From 82707e15a5bce8de2d33b1c865c96844c9770580 Mon Sep 17 00:00:00 2001 From: "Leehom Li (feli5)" Date: Wed, 19 Dec 2018 15:52:03 +0000 Subject: [PATCH] Make sure audit middleware use own context Keystone audit middleware requires to iterate req.context as dict, but Glance requires to access req.context.read_only. When glance enabled audit, they are conflict with each other. This patch fix this issue by store audit context in req.environ['audit.context'] Change-Id: Ib9a62a4cd0b7b9ffb9fa2d6440e8072d45ee0fee Closes-Bug: #1809101 Signed-off-by: Leehom Li --- keystonemiddleware/audit/__init__.py | 7 ++++--- .../tests/unit/audit/test_audit_api.py | 2 +- .../tests/unit/audit/test_audit_middleware.py | 12 ++++++------ releasenotes/notes/bug-1809101-6b5088443d5970ba.yaml | 7 +++++++ 4 files changed, 18 insertions(+), 10 deletions(-) create mode 100644 releasenotes/notes/bug-1809101-6b5088443d5970ba.yaml diff --git a/keystonemiddleware/audit/__init__.py b/keystonemiddleware/audit/__init__.py index 331a8942..9b4c380d 100644 --- a/keystonemiddleware/audit/__init__.py +++ b/keystonemiddleware/audit/__init__.py @@ -111,7 +111,7 @@ class AuditMiddleware(object): @_log_and_ignore_error def _process_request(self, request): - self._notifier.notify(request.context, + self._notifier.notify(request.environ['audit.context'], 'audit.http.request', self._create_event(request).as_dict()) @@ -139,7 +139,7 @@ class AuditMiddleware(object): reporter=resource.Resource(id='target'), reporterTime=timestamp.get_utc_now())) - self._notifier.notify(request.context, + self._notifier.notify(request.environ['audit.context'], 'audit.http.response', event.as_dict()) @@ -151,7 +151,8 @@ class AuditMiddleware(object): # Cannot use a RequestClass on wsgify above because the `req` object is # a `WebOb.Request` when this method is called so the RequestClass is # ignored by the wsgify wrapper. - req.context = oslo_context.get_admin_context().to_dict() + req.environ['audit.context'] = \ + oslo_context.get_admin_context().to_dict() self._process_request(req) try: diff --git a/keystonemiddleware/tests/unit/audit/test_audit_api.py b/keystonemiddleware/tests/unit/audit/test_audit_api.py index 3843d43f..e061dbd4 100644 --- a/keystonemiddleware/tests/unit/audit/test_audit_api.py +++ b/keystonemiddleware/tests/unit/audit/test_audit_api.py @@ -201,7 +201,7 @@ class AuditApiLogicTest(base.BaseAuditMiddlewareTest): req = webob.Request.blank(url, environ=self.get_environ_header('GET'), remote_addr='192.168.0.1') - req.context = {} + req.environ['audit.context'] = {} middleware = self.create_simple_middleware() middleware._process_request(req) payload = req.environ['cadf_event'].as_dict() diff --git a/keystonemiddleware/tests/unit/audit/test_audit_middleware.py b/keystonemiddleware/tests/unit/audit/test_audit_middleware.py index 39daf559..baf10bf8 100644 --- a/keystonemiddleware/tests/unit/audit/test_audit_middleware.py +++ b/keystonemiddleware/tests/unit/audit/test_audit_middleware.py @@ -84,7 +84,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest): def test_process_request_fail(self): req = webob.Request.blank('/foo/bar', environ=self.get_environ_header('GET')) - req.context = {} + req.environ['audit.context'] = {} self.create_simple_middleware()._process_request(req) self.assertTrue(self.notifier.notify.called) @@ -92,7 +92,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest): def test_process_response_fail(self): req = webob.Request.blank('/foo/bar', environ=self.get_environ_header('GET')) - req.context = {} + req.environ['audit.context'] = {} middleware = self.create_simple_middleware() middleware._process_response(req, webob.response.Response()) @@ -147,7 +147,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest): req = webob.Request.blank('/foo/bar', environ=self.get_environ_header('GET')) - req.context = {} + req.environ['audit.context'] = {} self.notifier.notify.side_effect = Exception('error') middleware(req) @@ -155,7 +155,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest): req2 = webob.Request.blank('/foo/bar', environ=self.get_environ_header('GET')) - req2.context = {} + req2.environ['audit.context'] = {} self.notifier.reset_mock() middleware._process_response(req2, webob.response.Response()) @@ -179,7 +179,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest): req = webob.Request.blank(url, environ=self.get_environ_header('GET'), remote_addr='192.168.0.1') - req.context = {} + req.environ['audit.context'] = {} middleware._process_request(req) payload = req.environ['cadf_event'].as_dict() middleware._process_response(req, None) @@ -197,7 +197,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest): req = webob.Request.blank('http://admin_host:8774/v2/' + str(uuid.uuid4()) + '/servers', environ=self.get_environ_header('GET')) - req.context = {} + req.environ['audit.context'] = {} self.assertNotIn('cadf_event', req.environ) self.create_simple_middleware()._process_response(req, diff --git a/releasenotes/notes/bug-1809101-6b5088443d5970ba.yaml b/releasenotes/notes/bug-1809101-6b5088443d5970ba.yaml new file mode 100644 index 00000000..910f4d99 --- /dev/null +++ b/releasenotes/notes/bug-1809101-6b5088443d5970ba.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + [`bug 1809101 `_] + Fix req.context of Keystone audit middleware and Glance conflict with each + other issue. The audit middleware now stores the admin context to + req.environ['audit.context'].