diff --git a/swift3/s3_token_middleware.py b/swift3/s3_token_middleware.py index 4f2c2129..3ec0233d 100644 --- a/swift3/s3_token_middleware.py +++ b/swift3/s3_token_middleware.py @@ -39,6 +39,7 @@ import six from swift.common.swob import Request, Response from swift.common.utils import config_true_value, split_path +from swift.common.wsgi import ConfigFileError from swift3.utils import is_valid_ipv6 @@ -68,8 +69,10 @@ class S3Token(object): "configuration options was deprecated in the Newton release " "in favor of auth_uri. These options may be removed in a " "future release.") - auth_host = conf.get('auth_host', '') - if is_valid_ipv6(auth_host): + auth_host = conf.get('auth_host') + if not auth_host: + raise ConfigFileError('Either auth_uri or auth_host required') + elif is_valid_ipv6(auth_host): # Note(timburke) it is an IPv6 address, so it needs to be # wrapped with '[]' to generate a valid IPv6 URL, based on # http://www.ietf.org/rfc/rfc2732.txt diff --git a/swift3/test/unit/test_s3_token_middleware.py b/swift3/test/unit/test_s3_token_middleware.py index 092fe884..70a49072 100644 --- a/swift3/test/unit/test_s3_token_middleware.py +++ b/swift3/test/unit/test_s3_token_middleware.py @@ -26,7 +26,7 @@ from six.moves import urllib from swift3 import s3_token_middleware as s3_token from swift.common.swob import Request, Response - +from swift.common.wsgi import ConfigFileError GOOD_RESPONSE = {'access': {'token': {'id': 'TOKEN_ID', 'tenant': {'id': 'TENANT_ID'}}}} @@ -189,8 +189,8 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase): @mock.patch.object(requests, 'post') def test_insecure(self, MOCK_REQUEST): - self.middleware = ( - s3_token.filter_factory({'insecure': 'True'})(self.app)) + self.middleware = s3_token.filter_factory( + {'insecure': 'True', 'auth_uri': 'http://example.com'})(self.app) text_return_value = json.dumps(GOOD_RESPONSE) MOCK_REQUEST.return_value = TestResponse({ @@ -212,19 +212,24 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase): # Some non-secure values. true_values = ['true', 'True', '1', 'yes'] for val in true_values: - config = {'insecure': val, 'certfile': 'false_ind'} + config = {'insecure': val, + 'certfile': 'false_ind', + 'auth_uri': 'http://example.com'} middleware = s3_token.filter_factory(config)(self.app) self.assertIs(False, middleware._verify) # Some "secure" values, including unexpected value. false_values = ['false', 'False', '0', 'no', 'someweirdvalue'] for val in false_values: - config = {'insecure': val, 'certfile': 'false_ind'} + config = {'insecure': val, + 'certfile': 'false_ind', + 'auth_uri': 'http://example.com'} middleware = s3_token.filter_factory(config)(self.app) self.assertEqual('false_ind', middleware._verify) # Default is secure. - config = {'certfile': 'false_ind'} + config = {'certfile': 'false_ind', + 'auth_uri': 'http://example.com'} middleware = s3_token.filter_factory(config)(self.app) self.assertIs('false_ind', middleware._verify) @@ -243,6 +248,13 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase): middleware = s3_token.filter_factory(config)(self.app) self.assertEqual(identity_uri, middleware._request_uri) + # ... with no config, we should get config error + del config['auth_host'] + with self.assertRaises(ConfigFileError) as cm: + s3_token.filter_factory(config)(self.app) + self.assertEqual('Either auth_uri or auth_host required', + cm.exception.message) + def test_unicode_path(self): url = u'/v1/AUTH_cfa/c/euro\u20ac'.encode('utf8') req = Request.blank(urllib.parse.quote(url))