summaryrefslogtreecommitdiffstats
path: root/test/unit/common/middleware
diff options
context:
space:
mode:
authorPrashanth Pai <ppai@redhat.com>2016-08-05 14:25:08 +0530
committerThiago da Silva <thiago@redhat.com>2016-09-18 18:39:03 -0700
commit2318a57a1ea632f77d5f78dc11023fb3b7fc2ad0 (patch)
treec44ea8c7183e4080f1c574f58076a1088c670aa3 /test/unit/common/middleware
parent83c50ae4ebd4d72988a781ec4183f1c62f6a63a4 (diff)
s3: Make s3 support configurable
Amazon S3 compatibility: This change makes S3 support tunable using a config option and is turned off by default. This is a manual backport of this upstream swauth change: https://review.openstack.org/#/c/326336/ Change-Id: I106e3274c6d68f4575c1bf1a9013f066e969cb17 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15098 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
Diffstat (limited to 'test/unit/common/middleware')
-rw-r--r--test/unit/common/middleware/gswauth/swauth/test_middleware.py39
1 files changed, 34 insertions, 5 deletions
diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
index e8c2001..608dba4 100644
--- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py
+++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
@@ -4836,15 +4836,41 @@ class TestAuth(unittest.TestCase):
resp.body,
'Token exceeds maximum length.')
- def test_crazy_authorization(self):
+ def test_s3_authorization_default_off(self):
+ self.assertFalse(self.test_auth.s3_support)
req = self._make_request('/v1/AUTH_account', headers={
- 'authorization': 'somebody elses header value'})
+ 'authorization': 's3_header'})
resp = req.get_response(self.test_auth)
- self.assertEquals(resp.status_int, 401)
- self.assertEquals(resp.environ['swift.authorize'],
- self.test_auth.denied_response)
+ self.assertEqual(resp.status_int, 400) # HTTPBadRequest
+ self.assertTrue(resp.environ.get('swift.authorize') is None)
+
+ def test_s3_turned_off_get_groups(self):
+ env = \
+ {'HTTP_AUTHORIZATION': 's3 header'}
+ token = 'whatever'
+ self.test_auth.logger = mock.Mock()
+ self.assertEqual(self.test_auth.get_groups(env, token), None)
+
+ def test_s3_enabled_when_conditions_are_met(self):
+ # auth_type_salt needs to be set
+ for atype in ('Sha1', 'Sha512'):
+ test_auth = \
+ auth.filter_factory({
+ 'super_admin_key': 'supertest',
+ 's3_support': 'on',
+ 'auth_type_salt': 'blah',
+ 'auth_type': atype})(FakeApp())
+ self.assertTrue(test_auth.s3_support)
+ # auth_type_salt need not be set for Plaintext
+ test_auth = \
+ auth.filter_factory({
+ 'super_admin_key': 'supertest',
+ 's3_support': 'on',
+ 'auth_type': 'Plaintext'})(FakeApp())
+ self.assertTrue(test_auth.s3_support)
def test_s3_creds_unicode(self):
+ self.test_auth.s3_support = True
self.test_auth.app = FakeApp(iter([
('200 Ok', {},
json.dumps({"auth": unicode("plaintext:key)"),
@@ -4857,8 +4883,10 @@ class TestAuth(unittest.TestCase):
token = 'UFVUCgoKRnJpLCAyNiBGZWIgMjAxNiAwNjo0NT'\
'ozNCArMDAwMAovY29udGFpbmVyMw=='
self.assertEqual(self.test_auth.get_groups(env, token), None)
+ self.test_auth.s3_support = False
def test_s3_only_hash_passed_to_hmac(self):
+ self.test_auth.s3_support = True
key = 'dadada'
salt = 'zuck'
key_hash = hashlib.sha1('%s%s' % (salt, key)).hexdigest()
@@ -4880,6 +4908,7 @@ class TestAuth(unittest.TestCase):
self.assertTrue(mock_hmac_new.called)
# Assert that string passed to hmac.new is only the hash
self.assertEqual(mock_hmac_new.call_args[0][0], key_hash)
+ self.test_auth.s3_support = False