Merge "Enable admin access to EC2 API server"

author: Jenkins <jenkins@review.openstack.org> 2011-11-03 14:45:11 +0000
committer: Gerrit Code Review <review@openstack.org> 2011-11-03 14:45:11 +0000
commit: 82460d4a794bbde75c22f08277e4c6af1f6eb001 (patch)
tree: 2e423954f5874aa7cdde0565e23257dc0df6a023 /nova/api
parent: bed85c136892ac0089393aa76c1f55d551cdb457 (diff)
parent: c095b70179cfb926f6acf947f205e3584717b6e0 (diff)
2 files changed, 17 insertions, 1 deletions
diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
index 4b4c0f536..fde1377db 100644
--- a/nova/api/ec2/__init__.py
+++ b/nova/api/ec2/__init__.py
@@ -391,6 +391,10 @@ class Executor(wsgi.Application):
             LOG.info(_('NotAuthorized raised: %s'), unicode(ex),
                     context=context)
             return self._error(req, context, type(ex).__name__, unicode(ex))
+        except exception.InvalidRequest as ex:
+            LOG.debug(_('InvalidRequest raised: %s'), unicode(ex),
+                     context=context)
+            return self._error(req, context, type(ex).__name__, unicode(ex))
         except Exception as ex:
             extra = {'environment': req.environ}
             LOG.exception(_('Unexpected error raised: %s'), unicode(ex),
diff --git a/nova/api/ec2/apirequest.py b/nova/api/ec2/apirequest.py
index 9a3e55925..61b5ba3a5 100644
--- a/nova/api/ec2/apirequest.py
+++ b/nova/api/ec2/apirequest.py
@@ -24,10 +24,14 @@ import datetime
 # TODO(termie): replace minidom with etree
 from xml.dom import minidom
 
+from nova import flags
 from nova import log as logging
+from nova import exception
 from nova.api.ec2 import ec2utils
+from nova.api.ec2.admin import AdminController
 
 LOG = logging.getLogger("nova.api.request")
+FLAGS = flags.FLAGS
 
 
 def _underscore_to_camelcase(str):
@@ -53,6 +57,14 @@ class APIRequest(object):
 
     def invoke(self, context):
         try:
+            # Raise NotImplemented exception for Admin specific request if
+            # admin flag is set to false in nova.conf
+            if (isinstance(self.controller, AdminController) and
+                          (not FLAGS.allow_ec2_admin_api)):
+                ## Raise InvalidRequest exception for EC2 Admin interface ##
+                LOG.exception("Unsupported API request")
+                raise exception.InvalidRequest()
+
             method = getattr(self.controller,
                              ec2utils.camelcase_to_underscore(self.action))
         except AttributeError:
@@ -63,7 +75,7 @@ class APIRequest(object):
             LOG.exception(_error)
             # TODO: Raise custom exception, trap in apiserver,
             #       and reraise as 400 error.
-            raise Exception(_error)
+            raise exception.InvalidRequest()
 
         args = ec2utils.dict_from_dotted_str(self.args.items())
author	Jenkins <jenkins@review.openstack.org>	2011-11-03 14:45:11 +0000
committer	Gerrit Code Review <review@openstack.org>	2011-11-03 14:45:11 +0000
commit	82460d4a794bbde75c22f08277e4c6af1f6eb001 (patch)
tree	2e423954f5874aa7cdde0565e23257dc0df6a023 /nova/api
parent	bed85c136892ac0089393aa76c1f55d551cdb457 (diff)
parent	c095b70179cfb926f6acf947f205e3584717b6e0 (diff)