Charm Helpers

[Feature request] enable support for keystone middleware plugin in charm

Bug #1856555 reported by Boggy
42
This bug affects 8 people
Affects Status Importance Assigned to Milestone
Charm Helpers
In Progress
Wishlist
Myles Penner
Gnocchi Charm
In Progress
Wishlist
Unassigned
OpenStack Ceilometer Charm
Triaged
Wishlist
Unassigned
OpenStack Cinder Charm
Fix Committed
Wishlist
Myles Penner
OpenStack Glance Charm
Fix Committed
Wishlist
Unassigned
OpenStack Heat Charm
Fix Committed
Wishlist
Unassigned
OpenStack Ironic API Charm
In Progress
Undecided
Unassigned
OpenStack Keystone Charm
Triaged
Wishlist
Unassigned
OpenStack Neutron API Charm
Fix Committed
Wishlist
Unassigned
OpenStack Nova Cloud Controller Charm
Fix Committed
Wishlist
Unassigned
OpenStack Swift Proxy Charm
Triaged
Wishlist
Unassigned
OpenStack Trove Charm
Triaged
Wishlist
Unassigned
OpenStack panko charm
Triaged
Wishlist
Unassigned

Bug Description

One of our clients would like us to enable support for keystone middleware in charm.

Chris MacNaughton (chris.macnaughton)
Changed in charm-keystone:
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
Arif Ali (arif-ali) wrote :

keystonemiddleware is automatically already installed and what the customer wants is the auditing side of what keystonemiddleware has. Primarily [1] describes what is required for the autid middleware to be configured. It could be as part of the code python-keystonemiddleware or python3-keystonemiddleware would need to be packaged up

In the attempt to get this started, and doing stuff on this, I can point to 2 repos that I worked on [2] is the charm, and [3] is the charmhelpers update. This is my rough idea on how we can go about it.

The key things coming out this piece of work is that we need 3 files changing or adding in each of the major project charms

1. /etc/<project>/<project>.conf
2. /etc/<project>/api-paste.ini
3. /etc/<project>/api_audit_map.conf

The sense of these updates can be seen in both [2] and [3]

The api_audit_map.conf file can be taken from the repo in [4], I have not checked to see if they are identical for each of the projects, but this afaik is required for the audit middleware to work

The initial PR created for the charmhelpers also suggested that maybe the audit_middleware context may not be ideal in the IdentityServiceContext, and maybe a new AuditMiddlewareContext may be required

There may be other variables that the doc [1] specifies that may be required in api-paste.ini, that may be required for extra functionality

[1] https://docs.openstack.org/keystonemiddleware/latest/audit.html
[2] https://github.com/arif-ali/charm-nova-cloud-controller/commit/3743f00384de56efe8b0a4ee2ab2e40de68b5e7f#diff-bceb54a0fa3aac4f53f131205411c18f
[3] https://github.com/arif-ali/charm-helpers/commit/258cf87c83cca2faf601dd99285cd226e2e67b48
[4] https://github.com/openstack/pycadf/tree/master/etc/pycadf

Chris MacNaughton (chris.macnaughton)
Changed in charm-helpers:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-gnocchi:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-trove:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-ceilometer:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-cinder:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-glance:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-heat:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-neutron-api:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-nova-cloud-controller:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-panko:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-swift-proxy:
importance: Undecided → Wishlist
status: New → Triaged
Arif Ali (arif-ali)
Changed in charm-helpers:
assignee: nobody → Arif Ali (arif-ali)
status: Triaged → In Progress
Changed in charm-nova-cloud-controller:
assignee: nobody → Arif Ali (arif-ali)
status: Triaged → In Progress
Alex Kavanagh (ajkavanagh)
Changed in charm-cinder:
assignee: nobody → Myles Penner (mylesjp)
status: Triaged → In Progress
Changed in charm-helpers:
assignee: Arif Ali (arif-ali) → Myles Penner (mylesjp)
Changed in charm-nova-cloud-controller:
assignee: Arif Ali (arif-ali) → nobody
status: In Progress → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/915502

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on charm-cinder (master)

Change abandoned by "Myles Penner <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/915502
Reason: Practice test with Gerrit and OpenDev

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/916348

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on charm-cinder (master)

Change abandoned by "Myles Penner <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/916348
Reason: Missing section

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/916349

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-cinder (master)

Reviewed: https://review.opendev.org/c/openstack/charm-cinder/+/916349
Committed: https://opendev.org/openstack/charm-cinder/commit/e25b5d38fbb0692e5fab6e7f562c974316d61abe
Submitter: "Zuul (22348)"
Branch: master

commit e25b5d38fbb0692e5fab6e7f562c974316d61abe
Author: Myles Penner <email address hidden>
Date: Thu Apr 18 15:19:06 2024 -0700

    Add keystone audit middleware API logging

    This commit adds Keystone audit middleware API logging to the Cinder
    charm in versions Yoga and newer to allow users to configure their
    environment for CADF compliance. This feature can be enabled/disabled
    and is set to 'disabled' by default to avoid bloat in log files.
    The logging output is configured to /var/log/apache2/cinder_error.log.
    This commit builds on previous discussions:
    https://github.com/juju/charm-helpers/pull/808.

    Related-Pr: https://github.com/juju/charm-helpers/pull/893
    func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1200
    Closes-Bug: 1856555
    Change-Id: Ia7dbd6af2305e92eaa9a65890644c4a324ab2c65

Changed in charm-cinder:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/charm-cinder/+/917882

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-nova-cloud-controller (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/918017

Changed in charm-nova-cloud-controller:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-heat (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-heat/+/920422

Changed in charm-heat:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on charm-cinder (stable/2024.1)

Change abandoned by "Myles Penner <email address hidden>" on branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/charm-cinder/+/917882
Reason: Made additional changes to Cinder that need to be applied before backporting.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-glance (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-glance/+/920926

Changed in charm-glance:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-gnocchi (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-gnocchi/+/921582

Changed in charm-gnocchi:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-api (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-neutron-api/+/921695

Changed in charm-neutron-api:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on charm-nova-cloud-controller (master)

Change abandoned by "Felipe Reyes <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/887213
Reason: in favor of https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/918017

Changed in charm-glance:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-glance (master)

Reviewed: https://review.opendev.org/c/openstack/charm-glance/+/920926
Committed: https://opendev.org/openstack/charm-glance/commit/66a167eb42d53f8e12a856c9f0b2d888e57b1742
Submitter: "Zuul (22348)"
Branch: master

commit 66a167eb42d53f8e12a856c9f0b2d888e57b1742
Author: Myles Penner <email address hidden>
Date: Fri May 31 10:25:16 2024 -0700

    Add keystone audit middleware API logging

    This commit adds Keystone audit middleware API logging to
    the Glance charm in versions Yoga and newer to allow users to
    configure their environment for CADF compliance. This feature can
    be enabled/disabled and is set to 'disabled' by default to avoid
    bloat in log files. The logging output writes to
    /var/log/glance/glance-api.log.
    This commit builds on previous discussions:
    https://github.com/juju/charm-helpers/pull/808.

    Related-Pr: https://github.com/juju/charm-helpers/pull/893
    func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1212
    Closes-Bug: 1856555
    Change-Id: Ied08b56cf3c4fa30827d43a50ca7b552db0fa82b

Changed in charm-neutron-api:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-neutron-api (master)

Reviewed: https://review.opendev.org/c/openstack/charm-neutron-api/+/921695
Committed: https://opendev.org/openstack/charm-neutron-api/commit/84aec48548154a1db0c420200926b2bc1b111fcc
Submitter: "Zuul (22348)"
Branch: master

commit 84aec48548154a1db0c420200926b2bc1b111fcc
Author: Myles Penner <email address hidden>
Date: Mon Jun 10 10:24:06 2024 -0700

    Add keystone audit middleware API logging

    This commit adds Keystone audit middleware API logging to
    the Neutron-API charm in versions Yoga and newer to allow users to
    configure their environment for CADF compliance. This feature can
    be enabled/disabled and is set to 'disabled' by default to avoid
    bloat in log files. The logging output writes to
    /var/log/neutron/neutron-server.log.
    This commit builds on previous discussions:
    https://github.com/juju/charm-helpers/pull/808.

    Closes-Bug: 1856555
    Change-Id: I6d4f471607b11c2a0450d74c8fd68385486ec8d9

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-nova-cloud-controller (master)

Reviewed: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/918017
Committed: https://opendev.org/openstack/charm-nova-cloud-controller/commit/723515fd2b95a6198c162aff7a1eac0857b4157a
Submitter: "Zuul (22348)"
Branch: master

commit 723515fd2b95a6198c162aff7a1eac0857b4157a
Author: Myles Penner <email address hidden>
Date: Thu May 2 16:54:10 2024 -0700

    Add keystone audit middleware API logging

    This commit adds Keystone audit middleware API logging to the Nova-
    Cloud-Contoller charm in versions Yoga and newer to allow users to
    configure their environment for CADF compliance. This feature can
    be enabled/disabled and is set to 'disabled' by default to avoid
    bloat in log files. The logging output writes to
    /var/log/nova/nova-api-wsgi.log.
    This commit builds on previous discussions:
    https://github.com/juju/charm-helpers/pull/808.

    Related-Pr: https://github.com/juju/charm-helpers/pull/893
    func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1212
    Closes-Bug: 1856555
    Change-Id: Ie09cc6775c13a2dba6a0f3d69a4a080f9fc484c8

Changed in charm-nova-cloud-controller:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-heat (master)

Reviewed: https://review.opendev.org/c/openstack/charm-heat/+/920422
Committed: https://opendev.org/openstack/charm-heat/commit/69886c1bcd7a5a8e5c92478c9ea1d45801fc8d38
Submitter: "Zuul (22348)"
Branch: master

commit 69886c1bcd7a5a8e5c92478c9ea1d45801fc8d38
Author: Myles Penner <email address hidden>
Date: Fri May 24 15:38:11 2024 -0700

    Add keystone audit middleware API logging

    This commit adds Keystone audit middleware API logging to the Heat
    charm in versions Yoga and newer to allow users to configure their
    environment for CADF compliance. This feature can be enabled/disabled
    and is set to 'disabled' by default to avoid bloat in log files.
    The logging output is configured to /var/log/heat/heat-api.log.
    This commit builds on previous discussions:
    https://github.com/juju/charm-helpers/pull/808.

    func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1212
    Closes-Bug: 1856555
    Change-Id: Ic611b68f35a36489673e3430dd1abbd5aa752fa7

Changed in charm-heat:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-ironic-api (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-ironic-api/+/922144

Changed in charm-ironic-api:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-glance (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/charm-glance/+/922508

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-heat (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/charm-heat/+/922526

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-api (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/charm-neutron-api/+/922527

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-nova-cloud-controller (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/922530

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/charm-cinder/+/922636

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-nova-cloud-controller (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/922638

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-api (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/charm-neutron-api/+/922645

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-heat (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/charm-heat/+/922647

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-glance (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/charm-glance/+/922651

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/charm-cinder/+/922656

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-nova-cloud-controller (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/922659

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-api (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/charm-neutron-api/+/922666

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-api (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/charm-neutron-api/+/922668

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-api (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/charm-neutron-api/+/922670

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-heat (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/charm-heat/+/922672

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-heat (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/charm-heat/+/922675

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-heat (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/charm-heat/+/922677

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-glance (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/charm-glance/+/922686

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-glance (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/charm-glance/+/922688

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-glance (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/charm-glance/+/922690

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-nova-cloud-controller (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/922741

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-nova-cloud-controller (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/922745

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/charm-cinder/+/922752

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/charm-cinder/+/922757

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/charm-cinder/+/922759

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.