Comment 1 for bug 1856555

keystonemiddleware is automatically already installed and what the customer wants is the auditing side of what keystonemiddleware has. Primarily [1] describes what is required for the autid middleware to be configured. It could be as part of the code python-keystonemiddleware or python3-keystonemiddleware would need to be packaged up

In the attempt to get this started, and doing stuff on this, I can point to 2 repos that I worked on [2] is the charm, and [3] is the charmhelpers update. This is my rough idea on how we can go about it.

The key things coming out this piece of work is that we need 3 files changing or adding in each of the major project charms

1. /etc/<project>/<project>.conf
2. /etc/<project>/api-paste.ini
3. /etc/<project>/api_audit_map.conf

The sense of these updates can be seen in both [2] and [3]

The api_audit_map.conf file can be taken from the repo in [4], I have not checked to see if they are identical for each of the projects, but this afaik is required for the audit middleware to work

The initial PR created for the charmhelpers also suggested that maybe the audit_middleware context may not be ideal in the IdentityServiceContext, and maybe a new AuditMiddlewareContext may be required

There may be other variables that the doc [1] specifies that may be required in api-paste.ini, that may be required for extra functionality

[1] https://docs.openstack.org/keystonemiddleware/latest/audit.html
[2] https://github.com/arif-ali/charm-nova-cloud-controller/commit/3743f00384de56efe8b0a4ee2ab2e40de68b5e7f#diff-bceb54a0fa3aac4f53f131205411c18f
[3] https://github.com/arif-ali/charm-helpers/commit/258cf87c83cca2faf601dd99285cd226e2e67b48
[4] https://github.com/openstack/pycadf/tree/master/etc/pycadf