From 8e72616d732ddd473e60ca28ea8e76aa95cdb690 Mon Sep 17 00:00:00 2001
From: Dina Belova <dbelova@mirantis.com>
Date: Fri, 13 Nov 2015 13:34:38 +0300
Subject: [PATCH] Do not use api-paste.ini osprofiler options

Starting with opsrofiler 0.3.1 release there is no need to set HMAC_KEYS
and ENABLED arguments in the api-paste.ini file, this can be set in the
heat.conf configuration file.

Change-Id: I77611c08d24839dc01766e994635cdb6a12922da
---
 etc/heat/api-paste.ini  | 2 --
 heat/common/config.py   | 4 +++-
 heat/common/profiler.py | 5 +++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/etc/heat/api-paste.ini b/etc/heat/api-paste.ini
index 7246e14df3..b0613156ab 100644
--- a/etc/heat/api-paste.ini
+++ b/etc/heat/api-paste.ini
@@ -104,5 +104,3 @@ paste.filter_factory = oslo_middleware.request_id:RequestId.factory
 
 [filter:osprofiler]
 paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
-hmac_keys = SECRET_KEY
-enabled = yes
diff --git a/heat/common/config.py b/heat/common/config.py
index 8f90424d5a..5f47e80e5f 100644
--- a/heat/common/config.py
+++ b/heat/common/config.py
@@ -235,7 +235,9 @@ profiler_opts = [
     cfg.BoolOpt("profiler_enabled", default=False,
                 help=_('If False fully disable profiling feature.')),
     cfg.BoolOpt("trace_sqlalchemy", default=False,
-                help=_("If False do not trace SQL requests."))
+                help=_("If False do not trace SQL requests.")),
+    cfg.StrOpt("hmac_keys", default="SECRET_KEY",
+               help=_("Secret key to use to sign tracing messages."))
 ]
 
 auth_password_group = cfg.OptGroup('auth_password')
diff --git a/heat/common/profiler.py b/heat/common/profiler.py
index 7aa7664814..a474b59f80 100644
--- a/heat/common/profiler.py
+++ b/heat/common/profiler.py
@@ -32,14 +32,15 @@ def setup(binary, host):
             "Messaging", messaging, context.get_admin_context().to_dict(),
             rpc_messaging.TRANSPORT, "heat", binary, host)
         osprofiler.notifier.set(_notifier)
+        osprofiler.web.enable(cfg.CONF.profiler.hmac_keys)
         LOG.warning(_LW("OSProfiler is enabled.\nIt means that person who "
                         "knows any of hmac_keys that are specified in "
-                        "/etc/heat/api-paste.ini can trace his requests. \n"
+                        "/etc/heat/heat.conf can trace his requests. \n"
                         "In real life only operator can read this file so "
                         "there is no security issue. Note that even if person "
                         "can trigger profiler, only admin user can retrieve "
                         "trace information.\n"
                         "To disable OSprofiler set in heat.conf:\n"
-                        "[profiler]\nenabled=false"))
+                        "[profiler]\nprofiler_enabled=false"))
     else:
         osprofiler.web.disable()