Add option to handle SSL termination proxies
ooi needs to return URLs of objects matching the URL scheme used for serving the application even if ooi is behind a SSL termination proxy. A new configuration variable "ooi_secure_proxy_ssl_header" that defines the HTTP header that can be used to update the wsgi.url_scheme environment variable. Typical value for this variable is 'HTTP_X_FORWARDED_PROTO'. Change-Id: I7ce7583f64778f667a7ea310d493390d9e19f1e2 Closes-Bug: #1676844
This commit is contained in:
parent
a8cfcb58e8
commit
d1da7a1dfe
|
@ -16,6 +16,7 @@ import webob
|
|||
import webob.dec
|
||||
import webob.exc
|
||||
|
||||
from ooi import config
|
||||
from ooi.tests import base
|
||||
from ooi import wsgi
|
||||
|
||||
|
@ -160,6 +161,12 @@ class TestMiddleware(base.TestCase):
|
|||
result = req.get_response(self.app)
|
||||
self.assertEqual(404, result.status_code)
|
||||
|
||||
def test_ssl_middleware(self):
|
||||
config.cfg.CONF.set_override('ooi_secure_proxy_ssl_header', 'bar')
|
||||
request = wsgi.Request.blank("/foos", method="GET",
|
||||
environ={'bar': 'baz'})
|
||||
self.assertEqual('baz', request.environ['wsgi.url_scheme'])
|
||||
|
||||
|
||||
class TestOCCIMiddleware(base.TestCase):
|
||||
def setUp(self):
|
||||
|
|
|
@ -48,6 +48,12 @@ occi_opts = [
|
|||
help='Number of workers for OCCI (ooi) API service. '
|
||||
'The default will be equal to the number of CPUs '
|
||||
'available.'),
|
||||
config.cfg.StrOpt('ooi_secure_proxy_ssl_header',
|
||||
default=None,
|
||||
help='The HTTP header used to determine the scheme '
|
||||
'for the original request, even if it was '
|
||||
'removed by an SSL terminating proxy. Typical '
|
||||
'value is "HTTP_X_FORWARDED_PROTO".'),
|
||||
# NEUTRON
|
||||
config.cfg.StrOpt('neutron_ooi_endpoint',
|
||||
default=None,
|
||||
|
@ -60,6 +66,13 @@ CONF.register_opts(occi_opts)
|
|||
|
||||
|
||||
class Request(webob.Request):
|
||||
def __init__(self, environ, *args, **kwargs):
|
||||
if CONF.ooi_secure_proxy_ssl_header:
|
||||
scheme = environ.get(CONF.ooi_secure_proxy_ssl_header)
|
||||
if scheme:
|
||||
environ['wsgi.url_scheme'] = scheme
|
||||
super(Request, self).__init__(environ, *args, **kwargs)
|
||||
|
||||
def should_have_body(self):
|
||||
return self.method in ("POST", "PUT")
|
||||
|
||||
|
|
Loading…
Reference in New Issue