openstack/nova
Code Issues Proposed changes

Merge "Remove deprecated hide_server_address_states option"

Browse Source
This commit is contained in:
Zuul 2018-09-21 13:58:57 +00:00 committed by Gerrit Code Review
commit 2274c08460
17 changed files with 15 additions and 559 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api-ref/source/parameters.yaml
View File

@ -1477,12 +1477,8 @@ address:
type: string
addresses:
description: |
The addresses for the server. Addresses information is hidden for any server
in a state set in the ``hide_server_address_states`` configuration option.
By default, servers in ``building`` state hide their addresses information.
See ``nova.conf`` `configuration options
<https://docs.openstack.org/nova/latest/configuration/config.html>`_
for more information.
The addresses for the server. Servers with status ``BUILD`` hide their
addresses information.
in: body
required: true
type: object

6
api-ref/source/servers.inc
View File

@ -494,10 +494,6 @@ OS-EXT-STS:power_state, and OS-EXT-STS:task_state attributes.
The server usage information appears in the OS-SRV-USG:launched_at and
OS-SRV-USG:terminated_at attributes.
To hide addresses information for instances in a certain state, set
the osapi_hide_server_address_states configuration option. Set this
option to a valid VM state in the nova.conf configuration file.
HostId is unique per account and is not globally unique.
Normal response codes: 200
@ -644,8 +640,6 @@ The extended status information appears in the ``OS-EXT-STS:vm_state``, ``OS-EXT
The server usage information appears in the ``OS-SRV-USG:launched_at`` and ``OS-SRV-USG:terminated_at`` attributes.
To hide ``addresses`` information for instances in a certain state, set the ``osapi_hide_server_address_states`` configuration option. Set this option to a valid VM state in the ``nova.conf`` configuration file.
HostId is unique per account and is not globally unique.
**Preconditions**

68
doc/api_samples/os-hide-server-addresses/server-get-resp.json
View File

@ -1,68 +0,0 @@
{
"server": {
"accessIPv4": "1.2.3.4",
"accessIPv6": "80fe::",
"addresses": {},
"created": "2013-09-24T14:39:00Z",
"flavor": {
"id": "1",
"links": [
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/flavors/1",
"rel": "bookmark"
}
]
},
"hostId": "d0635823e9162b22b90ff103f0c30f129bacf6ffb72f4d6fde87e738",
"id": "4bdee8c7-507f-40f2-8429-d301edd3791b",
"image": {
"id": "70a599e0-31e7-49b7-b260-868f441e862b",
"links": [
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/images/70a599e0-31e7-49b7-b260-868f441e862b",
"rel": "bookmark"
}
]
},
"key_name": null,
"links": [
{
"href": "http://openstack.example.com/v2/6f70656e737461636b20342065766572/servers/4bdee8c7-507f-40f2-8429-d301edd3791b",
"rel": "self"
},
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/servers/4bdee8c7-507f-40f2-8429-d301edd3791b",
"rel": "bookmark"
}
],
"metadata": {
"My Server Name": "Apache1"
},
"name": "new-server-test",
"config_drive": "",
"OS-DCF:diskConfig": "AUTO",
"OS-EXT-AZ:availability_zone": "nova",
"OS-EXT-SRV-ATTR:host": "b8b357f7100d4391828f2177c922ef93",
"OS-EXT-SRV-ATTR:hypervisor_hostname": "fake-mini",
"OS-EXT-SRV-ATTR:instance_name": "instance-00000001",
"OS-EXT-STS:power_state": 1,
"OS-EXT-STS:task_state": null,
"OS-EXT-STS:vm_state": "active",
"os-extended-volumes:volumes_attached": [
{"id": "volume_id1"},
{"id": "volume_id2"}
],
"OS-SRV-USG:launched_at": "2013-09-23T13:37:00.880302",
"OS-SRV-USG:terminated_at": null,
"progress": 0,
"security_groups": [
{
"name": "default"
}
],
"status": "ACTIVE",
"tenant_id": "6f70656e737461636b20342065766572",
"updated": "2013-09-24T14:39:01Z",
"user_id": "fake"
}
}

76
doc/api_samples/os-hide-server-addresses/servers-details-resp.json
View File

@ -1,76 +0,0 @@
{
"servers": [
{
"accessIPv4": "1.2.3.4",
"accessIPv6": "80fe::",
"addresses": {},
"created": "2013-09-24T14:44:01Z",
"flavor": {
"id": "1",
"links": [
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/flavors/1",
"rel": "bookmark"
}
]
},
"hostId": "a4fa72ae8741e5e18fb062c15657b8f689b8da2837b734c61fc9eedd",
"id": "a747eac1-e3ed-446c-935a-c2a2853f919c",
"image": {
"id": "70a599e0-31e7-49b7-b260-868f441e862b",
"links": [
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/images/70a599e0-31e7-49b7-b260-868f441e862b",
"rel": "bookmark"
}
]
},
"key_name": null,
"links": [
{
"href": "http://openstack.example.com/v2/6f70656e737461636b20342065766572/servers/a747eac1-e3ed-446c-935a-c2a2853f919c",
"rel": "self"
},
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/servers/a747eac1-e3ed-446c-935a-c2a2853f919c",
"rel": "bookmark"
}
],
"metadata": {
"My Server Name": "Apache1"
},
"name": "new-server-test",
"config_drive": "",
"OS-DCF:diskConfig": "AUTO",
"OS-EXT-AZ:availability_zone": "nova",
"OS-EXT-SRV-ATTR:host": "c3f14e9812ad496baf92ccfb3c61e15f",
"OS-EXT-SRV-ATTR:hypervisor_hostname": "fake-mini",
"OS-EXT-SRV-ATTR:instance_name": "instance-00000001",
"OS-EXT-STS:power_state": 1,
"OS-EXT-STS:task_state": null,
"OS-EXT-STS:vm_state": "active",
"os-extended-volumes:volumes_attached": [
{"id": "volume_id1"},
{"id": "volume_id2"}
],
"OS-SRV-USG:launched_at": "2013-09-23T13:53:12.774549",
"OS-SRV-USG:terminated_at": null,
"progress": 0,
"security_groups": [
{
"name": "default"
}
],
"status": "ACTIVE",
"tenant_id": "6f70656e737461636b20342065766572",
"updated": "2013-09-24T14:44:01Z",
"user_id": "fake"
}
],
"servers_links": [
{
"href": "http://openstack.example.com/v2.1/6f70656e737461636b20342065766572/servers/detail?limit=1&marker=a747eac1-e3ed-446c-935a-c2a2853f919c",
"rel": "next"
}
]
}

24
doc/api_samples/os-hide-server-addresses/servers-list-resp.json
View File

@ -1,24 +0,0 @@
{
"servers": [
{
"id": "b2a7068b-8aed-41a4-aa74-af8feb984bae",
"links": [
{
"href": "http://openstack.example.com/v2/6f70656e737461636b20342065766572/servers/b2a7068b-8aed-41a4-aa74-af8feb984bae",
"rel": "self"
},
{
"href": "http://openstack.example.com/6f70656e737461636b20342065766572/servers/b2a7068b-8aed-41a4-aa74-af8feb984bae",
"rel": "bookmark"
}
],
"name": "new-server-test"
}
],
"servers_links": [
{
"href": "http://openstack.example.com/v2.1/6f70656e737461636b20342065766572/servers?limit=1&marker=b2a7068b-8aed-41a4-aa74-af8feb984bae",
"rel": "next"
}
]
}

66
nova/api/openstack/compute/hide_server_addresses.py
View File

@ -1,66 +0,0 @@
# Copyright 2012 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Extension for hiding server addresses in certain states."""
from nova.api.openstack import wsgi
from nova.compute import vm_states
import nova.conf
from nova.policies import hide_server_addresses as hsa_policies
CONF = nova.conf.CONF
class Controller(wsgi.Controller):
def __init__(self, *args, **kwargs):
super(Controller, self).__init__(*args, **kwargs)
hidden_states = CONF.api.hide_server_address_states
# NOTE(jkoelker) _ is not considered uppercase ;)
valid_vm_states = [getattr(vm_states, state)
for state in dir(vm_states)
if state.isupper()]
self.hide_address_states = [state.lower()
for state in hidden_states
if state in valid_vm_states]
def _perhaps_hide_addresses(self, instance, resp_server):
if instance.get('vm_state') in self.hide_address_states:
resp_server['addresses'] = {}
@wsgi.extends
def show(self, req, resp_obj, id):
resp = resp_obj
context = req.environ['nova.context']
if not context.can(hsa_policies.BASE_POLICY_NAME, fatal=False):
return
if 'server' in resp.obj and 'addresses' in resp.obj['server']:
resp_server = resp.obj['server']
instance = req.get_db_instance(resp_server['id'])
self._perhaps_hide_addresses(instance, resp_server)
@wsgi.extends
def detail(self, req, resp_obj):
resp = resp_obj
context = req.environ['nova.context']
if not context.can(hsa_policies.BASE_POLICY_NAME, fatal=False):
return
for server in list(resp.obj['servers']):
if 'addresses' in server:
instance = req.get_db_instance(server['id'])
self._perhaps_hide_addresses(instance, server)

6
nova/api/openstack/compute/routes.py
View File

@ -46,7 +46,6 @@ from nova.api.openstack.compute import floating_ip_pools
from nova.api.openstack.compute import floating_ips
from nova.api.openstack.compute import floating_ips_bulk
from nova.api.openstack.compute import fping
from nova.api.openstack.compute import hide_server_addresses
from nova.api.openstack.compute import hosts
from nova.api.openstack.compute import hypervisors
from nova.api.openstack.compute import image_metadata
@ -262,10 +261,7 @@ security_group_rules_controller = functools.partial(_create_controller,
server_controller = functools.partial(_create_controller,
servers.ServersController,
[
hide_server_addresses.Controller,
],
servers.ServersController, [],
[
admin_actions.AdminActionsController,
admin_password.AdminPasswordController,

4
nova/api/openstack/compute/views/servers.py
View File

@ -24,6 +24,7 @@ from nova.api.openstack.compute.views import flavors as views_flavors
from nova.api.openstack.compute.views import images as views_images
from nova import availability_zones as avail_zone
from nova import compute
from nova.compute import vm_states
from nova import context as nova_context
from nova import exception
from nova.network.security_group import openstack_driver
@ -379,6 +380,9 @@ class ViewBuilder(common.ViewBuilder):
return utils.generate_hostid(host, project)
def _get_addresses(self, request, instance, extend_address=False):
# Hide server addresses while the server is building.
if instance.vm_state == vm_states.BUILDING:
return {}
context = request.environ["nova.context"]
networks = common.get_networks_for_instance(context, instance)
return self._address_builder.index(networks,

42
nova/conf/api.py
View File

@ -331,47 +331,6 @@ True.
"""),
]
# NOTE(edleafe): I would like to import the value directly from
# nova.compute.vm_states, but that creates a circular import. Since this value
# is not likely to be changed, I'm copy/pasting it here.
BUILDING = "building" # VM only exists in DB
osapi_hide_opts = [
cfg.ListOpt("hide_server_address_states",
default=[BUILDING],
deprecated_group="DEFAULT",
deprecated_name="osapi_hide_server_address_states",
deprecated_for_removal=True,
deprecated_since="17.0.0",
deprecated_reason="This option hide the server address in server "
"representation for configured server states. "
"Which makes GET server API controlled by this "
"config options. Due to this config options, user "
"would not be able to discover the API behavior on "
"different clouds which leads to the interop issue.",
help="""
This option is a list of all instance states for which network address
information should not be returned from the API.
Possible values:
A list of strings, where each string is a valid VM state, as defined in
nova/compute/vm_states.py. As of the Newton release, they are:
* "active"
* "building"
* "paused"
* "suspended"
* "stopped"
* "rescued"
* "resized"
* "soft-delete"
* "deleted"
* "error"
* "shelved"
* "shelved_offloaded"
""")
]
os_network_opts = [
cfg.BoolOpt("use_neutron_default_nets",
default=False,
@ -413,7 +372,6 @@ API_OPTS = (auth_opts +
metadata_opts +
file_opts +
osapi_opts +
osapi_hide_opts +
os_network_opts +
enable_inst_pw_opts)

2
nova/policies/__init__.py
View File

@ -38,7 +38,6 @@ from nova.policies import flavor_manage
from nova.policies import flavors
from nova.policies import floating_ip_pools
from nova.policies import floating_ips
from nova.policies import hide_server_addresses
from nova.policies import hosts
from nova.policies import hypervisors
from nova.policies import instance_actions
@ -104,7 +103,6 @@ def list_rules():
flavors.list_rules(),
floating_ip_pools.list_rules(),
floating_ips.list_rules(),
hide_server_addresses.list_rules(),
hosts.list_rules(),
hypervisors.list_rules(),
instance_actions.list_rules(),

53
nova/policies/hide_server_addresses.py
View File

@ -1,53 +0,0 @@
# Copyright 2016 Cloudbase Solutions Srl
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
BASE_POLICY_NAME = 'os_compute_api:os-hide-server-addresses'
hide_server_addresses_policies = [
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
'is_admin:False',
"""Hide server's 'addresses' key in the server response.
This set the 'addresses' key in the server response to an empty
dictionary when the server is in a specific set of states as
defined in CONF.api.hide_server_address_states.
By default 'addresses' is hidden only when the server is in
'BUILDING' state.""",
[
{
'method': 'GET',
'path': '/servers/{id}'
},
{
'method': 'GET',
'path': '/servers/detail'
}
],
deprecated_for_removal=True,
deprecated_reason=(
'Capability of configuring the server states to hide the '
'address has been deprecated for removal. Now this policy is '
'not needed to control the server address'
),
deprecated_since='17.0.0'),
]
def list_rules():
return hide_server_addresses_policies

69
nova/tests/functional/api_sample_tests/api_samples/os-hide-server-addresses/server-get-resp.json.tpl
View File

@ -1,69 +0,0 @@
{
"server": {
"accessIPv4": "1.2.3.4",
"accessIPv6": "80fe::",
"addresses": {
},
"created": "%(isotime)s",
"flavor": {
"id": "1",
"links": [
{
"href": "%(compute_endpoint)s/flavors/1",
"rel": "bookmark"
}
]
},
"hostId": "%(hostid)s",
"id": "%(id)s",
"image": {
"id": "%(uuid)s",
"links": [
{
"href": "%(compute_endpoint)s/images/%(uuid)s",
"rel": "bookmark"
}
]
},
"key_name": null,
"links": [
{
"href": "%(versioned_compute_endpoint)s/servers/%(uuid)s",
"rel": "self"
},
{
"href": "%(compute_endpoint)s/servers/%(uuid)s",
"rel": "bookmark"
}
],
"metadata": {
"My Server Name": "Apache1"
},
"name": "new-server-test",
"config_drive": "",
"OS-DCF:diskConfig": "AUTO",
"OS-EXT-AZ:availability_zone": "nova",
"OS-EXT-SRV-ATTR:host": "%(compute_host)s",
"OS-EXT-SRV-ATTR:hypervisor_hostname": "%(hypervisor_hostname)s",
"OS-EXT-SRV-ATTR:instance_name": "%(instance_name)s",
"OS-EXT-STS:power_state": 1,
"OS-EXT-STS:task_state": null,
"OS-EXT-STS:vm_state": "active",
"os-extended-volumes:volumes_attached": [
{"id": "volume_id1"},
{"id": "volume_id2"}
],
"OS-SRV-USG:launched_at": "%(strtime)s",
"OS-SRV-USG:terminated_at": null,
"progress": 0,
"security_groups": [
{
"name": "default"
}
],
"status": "ACTIVE",
"tenant_id": "6f70656e737461636b20342065766572",
"updated": "%(isotime)s",
"user_id": "fake"
}
}

76
nova/tests/functional/api_sample_tests/api_samples/os-hide-server-addresses/servers-details-resp.json.tpl
View File

@ -1,76 +0,0 @@
{
"servers": [
{
"accessIPv4": "1.2.3.4",
"accessIPv6": "80fe::",
"addresses": {},
"created": "%(isotime)s",
"flavor": {
"id": "1",
"links": [
{
"href": "%(compute_endpoint)s/flavors/1",
"rel": "bookmark"
}
]
},
"hostId": "%(hostid)s",
"id": "%(id)s",
"image": {
"id": "%(uuid)s",
"links": [
{
"href": "%(compute_endpoint)s/images/%(uuid)s",
"rel": "bookmark"
}
]
},
"key_name": null,
"links": [
{
"href": "%(versioned_compute_endpoint)s/servers/%(uuid)s",
"rel": "self"
},
{
"href": "%(compute_endpoint)s/servers/%(id)s",
"rel": "bookmark"
}
],
"metadata": {
"My Server Name": "Apache1"
},
"name": "new-server-test",
"config_drive": "",
"OS-DCF:diskConfig": "AUTO",
"OS-EXT-AZ:availability_zone": "nova",
"OS-EXT-SRV-ATTR:host": "%(compute_host)s",
"OS-EXT-SRV-ATTR:hypervisor_hostname": "%(hypervisor_hostname)s",
"OS-EXT-SRV-ATTR:instance_name": "%(instance_name)s",
"OS-EXT-STS:power_state": 1,
"OS-EXT-STS:task_state": null,
"OS-EXT-STS:vm_state": "active",
"os-extended-volumes:volumes_attached": [
{"id": "volume_id1"},
{"id": "volume_id2"}
],
"OS-SRV-USG:launched_at": "%(strtime)s",
"OS-SRV-USG:terminated_at": null,
"progress": 0,
"security_groups": [
{
"name": "default"
}
],
"status": "ACTIVE",
"tenant_id": "6f70656e737461636b20342065766572",
"updated": "%(isotime)s",
"user_id": "fake"
}
],
"servers_links": [
{
"href": "%(versioned_compute_endpoint)s/servers/detail?limit=1&marker=%(id)s",
"rel": "next"
}
]
}

24
nova/tests/functional/api_sample_tests/api_samples/os-hide-server-addresses/servers-list-resp.json.tpl
View File

@ -1,24 +0,0 @@
{
"servers": [
{
"id": "%(id)s",
"links": [
{
"href": "%(versioned_compute_endpoint)s/servers/%(id)s",
"rel": "self"
},
{
"href": "%(compute_endpoint)s/servers/%(id)s",
"rel": "bookmark"
}
],
"name": "new-server-test"
}
],
"servers_links": [
{
"href": "%(versioned_compute_endpoint)s/servers?limit=1&marker=%(id)s",
"rel": "next"
}
]
}

32
nova/tests/functional/api_sample_tests/test_hide_server_addresses.py
View File

@ -1,32 +0,0 @@
# Copyright 2012 Nebula, Inc.
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from nova.compute import vm_states
import nova.conf
from nova.tests.functional.api_sample_tests import test_servers
CONF = nova.conf.CONF
class ServersSampleHideAddressesJsonTest(test_servers.ServersSampleJsonTest):
sample_dir = 'os-hide-server-addresses'
def setUp(self):
# We override hide_server_address_states in order
# to have an example of in the json samples of the
# addresses being hidden
CONF.set_override("hide_server_address_states",
[vm_states.ACTIVE], group='api')
super(ServersSampleHideAddressesJsonTest, self).setUp()

11
nova/tests/unit/test_policy.py
View File

@ -431,9 +431,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
"os_compute_api:os-availability-zone:list",
)
self.non_admin_only_rules = (
"os_compute_api:os-hide-server-addresses",)
self.allow_all_rules = (
"os_compute_api:os-quota-sets:defaults",
)
@ -452,12 +449,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
{'project_id': 'fake', 'user_id': 'fake'})
policy.authorize(self.admin_context, rule, self.target)
def test_non_admin_only_rules(self):
for rule in self.non_admin_only_rules:
self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
self.admin_context, rule, self.target)
policy.authorize(self.non_admin_context, rule, self.target)
def test_admin_or_owner_rules(self):
for rule in self.admin_or_owner_rules:
self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
@ -477,6 +468,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
special_rules = ('admin_api', 'admin_or_owner', 'context_is_admin',
'os_compute_api:os-quota-class-sets:show')
result = set(rules.keys()) - set(self.admin_only_rules +
self.admin_or_owner_rules + self.non_admin_only_rules +
self.admin_or_owner_rules +
self.allow_all_rules + special_rules)
self.assertEqual(set([]), result)

7
releasenotes/notes/stein-remove-hide_server_address_states-edbc36bc02e1df52.yaml Normal file
View File

@ -0,0 +1,7 @@
---
upgrade:
- |
The ``[api]/hide_server_address_states`` configuration option and
``os_compute_api:os-hide-server-addresses`` policy rule were deprecated
in the 17.0.0 Queens release. They have now been removed. If you never
changed these values, the API behavior remains unchanged.