263d5438f0
Manila APIs have had the requirement to include project_id in the URLs since the very beginning. This comes from an old assumption that our APIs would be differentiated per-tenant on the cloud, and we would allow different kinds of API endpoints (public, admin, internal, etc). While it is possible to set up different endpoints against the API service, the same and complete API is exposed at each of these endpoints. We don't _need_ the project_id information that we receive in the URL for any of our APIs to function. We rather authorize tenants by gathering information from the Identity service (Keystone) and wrapping that into a RequestContext object that we then rely on to ensure namespace isolation. Removing the requirement for "project_id" simplifies our API endpoint structure in the service catalog as well as provides a way for system scoped users to interact with manila without having to declare their project. In order to make project_id optional in urls, the possible values of project_id have to be constrained. This change introduces a new configuration option so deployers may control that. This configuration option defaults to accepting UUIDs with and without dashes. Since manila can be used in standalone deployments without the need for Keystone, this change introduces a noauth middleware that can work without project_id in the URL paths. The API version has been incremented to signal this change to end users. When 2.60 is available, deployments may drop "project_id" in the service catalog endpoint for Manila and end users applications can stop needing it as well (if they don't already rely on the service catalog for this data). APIImpact Implements: bp remove-project-id-from-urls Change-Id: I5127e150e8a71e621890f30dba6720b3932cf583 Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
89 lines
3.8 KiB
Python
89 lines
3.8 KiB
Python
# Copyright 2010 United States Government as represented by the
|
|
# Administrator of the National Aeronautics and Space Administration.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import os
|
|
|
|
from oslo_policy import opts
|
|
from oslo_service import wsgi
|
|
|
|
from manila.common import config
|
|
|
|
CONF = config.CONF
|
|
|
|
|
|
def set_defaults(conf):
|
|
_safe_set_of_opts(conf, 'verbose', True)
|
|
_safe_set_of_opts(conf, 'state_path', os.path.abspath(
|
|
os.path.join(os.path.dirname(__file__),
|
|
'..',
|
|
'..')))
|
|
_safe_set_of_opts(conf, 'connection', "sqlite://", group='database')
|
|
_safe_set_of_opts(conf, 'sqlite_synchronous', False)
|
|
_POLICY_PATH = os.path.abspath(os.path.join(CONF.state_path,
|
|
'manila/tests/policy.yaml'))
|
|
opts.set_defaults(conf, policy_file=_POLICY_PATH)
|
|
_safe_set_of_opts(conf, 'share_export_ip', '0.0.0.0')
|
|
_safe_set_of_opts(conf, 'service_instance_user', 'fake_user')
|
|
_API_PASTE_PATH = os.path.abspath(os.path.join(CONF.state_path,
|
|
'etc/manila/api-paste.ini'))
|
|
wsgi.register_opts(conf)
|
|
_safe_set_of_opts(conf, 'api_paste_config', _API_PASTE_PATH)
|
|
# we use "fake" and "openstack" as project ID in a number of tests
|
|
_safe_set_of_opts(conf, 'project_id_regex', r"[0-9a-fopnstk\-]+")
|
|
_safe_set_of_opts(conf, 'share_driver',
|
|
'manila.tests.fake_driver.FakeShareDriver')
|
|
_safe_set_of_opts(conf, 'auth_strategy', 'noauth')
|
|
|
|
_safe_set_of_opts(conf, 'zfs_share_export_ip', '1.1.1.1')
|
|
_safe_set_of_opts(conf, 'zfs_service_ip', '2.2.2.2')
|
|
_safe_set_of_opts(conf, 'zfs_zpool_list', ['foo', 'bar'])
|
|
_safe_set_of_opts(conf, 'zfs_share_helpers', 'NFS=foo.bar.Helper')
|
|
_safe_set_of_opts(conf, 'zfs_replica_snapshot_prefix', 'foo_prefix_')
|
|
|
|
_safe_set_of_opts(conf, 'hitachi_hsp_host', '172.24.47.190')
|
|
_safe_set_of_opts(conf, 'hitachi_hsp_username', 'hsp_user')
|
|
_safe_set_of_opts(conf, 'hitachi_hsp_password', 'hsp_password')
|
|
|
|
_safe_set_of_opts(conf, 'as13000_nas_ip', '1.1.1.1')
|
|
_safe_set_of_opts(conf, 'as13000_nas_login', 'admin')
|
|
_safe_set_of_opts(conf, 'as13000_nas_password', 'password')
|
|
_safe_set_of_opts(conf, 'as13000_share_pools', 'pool0')
|
|
|
|
_safe_set_of_opts(conf, 'instorage_nas_ip', '1.1.1.1')
|
|
_safe_set_of_opts(conf, 'instorage_nas_login', 'admin')
|
|
_safe_set_of_opts(conf, 'instorage_nas_password', 'password')
|
|
_safe_set_of_opts(conf, 'instorage_nas_pools', 'pool0')
|
|
|
|
_safe_set_of_opts(conf, 'infortrend_nas_ip', '172.27.1.1')
|
|
_safe_set_of_opts(conf, 'infortrend_share_pools', 'share-pool-01')
|
|
_safe_set_of_opts(conf, 'infortrend_share_channels', '0,1')
|
|
|
|
_safe_set_of_opts(conf, 'qnap_management_url', 'http://1.2.3.4:8080')
|
|
_safe_set_of_opts(conf, 'qnap_share_ip', '1.2.3.4')
|
|
_safe_set_of_opts(conf, 'qnap_nas_login', 'admin')
|
|
_safe_set_of_opts(conf, 'qnap_nas_password', 'qnapadmin')
|
|
_safe_set_of_opts(conf, 'qnap_poolname', 'Storage Pool 1')
|
|
|
|
_safe_set_of_opts(conf, 'unity_server_meta_pool', 'nas_server_pool')
|
|
|
|
|
|
def _safe_set_of_opts(conf, *args, **kwargs):
|
|
try:
|
|
conf.set_default(*args, **kwargs)
|
|
except config.cfg.NoSuchOptError:
|
|
# Assumed that opt is not imported and not used
|
|
pass
|