monasca_log_api.middleware package

Submodules

monasca_log_api.middleware.role_middleware module

class RoleMiddleware(application, conf=None)[source]

Bases: oslo_middleware.base.ConfigurableMiddleware

Authorization middleware for X-Roles header.

RoleMiddleware is responsible for authorizing user’s access against X-Roles header. Middleware expects authentication to be completed (i.e. keystone middleware has been already called).

If tenant is authenticated and authorized middleware exits silently (that is considered a success). Otherwise middleware produces JSON response according to following schema

{
  'title': u'Unauthorized',
  'message': explanation (str)
}

Configuration example

[roles_middleware]
path = /v2.0/log
default_roles = monasca-user
agent_roles = monasca-log-agent

Configuration explained:

  • path (list) - path (or list of paths) middleware should be applied
  • agent_roles (list) - list of roles that identifies tenant as an agent
  • default_roles (list) - list of roles that should be authorized
Note:
Being an agent means that tenant is automatically authorized.
Note:
Middleware works only for configured paths and for all requests apart from HTTP method OPTIONS.
process_request(req)[source]