# Use this pipeline for no auth - DEFAULT
[pipeline:glance-registry]
#pipeline = osprofiler unauthenticated-context registryapp
pipeline = authtoke context registryapp

# Use this pipeline for keystone auth
[pipeline:glance-registry-keystone]
pipeline = osprofiler authtoken context registryapp

# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user.
[pipeline:glance-registry-trusted-auth]
pipeline = osprofiler context registryapp

[app:registryapp]
paste.app_factory = glance.registry.api:API.factory

[filter:context]
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory

[filter:unauthenticated-context]
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
admin_user = {{ keystone_admin_user }}
admin_tenant_name = {{ keystone_admin_tenant }}
admin_password = {{ keystone_admin_password }}

[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes