Audit middleware does not work with APIs which does not require a Keystone token
Bug #1583699 reported by
Guang Yee
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| keystonemiddleware |
Fix Released
|
Medium
|
Guang Yee | ||
Bug Description
Audit middleware assumes the existence of Keystone token and therefore the existence of the identity headers (i.e. HTTP_X_USER_ID, HTTP_X_USER_NAME) in the headers.
https:/
Some Swift APIs (i.e. list publically available containers) does not required a Keystone token, and therefore the identity headers will not be populated.
Audit middleware should consider the following:
1. do not emit an audit event if Keystone token is not present in the request, or
2. come up with a generic/common way to audit these types of requests
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystonemiddleware (master) | #1 |
| Changed in keystonemiddleware: | |
| assignee: | nobody → Guang Yee (guang-yee) |
| status: | New → In Progress |
| Changed in keystonemiddleware: | |
| importance: | Undecided → Medium |
| Changed in keystonemiddleware: | |
| assignee: | Guang Yee (guang-yee) → Samuel de Medeiros Queiroz (samueldmq) |
| Changed in keystonemiddleware: | |
| assignee: | Samuel de Medeiros Queiroz (samueldmq) → Guang Yee (guang-yee) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystonemiddleware (master) | #2 |
| Changed in keystonemiddleware: | |
| status: | In Progress → Fix Released |
Revision history for this message
| Doug Hellmann (doug-hellmann) wrote Fix included in openstack/keystonemiddleware 4.6.0 | #3 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/