diff options
| author | Jim Rollenhagen <jim@jimrollenhagen.com> | 2015-02-24 21:44:00 +0000 |
|---|---|---|
| committer | Jim Rollenhagen <jim@jimrollenhagen.com> | 2015-02-26 11:42:29 -0800 |
| commit | 0f4d454bf2093d3d62460f88aa9288bee3286b38 (patch) | |
| tree | 8fec55cfda4af4d76eb3d282655f8ee091d2aa6e | |
| parent | 9b5e8e18f43bdaf567fee34ded610baa781f9e57 (diff) | |
| download | ironic-0f4d454bf2093d3d62460f88aa9288bee3286b38.tar.gz | |
Create new config for pecan debug mode
Pecan's debug mode can be terribly insecure; 500 errors return a
Python traceback, the full list of environment variables, and a
button to replay the request with a breakpoint.
Deployers often run OpenStack services in debug mode; doing so should
not open the service up to these flaws. However, it may be useful
to use Pecan's debug mode in development, so create a config option
to enable it, rather than disable it altogether.
Change-Id: I5bc76b4101c563cdc168d2e55db060c1bdd0b5fe
Closes-Bug: #1425206
| -rw-r--r-- | ironic/api/app.py | 10 | ||||
| -rw-r--r-- | ironic/api/config.py | 4 |
2 files changed, 8 insertions, 6 deletions
diff --git a/ironic/api/app.py b/ironic/api/app.py index 605e7c4a7..6d765d314 100644 --- a/ironic/api/app.py +++ b/ironic/api/app.py @@ -24,14 +24,18 @@ from ironic.api import hooks from ironic.api import middleware from ironic.common import policy -auth_opts = [ +api_opts = [ cfg.StrOpt('auth_strategy', default='keystone', help='Method to use for authentication: noauth or keystone.'), + cfg.BoolOpt('pecan_debug', + default=False, + help=('Enable pecan debug mode. WARNING: this is insecure ' + 'and should not be used in production.')), ] CONF = cfg.CONF -CONF.register_opts(auth_opts) +CONF.register_opts(api_opts) def get_pecan_config(): @@ -62,7 +66,7 @@ def setup_app(pecan_config=None, extra_hooks=None): app = pecan.make_app( pecan_config.app.root, static_root=pecan_config.app.static_root, - debug=CONF.debug, + debug=CONF.pecan_debug, force_canonical=getattr(pecan_config.app, 'force_canonical', True), hooks=app_hooks, wrap_app=middleware.ParsableErrorMiddleware, diff --git a/ironic/api/config.py b/ironic/api/config.py index 5aa76f9c7..35d4e63e3 100644 --- a/ironic/api/config.py +++ b/ironic/api/config.py @@ -12,8 +12,6 @@ # License for the specific language governing permissions and limitations # under the License. -from oslo.config import cfg - # Server Specific Configurations # See https://pecan.readthedocs.org/en/latest/configuration.html#server-configuration # noqa server = { @@ -40,5 +38,5 @@ app = { # WSME Configurations # See https://wsme.readthedocs.org/en/latest/integrate.html#configuration wsme = { - 'debug': cfg.CONF.debug, + 'debug': False, } |