Add in ability to load DEBUG middleware

This change adds a new config group ``[wsgi]`` with the ability
to load in the oslo.middleware Debug middleware. The DEBUG middleware
is placed as the first middleware in the chain printing out raw
request/response data closest to the edge of the applciation.

The new option is ``debug_middleware`` and is boolean. It defaults
to "False". This option should never be set in production as it
can and will leak sensitive information via the printed data.

Change-Id: I013e38f3578e6ea8e5bad3123fe47bf93b840b43
This commit is contained in:
Morgan Fainberg 2018-06-06 09:10:39 -07:00
parent 4ec6bc5a44
commit 81caf3eb71
3 changed files with 60 additions and 1 deletions

View File

@ -49,6 +49,7 @@ from keystone.conf import token
from keystone.conf import tokenless_auth
from keystone.conf import trust
from keystone.conf import unified_limit
from keystone.conf import wsgi
CONF = cfg.CONF
@ -84,6 +85,7 @@ conf_modules = [
tokenless_auth,
trust,
unified_limit,
wsgi
]

45
keystone/conf/wsgi.py Normal file
View File

@ -0,0 +1,45 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from keystone.conf import utils
debug_middlware = cfg.BoolOpt(
'debug_middleware',
default=False,
help=utils.fmt("""
If set to true, this enables the oslo debug middleware in Keystone. This
Middleware prints a lot of information about the request and the response. It
is useful for getting information about the data on the wire (decoded) and
passed to the WSGI application pipeline.
This middleware is inserted as the first element in the middleware chain
and will show the data closest to the wire.
WARNING: NOT INTENDED FOR USE IN PRODUCTION. THIS MIDDLEWARE CAN AND WILL EMIT
SENSITIVE/PRIVILEGED DATA.
"""))
GROUP_NAME = __name__.split('.')[-1]
ALL_OPTS = [
debug_middlware,
]
def register_opts(conf):
conf.register_opts(ALL_OPTS, group=GROUP_NAME)
def list_opts():
return {GROUP_NAME: ALL_OPTS}

View File

@ -90,7 +90,19 @@ def setup_app_middleware(application):
# explicitly; reverse order to ensure the first element in _APP_MIDDLEWARE
# processes the request first.
for mw in reversed(_APP_MIDDLEWARE):
MW = _APP_MIDDLEWARE
# Add in optional (config-based) middleware
# NOTE(morgan): Each of these may need to be in a specific location
# within the pipeline therefore cannot be magically appended/prepended
if CONF.wsgi.debug_middleware:
# Add in the Debug Middleware
MW = (_Middleware(namespace='keystone.server_middleware',
ep='debug',
conf={}),) + _APP_MIDDLEWARE
# Apply the middleware to the application.
for mw in reversed(MW):
# TODO(morgan): Explore moving this to ExtensionManager, but we
# want to be super careful about what middleware we load and in
# what order. DriverManager gives us that capability and only loads