Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / cinder / 9b80ba08ffdb494bb8fdcda678924607fe894aea^! / .
commit9b80ba08ffdb494bb8fdcda678924607fe894aea[log] [tgz]
authorAlexey V. Abashkin <aabashkin@mirantis.com>Thu Sep 27 18:47:19 2018 +0300
committerAlexey V. Abashkin <aabashkin@mirantis.com>Thu Sep 27 18:48:14 2018 +0300
treed61945053124c13ff4fe1736cfc91bbe86c2d69c
parent4e237a10eb2ca68d63fbd40e6411ec4261047b74 [diff]
Prod-Related: PROD-23518

Enable audit middleware for APIv3 and rest of v2

Change-Id: I3988147ccc9f8f675dcfe6a3b3c54f14e58785e6

diff --git a/cinder/files/ocata/api-paste.ini.controller.Debian b/cinder/files/ocata/api-paste.ini.controller.Debian
index aada960..2d1929d 100644
--- a/cinder/files/ocata/api-paste.ini.controller.Debian
+++ b/cinder/files/ocata/api-paste.ini.controller.Debian

@@ -25,8 +25,8 @@
 [composite:openstack_volume_api_v3]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv3
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv3
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware.request_id:RequestId.factory

diff --git a/cinder/files/ocata/api-paste.ini.volume.Debian b/cinder/files/ocata/api-paste.ini.volume.Debian
index e4944ec..3cd054b 100644
--- a/cinder/files/ocata/api-paste.ini.volume.Debian
+++ b/cinder/files/ocata/api-paste.ini.volume.Debian

@@ -19,14 +19,14 @@
 [composite:openstack_volume_api_v2]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv2
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv2
 
 [composite:openstack_volume_api_v3]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv3
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv3
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware.request_id:RequestId.factory

diff --git a/cinder/files/pike/api-paste.ini.controller.Debian b/cinder/files/pike/api-paste.ini.controller.Debian
index aada960..2d1929d 100644
--- a/cinder/files/pike/api-paste.ini.controller.Debian
+++ b/cinder/files/pike/api-paste.ini.controller.Debian

@@ -25,8 +25,8 @@
 [composite:openstack_volume_api_v3]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv3
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv3
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware.request_id:RequestId.factory

diff --git a/cinder/files/pike/api-paste.ini.volume.Debian b/cinder/files/pike/api-paste.ini.volume.Debian
index e4944ec..3cd054b 100644
--- a/cinder/files/pike/api-paste.ini.volume.Debian
+++ b/cinder/files/pike/api-paste.ini.volume.Debian

@@ -19,14 +19,14 @@
 [composite:openstack_volume_api_v2]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv2
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv2
 
 [composite:openstack_volume_api_v3]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv3
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv3
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware.request_id:RequestId.factory

diff --git a/cinder/files/queens/api-paste.ini.controller.Debian b/cinder/files/queens/api-paste.ini.controller.Debian
index e2644af..3997d0d 100644
--- a/cinder/files/queens/api-paste.ini.controller.Debian
+++ b/cinder/files/queens/api-paste.ini.controller.Debian

@@ -12,14 +12,14 @@
 [composite:openstack_volume_api_v2]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv2
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv2
 
 [composite:openstack_volume_api_v3]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv3
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv3
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware.request_id:RequestId.factory

diff --git a/cinder/files/queens/api-paste.ini.volume.Debian b/cinder/files/queens/api-paste.ini.volume.Debian
index 65fb431..7a10fce 100644
--- a/cinder/files/queens/api-paste.ini.volume.Debian
+++ b/cinder/files/queens/api-paste.ini.volume.Debian

@@ -12,14 +12,14 @@
 [composite:openstack_volume_api_v2]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv2
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv2
 
 [composite:openstack_volume_api_v3]
 use = call:cinder.api.middleware.auth:pipeline_factory
 noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv3
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv3
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware.request_id:RequestId.factory