From 352850ca08a21560865ab6c07483d5a8e6911deb Mon Sep 17 00:00:00 2001 From: Christian Schwede Date: Fri, 30 Aug 2019 12:24:25 +0200 Subject: [PATCH] Add audit middleware to Swift proxy pipeline Depends-On: Ifa4e2ed894844ab1c7501f8edc18e55a9dea7e61 Change-Id: I11e53615b90e052ebc39f70a7699414a8b82cc28 (cherry picked from commit a4803b26a0b3b992823ebbc31c0693051dcae1cb) --- manifests/profile/base/swift/proxy.pp | 8 ++++++++ ...swift-proxy-add-audit-middleware-290db6db952d690f.yaml | 5 +++++ 2 files changed, 13 insertions(+) create mode 100644 releasenotes/notes/swift-proxy-add-audit-middleware-290db6db952d690f.yaml diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index ebc7db57e..ebecc23a0 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -99,6 +99,10 @@ # enable_internal_tls is set. # defaults to 8080 # +# [*audit_enabled*] +# Whether the pycadf audit middleware is is enabled. +# Defaults to false +# class tripleo::profile::base::swift::proxy ( $bootstrap_node = hiera('swift_proxy_short_bootstrap_node_name', undef), $ceilometer_enabled = true, @@ -117,6 +121,7 @@ class tripleo::profile::base::swift::proxy ( $tls_proxy_bind_ip = undef, $tls_proxy_fqdn = undef, $tls_proxy_port = 8080, + $audit_enabled = false, ) { if $bootstrap_node and $::hostname == downcase($bootstrap_node) { $is_bootstrap = true @@ -187,5 +192,8 @@ class tripleo::profile::base::swift::proxy ( include swift::proxy::kms_keymaster include swift::proxy::encryption include swift::keymaster + if $audit_enabled { + include swift::audit + } } } diff --git a/releasenotes/notes/swift-proxy-add-audit-middleware-290db6db952d690f.yaml b/releasenotes/notes/swift-proxy-add-audit-middleware-290db6db952d690f.yaml new file mode 100644 index 000000000..2922f9207 --- /dev/null +++ b/releasenotes/notes/swift-proxy-add-audit-middleware-290db6db952d690f.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Adds a new option "audit_enabled" to add the pycadf audit middleware to + the Swift proxy server pipeline.