Keystone doesn't use http_proxy_to_wsgi middleware
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
Keystone since migration to flask doesn't import nor use http_proxy_to_wsgi middleware.
How to reproduce:
1. Start Keystone with uwsgi as http application
2. Set [oslo_middleware] option enable_
3. Setup SSL terminating reverse proxy, add headers X-Forwarded-Proto https
4. curl Keystone API version endpoint:
curl https:/
What is expected:
{
"versions": {
"values": [
{
"id": "v3.13",
"status": "stable",
"updated": "2019-07-
"links": [
{
"rel": "self",
"href": "https:/
}
],
{
"base": "application/json",
"type": "application/
}
]
}
]
}
}
What is an actual result:
{
"versions": {
"values": [
{
"id": "v3.13",
"status": "stable",
"updated": "2019-07-
"links": [
{
"rel": "self",
"href": "http://
}
],
{
"base": "application/json",
"type": "application/
}
]
}
]
}
}
If we look at the code, Keystone flask application doesn't use oslo_middleware and application_url from the request, it only gets PATH_INFO from the environment, which can't be set in the reverse proxy:
https:/