Merge "Fix s3_token middleware parsing insecure option" into stable/juno

2015-04-24 17:17:10 +00:00 · 2015-04-24 17:17:10 +00:00 · cbcf64fa74
parent 62208d6a9a 59f720ccc9
commit cbcf64fa74
2 changed files with 25 additions and 2 deletions
--- a/keystonemiddleware/s3_token.py
+++ b/keystonemiddleware/s3_token.py
@ -35,6 +35,7 @@ import logging
 import webob

 from oslo.serialization import jsonutils
+from oslo.utils import strutils
 import requests
 import six
 from six.moves import urllib
@ -116,7 +117,7 @@ class S3Token(object):
                                            auth_port)

        # SSL
-        insecure = conf.get('insecure', False)
+        insecure = strutils.bool_from_string(conf.get('insecure', False))
        cert_file = conf.get('certfile')
        key_file = conf.get('keyfile')

--- a/keystonemiddleware/tests/test_s3_token_middleware.py
+++ b/keystonemiddleware/tests/test_s3_token_middleware.py
@ -124,7 +124,7 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
    @mock.patch.object(requests, 'post')
    def test_insecure(self, MOCK_REQUEST):
        self.middleware = (
-            s3_token.filter_factory({'insecure': True})(FakeApp()))
+            s3_token.filter_factory({'insecure': 'True'})(FakeApp()))

        text_return_value = jsonutils.dumps(GOOD_RESPONSE)
        if six.PY3:
@ -142,6 +142,28 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
        mock_args, mock_kwargs = MOCK_REQUEST.call_args
        self.assertIs(mock_kwargs['verify'], False)

+    def test_insecure_option(self):
+        # insecure is passed as a string.
+
+        # Some non-secure values.
+        true_values = ['true', 'True', '1', 'yes']
+        for val in true_values:
+            config = {'insecure': val, 'certfile': 'false_ind'}
+            middleware = s3_token.filter_factory(config)(FakeApp())
+            self.assertIs(False, middleware._verify)
+
+        # Some "secure" values, including unexpected value.
+        false_values = ['false', 'False', '0', 'no', 'someweirdvalue']
+        for val in false_values:
+            config = {'insecure': val, 'certfile': 'false_ind'}
+            middleware = s3_token.filter_factory(config)(FakeApp())
+            self.assertEqual('false_ind', middleware._verify)
+
+        # Default is secure.
+        config = {'certfile': 'false_ind'}
+        middleware = s3_token.filter_factory(config)(FakeApp())
+        self.assertIs('false_ind', middleware._verify)
+

 class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase):
    def setUp(self):