A note about dependency ordering is removed from the requirements file:
this is no longer true with the dependency resolver introduced with pip
20.3.
Change-Id: I615be3453db37588edf98a46ce484efc5e051f11
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
... so that each service using the audit middleware can include these
parameters in .conf file generated by oslo-config-generator by adding
that entrypoint to the command.
Closes-Bug: #1939632
Change-Id: Ied954c633570c51af9504514ffed18e12de8caac
Keystone audit middleware requires to iterate req.context as dict,
but Glance requires to access req.context.read_only.
When glance enabled audit, they are conflict with each other.
This patch fix this issue by store audit context in
req.environ['audit.context']
Change-Id: Ib9a62a4cd0b7b9ffb9fa2d6440e8072d45ee0fee
Closes-Bug: #1809101
Signed-off-by: Leehom Li <feli5@cisco.com>
The keystonemiddleware audit code would select the wrong OpenStack service
endpoint for a request if the cloud is not using unique TCP ports for each
service endpoint. As most services are no longer using a port per service,
but instead using unique paths, this caused the audit to select the wrong
target service. This leads to incorrect audit logging due to the wrong
audit map being used.
This patch checks the request to see if a TCP port was present in the request,
and if not, fall back to using the target_endpoint_type configured in the
audit map file.
Change-Id: Ie2e0bf74ecca485d599a4041bb770bd6e296bc99
Closes-bug: 1797584
When parsing the service catalog to find the source, audit middleware
should skip over the services which have no endpoints instead of
assuming they will have at least one endpoint.
Change-Id: I287873e99338d95baaf20d52ecb3a43763a401fc
Closes-Bug: #1800017
Add a configuration option, 'use_oslo_messaging', to indicate whether
to use oslo_messaging notifier. It is set to true for backwards
compatibility.
We can't use audit middleware with services like Swift, which have no
dependency on Oslo and does not work well with oslo_log. Swift uses rsyslog.
Currently, audit middleware indiscriminately chooses oslo_messaging if the
package is installed. This is problematic if Swift proxy is on the same
controller as any service which consumes oslo_messaging. With this new option,
Swift can now safely consume audit middleware by electing to use local
log notifier instead of oslo_messaging.
Change-Id: I87bf857c20e4b78e97d40dcc51a1b4ff0014abb2
Closes-Bug: #1695038
Those are remnants from the oslo-incubator times. Also, oslo.messaging
deprecated [1] transport aliases since 5.2.0+ that is the minimal
version supported for stable/newton.
[1] I314cefa5fb1803fa7e21e3e34300e5ced31bba89
Closes-Bug: #1424728
Change-Id: I50c4559ea2ebc8512a05ffad52e5f04b22743ff4
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: I8521461203fe40e4576f4de7cfb500bd64027d6d
The constants of log levels were added in the 1.8 version
of the oslo.log library.
So we can replace all usage of system logging module
with log module from oslo.log
Change-Id: I97a1d913b543dc9dbd4d228b04adbdf7ee320df5
AST! Never AST!
The service catalog set from auth_token middleware is a json blob not a
python blob and should be decoded as such.
This brings up the problem that the service catalog specified in the
tests is not actually valid JSON. In future I'll attempt to change this
over to using the auth_token fixture instead of a custom environment
dictionary.
Change-Id: Ic9ab68f7d41d19d3595a3ddbbb2e233f57ef52c8
The API tests don't really use the API, they just test the creation of
an event so focus them on that.
There are two tests that are in the API class that really do test
middleware so they are moved back.
Change-Id: I345fe4f4c2a0d8f98ba1ff10491802002d590fa6
There are a number of methods on the api object that already handle
request specifics. Move the create_event method over to the api so that
it can be tested independantly of the middleware.
Change-Id: I60e524f1e03bfa4592756fc1da861b687ba2ee85
Create a notifier pattern that abstracts the message notification. This
should make it easier to test.
Change-Id: Ifbe3be434c304f1d3d4d570d645937a72c3503c8
This is the start of a cleanup of some of the audit middleware code.
The test changes are because this reorders the test execution order and
some of the global project tests were setting long lasting state.
Change-Id: I7a5576c1f497b9a43420f66c9e511cf6f280b62e
Stephen Finucane