[openstack-dev] [api-wg] [api] [cinder] [nova] Support specify action name in request url

Hongbin Lu hongbin.lu at huawei.com
Fri Jan 19 19:20:11 UTC 2018

I remembered there are several discussions about action APIs in the past. This is one discussion I can find: http://lists.openstack.org/pipermail/openstack-dev/2016-December/109136.html . An obvious alternative is to expose each action with an independent API endpoint. For example:

* POST /servers/<ID>/start:            Start a server
* POST /servers/<ID>/stop:            Stop a server
* POST /servers/<ID>/reboot:        Reboot a server
* POST /servers/<ID>/pause:        Pause a server

Several people pointed out the pros and cons of either approach and other alternatives [1] [2] [3]. Eventually, we (OpenStack Zun team) have adopted the alternative approach [4] above and it works very well from my perspective. However, I understand that there is no consensus on this approach within the OpenStack community.

[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109178.html
[2] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109208.html
[3] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109248.html
[4] https://developer.openstack.org/api-ref/application-container/#manage-containers

Best regards,

From: TommyLike Hu [mailto:tommylikehu at gmail.com]
Sent: January-18-18 5:07 AM
To: OpenStack Development Mailing List (not for usage questions) <openstack-dev at lists.openstack.org>
Subject: [openstack-dev] [api-wg] [api] [cinder] [nova] Support specify action name in request url

Hey all,
   Recently We found an issue related to our OpenStack action APIs. We usually expose our OpenStack APIs by registering them to our API Gateway (for instance Kong [1]), but it becomes very difficult when regarding to action APIs. We can not register and control them seperately because them all share the same request url which will be used as the identity in the gateway service, not say rate limiting and other advanced gateway features, take a look at the basic resources in OpenStack

   1. Server: "/servers/{server_id}/action"  35+ APIs are include.
   2. Volume: "/volumes/{volume_id}/action"  14 APIs are include.
   3. Other resource

We have tried to register different interfaces with same upstream url, such as:

   api gateway: /version/resource_one/action/action1 => upstream: /version/resource_one/action
   api gateway: /version/resource_one/action/action2 => upstream: /version/resource_one/action

But it's not secure enough cause we can pass action2 in the request body while invoking /action/action1, also, try to read the full body for route is not supported by most of the api gateways(maybe plugins) and will have a performance impact when proxy. So my question is do we have any solution or suggestion for this case? Could we support specify action name both in request body and url such as:



BODY: {'extend':{}}


[1]: https://github.com/Kong/kong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180119/f870d914/attachment.html>

More information about the OpenStack-dev mailing list