84aec48548
This commit adds Keystone audit middleware API logging to the Neutron-API charm in versions Yoga and newer to allow users to configure their environment for CADF compliance. This feature can be enabled/disabled and is set to 'disabled' by default to avoid bloat in log files. The logging output writes to /var/log/neutron/neutron-server.log. This commit builds on previous discussions: https://github.com/juju/charm-helpers/pull/808. Closes-Bug: 1856555 Change-Id: I6d4f471607b11c2a0450d74c8fd68385486ec8d9
64 lines
2.1 KiB
INI
64 lines
2.1 KiB
INI
[composite:neutron]
|
|
use = egg:Paste#urlmap
|
|
/: neutronversions_composite
|
|
/healthcheck: healthcheck
|
|
/v2.0: neutronapi_v2_0
|
|
|
|
[composite:neutronapi_v2_0]
|
|
use = call:neutron.auth:pipeline_factory
|
|
noauth = cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
|
|
{% if audit_middleware and service_name -%}
|
|
keystone = {% for m in extra_middleware %}{{ m.name }} {% endfor %}cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext audit extensions neutronapiapp_v2_0
|
|
{% else -%}
|
|
keystone = {% for m in extra_middleware %}{{ m.name }} {% endfor %}cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0
|
|
{% endif %}
|
|
|
|
{% for m in extra_middleware -%}
|
|
[{{ m.type }}:{{ m.name }}]
|
|
{% for k, v in m.config.items() -%}
|
|
{{ k }} = {{ v }}
|
|
{% endfor %}
|
|
{% endfor -%}
|
|
|
|
[composite:neutronversions_composite]
|
|
use = call:neutron.auth:pipeline_factory
|
|
noauth = cors http_proxy_to_wsgi neutronversions
|
|
keystone = cors http_proxy_to_wsgi neutronversions
|
|
|
|
[filter:request_id]
|
|
paste.filter_factory = oslo_middleware:RequestId.factory
|
|
|
|
[filter:catch_errors]
|
|
paste.filter_factory = oslo_middleware:CatchErrors.factory
|
|
|
|
[filter:cors]
|
|
paste.filter_factory = oslo_middleware.cors:filter_factory
|
|
oslo_config_project = neutron
|
|
|
|
[filter:http_proxy_to_wsgi]
|
|
paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
|
|
|
|
[filter:keystonecontext]
|
|
paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
|
|
|
|
[filter:authtoken]
|
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
|
|
[filter:extensions]
|
|
paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory
|
|
|
|
[app:neutronversions]
|
|
paste.app_factory = neutron.pecan_wsgi.app:versions_factory
|
|
|
|
[app:neutronapiapp_v2_0]
|
|
paste.app_factory = neutron.api.v2.router:APIRouter.factory
|
|
|
|
[filter:osprofiler]
|
|
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
|
|
|
[app:healthcheck]
|
|
paste.app_factory = oslo_middleware:Healthcheck.app_factory
|
|
backends = disable_by_file
|
|
disable_by_file_path = /var/lib/neutron/healthcheck_disable
|
|
|
|
{% include "section-filter-audit" %} |