Skip to content

Commit

Permalink
Merge pull request #900 from MylesJP/stable/antelope
Browse files Browse the repository at this point in the history
[stable/antelope] Add support for keystone audit middleware
  • Loading branch information
ajkavanagh authored Jun 19, 2024
2 parents cad764d + a8c1639 commit 561ae3a
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 0 deletions.
15 changes: 15 additions & 0 deletions charmhelpers/contrib/openstack/context.py
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,21 @@ def get_related(self):
return self.related


class KeystoneAuditMiddleware(OSContextGenerator):
def __init__(self, service: str) -> None:
self.service_name = service

def __call__(self):
"""Return context dictionary containing configuration status of
audit-middleware and the charm service name.
"""
ctxt = {
'audit_middleware': config('audit-middleware') or False,
'service_name': self.service_name
}
return ctxt


class SharedDBContext(OSContextGenerator):
interfaces = ['shared-db']

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{% if audit_middleware -%}
[audit_middleware_notifications]
driver = log
{% endif -%}
6 changes: 6 additions & 0 deletions charmhelpers/contrib/openstack/templates/section-filter-audit
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{% if audit_middleware and service_name -%}
[filter:audit]
paste.filter_factory = keystonemiddleware.audit:filter_factory
audit_map_file = /etc/{{ service_name }}/api_audit_map.conf
service_name = {{ service_name }}
{% endif -%}
24 changes: 24 additions & 0 deletions tests/contrib/openstack/test_os_contexts.py
Original file line number Diff line number Diff line change
Expand Up @@ -824,6 +824,30 @@ def test_shared_db_context_with_data(self, os_codename):
}
self.assertEquals(result, expected)

@patch.object(context, 'config')
def test_keystone_audit_middleware_ctxt_enabled(self, mock_config):
'''Test KeystoneAuditMiddleware ctxt contents when enabled'''
mock_config.return_value = True
audit_middleware = context.KeystoneAuditMiddleware(service='cinder')
ctxt = audit_middleware()
expected_ctxt = {
'audit_middleware': True,
'service_name': 'cinder'
}
self.assertEqual(ctxt, expected_ctxt)

@patch.object(context, 'config')
def test_keystone_audit_middleware_ctxt_disabled(self, mock_config):
'''Test KeystoneAuditMiddleware ctxt contents when disabled'''
mock_config.return_value = False
audit_middleware = context.KeystoneAuditMiddleware(service='cinder')
ctxt = audit_middleware()
expected_ctxt = {
'audit_middleware': False,
'service_name': 'cinder'
}
self.assertEqual(ctxt, expected_ctxt)

def test_shared_db_context_with_data_and_access_net_mismatch(self):
"""Mismatch between hostname and hostname for access net - defers
execution"""
Expand Down

0 comments on commit 561ae3a

Please sign in to comment.