1 |
|
2 # heat-api pipeline |
|
3 [pipeline:heat-api] |
|
4 pipeline = faultwrap versionnegotiation authtoken context apiv1app |
|
5 |
|
6 # heat-api pipeline for standalone heat |
|
7 # ie. uses alternative auth backend that authenticates users against keystone |
|
8 # using username and password instead of validating token (which requires |
|
9 # an admin/service token). |
|
10 # To enable, in heat.conf: |
|
11 # [paste_deploy] |
|
12 # flavor = standalone |
|
13 # |
|
14 [pipeline:heat-api-standalone] |
|
15 pipeline = faultwrap versionnegotiation authpassword context apiv1app |
|
16 |
|
17 # heat-api pipeline for custom cloud backends |
|
18 # i.e. in heat.conf: |
|
19 # [paste_deploy] |
|
20 # flavor = custombackend |
|
21 # |
|
22 [pipeline:heat-api-custombackend] |
|
23 pipeline = faultwrap versionnegotiation context custombackendauth apiv1app |
|
24 |
|
25 # heat-api-cfn pipeline |
|
26 [pipeline:heat-api-cfn] |
|
27 pipeline = cfnversionnegotiation ec2authtoken authtoken context apicfnv1app |
|
28 |
|
29 # heat-api-cfn pipeline for standalone heat |
|
30 # relies exclusively on authenticating with ec2 signed requests |
|
31 [pipeline:heat-api-cfn-standalone] |
|
32 pipeline = cfnversionnegotiation ec2authtoken context apicfnv1app |
|
33 |
|
34 # heat-api-cloudwatch pipeline |
|
35 [pipeline:heat-api-cloudwatch] |
|
36 pipeline = versionnegotiation ec2authtoken authtoken context apicwapp |
|
37 |
|
38 # heat-api-cloudwatch pipeline for standalone heat |
|
39 # relies exclusively on authenticating with ec2 signed requests |
|
40 [pipeline:heat-api-cloudwatch-standalone] |
|
41 pipeline = versionnegotiation ec2authtoken context apicwapp |
|
42 |
|
43 [app:apiv1app] |
|
44 paste.app_factory = heat.common.wsgi:app_factory |
|
45 heat.app_factory = heat.api.openstack.v1:API |
|
46 |
|
47 [app:apicfnv1app] |
|
48 paste.app_factory = heat.common.wsgi:app_factory |
|
49 heat.app_factory = heat.api.cfn.v1:API |
|
50 |
|
51 [app:apicwapp] |
|
52 paste.app_factory = heat.common.wsgi:app_factory |
|
53 heat.app_factory = heat.api.cloudwatch:API |
|
54 |
|
55 [filter:versionnegotiation] |
|
56 paste.filter_factory = heat.common.wsgi:filter_factory |
|
57 heat.filter_factory = heat.api.openstack:version_negotiation_filter |
|
58 |
|
59 [filter:faultwrap] |
|
60 paste.filter_factory = heat.common.wsgi:filter_factory |
|
61 heat.filter_factory = heat.api.openstack:faultwrap_filter |
|
62 |
|
63 [filter:cfnversionnegotiation] |
|
64 paste.filter_factory = heat.common.wsgi:filter_factory |
|
65 heat.filter_factory = heat.api.cfn:version_negotiation_filter |
|
66 |
|
67 [filter:cwversionnegotiation] |
|
68 paste.filter_factory = heat.common.wsgi:filter_factory |
|
69 heat.filter_factory = heat.api.cloudwatch:version_negotiation_filter |
|
70 |
|
71 [filter:context] |
|
72 paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory |
|
73 |
|
74 [filter:ec2authtoken] |
|
75 paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory |
|
76 |
|
77 # Auth middleware that validates token against keystone |
|
78 [filter:authtoken] |
|
79 paste.filter_factory = heat.common.auth_token:filter_factory |
|
80 auth_uri = http://127.0.0.1:5000/v2.0 |
|
81 identity_uri = http://127.0.0.1:35357 |
|
82 admin_tenant_name = %SERVICE_TENANT_NAME% |
|
83 admin_user = %SERVICE_USER% |
|
84 admin_password = %SERVICE_PASSWORD% |
|
85 |
|
86 # Auth middleware that validates username/password against keystone |
|
87 [filter:authpassword] |
|
88 paste.filter_factory = heat.common.auth_password:filter_factory |
|
89 |
|
90 # Auth middleware that validates against custom backend |
|
91 [filter:custombackendauth] |
|
92 paste.filter_factory = heat.common.custom_backend_auth:filter_factory |
|