Browse Source

Fix the condition expression for ssl_insecure

In the existing code, self.ssl_insecure is a string. If insecure
option is set in nova api-paste.ini, whatever it is 'true' or
'false', kwargs['verify'] will become False. This commit corrects
the condition expression. This patch is backported from
https://review.openstack.org/#/c/113191/

Change-Id: I91db8e1cb39c017167a4160079846ac7c0663b03
Closes-Bug: 1353315
changes/32/112232/5
Qin Zhao 7 years ago
parent
commit
5c9c97f1a5
  1. 26
      keystoneclient/middleware/auth_token.py
  2. 23
      keystoneclient/tests/test_auth_token_middleware.py

26
keystoneclient/middleware/auth_token.py

@ -423,6 +423,27 @@ def safe_quote(s):
return urllib.parse.quote(s) if s == urllib.parse.unquote(s) else s
def _conf_values_type_convert(conf):
"""Convert conf values into correct type."""
if not conf:
return {}
_opts = {}
opt_types = dict((o.dest, o.type) for o in opts)
for k, v in six.iteritems(conf):
try:
if v is None:
_opts[k] = v
else:
_opts[k] = opt_types[k](v)
except KeyError:
_opts[k] = v
except ValueError as e:
raise ConfigurationError(
'Unable to convert the value of %s option into correct '
'type: %s' % (k, e))
return _opts
class InvalidUserToken(Exception):
pass
@ -462,7 +483,10 @@ class AuthProtocol(object):
'This middleware module is deprecated as of v0.10.0 in favor of '
'keystonemiddleware.auth_token - please update your WSGI pipeline '
'to reference the new middleware package.')
self.conf = conf
# NOTE(wanghong): If options are set in paste file, all the option
# values passed into conf are string type. So, we should convert the
# conf value into correct type.
self.conf = _conf_values_type_convert(conf)
self.app = app
# delay_auth_decision means we still allow unauthenticated requests

23
keystoneclient/tests/test_auth_token_middleware.py

@ -520,6 +520,29 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
self.assertEqual(middleware.token_revocation_list_cache_timeout,
datetime.timedelta(seconds=24))
def test_conf_values_type_convert(self):
conf = {
'revocation_cache_time': '24',
'identity_uri': 'https://keystone.example.com:1234',
'include_service_catalog': '0',
'nonexsit_option': '0',
}
middleware = auth_token.AuthProtocol(self.fake_app, conf)
self.assertEqual(datetime.timedelta(seconds=24),
middleware.token_revocation_list_cache_timeout)
self.assertEqual(False, middleware.include_service_catalog)
self.assertEqual('https://keystone.example.com:1234',
middleware.identity_uri)
self.assertEqual('0', middleware.conf['nonexsit_option'])
def test_conf_values_type_convert_with_wrong_value(self):
conf = {
'include_service_catalog': '123',
}
self.assertRaises(auth_token.ConfigurationError,
auth_token.AuthProtocol, self.fake_app, conf)
class CommonAuthTokenMiddlewareTest(object):
"""These tests are run once using v2 tokens and again using v3 tokens."""

Loading…
Cancel
Save