e744501c47
Currently application that doesn't use the global configuration object have to rely on hack to setup the global oslo config object for each middleware it want to use. For example, gnocchi have its own middleware loader and add crap to load keystonemiddleware: https://github.com/openstack/gnocchi/blob/master/gnocchi/rest/app.py#L140 And it can't use oslo.middleware that relies on the global conf object. Also aodh (use 'paste' for middleware) have to hack the global configuration object for each middlewares it want to use by code... https://review.openstack.org/#/c/208632/1/aodh/service.py But middleware are optional deployer stuffs, we should not write any code for them... This change allows application to use paste-deploy (or any middleware loader) without enforcing the application to use the global oslo.config object. If the middleware want to use oslo.config it should load the configuration file himself (and fallback to the global one if any) The proposed paste configuration to allow this is: [filter:cors] paste.filter_factory = oslo.middleware:cors oslo_config_project = aodh So the cors middleware can find and load the aodh config and what is it interested in. Also, some of them use oslo.config local, some other the global object. Some can be loaded by an middleware loader like paste, some other not. This change make consistent the way we bootstrap all middlewares. Closes-bug: #1482086 Change-Id: Iad197d1f3a386683d818b59718df34e14e15ca5c
56 lines
1.9 KiB
Python
56 lines
1.9 KiB
Python
# Copyright (c) 2015 Thales Services SAS
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_config import fixture as config
|
|
from oslotest import base
|
|
import webob
|
|
|
|
from oslo_middleware import ssl
|
|
|
|
|
|
class SSLMiddlewareTest(base.BaseTestCase):
|
|
|
|
def setUp(self):
|
|
super(SSLMiddlewareTest, self).setUp()
|
|
self.useFixture(config.Config())
|
|
|
|
def _test_scheme(self, expected, headers, config=None):
|
|
middleware = ssl.SSLMiddleware(None)
|
|
if config:
|
|
middleware.oslo_conf.set_override(
|
|
'secure_proxy_ssl_header', config,
|
|
group='oslo_middleware')
|
|
request = webob.Request.blank('http://example.com/', headers=headers)
|
|
|
|
# Ensure ssl middleware does not stop pipeline execution
|
|
self.assertIsNone(middleware.process_request(request))
|
|
|
|
self.assertEqual(expected, request.scheme)
|
|
|
|
def test_without_forwarded_protocol(self):
|
|
self._test_scheme('http', {})
|
|
|
|
def test_with_forwarded_protocol(self):
|
|
headers = {'X-Forwarded-Proto': 'https'}
|
|
self._test_scheme('https', headers)
|
|
|
|
def test_with_custom_header(self):
|
|
headers = {'X-Forwarded-Proto': 'https'}
|
|
self._test_scheme('http', headers, config='X-My-Header')
|
|
|
|
def test_with_custom_header_and_forwarded_protocol(self):
|
|
headers = {'X-My-Header': 'https'}
|
|
self._test_scheme('https', headers, config='X-My-Header')
|