108 lines
4.2 KiB
INI
108 lines
4.2 KiB
INI
# Use this pipeline for no auth or image caching - DEFAULT
|
|
[pipeline:glance-api]
|
|
pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context rootapp
|
|
|
|
# Use this pipeline for image caching and no auth
|
|
[pipeline:glance-api-caching]
|
|
pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context cache rootapp
|
|
|
|
# Use this pipeline for caching w/ management interface but no auth
|
|
[pipeline:glance-api-cachemanagement]
|
|
pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
|
|
|
|
# Use this pipeline for keystone auth
|
|
[pipeline:glance-api-keystone]
|
|
pipeline = cors healthcheck versionnegotiation osprofiler authtoken context rootapp
|
|
|
|
# Use this pipeline for keystone auth with image caching
|
|
[pipeline:glance-api-keystone+caching]
|
|
pipeline = cors healthcheck versionnegotiation osprofiler authtoken context cache rootapp
|
|
|
|
# Use this pipeline for keystone auth with caching and cache management
|
|
[pipeline:glance-api-keystone+cachemanagement]
|
|
pipeline = cors healthcheck versionnegotiation osprofiler authtoken context cache cachemanage rootapp
|
|
|
|
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
# user as authenticated without making requests to keystone to reauthenticate
|
|
# the user.
|
|
[pipeline:glance-api-trusted-auth]
|
|
pipeline = cors healthcheck versionnegotiation osprofiler context rootapp
|
|
|
|
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
# user as authenticated without making requests to keystone to reauthenticate
|
|
# the user and uses cache management
|
|
[pipeline:glance-api-trusted-auth+cachemanagement]
|
|
pipeline = cors healthcheck versionnegotiation osprofiler context cache cachemanage rootapp
|
|
|
|
[composite:rootapp]
|
|
paste.composite_factory = glance.api:root_app_factory
|
|
/: apiversions
|
|
/v1: apiv1app
|
|
/v2: apiv2app
|
|
/v3: apiv3app
|
|
|
|
[app:apiversions]
|
|
paste.app_factory = glance.api.versions:create_resource
|
|
|
|
[app:apiv1app]
|
|
paste.app_factory = glance.api.v1.router:API.factory
|
|
|
|
[app:apiv2app]
|
|
paste.app_factory = glance.api.v2.router:API.factory
|
|
|
|
[app:apiv3app]
|
|
paste.app_factory = glance.api.v3.router:API.factory
|
|
|
|
[filter:healthcheck]
|
|
paste.filter_factory = oslo_middleware:Healthcheck.factory
|
|
backends = disable_by_file
|
|
disable_by_file_path = /etc/glance/healthcheck_disable
|
|
|
|
[filter:versionnegotiation]
|
|
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
|
|
|
[filter:cache]
|
|
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
|
|
|
|
[filter:cachemanage]
|
|
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
|
|
|
|
[filter:context]
|
|
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
|
|
|
[filter:unauthenticated-context]
|
|
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
|
|
|
[filter:authtoken]
|
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
delay_auth_decision = true
|
|
|
|
[filter:gzip]
|
|
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
|
|
|
|
[filter:osprofiler]
|
|
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
|
hmac_keys = SECRET_KEY #DEPRECATED
|
|
enabled = yes #DEPRECATED
|
|
|
|
[filter:cors]
|
|
paste.filter_factory = oslo_middleware.cors:filter_factory
|
|
oslo_config_project = glance
|
|
oslo_config_program = glance-api
|
|
# Basic Headers (Automatic)
|
|
# Accept = Origin, Accept, Accept-Language, Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma
|
|
# Expose = Origin, Accept, Accept-Language, Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma
|
|
|
|
# Glance Headers
|
|
# Accept = Content-MD5, X-Image-Meta-Checksum, X-Storage-Token, Accept-Encoding
|
|
# Expose = X-Image-Meta-Checksum
|
|
|
|
# Keystone Headers
|
|
# Accept = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id
|
|
# Expose = X-Auth-Token, X-Subject-Token, X-Service-Token
|
|
|
|
# Request ID Middleware Headers
|
|
# Accept = X-OpenStack-Request-ID
|
|
# Expose = X-OpenStack-Request-ID
|
|
latent_allow_headers = Content-MD5, X-Image-Meta-Checksum, X-Storage-Token, Accept-Encoding, X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
|
|
latent_expose_headers = X-Image-Meta-Checksum, X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID |