diff --git a/ansible/roles/barbican/tasks/config.yml b/ansible/roles/barbican/tasks/config.yml index 6385634730..38383d5448 100644 --- a/ansible/roles/barbican/tasks/config.yml +++ b/ansible/roles/barbican/tasks/config.yml @@ -26,6 +26,14 @@ - "{{ node_custom_config }}/barbican-api/{{ inventory_hostname }}/barbican-api.ini" dest: "{{ node_config_directory }}/barbican-api/vassals/barbican-api.ini" +- name: Copying over barbican-api-paste.ini + merge_configs: + sources: + - "{{ role_path }}/templates/barbican-api-paste.ini.j2" + - "{{ node_custom_config }}/barbican-api/barbican-api-paste.ini" + - "{{ node_custom_config }}/barbican-api/{{ inventory_hostname }}/barbican-api-paste.ini" + dest: "{{ node_config_directory }}/barbican-api/barbican-api-paste.ini" + - name: Copying over barbican.conf merge_configs: vars: diff --git a/ansible/roles/barbican/templates/barbican-api-paste.ini.j2 b/ansible/roles/barbican/templates/barbican-api-paste.ini.j2 new file mode 100644 index 0000000000..a1030a9f65 --- /dev/null +++ b/ansible/roles/barbican/templates/barbican-api-paste.ini.j2 @@ -0,0 +1,60 @@ +[composite:main] +use = egg:Paste#urlmap +/: barbican_version +/v1: barbican-api-keystone + +# Use this pipeline for Barbican API - versions no authentication +[pipeline:barbican_version] +pipeline = cors versionapp + +# Use this pipeline for Barbican API - DEFAULT no authentication +[pipeline:barbican_api] +pipeline = cors unauthenticated-context apiapp + +#Use this pipeline to activate a repoze.profile middleware and HTTP port, +# to provide profiling information for the REST API processing. +[pipeline:barbican-profile] +pipeline = cors unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp + +#Use this pipeline for keystone auth +[pipeline:barbican-api-keystone] +pipeline = cors authtoken context apiapp + +#Use this pipeline for keystone auth with audit feature +[pipeline:barbican-api-keystone-audit] +pipeline = authtoken context audit apiapp + +[app:apiapp] +paste.app_factory = barbican.api.app:create_main_app + +[app:versionapp] +paste.app_factory = barbican.api.app:create_version_app + +[filter:simple] +paste.filter_factory = barbican.api.middleware.simple:SimpleFilter.factory + +[filter:unauthenticated-context] +paste.filter_factory = barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:context] +paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory + +[filter:audit] +paste.filter_factory = keystonemiddleware.audit:filter_factory +audit_map_file = /etc/barbican/api_audit_map.conf + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:profile] +use = egg:repoze.profile +log_filename = myapp.profile +cachegrind_filename = cachegrind.out.myapp +discard_first_request = true +path = /__profile__ +flush_at_shutdown = true +unwind = false + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = barbican diff --git a/ansible/roles/barbican/templates/barbican-api.json.j2 b/ansible/roles/barbican/templates/barbican-api.json.j2 index 843f46e65f..fe8ba1b30e 100644 --- a/ansible/roles/barbican/templates/barbican-api.json.j2 +++ b/ansible/roles/barbican/templates/barbican-api.json.j2 @@ -12,6 +12,12 @@ "dest": "/etc/barbican/vassals/barbican-api.ini", "owner": "barbican", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/barbican-api-paste.ini", + "dest": "/etc/barbican/barbican-api-paste.ini", + "owner": "barbican", + "perm": "0600" } ] }