| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This adds a middleware for noauth that would inject a fake
project_id for create requests. This would ensure that api
consumers don't have to provide a fake project_id in requests.
Closes-Bug: #1934039
Change-Id: I5e1de571034be41f1147c130fce66e6cf70b1369
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When project_id/tenant_id is present in an API call, Neutron
checks first if this project exists. If not, a HTTPNotFound
will be thrown.
This patch is tested in neutron-tempest-plugin:
https://review.opendev.org/#/c/754390/
Closes-Bug: #1896588
Change-Id: I6276490d4df69ec0f2c9a1492b9b03d1130c7c05
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[1] added healthcheck url to neutron API, but in review it was noted
that the used filter_factory is deprecated and app_factory is the
suggested instead, as Akihiro commented in [1], in [2] filter is marked
for removal.
[1]: https://review.opendev.org/724676
[2]: https://opendev.org/openstack/oslo.middleware/src/branch/master/oslo_middleware/healthcheck/__init__.py#L409
Change-Id: I28c26d3357c21483b7642958564d675cd5feaa31
|
| |
|
|
|
|
|
| |
The /healthcheck is helpful for operators to setup neutron-api
behind haproxy, or for doing monitoring.
Change-Id: I83b8c2afdd74b57184200daab54255e8cae9c27b
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The osprofiler filter is included in the standard pipelines for
nova, glance, cinder, heat, magnum [1], but is missing for neutron.
This means when a deployment uses profiling, there is a gap in the
data collected when the neutron API is executing.
[1] https://github.com/openstack/openstack-ansible-os_nova/blob/master/templates/api-paste.ini.j2#L31-L32
Change-Id: I8e45888968cde8ca29548447d0b0bc00ae569fc1
Closes-Bug: #1781619
|
| |
|
|
|
|
|
|
| |
The versions endpoint is now handled by Pecan
and there is no way to reach this old endpoint
now that we have dropped the web_framework option.
Change-Id: I5d493623b107f125cb9426310f2e43612c94bb7f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sets up the HTTPProxyToWSGI middleware in front of Neutron-API. The
purpose of this middleware is to set up the request URL correctly in
case there is a proxy (For instance, a loadbalancer such as HAProxy)
in front of Neutron.
So, for instance, when TLS connections are being terminated in the
proxy, and one tries to get the versions from the / resource of
Neutron, one will notice that the protocol is incorrect; It will show
'http' instead of 'https'. So this middleware handles such cases.
Thus helping Keystone discovery work correctly.
The HTTPProxyToWSGI is off by default and needs to be enabled via a
configuration value.
Change-Id: Ice9ee8f4e04050271d59858f92034c230325718b
Closes-Bug: #1590608
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch exposes the root (version) resource to CORS-enabled
browser clients that wish to perform API version discovery. It
does this by creating a new composite pipeline for the neutronversions
app, adding the already-existing CORS middleware into the chain.
This feature is required for js-openstack-lib, and its devstack
tests. https://review.openstack.org/#/c/366905/
Change-Id: I6611839f38d553fc29c813a4b8d874fde77b8034
required-by: Ia2f59213eedf6d7acbb02789ee921c13ff391d09
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add osprofiler wsgi middleware. This middleware is used for 2 things:
1) It checks that person who wants to trace is trusted and knows
secret HMAC key.
2) It starts tracing in case of proper trace headers
and adds first wsgi trace point, with info about HTTP request
* Add initialization of osprofiler at start of service
Currently that includes oslo.messaging notifer instance creation
to send Ceilometer backend notifications.
Neutron client change: Ic11796889075b2a0e589b70398fc4d4ed6f3ef7c
Co-authored-by: Ryan Moats <rmoats@us.ibm.com>
Depends-On: I5102eb46a7a377eca31375a0d64951ba1fdd035d
Closes-Bug: #1335640
DocImpact Add devref and operator documentation on how to use this
APIImpact
Change-Id: I7fa2ad57dc5763ce72cba6945ebcadef2188e8bd
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The default values needed for neutron's implementation of cors
middleware have been moved from paste.ini into the configuration
hooks provided by oslo.config. Furthermore, these values have been
added to neutron's default configuration parsing. This ensures
that if a value remains unset in neutron.conf, it will be set to use
sane defaults, and that an operator modifying the configuration
file will be presented with a default set of necessary sane headers.
Change-Id: I327d1d7ce50dd4a20d781e6251a5af81c57e6ca1
Closes-Bug: 1551836
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CORS middleware's latent configuration feature, new in 3.0.0,
allows adding headers that apply to all valid origins.
This patch adds headers commonly used in openstack to neutron's paste
pipeline, so that operators do not have to be aware of additional
configuration magic to ensure that browsers can talk to the API.
For more information:
http://docs.openstack.org/developer/oslo.middleware/cors.html#configuration-for-pastedeploy
Change-Id: Ic08fcb7833563bbeca3e0ba2d03438d4be594418
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the CORS support middleware to Neutron, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly.
For neutron, both the paste.ini and the direct-wrap method of
deploying the middleware were chosen, since neutron is in a state of
migration to pecan. Note that if someone deploys pecan-neutron behind
other middleware, any responses provided by that middleware will not
be CORS-enabled, as these responses would be returned before the
headers could be annotated. This results in a response not readable
by the user agent.
OpenStack CrossProject Spec:
http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html
DocImpact: Add link to CORS configuration in admin cloud guide.
Change-Id: I02acea6124d28370d92e7c94ca2d1d6c5c8937ac
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Oslo libraries have moved all of their code out of the 'oslo'
namespace package into per-library packages. The namespace package was
retained during kilo for backwards compatibility, but will be removed by
the liberty-2 milestone. This change removes the use of the namespace
package, replacing it with the new package names.
The patches in the libraries will be put on hold until application
patches have landed, or L2, whichever comes first. At that point, new
versions of the libraries without namespace packages will be released as
a major version update.
Please merge this patch, or an equivalent, before L2 to avoid problems
with those library releases.
Blueprint: remove-namespace-packages
https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages
Change-Id: If8a132de65ba1e57ea93f98daac66816a3cefaa8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Synced middleware module from incubator instead of removing it
completely. This is needed for grenade and to keep backwards
compatibility with existing installations with old api-paste.ini.
'log' module is updated as a dependency for middleware module.
'versionutils' are added as a new dependency for middleware module.
Closes-Bug: #1371701
Change-Id: Ib1c3161ccc98642091134f2285fed7c90244e600
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
auth_token middleware in python-keystoneclient is deprecated and has
been moved to the keystonemiddleware repo.
Closes-Bug: #1342274
Change-Id: I1aadbe24db63eb2507b088cd53886d7f2e192cab
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Import RequestIdMiddleware from oslo which ensures to request-id
in API response. CatchErrorsMiddleware is also imported to ensure
all internal exceptions are caught outermost.
api-paste.ini is updated to use them.
KeystonAuthContext middleware is updated so that it uses
request-id generated by RequestIdMiddleware.
Add middleware to openstack.conf and import all modules
under middleware directory from oslo.
DocImpact UpgradeImpact
This patch adds new WSGI middlewares "request_id" and "catch_errors".
They needs to be added to api-paste.ini when upgrading.
Change-Id: Icf01b7de697ef50bef53212da2cf520d1ff78b88
Closes-Bug: #1239923
|
| |
|
|
|
|
|
|
|
| |
This change renames everything to Neutron while providing backwards
compatible adjustments for Grizzly configuration files.
implements blueprint: remove-use-of-quantum
Change-Id: Ie7d07ba7c89857e13d4ddc8f0e9b68de020a3d19
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
keystone auth_token middleware now allows quantum to have auth_token
configuration in quantum.conf. This commit moves the example of
auth_token configuration from api-paste.ini to quantum.conf.
This simplifies user configuations and users is no longer required
to edit api-paste.ini.
This change does not break backward compatibility. auth_token first
tries the configurations in /etc/quantum/api-paste.ini and then the
above configurations. Thus a user who already use api-paste.ini
does not need to change it.
DocImpact
Change-Id: I5a4c48b14428e29ea2a331880e1de0afd69c97b5
|
| |
|
|
|
|
|
|
| |
Moves the keystone_signing directory into a subdirectory
of /var/lib/quantum which is use for lots of other things
as well.
Change-Id: I451d2bca17dcdb5b7050bc412e709285f87cb788
|
| |
|
|
|
|
|
|
| |
The auth_token middleware moved into keystoneclient so a full
keystone install is not required to use the middleware.Also
add missing signing_dir to api-paste.ini.
Change-Id: If6c339045b70b3d4d70f0297ec32ed3cfdf431de
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change moves extensions.py out of the extensions module
and into the api module. This resolves an issue where the
following log WARNING message would occur each time the Quantum
API starts:
Did not find expected name "Extensions" in
/usr/lib/python2.7/site-packages/quantum/extensions/extensions.py
Fixes LP Bug #1074895.
Change-Id: Ia5ed206870551f9b33b74dcdc9d0503e447f298d
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
bp remove-v1-related-code
Removes API, DB, and test code that is used only for Quantum v1 API,
which is no longer supported.
Includes removal of v1 code for sample, ovs, linuxbridge and ryu plugin.
Nicira and Cisco plugins will be handled outside of this patchset.
Change-Id: Id34dc7229bb7b399b5cfd4602dbc8d5ee4e8de61
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes bug 1029313.
The current api-paste.ini does not provide a way to choose a pipeline:
there is no way to switching a pipeline between keystone-enabled and
noauth pipelines without modifying the pipeline directly.
This commit introduces 'auth_strategy' flag to quantum.conf and
a pipeline used is determined depending on the flag. Supported values for
this flag are 'keystone' (default) and 'noauth' at the moment.
Change-Id: Ieafaf31eaaec2b02727ed5d3bd36c907e50aee5b
|
|
|
blueprint use-common-cfg
In addition this ensures that the cisco extension units are working
with the common cfg code.
Change-Id: I8c1f81e295e7ed593f0b58885efeeb15339b7733
|
