# heat-api pipeline [pipeline:heat-api] pipeline = faultwrap ssl xforwardedfor versionnegotiation authurl authtoken context apiv1app # heat-api pipeline for standalone heat # ie. uses alternative auth backend that authenticates users against keystone # using username and password instead of validating token (which requires # an admin/service token). # To enable, in heat.conf: # [paste_deploy] # flavor = standalone # [pipeline:heat-api-standalone] pipeline = faultwrap ssl xforwardedfor versionnegotiation authurl authpassword context apiv1app # heat-api pipeline for custom cloud backends # i.e. in heat.conf: # [paste_deploy] # flavor = custombackend # [pipeline:heat-api-custombackend] pipeline = faultwrap xforwardedfor versionnegotiation context custombackendauth apiv1app # heat-api-cfn pipeline [pipeline:heat-api-cfn] pipeline = cfnversionnegotiation ec2authtoken authtoken context apicfnv1app # heat-api-cfn pipeline for standalone heat # relies exclusively on authenticating with ec2 signed requests [pipeline:heat-api-cfn-standalone] pipeline = cfnversionnegotiation ec2authtoken context apicfnv1app # heat-api-cloudwatch pipeline [pipeline:heat-api-cloudwatch] pipeline = xforwardedfor versionnegotiation ec2authtoken authtoken context apicwapp # heat-api-cloudwatch pipeline for standalone heat # relies exclusively on authenticating with ec2 signed requests [pipeline:heat-api-cloudwatch-standalone] pipeline = xforwardedfor versionnegotiation ec2authtoken context apicwapp [app:apiv1app] paste.app_factory = heat.common.wsgi:app_factory heat.app_factory = heat.api.openstack.v1:API [app:apicfnv1app] paste.app_factory = heat.common.wsgi:app_factory heat.app_factory = heat.api.cfn.v1:API [app:apicwapp] paste.app_factory = heat.common.wsgi:app_factory heat.app_factory = heat.api.cloudwatch:API [filter:xforwardedfor] paste.filter_factory = heat.common.wsgi:filter_factory heat.filter_factory = heat.api.openstack:x_forwarded_for_middleware_filter [filter:versionnegotiation] paste.filter_factory = heat.common.wsgi:filter_factory heat.filter_factory = heat.api.openstack:version_negotiation_filter [filter:faultwrap] paste.filter_factory = heat.common.wsgi:filter_factory heat.filter_factory = heat.api.openstack:faultwrap_filter [filter:cfnversionnegotiation] paste.filter_factory = heat.common.wsgi:filter_factory heat.filter_factory = heat.api.cfn:version_negotiation_filter [filter:cwversionnegotiation] paste.filter_factory = heat.common.wsgi:filter_factory heat.filter_factory = heat.api.cloudwatch:version_negotiation_filter [filter:context] paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory [filter:ec2authtoken] paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory [filter:ssl] paste.filter_factory = heat.common.wsgi:filter_factory heat.filter_factory = heat.api.openstack:sslmiddleware_filter # Middleware to set auth_url header appropriately [filter:authurl] paste.filter_factory = heat.common.auth_url:filter_factory # Auth middleware that validates token against keystone [filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory # Auth middleware that validates username/password against keystone [filter:authpassword] paste.filter_factory = heat.common.auth_password:filter_factory # Auth middleware that validates against custom backend [filter:custombackendauth] paste.filter_factory = heat.common.custom_backend_auth:filter_factory