Open Stack

Hey all,
   Recently We found an issue related to our OpenStack action APIs. We
usually expose our OpenStack APIs by registering them to our API Gateway
(for instance Kong [1]), but it becomes very difficult when regarding to
action APIs. We can not register and control them seperately because them
all share the same request url which will be used as the identity in the
gateway service, not say rate limiting and other advanced gateway features,
take a look at the basic resources in OpenStack

   1. *Server*: "/servers/{server_id}/action"  35+ APIs are include.
   2. *Volume*: "/volumes/{volume_id}/action"  14 APIs are include.
   3. Other resource

We have tried to register different interfaces with same upstream url, such
as:

  * api gateway*: /version/resource_one/action/action1 =>* upstream*:
/version/resource_one/action
*   api gateway*: /version/resource_one/action/action2 =>* upstream*:
/version/resource_one/action

But it's not secure enough cause we can pass action2 in the request body
while invoking /action/action1, also, try to read the full body for route
is not supported by most of the api gateways(maybe plugins) and will have a
performance impact when proxy. So my question is do we have any solution or
suggestion for this case? Could we support specify action name both in
request body and url such as:

*URL:*/volumes/{volume_id}/action
*BODY:*{'extend':{}}

and:

*URL:*/volumes/{volume_id}/action/extend
*BODY:* {'extend':{}}

Thanks
Tommy

[1]: https://github.com/Kong/kong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180118/a8cd508e/attachment.html>