Keystone audit middleware requires to iterate req.context as dict,
but Glance requires to access req.context.read_only.
When glance enabled audit, they are conflict with each other.
This patch fix this issue by store audit context in
req.environ['audit.context']
Change-Id: Ib9a62a4cd0b7b9ffb9fa2d6440e8072d45ee0fee
Closes-Bug: #1809101
Signed-off-by: Leehom Li <feli5@cisco.com>
The keystonemiddleware audit code would select the wrong OpenStack service
endpoint for a request if the cloud is not using unique TCP ports for each
service endpoint. As most services are no longer using a port per service,
but instead using unique paths, this caused the audit to select the wrong
target service. This leads to incorrect audit logging due to the wrong
audit map being used.
This patch checks the request to see if a TCP port was present in the request,
and if not, fall back to using the target_endpoint_type configured in the
audit map file.
Change-Id: Ie2e0bf74ecca485d599a4041bb770bd6e296bc99
Closes-bug: 1797584
When parsing the service catalog to find the source, audit middleware
should skip over the services which have no endpoints instead of
assuming they will have at least one endpoint.
Change-Id: I287873e99338d95baaf20d52ecb3a43763a401fc
Closes-Bug: #1800017
Audit middleware does a lot of faking up environments and calling
methods instead of just running the middleware. It's a whole bunch
easier to just run the middleware wherever possible.
This means we don't have to stub context from tests as these tests
actually pass through the wsgi layer correctly. Ideally we would do more
of this.
Change-Id: I95377f030b07ffae18698ecc3c82cc6aa1dddbc7
The auth_token tests have a good layout for using create_middleware and
create_simple_middleware that makes it easy for tests to create
middleware for testing as required rather than having a self.middleware
object that gets overriden a lot.
Extract this create_middleware into a base class and implement it in
audit so the patterns are similar.
Change-Id: I2f050eef1684c8046f94dc2b88b4c97a56ea9cd8
AST! Never AST!
The service catalog set from auth_token middleware is a json blob not a
python blob and should be decoded as such.
This brings up the problem that the service catalog specified in the
tests is not actually valid JSON. In future I'll attempt to change this
over to using the auth_token fixture instead of a custom environment
dictionary.
Change-Id: Ic9ab68f7d41d19d3595a3ddbbb2e233f57ef52c8
The API tests don't really use the API, they just test the creation of
an event so focus them on that.
There are two tests that are in the API class that really do test
middleware so they are moved back.
Change-Id: I345fe4f4c2a0d8f98ba1ff10491802002d590fa6