Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow versioned discovery unauthenticated
Make routes to the versioned discovery documents (/v2, /v2.1) go through paste pipelines that don't require authentication, while leaving their sub-URLs (/v2.1/servers etc) requiring authentication. To make this work, our URLMap matcher gets support for a very rudimentary wildcard syntax, whereby api-paste.ini can differentiate between {/v2.1, /v2.1/} and /v2.1/$anything_else. The former points to the unauthenticated discovery app pipeline; the latter points to the existing "real API" pipeline. Similar for legacy v2. This entails a slight behavior change: requests to /v2 and /v2.1 used to 302 redirect to /v2/ and /v2.1/, respectively. Now they just work. Change-Id: Id47515017982850b167d5c637d93b96ae00ba793 Closes-Bug: #1845530 Closes-Bug: #1728732
- Loading branch information
Showing
9 changed files
with
116 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
releasenotes/notes/unauthed-version-discovery-cc38986617dc1c02.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- | ||
upgrade: | ||
- | | ||
New paste pipelines and middleware have been created to allow API version | ||
discovery to be performed without authentication or redirects. Because this | ||
involves an ``api-paste.ini`` change, you will need to manually update your | ||
``api-paste.ini`` with the one from the release to get this functionality. | ||
fixes: | ||
- | | ||
When using the ``api-paste.ini`` from the release, version discovery | ||
requests without a trailing slash will no longer receive a 302 redirect to | ||
the corresponding URL with a trailing slash (e.g. a request for ``/v2.1`` | ||
will no longer redirect to ``/v2.1/``). Instead, such requests will respond | ||
with the version discovery document regardless of the presence of the | ||
trailing slash. See | ||
`bug 1728732 <https://bugs.launchpad.net/nova/+bug/1728732>`_ for details. | ||
- | | ||
When using the ``api-paste.ini`` from the release, requests to the | ||
versioned discovery endpoints (``/v2.1`` and ``/v2``) no longer require | ||
authentication. When using the compute API through certain clients, such as | ||
openstacksdk, this eliminates an unnecessary additional query. See | ||
`bug 1845530 <https://bugs.launchpad.net/nova/+bug/1845530>`_ for details. |