This adds a middleware for noauth that would inject a fake
project_id for create requests. This would ensure that api
consumers don't have to provide a fake project_id in requests.
Closes-Bug: #1934039
Change-Id: I5e1de571034be41f1147c130fce66e6cf70b1369
When project_id/tenant_id is present in an API call, Neutron
checks first if this project exists. If not, a HTTPNotFound
will be thrown.
This patch is tested in neutron-tempest-plugin:
https://review.opendev.org/#/c/754390/
Closes-Bug: #1896588
Change-Id: I6276490d4df69ec0f2c9a1492b9b03d1130c7c05
The /healthcheck is helpful for operators to setup neutron-api
behind haproxy, or for doing monitoring.
Change-Id: I83b8c2afdd74b57184200daab54255e8cae9c27b
The versions endpoint is now handled by Pecan
and there is no way to reach this old endpoint
now that we have dropped the web_framework option.
Change-Id: I5d493623b107f125cb9426310f2e43612c94bb7f
This sets up the HTTPProxyToWSGI middleware in front of Neutron-API. The
purpose of this middleware is to set up the request URL correctly in
case there is a proxy (For instance, a loadbalancer such as HAProxy)
in front of Neutron.
So, for instance, when TLS connections are being terminated in the
proxy, and one tries to get the versions from the / resource of
Neutron, one will notice that the protocol is incorrect; It will show
'http' instead of 'https'. So this middleware handles such cases.
Thus helping Keystone discovery work correctly.
The HTTPProxyToWSGI is off by default and needs to be enabled via a
configuration value.
Change-Id: Ice9ee8f4e04050271d59858f92034c230325718b
Closes-Bug: #1590608
This patch exposes the root (version) resource to CORS-enabled
browser clients that wish to perform API version discovery. It
does this by creating a new composite pipeline for the neutronversions
app, adding the already-existing CORS middleware into the chain.
This feature is required for js-openstack-lib, and its devstack
tests. https://review.openstack.org/#/c/366905/
Change-Id: I6611839f38d553fc29c813a4b8d874fde77b8034
required-by: Ia2f59213eedf6d7acbb02789ee921c13ff391d09
* Add osprofiler wsgi middleware. This middleware is used for 2 things:
1) It checks that person who wants to trace is trusted and knows
secret HMAC key.
2) It starts tracing in case of proper trace headers
and adds first wsgi trace point, with info about HTTP request
* Add initialization of osprofiler at start of service
Currently that includes oslo.messaging notifer instance creation
to send Ceilometer backend notifications.
Neutron client change: Ic11796889075b2a0e589b70398fc4d4ed6f3ef7c
Co-authored-by: Ryan Moats <rmoats@us.ibm.com>
Depends-On: I5102eb46a7a377eca31375a0d64951ba1fdd035d
Closes-Bug: #1335640
DocImpact Add devref and operator documentation on how to use this
APIImpact
Change-Id: I7fa2ad57dc5763ce72cba6945ebcadef2188e8bd
The default values needed for neutron's implementation of cors
middleware have been moved from paste.ini into the configuration
hooks provided by oslo.config. Furthermore, these values have been
added to neutron's default configuration parsing. This ensures
that if a value remains unset in neutron.conf, it will be set to use
sane defaults, and that an operator modifying the configuration
file will be presented with a default set of necessary sane headers.
Change-Id: I327d1d7ce50dd4a20d781e6251a5af81c57e6ca1
Closes-Bug: 1551836
CORS middleware's latent configuration feature, new in 3.0.0,
allows adding headers that apply to all valid origins.
This patch adds headers commonly used in openstack to neutron's paste
pipeline, so that operators do not have to be aware of additional
configuration magic to ensure that browsers can talk to the API.
For more information:
http://docs.openstack.org/developer/oslo.middleware/cors.html#configuration-for-pastedeploy
Change-Id: Ic08fcb7833563bbeca3e0ba2d03438d4be594418
This adds the CORS support middleware to Neutron, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly.
For neutron, both the paste.ini and the direct-wrap method of
deploying the middleware were chosen, since neutron is in a state of
migration to pecan. Note that if someone deploys pecan-neutron behind
other middleware, any responses provided by that middleware will not
be CORS-enabled, as these responses would be returned before the
headers could be annotated. This results in a response not readable
by the user agent.
OpenStack CrossProject Spec:
http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html
DocImpact: Add link to CORS configuration in admin cloud guide.
Change-Id: I02acea6124d28370d92e7c94ca2d1d6c5c8937ac
The Oslo libraries have moved all of their code out of the 'oslo'
namespace package into per-library packages. The namespace package was
retained during kilo for backwards compatibility, but will be removed by
the liberty-2 milestone. This change removes the use of the namespace
package, replacing it with the new package names.
The patches in the libraries will be put on hold until application
patches have landed, or L2, whichever comes first. At that point, new
versions of the libraries without namespace packages will be released as
a major version update.
Please merge this patch, or an equivalent, before L2 to avoid problems
with those library releases.
Blueprint: remove-namespace-packages
https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages
Change-Id: If8a132de65ba1e57ea93f98daac66816a3cefaa8
Synced middleware module from incubator instead of removing it
completely. This is needed for grenade and to keep backwards
compatibility with existing installations with old api-paste.ini.
'log' module is updated as a dependency for middleware module.
'versionutils' are added as a new dependency for middleware module.
Closes-Bug: #1371701
Change-Id: Ib1c3161ccc98642091134f2285fed7c90244e600
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
auth_token middleware in python-keystoneclient is deprecated and has
been moved to the keystonemiddleware repo.
Closes-Bug: #1342274
Change-Id: I1aadbe24db63eb2507b088cd53886d7f2e192cab
Import RequestIdMiddleware from oslo which ensures to request-id
in API response. CatchErrorsMiddleware is also imported to ensure
all internal exceptions are caught outermost.
api-paste.ini is updated to use them.
KeystonAuthContext middleware is updated so that it uses
request-id generated by RequestIdMiddleware.
Add middleware to openstack.conf and import all modules
under middleware directory from oslo.
DocImpact UpgradeImpact
This patch adds new WSGI middlewares "request_id" and "catch_errors".
They needs to be added to api-paste.ini when upgrading.
Change-Id: Icf01b7de697ef50bef53212da2cf520d1ff78b88
Closes-Bug: #1239923
This change renames everything to Neutron while providing backwards
compatible adjustments for Grizzly configuration files.
implements blueprint: remove-use-of-quantum
Change-Id: Ie7d07ba7c89857e13d4ddc8f0e9b68de020a3d19
keystone auth_token middleware now allows quantum to have auth_token
configuration in quantum.conf. This commit moves the example of
auth_token configuration from api-paste.ini to quantum.conf.
This simplifies user configuations and users is no longer required
to edit api-paste.ini.
This change does not break backward compatibility. auth_token first
tries the configurations in /etc/quantum/api-paste.ini and then the
above configurations. Thus a user who already use api-paste.ini
does not need to change it.
DocImpact
Change-Id: I5a4c48b14428e29ea2a331880e1de0afd69c97b5
Moves the keystone_signing directory into a subdirectory
of /var/lib/quantum which is use for lots of other things
as well.
Change-Id: I451d2bca17dcdb5b7050bc412e709285f87cb788
The auth_token middleware moved into keystoneclient so a full
keystone install is not required to use the middleware.Also
add missing signing_dir to api-paste.ini.
Change-Id: If6c339045b70b3d4d70f0297ec32ed3cfdf431de
This change moves extensions.py out of the extensions module
and into the api module. This resolves an issue where the
following log WARNING message would occur each time the Quantum
API starts:
Did not find expected name "Extensions" in
/usr/lib/python2.7/site-packages/quantum/extensions/extensions.py
Fixes LP Bug #1074895.
Change-Id: Ia5ed206870551f9b33b74dcdc9d0503e447f298d
bp remove-v1-related-code
Removes API, DB, and test code that is used only for Quantum v1 API,
which is no longer supported.
Includes removal of v1 code for sample, ovs, linuxbridge and ryu plugin.
Nicira and Cisco plugins will be handled outside of this patchset.
Change-Id: Id34dc7229bb7b399b5cfd4602dbc8d5ee4e8de61
Fixes bug 1029313.
The current api-paste.ini does not provide a way to choose a pipeline:
there is no way to switching a pipeline between keystone-enabled and
noauth pipelines without modifying the pipeline directly.
This commit introduces 'auth_strategy' flag to quantum.conf and
a pipeline used is determined depending on the flag. Supported values for
this flag are 'keystone' (default) and 'noauth' at the moment.
Change-Id: Ieafaf31eaaec2b02727ed5d3bd36c907e50aee5b
blueprint use-common-cfg
In addition this ensures that the cisco extension units are working
with the common cfg code.
Change-Id: I8c1f81e295e7ed593f0b58885efeeb15339b7733