diff options
author | Prashanth Pai <ppai@redhat.com> | 2016-08-05 14:25:08 +0530 |
---|---|---|
committer | Thiago da Silva <thiago@redhat.com> | 2016-09-18 18:39:03 -0700 |
commit | 2318a57a1ea632f77d5f78dc11023fb3b7fc2ad0 (patch) | |
tree | c44ea8c7183e4080f1c574f58076a1088c670aa3 /test/unit/common/middleware | |
parent | 83c50ae4ebd4d72988a781ec4183f1c62f6a63a4 (diff) |
s3: Make s3 support configurable
Amazon S3 compatibility:
This change makes S3 support tunable using a config option and is
turned off by default.
This is a manual backport of this upstream swauth change:
https://review.openstack.org/#/c/326336/
Change-Id: I106e3274c6d68f4575c1bf1a9013f066e969cb17
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/15098
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Diffstat (limited to 'test/unit/common/middleware')
-rw-r--r-- | test/unit/common/middleware/gswauth/swauth/test_middleware.py | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py index e8c2001..608dba4 100644 --- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py +++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py @@ -4836,15 +4836,41 @@ class TestAuth(unittest.TestCase): resp.body, 'Token exceeds maximum length.') - def test_crazy_authorization(self): + def test_s3_authorization_default_off(self): + self.assertFalse(self.test_auth.s3_support) req = self._make_request('/v1/AUTH_account', headers={ - 'authorization': 'somebody elses header value'}) + 'authorization': 's3_header'}) resp = req.get_response(self.test_auth) - self.assertEquals(resp.status_int, 401) - self.assertEquals(resp.environ['swift.authorize'], - self.test_auth.denied_response) + self.assertEqual(resp.status_int, 400) # HTTPBadRequest + self.assertTrue(resp.environ.get('swift.authorize') is None) + + def test_s3_turned_off_get_groups(self): + env = \ + {'HTTP_AUTHORIZATION': 's3 header'} + token = 'whatever' + self.test_auth.logger = mock.Mock() + self.assertEqual(self.test_auth.get_groups(env, token), None) + + def test_s3_enabled_when_conditions_are_met(self): + # auth_type_salt needs to be set + for atype in ('Sha1', 'Sha512'): + test_auth = \ + auth.filter_factory({ + 'super_admin_key': 'supertest', + 's3_support': 'on', + 'auth_type_salt': 'blah', + 'auth_type': atype})(FakeApp()) + self.assertTrue(test_auth.s3_support) + # auth_type_salt need not be set for Plaintext + test_auth = \ + auth.filter_factory({ + 'super_admin_key': 'supertest', + 's3_support': 'on', + 'auth_type': 'Plaintext'})(FakeApp()) + self.assertTrue(test_auth.s3_support) def test_s3_creds_unicode(self): + self.test_auth.s3_support = True self.test_auth.app = FakeApp(iter([ ('200 Ok', {}, json.dumps({"auth": unicode("plaintext:key)"), @@ -4857,8 +4883,10 @@ class TestAuth(unittest.TestCase): token = 'UFVUCgoKRnJpLCAyNiBGZWIgMjAxNiAwNjo0NT'\ 'ozNCArMDAwMAovY29udGFpbmVyMw==' self.assertEqual(self.test_auth.get_groups(env, token), None) + self.test_auth.s3_support = False def test_s3_only_hash_passed_to_hmac(self): + self.test_auth.s3_support = True key = 'dadada' salt = 'zuck' key_hash = hashlib.sha1('%s%s' % (salt, key)).hexdigest() @@ -4880,6 +4908,7 @@ class TestAuth(unittest.TestCase): self.assertTrue(mock_hmac_new.called) # Assert that string passed to hmac.new is only the hash self.assertEqual(mock_hmac_new.call_args[0][0], key_hash) + self.test_auth.s3_support = False |