monasca_log_api.middleware package

Submodules

monasca_log_api.middleware.role_middleware module

class RoleMiddleware(application, conf=None)

Bases: oslo_middleware.base.ConfigurableMiddleware

Authorization middleware for X-Roles header.

RoleMiddleware is responsible for authorizing user’s access against X-Roles header. Middleware expects authentication to be completed (i.e. keystone middleware has been already called).

If tenant is authenticated and authorized middleware exits silently (that is considered a success). Otherwise middleware produces JSON response according to following schema

{
  'title': u'Unauthorized',
  'message': explanation (str)
}

Configuration example

[roles_middleware]
path = /v2.0/log
default_roles = monasca-user
agent_roles = monasca-log-agent

Configuration explained:

• path (list) - path (or list of paths) middleware should be applied
• agent_roles (list) - list of roles that identifies tenant as an agent
• default_roles (list) - list of roles that should be authorized

Note:

Being an agent means that tenant is automatically authorized.

Note:

Middleware works only for configured paths and for all requests apart from HTTP method OPTIONS.

process_request(req)