audit middleware broken for glance
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystonemiddleware |
Fix Released
|
Undecided
|
leehom |
Bug Description
Glance use Decorator @utils.mutating to enforce read-only logic.
This requires use req.context.
```
def mutating(func):
"""Decorator to enforce read-only logic"""
@functools.
def wrapped(self, req, *args, **kwargs):
if req.context.
msg = "Read-only access"
raise exc.HTTPForbidd
return func(self, req, *args, **kwargs)
return wrapped
```
Look at the logic in keystonemiddleware audit. It will overwrite req.context with the dict() of RequestContext.
```
@webob.
def __call__(self, req):
if req.method in self._ignore_
return req.get_
# Cannot use a RequestClass on wsgify above because the `req` object is
# a `WebOb.Request` when this method is called so the RequestClass is
# ignored by the wsgify wrapper.
req.context = oslo_context.
try:
except Exception:
raise
else:
return response
```
The problem is Keystone audit middleware and glance both need to use own generated req.context.
Glance requires to access req.context.
and
Keystone audit middleware requires to iterate req.context.
This problem is still exist in Stein Release.
Changed in keystonemiddleware: | |
assignee: | nobody → leehom (feli5) |
Fix proposed to branch: master /review. openstack. org/626226
Review: https:/