diff options
Diffstat (limited to 'keystone/common')
-rw-r--r-- | keystone/common/cms.py | 2 | ||||
-rw-r--r-- | keystone/common/config.py | 100 | ||||
-rw-r--r-- | keystone/common/controller.py | 7 | ||||
-rw-r--r-- | keystone/common/environment/__init__.py | 2 | ||||
-rw-r--r-- | keystone/common/environment/eventlet_server.py | 5 | ||||
-rw-r--r-- | keystone/common/ldap/core.py | 20 | ||||
-rw-r--r-- | keystone/common/ldap/fakeldap.py | 4 | ||||
-rw-r--r-- | keystone/common/openssl.py | 39 | ||||
-rw-r--r-- | keystone/common/sql/core.py | 7 | ||||
-rw-r--r-- | keystone/common/sql/legacy.py | 2 | ||||
-rw-r--r-- | keystone/common/sql/migrate_repo/versions/031_drop_credential_indexes.py | 40 | ||||
-rw-r--r-- | keystone/common/sql/migrate_repo/versions/032_username_length.py | 31 | ||||
-rw-r--r-- | keystone/common/sql/migration.py | 42 | ||||
-rw-r--r-- | keystone/common/sql/nova.py | 2 | ||||
-rw-r--r-- | keystone/common/utils.py | 15 | ||||
-rw-r--r-- | keystone/common/wsgi.py | 19 |
16 files changed, 175 insertions, 162 deletions
diff --git a/keystone/common/cms.py b/keystone/common/cms.py index 6ec740f8..09a98cdc 100644 --- a/keystone/common/cms.py +++ b/keystone/common/cms.py @@ -1,7 +1,7 @@ import hashlib from keystone.common import environment -from keystone.common import logging +from keystone.openstack.common import log as logging LOG = logging.getLogger(__name__) diff --git a/keystone/common/config.py b/keystone/common/config.py index 10c47a35..5a961d4a 100644 --- a/keystone/common/config.py +++ b/keystone/common/config.py @@ -14,110 +14,30 @@ # License for the specific language governing permissions and limitations # under the License. -import os -import sys - from oslo.config import cfg -from keystone.common import logging +from keystone.openstack.common import log as logging _DEFAULT_LOG_FORMAT = "%(asctime)s %(levelname)8s [%(name)s] %(message)s" _DEFAULT_LOG_DATE_FORMAT = "%Y-%m-%d %H:%M:%S" _DEFAULT_AUTH_METHODS = ['external', 'password', 'token'] -COMMON_CLI_OPTS = [ - cfg.BoolOpt('debug', - short='d', - default=False, - help='Print debugging output (set logging level to ' - 'DEBUG instead of default WARNING level).'), - cfg.BoolOpt('verbose', - short='v', - default=False, - help='Print more verbose output (set logging level to ' - 'INFO instead of default WARNING level).'), -] - -LOGGING_CLI_OPTS = [ - cfg.StrOpt('log-config', - metavar='PATH', - help='If this option is specified, the logging configuration ' - 'file specified is used and overrides any other logging ' - 'options specified. Please see the Python logging module ' - 'documentation for details on logging configuration ' - 'files.'), - cfg.StrOpt('log-format', - default=_DEFAULT_LOG_FORMAT, - metavar='FORMAT', - help='A logging.Formatter log message format string which may ' - 'use any of the available logging.LogRecord attributes.'), - cfg.StrOpt('log-date-format', - default=_DEFAULT_LOG_DATE_FORMAT, - metavar='DATE_FORMAT', - help='Format string for %%(asctime)s in log records.'), - cfg.StrOpt('log-file', - metavar='PATH', - help='Name of log file to output. ' - 'If not set, logging will go to stdout.'), - cfg.StrOpt('log-dir', - help='The directory in which to store log files. ' - '(will be prepended to --log-file)'), - cfg.BoolOpt('use-syslog', - default=False, - help='Use syslog for logging.'), - cfg.StrOpt('syslog-log-facility', - default='LOG_USER', - help='syslog facility to receive log lines.') -] CONF = cfg.CONF -def setup_logging(conf): +def setup_logging(conf, product_name='keystone'): """Sets up the logging options for a log with supplied name :param conf: a cfg.ConfOpts object """ - - if conf.log_config: - # Use a logging configuration file for all settings... - if os.path.exists(conf.log_config): - logging.config.fileConfig(conf.log_config) - return - else: - raise RuntimeError(_('Unable to locate specified logging ' - 'config file: %s') % conf.log_config) - - root_logger = logging.root - if conf.debug: - root_logger.setLevel(logging.DEBUG) - elif conf.verbose: - root_logger.setLevel(logging.INFO) - else: - root_logger.setLevel(logging.WARNING) - - formatter = logging.Formatter(conf.log_format, conf.log_date_format) - - if conf.use_syslog: - try: - facility = getattr(logging.SysLogHandler, - conf.syslog_log_facility) - except AttributeError: - raise ValueError(_('Invalid syslog facility')) - - handler = logging.SysLogHandler(address='/dev/log', - facility=facility) - elif conf.log_file: - logfile = conf.log_file - if conf.log_dir: - logfile = os.path.join(conf.log_dir, logfile) - handler = logging.WatchedFileHandler(logfile) - else: - handler = logging.StreamHandler(sys.stdout) - - handler.setFormatter(formatter) - root_logger.addHandler(handler) + # NOTE(ldbragst): This method will be removed along with other + # refactoring in favor of using the + # keystone/openstack/common/log.py implementation. This just ensures + # that in the time between introduction and refactoring, we still have + # a working logging implementation. + logging.setup(product_name) def setup_authentication(): @@ -176,9 +96,6 @@ def register_cli_int(*args, **kw): def configure(): - CONF.register_cli_opts(COMMON_CLI_OPTS) - CONF.register_cli_opts(LOGGING_CLI_OPTS) - register_cli_bool('standard-threads', default=False, help='Do not monkey-patch threading system modules.') @@ -210,6 +127,7 @@ def configure(): # identity register_str('default_domain_id', group='identity', default='default') + register_int('max_password_length', group='identity', default=4096) # trust register_bool('enabled', group='trust', default=True) diff --git a/keystone/common/controller.py b/keystone/common/controller.py index affc34de..1bf65cda 100644 --- a/keystone/common/controller.py +++ b/keystone/common/controller.py @@ -3,11 +3,10 @@ import functools import uuid from keystone.common import dependency -from keystone.common import logging from keystone.common import wsgi from keystone import config from keystone import exception - +from keystone.openstack.common import log as logging LOG = logging.getLogger(__name__) CONF = config.CONF @@ -169,6 +168,10 @@ class V2Controller(wsgi.Application): self._delete_tokens_for_trust(trust['trustee_user_id'], trust['id']) + def _delete_tokens_for_project(self, project_id): + for user_ref in self.identity_api.get_project_users(project_id): + self._delete_tokens_for_user(user_ref['id'], project_id=project_id) + def _require_attribute(self, ref, attr): """Ensures the reference contains the specified attribute.""" if ref.get(attr) is None or ref.get(attr) == '': diff --git a/keystone/common/environment/__init__.py b/keystone/common/environment/__init__.py index 2993536a..7ec82002 100644 --- a/keystone/common/environment/__init__.py +++ b/keystone/common/environment/__init__.py @@ -2,7 +2,7 @@ import functools import os from keystone.common import config -from keystone.common import logging +from keystone.openstack.common import log as logging CONF = config.CONF LOG = logging.getLogger(__name__) diff --git a/keystone/common/environment/eventlet_server.py b/keystone/common/environment/eventlet_server.py index fae0884e..874c4831 100644 --- a/keystone/common/environment/eventlet_server.py +++ b/keystone/common/environment/eventlet_server.py @@ -26,8 +26,7 @@ import eventlet import eventlet.wsgi import greenlet -from keystone.common import logging -from keystone.common import wsgi +from keystone.openstack.common import log as logging LOG = logging.getLogger(__name__) @@ -108,7 +107,7 @@ class Server(object): log = logging.getLogger('eventlet.wsgi.server') try: eventlet.wsgi.server(socket, application, custom_pool=self.pool, - log=wsgi.WritableLogger(log)) + log=logging.WritableLogger(log)) except Exception: LOG.exception(_('Server error')) raise diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py index 7a2dfee7..48e4121f 100644 --- a/keystone/common/ldap/core.py +++ b/keystone/common/ldap/core.py @@ -20,9 +20,8 @@ import ldap from ldap import filter as ldap_filter from keystone.common.ldap import fakeldap -from keystone.common import logging from keystone import exception - +from keystone.openstack.common import log as logging LOG = logging.getLogger(__name__) @@ -114,7 +113,7 @@ class BaseLdap(object): notfound_arg = None options_name = None model = None - attribute_mapping = {} + attribute_options_names = {} attribute_ignore = [] tree_dn = None @@ -129,6 +128,7 @@ class BaseLdap(object): self.tls_cacertfile = conf.ldap.tls_cacertfile self.tls_cacertdir = conf.ldap.tls_cacertdir self.tls_req_cert = parse_tls_cert(conf.ldap.tls_req_cert) + self.attribute_mapping = {} if self.options_name is not None: self.suffix = conf.ldap.suffix @@ -145,6 +145,10 @@ class BaseLdap(object): self.object_class = (getattr(conf.ldap, objclass) or self.DEFAULT_OBJECTCLASS) + for k, v in self.attribute_options_names.iteritems(): + v = '%s_%s_attribute' % (self.options_name, v) + self.attribute_mapping[k] = getattr(conf.ldap, v) + attr_mapping_opt = ('%s_additional_attribute_mapping' % self.options_name) attr_mapping = (getattr(conf.ldap, attr_mapping_opt) @@ -167,6 +171,10 @@ class BaseLdap(object): if self.notfound_arg is None: self.notfound_arg = self.options_name + '_id' + + attribute_ignore = '%s_attribute_ignore' % self.options_name + self.attribute_ignore = getattr(conf.ldap, attribute_ignore) + self.use_dumb_member = getattr(conf.ldap, 'use_dumb_member') self.dumb_member = (getattr(conf.ldap, 'dumb_member') or self.DUMB_MEMBER_DN) @@ -500,7 +508,7 @@ class LdapWrapper(object): def add_s(self, dn, attrs): ldap_attrs = [(kind, [py2ldap(x) for x in safe_iter(values)]) for kind, values in attrs] - if LOG.isEnabledFor(logging.DEBUG): + if LOG.isEnabledFor(LOG.debug): sane_attrs = [(kind, values if kind != 'userPassword' else ['****']) @@ -510,7 +518,7 @@ class LdapWrapper(object): return self.conn.add_s(dn, ldap_attrs) def search_s(self, dn, scope, query, attrlist=None): - if LOG.isEnabledFor(logging.DEBUG): + if LOG.isEnabledFor(LOG.debug): LOG.debug(_( 'LDAP search: dn=%(dn)s, scope=%(scope)s, query=%(query)s, ' 'attrs=%(attrlist)s') % { @@ -577,7 +585,7 @@ class LdapWrapper(object): else [py2ldap(x) for x in safe_iter(values)])) for op, kind, values in modlist] - if LOG.isEnabledFor(logging.DEBUG): + if LOG.isEnabledFor(LOG.debug): sane_modlist = [(op, kind, (values if kind != 'userPassword' else ['****'])) for op, kind, values in ldap_modlist] diff --git a/keystone/common/ldap/fakeldap.py b/keystone/common/ldap/fakeldap.py index f6c95895..c19e1355 100644 --- a/keystone/common/ldap/fakeldap.py +++ b/keystone/common/ldap/fakeldap.py @@ -29,8 +29,8 @@ import shelve import ldap -from keystone.common import logging from keystone.common import utils +from keystone.openstack.common import log as logging SCOPE_NAMES = { @@ -41,8 +41,6 @@ SCOPE_NAMES = { LOG = logging.getLogger(__name__) -#Only enable a lower level than WARN if you are actively debugging -LOG.level = logging.WARN def _match_query(query, attrs): diff --git a/keystone/common/openssl.py b/keystone/common/openssl.py index fa09e37c..280815ae 100644 --- a/keystone/common/openssl.py +++ b/keystone/common/openssl.py @@ -19,9 +19,8 @@ import os import stat from keystone.common import environment -from keystone.common import logging from keystone import config - +from keystone.openstack.common import log as logging LOG = logging.getLogger(__name__) CONF = config.CONF @@ -51,6 +50,7 @@ class BaseCertificateConfigure(object): self.request_file_name = os.path.join(self.conf_dir, "req.pem") self.ssl_dictionary = {'conf_dir': self.conf_dir, 'ca_cert': conf_obj.ca_certs, + 'default_md': 'default', 'ssl_config': self.ssl_config_file_name, 'ca_private_key': conf_obj.ca_key, 'request_file': self.request_file_name, @@ -60,6 +60,17 @@ class BaseCertificateConfigure(object): 'valid_days': int(conf_obj.valid_days), 'cert_subject': conf_obj.cert_subject, 'ca_password': conf_obj.ca_password} + + try: + # OpenSSL 1.0 and newer support default_md = default, olders do not + openssl_ver = environment.subprocess.Popen( + ['openssl', 'version'], + stdout=environment.subprocess.PIPE).stdout.read() + if "OpenSSL 0." in openssl_ver: + self.ssl_dictionary['default_md'] = 'sha1' + except OSError: + LOG.warn('Failed to invoke ``openssl version``, ' + 'assuming is v1.0 or newer') self.ssl_dictionary.update(kwargs) def _make_dirs(self, file_name): @@ -198,7 +209,7 @@ new_certs_dir = $dir serial = $dir/serial database = $dir/index.txt default_days = 365 -default_md = default # use public key default MD +default_md = %(default_md)s preserve = no email_in_dn = no nameopt = default_ca @@ -218,35 +229,35 @@ emailAddress = optional [ req ] default_bits = 2048 # Size of keys default_keyfile = key.pem # name of generated keys -default_md = default # message digest algorithm -string_mask = nombstr # permitted characters +string_mask = utf8only # permitted characters distinguished_name = req_distinguished_name req_extensions = v3_req +x509_extensions = v3_ca [ req_distinguished_name ] -0.organizationName = Organization Name (company) -organizationalUnitName = Organizational Unit Name (department, division) -emailAddress = Email Address -emailAddress_max = 40 -localityName = Locality Name (city, district) -stateOrProvinceName = State or Province Name (full name) countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 +stateOrProvinceName = State or Province Name (full name) +localityName = Locality Name (city, district) +0.organizationName = Organization Name (company) +organizationalUnitName = Organizational Unit Name (department, division) commonName = Common Name (hostname, IP, or your name) commonName_max = 64 +emailAddress = Email Address +emailAddress_max = 64 [ v3_ca ] basicConstraints = CA:TRUE subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always +authorityKeyIdentifier = keyid:always,issuer [ v3_req ] basicConstraints = CA:FALSE -subjectKeyIdentifier = hash +keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ usr_cert ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always +authorityKeyIdentifier = keyid:always """ diff --git a/keystone/common/sql/core.py b/keystone/common/sql/core.py index 2d3114f2..fdb45c74 100644 --- a/keystone/common/sql/core.py +++ b/keystone/common/sql/core.py @@ -26,10 +26,10 @@ from sqlalchemy.orm.attributes import InstrumentedAttribute import sqlalchemy.pool from sqlalchemy import types as sql_types -from keystone.common import logging from keystone import config from keystone import exception from keystone.openstack.common import jsonutils +from keystone.openstack.common import log as logging LOG = logging.getLogger(__name__) @@ -45,6 +45,7 @@ ModelBase = declarative.declarative_base() # For exporting to other modules Column = sql.Column +Index = sql.Index String = sql.String ForeignKey = sql.ForeignKey DateTime = sql.DateTime @@ -54,6 +55,8 @@ NotFound = sql.orm.exc.NoResultFound Boolean = sql.Boolean Text = sql.Text UniqueConstraint = sql.UniqueConstraint +relationship = sql.orm.relationship +joinedload = sql.orm.joinedload def initialize_decorator(init): @@ -179,6 +182,8 @@ class DictBase(object): setattr(self, key, value) def __getitem__(self, key): + if key in self.extra: + return self.extra[key] return getattr(self, key) def get(self, key, default=None): diff --git a/keystone/common/sql/legacy.py b/keystone/common/sql/legacy.py index c8adc900..d88e5a46 100644 --- a/keystone/common/sql/legacy.py +++ b/keystone/common/sql/legacy.py @@ -21,10 +21,10 @@ from sqlalchemy import exc from keystone.assignment.backends import sql as assignment_sql -from keystone.common import logging from keystone import config from keystone.contrib.ec2.backends import sql as ec2_sql from keystone.identity.backends import sql as identity_sql +from keystone.openstack.common import log as logging LOG = logging.getLogger(__name__) diff --git a/keystone/common/sql/migrate_repo/versions/031_drop_credential_indexes.py b/keystone/common/sql/migrate_repo/versions/031_drop_credential_indexes.py new file mode 100644 index 00000000..89ca04f0 --- /dev/null +++ b/keystone/common/sql/migrate_repo/versions/031_drop_credential_indexes.py @@ -0,0 +1,40 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2013 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import sqlalchemy + + +def upgrade(migrate_engine): + #This migration is relevant only for mysql because for all other + #migrate engines these indexes were successfully dropped. + if migrate_engine.name != 'mysql': + return + meta = sqlalchemy.MetaData(bind=migrate_engine) + table = sqlalchemy.Table('credential', meta, autoload=True) + for index in table.indexes: + index.drop() + + +def downgrade(migrate_engine): + if migrate_engine.name != 'mysql': + return + meta = sqlalchemy.MetaData(bind=migrate_engine) + table = sqlalchemy.Table('credential', meta, autoload=True) + index = sqlalchemy.Index('user_id', table.c['user_id']) + index.create() + index = sqlalchemy.Index('credential_project_id_fkey', + table.c['project_id']) + index.create() diff --git a/keystone/common/sql/migrate_repo/versions/032_username_length.py b/keystone/common/sql/migrate_repo/versions/032_username_length.py new file mode 100644 index 00000000..636ebd75 --- /dev/null +++ b/keystone/common/sql/migrate_repo/versions/032_username_length.py @@ -0,0 +1,31 @@ +import sqlalchemy as sql +from sqlalchemy.orm import sessionmaker + + +def upgrade(migrate_engine): + meta = sql.MetaData() + meta.bind = migrate_engine + user_table = sql.Table('user', meta, autoload=True) + user_table.c.name.alter(type=sql.String(255)) + + +def downgrade(migrate_engine): + meta = sql.MetaData() + meta.bind = migrate_engine + user_table = sql.Table('user', meta, autoload=True) + if migrate_engine.name != 'mysql': + # NOTE(aloga): sqlite does not enforce length on the + # VARCHAR types: http://www.sqlite.org/faq.html#q9 + # postgresql and DB2 do not truncate. + maker = sessionmaker(bind=migrate_engine) + session = maker() + for user in session.query(user_table).all(): + values = {'name': user.name[:64]} + update = (user_table.update(). + where(user_table.c.id == user.id). + values(values)) + migrate_engine.execute(update) + + session.commit() + session.close() + user_table.c.name.alter(type=sql.String(64)) diff --git a/keystone/common/sql/migration.py b/keystone/common/sql/migration.py index 86e0254c..3cb9cd63 100644 --- a/keystone/common/sql/migration.py +++ b/keystone/common/sql/migration.py @@ -39,39 +39,51 @@ except ImportError: sys.exit('python-migrate is not installed. Exiting.') -def db_sync(version=None): +def migrate_repository(version, current_version, repo_path): + if version is None or version > current_version: + result = versioning_api.upgrade(CONF.sql.connection, + repo_path, version) + else: + result = versioning_api.downgrade( + CONF.sql.connection, repo_path, version) + return result + + +def db_sync(version=None, repo_path=None): if version is not None: try: version = int(version) except ValueError: raise Exception(_('version should be an integer')) + if repo_path is None: + repo_path = find_migrate_repo() + current_version = db_version(repo_path=repo_path) + return migrate_repository(version, current_version, repo_path) - current_version = db_version() - repo_path = _find_migrate_repo() - if version is None or version > current_version: - return versioning_api.upgrade(CONF.sql.connection, repo_path, version) - else: - return versioning_api.downgrade( - CONF.sql.connection, repo_path, version) - -def db_version(): - repo_path = _find_migrate_repo() +def db_version(repo_path=None): + if repo_path is None: + repo_path = find_migrate_repo() try: return versioning_api.db_version(CONF.sql.connection, repo_path) except versioning_exceptions.DatabaseNotControlledError: return db_version_control(0) -def db_version_control(version=None): - repo_path = _find_migrate_repo() +def db_version_control(version=None, repo_path=None): + if repo_path is None: + repo_path = find_migrate_repo() versioning_api.version_control(CONF.sql.connection, repo_path, version) return version -def _find_migrate_repo(): +def find_migrate_repo(package=None): """Get the path for the migrate repository.""" - path = os.path.join(os.path.abspath(os.path.dirname(__file__)), + if package is None: + file = __file__ + else: + file = package.__file__ + path = os.path.join(os.path.abspath(os.path.dirname(file)), 'migrate_repo') assert os.path.exists(path) return path diff --git a/keystone/common/sql/nova.py b/keystone/common/sql/nova.py index fd8d2481..c7abfb81 100644 --- a/keystone/common/sql/nova.py +++ b/keystone/common/sql/nova.py @@ -19,10 +19,10 @@ import uuid from keystone import assignment -from keystone.common import logging from keystone import config from keystone.contrib.ec2.backends import sql as ec2_sql from keystone import identity +from keystone.openstack.common import log as logging LOG = logging.getLogger(__name__) diff --git a/keystone/common/utils.py b/keystone/common/utils.py index fd2d7567..4abad57a 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -27,8 +27,8 @@ import passlib.hash from keystone.common import config from keystone.common import environment -from keystone.common import logging from keystone import exception +from keystone.openstack.common import log as logging CONF = config.CONF @@ -36,8 +36,6 @@ config.register_int('crypt_strength', default=40000) LOG = logging.getLogger(__name__) -MAX_PASSWORD_LENGTH = 4096 - def read_cached_file(filename, cache_info, reload_func=None): """Read from a file if it has been modified. @@ -68,12 +66,13 @@ class SmarterEncoder(json.JSONEncoder): def trunc_password(password): - """Truncate passwords to the MAX_PASSWORD_LENGTH.""" + """Truncate passwords to the max_length.""" + max_length = CONF.identity.max_password_length try: - if len(password) > MAX_PASSWORD_LENGTH: - return password[:MAX_PASSWORD_LENGTH] - else: - return password + if len(password) > max_length: + LOG.warning( + _('Truncating user password to %s characters.') % max_length) + return password[:max_length] except TypeError: raise exception.ValidationError(attribute='string', target='password') diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py index f47cde13..d515fde6 100644 --- a/keystone/common/wsgi.py +++ b/keystone/common/wsgi.py @@ -27,11 +27,11 @@ import webob.dec import webob.exc from keystone.common import config -from keystone.common import logging from keystone.common import utils from keystone import exception from keystone.openstack.common import importutils from keystone.openstack.common import jsonutils +from keystone.openstack.common import log as logging CONF = config.CONF @@ -122,17 +122,6 @@ def validate_token_bind(context, token_ref): raise exception.Unauthorized() -class WritableLogger(object): - """A thin wrapper that responds to `write` and logs.""" - - def __init__(self, logger, level=logging.DEBUG): - self.logger = logger - self.level = level - - def write(self, msg): - self.logger.log(self.level, msg) - - class Request(webob.Request): pass @@ -394,7 +383,7 @@ class Debug(Middleware): @webob.dec.wsgify(RequestClass=Request) def __call__(self, req): - if LOG.isEnabledFor(logging.DEBUG): + if LOG.isEnabledFor(LOG.debug): LOG.debug('%s %s %s', ('*' * 20), 'REQUEST ENVIRON', ('*' * 20)) for key, value in req.environ.items(): LOG.debug('%s = %s', key, mask_password(value, @@ -406,7 +395,7 @@ class Debug(Middleware): LOG.debug('') resp = req.get_response(self.application) - if LOG.isEnabledFor(logging.DEBUG): + if LOG.isEnabledFor(LOG.debug): LOG.debug('%s %s %s', ('*' * 20), 'RESPONSE HEADERS', ('*' * 20)) for (key, value) in resp.headers.iteritems(): LOG.debug('%s = %s', key, value) @@ -455,7 +444,7 @@ class Router(object): # if we're only running in debug, bump routes' internal logging up a # notch, as it's very spammy if CONF.debug: - logging.getLogger('routes.middleware').setLevel(logging.INFO) + logging.getLogger('routes.middleware') self.map = mapper self._router = routes.middleware.RoutesMiddleware(self._dispatch, |