Middleware for external (non-OpenStack) requests¶
https://blueprints.launchpad.net/murano/+spec/external-request-middleware
When request is coming to murano (or any other service) from outside of OpenStack it has no OpenStack-specific requests headers at all. So, it’s hard to use standart middlewares and authentication methods for exteranal requests.
Problem description¶
Now we need to recreate keystoneclient and get authentication information for each request which comes from outside of OpenStack using basic auth credentials. This can be look better if we can use standart keystone middleware for external service requests, but we don’t have enough info (at least token) in the external requests.
Now you can see this behaviour in murano service broker for Cloud Foundry.
Proposed change¶
Create a new middleware which will handle external requests and add X-Auth-Token header. This should be enough for keystone middleware and murano context middleware. Middleware should be added to all external services adaptors (now we have only service broker). It’s not recommended to add it directly to murano-api because it can be real security issue.
Alternatives¶
Take everything as it is.
Data model impact¶
None
REST API impact¶
None
Versioning impact¶
None
Other end user impact¶
None
Deployer impact¶
None
Developer impact¶
Developers which will create adapters for external service shouldn’t worry about how it will authenticate and work with murano. They can simply add this middleware to their applications.
Murano-dashboard / Horizon impact¶
None
Implementation¶
Assignee(s)¶
- Primary assignee:
- starodubcevna
Work Items¶
- Implement external requests middleware
Dependencies¶
None
Testing¶
Now this can be tested in a bunch of functional tests for Cloud Foundry service broker.
Documentation Impact¶
None