yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1590608] Re: Services should use http_proxy_to_wsgi middleware

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1590608@xxxxxxxxxxxxxxxxxx>
Date: Fri, 17 Jun 2016 09:00:26 -0000
Reply-to: Bug 1590608 <1590608@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/327418
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=8b5c095d6f7e4dca93306f00416784303392a67c
Submitter: Jenkins
Branch:    master

commit 8b5c095d6f7e4dca93306f00416784303392a67c
Author: Jamie Lennox <jamielennox@xxxxxxxxx>
Date:   Thu Jun 9 09:36:19 2016 +1000

    Use http_proxy_to_wsgi from oslo.middleware
    
    Deprecate our custom usage of the HTTP_X_FORWARDED_PROTO header in
    favour of a standard middleware shared across all services. This will
    enable us to support the newer forwarding standards.
    
    Closes-Bug: #1590608
    Change-Id: Iad628a863e55cbf20c89ef23ebc7527ba8e1a835


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1590608

Title:
  Services should use http_proxy_to_wsgi middleware

Status in Barbican:
  New
Status in Cinder:
  New
Status in Glance:
  Fix Released
Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack DBaaS (Trove):
  New

Bug description:
  It's a common problem when putting a service behind a load balancer to
  need to forward the Protocol and hosts of the original request so that
  the receiving service can construct URLs to the loadbalancer and not
  the private worker node.

  Most services have implemented some form of secure_proxy_ssl_header =
  HTTP_X_FORWARDED_PROTO handling however exactly how this is done is
  dependent on the service.

  oslo.middleware provides the http_proxy_to_wsgi middleware that
  handles these headers and the newer RFC7239 forwarding header and
  completely hides the problem from the service.

  This middleware should be adopted by all services in preference to
  their own HTTP_X_FORWARDED_PROTO handling.

To manage notifications about this bug go to:
https://bugs.launchpad.net/barbican/+bug/1590608/+subscriptions

References

[Bug 1590608] [NEW] Services should use http_proxy_to_wsgi middleware
From: Jamie Lennox, 2016-06-09