Create new config for pecan debug mode
Pecan's debug mode can be terribly insecure; 500 errors return a Python traceback, the full list of environment variables, and a button to replay the request with a breakpoint. Deployers often run OpenStack services in debug mode; doing so should not open the service up to these flaws. However, it may be useful to use Pecan's debug mode in development, so create a config option to enable it, rather than disable it altogether. Change-Id: I5bc76b4101c563cdc168d2e55db060c1bdd0b5fe Closes-Bug: #1425206
This commit is contained in:
parent
9b5e8e18f4
commit
0f4d454bf2
|
@ -24,14 +24,18 @@ from ironic.api import hooks
|
|||
from ironic.api import middleware
|
||||
from ironic.common import policy
|
||||
|
||||
auth_opts = [
|
||||
api_opts = [
|
||||
cfg.StrOpt('auth_strategy',
|
||||
default='keystone',
|
||||
help='Method to use for authentication: noauth or keystone.'),
|
||||
cfg.BoolOpt('pecan_debug',
|
||||
default=False,
|
||||
help=('Enable pecan debug mode. WARNING: this is insecure '
|
||||
'and should not be used in production.')),
|
||||
]
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_opts(auth_opts)
|
||||
CONF.register_opts(api_opts)
|
||||
|
||||
|
||||
def get_pecan_config():
|
||||
|
@ -62,7 +66,7 @@ def setup_app(pecan_config=None, extra_hooks=None):
|
|||
app = pecan.make_app(
|
||||
pecan_config.app.root,
|
||||
static_root=pecan_config.app.static_root,
|
||||
debug=CONF.debug,
|
||||
debug=CONF.pecan_debug,
|
||||
force_canonical=getattr(pecan_config.app, 'force_canonical', True),
|
||||
hooks=app_hooks,
|
||||
wrap_app=middleware.ParsableErrorMiddleware,
|
||||
|
|
|
@ -12,8 +12,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo.config import cfg
|
||||
|
||||
# Server Specific Configurations
|
||||
# See https://pecan.readthedocs.org/en/latest/configuration.html#server-configuration # noqa
|
||||
server = {
|
||||
|
@ -40,5 +38,5 @@ app = {
|
|||
# WSME Configurations
|
||||
# See https://wsme.readthedocs.org/en/latest/integrate.html#configuration
|
||||
wsme = {
|
||||
'debug': cfg.CONF.debug,
|
||||
'debug': False,
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue