openstack
/
nova
Code Issues Proposed changes

Merge "Remove deprecated hide_server_address_states option"

This commit is contained in:
Zuul 2018-09-21 13:58:57 +00:00 committed by Gerrit Code Review
parent 3bef23d856 9b69afd457
commit 2274c08460
17 changed files with 15 additions and 559 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api-ref/source/parameters.yaml
View File

@ -1477,12 +1477,8 @@ address:
type: string
addresses:
description: |
The addresses for the server. Addresses information is hidden for any server
in a state set in the ``hide_server_address_states`` configuration option.
By default, servers in ``building`` state hide their addresses information.
See ``nova.conf`` `configuration options
<https://docs.openstack.org/nova/latest/configuration/config.html>`_
for more information.
The addresses for the server. Servers with status ``BUILD`` hide their
addresses information.
in: body
required: true
type: object

6
api-ref/source/servers.inc
View File

@ -494,10 +494,6 @@ OS-EXT-STS:power_state, and OS-EXT-STS:task_state attributes.
The server usage information appears in the OS-SRV-USG:launched_at and
OS-SRV-USG:terminated_at attributes.
To hide addresses information for instances in a certain state, set
the osapi_hide_server_address_states configuration option. Set this
option to a valid VM state in the nova.conf configuration file.
HostId is unique per account and is not globally unique.
Normal response codes: 200
@ -644,8 +640,6 @@ The extended status information appears in the ``OS-EXT-STS:vm_state``, ``OS-EXT
The server usage information appears in the ``OS-SRV-USG:launched_at`` and ``OS-SRV-USG:terminated_at`` attributes.
To hide ``addresses`` information for instances in a certain state, set the ``osapi_hide_server_address_states`` configuration option. Set this option to a valid VM state in the ``nova.conf`` configuration file.
HostId is unique per account and is not globally unique.
**Preconditions**

68
doc/api_samples/os-hide-server-addresses/server-get-resp.json
View File

@ -1,68 +0,0 @@
{
"server": {
"accessIPv4": "1.2.3.4",
"accessIPv6": "80fe::",
"addresses": {},
"created": "2013-09-24T14:39:00Z",
"flavor": {
"id": "1",
"links": [
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/flavors/1",
"rel": "bookmark"
}
]
},
"hostId": "d0635823e9162b22b90ff103f0c30f129bacf6ffb72f4d6fde87e738",
"id": "4bdee8c7-507f-40f2-8429-d301edd3791b",
"image": {
"id": "70a599e0-31e7-49b7-b260-868f441e862b",
"links": [
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/images/70a599e0-31e7-49b7-b260-868f441e862b",
"rel": "bookmark"
}
]
},
"key_name": null,
"links": [
{
"href": "http://openstack.example.com/v2/6f70656e737461636b20342065766572/servers/4bdee8c7-507f-40f2-8429-d301edd3791b",
"rel": "self"
},
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/servers/4bdee8c7-507f-40f2-8429-d301edd3791b",
"rel": "bookmark"
}
],
"metadata": {
"My Server Name": "Apache1"
},
"name": "new-server-test",
"config_drive": "",
"OS-DCF:diskConfig": "AUTO",
"OS-EXT-AZ:availability_zone": "nova",
"OS-EXT-SRV-ATTR:host": "b8b357f7100d4391828f2177c922ef93",
"OS-EXT-SRV-ATTR:hypervisor_hostname": "fake-mini",
"OS-EXT-SRV-ATTR:instance_name": "instance-00000001",
"OS-EXT-STS:power_state": 1,
"OS-EXT-STS:task_state": null,
"OS-EXT-STS:vm_state": "active",
"os-extended-volumes:volumes_attached": [
{"id": "volume_id1"},
{"id": "volume_id2"}
],
"OS-SRV-USG:launched_at": "2013-09-23T13:37:00.880302",
"OS-SRV-USG:terminated_at": null,
"progress": 0,
"security_groups": [
{
"name": "default"
}
],
"status": "ACTIVE",
"tenant_id": "6f70656e737461636b20342065766572",
"updated": "2013-09-24T14:39:01Z",
"user_id": "fake"
}
}

76
doc/api_samples/os-hide-server-addresses/servers-details-resp.json
View File

@ -1,76 +0,0 @@
{
"servers": [
{
"accessIPv4": "1.2.3.4",
"accessIPv6": "80fe::",
"addresses": {},
"created": "2013-09-24T14:44:01Z",
"flavor": {
"id": "1",
"links": [
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/flavors/1",
"rel": "bookmark"
}
]
},
"hostId": "a4fa72ae8741e5e18fb062c15657b8f689b8da2837b734c61fc9eedd",
"id": "a747eac1-e3ed-446c-935a-c2a2853f919c",
"image": {
"id": "70a599e0-31e7-49b7-b260-868f441e862b",
"links": [
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/images/70a599e0-31e7-49b7-b260-868f441e862b",
"rel": "bookmark"
}
]
},
"key_name": null,
"links": [
{
"href": "http://openstack.example.com/v2/6f70656e737461636b20342065766572/servers/a747eac1-e3ed-446c-935a-c2a2853f919c",
"rel": "self"
},
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/servers/a747eac1-e3ed-446c-935a-c2a2853f919c",
"rel": "bookmark"
}
],
"metadata": {
"My Server Name": "Apache1"
},
"name": "new-server-test",
"config_drive": "",
"OS-DCF:diskConfig": "AUTO",
"OS-EXT-AZ:availability_zone": "nova",
"OS-EXT-SRV-ATTR:host": "c3f14e9812ad496baf92ccfb3c61e15f",
"OS-EXT-SRV-ATTR:hypervisor_hostname": "fake-mini",
"OS-EXT-SRV-ATTR:instance_name": "instance-00000001",
"OS-EXT-STS:power_state": 1,
"OS-EXT-STS:task_state": null,
"OS-EXT-STS:vm_state": "active",
"os-extended-volumes:volumes_attached": [
{"id": "volume_id1"},
{"id": "volume_id2"}
],
"OS-SRV-USG:launched_at": "2013-09-23T13:53:12.774549",
"OS-SRV-USG:terminated_at": null,
"progress": 0,
"security_groups": [
{
"name": "default"
}
],
"status": "ACTIVE",
"tenant_id": "6f70656e737461636b20342065766572",
"updated": "2013-09-24T14:44:01Z",
"user_id": "fake"
}
],
"servers_links": [
{
"href": "http://openstack.example.com/v2.1/6f70656e737461636b20342065766572/servers/detail?limit=1&marker=a747eac1-e3ed-446c-935a-c2a2853f919c",
"rel": "next"
}
]
}

24
doc/api_samples/os-hide-server-addresses/servers-list-resp.json
View File

@ -1,24 +0,0 @@
{
"servers": [
{
"id": "b2a7068b-8aed-41a4-aa74-af8feb984bae",
"links": [
{
"href": "http://openstack.example.com/v2/6f70656e737461636b20342065766572/servers/b2a7068b-8aed-41a4-aa74-af8feb984bae",
"rel": "self"
},
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/servers/b2a7068b-8aed-41a4-aa74-af8feb984bae",
"rel": "bookmark"
}
],
"name": "new-server-test"
}
],
"servers_links": [
{
"href": "http://openstack.example.com/v2.1/6f70656e737461636b20342065766572/servers?limit=1&marker=b2a7068b-8aed-41a4-aa74-af8feb984bae",
"rel": "next"
}
]
}

66
nova/api/openstack/compute/hide_server_addresses.py
View File

@ -1,66 +0,0 @@
# Copyright 2012 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Extension for hiding server addresses in certain states."""
from nova.api.openstack import wsgi
from nova.compute import vm_states
import nova.conf
from nova.policies import hide_server_addresses as hsa_policies
CONF = nova.conf.CONF
class Controller(wsgi.Controller):
def __init__(self, *args, **kwargs):
super(Controller, self).__init__(*args, **kwargs)
hidden_states = CONF.api.hide_server_address_states
# NOTE(jkoelker) _ is not considered uppercase ;)
valid_vm_states = [getattr(vm_states, state)
for state in dir(vm_states)
if state.isupper()]
self.hide_address_states = [state.lower()
for state in hidden_states
if state in valid_vm_states]
def _perhaps_hide_addresses(self, instance, resp_server):
if instance.get('vm_state') in self.hide_address_states:
resp_server['addresses'] = {}
@wsgi.extends
def show(self, req, resp_obj, id):
resp = resp_obj
context = req.environ['nova.context']
if not context.can(hsa_policies.BASE_POLICY_NAME, fatal=False):
return
if 'server' in resp.obj and 'addresses' in resp.obj['server']:
resp_server = resp.obj['server']
instance = req.get_db_instance(resp_server['id'])
self._perhaps_hide_addresses(instance, resp_server)
@wsgi.extends
def detail(self, req, resp_obj):
resp = resp_obj
context = req.environ['nova.context']
if not context.can(hsa_policies.BASE_POLICY_NAME, fatal=False):
return
for server in list(resp.obj['servers']):
if 'addresses' in server:
instance = req.get_db_instance(server['id'])
self._perhaps_hide_addresses(instance, server)

6
nova/api/openstack/compute/routes.py
View File

@ -46,7 +46,6 @@ from nova.api.openstack.compute import floating_ip_pools
from nova.api.openstack.compute import floating_ips
from nova.api.openstack.compute import floating_ips_bulk
from nova.api.openstack.compute import fping
from nova.api.openstack.compute import hide_server_addresses
from nova.api.openstack.compute import hosts
from nova.api.openstack.compute import hypervisors
from nova.api.openstack.compute import image_metadata
@ -262,10 +261,7 @@ security_group_rules_controller = functools.partial(_create_controller,
server_controller = functools.partial(_create_controller,
servers.ServersController,
[
hide_server_addresses.Controller,
],
servers.ServersController, [],
[
admin_actions.AdminActionsController,
admin_password.AdminPasswordController,

4
nova/api/openstack/compute/views/servers.py
View File

@ -24,6 +24,7 @@ from nova.api.openstack.compute.views import flavors as views_flavors
from nova.api.openstack.compute.views import images as views_images
from nova import availability_zones as avail_zone
from nova import compute
from nova.compute import vm_states
from nova import context as nova_context
from nova import exception
from nova.network.security_group import openstack_driver
@ -379,6 +380,9 @@ class ViewBuilder(common.ViewBuilder):
return utils.generate_hostid(host, project)
def _get_addresses(self, request, instance, extend_address=False):
# Hide server addresses while the server is building.
if instance.vm_state == vm_states.BUILDING:
return {}
context = request.environ["nova.context"]
networks = common.get_networks_for_instance(context, instance)
return self._address_builder.index(networks,

42
nova/conf/api.py
View File

@ -331,47 +331,6 @@ True.
"""),
]
# NOTE(edleafe): I would like to import the value directly from
# nova.compute.vm_states, but that creates a circular import. Since this value
# is not likely to be changed, I'm copy/pasting it here.
BUILDING = "building" # VM only exists in DB
osapi_hide_opts = [
cfg.ListOpt("hide_server_address_states",
default=[BUILDING],
deprecated_group="DEFAULT",
deprecated_name="osapi_hide_server_address_states",
deprecated_for_removal=True,
deprecated_since="17.0.0",
deprecated_reason="This option hide the server address in server "
"representation for configured server states. "
"Which makes GET server API controlled by this "
"config options. Due to this config options, user "
"would not be able to discover the API behavior on "
"different clouds which leads to the interop issue.",
help="""
This option is a list of all instance states for which network address
information should not be returned from the API.
Possible values:
A list of strings, where each string is a valid VM state, as defined in
nova/compute/vm_states.py. As of the Newton release, they are:
* "active"
* "building"
* "paused"
* "suspended"
* "stopped"
* "rescued"
* "resized"
* "soft-delete"
* "deleted"
* "error"
* "shelved"
* "shelved_offloaded"
""")
]
os_network_opts = [
cfg.BoolOpt("use_neutron_default_nets",
default=False,
@ -413,7 +372,6 @@ API_OPTS = (auth_opts +
metadata_opts +
file_opts +
osapi_opts +
osapi_hide_opts +
os_network_opts +
enable_inst_pw_opts)

2
nova/policies/__init__.py
View File

@ -38,7 +38,6 @@ from nova.policies import flavor_manage
from nova.policies import flavors
from nova.policies import floating_ip_pools
from nova.policies import floating_ips
from nova.policies import hide_server_addresses
from nova.policies import hosts
from nova.policies import hypervisors
from nova.policies import instance_actions
@ -104,7 +103,6 @@ def list_rules():
flavors.list_rules(),
floating_ip_pools.list_rules(),
floating_ips.list_rules(),
hide_server_addresses.list_rules(),
hosts.list_rules(),
hypervisors.list_rules(),
instance_actions.list_rules(),

53
nova/policies/hide_server_addresses.py
View File

@ -1,53 +0,0 @@
# Copyright 2016 Cloudbase Solutions Srl
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
BASE_POLICY_NAME = 'os_compute_api:os-hide-server-addresses'
hide_server_addresses_policies = [
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
'is_admin:False',
"""Hide server's 'addresses' key in the server response.
This set the 'addresses' key in the server response to an empty
dictionary when the server is in a specific set of states as
defined in CONF.api.hide_server_address_states.
By default 'addresses' is hidden only when the server is in
'BUILDING' state.""",
[
{
'method': 'GET',
'path': '/servers/{id}'
},
{
'method': 'GET',
'path': '/servers/detail'
}
],
deprecated_for_removal=True,
deprecated_reason=(
'Capability of configuring the server states to hide the '
'address has been deprecated for removal. Now this policy is '
'not needed to control the server address'
),
deprecated_since='17.0.0'),
]
def list_rules():
return hide_server_addresses_policies

69
nova/tests/functional/api_sample_tests/api_samples/os-hide-server-addresses/server-get-resp.json.tpl
View File

@ -1,69 +0,0 @@
{
"server": {
"accessIPv4": "1.2.3.4",
"accessIPv6": "80fe::",
"addresses": {
},
"created": "%(isotime)s",
"flavor": {
"id": "1",
"links": [
{
"href": "%(compute_endpoint)s/flavors/1",
"rel": "bookmark"
}
]
},
"hostId": "%(hostid)s",
"id": "%(id)s",
"image": {
"id": "%(uuid)s",
"links": [
{
"href": "%(compute_endpoint)s/images/%(uuid)s",
"rel": "bookmark"
}
]
},
"key_name": null,
"links": [
{
"href": "%(versioned_compute_endpoint)s/servers/%(uuid)s",
"rel": "self"
},
{
"href": "%(compute_endpoint)s/servers/%(uuid)s",
"rel": "bookmark"
}
],
"metadata": {
"My Server Name": "Apache1"
},
"name": "new-server-test",
"config_drive": "",
"OS-DCF:diskConfig": "AUTO",
"OS-EXT-AZ:availability_zone": "nova",
"OS-EXT-SRV-ATTR:host": "%(compute_host)s",
"OS-EXT-SRV-ATTR:hypervisor_hostname": "%(hypervisor_hostname)s",
"OS-EXT-SRV-ATTR:instance_name": "%(instance_name)s",
"OS-EXT-STS:power_state": 1,
"OS-EXT-STS:task_state": null,
"OS-EXT-STS:vm_state": "active",
"os-extended-volumes:volumes_attached": [
{"id": "volume_id1"},
{"id": "volume_id2"}
],
"OS-SRV-USG:launched_at": "%(strtime)s",
"OS-SRV-USG:terminated_at": null,
"progress": 0,
"security_groups": [
{
"name": "default"
}
],
"status": "ACTIVE",
"tenant_id": "6f70656e737461636b20342065766572",
"updated": "%(isotime)s",
"user_id": "fake"
}
}

76
nova/tests/functional/api_sample_tests/api_samples/os-hide-server-addresses/servers-details-resp.json.tpl
View File

@ -1,76 +0,0 @@
{
"servers": [
{
"accessIPv4": "1.2.3.4",
"accessIPv6": "80fe::",
"addresses": {},
"created": "%(isotime)s",
"flavor": {
"id": "1",
"links": [
{
"href": "%(compute_endpoint)s/flavors/1",
"rel": "bookmark"
}
]
},
"hostId": "%(hostid)s",
"id": "%(id)s",
"image": {
"id": "%(uuid)s",
"links": [
{
"href": "%(compute_endpoint)s/images/%(uuid)s",
"rel": "bookmark"
}
]
},
"key_name": null,
"links": [
{
"href": "%(versioned_compute_endpoint)s/servers/%(uuid)s",
"rel": "self"
},
{
"href": "%(compute_endpoint)s/servers/%(id)s",
"rel": "bookmark"
}
],
"metadata": {
"My Server Name": "Apache1"
},
"name": "new-server-test",
"config_drive": "",
"OS-DCF:diskConfig": "AUTO",
"OS-EXT-AZ:availability_zone": "nova",
"OS-EXT-SRV-ATTR:host": "%(compute_host)s",
"OS-EXT-SRV-ATTR:hypervisor_hostname": "%(hypervisor_hostname)s",
"OS-EXT-SRV-ATTR:instance_name": "%(instance_name)s",
"OS-EXT-STS:power_state": 1,
"OS-EXT-STS:task_state": null,
"OS-EXT-STS:vm_state": "active",
"os-extended-volumes:volumes_attached": [
{"id": "volume_id1"},
{"id": "volume_id2"}
],
"OS-SRV-USG:launched_at": "%(strtime)s",
"OS-SRV-USG:terminated_at": null,
"progress": 0,
"security_groups": [
{
"name": "default"
}
],
"status": "ACTIVE",
"tenant_id": "6f70656e737461636b20342065766572",
"updated": "%(isotime)s",
"user_id": "fake"
}
],
"servers_links": [
{
"href": "%(versioned_compute_endpoint)s/servers/detail?limit=1&marker=%(id)s",
"rel": "next"
}
]
}

24
nova/tests/functional/api_sample_tests/api_samples/os-hide-server-addresses/servers-list-resp.json.tpl
View File

@ -1,24 +0,0 @@
{
"servers": [
{
"id": "%(id)s",
"links": [
{
"href": "%(versioned_compute_endpoint)s/servers/%(id)s",
"rel": "self"
},
{
"href": "%(compute_endpoint)s/servers/%(id)s",
"rel": "bookmark"
}
],
"name": "new-server-test"
}
],
"servers_links": [
{
"href": "%(versioned_compute_endpoint)s/servers?limit=1&marker=%(id)s",
"rel": "next"
}
]
}

32
nova/tests/functional/api_sample_tests/test_hide_server_addresses.py
View File

@ -1,32 +0,0 @@
# Copyright 2012 Nebula, Inc.
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from nova.compute import vm_states
import nova.conf
from nova.tests.functional.api_sample_tests import test_servers
CONF = nova.conf.CONF
class ServersSampleHideAddressesJsonTest(test_servers.ServersSampleJsonTest):
sample_dir = 'os-hide-server-addresses'
def setUp(self):
# We override hide_server_address_states in order
# to have an example of in the json samples of the
# addresses being hidden
CONF.set_override("hide_server_address_states",
[vm_states.ACTIVE], group='api')
super(ServersSampleHideAddressesJsonTest, self).setUp()

11
nova/tests/unit/test_policy.py
View File

@ -431,9 +431,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
"os_compute_api:os-availability-zone:list",
)
self.non_admin_only_rules = (
"os_compute_api:os-hide-server-addresses",)
self.allow_all_rules = (
"os_compute_api:os-quota-sets:defaults",
)
@ -452,12 +449,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
{'project_id': 'fake', 'user_id': 'fake'})
policy.authorize(self.admin_context, rule, self.target)
def test_non_admin_only_rules(self):
for rule in self.non_admin_only_rules:
self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
self.admin_context, rule, self.target)
policy.authorize(self.non_admin_context, rule, self.target)
def test_admin_or_owner_rules(self):
for rule in self.admin_or_owner_rules:
self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
@ -477,6 +468,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
special_rules = ('admin_api', 'admin_or_owner', 'context_is_admin',
'os_compute_api:os-quota-class-sets:show')
result = set(rules.keys()) - set(self.admin_only_rules +
self.admin_or_owner_rules + self.non_admin_only_rules +
self.admin_or_owner_rules +
self.allow_all_rules + special_rules)
self.assertEqual(set([]), result)

7
releasenotes/notes/stein-remove-hide_server_address_states-edbc36bc02e1df52.yaml Normal file
View File

@ -0,0 +1,7 @@
---
upgrade:
- |
The ``[api]/hide_server_address_states`` configuration option and
``os_compute_api:os-hide-server-addresses`` policy rule were deprecated
in the 17.0.0 Queens release. They have now been removed. If you never
changed these values, the API behavior remains unchanged.