From d8c406e4054dfdfb0fc1e08dc7b7be5f7c1712d9 Mon Sep 17 00:00:00 2001
From: Chris MacNaughton <chris.macnaughton@canonical.com>
Date: Fri, 8 Mar 2019 11:05:17 +0100
Subject: [PATCH] Ensure Keystone sets check-max-request-body-size

Change-Id: I580669d82c3f37adceb75d5d6f368b09ea41b9da
Closes-Bug: #1819134
Func-Test-PR: https://github.com/openstack-charmers/zaza/pull/198
---
 actions/security_checklist.py  | 3 ++-
 templates/kilo/keystone.conf   | 4 ++++
 templates/mitaka/keystone.conf | 3 +++
 templates/ocata/keystone.conf  | 3 +++
 templates/rocky/keystone.conf  | 3 +++
 5 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/actions/security_checklist.py b/actions/security_checklist.py
index f36496e6..ada74670 100755
--- a/actions/security_checklist.py
+++ b/actions/security_checklist.py
@@ -42,7 +42,8 @@ def uses_sha256_for_hashing_tokens(audit_options):
             algorithm)
 
 
-@audits.audit(audits.is_audit_type(audits.AuditType.OpenStackSecurityGuide),)
+@audits.audit(audits.is_audit_type(audits.AuditType.OpenStackSecurityGuide),
+              audits.since_openstack_release('keystone', 'juno'))
 def check_max_request_body_size(audit_options):
     """Validate that a sane max_request_body_size is set.
 
diff --git a/templates/kilo/keystone.conf b/templates/kilo/keystone.conf
index 0fe38cd7..fec774b8 100644
--- a/templates/kilo/keystone.conf
+++ b/templates/kilo/keystone.conf
@@ -115,3 +115,7 @@ group_allow_update = False
 group_allow_delete = False
 {% endif -%}
 {% endif -%}
+
+[oslo_middleware]
+# Bug #1819134
+max_request_body_size = 114688
\ No newline at end of file
diff --git a/templates/mitaka/keystone.conf b/templates/mitaka/keystone.conf
index 9ebd8692..131a845e 100644
--- a/templates/mitaka/keystone.conf
+++ b/templates/mitaka/keystone.conf
@@ -111,3 +111,6 @@ admin_project_name = admin
 {% endif -%}
 
 {% include "section-oslo-middleware" %}
+# This goes in the section above, selectively
+# Bug #1819134
+max_request_body_size = 114688
\ No newline at end of file
diff --git a/templates/ocata/keystone.conf b/templates/ocata/keystone.conf
index aede63fe..327b9f4d 100644
--- a/templates/ocata/keystone.conf
+++ b/templates/ocata/keystone.conf
@@ -126,3 +126,6 @@ admin_project_name = admin
 {% include "parts/section-federation" %}
 
 {% include "section-oslo-middleware" %}
+# This goes in the section above, selectively
+# Bug #1819134
+max_request_body_size = 114688
\ No newline at end of file
diff --git a/templates/rocky/keystone.conf b/templates/rocky/keystone.conf
index 8b202df1..4abcb2b6 100644
--- a/templates/rocky/keystone.conf
+++ b/templates/rocky/keystone.conf
@@ -107,3 +107,6 @@ admin_project_name = admin
 {% include "parts/section-federation" %}
 
 {% include "section-oslo-middleware" %}
+# This goes in the section above, selectively
+# Bug #1819134
+max_request_body_size = 114688
\ No newline at end of file