openstack
/
heat
Code Issues Proposed changes

Restore auth-less version negotiation 

change Change-Id: I097bf70431a999a0f6aa56079ffb5743b50d4d7f
inadvertently started to require (keystone) authentication
when accessing API root to get the API version document.

This breaks standard version negotiation (that usually does not require
auth) and also some monitoring / loadbalancing that used to check
returns on GET to API root.

Change-Id: If8f13def196442e6f28616e88972f28f8ec23d0d
Story: 2002531
Task: 22072
This commit is contained in:
Pavlo Shchelokovskyy 2018-06-12 08:52:29 +00:00
parent 970bc3bdf4
commit 63cf3761be
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/heat/api-paste.ini
View File

@ -1,7 +1,7 @@
# heat-api pipeline # heat-api pipeline
[pipeline:heat-api] [pipeline:heat-api]
pipeline = cors request_id faultwrap authurl authtoken context http_proxy_to_wsgi versionnegotiation osprofiler apiv1app pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authtoken context osprofiler apiv1app
# heat-api pipeline for standalone heat # heat-api pipeline for standalone heat
# ie. uses alternative auth backend that authenticates users against keystone # ie. uses alternative auth backend that authenticates users against keystone
@ -12,7 +12,7 @@ pipeline = cors request_id faultwrap authurl authtoken context http_proxy_to_wsg
# flavor = standalone # flavor = standalone
# #
[pipeline:heat-api-standalone] [pipeline:heat-api-standalone]
pipeline = cors request_id faultwrap authurl authpassword context http_proxy_to_wsgi versionnegotiation apiv1app pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
# heat-api pipeline for custom cloud backends # heat-api pipeline for custom cloud backends
# i.e. in heat.conf: # i.e. in heat.conf:
@ -31,12 +31,12 @@ pipeline = cors request_id faultwrap noauth context http_proxy_to_wsgi versionne
# heat-api-cfn pipeline # heat-api-cfn pipeline
[pipeline:heat-api-cfn] [pipeline:heat-api-cfn]
pipeline = cors request_id ec2authtoken authtoken context http_proxy_to_wsgi cfnversionnegotiation osprofiler apicfnv1app pipeline = cors request_id http_proxy_to_wsgi cfnversionnegotiation ec2authtoken authtoken context osprofiler apicfnv1app
# heat-api-cfn pipeline for standalone heat # heat-api-cfn pipeline for standalone heat
# relies exclusively on authenticating with ec2 signed requests # relies exclusively on authenticating with ec2 signed requests
[pipeline:heat-api-cfn-standalone] [pipeline:heat-api-cfn-standalone]
pipeline = cors request_id ec2authtoken context http_proxy_to_wsgi cfnversionnegotiation apicfnv1app pipeline = cors request_id http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
[app:apiv1app] [app:apiv1app]
paste.app_factory = heat.common.wsgi:app_factory paste.app_factory = heat.common.wsgi:app_factory