juju
openstack: add keystone audit middleware support
This PR is in preparation to fulfil the audit middleware specification as documented in
https://specs.openstack.org/openstack/charm-specs/specs/2023.1/backlog/audit-middleware.html
First review for nova-cloud-controller charm
https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/887213
Once this is merged, we can then do the rest of the charms in LP#1856555
One minor style point that is not important, but may make the code a little easier to read.
Updated the PR
Only thing needed prior to merging is a gerrit review that exercises the change so we can verify that the change is good. Please could you link a review to the PR's description? Thanks.
I've added the first review and the LP bug in the description. The review still needs rebasing once this PR is merged so that I can remove the location off the charmhelpers sync.
There are several other charms that need doing too, so once this PR is merged we can crack on with the others
just found an issue with this, while testing, so marking it as a draft
seems like that self.service could be None, hence the process will not work; so need another way to overcome that
To avoid the issues encountered by using an optional field, I think this should likely just be a new Context object with the explicit needs of enabling the Audit Middleware. This way, the service will explicitly opt into it via a config option as well as leveraging the new Context.
@arif-ali if the additional items are pulled out into a new context, as @wolsen suggests, it would look something like:
class KeystoneAuditMiddleware(OSContextGenerator):
def __init__(self, service_name):
self.service_name = service_name
def __call__(self):
ctxt = {
'audit_middleware': config('audit-middleware) or False,
'service_name': service_name,
}
return ctxt
And then it can just be used by including the new Context in the resource_map and then it could be used in the templates as is in the current patch. This would also significantly simplify the testing.
