Merge "Use http-proxy-to-wsgi middleware from oslo.middleware"

openstack · Jun 14, 2016 · 474d8d0 · 474d8d0
2 parents 1a86665 + b0d0b1d
commit 474d8d0
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 8 deletions.
diff --git a/etc/glance-api-paste.ini b/etc/glance-api-paste.ini
@@ -1,38 +1,38 @@
 # Use this pipeline for no auth or image caching - DEFAULT
 [pipeline:glance-api]
-pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
 
 # Use this pipeline for image caching and no auth
 [pipeline:glance-api-caching]
-pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context cache rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
 
 # Use this pipeline for caching w/ management interface but no auth
 [pipeline:glance-api-cachemanagement]
-pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
 
 # Use this pipeline for keystone auth
 [pipeline:glance-api-keystone]
-pipeline = cors healthcheck versionnegotiation osprofiler authtoken context  rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context  rootapp
 
 # Use this pipeline for keystone auth with image caching
 [pipeline:glance-api-keystone+caching]
-pipeline = cors healthcheck versionnegotiation osprofiler authtoken context cache rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
 
 # Use this pipeline for keystone auth with caching and cache management
 [pipeline:glance-api-keystone+cachemanagement]
-pipeline = cors healthcheck versionnegotiation osprofiler authtoken context cache cachemanage rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
 
 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user.
 [pipeline:glance-api-trusted-auth]
-pipeline = cors healthcheck versionnegotiation osprofiler context rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
 
 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user and uses cache management
 [pipeline:glance-api-trusted-auth+cachemanagement]
-pipeline = cors healthcheck versionnegotiation osprofiler context cache cachemanage rootapp
+pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
 
 [composite:rootapp]
 paste.composite_factory = glance.api:root_app_factory
@@ -85,3 +85,6 @@ enabled = yes  #DEPRECATED
 paste.filter_factory =  oslo_middleware.cors:filter_factory
 oslo_config_project = glance
 oslo_config_program = glance-api
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
diff --git a/etc/glance-api.conf b/etc/glance-api.conf
@@ -1649,6 +1649,17 @@
 #rpc_retry_delay = 0.25
 
 
+[oslo_middleware]
+
+#
+# From oslo.middleware.http_proxy_to_wsgi
+#
+
+# Wether the application is behind a proxy or not. This determines if
+# the middleware should parse the headers or not. (boolean value)
+#enable_proxy_headers_parsing = false
+
+
 [oslo_policy]
 
 #

diff --git a/etc/oslo-config-generator/glance-api.conf b/etc/oslo-config-generator/glance-api.conf
@@ -10,4 +10,5 @@ namespace = oslo.policy
 namespace = keystonemiddleware.auth_token
 namespace = oslo.log
 namespace = oslo.middleware.cors
+namespace = oslo.middleware.http_proxy_to_wsgi
 namespace = osprofiler
diff --git a/glance/common/wsgi.py b/glance/common/wsgi.py
@@ -107,6 +107,9 @@
 
 wsgi_opts = [
     cfg.StrOpt('secure_proxy_ssl_header',
+               deprecated_for_removal=True,
+               deprecated_reason=_('Use the http_proxy_to_wsgi middleware '
+                                   'instead.'),
                help=_('The HTTP header used to determine the scheme for the '
                       'original request, even if it was removed by an SSL '
                       'terminating proxy. Typical value is '