Hi Folks, Just a head's up:
In Queens the default access policy for RPC Endpoints will change from LegacyRPCAccessPolicy to DefaultRPCAccessPolicy. RPC calls to private ('_' prefix) methods will no longer be possible. If you want to allow RPC Clients to invoke private methods, you must explicitly set the access_policy to LegacyRPCAccessPolicy when you call get_rpc_server() or instantiate an RPCDispatcher. This change [0] has been merged to oslo.messaging master and will appear in the next release of oslo.messaging. "Umm.... What?" Good question! Here's the TL;DR details: Since forever it's been possible for a client to make an RPC call against _any_ method defined in the RPC Endpoint object. And by "any" we mean "all methods including private ones (method names prefixed by '_' )" Naturally this ability came as a surprise many folk [1], including yours truly and others on the oslo team [2]. It was agreed that having this be the default behavior was indeed A Bad Thing. So starting in Ocata oslo.messaging has provided a means for controlling access to Endpoint methods [3]. Oslo.messaging now defines three different "access control policies" that can be applied to an RPC Server: LegacyRPCAccessPolicy: original behavior - any method can be invoked by an RPC client DefaultRPCAccessPolicy: prevent RPC access to private '_' methods, all others may be invoked ExplicitRPCAccessPolicy: only allow access to those methods that have been decorated with @expose decorator See [4] for more details. In order not to break anything at the time the default access policy was set to 'LegacyRPCAccessPolicy'. This has been the default for Ocata and Pike. Starting in Queens this will no longer be the case. DefaultRPCAccessPolicy will become the default if no access policy is specified when calling get_rpc_server() or directly instantiating an RPCDispatcher. To keep the old behavior you must explicitly set the access policy to LegacyRPCAccessPolicy: from oslo_messaging.rpc import LegacyRPCAccessPolicy ... server = get_rpc_server(transport, target, endpoints, access_policy=LegacyRPCAccessPolicy) Reply here if you have any questions or hit any issues, thanks! -K [0] https://review.openstack.org/#/c/500456/ [1] https://bugs.launchpad.net/oslo.messaging/+bug/1194279 [2] https://bugs.launchpad.net/oslo.messaging/+bug/1555845 [3] https://review.openstack.org/#/c/358359/ [4] https://docs.openstack.org/oslo.messaging/latest/reference/server.html -- Ken Giusti (kgiu...@gmail.com) __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev