diff --git a/etc/monasca/log-api-paste.ini b/etc/monasca/log-api-paste.ini index 15dd3044..0732a87c 100644 --- a/etc/monasca/log-api-paste.ini +++ b/etc/monasca/log-api-paste.ini @@ -32,10 +32,10 @@ pipeline = error_trap versionapp pipeline = error_trap healthcheckapp [pipeline:la_api_v2] -pipeline = error_trap request_id auth roles api_v2_app +pipeline = error_trap request_id auth api_v2_app [pipeline:la_api_v3] -pipeline = error_trap request_id auth roles api_v3_app +pipeline = error_trap request_id auth api_v3_app [app:versionapp] paste.app_factory = monasca_log_api.app.api:create_version_app @@ -54,9 +54,6 @@ set api_version=v3.0 [filter:auth] paste.filter_factory = keystonemiddleware.auth_token:filter_factory -[filter:roles] -paste.filter_factory = monasca_log_api.middleware.role_middleware:RoleMiddleware.factory - [filter:request_id] paste.filter_factory = oslo_middleware.request_id:RequestId.factory diff --git a/monasca_log_api/policies/__init__.py b/monasca_log_api/policies/__init__.py index d759849b..f892a22a 100644 --- a/monasca_log_api/policies/__init__.py +++ b/monasca_log_api/policies/__init__.py @@ -16,7 +16,6 @@ import os import pkgutil - from oslo_config import cfg from oslo_log import log from oslo_utils import importutils @@ -38,11 +37,6 @@ def roles_list_to_check_str(roles_list): role_middleware.register_opts(CONF) -DEFAULT_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.roles_middleware.default_roles) -AGENT_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.roles_middleware.agent_roles) -DELEGATE_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.roles_middleware.delegate_roles) -CHECK_AUTHORIZED_ROLES = roles_list_to_check_str(cfg.CONF.roles_middleware.check_roles) - def load_policy_modules(): """Load all modules that contain policies. diff --git a/monasca_log_api/policies/healthchecks.py b/monasca_log_api/policies/healthchecks.py index 148a35b5..6be5d73d 100644 --- a/monasca_log_api/policies/healthchecks.py +++ b/monasca_log_api/policies/healthchecks.py @@ -12,9 +12,13 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_policy import policy -from monasca_log_api.policies import CHECK_AUTHORIZED_ROLES +from monasca_log_api import policies + +CHECK_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.roles_middleware.check_roles) rules = [ policy.DocumentedRuleDefault( diff --git a/monasca_log_api/policies/logs.py b/monasca_log_api/policies/logs.py index 2e0e91ee..a7332e38 100644 --- a/monasca_log_api/policies/logs.py +++ b/monasca_log_api/policies/logs.py @@ -12,12 +12,17 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_policy import policy -from monasca_log_api.policies import AGENT_AUTHORIZED_ROLES -from monasca_log_api.policies import DEFAULT_AUTHORIZED_ROLES -from monasca_log_api.policies import DELEGATE_AUTHORIZED_ROLES +from monasca_log_api import policies +DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.roles_middleware.default_roles) +AGENT_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.roles_middleware.agent_roles) +DELEGATE_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.roles_middleware.delegate_roles) rules = [ policy.DocumentedRuleDefault( diff --git a/monasca_log_api/policies/versions.py b/monasca_log_api/policies/versions.py index 60eb554d..d0e7c9da 100644 --- a/monasca_log_api/policies/versions.py +++ b/monasca_log_api/policies/versions.py @@ -12,10 +12,13 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_policy import policy -from monasca_log_api.policies import CHECK_AUTHORIZED_ROLES +from monasca_log_api import policies +CHECK_AUTHORIZED_ROLES = policies.roles_list_to_check_str( + cfg.CONF.roles_middleware.check_roles) rules = [ policy.DocumentedRuleDefault(