Support allowed_digests options
... which were added as part of deprecation of sha1 signatures[1]. [1] 2d063cd61f6915579840a41ac0248a26085e0245 Change-Id: I8a27cebecbf1c47b2aeb8c1f1f00b1f1c90011d1
This commit is contained in:
parent
0e3f254347
commit
385c66d388
@ -1,6 +1,12 @@
|
|||||||
#
|
#
|
||||||
# Configure swift formpost.
|
# Configure swift formpost.
|
||||||
#
|
#
|
||||||
|
# == Parameters
|
||||||
|
#
|
||||||
|
# [*allowed_digests*]
|
||||||
|
# The digest algorithm(s) supported for generating signatures.
|
||||||
|
# Optional. Defaults to $facts['os_service_default'].
|
||||||
|
#
|
||||||
# == Dependencies
|
# == Dependencies
|
||||||
#
|
#
|
||||||
# == Examples
|
# == Examples
|
||||||
@ -15,11 +21,14 @@
|
|||||||
#
|
#
|
||||||
# Copyright 2012 eNovance licensing@enovance.com
|
# Copyright 2012 eNovance licensing@enovance.com
|
||||||
#
|
#
|
||||||
class swift::proxy::formpost() {
|
class swift::proxy::formpost(
|
||||||
|
$allowed_digests = $facts['os_service_default'],
|
||||||
|
) {
|
||||||
|
|
||||||
include swift::deps
|
include swift::deps
|
||||||
|
|
||||||
swift_proxy_config {
|
swift_proxy_config {
|
||||||
'filter:formpost/use': value => 'egg:swift#formpost';
|
'filter:formpost/use': value => 'egg:swift#formpost';
|
||||||
|
'filter:formpost/allowed_digests': value => join(any2array($allowed_digests), ' ');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -28,6 +28,10 @@
|
|||||||
# Example: ['x-object-meta-public-*'] or 'x-object-meta-public-*'
|
# Example: ['x-object-meta-public-*'] or 'x-object-meta-public-*'
|
||||||
# Optional. Defaults to $facts['os_service_default'].
|
# Optional. Defaults to $facts['os_service_default'].
|
||||||
#
|
#
|
||||||
|
# [*allowed_digests*]
|
||||||
|
# The digest algorithm(s) supported for generating signatures.
|
||||||
|
# Optional. Defaults to $facts['os_service_default'].
|
||||||
|
#
|
||||||
# == Examples
|
# == Examples
|
||||||
#
|
#
|
||||||
# class {'swift::proxy::tempurl':
|
# class {'swift::proxy::tempurl':
|
||||||
@ -50,22 +54,18 @@ class swift::proxy::tempurl (
|
|||||||
$incoming_allow_headers = $facts['os_service_default'],
|
$incoming_allow_headers = $facts['os_service_default'],
|
||||||
$outgoing_remove_headers = $facts['os_service_default'],
|
$outgoing_remove_headers = $facts['os_service_default'],
|
||||||
$outgoing_allow_headers = $facts['os_service_default'],
|
$outgoing_allow_headers = $facts['os_service_default'],
|
||||||
|
$allowed_digests = $facts['os_service_default'],
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include swift::deps
|
include swift::deps
|
||||||
|
|
||||||
$methods_real = join(any2array($methods), ' ')
|
|
||||||
$incoming_remove_headers_real = join(any2array($incoming_remove_headers), ' ')
|
|
||||||
$incoming_allow_headers_real = join(any2array($incoming_allow_headers), ' ')
|
|
||||||
$outgoing_remove_headers_real = join(any2array($outgoing_remove_headers), ' ')
|
|
||||||
$outgoing_allow_headers_real = join(any2array($outgoing_allow_headers), ' ')
|
|
||||||
|
|
||||||
swift_proxy_config {
|
swift_proxy_config {
|
||||||
'filter:tempurl/use': value => 'egg:swift#tempurl';
|
'filter:tempurl/use': value => 'egg:swift#tempurl';
|
||||||
'filter:tempurl/methods': value => $methods_real;
|
'filter:tempurl/methods': value => join(any2array($methods), ' ');
|
||||||
'filter:tempurl/incoming_remove_headers': value => $incoming_remove_headers_real;
|
'filter:tempurl/incoming_remove_headers': value => join(any2array($incoming_remove_headers), ' ');
|
||||||
'filter:tempurl/incoming_allow_headers': value => $incoming_allow_headers_real;
|
'filter:tempurl/incoming_allow_headers': value => join(any2array($incoming_allow_headers), ' ');
|
||||||
'filter:tempurl/outgoing_remove_headers': value => $outgoing_remove_headers_real;
|
'filter:tempurl/outgoing_remove_headers': value => join(any2array($outgoing_remove_headers), ' ');
|
||||||
'filter:tempurl/outgoing_allow_headers': value => $outgoing_allow_headers_real;
|
'filter:tempurl/outgoing_allow_headers': value => join(any2array($outgoing_allow_headers), ' ');
|
||||||
|
'filter:tempurl/allowed_digests': value => join(any2array($allowed_digests), ' ');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
7
releasenotes/notes/allowed_digests-1b12b2f0483c4c68.yaml
Normal file
7
releasenotes/notes/allowed_digests-1b12b2f0483c4c68.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The following classes now support the new ``allowed_digests`` parameter.
|
||||||
|
|
||||||
|
- ``swift::proxy::formpost``
|
||||||
|
- ``swift::proxy::tempurl``
|
@ -2,7 +2,20 @@ require 'spec_helper'
|
|||||||
|
|
||||||
describe 'swift::proxy::formpost' do
|
describe 'swift::proxy::formpost' do
|
||||||
shared_examples 'swift::proxy::formpost' do
|
shared_examples 'swift::proxy::formpost' do
|
||||||
it { should contain_swift_proxy_config('filter:formpost/use').with_value('egg:swift#formpost') }
|
context 'with defaults' do
|
||||||
|
it { should contain_swift_proxy_config('filter:formpost/use').with_value('egg:swift#formpost') }
|
||||||
|
it { should contain_swift_proxy_config('filter:formpost/allowed_digests').with_value('<SERVICE DEFAULT>') }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with parameters' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:allowed_digests => ['sha1', 'sha256', 'sha512']
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_swift_proxy_config('filter:formpost/allowed_digests').with_value('sha1 sha256 sha512') }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
on_supported_os({
|
on_supported_os({
|
||||||
|
@ -2,51 +2,69 @@ require 'spec_helper'
|
|||||||
|
|
||||||
describe 'swift::proxy::tempurl' do
|
describe 'swift::proxy::tempurl' do
|
||||||
shared_examples 'swift::proxy::tempurl' do
|
shared_examples 'swift::proxy::tempurl' do
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:tempurl/use').with_value('egg:swift#tempurl') }
|
|
||||||
|
|
||||||
['methods',
|
context 'with defaults' do
|
||||||
'incoming_remove_headers',
|
it { is_expected.to contain_swift_proxy_config('filter:tempurl/use').with_value('egg:swift#tempurl') }
|
||||||
'incoming_allow_headers',
|
|
||||||
'outgoing_remove_headers',
|
|
||||||
'outgoing_allow_headers' ].each do |h|
|
|
||||||
it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('<SERVICE DEFAULT>') }
|
|
||||||
end
|
|
||||||
|
|
||||||
context "when params are set" do
|
[
|
||||||
let :params do {
|
'methods',
|
||||||
'methods' => ['GET','HEAD','PUT'],
|
'incoming_remove_headers',
|
||||||
'incoming_remove_headers' => ['x-foo','x-bar-*'],
|
|
||||||
'incoming_allow_headers' => ['x-foo','x-bar-*'],
|
|
||||||
'outgoing_remove_headers' => ['x-foo','x-bar-*'],
|
|
||||||
'outgoing_allow_headers' => ['x-foo','x-bar-*'],
|
|
||||||
} end
|
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:tempurl/methods').with_value('GET HEAD PUT') }
|
|
||||||
['incoming_remove_headers',
|
|
||||||
'incoming_allow_headers',
|
'incoming_allow_headers',
|
||||||
'outgoing_remove_headers',
|
'outgoing_remove_headers',
|
||||||
'outgoing_allow_headers' ].each do |h|
|
'outgoing_allow_headers',
|
||||||
it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('x-foo x-bar-*') }
|
'allowed_digests'
|
||||||
end
|
].each do |h|
|
||||||
|
it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('<SERVICE DEFAULT>') }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'when params are not array' do
|
context 'when params are set' do
|
||||||
let :params do {
|
let :params do
|
||||||
'methods' => 'GET HEAD PUT',
|
{
|
||||||
'incoming_remove_headers' => 'x-foo x-bar-*',
|
:methods => ['GET','HEAD','PUT'],
|
||||||
'incoming_allow_headers' => 'x-foo x-bar-*',
|
:incoming_remove_headers => ['x-foo','x-bar-*'],
|
||||||
'outgoing_remove_headers' => 'x-foo x-bar-*',
|
:incoming_allow_headers => ['x-foo','x-bar-*'],
|
||||||
'outgoing_allow_headers' => 'x-foo x-bar-*',
|
:outgoing_remove_headers => ['x-foo','x-bar-*'],
|
||||||
} end
|
:outgoing_allow_headers => ['x-foo','x-bar-*'],
|
||||||
|
:allowed_digests => ['sha1', 'sha256', 'sha512'],
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_swift_proxy_config('filter:tempurl/methods').with_value('GET HEAD PUT') }
|
it { is_expected.to contain_swift_proxy_config('filter:tempurl/methods').with_value('GET HEAD PUT') }
|
||||||
['incoming_remove_headers',
|
[
|
||||||
'incoming_allow_headers',
|
'incoming_remove_headers',
|
||||||
'outgoing_remove_headers',
|
'incoming_allow_headers',
|
||||||
'outgoing_allow_headers' ].each do |h|
|
'outgoing_remove_headers',
|
||||||
it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('x-foo x-bar-*') }
|
'outgoing_allow_headers'
|
||||||
end
|
].each do |h|
|
||||||
end
|
it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('x-foo x-bar-*') }
|
||||||
end
|
end
|
||||||
|
it { is_expected.to contain_swift_proxy_config('filter:tempurl/allowed_digests').with_value('sha1 sha256 sha512') }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when params are not array' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:methods => 'GET HEAD PUT',
|
||||||
|
:incoming_remove_headers => 'x-foo x-bar-*',
|
||||||
|
:incoming_allow_headers => 'x-foo x-bar-*',
|
||||||
|
:outgoing_remove_headers => 'x-foo x-bar-*',
|
||||||
|
:outgoing_allow_headers => 'x-foo x-bar-*',
|
||||||
|
:allowed_digests => 'sha1 sha256 sha512',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { is_expected.to contain_swift_proxy_config('filter:tempurl/methods').with_value('GET HEAD PUT') }
|
||||||
|
[
|
||||||
|
'incoming_remove_headers',
|
||||||
|
'incoming_allow_headers',
|
||||||
|
'outgoing_remove_headers',
|
||||||
|
'outgoing_allow_headers',
|
||||||
|
].each do |h|
|
||||||
|
it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('x-foo x-bar-*') }
|
||||||
|
end
|
||||||
|
it { is_expected.to contain_swift_proxy_config('filter:tempurl/allowed_digests').with_value('sha1 sha256 sha512') }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
on_supported_os({
|
on_supported_os({
|
||||||
|
Loading…
Reference in New Issue
Block a user