Make sure audit middleware use own context
Keystone audit middleware requires to iterate req.context as dict, but Glance requires to access req.context.read_only. When glance enabled audit, they are conflict with each other. This patch fix this issue by store audit context in req.environ['audit.context'] Change-Id: Ib9a62a4cd0b7b9ffb9fa2d6440e8072d45ee0fee Closes-Bug: #1809101 Signed-off-by: Leehom Li <feli5@cisco.com>
This commit is contained in:
parent
ac7c7fba0a
commit
82707e15a5
@ -111,7 +111,7 @@ class AuditMiddleware(object):
|
|||||||
|
|
||||||
@_log_and_ignore_error
|
@_log_and_ignore_error
|
||||||
def _process_request(self, request):
|
def _process_request(self, request):
|
||||||
self._notifier.notify(request.context,
|
self._notifier.notify(request.environ['audit.context'],
|
||||||
'audit.http.request',
|
'audit.http.request',
|
||||||
self._create_event(request).as_dict())
|
self._create_event(request).as_dict())
|
||||||
|
|
||||||
@ -139,7 +139,7 @@ class AuditMiddleware(object):
|
|||||||
reporter=resource.Resource(id='target'),
|
reporter=resource.Resource(id='target'),
|
||||||
reporterTime=timestamp.get_utc_now()))
|
reporterTime=timestamp.get_utc_now()))
|
||||||
|
|
||||||
self._notifier.notify(request.context,
|
self._notifier.notify(request.environ['audit.context'],
|
||||||
'audit.http.response',
|
'audit.http.response',
|
||||||
event.as_dict())
|
event.as_dict())
|
||||||
|
|
||||||
@ -151,7 +151,8 @@ class AuditMiddleware(object):
|
|||||||
# Cannot use a RequestClass on wsgify above because the `req` object is
|
# Cannot use a RequestClass on wsgify above because the `req` object is
|
||||||
# a `WebOb.Request` when this method is called so the RequestClass is
|
# a `WebOb.Request` when this method is called so the RequestClass is
|
||||||
# ignored by the wsgify wrapper.
|
# ignored by the wsgify wrapper.
|
||||||
req.context = oslo_context.get_admin_context().to_dict()
|
req.environ['audit.context'] = \
|
||||||
|
oslo_context.get_admin_context().to_dict()
|
||||||
|
|
||||||
self._process_request(req)
|
self._process_request(req)
|
||||||
try:
|
try:
|
||||||
|
@ -201,7 +201,7 @@ class AuditApiLogicTest(base.BaseAuditMiddlewareTest):
|
|||||||
req = webob.Request.blank(url,
|
req = webob.Request.blank(url,
|
||||||
environ=self.get_environ_header('GET'),
|
environ=self.get_environ_header('GET'),
|
||||||
remote_addr='192.168.0.1')
|
remote_addr='192.168.0.1')
|
||||||
req.context = {}
|
req.environ['audit.context'] = {}
|
||||||
middleware = self.create_simple_middleware()
|
middleware = self.create_simple_middleware()
|
||||||
middleware._process_request(req)
|
middleware._process_request(req)
|
||||||
payload = req.environ['cadf_event'].as_dict()
|
payload = req.environ['cadf_event'].as_dict()
|
||||||
|
@ -84,7 +84,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
|
|||||||
def test_process_request_fail(self):
|
def test_process_request_fail(self):
|
||||||
req = webob.Request.blank('/foo/bar',
|
req = webob.Request.blank('/foo/bar',
|
||||||
environ=self.get_environ_header('GET'))
|
environ=self.get_environ_header('GET'))
|
||||||
req.context = {}
|
req.environ['audit.context'] = {}
|
||||||
|
|
||||||
self.create_simple_middleware()._process_request(req)
|
self.create_simple_middleware()._process_request(req)
|
||||||
self.assertTrue(self.notifier.notify.called)
|
self.assertTrue(self.notifier.notify.called)
|
||||||
@ -92,7 +92,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
|
|||||||
def test_process_response_fail(self):
|
def test_process_response_fail(self):
|
||||||
req = webob.Request.blank('/foo/bar',
|
req = webob.Request.blank('/foo/bar',
|
||||||
environ=self.get_environ_header('GET'))
|
environ=self.get_environ_header('GET'))
|
||||||
req.context = {}
|
req.environ['audit.context'] = {}
|
||||||
|
|
||||||
middleware = self.create_simple_middleware()
|
middleware = self.create_simple_middleware()
|
||||||
middleware._process_response(req, webob.response.Response())
|
middleware._process_response(req, webob.response.Response())
|
||||||
@ -147,7 +147,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
|
|||||||
|
|
||||||
req = webob.Request.blank('/foo/bar',
|
req = webob.Request.blank('/foo/bar',
|
||||||
environ=self.get_environ_header('GET'))
|
environ=self.get_environ_header('GET'))
|
||||||
req.context = {}
|
req.environ['audit.context'] = {}
|
||||||
self.notifier.notify.side_effect = Exception('error')
|
self.notifier.notify.side_effect = Exception('error')
|
||||||
|
|
||||||
middleware(req)
|
middleware(req)
|
||||||
@ -155,7 +155,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
|
|||||||
|
|
||||||
req2 = webob.Request.blank('/foo/bar',
|
req2 = webob.Request.blank('/foo/bar',
|
||||||
environ=self.get_environ_header('GET'))
|
environ=self.get_environ_header('GET'))
|
||||||
req2.context = {}
|
req2.environ['audit.context'] = {}
|
||||||
self.notifier.reset_mock()
|
self.notifier.reset_mock()
|
||||||
|
|
||||||
middleware._process_response(req2, webob.response.Response())
|
middleware._process_response(req2, webob.response.Response())
|
||||||
@ -179,7 +179,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
|
|||||||
req = webob.Request.blank(url,
|
req = webob.Request.blank(url,
|
||||||
environ=self.get_environ_header('GET'),
|
environ=self.get_environ_header('GET'),
|
||||||
remote_addr='192.168.0.1')
|
remote_addr='192.168.0.1')
|
||||||
req.context = {}
|
req.environ['audit.context'] = {}
|
||||||
middleware._process_request(req)
|
middleware._process_request(req)
|
||||||
payload = req.environ['cadf_event'].as_dict()
|
payload = req.environ['cadf_event'].as_dict()
|
||||||
middleware._process_response(req, None)
|
middleware._process_response(req, None)
|
||||||
@ -197,7 +197,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
|
|||||||
req = webob.Request.blank('http://admin_host:8774/v2/'
|
req = webob.Request.blank('http://admin_host:8774/v2/'
|
||||||
+ str(uuid.uuid4()) + '/servers',
|
+ str(uuid.uuid4()) + '/servers',
|
||||||
environ=self.get_environ_header('GET'))
|
environ=self.get_environ_header('GET'))
|
||||||
req.context = {}
|
req.environ['audit.context'] = {}
|
||||||
self.assertNotIn('cadf_event', req.environ)
|
self.assertNotIn('cadf_event', req.environ)
|
||||||
|
|
||||||
self.create_simple_middleware()._process_response(req,
|
self.create_simple_middleware()._process_response(req,
|
||||||
|
7
releasenotes/notes/bug-1809101-6b5088443d5970ba.yaml
Normal file
7
releasenotes/notes/bug-1809101-6b5088443d5970ba.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
[`bug 1809101 <https://bugs.launchpad.net/keystonemiddleware/+bug/1809101>`_]
|
||||||
|
Fix req.context of Keystone audit middleware and Glance conflict with each
|
||||||
|
other issue. The audit middleware now stores the admin context to
|
||||||
|
req.environ['audit.context'].
|
Loading…
x
Reference in New Issue
Block a user