From 2efded7f2867fc5f4ee412d5ea404c94db42e06e Mon Sep 17 00:00:00 2001 From: Zane Bitter Date: Mon, 20 Nov 2017 11:59:41 -0500 Subject: [PATCH] Move context middleware earlier in pipeline Until the context middleware has been processed, logs from any other middleware will be logged with the request ID of the *previous* request. Currently this is most logs in the API log files, which makes the request ID worse than useless for determining what is going on. To ensure all logs get the correct request ID, move the context middleware close to the front of the pipeline, right after the request_id middleware that generates the request ID and the auth middleware (the data from which is needed to populate the context). Also, explicitly include the request_id middleware in the cfn-compatibility APIs' pipelines. Unfortunately, any failures in the auth middleware will still be logged with the wrong request ID. This appears to be unavoidable, since we can't create the context until after we have authenticated the request. Change-Id: I097bf70431a999a0f6aa56079ffb5743b50d4d7f --- etc/heat/api-paste.ini | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/etc/heat/api-paste.ini b/etc/heat/api-paste.ini index ad5b3112a0..3a2324f6e4 100644 --- a/etc/heat/api-paste.ini +++ b/etc/heat/api-paste.ini @@ -1,7 +1,7 @@ # heat-api pipeline [pipeline:heat-api] -pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app +pipeline = cors request_id faultwrap authurl authtoken context http_proxy_to_wsgi versionnegotiation osprofiler apiv1app # heat-api pipeline for standalone heat # ie. uses alternative auth backend that authenticates users against keystone @@ -12,7 +12,7 @@ pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation ospro # flavor = standalone # [pipeline:heat-api-standalone] -pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app +pipeline = cors request_id faultwrap authurl authpassword context http_proxy_to_wsgi versionnegotiation apiv1app # heat-api pipeline for custom cloud backends # i.e. in heat.conf: @@ -20,23 +20,23 @@ pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authu # flavor = custombackend # [pipeline:heat-api-custombackend] -pipeline = cors request_id faultwrap versionnegotiation context custombackendauth apiv1app +pipeline = cors request_id context faultwrap versionnegotiation custombackendauth apiv1app # To enable, in heat.conf: # [paste_deploy] # flavor = noauth # [pipeline:heat-api-noauth] -pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation noauth context apiv1app +pipeline = cors request_id faultwrap noauth context http_proxy_to_wsgi versionnegotiation apiv1app # heat-api-cfn pipeline [pipeline:heat-api-cfn] -pipeline = cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app +pipeline = cors request_id ec2authtoken authtoken context http_proxy_to_wsgi cfnversionnegotiation osprofiler apicfnv1app # heat-api-cfn pipeline for standalone heat # relies exclusively on authenticating with ec2 signed requests [pipeline:heat-api-cfn-standalone] -pipeline = cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app +pipeline = cors request_id ec2authtoken context http_proxy_to_wsgi cfnversionnegotiation apicfnv1app [app:apiv1app] paste.app_factory = heat.common.wsgi:app_factory