Merge "Documentation update, audit cadf support"

commit: e7e57ced1de133fe67f6480d276f7b3448bc7ecf [log] [tgz]
author: Jenkins <jenkins@review.openstack.org> Sun Dec 04 10:10:09 2016 +0000
committer: Gerrit Code Review <review@openstack.org> Sun Dec 04 10:10:09 2016 +0000
tree: 898e8edfe98a0c99ffe8d7488be1e450ab91e3c5
parent: 69574d053ea04a6f03c7a95457bef5185fafe376 [diff]
parent: e8f383379ded56015fa93c105d926d124333eca4 [diff]
diff --git a/nova/files/liberty/api-paste.ini.Debian b/nova/files/liberty/api-paste.ini.Debian
index cb5ea67..952b0ac 100644
--- a/nova/files/liberty/api-paste.ini.Debian
+++ b/nova/files/liberty/api-paste.ini.Debian

@@ -1,6 +1,8 @@
 ############
 # Metadata #
 ############
+{%- from "nova/map.jinja" import controller with context %}
+
 [composite:metadata]
 use = egg:Paste#urlmap
 /: meta
@@ -83,18 +85,18 @@
 [composite:openstack_compute_api_legacy_v2]
 use = call:nova.api.auth:pipeline_factory
 noauth2 = compute_req_id faultwrap sizelimit noauth2 legacy_ratelimit osapi_compute_app_legacy_v2
-keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_ratelimit osapi_compute_app_legacy_v2
-keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_legacy_v2
+keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_ratelimit {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_legacy_v2
+keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_legacy_v2
 
 [composite:openstack_compute_api_v21]
 use = call:nova.api.auth:pipeline_factory_v21
 noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
-keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
+keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_v21
 
 [composite:openstack_compute_api_v21_legacy_v2_compatible]
 use = call:nova.api.auth:pipeline_factory_v21
 noauth2 = compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21
-keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21
+keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_v21
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware:RequestId.factory
@@ -129,6 +131,13 @@
 [app:oscomputeversionapp]
 paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
 
+{%- if controller.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ controller.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory")   }}
+audit_map_file = {{ controller.get("audit", {}).get("map_file", "/etc/pycadf/nova_api_audit_map.conf")  }}
+{%- endif %}
+
+
 ##########
 # Shared #
 ##########

diff --git a/nova/files/mitaka/api-paste.ini.Debian b/nova/files/mitaka/api-paste.ini.Debian
index 951ae72..e6cacc2 100644
--- a/nova/files/mitaka/api-paste.ini.Debian
+++ b/nova/files/mitaka/api-paste.ini.Debian

@@ -1,6 +1,7 @@
 ############
 # Metadata #
 ############
+{%- from "nova/map.jinja" import controller with context %}
 [composite:metadata]
 use = egg:Paste#urlmap
 /: meta
@@ -39,18 +40,18 @@
 [composite:openstack_compute_api_legacy_v2]
 use = call:nova.api.auth:pipeline_factory
 noauth2 = cors compute_req_id faultwrap sizelimit noauth2 legacy_ratelimit osapi_compute_app_legacy_v2
-keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_ratelimit osapi_compute_app_legacy_v2
-keystone_nolimit = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_legacy_v2
+keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_ratelimit {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_legacy_v2
+keystone_nolimit = cors compute_req_id faultwrap sizelimit authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_legacy_v2
 
 [composite:openstack_compute_api_v21]
 use = call:nova.api.auth:pipeline_factory_v21
 noauth2 = cors compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
-keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
+keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_v21
 
 [composite:openstack_compute_api_v21_legacy_v2_compatible]
 use = call:nova.api.auth:pipeline_factory_v21
 noauth2 = cors compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21
-keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21
+keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible {% if controller.audit.enabled %}audit {% endif %}osapi_compute_app_v21
 
 [filter:request_id]
 paste.filter_factory = oslo_middleware:RequestId.factory
@@ -85,6 +86,13 @@
 [app:oscomputeversionapp]
 paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
 
+{%- if controller.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ controller.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory")   }}
+audit_map_file = {{ controller.get("audit", {}).get("map_file", "/etc/pycadf/nova_api_audit_map.conf")  }}
+{%- endif %}
+
+
 ##########
 # Shared #
 ##########

diff --git a/nova/map.jinja b/nova/map.jinja
index c7956f7..68b82ea 100644
--- a/nova/map.jinja
+++ b/nova/map.jinja

@@ -7,14 +7,20 @@
 
 {% set controller = salt['grains.filter_by']({
     'Debian': {
-        'pkgs': ['nova-consoleproxy', 'novnc', 'nova-api', 'nova-cert', 'nova-conductor', 'nova-consoleauth', 'nova-doc', 'nova-scheduler', 'python-novaclient', 'python-memcache', 'gettext-base'],
+        'pkgs': ['nova-consoleproxy', 'novnc', 'nova-api', 'nova-cert', 'nova-conductor', 'nova-consoleauth', 'nova-doc', 'nova-scheduler', 'python-novaclient', 'python-memcache', 'gettext-base', 'python-pycadf'],
         'services': ['nova-api', 'nova-cert', 'nova-consoleauth', 'nova-scheduler', 'nova-conductor', 'nova-novncproxy'],
         'debug': false,
+        'audit': {
+          'enabled': false
+        },
     },
     'RedHat': {
-        'pkgs': ['openstack-nova-novncproxy', 'python-nova', 'openstack-nova-api', 'openstack-nova-console', 'openstack-nova-scheduler', 'python-novaclient', 'openstack-nova-common', 'openstack-nova-conductor', 'openstack-nova-cert'],
+        'pkgs': ['openstack-nova-novncproxy', 'python-nova', 'openstack-nova-api', 'openstack-nova-console', 'openstack-nova-scheduler', 'python-novaclient', 'openstack-nova-common', 'openstack-nova-conductor', 'openstack-nova-cert', 'python-pycadf'],
         'services': ['openstack-nova-api', 'openstack-nova-cert', 'openstack-nova-consoleauth', 'openstack-nova-scheduler', 'openstack-nova-conductor', 'openstack-nova-novncproxy'],
         'debug': false,
+        'audit': {
+          'enabled': false
+        },
     },
 }, merge=pillar.nova.get('controller', {})) %}
 
@@ -60,4 +66,4 @@
 {%- if salt['pillar.get']('linux:system:repo:mirantis_openstack', False) %}
 {%- do compute.update({'libvirt_bin': '/etc/default/libvirtd'}) %}
 {%- do compute.update({'libvirt_service': 'libvirtd'}) %}
-{%- endif %}
\ No newline at end of file
+{%- endif %}

diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index f680154..6e42906 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls

@@ -52,3 +52,7 @@
       mtu: 1500
     metadata:
       password: metadata
+    audit:
+      filter_factory: 'keystonemiddleware.audit:filter_factory'
+      map_file: '/etc/pycadf/nova_api_audit_map.conf'
+
commit	e7e57ced1de133fe67f6480d276f7b3448bc7ecf	[log] [tgz]
author	Jenkins <jenkins@review.openstack.org>	Sun Dec 04 10:10:09 2016 +0000
committer	Gerrit Code Review <review@openstack.org>	Sun Dec 04 10:10:09 2016 +0000
tree	898e8edfe98a0c99ffe8d7488be1e450ab91e3c5
parent	69574d053ea04a6f03c7a95457bef5185fafe376 [diff]
parent	e8f383379ded56015fa93c105d926d124333eca4 [diff]