From 7f2a969707b706b6877d4e278c6c1c24c035b527 Mon Sep 17 00:00:00 2001
From: Jim Rollenhagen <jim@jimrollenhagen.com>
Date: Tue, 24 Feb 2015 21:44:00 +0000
Subject: [PATCH] Create new config for pecan debug mode

Pecan's debug mode can be terribly insecure; 500 errors return a
Python traceback, the full list of environment variables, and a
button to replay the request with a breakpoint.

Deployers often run OpenStack services in debug mode; doing so should
not open the service up to these flaws. However, it may be useful
to use Pecan's debug mode in development, so create a config option
to enable it, rather than disable it altogether.

Change-Id: I5bc76b4101c563cdc168d2e55db060c1bdd0b5fe
Closes-Bug: #1425206
---
 ironic/api/app.py    | 10 +++++++---
 ironic/api/config.py |  4 +---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/ironic/api/app.py b/ironic/api/app.py
index 21945165f1..3ea3a6651c 100644
--- a/ironic/api/app.py
+++ b/ironic/api/app.py
@@ -23,14 +23,18 @@ from ironic.api import config
 from ironic.api import hooks
 from ironic.api import middleware
 
-auth_opts = [
+api_opts = [
     cfg.StrOpt('auth_strategy',
         default='keystone',
         help='Method to use for authentication: noauth or keystone.'),
+    cfg.BoolOpt('pecan_debug',
+                default=False,
+                help=('Enable pecan debug mode. WARNING: this is insecure '
+                      'and should not be used in production.')),
     ]
 
 CONF = cfg.CONF
-CONF.register_opts(auth_opts)
+CONF.register_opts(api_opts)
 
 
 def get_pecan_config():
@@ -59,7 +63,7 @@ def setup_app(pecan_config=None, extra_hooks=None):
     app = pecan.make_app(
         pecan_config.app.root,
         static_root=pecan_config.app.static_root,
-        debug=CONF.debug,
+        debug=CONF.pecan_debug,
         force_canonical=getattr(pecan_config.app, 'force_canonical', True),
         hooks=app_hooks,
         wrap_app=middleware.ParsableErrorMiddleware,
diff --git a/ironic/api/config.py b/ironic/api/config.py
index 0ea0a85251..35d4e63e30 100644
--- a/ironic/api/config.py
+++ b/ironic/api/config.py
@@ -12,8 +12,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from oslo_config import cfg
-
 # Server Specific Configurations
 # See https://pecan.readthedocs.org/en/latest/configuration.html#server-configuration # noqa
 server = {
@@ -40,5 +38,5 @@ app = {
 # WSME Configurations
 # See https://wsme.readthedocs.org/en/latest/integrate.html#configuration
 wsme = {
-    'debug': cfg.CONF.debug,
+    'debug': False,
 }