Disable v3 API by default

Since v3 is still unstable and has experimental status it's better to disable it by default for security reasons. This commit does it by setting 'enable_v3_api=False'. Also all required documentation was added to related sections. DocImpact Change-Id: I412d0645d667400333532123008a24966aa23880
2015-08-21 19:36:42 +03:00 · 2015-08-21 19:36:42 +03:00 · 6fe3626bb5
parent d5a8c91d2f
commit 6fe3626bb5
7 changed files with 31 additions and 31 deletions
--- a/doc/source/configuring.rst
+++ b/doc/source/configuring.rst
@ -1325,9 +1325,9 @@ Optional. Default: ``True``
 Defines which version(s) of the Registry API will be enabled.
 If the Glance API server parameter ``enable_v1_api`` has been set to ``True`` the
 ``enable_v1_registry`` has to be ``True`` as well.
-If the Glance API server parameter ``enable_v2_api`` has been set to ``True`` and
-the parameter ``data_api`` has been set to ``glance.db.registry.api`` the
-``enable_v2_registry`` has to be set to ``True``
+If the Glance API server parameter ``enable_v2_api`` or ``enable_v3_api`` has been
+set to ``True`` and the parameter ``data_api`` has been set to
+``glance.db.registry.api`` the ``enable_v2_registry`` has to be set to ``True``


 Configuring Notifications
@ -1382,9 +1382,9 @@ Optional. Default: ``roles``.
 Configuring Glance APIs
 -----------------------

-The glance-api service implements versions 1 and 2 of the OpenStack
-Images API. Disable either version of the Images API using the
-following options:
+The glance-api service implements versions 1, 2 and 3 of
+the OpenStack Images API. Disable any version of
+the Images API using the following options:

 * ``enable_v1_api=<True|False>``

@ -1394,11 +1394,12 @@ Optional. Default: ``True``

 Optional. Default: ``True``

-**IMPORTANT NOTE**: The v1 API is implemented on top of the
-glance-registry service while the v2 API is not. This means that
-in order to use the v2 API, you must copy the necessary sql
-configuration from your glance-registry service to your
-glance-api configuration file.
+* ``enable_v3_api=<True|False>``
+
+Optional. Default: ``False``
+
+**IMPORTANT NOTE**: To use v2 registry in v2 or v3 API, you must set
+``data_api`` to glance.db.registry.api in glance-api.conf.

 Configuring Glance Tasks
 ------------------------
--- a/etc/glance-api.conf
+++ b/etc/glance-api.conf
@ -64,6 +64,9 @@ backlog = 4096
 # Allow access to version 2 of glance api
 #enable_v2_api = True

+# Allow access to version 3 of glance api
+#enable_v3_api = False
+
 # Return the URL that references where the data is stored on
 # the backend storage system.  For example, if using the
 # file system store a URL of 'file:///path/to/image' will
--- a/glance/api/init.py
+++ b/glance/api/init.py
@ -20,10 +20,10 @@ CONF = cfg.CONF


 def root_app_factory(loader, global_conf, **local_conf):
-    if not CONF.enable_v1_api:
+    if not CONF.enable_v1_api and '/v1' in local_conf:
        del local_conf['/v1']
-    if not CONF.enable_v2_api:
+    if not CONF.enable_v2_api and '/v2' in local_conf:
        del local_conf['/v2']
-    if not CONF.enable_v3_api:
+    if not CONF.enable_v3_api and '/v3' in local_conf:
        del local_conf['/v3']
    return paste.urlmap.urlmap_factory(loader, global_conf, **local_conf)
--- a/glance/common/config.py
+++ b/glance/common/config.py
@ -150,7 +150,7 @@ common_opts = [
                help=_("Deploy the v1 OpenStack Images API.")),
    cfg.BoolOpt('enable_v2_api', default=True,
                help=_("Deploy the v2 OpenStack Images API.")),
-    cfg.BoolOpt('enable_v3_api', default=True,
+    cfg.BoolOpt('enable_v3_api', default=False,
                help=_("Deploy the v3 OpenStack Objects API.")),
    cfg.BoolOpt('enable_v1_registry', default=True,
                help=_("Deploy the v1 OpenStack Registry API.")),
--- a/glance/tests/integration/legacy_functional/base.py
+++ b/glance/tests/integration/legacy_functional/base.py
@ -55,6 +55,7 @@ paste.composite_factory = glance.api:root_app_factory
 /: apiversions
 /v1: apiv1app
 /v2: apiv2app
+/v3: apiv3app

 [app:apiversions]
 paste.app_factory = glance.api.versions:create_resource
@ -65,6 +66,9 @@ paste.app_factory = glance.api.v1.router:API.factory
 [app:apiv2app]
 paste.app_factory = glance.api.v2.router:API.factory

+[app:apiv3app]
+paste.app_factory = glance.api.v3.router:API.factory
+
 [filter:versionnegotiation]
 paste.filter_factory =
 glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
--- a/glance/tests/integration/v2/base.py
+++ b/glance/tests/integration/v2/base.py
@ -58,6 +58,7 @@ paste.composite_factory = glance.api:root_app_factory
 /: apiversions
 /v1: apiv1app
 /v2: apiv2app
+/v3: apiv3app

 [app:apiversions]
 paste.app_factory = glance.api.versions:create_resource
@ -68,6 +69,9 @@ paste.app_factory = glance.api.v1.router:API.factory
 [app:apiv2app]
 paste.app_factory = glance.api.v2.router:API.factory

+[app:apiv3app]
+paste.app_factory = glance.api.v3.router:API.factory
+
 [filter:versionnegotiation]
 paste.filter_factory =
 glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
--- a/glance/tests/unit/test_versions.py
+++ b/glance/tests/unit/test_versions.py
@ -34,12 +34,6 @@ class VersionsTest(base.IsolatedUnitTest):
        self.assertEqual('application/json', res.content_type)
        results = jsonutils.loads(res.body)['versions']
        expected = [
-            {
-                'status': 'EXPERIMENTAL',
-                'id': 'v3.0',
-                'links': [{'href': 'http://127.0.0.1:9292/v3/',
-                           'rel': 'self'}],
-            },
            {
                'id': 'v2.3',
                'status': 'CURRENT',
@ -89,12 +83,6 @@ class VersionsTest(base.IsolatedUnitTest):
        self.assertEqual('application/json', res.content_type)
        results = jsonutils.loads(res.body)['versions']
        expected = [
-            {
-                'status': 'EXPERIMENTAL',
-                'id': 'v3.0',
-                'links': [{'href': 'https://example.com:9292/v3/',
-                           'rel': 'self'}],
-            },
            {
                'id': 'v2.3',
                'status': 'CURRENT',
@ -184,13 +172,13 @@ class VersionNegotiationTest(base.IsolatedUnitTest):

    def test_request_url_v3(self):
        request = webob.Request.blank('/v3/artifacts')
-        self.middleware.process_request(request)
-        self.assertEqual('/v3/artifacts', request.path_info)
+        resp = self.middleware.process_request(request)
+        self.assertIsInstance(resp, versions.Controller)

    def test_request_url_v3_0(self):
        request = webob.Request.blank('/v3.0/artifacts')
-        self.middleware.process_request(request)
-        self.assertEqual('/v3/artifacts', request.path_info)
+        resp = self.middleware.process_request(request)
+        self.assertIsInstance(resp, versions.Controller)

    def test_request_url_v2_3_unsupported(self):
        request = webob.Request.blank('/v2.3/images')