Merge "Add config option for algo to use in temp_url tests"
diff --git a/releasenotes/notes/temp_url_tests_digest_config-3d8c9bb271961ddd.yaml b/releasenotes/notes/temp_url_tests_digest_config-3d8c9bb271961ddd.yaml
new file mode 100644
index 0000000..f96c030
--- /dev/null
+++ b/releasenotes/notes/temp_url_tests_digest_config-3d8c9bb271961ddd.yaml
@@ -0,0 +1,11 @@
+---
+features:
+ - |
+ Add configuration parameter `tempurl_digest_hashlib` into
+ `object-storage-feature-enabled` which configures the hashing algorithm to
+ use for the temp_url tests; defaults to 'sha256'.
+security:
+ - |
+ Swift used to support only 'sha1' for temp_url hashing but from many
+ years now 'sha256' and 'sha512' are also available. These are stronger
+ than 'sha1' and tempest now allows configuring which one to use.
diff --git a/tempest/api/object_storage/test_object_temp_url.py b/tempest/api/object_storage/test_object_temp_url.py
index 4ca7412..8f218e2 100644
--- a/tempest/api/object_storage/test_object_temp_url.py
+++ b/tempest/api/object_storage/test_object_temp_url.py
@@ -19,9 +19,12 @@
from tempest.api.object_storage import base
from tempest.common import utils
+from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
+CONF = config.CONF
+
class ObjectTempUrlTest(base.BaseObjectTest):
"""Test object temp url"""
@@ -77,8 +80,11 @@
container, object_name)
hmac_body = '%s\n%s\n%s' % (method, expires, path)
+ hlib = getattr(
+ hashlib,
+ CONF.object_storage_feature_enabled.tempurl_digest_hashlib)
sig = hmac.new(
- key.encode(), hmac_body.encode(), hashlib.sha256
+ key.encode(), hmac_body.encode(), hlib
).hexdigest()
url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,
diff --git a/tempest/api/object_storage/test_object_temp_url_negative.py b/tempest/api/object_storage/test_object_temp_url_negative.py
index e5f4cf2..712697e 100644
--- a/tempest/api/object_storage/test_object_temp_url_negative.py
+++ b/tempest/api/object_storage/test_object_temp_url_negative.py
@@ -19,10 +19,13 @@
from tempest.api.object_storage import base
from tempest.common import utils
+from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
+CONF = config.CONF
+
class ObjectTempUrlNegativeTest(base.BaseObjectTest):
"""Negative tests of object temp url"""
@@ -82,8 +85,11 @@
container, object_name)
hmac_body = '%s\n%s\n%s' % (method, expires, path)
+ hlib = getattr(
+ hashlib,
+ CONF.object_storage_feature_enabled.tempurl_digest_hashlib)
sig = hmac.new(
- key.encode(), hmac_body.encode(), hashlib.sha256
+ key.encode(), hmac_body.encode(), hlib
).hexdigest()
url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,
diff --git a/tempest/config.py b/tempest/config.py
index 4098f32..f986ddb 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -1164,6 +1164,11 @@
cfg.BoolOpt('discoverability',
default=True,
help="Execute discoverability tests"),
+ cfg.StrOpt('tempurl_digest_hashlib',
+ default='sha256',
+ help="Hashing algorithm to use for the temp_url tests. "
+ "Needs to be supported both by Swift and the "
+ "hashlib module, for example sha1 or sha256"),
]