Make debug option of wsgi server configurable

Because in some deployments tracebacks in API responses are unwanted for security reasons. Change-Id: I8a2acea7393c369bfa7d7822f21b4d40d56d6739 Needed-By: https://review.opendev.org/c/openstack/neutron/+/818391 Partial-Bug: #1951429
2021-11-19 13:52:00 +01:00 · 2021-11-19 13:52:00 +01:00 · 6552b9a820
parent 7a62271de3
commit 6552b9a820
3 changed files with 13 additions and 1 deletions
--- a/oslo_service/_options.py
+++ b/oslo_service/_options.py
@ -88,6 +88,11 @@ wsgi_opts = [
                    "If an incoming connection is idle for this number of "
                    "seconds it will be closed. A value of '0' means "
                    "wait forever."),
+    cfg.BoolOpt('wsgi_server_debug',
+                default=False,
+                help="True if the server should send exception tracebacks to "
+                     "the clients on 500 errors. If False, the server will "
+                     "respond with empty bodies."),
    ]

 ssl_opts = [
--- a/oslo_service/wsgi.py
+++ b/oslo_service/wsgi.py
@ -180,7 +180,7 @@ class Server(service.ServiceBase):
            'custom_pool': self._pool,
            'log': self._logger,
            'log_format': self.conf.wsgi_log_format,
-            'debug': False,
+            'debug': self.conf.wsgi_server_debug,
            'keepalive': self.conf.wsgi_keep_alive,
            'socket_timeout': self.client_socket_timeout
            }
--- a/releasenotes/notes/add-wsgi_server_debug-opt-70d818b5b78bfc7c.yaml
+++ b/releasenotes/notes/add-wsgi_server_debug-opt-70d818b5b78bfc7c.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    A new config options, ``[DEFAULT] wsgi_server_debug``, has been added.
+    This allows admins to configure whether the server should send exception
+    tracebacks to the clients on HTTP 500 errors. This defaults to ``False``,
+    preserving previous behavior.