merged trunk

author: Vishvananda Ishaya <vishvananda@gmail.com> 2010-12-23 00:30:52 +0000
committer: Vishvananda Ishaya <vishvananda@gmail.com> 2010-12-23 00:30:52 +0000
commit: d0a360342b8aba0ec9caa4f49a27b721d8974895 (patch)
tree: 1d0ab0c28d6865a26e341e7611050fca650bc618 /nova/api
parent: a7e5a4a39b93b32974ca82b77391368c4f01cdd8 (diff)
parent: e69f5f90200850db6ffb3210133d361b720be7e9 (diff)
download: nova-d0a360342b8aba0ec9caa4f49a27b721d8974895.tar.gz
nova-d0a360342b8aba0ec9caa4f49a27b721d8974895.tar.xz
nova-d0a360342b8aba0ec9caa4f49a27b721d8974895.zip
2 files changed, 16 insertions, 3 deletions
diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
index d1e2596c3..51d33bcc6 100644
--- a/nova/api/ec2/__init__.py
+++ b/nova/api/ec2/__init__.py
@@ -37,6 +37,9 @@ from nova.auth import manager
 
 
 FLAGS = flags.FLAGS
+flags.DEFINE_boolean('use_forwarded_for', False,
+                     'Treat X-Forwarded-For as the canonical remote address. '
+                     'Only enable this if you have a sanitizing proxy.')
 flags.DEFINE_boolean('use_lockout', False,
                      'Whether or not to use lockout middleware.')
 flags.DEFINE_integer('lockout_attempts', 5,
@@ -144,9 +147,12 @@ class Authenticate(wsgi.Middleware):
             raise webob.exc.HTTPForbidden()
 
         # Authenticated!
+        remote_address = req.remote_addr
+        if FLAGS.use_forwarded_for:
+            remote_address = req.headers.get('X-Forwarded-For', remote_address)
         ctxt = context.RequestContext(user=user,
                                       project=project,
-                                      remote_address=req.remote_addr)
+                                      remote_address=remote_address)
         req.environ['ec2.context'] = ctxt
         return self.application
 
diff --git a/nova/api/ec2/metadatarequesthandler.py b/nova/api/ec2/metadatarequesthandler.py
index 0e9e686ff..f832863a9 100644
--- a/nova/api/ec2/metadatarequesthandler.py
+++ b/nova/api/ec2/metadatarequesthandler.py
@@ -23,9 +23,13 @@ import logging
 import webob.dec
 import webob.exc
 
+from nova import flags
 from nova.api.ec2 import cloud
 
 
+FLAGS = flags.FLAGS
+
+
 class MetadataRequestHandler(object):
     """Serve metadata from the EC2 API."""
 
@@ -63,10 +67,13 @@ class MetadataRequestHandler(object):
     @webob.dec.wsgify
     def __call__(self, req):
         cc = cloud.CloudController()
-        meta_data = cc.get_metadata(req.remote_addr)
+        remote_address = req.remote_addr
+        if FLAGS.use_forwarded_for:
+            remote_address = req.headers.get('X-Forwarded-For', remote_address)
+        meta_data = cc.get_metadata(remote_address)
         if meta_data is None:
             logging.error(_('Failed to get metadata for ip: %s') %
-                          req.remote_addr)
+                          remote_address)
             raise webob.exc.HTTPNotFound()
         data = self.lookup(req.path_info, meta_data)
         if data is None:
author	Vishvananda Ishaya <vishvananda@gmail.com>	2010-12-23 00:30:52 +0000
committer	Vishvananda Ishaya <vishvananda@gmail.com>	2010-12-23 00:30:52 +0000
commit	d0a360342b8aba0ec9caa4f49a27b721d8974895 (patch)
tree	1d0ab0c28d6865a26e341e7611050fca650bc618 /nova/api
parent	a7e5a4a39b93b32974ca82b77391368c4f01cdd8 (diff)
parent	e69f5f90200850db6ffb3210133d361b720be7e9 (diff)
download	nova-d0a360342b8aba0ec9caa4f49a27b721d8974895.tar.gz nova-d0a360342b8aba0ec9caa4f49a27b721d8974895.tar.xz nova-d0a360342b8aba0ec9caa4f49a27b721d8974895.zip