Explicitly convert X-Target-Insecure to a boolean

We will now only accept the string values "False" or "True". Previously
any given value was interpreted as a string and thus True.

Closes-Bug: #1666565
Change-Id: Ibd105c881dbe16cd4516bfb775c8f5f43c961b45
This commit is contained in:
Dougal Matthews 2018-08-17 10:48:30 +01:00
parent 632e4bda67
commit b16a4ce465
3 changed files with 65 additions and 1 deletions

View File

@ -132,10 +132,20 @@ def _extract_mistral_auth_params(headers):
service_catalog = None
if headers.get("X-Target-Auth-Uri"):
insecure_header = headers.get('X-Target-Insecure', 'False')
if insecure_header == 'False':
insecure = False
elif insecure_header == 'True':
insecure = True
else:
raise (exc.MistralException(
'X-Target-Insecure must be either "True", "False" or not '
'provided. The default is "False".'))
params = {
# TODO(akovi): Target cert not handled yet
'auth_cacert': None,
'insecure': headers.get('X-Target-Insecure', False),
'insecure': insecure,
'auth_token': headers.get('X-Target-Auth-Token'),
'auth_uri': headers.get('X-Target-Auth-Uri'),
'tenant': headers.get('X-Target-Project-Id'),

View File

@ -0,0 +1,46 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from mistral import context
from mistral import exceptions
from mistral.tests.unit.engine import base
class ContextTestCase(base.EngineTestCase):
def test_target_insecure(self):
# Defaults to False if X-Target-Auth-Uri isn't passed.
headers = context._extract_mistral_auth_params({
'X-Target-Insecure': 'True',
})
self.assertFalse(headers['insecure'])
headers = {
"X-Target-Auth-Uri": "uri",
'X-Target-Auth-Token': 'Token',
}
params = context._extract_mistral_auth_params(headers)
self.assertFalse(params['insecure'])
headers['X-Target-Insecure'] = 'True'
params = context._extract_mistral_auth_params(headers)
self.assertTrue(params['insecure'])
headers['X-Target-Insecure'] = 'False'
params = context._extract_mistral_auth_params(headers)
self.assertFalse(params['insecure'])
headers['X-Target-Insecure'] = 'S3cure'
self.assertRaises(
exceptions.MistralException,
context._extract_mistral_auth_params, headers)

View File

@ -0,0 +1,8 @@
---
fixes:
- |
The header X-Target-Insecure previously accepted any string and used it
for comparisons. This meant unless it was empty (or not provided) it would
always evaluate as True. This change makes the validation stricter, only
accepting "True" and "False" and converting these to boolean values. Any
other value will return an error.