Disable v3 API by default

Since v3 is still unstable and has experimental status it's
better to disable it by default for security reasons. This
commit does it by setting 'enable_v3_api=False'.

Also all required documentation was added to related sections.

DocImpact

Change-Id: I412d0645d667400333532123008a24966aa23880
This commit is contained in:
Mike Fedosin 2015-08-21 19:36:42 +03:00
parent d5a8c91d2f
commit 6fe3626bb5
7 changed files with 31 additions and 31 deletions

View File

@ -1325,9 +1325,9 @@ Optional. Default: ``True``
Defines which version(s) of the Registry API will be enabled. Defines which version(s) of the Registry API will be enabled.
If the Glance API server parameter ``enable_v1_api`` has been set to ``True`` the If the Glance API server parameter ``enable_v1_api`` has been set to ``True`` the
``enable_v1_registry`` has to be ``True`` as well. ``enable_v1_registry`` has to be ``True`` as well.
If the Glance API server parameter ``enable_v2_api`` has been set to ``True`` and If the Glance API server parameter ``enable_v2_api`` or ``enable_v3_api`` has been
the parameter ``data_api`` has been set to ``glance.db.registry.api`` the set to ``True`` and the parameter ``data_api`` has been set to
``enable_v2_registry`` has to be set to ``True`` ``glance.db.registry.api`` the ``enable_v2_registry`` has to be set to ``True``
Configuring Notifications Configuring Notifications
@ -1382,9 +1382,9 @@ Optional. Default: ``roles``.
Configuring Glance APIs Configuring Glance APIs
----------------------- -----------------------
The glance-api service implements versions 1 and 2 of the OpenStack The glance-api service implements versions 1, 2 and 3 of
Images API. Disable either version of the Images API using the the OpenStack Images API. Disable any version of
following options: the Images API using the following options:
* ``enable_v1_api=<True|False>`` * ``enable_v1_api=<True|False>``
@ -1394,11 +1394,12 @@ Optional. Default: ``True``
Optional. Default: ``True`` Optional. Default: ``True``
**IMPORTANT NOTE**: The v1 API is implemented on top of the * ``enable_v3_api=<True|False>``
glance-registry service while the v2 API is not. This means that
in order to use the v2 API, you must copy the necessary sql Optional. Default: ``False``
configuration from your glance-registry service to your
glance-api configuration file. **IMPORTANT NOTE**: To use v2 registry in v2 or v3 API, you must set
``data_api`` to glance.db.registry.api in glance-api.conf.
Configuring Glance Tasks Configuring Glance Tasks
------------------------ ------------------------

View File

@ -64,6 +64,9 @@ backlog = 4096
# Allow access to version 2 of glance api # Allow access to version 2 of glance api
#enable_v2_api = True #enable_v2_api = True
# Allow access to version 3 of glance api
#enable_v3_api = False
# Return the URL that references where the data is stored on # Return the URL that references where the data is stored on
# the backend storage system. For example, if using the # the backend storage system. For example, if using the
# file system store a URL of 'file:///path/to/image' will # file system store a URL of 'file:///path/to/image' will

View File

@ -20,10 +20,10 @@ CONF = cfg.CONF
def root_app_factory(loader, global_conf, **local_conf): def root_app_factory(loader, global_conf, **local_conf):
if not CONF.enable_v1_api: if not CONF.enable_v1_api and '/v1' in local_conf:
del local_conf['/v1'] del local_conf['/v1']
if not CONF.enable_v2_api: if not CONF.enable_v2_api and '/v2' in local_conf:
del local_conf['/v2'] del local_conf['/v2']
if not CONF.enable_v3_api: if not CONF.enable_v3_api and '/v3' in local_conf:
del local_conf['/v3'] del local_conf['/v3']
return paste.urlmap.urlmap_factory(loader, global_conf, **local_conf) return paste.urlmap.urlmap_factory(loader, global_conf, **local_conf)

View File

@ -150,7 +150,7 @@ common_opts = [
help=_("Deploy the v1 OpenStack Images API.")), help=_("Deploy the v1 OpenStack Images API.")),
cfg.BoolOpt('enable_v2_api', default=True, cfg.BoolOpt('enable_v2_api', default=True,
help=_("Deploy the v2 OpenStack Images API.")), help=_("Deploy the v2 OpenStack Images API.")),
cfg.BoolOpt('enable_v3_api', default=True, cfg.BoolOpt('enable_v3_api', default=False,
help=_("Deploy the v3 OpenStack Objects API.")), help=_("Deploy the v3 OpenStack Objects API.")),
cfg.BoolOpt('enable_v1_registry', default=True, cfg.BoolOpt('enable_v1_registry', default=True,
help=_("Deploy the v1 OpenStack Registry API.")), help=_("Deploy the v1 OpenStack Registry API.")),

View File

@ -55,6 +55,7 @@ paste.composite_factory = glance.api:root_app_factory
/: apiversions /: apiversions
/v1: apiv1app /v1: apiv1app
/v2: apiv2app /v2: apiv2app
/v3: apiv3app
[app:apiversions] [app:apiversions]
paste.app_factory = glance.api.versions:create_resource paste.app_factory = glance.api.versions:create_resource
@ -65,6 +66,9 @@ paste.app_factory = glance.api.v1.router:API.factory
[app:apiv2app] [app:apiv2app]
paste.app_factory = glance.api.v2.router:API.factory paste.app_factory = glance.api.v2.router:API.factory
[app:apiv3app]
paste.app_factory = glance.api.v3.router:API.factory
[filter:versionnegotiation] [filter:versionnegotiation]
paste.filter_factory = paste.filter_factory =
glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory

View File

@ -58,6 +58,7 @@ paste.composite_factory = glance.api:root_app_factory
/: apiversions /: apiversions
/v1: apiv1app /v1: apiv1app
/v2: apiv2app /v2: apiv2app
/v3: apiv3app
[app:apiversions] [app:apiversions]
paste.app_factory = glance.api.versions:create_resource paste.app_factory = glance.api.versions:create_resource
@ -68,6 +69,9 @@ paste.app_factory = glance.api.v1.router:API.factory
[app:apiv2app] [app:apiv2app]
paste.app_factory = glance.api.v2.router:API.factory paste.app_factory = glance.api.v2.router:API.factory
[app:apiv3app]
paste.app_factory = glance.api.v3.router:API.factory
[filter:versionnegotiation] [filter:versionnegotiation]
paste.filter_factory = paste.filter_factory =
glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory

View File

@ -34,12 +34,6 @@ class VersionsTest(base.IsolatedUnitTest):
self.assertEqual('application/json', res.content_type) self.assertEqual('application/json', res.content_type)
results = jsonutils.loads(res.body)['versions'] results = jsonutils.loads(res.body)['versions']
expected = [ expected = [
{
'status': 'EXPERIMENTAL',
'id': 'v3.0',
'links': [{'href': 'http://127.0.0.1:9292/v3/',
'rel': 'self'}],
},
{ {
'id': 'v2.3', 'id': 'v2.3',
'status': 'CURRENT', 'status': 'CURRENT',
@ -89,12 +83,6 @@ class VersionsTest(base.IsolatedUnitTest):
self.assertEqual('application/json', res.content_type) self.assertEqual('application/json', res.content_type)
results = jsonutils.loads(res.body)['versions'] results = jsonutils.loads(res.body)['versions']
expected = [ expected = [
{
'status': 'EXPERIMENTAL',
'id': 'v3.0',
'links': [{'href': 'https://example.com:9292/v3/',
'rel': 'self'}],
},
{ {
'id': 'v2.3', 'id': 'v2.3',
'status': 'CURRENT', 'status': 'CURRENT',
@ -184,13 +172,13 @@ class VersionNegotiationTest(base.IsolatedUnitTest):
def test_request_url_v3(self): def test_request_url_v3(self):
request = webob.Request.blank('/v3/artifacts') request = webob.Request.blank('/v3/artifacts')
self.middleware.process_request(request) resp = self.middleware.process_request(request)
self.assertEqual('/v3/artifacts', request.path_info) self.assertIsInstance(resp, versions.Controller)
def test_request_url_v3_0(self): def test_request_url_v3_0(self):
request = webob.Request.blank('/v3.0/artifacts') request = webob.Request.blank('/v3.0/artifacts')
self.middleware.process_request(request) resp = self.middleware.process_request(request)
self.assertEqual('/v3/artifacts', request.path_info) self.assertIsInstance(resp, versions.Controller)
def test_request_url_v2_3_unsupported(self): def test_request_url_v2_3_unsupported(self):
request = webob.Request.blank('/v2.3/images') request = webob.Request.blank('/v2.3/images')