Skip to content

Commit

Permalink
Add support for keystone audit middleware
Browse files Browse the repository at this point in the history
Created a context for enabling keystone audit middleware as per https://bugs.launchpad.net/charm-helpers/+bug/1856555 along with two unit tests.

(cherry picked from commit 12afd33)
  • Loading branch information
MylesJP committed Jun 19, 2024
1 parent f401a3c commit e75a7a3
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 0 deletions.
15 changes: 15 additions & 0 deletions charmhelpers/contrib/openstack/context.py
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,21 @@ def get_related(self):
return self.related


class KeystoneAuditMiddleware(OSContextGenerator):
def __init__(self, service: str) -> None:
self.service_name = service

def __call__(self):
"""Return context dictionary containing configuration status of
audit-middleware and the charm service name.
"""
ctxt = {
'audit_middleware': config('audit-middleware') or False,
'service_name': self.service_name
}
return ctxt


class SharedDBContext(OSContextGenerator):
interfaces = ['shared-db']

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{% if audit_middleware -%}
[audit_middleware_notifications]
driver = log
{% endif -%}
6 changes: 6 additions & 0 deletions charmhelpers/contrib/openstack/templates/section-filter-audit
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{% if audit_middleware and service_name -%}
[filter:audit]
paste.filter_factory = keystonemiddleware.audit:filter_factory
audit_map_file = /etc/{{ service_name }}/api_audit_map.conf
service_name = {{ service_name }}
{% endif -%}
24 changes: 24 additions & 0 deletions tests/contrib/openstack/test_os_contexts.py
Original file line number Diff line number Diff line change
Expand Up @@ -784,6 +784,30 @@ def test_shared_db_context_with_data(self, os_codename):
}
self.assertEquals(result, expected)

@patch.object(context, 'config')
def test_keystone_audit_middleware_ctxt_enabled(self, mock_config):
'''Test KeystoneAuditMiddleware ctxt contents when enabled'''
mock_config.return_value = True
audit_middleware = context.KeystoneAuditMiddleware(service='cinder')
ctxt = audit_middleware()
expected_ctxt = {
'audit_middleware': True,
'service_name': 'cinder'
}
self.assertEqual(ctxt, expected_ctxt)

@patch.object(context, 'config')
def test_keystone_audit_middleware_ctxt_disabled(self, mock_config):
'''Test KeystoneAuditMiddleware ctxt contents when disabled'''
mock_config.return_value = False
audit_middleware = context.KeystoneAuditMiddleware(service='cinder')
ctxt = audit_middleware()
expected_ctxt = {
'audit_middleware': False,
'service_name': 'cinder'
}
self.assertEqual(ctxt, expected_ctxt)

def test_shared_db_context_with_data_and_access_net_mismatch(self):
"""Mismatch between hostname and hostname for access net - defers
execution"""
Expand Down

0 comments on commit e75a7a3

Please sign in to comment.