e744501c47
Currently application that doesn't use the global configuration object have to rely on hack to setup the global oslo config object for each middleware it want to use. For example, gnocchi have its own middleware loader and add crap to load keystonemiddleware: https://github.com/openstack/gnocchi/blob/master/gnocchi/rest/app.py#L140 And it can't use oslo.middleware that relies on the global conf object. Also aodh (use 'paste' for middleware) have to hack the global configuration object for each middlewares it want to use by code... https://review.openstack.org/#/c/208632/1/aodh/service.py But middleware are optional deployer stuffs, we should not write any code for them... This change allows application to use paste-deploy (or any middleware loader) without enforcing the application to use the global oslo.config object. If the middleware want to use oslo.config it should load the configuration file himself (and fallback to the global one if any) The proposed paste configuration to allow this is: [filter:cors] paste.filter_factory = oslo.middleware:cors oslo_config_project = aodh So the cors middleware can find and load the aodh config and what is it interested in. Also, some of them use oslo.config local, some other the global object. Some can be loaded by an middleware loader like paste, some other not. This change make consistent the way we bootstrap all middlewares. Closes-bug: #1482086 Change-Id: Iad197d1f3a386683d818b59718df34e14e15ca5c
44 lines
1.6 KiB
Python
44 lines
1.6 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied. See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from oslo_config import cfg
|
|
from oslo_middleware import base
|
|
|
|
|
|
OPTS = [
|
|
cfg.StrOpt('secure_proxy_ssl_header',
|
|
default='X-Forwarded-Proto',
|
|
help="The HTTP Header that will be used to determine what "
|
|
"the original request protocol scheme was, even if it was "
|
|
"hidden by an SSL termination proxy.")
|
|
]
|
|
|
|
|
|
class SSLMiddleware(base.Middleware):
|
|
"""SSL termination proxies middleware.
|
|
|
|
This middleware overloads wsgi.url_scheme with the one provided in
|
|
secure_proxy_ssl_header header. This is useful when behind a SSL
|
|
termination proxy.
|
|
"""
|
|
|
|
def __init__(self, application, conf=None):
|
|
super(SSLMiddleware, self).__init__(application, conf)
|
|
self.oslo_conf.register_opts(OPTS, group='oslo_middleware')
|
|
|
|
def process_request(self, req):
|
|
self.header_name = 'HTTP_{0}'.format(
|
|
self.oslo_conf.oslo_middleware.secure_proxy_ssl_header.upper()
|
|
.replace('-', '_'))
|
|
req.environ['wsgi.url_scheme'] = req.environ.get(
|
|
self.header_name, req.environ['wsgi.url_scheme'])
|