[openstack-dev] [nova] policy names for API extensions

Christopher Yeoh cbkyeoh at gmail.com
Fri May 24 04:29:43 UTC 2013


Hi,

I've noticed that the names for authorisation in the policy.json file for
an API extension generally isn't the same as any of the fields in the
extension definition. For example, for the Fixed IPs extension we have:

authorize = extensions.extension_authorizer('compute', 'fixed_ips')
name = "FixedIPs"
alias = "os-fixed-ips"

for floating ips:

authorize = extensions.extension_authorizer('compute', 'floating_ips')
name = "FloatingIps"
alias = "os-floating-ips"

for flavorextradata:

authorize = extensions.soft_extension_authorizer('compute',
'flavorextradata')
name = "FlavorExtraData"
alias = "OS-FLV-EXT-DATA"

This causes a couple of problems. It increases the probability of an
accidental name collision and with V3 making it much easier to keep API
extensions out of tree this we can't rely on code reviews always picking
this up and can't pick up clashes easily at runtime. Secondly to implement
https://blueprints.launchpad.net/nova/+spec/nova-v3-api-filter and keep the
policy naming for an API extension self consistent it needs to be based on
something in the extension.

What I'd like to do for only the V3 API is to change the convention so the
name used for an extension's policy to be the same as the alias definition.
This would make things more difficult for a Grizzly->Havana upgrade, but
long term I think its worth it.

Any comments?

Regards,

Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130524/0645a417/attachment.html>


More information about the OpenStack-dev mailing list