diff options
author | Qin Zhao <chaochin@gmail.com> | 2014-08-06 15:47:58 +0800 |
---|---|---|
committer | Qin Zhao <chaochin@gmail.com> | 2014-09-17 18:16:06 +0800 |
commit | 5c9c97f1a5dffe5964e945bf68d009fd68e616fc (patch) | |
tree | dac2dbe6a675ff3c318e7ea76d0c201d58ef3a3d | |
parent | a505ffbf17a2aee120ac5a0e3a3fcdcf8930b3fe (diff) | |
download | python-keystoneclient-5c9c97f1a5dffe5964e945bf68d009fd68e616fc.tar.gz |
Fix the condition expression for ssl_insecure
In the existing code, self.ssl_insecure is a string. If insecure
option is set in nova api-paste.ini, whatever it is 'true' or
'false', kwargs['verify'] will become False. This commit corrects
the condition expression. This patch is backported from
https://review.openstack.org/#/c/113191/
Change-Id: I91db8e1cb39c017167a4160079846ac7c0663b03
Closes-Bug: 1353315
-rw-r--r-- | keystoneclient/middleware/auth_token.py | 26 | ||||
-rw-r--r-- | keystoneclient/tests/test_auth_token_middleware.py | 23 |
2 files changed, 48 insertions, 1 deletions
diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index d2eb29b..b0316dd 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -423,6 +423,27 @@ def safe_quote(s): return urllib.parse.quote(s) if s == urllib.parse.unquote(s) else s +def _conf_values_type_convert(conf): + """Convert conf values into correct type.""" + if not conf: + return {} + _opts = {} + opt_types = dict((o.dest, o.type) for o in opts) + for k, v in six.iteritems(conf): + try: + if v is None: + _opts[k] = v + else: + _opts[k] = opt_types[k](v) + except KeyError: + _opts[k] = v + except ValueError as e: + raise ConfigurationError( + 'Unable to convert the value of %s option into correct ' + 'type: %s' % (k, e)) + return _opts + + class InvalidUserToken(Exception): pass @@ -462,7 +483,10 @@ class AuthProtocol(object): 'This middleware module is deprecated as of v0.10.0 in favor of ' 'keystonemiddleware.auth_token - please update your WSGI pipeline ' 'to reference the new middleware package.') - self.conf = conf + # NOTE(wanghong): If options are set in paste file, all the option + # values passed into conf are string type. So, we should convert the + # conf value into correct type. + self.conf = _conf_values_type_convert(conf) self.app = app # delay_auth_decision means we still allow unauthenticated requests diff --git a/keystoneclient/tests/test_auth_token_middleware.py b/keystoneclient/tests/test_auth_token_middleware.py index 5e1a71f..d794ae3 100644 --- a/keystoneclient/tests/test_auth_token_middleware.py +++ b/keystoneclient/tests/test_auth_token_middleware.py @@ -520,6 +520,29 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest, self.assertEqual(middleware.token_revocation_list_cache_timeout, datetime.timedelta(seconds=24)) + def test_conf_values_type_convert(self): + conf = { + 'revocation_cache_time': '24', + 'identity_uri': 'https://keystone.example.com:1234', + 'include_service_catalog': '0', + 'nonexsit_option': '0', + } + + middleware = auth_token.AuthProtocol(self.fake_app, conf) + self.assertEqual(datetime.timedelta(seconds=24), + middleware.token_revocation_list_cache_timeout) + self.assertEqual(False, middleware.include_service_catalog) + self.assertEqual('https://keystone.example.com:1234', + middleware.identity_uri) + self.assertEqual('0', middleware.conf['nonexsit_option']) + + def test_conf_values_type_convert_with_wrong_value(self): + conf = { + 'include_service_catalog': '123', + } + self.assertRaises(auth_token.ConfigurationError, + auth_token.AuthProtocol, self.fake_app, conf) + class CommonAuthTokenMiddlewareTest(object): """These tests are run once using v2 tokens and again using v3 tokens.""" |