[Feature request] enable support for keystone middleware plugin in charm

Bug #1856555 reported by Bogdan Kowalczyk on 2019-12-16
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Charm Helpers
Wishlist
Unassigned
Gnocchi Charm
Wishlist
Unassigned
OpenStack Trove Charm
Wishlist
Unassigned
OpenStack ceilometer charm
Wishlist
Unassigned
OpenStack cinder charm
Wishlist
Unassigned
OpenStack glance charm
Wishlist
Unassigned
OpenStack heat charm
Wishlist
Unassigned
OpenStack keystone charm
Wishlist
Unassigned
OpenStack neutron-api charm
Wishlist
Unassigned
OpenStack nova-cloud-controller charm
Wishlist
Unassigned
OpenStack panko charm
Wishlist
Unassigned
OpenStack swift-proxy charm
Wishlist
Unassigned

Bug Description

One of our clients would like us to enable support for keystone middleware in charm.

Changed in charm-keystone:
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
Arif Ali (arif-ali) wrote :

keystonemiddleware is automatically already installed and what the customer wants is the auditing side of what keystonemiddleware has. Primarily [1] describes what is required for the autid middleware to be configured. It could be as part of the code python-keystonemiddleware or python3-keystonemiddleware would need to be packaged up

In the attempt to get this started, and doing stuff on this, I can point to 2 repos that I worked on [2] is the charm, and [3] is the charmhelpers update. This is my rough idea on how we can go about it.

The key things coming out this piece of work is that we need 3 files changing or adding in each of the major project charms

1. /etc/<project>/<project>.conf
2. /etc/<project>/api-paste.ini
3. /etc/<project>/api_audit_map.conf

The sense of these updates can be seen in both [2] and [3]

The api_audit_map.conf file can be taken from the repo in [4], I have not checked to see if they are identical for each of the projects, but this afaik is required for the audit middleware to work

The initial PR created for the charmhelpers also suggested that maybe the audit_middleware context may not be ideal in the IdentityServiceContext, and maybe a new AuditMiddlewareContext may be required

There may be other variables that the doc [1] specifies that may be required in api-paste.ini, that may be required for extra functionality

[1] https://docs.openstack.org/keystonemiddleware/latest/audit.html
[2] https://github.com/arif-ali/charm-nova-cloud-controller/commit/3743f00384de56efe8b0a4ee2ab2e40de68b5e7f#diff-bceb54a0fa3aac4f53f131205411c18f
[3] https://github.com/arif-ali/charm-helpers/commit/258cf87c83cca2faf601dd99285cd226e2e67b48
[4] https://github.com/openstack/pycadf/tree/master/etc/pycadf

Changed in charm-helpers:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-gnocchi:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-trove:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-ceilometer:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-cinder:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-glance:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-heat:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-neutron-api:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-nova-cloud-controller:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-panko:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-swift-proxy:
importance: Undecided → Wishlist
status: New → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers