openstack
/
heat
Code Issues Proposed changes

Move context middleware earlier in pipeline 

Until the context middleware has been processed, logs from any other
middleware will be logged with the request ID of the *previous* request.
Currently this is most logs in the API log files, which makes the request
ID worse than useless for determining what is going on.

To ensure all logs get the correct request ID, move the context middleware
close to the front of the pipeline, right after the request_id middleware
that generates the request ID and the auth middleware (the data from which
is needed to populate the context). Also, explicitly include the request_id
middleware in the cfn-compatibility APIs' pipelines.

Unfortunately, any failures in the auth middleware will still be logged
with the wrong request ID. This appears to be unavoidable, since we can't
create the context until after we have authenticated the request.

Change-Id: I097bf70431a999a0f6aa56079ffb5743b50d4d7f
This commit is contained in:
Zane Bitter 2017-11-20 11:59:41 -05:00
parent fb79011451
commit 2efded7f28
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
etc/heat/api-paste.ini
View File

@ -1,7 +1,7 @@
# heat-api pipeline
[pipeline:heat-api]
pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app
pipeline = cors request_id faultwrap authurl authtoken context http_proxy_to_wsgi versionnegotiation osprofiler apiv1app
# heat-api pipeline for standalone heat
# ie. uses alternative auth backend that authenticates users against keystone
@ -12,7 +12,7 @@ pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation ospro
# flavor = standalone
#
[pipeline:heat-api-standalone]
pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
pipeline = cors request_id faultwrap authurl authpassword context http_proxy_to_wsgi versionnegotiation apiv1app
# heat-api pipeline for custom cloud backends
# i.e. in heat.conf:
@ -20,23 +20,23 @@ pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authu
# flavor = custombackend
#
[pipeline:heat-api-custombackend]
pipeline = cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
pipeline = cors request_id context faultwrap versionnegotiation custombackendauth apiv1app
# To enable, in heat.conf:
# [paste_deploy]
# flavor = noauth
#
[pipeline:heat-api-noauth]
pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation noauth context apiv1app
pipeline = cors request_id faultwrap noauth context http_proxy_to_wsgi versionnegotiation apiv1app
# heat-api-cfn pipeline
[pipeline:heat-api-cfn]
pipeline = cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
pipeline = cors request_id ec2authtoken authtoken context http_proxy_to_wsgi cfnversionnegotiation osprofiler apicfnv1app
# heat-api-cfn pipeline for standalone heat
# relies exclusively on authenticating with ec2 signed requests
[pipeline:heat-api-cfn-standalone]
pipeline = cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
pipeline = cors request_id ec2authtoken context http_proxy_to_wsgi cfnversionnegotiation apicfnv1app
[app:apiv1app]
paste.app_factory = heat.common.wsgi:app_factory