From c095b70179cfb926f6acf947f205e3584717b6e0 Mon Sep 17 00:00:00 2001 From: Ahmad Hassan Date: Mon, 3 Oct 2011 10:35:56 +0100 Subject: [PATCH] Enable admin access to EC2 API server Add a flag which allows you to enable or disable EC2 admin api through nova flag. Is is similar to allow_admin_api for OS API. Fixes bug 869908. Change-Id: I0c786f7cd5f5c3470edc23f0b9b84e5dff1714e2 --- nova/api/ec2/__init__.py | 4 ++++ nova/api/ec2/apirequest.py | 14 +++++++++++++- nova/exception.py | 4 ++++ nova/flags.py | 2 ++ 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py index 4b4c0f53664d..fde1377db8d1 100644 --- a/nova/api/ec2/__init__.py +++ b/nova/api/ec2/__init__.py @@ -391,6 +391,10 @@ class Executor(wsgi.Application): LOG.info(_('NotAuthorized raised: %s'), unicode(ex), context=context) return self._error(req, context, type(ex).__name__, unicode(ex)) + except exception.InvalidRequest as ex: + LOG.debug(_('InvalidRequest raised: %s'), unicode(ex), + context=context) + return self._error(req, context, type(ex).__name__, unicode(ex)) except Exception as ex: extra = {'environment': req.environ} LOG.exception(_('Unexpected error raised: %s'), unicode(ex), diff --git a/nova/api/ec2/apirequest.py b/nova/api/ec2/apirequest.py index 9a3e55925760..61b5ba3a55ac 100644 --- a/nova/api/ec2/apirequest.py +++ b/nova/api/ec2/apirequest.py @@ -24,10 +24,14 @@ import datetime # TODO(termie): replace minidom with etree from xml.dom import minidom +from nova import flags from nova import log as logging +from nova import exception from nova.api.ec2 import ec2utils +from nova.api.ec2.admin import AdminController LOG = logging.getLogger("nova.api.request") +FLAGS = flags.FLAGS def _underscore_to_camelcase(str): @@ -53,6 +57,14 @@ class APIRequest(object): def invoke(self, context): try: + # Raise NotImplemented exception for Admin specific request if + # admin flag is set to false in nova.conf + if (isinstance(self.controller, AdminController) and + (not FLAGS.allow_ec2_admin_api)): + ## Raise InvalidRequest exception for EC2 Admin interface ## + LOG.exception("Unsupported API request") + raise exception.InvalidRequest() + method = getattr(self.controller, ec2utils.camelcase_to_underscore(self.action)) except AttributeError: @@ -63,7 +75,7 @@ class APIRequest(object): LOG.exception(_error) # TODO: Raise custom exception, trap in apiserver, # and reraise as 400 error. - raise Exception(_error) + raise exception.InvalidRequest() args = ec2utils.dict_from_dotted_str(self.args.items()) diff --git a/nova/exception.py b/nova/exception.py index 84c08dce80d9..1db43efd1a47 100644 --- a/nova/exception.py +++ b/nova/exception.py @@ -206,6 +206,10 @@ class Invalid(NovaException): message = _("Unacceptable parameters.") +class InvalidRequest(Invalid): + message = _("The request is invalid.") + + class InvalidSignature(Invalid): message = _("Invalid signature %(signature)s for user %(user)s.") diff --git a/nova/flags.py b/nova/flags.py index 58e8570b15ca..79c3580fb71b 100644 --- a/nova/flags.py +++ b/nova/flags.py @@ -442,3 +442,5 @@ DEFINE_integer('reclaim_instance_interval', 0, DEFINE_integer('zombie_instance_updated_at_window', 172800, 'Limit in seconds that a zombie instance can exist before ' 'being cleaned up.') + +DEFINE_boolean('allow_ec2_admin_api', False, 'Enable/Disable EC2 Admin API')