yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1590608] Re: Services should use http_proxy_to_wsgi middleware

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1590608@xxxxxxxxxxxxxxxxxx>
Date: Tue, 11 Oct 2016 01:31:54 -0000
Reply-to: Bug 1590608 <1590608@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/384314
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=6ad6ca33e73686437098c3eec3d35efec0dd03ac
Submitter: Jenkins
Branch:    master

commit 6ad6ca33e73686437098c3eec3d35efec0dd03ac
Author: Juan Antonio Osorio Robles <jaosorior@xxxxxxxxxx>
Date:   Mon Oct 10 09:46:14 2016 +0300

    Add http_proxy_to_wsgi middleware to Heat CFN endpoint
    
    This was already used in the API endpoint, but it's also needed in
    the CFN endpoint. It's purpose is to process the X-Forwarded-Proto
    header (or Proxy protocol if used) and set the protocol as directed
    to https if done so. It's only needed if Heat is behind a TLS proxy
    (such as HAProxy) and is also disabled by default.
    
    Change-Id: Ibd81e1cf6bc1e3f63728b485e295478afa7f573c
    Closes-Bug: #1590608


** Changed in: heat
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1590608

Title:
  Services should use http_proxy_to_wsgi middleware

Status in Aodh:
  Fix Released
Status in Barbican:
  Confirmed
Status in Ceilometer:
  Fix Released
Status in Cinder:
  Fix Released
Status in cloudkitty:
  In Progress
Status in congress:
  New
Status in Glance:
  Fix Released
Status in Gnocchi:
  Fix Committed
Status in heat:
  Fix Released
Status in OpenStack Identity (keystone):
  Fix Released
Status in Magnum:
  New
Status in neutron:
  In Progress
Status in Panko:
  Fix Released
Status in OpenStack Search (Searchlight):
  In Progress
Status in senlin:
  In Progress
Status in OpenStack DBaaS (Trove):
  In Progress

Bug description:
  It's a common problem when putting a service behind a load balancer to
  need to forward the Protocol and hosts of the original request so that
  the receiving service can construct URLs to the loadbalancer and not
  the private worker node.

  Most services have implemented some form of secure_proxy_ssl_header =
  HTTP_X_FORWARDED_PROTO handling however exactly how this is done is
  dependent on the service.

  oslo.middleware provides the http_proxy_to_wsgi middleware that
  handles these headers and the newer RFC7239 forwarding header and
  completely hides the problem from the service.

  This middleware should be adopted by all services in preference to
  their own HTTP_X_FORWARDED_PROTO handling.

To manage notifications about this bug go to:
https://bugs.launchpad.net/aodh/+bug/1590608/+subscriptions

References

[Bug 1590608] [NEW] Services should use http_proxy_to_wsgi middleware
From: Jamie Lennox, 2016-06-09