internal_client: Remove allow_modify_pipeline option

The internal client is suppose to be internal to the cluster, and as
such we rely on it to not remove any headers we decide to send. However
if the allow_modify_pipeline option is set the gatekeeper middleware is
added to the internal client's proxy pipeline.

So firstly, this patch removes the allow_modify_pipeline option from the
internal client constructor. And when calling loadapp
allow_modify_pipeline is always passed with a False.

Further, an op could directly put the gatekeeper middleware into the
internal client config. The internal client constructor will now check
the pipeline and raise a ValueError if one has been placed in the
pipeline.

To do this, there is now a check_gatekeeper_loaded staticmethod that will
walk the pipeline which called from the InternalClient.__init__ method.
Enabling this walking through the pipeline, we are now stashing the wsgi
pipeline in each filter so that we don't have to rely on 'app' naming
conventions to iterate the pipeline.

Co-Authored-By: Alistair Coles <alistairncoles@gmail.com>
Change-Id: Idcca7ac0796935c8883de9084d612d64159d9f92

1 files changed, 1 insertions, 0 deletions

diff --git a/etc/internal-client.conf-sample b/etc/internal-client.conf-sample
index 7ded5fd8a..d9ed5e24b 100644
--- a/etc/internal-client.conf-sample
+++ b/etc/internal-client.conf-sample
@@ -26,6 +26,7 @@
 # log_statsd_metric_prefix =
 
 [pipeline:main]
+# Note: gatekeeper middleware is not allowed in the internal client pipeline
 pipeline = catch_errors proxy-logging cache symlink proxy-server
 
 [app:proxy-server]