Reviewed: https://review.opendev.org/685181
Committed:
https://git.openstack.org/cgit/openstack/nova/commit/?id=1e907602e37fb55bbe5a20164db6d074f87369af
Submitter: Zuul
Branch: master
commit 1e907602e37fb55bbe5a20164db6d074f87369af
Author: Eric Fried <openst...@fried.cc>
Date: Thu Sep 26 16:52:12 2019 -0500
Allow versioned discovery unauthenticated
Make routes to the versioned discovery documents (/v2, /v2.1) go through
paste pipelines that don't require authentication, while leaving their
sub-URLs (/v2.1/servers etc) requiring authentication.
To make this work, our URLMap matcher gets support for a very
rudimentary wildcard syntax, whereby api-paste.ini can differentiate
between {/v2.1, /v2.1/} and /v2.1/$anything_else. The former points to
the unauthenticated discovery app pipeline; the latter points to the
existing "real API" pipeline. Similar for legacy v2.
This entails a slight behavior change: requests to /v2 and /v2.1 used to
302 redirect to /v2/ and /v2.1/, respectively. Now they just work.
Change-Id: Id47515017982850b167d5c637d93b96ae00ba793
Closes-Bug: #1845530
Closes-Bug: #1728732
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1845530
Title:
Versioned discovery endpoint should not require authentication
Status in OpenStack Compute (nova):
Fix Released
Bug description:
stack@nucle:/opt/stack/cyborg$ openstack endpoint list
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
| ID | Region | Service Name | Service Type
| Enabled | Interface | URL |
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
<snip>
| 9d483c8a6162422282514191683751cb | RegionOne | nova | compute
| True | public | http://192.168.218.28/compute/v2.1 |
<snip>
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
stack@nucle:/opt/stack/cyborg$ curl http://192.168.218.28/compute/v2.1
{"error": {"message": "The request you have made requires authentication.",
"code": 401, "title": "Unauthorized"}}
Discovery endpoints should not require authentication.
(I'm still looking for the doc that contains this edict; but ask
mordred or anyone on the api-sig.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1845530/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
