Merge "Enable admin access to EC2 API server"

2011-11-03 14:45:11 +00:00 · 2011-11-03 14:45:11 +00:00 · 82460d4a79
commit 82460d4a79
parent bed85c1368 c095b70179
4 changed files with 23 additions and 1 deletions
--- a/nova/api/ec2/init.py
+++ b/nova/api/ec2/init.py
@ -391,6 +391,10 @@ class Executor(wsgi.Application):
            LOG.info(_('NotAuthorized raised: %s'), unicode(ex),
                    context=context)
            return self._error(req, context, type(ex).__name__, unicode(ex))
+        except exception.InvalidRequest as ex:
+            LOG.debug(_('InvalidRequest raised: %s'), unicode(ex),
+                     context=context)
+            return self._error(req, context, type(ex).__name__, unicode(ex))
        except Exception as ex:
            extra = {'environment': req.environ}
            LOG.exception(_('Unexpected error raised: %s'), unicode(ex),
--- a/nova/api/ec2/apirequest.py
+++ b/nova/api/ec2/apirequest.py
@ -24,10 +24,14 @@ import datetime
 # TODO(termie): replace minidom with etree
 from xml.dom import minidom

+from nova import flags
 from nova import log as logging
+from nova import exception
 from nova.api.ec2 import ec2utils
+from nova.api.ec2.admin import AdminController

 LOG = logging.getLogger("nova.api.request")
+FLAGS = flags.FLAGS


 def _underscore_to_camelcase(str):
@ -53,6 +57,14 @@ class APIRequest(object):

    def invoke(self, context):
        try:
+            # Raise NotImplemented exception for Admin specific request if
+            # admin flag is set to false in nova.conf
+            if (isinstance(self.controller, AdminController) and
+                          (not FLAGS.allow_ec2_admin_api)):
+                ## Raise InvalidRequest exception for EC2 Admin interface ##
+                LOG.exception("Unsupported API request")
+                raise exception.InvalidRequest()
+
            method = getattr(self.controller,
                             ec2utils.camelcase_to_underscore(self.action))
        except AttributeError:
@ -63,7 +75,7 @@ class APIRequest(object):
            LOG.exception(_error)
            # TODO: Raise custom exception, trap in apiserver,
            #       and reraise as 400 error.
-            raise Exception(_error)
+            raise exception.InvalidRequest()

        args = ec2utils.dict_from_dotted_str(self.args.items())

--- a/nova/exception.py
+++ b/nova/exception.py
@ -206,6 +206,10 @@ class Invalid(NovaException):
    message = _("Unacceptable parameters.")


+class InvalidRequest(Invalid):
+    message = _("The request is invalid.")
+
+
 class InvalidSignature(Invalid):
    message = _("Invalid signature %(signature)s for user %(user)s.")

--- a/nova/flags.py
+++ b/nova/flags.py
@ -474,3 +474,5 @@ DEFINE_integer('reclaim_instance_interval', 0,
 DEFINE_integer('zombie_instance_updated_at_window', 172800,
               'Limit in seconds that a zombie instance can exist before '
               'being cleaned up.')
+
+DEFINE_boolean('allow_ec2_admin_api', False, 'Enable/Disable EC2 Admin API')