Author: Brant Knudson <bknudson@us.ibm.com>
 The "insecure" option was being treated as a bool when it was actually
 provided as a string. The fix is to parse the string to a bool.
Date: Tue, 7 Apr 2015 19:38:29 +0000 (+0000)
Subject: Fix s3_token middleware parsing insecure option
X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fpython-keystoneclient.git;a=commitdiff_plain;h=0e3a23d28438f3a298a384b1e1f1390cfa92b151
Bug-Ubuntu: https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
Bug-Debian: https://bugs.debian.org/783164
Change-Id: Id674f40532215788675c97a8fdfa91d4420347b3
Origin: upstream, https://review.openstack.org/#/c/173378/
Last-Update: 2015-04-23

--- python-keystoneclient-0.10.1.orig/keystoneclient/middleware/s3_token.py
+++ python-keystoneclient-0.10.1/keystoneclient/middleware/s3_token.py
@@ -33,6 +33,7 @@ This WSGI component:
 
 import logging
 
+from oslo.utils import strutils
 import requests
 import six
 from six.moves import urllib
@@ -113,7 +114,7 @@ class S3Token(object):
         self.request_uri = '%s://%s:%s' % (auth_protocol, auth_host, auth_port)
 
         # SSL
-        insecure = conf.get('insecure', False)
+        insecure = strutils.bool_from_string(conf.get('insecure', False))
         cert_file = conf.get('certfile')
         key_file = conf.get('keyfile')
 
--- python-keystoneclient-0.10.1.orig/keystoneclient/tests/test_s3_token_middleware.py
+++ python-keystoneclient-0.10.1/keystoneclient/tests/test_s3_token_middleware.py
@@ -123,7 +123,7 @@ class S3TokenMiddlewareTestGood(S3TokenM
     @mock.patch.object(requests, 'post')
     def test_insecure(self, MOCK_REQUEST):
         self.middleware = (
-            s3_token.filter_factory({'insecure': True})(FakeApp()))
+            s3_token.filter_factory({'insecure': 'True'})(FakeApp()))
 
         text_return_value = jsonutils.dumps(GOOD_RESPONSE)
         if six.PY3:
@@ -141,6 +141,28 @@ class S3TokenMiddlewareTestGood(S3TokenM
         mock_args, mock_kwargs = MOCK_REQUEST.call_args
         self.assertIs(mock_kwargs['verify'], False)
 
+    def test_insecure_option(self):
+        # insecure is passed as a string.
+
+        # Some non-secure values.
+        true_values = ['true', 'True', '1', 'yes']
+        for val in true_values:
+            config = {'insecure': val, 'certfile': 'false_ind'}
+            middleware = s3_token.filter_factory(config)(FakeApp())
+            self.assertIs(False, middleware.verify)
+
+        # Some "secure" values, including unexpected value.
+        false_values = ['false', 'False', '0', 'no', 'someweirdvalue']
+        for val in false_values:
+            config = {'insecure': val, 'certfile': 'false_ind'}
+            middleware = s3_token.filter_factory(config)(FakeApp())
+            self.assertEqual('false_ind', middleware.verify)
+
+        # Default is secure.
+        config = {'certfile': 'false_ind'}
+        middleware = s3_token.filter_factory(config)(FakeApp())
+        self.assertIs('false_ind', middleware.verify)
+
 
 class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase):
     def setUp(self):
