Reviewed: https://review.openstack.org/523403 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=b2e02f5147d79eaf4fd935507590fec5a0ba7ccf Submitter: Zuul Branch: master
commit b2e02f5147d79eaf4fd935507590fec5a0ba7ccf Author: Chris Dent <[email protected]> Date: Tue Nov 28 12:44:44 2017 +0000 [placement] re-use existing conf with auth token middleware If 'oslo_config_project' is passed to the auth_token filter factory, the mechanism in nova.api.openstack.placement.wsgi for overriding the location of the configuration file is ignored meaning that expected custom configuration is also ignored. Instead pass the already existing conf with 'olso_config_config' parameter. The unit test in test_deploy.py shows that the configuration settings get passed to the middleware and used by testing the value of the 'WWW-Authenticate' header (which comes from a few different configuration settings, of which is 'auth_uri') in a response generated by the placement WSGI application. The same test against the previous deploy.py code fails. Change-Id: I61d20c5d19797f7e66648c7864a632f3328be8ce Closes-Bug: #1734491 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1734491 Title: placement keystonemiddleware_authtoken ignores OS_PLACEMENT_CONFIG_DIR Status in OpenStack Compute (nova): Fix Released Bug description: In placement master, late November 2017, the deploy.py file is responsible for building the WSGI middleware stack, including loading the keystonemiddleware. auth_middleware = auth_token.filter_factory( {}, oslo_config_project=project_name) This mode of loading means that the middleware itself is responsible for finding and reading the project conf file (nova.conf for now). Whereas the general the conf loading done in wsgi.py is aware of an OS_PLACEMENT_CONFIG_DIR env, the filter_factory loading above is not. This can lead to some pretty confusing situations where custom config, for things like the database, from custom locations are visible in the placement service, but authtoken config is not. Only after pulling all hair from head does it become clear what's happening. So we should fix that. It _may_ be as simple as adding similar file handling as used in wsgi.py, but it's not clear if the arg will get passed through. Further experimentation required. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1734491/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
