Add option to handle SSL termination proxies
ooi needs to return URLs of objects matching the URL scheme used for serving the application even if ooi is behind a SSL termination proxy. A new configuration variable "ooi_secure_proxy_ssl_header" that defines the HTTP header that can be used to update the wsgi.url_scheme environment variable. Typical value for this variable is 'HTTP_X_FORWARDED_PROTO'. Change-Id: I7ce7583f64778f667a7ea310d493390d9e19f1e2 Closes-Bug: #1676844
This commit is contained in:
parent
a8cfcb58e8
commit
d1da7a1dfe
@ -16,6 +16,7 @@ import webob
|
|||||||
import webob.dec
|
import webob.dec
|
||||||
import webob.exc
|
import webob.exc
|
||||||
|
|
||||||
|
from ooi import config
|
||||||
from ooi.tests import base
|
from ooi.tests import base
|
||||||
from ooi import wsgi
|
from ooi import wsgi
|
||||||
|
|
||||||
@ -160,6 +161,12 @@ class TestMiddleware(base.TestCase):
|
|||||||
result = req.get_response(self.app)
|
result = req.get_response(self.app)
|
||||||
self.assertEqual(404, result.status_code)
|
self.assertEqual(404, result.status_code)
|
||||||
|
|
||||||
|
def test_ssl_middleware(self):
|
||||||
|
config.cfg.CONF.set_override('ooi_secure_proxy_ssl_header', 'bar')
|
||||||
|
request = wsgi.Request.blank("/foos", method="GET",
|
||||||
|
environ={'bar': 'baz'})
|
||||||
|
self.assertEqual('baz', request.environ['wsgi.url_scheme'])
|
||||||
|
|
||||||
|
|
||||||
class TestOCCIMiddleware(base.TestCase):
|
class TestOCCIMiddleware(base.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
@ -48,6 +48,12 @@ occi_opts = [
|
|||||||
help='Number of workers for OCCI (ooi) API service. '
|
help='Number of workers for OCCI (ooi) API service. '
|
||||||
'The default will be equal to the number of CPUs '
|
'The default will be equal to the number of CPUs '
|
||||||
'available.'),
|
'available.'),
|
||||||
|
config.cfg.StrOpt('ooi_secure_proxy_ssl_header',
|
||||||
|
default=None,
|
||||||
|
help='The HTTP header used to determine the scheme '
|
||||||
|
'for the original request, even if it was '
|
||||||
|
'removed by an SSL terminating proxy. Typical '
|
||||||
|
'value is "HTTP_X_FORWARDED_PROTO".'),
|
||||||
# NEUTRON
|
# NEUTRON
|
||||||
config.cfg.StrOpt('neutron_ooi_endpoint',
|
config.cfg.StrOpt('neutron_ooi_endpoint',
|
||||||
default=None,
|
default=None,
|
||||||
@ -60,6 +66,13 @@ CONF.register_opts(occi_opts)
|
|||||||
|
|
||||||
|
|
||||||
class Request(webob.Request):
|
class Request(webob.Request):
|
||||||
|
def __init__(self, environ, *args, **kwargs):
|
||||||
|
if CONF.ooi_secure_proxy_ssl_header:
|
||||||
|
scheme = environ.get(CONF.ooi_secure_proxy_ssl_header)
|
||||||
|
if scheme:
|
||||||
|
environ['wsgi.url_scheme'] = scheme
|
||||||
|
super(Request, self).__init__(environ, *args, **kwargs)
|
||||||
|
|
||||||
def should_have_body(self):
|
def should_have_body(self):
|
||||||
return self.method in ("POST", "PUT")
|
return self.method in ("POST", "PUT")
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user