyToWSGI
from oslo_middleware.request_id import RequestId
from oslo_middleware.sizelimit import RequestBodySizeLimiter
from oslo_middleware.ssl import SSLMiddleware

View File

@ -20,12 +20,10 @@ from oslo_middleware import cors
from oslo_middleware.healthcheck import opts as healthcheck_opts
from oslo_middleware import http_proxy_to_wsgi
from oslo_middleware import sizelimit
from oslo_middleware import ssl
__all__ = [
'list_opts',
'list_opts_sizelimit',
'list_opts_ssl',
'list_opts_cors',
'list_opts_http_proxy_to_wsgi',
'list_opts_healthcheck',
@ -55,7 +53,6 @@ def list_opts():
return list(
itertools.chain(
list_opts_sizelimit(),
list_opts_ssl(),
list_opts_cors(),
list_opts_http_proxy_to_wsgi(),
list_opts_healthcheck(),
@ -88,30 +85,6 @@ def list_opts_sizelimit():
]
def list_opts_ssl():
"""Return a list of oslo.config options for the SSL middleware.
The returned list includes all oslo.config options which may be registered
at runtime by the library.
Each element of the list is a tuple. The first element is the name of the
group under which the list of elements in the second element will be
registered. A group name of None corresponds to the [DEFAULT] group in
config files.
This function is also discoverable via the 'oslo.middleware' entry point
under the 'oslo.config.opts' namespace.
The purpose of this is to allow tools like the Oslo sample config file
generator to discover the options exposed to users by this library.
:returns: a list of (group_name, opts) tuples
"""
return [
('oslo_middleware', copy.deepcopy(ssl.OPTS)),
]
def list_opts_cors():
"""Return a list of oslo.config options for the cors middleware.

View File

@ -1,45 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied. See the License for the specific language governing permissions and
# limitations under the License.
from debtcollector import removals
from oslo_config import cfg
from oslo_middleware import base
OPTS = [
cfg.StrOpt('secure_proxy_ssl_header',
default='X-Forwarded-Proto',
deprecated_for_removal=True,
help="The HTTP Header that will be used to determine what "
"the original request protocol scheme was, even if it was "
"hidden by a SSL termination proxy.")
]
class SSLMiddleware(base.ConfigurableMiddleware):
"""SSL termination proxies middleware.
This middleware overloads wsgi.url_scheme with the one provided in
secure_proxy_ssl_header header. This is useful when behind a SSL
termination proxy.
"""
def __init__(self, application, *args, **kwargs):
removals.removed_module(__name__, "oslo_middleware.http_proxy_to_wsgi")
super(SSLMiddleware, self).__init__(application, *args, **kwargs)
self.oslo_conf.register_opts(OPTS, group='oslo_middleware')
def process_request(self, req):
self.header_name = 'HTTP_{0}'.format(
self._conf_get('secure_proxy_ssl_header').upper()
.replace('-', '_'))
req.environ['wsgi.url_scheme'] = req.environ.get(
self.header_name, req.environ['wsgi.url_scheme'])

View File

@ -27,7 +27,6 @@ class TestPasteDeploymentEntryPoints(base.BaseTestCase):
'http_proxy_to_wsgi': 'HTTPProxyToWSGI',
'request_id': 'RequestId',
'sizelimit': 'RequestBodySizeLimiter',
'ssl': 'SSLMiddleware',
}
em = stevedore.ExtensionManager('paste.filter_factory')

View File

@ -26,6 +26,3 @@ class TestOptionDiscovery(BaseTestCase):
def test_cors(self):
opts.list_opts_cors()
def test_ssl(self):
opts.list_opts_ssl()

View File

@ -1,57 +0,0 @@
# Copyright (c) 2015 Thales Services SAS
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import fixture as config
from oslotest import base
import webob
from oslo_middleware import ssl
class SSLMiddlewareTest(base.BaseTestCase):
def setUp(self):
super(SSLMiddlewareTest, self).setUp()
self.useFixture(config.Config())
def _test_scheme(self, expected, headers, secure_proxy_ssl_header=None):
middleware = ssl.SSLMiddleware(None)
if secure_proxy_ssl_header:
middleware.oslo_conf.set_override(
'secure_proxy_ssl_header', secure_proxy_ssl_header,
group='oslo_middleware')
request = webob.Request.blank('http://example.com/', headers=headers)
# Ensure ssl middleware does not stop pipeline execution
self.assertIsNone(middleware.process_request(request))
self.assertEqual(expected, request.scheme)
def test_without_forwarded_protocol(self):
self._test_scheme('http', {})
def test_with_forwarded_protocol(self):
headers = {'X-Forwarded-Proto': 'https'}
self._test_scheme('https', headers)
def test_with_custom_header(self):
headers = {'X-Forwarded-Proto': 'https'}
self._test_scheme('http', headers,
secure_proxy_ssl_header='X-My-Header')
def test_with_custom_header_and_forwarded_protocol(self):
headers = {'X-My-Header': 'https'}
self._test_scheme('https', headers,
secure_proxy_ssl_header='X-My-Header')

View File

@ -0,0 +1,5 @@
---
deprecations:
- |
The SSL middleware has been removed. It was deprecated in favor of
the HTTPProxyToWSGI middleware.

View File

@ -30,7 +30,6 @@ oslo.config.opts =
oslo.middleware = oslo_middleware.opts:list_opts
oslo.middleware.cors = oslo_middleware.opts:list_opts_cors
oslo.middleware.sizelimit = oslo_middleware.opts:list_opts_sizelimit
oslo.middleware.ssl = oslo_middleware.opts:list_opts_ssl
oslo.middleware.http_proxy_to_wsgi = oslo_middleware.opts:list_opts_http_proxy_to_wsgi
oslo.middleware.healthcheck = oslo_middleware.opts:list_opts_healthcheck
oslo.middleware.basic_auth = oslo_middleware.opts:list_opts_basic_auth
@ -52,5 +51,4 @@ paste.filter_factory =
http_proxy_to_wsgi = oslo_middleware:HTTPProxyToWSGI.factory
request_id = oslo_middleware:RequestId.factory
sizelimit = oslo_middleware:RequestBodySizeLimiter.factory
ssl = oslo_middleware:SSLMiddleware.factory