Make sure audit middleware use own context

Keystone audit middleware requires to iterate req.context as dict,
but Glance requires to access req.context.read_only.
When glance enabled audit, they are conflict with each other.
This patch fix this issue by store audit context in
req.environ['audit.context']

Change-Id: Ib9a62a4cd0b7b9ffb9fa2d6440e8072d45ee0fee
Closes-Bug: #1809101
Signed-off-by: Leehom Li <feli5@cisco.com>
This commit is contained in:
Leehom Li (feli5) 2018-12-19 15:52:03 +00:00
parent ac7c7fba0a
commit 82707e15a5
4 changed files with 18 additions and 10 deletions

View File

@ -111,7 +111,7 @@ class AuditMiddleware(object):
@_log_and_ignore_error @_log_and_ignore_error
def _process_request(self, request): def _process_request(self, request):
self._notifier.notify(request.context, self._notifier.notify(request.environ['audit.context'],
'audit.http.request', 'audit.http.request',
self._create_event(request).as_dict()) self._create_event(request).as_dict())
@ -139,7 +139,7 @@ class AuditMiddleware(object):
reporter=resource.Resource(id='target'), reporter=resource.Resource(id='target'),
reporterTime=timestamp.get_utc_now())) reporterTime=timestamp.get_utc_now()))
self._notifier.notify(request.context, self._notifier.notify(request.environ['audit.context'],
'audit.http.response', 'audit.http.response',
event.as_dict()) event.as_dict())
@ -151,7 +151,8 @@ class AuditMiddleware(object):
# Cannot use a RequestClass on wsgify above because the `req` object is # Cannot use a RequestClass on wsgify above because the `req` object is
# a `WebOb.Request` when this method is called so the RequestClass is # a `WebOb.Request` when this method is called so the RequestClass is
# ignored by the wsgify wrapper. # ignored by the wsgify wrapper.
req.context = oslo_context.get_admin_context().to_dict() req.environ['audit.context'] = \
oslo_context.get_admin_context().to_dict()
self._process_request(req) self._process_request(req)
try: try:

View File

@ -201,7 +201,7 @@ class AuditApiLogicTest(base.BaseAuditMiddlewareTest):
req = webob.Request.blank(url, req = webob.Request.blank(url,
environ=self.get_environ_header('GET'), environ=self.get_environ_header('GET'),
remote_addr='192.168.0.1') remote_addr='192.168.0.1')
req.context = {} req.environ['audit.context'] = {}
middleware = self.create_simple_middleware() middleware = self.create_simple_middleware()
middleware._process_request(req) middleware._process_request(req)
payload = req.environ['cadf_event'].as_dict() payload = req.environ['cadf_event'].as_dict()

View File

@ -84,7 +84,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
def test_process_request_fail(self): def test_process_request_fail(self):
req = webob.Request.blank('/foo/bar', req = webob.Request.blank('/foo/bar',
environ=self.get_environ_header('GET')) environ=self.get_environ_header('GET'))
req.context = {} req.environ['audit.context'] = {}
self.create_simple_middleware()._process_request(req) self.create_simple_middleware()._process_request(req)
self.assertTrue(self.notifier.notify.called) self.assertTrue(self.notifier.notify.called)
@ -92,7 +92,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
def test_process_response_fail(self): def test_process_response_fail(self):
req = webob.Request.blank('/foo/bar', req = webob.Request.blank('/foo/bar',
environ=self.get_environ_header('GET')) environ=self.get_environ_header('GET'))
req.context = {} req.environ['audit.context'] = {}
middleware = self.create_simple_middleware() middleware = self.create_simple_middleware()
middleware._process_response(req, webob.response.Response()) middleware._process_response(req, webob.response.Response())
@ -147,7 +147,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
req = webob.Request.blank('/foo/bar', req = webob.Request.blank('/foo/bar',
environ=self.get_environ_header('GET')) environ=self.get_environ_header('GET'))
req.context = {} req.environ['audit.context'] = {}
self.notifier.notify.side_effect = Exception('error') self.notifier.notify.side_effect = Exception('error')
middleware(req) middleware(req)
@ -155,7 +155,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
req2 = webob.Request.blank('/foo/bar', req2 = webob.Request.blank('/foo/bar',
environ=self.get_environ_header('GET')) environ=self.get_environ_header('GET'))
req2.context = {} req2.environ['audit.context'] = {}
self.notifier.reset_mock() self.notifier.reset_mock()
middleware._process_response(req2, webob.response.Response()) middleware._process_response(req2, webob.response.Response())
@ -179,7 +179,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
req = webob.Request.blank(url, req = webob.Request.blank(url,
environ=self.get_environ_header('GET'), environ=self.get_environ_header('GET'),
remote_addr='192.168.0.1') remote_addr='192.168.0.1')
req.context = {} req.environ['audit.context'] = {}
middleware._process_request(req) middleware._process_request(req)
payload = req.environ['cadf_event'].as_dict() payload = req.environ['cadf_event'].as_dict()
middleware._process_response(req, None) middleware._process_response(req, None)
@ -197,7 +197,7 @@ class AuditMiddlewareTest(base.BaseAuditMiddlewareTest):
req = webob.Request.blank('http://admin_host:8774/v2/' req = webob.Request.blank('http://admin_host:8774/v2/'
+ str(uuid.uuid4()) + '/servers', + str(uuid.uuid4()) + '/servers',
environ=self.get_environ_header('GET')) environ=self.get_environ_header('GET'))
req.context = {} req.environ['audit.context'] = {}
self.assertNotIn('cadf_event', req.environ) self.assertNotIn('cadf_event', req.environ)
self.create_simple_middleware()._process_response(req, self.create_simple_middleware()._process_response(req,

View File

@ -0,0 +1,7 @@
---
fixes:
- |
[`bug 1809101 <https://bugs.launchpad.net/keystonemiddleware/+bug/1809101>`_]
Fix req.context of Keystone audit middleware and Glance conflict with each
other issue. The audit middleware now stores the admin context to
req.environ['audit.context'].