Create new config for pecan debug mode

Pecan's debug mode can be terribly insecure; 500 errors return a Python traceback, the full list of environment variables, and a button to replay the request with a breakpoint. Deployers often run OpenStack services in debug mode; doing so should not open the service up to these flaws. However, it may be useful to use Pecan's debug mode in development, so create a config option to enable it, rather than disable it altogether. Change-Id: I5bc76b4101c563cdc168d2e55db060c1bdd0b5fe Closes-Bug: #1425206
2015-02-24 21:44:00 +00:00 · 2015-02-24 21:44:00 +00:00 · 7f2a969707
parent 4c318e107b
commit 7f2a969707
2 changed files with 8 additions and 6 deletions
--- a/ironic/api/app.py
+++ b/ironic/api/app.py
@ -23,14 +23,18 @@ from ironic.api import config
 from ironic.api import hooks
 from ironic.api import middleware

-auth_opts = [
+api_opts = [
    cfg.StrOpt('auth_strategy',
        default='keystone',
        help='Method to use for authentication: noauth or keystone.'),
+    cfg.BoolOpt('pecan_debug',
+                default=False,
+                help=('Enable pecan debug mode. WARNING: this is insecure '
+                      'and should not be used in production.')),
    ]

 CONF = cfg.CONF
-CONF.register_opts(auth_opts)
+CONF.register_opts(api_opts)


 def get_pecan_config():
@ -59,7 +63,7 @@ def setup_app(pecan_config=None, extra_hooks=None):
    app = pecan.make_app(
        pecan_config.app.root,
        static_root=pecan_config.app.static_root,
-        debug=CONF.debug,
+        debug=CONF.pecan_debug,
        force_canonical=getattr(pecan_config.app, 'force_canonical', True),
        hooks=app_hooks,
        wrap_app=middleware.ParsableErrorMiddleware,
--- a/ironic/api/config.py
+++ b/ironic/api/config.py
@ -12,8 +12,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-from oslo_config import cfg
-
 # Server Specific Configurations
 # See https://pecan.readthedocs.org/en/latest/configuration.html#server-configuration # noqa
 server = {
@ -40,5 +38,5 @@ app = {
 # WSME Configurations
 # See https://wsme.readthedocs.org/en/latest/integrate.html#configuration
 wsme = {
-    'debug': cfg.CONF.debug,
+    'debug': False,
 }