Disable v3 API by default
Since v3 is still unstable and has experimental status it's better to disable it by default for security reasons. This commit does it by setting 'enable_v3_api=False'. Also all required documentation was added to related sections. DocImpact Change-Id: I412d0645d667400333532123008a24966aa23880
This commit is contained in:
parent
d5a8c91d2f
commit
6fe3626bb5
@ -1325,9 +1325,9 @@ Optional. Default: ``True``
|
|||||||
Defines which version(s) of the Registry API will be enabled.
|
Defines which version(s) of the Registry API will be enabled.
|
||||||
If the Glance API server parameter ``enable_v1_api`` has been set to ``True`` the
|
If the Glance API server parameter ``enable_v1_api`` has been set to ``True`` the
|
||||||
``enable_v1_registry`` has to be ``True`` as well.
|
``enable_v1_registry`` has to be ``True`` as well.
|
||||||
If the Glance API server parameter ``enable_v2_api`` has been set to ``True`` and
|
If the Glance API server parameter ``enable_v2_api`` or ``enable_v3_api`` has been
|
||||||
the parameter ``data_api`` has been set to ``glance.db.registry.api`` the
|
set to ``True`` and the parameter ``data_api`` has been set to
|
||||||
``enable_v2_registry`` has to be set to ``True``
|
``glance.db.registry.api`` the ``enable_v2_registry`` has to be set to ``True``
|
||||||
|
|
||||||
|
|
||||||
Configuring Notifications
|
Configuring Notifications
|
||||||
@ -1382,9 +1382,9 @@ Optional. Default: ``roles``.
|
|||||||
Configuring Glance APIs
|
Configuring Glance APIs
|
||||||
-----------------------
|
-----------------------
|
||||||
|
|
||||||
The glance-api service implements versions 1 and 2 of the OpenStack
|
The glance-api service implements versions 1, 2 and 3 of
|
||||||
Images API. Disable either version of the Images API using the
|
the OpenStack Images API. Disable any version of
|
||||||
following options:
|
the Images API using the following options:
|
||||||
|
|
||||||
* ``enable_v1_api=<True|False>``
|
* ``enable_v1_api=<True|False>``
|
||||||
|
|
||||||
@ -1394,11 +1394,12 @@ Optional. Default: ``True``
|
|||||||
|
|
||||||
Optional. Default: ``True``
|
Optional. Default: ``True``
|
||||||
|
|
||||||
**IMPORTANT NOTE**: The v1 API is implemented on top of the
|
* ``enable_v3_api=<True|False>``
|
||||||
glance-registry service while the v2 API is not. This means that
|
|
||||||
in order to use the v2 API, you must copy the necessary sql
|
Optional. Default: ``False``
|
||||||
configuration from your glance-registry service to your
|
|
||||||
glance-api configuration file.
|
**IMPORTANT NOTE**: To use v2 registry in v2 or v3 API, you must set
|
||||||
|
``data_api`` to glance.db.registry.api in glance-api.conf.
|
||||||
|
|
||||||
Configuring Glance Tasks
|
Configuring Glance Tasks
|
||||||
------------------------
|
------------------------
|
||||||
|
@ -64,6 +64,9 @@ backlog = 4096
|
|||||||
# Allow access to version 2 of glance api
|
# Allow access to version 2 of glance api
|
||||||
#enable_v2_api = True
|
#enable_v2_api = True
|
||||||
|
|
||||||
|
# Allow access to version 3 of glance api
|
||||||
|
#enable_v3_api = False
|
||||||
|
|
||||||
# Return the URL that references where the data is stored on
|
# Return the URL that references where the data is stored on
|
||||||
# the backend storage system. For example, if using the
|
# the backend storage system. For example, if using the
|
||||||
# file system store a URL of 'file:///path/to/image' will
|
# file system store a URL of 'file:///path/to/image' will
|
||||||
|
@ -20,10 +20,10 @@ CONF = cfg.CONF
|
|||||||
|
|
||||||
|
|
||||||
def root_app_factory(loader, global_conf, **local_conf):
|
def root_app_factory(loader, global_conf, **local_conf):
|
||||||
if not CONF.enable_v1_api:
|
if not CONF.enable_v1_api and '/v1' in local_conf:
|
||||||
del local_conf['/v1']
|
del local_conf['/v1']
|
||||||
if not CONF.enable_v2_api:
|
if not CONF.enable_v2_api and '/v2' in local_conf:
|
||||||
del local_conf['/v2']
|
del local_conf['/v2']
|
||||||
if not CONF.enable_v3_api:
|
if not CONF.enable_v3_api and '/v3' in local_conf:
|
||||||
del local_conf['/v3']
|
del local_conf['/v3']
|
||||||
return paste.urlmap.urlmap_factory(loader, global_conf, **local_conf)
|
return paste.urlmap.urlmap_factory(loader, global_conf, **local_conf)
|
||||||
|
@ -150,7 +150,7 @@ common_opts = [
|
|||||||
help=_("Deploy the v1 OpenStack Images API.")),
|
help=_("Deploy the v1 OpenStack Images API.")),
|
||||||
cfg.BoolOpt('enable_v2_api', default=True,
|
cfg.BoolOpt('enable_v2_api', default=True,
|
||||||
help=_("Deploy the v2 OpenStack Images API.")),
|
help=_("Deploy the v2 OpenStack Images API.")),
|
||||||
cfg.BoolOpt('enable_v3_api', default=True,
|
cfg.BoolOpt('enable_v3_api', default=False,
|
||||||
help=_("Deploy the v3 OpenStack Objects API.")),
|
help=_("Deploy the v3 OpenStack Objects API.")),
|
||||||
cfg.BoolOpt('enable_v1_registry', default=True,
|
cfg.BoolOpt('enable_v1_registry', default=True,
|
||||||
help=_("Deploy the v1 OpenStack Registry API.")),
|
help=_("Deploy the v1 OpenStack Registry API.")),
|
||||||
|
@ -55,6 +55,7 @@ paste.composite_factory = glance.api:root_app_factory
|
|||||||
/: apiversions
|
/: apiversions
|
||||||
/v1: apiv1app
|
/v1: apiv1app
|
||||||
/v2: apiv2app
|
/v2: apiv2app
|
||||||
|
/v3: apiv3app
|
||||||
|
|
||||||
[app:apiversions]
|
[app:apiversions]
|
||||||
paste.app_factory = glance.api.versions:create_resource
|
paste.app_factory = glance.api.versions:create_resource
|
||||||
@ -65,6 +66,9 @@ paste.app_factory = glance.api.v1.router:API.factory
|
|||||||
[app:apiv2app]
|
[app:apiv2app]
|
||||||
paste.app_factory = glance.api.v2.router:API.factory
|
paste.app_factory = glance.api.v2.router:API.factory
|
||||||
|
|
||||||
|
[app:apiv3app]
|
||||||
|
paste.app_factory = glance.api.v3.router:API.factory
|
||||||
|
|
||||||
[filter:versionnegotiation]
|
[filter:versionnegotiation]
|
||||||
paste.filter_factory =
|
paste.filter_factory =
|
||||||
glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
||||||
|
@ -58,6 +58,7 @@ paste.composite_factory = glance.api:root_app_factory
|
|||||||
/: apiversions
|
/: apiversions
|
||||||
/v1: apiv1app
|
/v1: apiv1app
|
||||||
/v2: apiv2app
|
/v2: apiv2app
|
||||||
|
/v3: apiv3app
|
||||||
|
|
||||||
[app:apiversions]
|
[app:apiversions]
|
||||||
paste.app_factory = glance.api.versions:create_resource
|
paste.app_factory = glance.api.versions:create_resource
|
||||||
@ -68,6 +69,9 @@ paste.app_factory = glance.api.v1.router:API.factory
|
|||||||
[app:apiv2app]
|
[app:apiv2app]
|
||||||
paste.app_factory = glance.api.v2.router:API.factory
|
paste.app_factory = glance.api.v2.router:API.factory
|
||||||
|
|
||||||
|
[app:apiv3app]
|
||||||
|
paste.app_factory = glance.api.v3.router:API.factory
|
||||||
|
|
||||||
[filter:versionnegotiation]
|
[filter:versionnegotiation]
|
||||||
paste.filter_factory =
|
paste.filter_factory =
|
||||||
glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
||||||
|
@ -34,12 +34,6 @@ class VersionsTest(base.IsolatedUnitTest):
|
|||||||
self.assertEqual('application/json', res.content_type)
|
self.assertEqual('application/json', res.content_type)
|
||||||
results = jsonutils.loads(res.body)['versions']
|
results = jsonutils.loads(res.body)['versions']
|
||||||
expected = [
|
expected = [
|
||||||
{
|
|
||||||
'status': 'EXPERIMENTAL',
|
|
||||||
'id': 'v3.0',
|
|
||||||
'links': [{'href': 'http://127.0.0.1:9292/v3/',
|
|
||||||
'rel': 'self'}],
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
'id': 'v2.3',
|
'id': 'v2.3',
|
||||||
'status': 'CURRENT',
|
'status': 'CURRENT',
|
||||||
@ -89,12 +83,6 @@ class VersionsTest(base.IsolatedUnitTest):
|
|||||||
self.assertEqual('application/json', res.content_type)
|
self.assertEqual('application/json', res.content_type)
|
||||||
results = jsonutils.loads(res.body)['versions']
|
results = jsonutils.loads(res.body)['versions']
|
||||||
expected = [
|
expected = [
|
||||||
{
|
|
||||||
'status': 'EXPERIMENTAL',
|
|
||||||
'id': 'v3.0',
|
|
||||||
'links': [{'href': 'https://example.com:9292/v3/',
|
|
||||||
'rel': 'self'}],
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
'id': 'v2.3',
|
'id': 'v2.3',
|
||||||
'status': 'CURRENT',
|
'status': 'CURRENT',
|
||||||
@ -184,13 +172,13 @@ class VersionNegotiationTest(base.IsolatedUnitTest):
|
|||||||
|
|
||||||
def test_request_url_v3(self):
|
def test_request_url_v3(self):
|
||||||
request = webob.Request.blank('/v3/artifacts')
|
request = webob.Request.blank('/v3/artifacts')
|
||||||
self.middleware.process_request(request)
|
resp = self.middleware.process_request(request)
|
||||||
self.assertEqual('/v3/artifacts', request.path_info)
|
self.assertIsInstance(resp, versions.Controller)
|
||||||
|
|
||||||
def test_request_url_v3_0(self):
|
def test_request_url_v3_0(self):
|
||||||
request = webob.Request.blank('/v3.0/artifacts')
|
request = webob.Request.blank('/v3.0/artifacts')
|
||||||
self.middleware.process_request(request)
|
resp = self.middleware.process_request(request)
|
||||||
self.assertEqual('/v3/artifacts', request.path_info)
|
self.assertIsInstance(resp, versions.Controller)
|
||||||
|
|
||||||
def test_request_url_v2_3_unsupported(self):
|
def test_request_url_v2_3_unsupported(self):
|
||||||
request = webob.Request.blank('/v2.3/images')
|
request = webob.Request.blank('/v2.3/images')
|
||||||
|
Loading…
Reference in New Issue
Block a user