Pass X-Forwarded-For header to Nova
fixes bug 1097524 Add X-Forwarded-For header to the proxied Nova metadata request. Nova needs this value to properly answer /latest/meta-data/local-ipv4 requests. Change-Id: Icaec38b2ca7e06b50960deb7ab24ff1944a81f45
This commit is contained in:
parent
666c5df3ca
commit
3aecb35d68
@ -108,6 +108,7 @@ class MetadataProxyHandler(object):
|
|||||||
|
|
||||||
def _proxy_request(self, instance_id, req):
|
def _proxy_request(self, instance_id, req):
|
||||||
headers = {
|
headers = {
|
||||||
|
'X-Forwarded-For': req.headers.get('X-Forwarded-For'),
|
||||||
'X-Instance-ID': instance_id,
|
'X-Instance-ID': instance_id,
|
||||||
'X-Instance-ID-Signature': self._sign_instance_id(instance_id)
|
'X-Instance-ID-Signature': self._sign_instance_id(instance_id)
|
||||||
}
|
}
|
||||||
|
@ -177,9 +177,10 @@ class TestMetadataProxyHandler(unittest.TestCase):
|
|||||||
self._get_instance_id_helper(headers, ports, networks=['the_id'])
|
self._get_instance_id_helper(headers, ports, networks=['the_id'])
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_proxy_request_200(self):
|
def _proxy_request_test_helper(self, response_code):
|
||||||
req = mock.Mock(path_info='/the_path', query_string='')
|
hdrs = {'X-Forwarded-For': '8.8.8.8'}
|
||||||
resp = mock.Mock(status=200)
|
req = mock.Mock(path_info='/the_path', query_string='', headers=hdrs)
|
||||||
|
resp = mock.Mock(status=response_code)
|
||||||
with mock.patch.object(self.handler, '_sign_instance_id') as sign:
|
with mock.patch.object(self.handler, '_sign_instance_id') as sign:
|
||||||
sign.return_value = 'signed'
|
sign.return_value = 'signed'
|
||||||
with mock.patch('httplib2.Http') as mock_http:
|
with mock.patch('httplib2.Http') as mock_http:
|
||||||
@ -190,100 +191,33 @@ class TestMetadataProxyHandler(unittest.TestCase):
|
|||||||
mock.call().request(
|
mock.call().request(
|
||||||
'http://9.9.9.9:8775/the_path',
|
'http://9.9.9.9:8775/the_path',
|
||||||
headers={
|
headers={
|
||||||
|
'X-Forwarded-For': '8.8.8.8',
|
||||||
'X-Instance-ID-Signature': 'signed',
|
'X-Instance-ID-Signature': 'signed',
|
||||||
'X-Instance-ID': 'the_id'
|
'X-Instance-ID': 'the_id'
|
||||||
}
|
}
|
||||||
)]
|
)]
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEqual(retval, 'content')
|
return retval
|
||||||
|
|
||||||
|
def test_proxy_request_200(self):
|
||||||
|
self.assertEqual('content', self._proxy_request_test_helper(200))
|
||||||
|
|
||||||
def test_proxy_request_403(self):
|
def test_proxy_request_403(self):
|
||||||
req = mock.Mock(path_info='/the_path', query_string='')
|
self.assertIsInstance(self._proxy_request_test_helper(403),
|
||||||
resp = mock.Mock(status=403)
|
webob.exc.HTTPForbidden)
|
||||||
with mock.patch.object(self.handler, '_sign_instance_id') as sign:
|
|
||||||
sign.return_value = 'signed'
|
|
||||||
with mock.patch('httplib2.Http') as mock_http:
|
|
||||||
mock_http.return_value.request.return_value = (resp, 'content')
|
|
||||||
|
|
||||||
retval = self.handler._proxy_request('the_id', req)
|
|
||||||
mock_http.assert_has_calls([
|
|
||||||
mock.call().request(
|
|
||||||
'http://9.9.9.9:8775/the_path',
|
|
||||||
headers={
|
|
||||||
'X-Instance-ID-Signature': 'signed',
|
|
||||||
'X-Instance-ID': 'the_id'
|
|
||||||
}
|
|
||||||
)]
|
|
||||||
)
|
|
||||||
|
|
||||||
self.assertIsInstance(retval, webob.exc.HTTPForbidden)
|
|
||||||
|
|
||||||
def test_proxy_request_404(self):
|
def test_proxy_request_404(self):
|
||||||
req = mock.Mock(path_info='/the_path', query_string='')
|
self.assertIsInstance(self._proxy_request_test_helper(404),
|
||||||
resp = mock.Mock(status=404)
|
webob.exc.HTTPNotFound)
|
||||||
with mock.patch.object(self.handler, '_sign_instance_id') as sign:
|
|
||||||
sign.return_value = 'signed'
|
|
||||||
with mock.patch('httplib2.Http') as mock_http:
|
|
||||||
mock_http.return_value.request.return_value = (resp, 'content')
|
|
||||||
|
|
||||||
retval = self.handler._proxy_request('the_id', req)
|
|
||||||
mock_http.assert_has_calls([
|
|
||||||
mock.call().request(
|
|
||||||
'http://9.9.9.9:8775/the_path',
|
|
||||||
headers={
|
|
||||||
'X-Instance-ID-Signature': 'signed',
|
|
||||||
'X-Instance-ID': 'the_id'
|
|
||||||
}
|
|
||||||
)]
|
|
||||||
)
|
|
||||||
|
|
||||||
self.assertIsInstance(retval, webob.exc.HTTPNotFound)
|
|
||||||
|
|
||||||
def test_proxy_request_500(self):
|
def test_proxy_request_500(self):
|
||||||
req = mock.Mock(path_info='/the_path', query_string='')
|
self.assertIsInstance(self._proxy_request_test_helper(500),
|
||||||
resp = mock.Mock(status=500)
|
webob.exc.HTTPInternalServerError)
|
||||||
with mock.patch.object(self.handler, '_sign_instance_id') as sign:
|
|
||||||
sign.return_value = 'signed'
|
|
||||||
with mock.patch('httplib2.Http') as mock_http:
|
|
||||||
mock_http.return_value.request.return_value = (resp, 'content')
|
|
||||||
|
|
||||||
retval = self.handler._proxy_request('the_id', req)
|
|
||||||
mock_http.assert_has_calls([
|
|
||||||
mock.call().request(
|
|
||||||
'http://9.9.9.9:8775/the_path',
|
|
||||||
headers={
|
|
||||||
'X-Instance-ID-Signature': 'signed',
|
|
||||||
'X-Instance-ID': 'the_id'
|
|
||||||
}
|
|
||||||
)]
|
|
||||||
)
|
|
||||||
|
|
||||||
self.assertIsInstance(
|
|
||||||
retval,
|
|
||||||
webob.exc.HTTPInternalServerError)
|
|
||||||
|
|
||||||
def test_proxy_request_other_code(self):
|
def test_proxy_request_other_code(self):
|
||||||
req = mock.Mock(path_info='/the_path', query_string='')
|
with self.assertRaises(Exception) as e:
|
||||||
resp = mock.Mock(status=302)
|
self._proxy_request_test_helper(302)
|
||||||
with mock.patch.object(self.handler, '_sign_instance_id') as sign:
|
|
||||||
sign.return_value = 'signed'
|
|
||||||
with mock.patch('httplib2.Http') as mock_http:
|
|
||||||
mock_http.return_value.request.return_value = (resp, 'content')
|
|
||||||
|
|
||||||
with self.assertRaises(Exception) as e:
|
|
||||||
self.handler._proxy_request('the_id', req)
|
|
||||||
self.assertIn('302', str(e))
|
|
||||||
|
|
||||||
mock_http.assert_has_calls([
|
|
||||||
mock.call().request(
|
|
||||||
'http://9.9.9.9:8775/the_path',
|
|
||||||
headers={
|
|
||||||
'X-Instance-ID-Signature': 'signed',
|
|
||||||
'X-Instance-ID': 'the_id'
|
|
||||||
}
|
|
||||||
)]
|
|
||||||
)
|
|
||||||
|
|
||||||
def test_sign_instance_id(self):
|
def test_sign_instance_id(self):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
|
Loading…
Reference in New Issue
Block a user