Reviewed: https://review.opendev.org/685181 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=1e907602e37fb55bbe5a20164db6d074f87369af Submitter: Zuul Branch: master
commit 1e907602e37fb55bbe5a20164db6d074f87369af Author: Eric Fried <openst...@fried.cc> Date: Thu Sep 26 16:52:12 2019 -0500 Allow versioned discovery unauthenticated Make routes to the versioned discovery documents (/v2, /v2.1) go through paste pipelines that don't require authentication, while leaving their sub-URLs (/v2.1/servers etc) requiring authentication. To make this work, our URLMap matcher gets support for a very rudimentary wildcard syntax, whereby api-paste.ini can differentiate between {/v2.1, /v2.1/} and /v2.1/$anything_else. The former points to the unauthenticated discovery app pipeline; the latter points to the existing "real API" pipeline. Similar for legacy v2. This entails a slight behavior change: requests to /v2 and /v2.1 used to 302 redirect to /v2/ and /v2.1/, respectively. Now they just work. Change-Id: Id47515017982850b167d5c637d93b96ae00ba793 Closes-Bug: #1845530 Closes-Bug: #1728732 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1845530 Title: Versioned discovery endpoint should not require authentication Status in OpenStack Compute (nova): Fix Released Bug description: stack@nucle:/opt/stack/cyborg$ openstack endpoint list +----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+ <snip> | 9d483c8a6162422282514191683751cb | RegionOne | nova | compute | True | public | http://192.168.218.28/compute/v2.1 | <snip> +----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+ stack@nucle:/opt/stack/cyborg$ curl http://192.168.218.28/compute/v2.1 {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}} Discovery endpoints should not require authentication. (I'm still looking for the doc that contains this edict; but ask mordred or anyone on the api-sig.) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1845530/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp