[openstack-dev] [cinder] adding a new /v3 endpoint for api-microversions
Sean Dague
sean at dague.net
Fri Feb 19 16:28:09 UTC 2016
On 02/19/2016 11:20 AM, Sean McGinnis wrote:
> On Fri, Feb 19, 2016 at 10:57:38AM -0500, Sean Dague wrote:
>> The concern as I understand it is that by extending the v2 API with
>> microversions the following failure scenario exists
>>
>> If:
>>
>> 1) a client already is using the /v2 API
>> 2) a client opt's into using microversions on /v2
>> 3) that client issues a request on a Cinder API v2 endpoint without
>> microversion support
>> 4) that client fails check if micoversions are supported by a GET of /v2
>> or by checking the return of the OpenStack-API-Version return header
>> 5) that client issues a request against a resource on /v2 with
>> parameters that would create a radically different situation that would
>> be hard to figure out later.
>>
>> And, only if all these things happen is there a concern.
>
> I think it's actually even simpler than that. And possibly therefore
> more likely to actually happen in the wild.
>
> 1) a client already is using microversions
But, there are no such clients today. And there is no library that does
this yet. It will be 4 - 6 months (or even more likely 12+) until that's
in the ecosystem. Which is why adding the header validation to existing
v2 API, and backporting to liberty / kilo, will provide really
substantial coverage for the concern the bswartz is bringing forward.
-Sean
--
Sean Dague
http://dague.net
More information about the OpenStack-dev
mailing list