diff options
| author | Eric Fried <openstack@fried.cc> | 2019-09-26 16:52:12 -0500 |
|---|---|---|
| committer | melanie witt <melwittt@gmail.com> | 2020-04-03 21:24:28 +0000 |
| commit | 1e907602e37fb55bbe5a20164db6d074f87369af (patch) | |
| tree | 0e294b0589e58776a9be79ea37a46a776e805d87 /etc/nova | |
| parent | 49a9f4564487409ae8a4ea5aed39677e234afc01 (diff) | |
| download | nova-1e907602e37fb55bbe5a20164db6d074f87369af.tar.gz | |
Allow versioned discovery unauthenticated
Make routes to the versioned discovery documents (/v2, /v2.1) go through
paste pipelines that don't require authentication, while leaving their
sub-URLs (/v2.1/servers etc) requiring authentication.
To make this work, our URLMap matcher gets support for a very
rudimentary wildcard syntax, whereby api-paste.ini can differentiate
between {/v2.1, /v2.1/} and /v2.1/$anything_else. The former points to
the unauthenticated discovery app pipeline; the latter points to the
existing "real API" pipeline. Similar for legacy v2.
This entails a slight behavior change: requests to /v2 and /v2.1 used to
302 redirect to /v2/ and /v2.1/, respectively. Now they just work.
Change-Id: Id47515017982850b167d5c637d93b96ae00ba793
Closes-Bug: #1845530
Closes-Bug: #1728732
Diffstat (limited to 'etc/nova')
| -rw-r--r-- | etc/nova/api-paste.ini | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini index 2aaa7bf808..7e20eaa7e2 100644 --- a/etc/nova/api-paste.ini +++ b/etc/nova/api-paste.ini @@ -18,13 +18,15 @@ paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory [composite:osapi_compute] use = call:nova.api.openstack.urlmap:urlmap_factory /: oscomputeversions +/v2: oscomputeversion_legacy_v2 +/v2.1: oscomputeversion_v2 # v21 is an exactly feature match for v2, except it has more stringent # input validation on the wsgi surface (prevents fuzzing early on the # API). It also provides new features via API microversions which are # opt into for clients. Unaware clients will receive the same frozen # v2 API feature set, but with some relaxed validation -/v2: openstack_compute_api_v21_legacy_v2_compatible -/v2.1: openstack_compute_api_v21 +/v2/+: openstack_compute_api_v21_legacy_v2_compatible +/v2.1/+: openstack_compute_api_v21 [composite:openstack_compute_api_v21] use = call:nova.api.auth:pipeline_factory_v21 @@ -72,9 +74,18 @@ paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory [pipeline:oscomputeversions] pipeline = cors faultwrap request_log http_proxy_to_wsgi oscomputeversionapp +[pipeline:oscomputeversion_v2] +pipeline = cors compute_req_id faultwrap request_log http_proxy_to_wsgi oscomputeversionapp_v2 + +[pipeline:oscomputeversion_legacy_v2] +pipeline = cors compute_req_id faultwrap request_log http_proxy_to_wsgi legacy_v2_compatible oscomputeversionapp_v2 + [app:oscomputeversionapp] paste.app_factory = nova.api.openstack.compute.versions:Versions.factory +[app:oscomputeversionapp_v2] +paste.app_factory = nova.api.openstack.compute.versions:VersionsV2.factory + ########## # Shared # ########## |