Middleware for external (non-OpenStack) requests¶
When request is coming to murano (or any other service) from outside of OpenStack it has no OpenStack-specific requests headers at all. So, it’s hard to use standart middlewares and authentication methods for exteranal requests.
Now we need to recreate keystoneclient and get authentication information for each request which comes from outside of OpenStack using basic auth credentials. This can be look better if we can use standart keystone middleware for external service requests, but we don’t have enough info (at least token) in the external requests.
Now you can see this behaviour in murano service broker for Cloud Foundry.
Create a new middleware which will handle external requests and add X-Auth-Token header. This should be enough for keystone middleware and murano context middleware. Middleware should be added to all external services adaptors (now we have only service broker). It’s not recommended to add it directly to murano-api because it can be real security issue.
Take everything as it is.
Data model impact¶
REST API impact¶
Other end user impact¶
Developers which will create adapters for external service shouldn’t worry about how it will authenticate and work with murano. They can simply add this middleware to their applications.
Murano-dashboard / Horizon impact¶
- Primary assignee:
- Implement external requests middleware
Now this can be tested in a bunch of functional tests for Cloud Foundry service broker.