def setUp(self):
super(TestBastion, self).setUp()
app = util.app
wrapped_app = util.wrap_403(app)
self.bastion = bastion.wrap(app, wrapped_app)
self.unrestricted_route = "/v1/health"
self.normal_route = "/v1"
def setUp(self):
super(TestBastion, self).setUp()
self.app = util.app
self.wrapped_app = util.wrap_403(self.app)
self.bastion = bastion.wrap(self.app, self.wrapped_app)
self.unrestricted_route = '/v1/health'
self.normal_route = '/v1'
def setUp(self):
super(TestBastion, self).setUp()
self.app = util.app
self.wrapped_app = util.wrap_403(self.app)
self.bastion = bastion.wrap(self.app, self.wrapped_app)
self.unrestricted_route = '/v1/health'
self.normal_route = '/v1'
def test_multiple_gate_headers_allow_access(self, route):
# override gate headers option
bastion._CONF.set_override('gate_headers',
['HTTP_X_FORWARDED_FOR', 'HTTP_USER_AGENT'],
bastion.OPT_GROUP_NAME,
enforce_type=True)
# re-wrap the app after modifying config opt
self.bastion = bastion.wrap(self.app, self.wrapped_app)
env = self.create_env(route)
env['HTTP_X_FORWARDED_FOR'] = 'taco'
self._expect(env, 204)
def test_multiple_gate_headers_allow_access(self, route):
# override gate headers option
bastion._CONF.set_override(
'gate_headers',
['HTTP_X_FORWARDED_FOR', 'HTTP_USER_AGENT'],
bastion.OPT_GROUP_NAME,
enforce_type=True
)
# re-wrap the app after modifying config opt
self.bastion = bastion.wrap(self.app, self.wrapped_app)
env = self.create_env(route)
env['HTTP_X_FORWARDED_FOR'] = 'taco'
self._expect(env, 204)
def test_empty_gate_headers_deny_access(self, route):
"""bastion should allow all traffic for this endpoint.
Based on the configuration for this test case."""
# override gate headers option
bastion._CONF.set_override('gate_headers', [],
bastion.OPT_GROUP_NAME,
enforce_type=True)
# re-wrap the app after modifying config opt
self.bastion = bastion.wrap(self.app, self.wrapped_app)
env = self.create_env(route)
env['HTTP_X_FORWARDED_FOR'] = 'taco'
self._expect(env, 403)
def test_empty_gate_headers_deny_access(self, route):
"""bastion should allow all traffic for this endpoint.
Based on the configuration for this test case."""
# override gate headers option
bastion._CONF.set_override(
'gate_headers',
[],
bastion.OPT_GROUP_NAME,
enforce_type=True
)
# re-wrap the app after modifying config opt
self.bastion = bastion.wrap(self.app, self.wrapped_app)
env = self.create_env(route)
env['HTTP_X_FORWARDED_FOR'] = 'taco'
self._expect(env, 403)
from eom import auth from eom import bastion from eom import rbac from deuce.transport.wsgi.app import app as deuce_app from oslo.config import cfg conf = cfg.CONF conf(project='eom', args=[]) # Get the separated Redis Server for Auth auth_redis_client = auth.get_auth_redis_client() rbac_app = rbac.wrap(deuce_app) auth_app = auth.wrap(rbac_app, auth_redis_client) app = bastion.wrap(deuce_app, auth_app)
