[openstack-dev] [Oslo][oslo.messaging][all] Notice: upcoming change to oslo.messaging RPC server
glongwave at gmail.com
Thu Sep 28 12:11:08 UTC 2017
Ken, thanks for raising this , Oslo team will send notice early when we
have major changes like this .
2017-09-27 4:17 GMT+08:00 Ken Giusti <kgiusti at gmail.com>:
> Hi Folks,
> Just a head's up:
> In Queens the default access policy for RPC Endpoints will change from
> LegacyRPCAccessPolicy to DefaultRPCAccessPolicy. RPC calls to private
> ('_' prefix) methods will no longer be possible. If you want to allow
> RPC Clients to invoke private methods, you must explicitly set the
> access_policy to LegacyRPCAccessPolicy when you call get_rpc_server()
> or instantiate an RPCDispatcher. This change  has been merged to
> oslo.messaging master and will appear in the next release of
> "Umm.... What?"
> Good question! Here's the TL;DR details:
> Since forever it's been possible for a client to make an RPC call
> against _any_ method defined in the RPC Endpoint object. And by "any"
> we mean "all methods including private ones (method names prefixed by
> '_' )"
> Naturally this ability came as a surprise many folk , including
> yours truly and others on the oslo team . It was agreed that
> having this be the default behavior was indeed A Bad Thing.
> So starting in Ocata oslo.messaging has provided a means for
> controlling access to Endpoint methods . Oslo.messaging now
> defines three different "access control policies" that can be applied
> to an RPC Server:
> LegacyRPCAccessPolicy: original behavior - any method can be invoked
> by an RPC client
> DefaultRPCAccessPolicy: prevent RPC access to private '_' methods, all
> others may be invoked
> ExplicitRPCAccessPolicy: only allow access to those methods that have
> been decorated with @expose decorator
> See  for more details.
> In order not to break anything at the time the default access policy
> was set to 'LegacyRPCAccessPolicy'. This has been the default for
> Ocata and Pike.
> Starting in Queens this will no longer be the case.
> DefaultRPCAccessPolicy will become the default if no access policy is
> specified when calling get_rpc_server() or directly instantiating an
> RPCDispatcher. To keep the old behavior you must explicitly set the
> access policy to LegacyRPCAccessPolicy:
> from oslo_messaging.rpc import LegacyRPCAccessPolicy
> server = get_rpc_server(transport, target, endpoints,
> Reply here if you have any questions or hit any issues, thanks!
>  https://review.openstack.org/#/c/500456/
>  https://bugs.launchpad.net/oslo.messaging/+bug/1194279
>  https://bugs.launchpad.net/oslo.messaging/+bug/1555845
>  https://review.openstack.org/#/c/358359/
>  https://docs.openstack.org/oslo.messaging/latest/reference/server.html
> Ken Giusti (kgiusti at gmail.com)
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
Community Director @EasyStack
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev