summaryrefslogtreecommitdiffstats
path: root/nova/api
diff options
context:
space:
mode:
authorChris Yeoh <cyeoh@au1.ibm.com>2013-05-17 16:53:37 +0930
committerChris Yeoh <cyeoh@au1.ibm.com>2013-06-03 14:27:41 +0930
commitbb36650f87dd4b30e9ebbbb4409444b4482338b5 (patch)
tree3775ebb20bac3b3c50d61eb8a952a56a01de2640 /nova/api
parent5ec5dbbf3034c7e092f7513272ed7faf835de550 (diff)
downloadnova-bb36650f87dd4b30e9ebbbb4409444b4482338b5.tar.gz
nova-bb36650f87dd4b30e9ebbbb4409444b4482338b5.tar.xz
nova-bb36650f87dd4b30e9ebbbb4409444b4482338b5.zip
Adds ability to black/whitelist v3 API extensions
Adds a config option which will blacklist specific v3 API extensions from being loaded even if they are detected. Adds a config option which if the list is not empty will stop any v3 API extension from being loaded unless it is in the whitelist. No filtering occurs if the whitelist is empty Creates a config option group osapi_v3 to hold the two new options and osapi_v3_enabled renamed to just enabled within the new group Partially implements blueprint v3-api-extension-framework Change-Id: Iec7fdb073b933791b0110dae485538c9080f2670
Diffstat (limited to 'nova/api')
-rw-r--r--nova/api/openstack/__init__.py50
1 files changed, 45 insertions, 5 deletions
diff --git a/nova/api/openstack/__init__.py b/nova/api/openstack/__init__.py
index c5181dd0b..96b9f5781 100644
--- a/nova/api/openstack/__init__.py
+++ b/nova/api/openstack/__init__.py
@@ -35,14 +35,25 @@ from nova import wsgi as base_wsgi
api_opts = [
- cfg.BoolOpt('osapi_v3_enabled',
+ cfg.BoolOpt('enabled',
default=False,
- help='Whether the V3 API is enabled or not')
+ help='Whether the V3 API is enabled or not'),
+ cfg.ListOpt('extensions_blacklist',
+ default=[],
+ help='A list of v3 API extensions to never load. '
+ 'Specify the extension aliases here.'),
+ cfg.ListOpt('extensions_whitelist',
+ default=[],
+ help='If the list is not empty then a v3 API extension '
+ 'will only be loaded if it exists in this list. Specify '
+ 'the extension aliases here.')
]
+api_opts_group = cfg.OptGroup(name='osapi_v3', title='API v3 Options')
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
-CONF.register_opts(api_opts)
+CONF.register_group(api_opts_group)
+CONF.register_opts(api_opts, api_opts_group)
class FaultWrapper(base_wsgi.Middleware):
@@ -239,15 +250,44 @@ class APIRouterV3(base_wsgi.Router):
if (self.init_only is None or ext.obj.alias in
self.init_only) and isinstance(ext.obj,
extensions.V3APIExtensionBase):
- return self._register_extension(ext)
+
+ # Check whitelist is either empty or if not then the extension
+ # is in the whitelist
+ if (not CONF.osapi_v3.extensions_whitelist or
+ ext.obj.alias in CONF.osapi_v3.extensions_whitelist):
+
+ # Check the extension is not in the blacklist
+ if ext.obj.alias not in CONF.osapi_v3.extensions_blacklist:
+ return self._register_extension(ext)
+ else:
+ LOG.warning(_("Not loading %s because it is "
+ "in the blacklist"), ext.obj.alias)
+ return False
+ else:
+ LOG.warning(
+ _("Not loading %s because it is not in the whitelist"),
+ ext.obj.alias)
+ return False
else:
return False
- if not CONF.osapi_v3_enabled:
+ if not CONF.osapi_v3.enabled:
LOG.warning("V3 API has been disabled by configuration")
return
self.init_only = init_only
+ LOG.debug(_("v3 API Extension Blacklist: %s"),
+ CONF.osapi_v3.extensions_blacklist)
+ LOG.debug(_("v3 API Extension Whitelist: %s"),
+ CONF.osapi_v3.extensions_whitelist)
+
+ in_blacklist_and_whitelist = set(
+ CONF.osapi_v3.extensions_whitelist).intersection(
+ CONF.osapi_v3.extensions_blacklist)
+ if len(in_blacklist_and_whitelist) != 0:
+ LOG.warning(_("Extensions in both blacklist and whitelist: %s"),
+ list(in_blacklist_and_whitelist))
+
self.api_extension_manager = stevedore.enabled.EnabledExtensionManager(
namespace=self.API_EXTENSION_NAMESPACE,
check_func=_check_load_extension,
generated by cgit (git 2.34.1) at 2026-01-07 23:56:17 +0000