File 0001-Fix-the-condition-expression-for-ssl_insecure.patch of Package python-keystoneclient
From 5c9c97f1a5dffe5964e945bf68d009fd68e616fc Mon Sep 17 00:00:00 2001
From: Qin Zhao <chaochin@gmail.com>
Date: Wed, 6 Aug 2014 15:47:58 +0800
Subject: [PATCH] Fix the condition expression for ssl_insecure
In the existing code, self.ssl_insecure is a string. If insecure
option is set in nova api-paste.ini, whatever it is 'true' or
'false', kwargs['verify'] will become False. This commit corrects
the condition expression. This patch is backported from
https://review.openstack.org/#/c/113191/
Change-Id: I91db8e1cb39c017167a4160079846ac7c0663b03
Closes-Bug: 1353315
---
keystoneclient/middleware/auth_token.py | 26 +++++++++++++++++++++-
keystoneclient/tests/test_auth_token_middleware.py | 23 +++++++++++++++++++
2 files changed, 48 insertions(+), 1 deletion(-)
Index: python-keystoneclient-0.4.1/keystoneclient/middleware/auth_token.py
===================================================================
--- python-keystoneclient-0.4.1.orig/keystoneclient/middleware/auth_token.py
+++ python-keystoneclient-0.4.1/keystoneclient/middleware/auth_token.py
@@ -339,6 +339,27 @@ def safe_quote(s):
return urllib.quote(s) if s == urllib.unquote(s) else s
+def _conf_values_type_convert(conf):
+ """Convert conf values into correct type."""
+ if not conf:
+ return {}
+ _opts = {}
+ opt_types = dict((o.dest, o.type) for o in opts)
+ for k, v in six.iteritems(conf):
+ try:
+ if v is None:
+ _opts[k] = v
+ else:
+ _opts[k] = opt_types[k](v)
+ except KeyError:
+ _opts[k] = v
+ except ValueError as e:
+ raise ConfigurationError(
+ 'Unable to convert the value of %s option into correct '
+ 'type: %s' % (k, e))
+ return _opts
+
+
class InvalidUserToken(Exception):
pass
@@ -374,7 +395,10 @@ class AuthProtocol(object):
def __init__(self, app, conf):
self.LOG = logging.getLogger(conf.get('log_name', __name__))
self.LOG.info('Starting keystone auth_token middleware')
- self.conf = conf
+ # NOTE(wanghong): If options are set in paste file, all the option
+ # values passed into conf are string type. So, we should convert the
+ # conf value into correct type.
+ self.conf = _conf_values_type_convert(conf)
self.app = app
# delay_auth_decision means we still allow unauthenticated requests
Index: python-keystoneclient-0.4.1/keystoneclient/tests/test_auth_token_middleware.py
===================================================================
--- python-keystoneclient-0.4.1.orig/keystoneclient/tests/test_auth_token_middleware.py
+++ python-keystoneclient-0.4.1/keystoneclient/tests/test_auth_token_middleware.py
@@ -391,6 +391,29 @@ class NoMemcacheAuthToken(BaseAuthTokenM
self.middleware._init_cache(env)
self.assertNotEqual(self.middleware._cache, 'CACHE_TEST')
+ def test_conf_values_type_convert(self):
+ conf = {
+ 'revocation_cache_time': '24',
+ 'identity_uri': 'https://keystone.example.com:1234',
+ 'include_service_catalog': '0',
+ 'nonexsit_option': '0',
+ }
+
+ middleware = auth_token.AuthProtocol(self.fake_app, conf)
+ self.assertEqual(datetime.timedelta(seconds=24),
+ middleware.token_revocation_list_cache_timeout)
+ self.assertEqual(False, middleware.include_service_catalog)
+ self.assertEqual('https://keystone.example.com:1234',
+ middleware.identity_uri)
+ self.assertEqual('0', middleware.conf['nonexsit_option'])
+
+ def test_conf_values_type_convert_with_wrong_value(self):
+ conf = {
+ 'include_service_catalog': '123',
+ }
+ self.assertRaises(auth_token.ConfigurationError,
+ auth_token.AuthProtocol, self.fake_app, conf)
+
class CommonAuthTokenMiddlewareTest(object):
