diff options
author | Cedric Brandily <zzelle@gmail.com> | 2015-04-15 20:44:32 +0200 |
---|---|---|
committer | Cedric Brandily <zzelle@gmail.com> | 2015-06-09 13:49:41 +0200 |
commit | 6b4e821e14af7ed2362b02f2b42e9a8a5bc49672 (patch) | |
tree | 50436c34f727e07f8f1a94efa2518420ba3207f6 /oslo_middleware/tests | |
parent | 027dd345f3ae6c2bd4fcda5d664e5eb71131bcd7 (diff) | |
download | oslo-middleware-6b4e821e14af7ed2362b02f2b42e9a8a5bc49672.tar.gz |
Add middleware to support ssl termination proxies
This change defines SSLMiddleware middleware which enables OpenStack
services behind SSL termination proxies to return urls with original
protocol scheme.
SSLMiddleware is based on heat SSLMiddleware class.
Change-Id: I72f8da160ced6ac80fdac743c00ea3f7ffb1f57c
Closes-Bug: #1444490
Diffstat (limited to 'oslo_middleware/tests')
-rw-r--r-- | oslo_middleware/tests/test_ssl.py | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/oslo_middleware/tests/test_ssl.py b/oslo_middleware/tests/test_ssl.py new file mode 100644 index 0000000..7314260 --- /dev/null +++ b/oslo_middleware/tests/test_ssl.py @@ -0,0 +1,56 @@ +# Copyright (c) 2015 Thales Services SAS +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_config import cfg +from oslo_config import fixture as config +from oslotest import base +import webob + +from oslo_middleware import ssl + + +class SSLMiddlewareTest(base.BaseTestCase): + + def setUp(self): + super(SSLMiddlewareTest, self).setUp() + self.useFixture(config.Config()) + + def _test_scheme(self, expected, headers): + middleware = ssl.SSLMiddleware(None) + request = webob.Request.blank('http://example.com/', headers=headers) + + # Ensure ssl middleware does not stop pipeline execution + self.assertIsNone(middleware.process_request(request)) + + self.assertEqual(expected, request.scheme) + + def test_without_forwarded_protocol(self): + self._test_scheme('http', {}) + + def test_with_forwarded_protocol(self): + headers = {'X-Forwarded-Proto': 'https'} + self._test_scheme('https', headers) + + def test_with_custom_header(self): + cfg.CONF.set_override('secure_proxy_ssl_header', 'X-My-Header', + group='oslo_middleware') + headers = {'X-Forwarded-Proto': 'https'} + self._test_scheme('http', headers) + + def test_with_custom_header_and_forwarded_protocol(self): + cfg.CONF.set_override('secure_proxy_ssl_header', 'X-My-Header', + group='oslo_middleware') + headers = {'X-My-Header': 'https'} + self._test_scheme('https', headers) |