x/swift3
Code Issues Proposed changes

Raise error if neither auth_uri nor auth_host configured

Browse Source 
This is follow up for https://review.openstack.org/#/c/319404/

Change-Id: Ief4c0962c56c1b3589d7c946a9683e3a2f26bd84
This commit is contained in:
Kota Tsuyuzaki 2016-08-31 03:18:10 -07:00
parent 96478cd62c
commit 0987e11d4b
2 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
swift3/s3_token_middleware.py
View File

@ -39,6 +39,7 @@ import six
from swift.common.swob import Request, Response from swift.common.swob import Request, Response
from swift.common.utils import config_true_value, split_path from swift.common.utils import config_true_value, split_path
from swift.common.wsgi import ConfigFileError
from swift3.utils import is_valid_ipv6 from swift3.utils import is_valid_ipv6
@ -68,8 +69,10 @@ class S3Token(object):
"configuration options was deprecated in the Newton release " "configuration options was deprecated in the Newton release "
"in favor of auth_uri. These options may be removed in a " "in favor of auth_uri. These options may be removed in a "
"future release.") "future release.")
auth_host = conf.get('auth_host', '') auth_host = conf.get('auth_host')
if is_valid_ipv6(auth_host): if not auth_host:
raise ConfigFileError('Either auth_uri or auth_host required')
elif is_valid_ipv6(auth_host):
# Note(timburke) it is an IPv6 address, so it needs to be # Note(timburke) it is an IPv6 address, so it needs to be
# wrapped with '[]' to generate a valid IPv6 URL, based on # wrapped with '[]' to generate a valid IPv6 URL, based on
# http://www.ietf.org/rfc/rfc2732.txt # http://www.ietf.org/rfc/rfc2732.txt

24
swift3/test/unit/test_s3_token_middleware.py
View File

@ -26,7 +26,7 @@ from six.moves import urllib
from swift3 import s3_token_middleware as s3_token from swift3 import s3_token_middleware as s3_token
from swift.common.swob import Request, Response from swift.common.swob import Request, Response
from swift.common.wsgi import ConfigFileError
GOOD_RESPONSE = {'access': {'token': {'id': 'TOKEN_ID', GOOD_RESPONSE = {'access': {'token': {'id': 'TOKEN_ID',
'tenant': {'id': 'TENANT_ID'}}}} 'tenant': {'id': 'TENANT_ID'}}}}
@ -189,8 +189,8 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
@mock.patch.object(requests, 'post') @mock.patch.object(requests, 'post')
def test_insecure(self, MOCK_REQUEST): def test_insecure(self, MOCK_REQUEST):
self.middleware = ( self.middleware = s3_token.filter_factory(
s3_token.filter_factory({'insecure': 'True'})(self.app)) {'insecure': 'True', 'auth_uri': 'http://example.com'})(self.app)
text_return_value = json.dumps(GOOD_RESPONSE) text_return_value = json.dumps(GOOD_RESPONSE)
MOCK_REQUEST.return_value = TestResponse({ MOCK_REQUEST.return_value = TestResponse({
@ -212,19 +212,24 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
# Some non-secure values. # Some non-secure values.
true_values = ['true', 'True', '1', 'yes'] true_values = ['true', 'True', '1', 'yes']
for val in true_values: for val in true_values:
config = {'insecure': val, 'certfile': 'false_ind'} config = {'insecure': val,
'certfile': 'false_ind',
'auth_uri': 'http://example.com'}
middleware = s3_token.filter_factory(config)(self.app) middleware = s3_token.filter_factory(config)(self.app)
self.assertIs(False, middleware._verify) self.assertIs(False, middleware._verify)
# Some "secure" values, including unexpected value. # Some "secure" values, including unexpected value.
false_values = ['false', 'False', '0', 'no', 'someweirdvalue'] false_values = ['false', 'False', '0', 'no', 'someweirdvalue']
for val in false_values: for val in false_values:
config = {'insecure': val, 'certfile': 'false_ind'} config = {'insecure': val,
'certfile': 'false_ind',
'auth_uri': 'http://example.com'}
middleware = s3_token.filter_factory(config)(self.app) middleware = s3_token.filter_factory(config)(self.app)
self.assertEqual('false_ind', middleware._verify) self.assertEqual('false_ind', middleware._verify)
# Default is secure. # Default is secure.
config = {'certfile': 'false_ind'} config = {'certfile': 'false_ind',
'auth_uri': 'http://example.com'}
middleware = s3_token.filter_factory(config)(self.app) middleware = s3_token.filter_factory(config)(self.app)
self.assertIs('false_ind', middleware._verify) self.assertIs('false_ind', middleware._verify)
@ -243,6 +248,13 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
middleware = s3_token.filter_factory(config)(self.app) middleware = s3_token.filter_factory(config)(self.app)
self.assertEqual(identity_uri, middleware._request_uri) self.assertEqual(identity_uri, middleware._request_uri)
# ... with no config, we should get config error
del config['auth_host']
with self.assertRaises(ConfigFileError) as cm:
s3_token.filter_factory(config)(self.app)
self.assertEqual('Either auth_uri or auth_host required',
cm.exception.message)
def test_unicode_path(self): def test_unicode_path(self):
url = u'/v1/AUTH_cfa/c/euro\u20ac'.encode('utf8') url = u'/v1/AUTH_cfa/c/euro\u20ac'.encode('utf8')
req = Request.blank(urllib.parse.quote(url)) req = Request.blank(urllib.parse.quote(url))