Merge "Enable HTTPProxyToWSGI middleware to find actual client ips"

2021-11-29 21:54:55 +00:00 · 2021-11-29 21:54:55 +00:00 · 6e8c4cbffc
commit 6e8c4cbffc
parent 6d49b6df1d 2007f8fb45
4 changed files with 14 additions and 2 deletions
--- a/etc/placement/config-generator.conf
+++ b/etc/placement/config-generator.conf
@ -5,6 +5,7 @@ namespace = placement.conf
 namespace = keystonemiddleware.auth_token
 namespace = oslo.log
 namespace = oslo.middleware.cors
+namespace = oslo.middleware.http_proxy_to_wsgi
 namespace = oslo.policy
 namespace = osprofiler
 # FIXME(mriedem): There are likely other missing 3rd party oslo library
--- a/placement/conf/init.py
+++ b/placement/conf/init.py
@ -15,6 +15,7 @@

 from oslo_log import log as logging
 from oslo_middleware import cors
+from oslo_middleware import http_proxy_to_wsgi
 from oslo_policy import opts as policy_opts

 from placement.conf import api
@ -35,6 +36,7 @@ def register_opts(conf):
    placement.register_opts(conf)
    logging.register_options(conf)
    policy_opts.set_defaults(conf)
-    # The CORS middleware does not present a register_opts method, instead
+    # The oslo.middleware does not present a register_opts method, instead
    # it shares a list of available opts.
    conf.register_opts(cors.CORS_OPTS, 'cors')
+    conf.register_opts(http_proxy_to_wsgi.OPTS, 'oslo_middleware')
--- a/placement/deploy.py
+++ b/placement/deploy.py
@ -65,6 +65,7 @@ def deploy(conf):
    microversion_middleware = mp_middleware.MicroversionMiddleware
    fault_middleware = fault_wrap.FaultWrapper
    request_log = requestlog.RequestLog
+    http_proxy_to_wsgi = oslo_middleware.HTTPProxyToWSGI

    if os_profiler_web and 'profiler' in conf and conf.profiler.enabled:
        osprofiler_middleware = os_profiler_web.WsgiMiddleware.factory(
@ -86,7 +87,8 @@ def deploy(conf):
        json_error_formatter=util.json_error_formatter)

    # NOTE(cdent): The ordering here is important. The list is ordered from the
-    # inside out. For a single request, request_log is called first (to extract
+    # inside out. For a single request, http_proxy_to_wsgi is called first to
+    # identify the source address and then request_log is called (to extract
    # request context information and log the start of the request). If
    # osprofiler_middleware is present (see above), it is first.
    # fault_middleware is last in the stack described below, to wrap unexpected
@ -108,6 +110,7 @@ def deploy(conf):
                       auth_middleware,
                       cors_middleware,
                       request_log,
+                       http_proxy_to_wsgi,
                       osprofiler_middleware,
                       ):
        if middleware:
--- a/releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml
+++ b/releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    The ``HTTPProxyToWSGI`` middleware is now enabled in api pipeline. With
+    this middleware enabled, actual client addresses are recorded in request
+    logs in stead addresses of intermediate load balancers.