[openstack-dev] [nova] policy names for API extensions

Russell Bryant rbryant at redhat.com
Fri May 24 16:50:17 UTC 2013 

On 05/24/2013 08:27 AM, Andrew Laski wrote:
> On 05/24/13 at 01:59pm, Christopher Yeoh wrote:
>> Hi,
>>
>> I've noticed that the names for authorisation in the policy.json file for
>> an API extension generally isn't the same as any of the fields in the
>> extension definition. For example, for the Fixed IPs extension we have:
>>
>> authorize = extensions.extension_authorizer('compute', 'fixed_ips')
>> name = "FixedIPs"
>> alias = "os-fixed-ips"
>>
>> for floating ips:
>>
>> authorize = extensions.extension_authorizer('compute', 'floating_ips')
>> name = "FloatingIps"
>> alias = "os-floating-ips"
>>
>> for flavorextradata:
>>
>> authorize = extensions.soft_extension_authorizer('compute',
>> 'flavorextradata')
>> name = "FlavorExtraData"
>> alias = "OS-FLV-EXT-DATA"
>>
>> This causes a couple of problems. It increases the probability of an
>> accidental name collision and with V3 making it much easier to keep API
>> extensions out of tree this we can't rely on code reviews always picking
>> this up and can't pick up clashes easily at runtime. Secondly to
>> implement
>> https://blueprints.launchpad.net/nova/+spec/nova-v3-api-filter and
>> keep the
>> policy naming for an API extension self consistent it needs to be
>> based on
>> something in the extension.
>>
>> What I'd like to do for only the V3 API is to change the convention so
>> the
>> name used for an extension's policy to be the same as the alias
>> definition.
>> This would make things more difficult for a Grizzly->Havana upgrade, but
>> long term I think its worth it.
>>
>> Any comments?
> 
> I like this idea and think it's worth doing for the reasons you
> mentioned, so +1 from me.  It will require some documentation and
> affects moving from v2 to v3 but it shouldn't affect anyone using v2 in
> Grizzly or Havana.

I'm ok with it.  To take it a bit further, should the policies be
namespaced by the API version?  So, not "OS-FLV-EXT-DATA", but
"v3:OS-FLV-EXT-DATA" ?

I think that would help more clearly separate the policy definitions for
v2 vs v3.  I think if any of the policies are going to be separate in v3
for the name change, we should completely separate it.

> And if that's going to change, does it make sense to standardize a bit
> on alias definitions?  At the very least maybe pick a consistent case,
> which doesn't necessarily need to match the lowercase policies.

Yes, that'd be nice.

-- 
Russell Bryant

More information about the OpenStack-dev mailing list