Make routes to the versioned discovery documents (/v2, /v2.1) go through
paste pipelines that don't require authentication, while leaving their
sub-URLs (/v2.1/servers etc) requiring authentication.
To make this work, our URLMap matcher gets support for a very
rudimentary wildcard syntax, whereby api-paste.ini can differentiate
between {/v2.1, /v2.1/} and /v2.1/$anything_else. The former points to
the unauthenticated discovery app pipeline; the latter points to the
existing "real API" pipeline. Similar for legacy v2.
This entails a slight behavior change: requests to /v2 and /v2.1 used to
302 redirect to /v2/ and /v2.1/, respectively. Now they just work.
Reviewed: https:/ /review. opendev. org/685181 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=1e907602e37 fb55bbe5a20164d b6d074f87369af
Committed: https:/
Submitter: Zuul
Branch: master
commit 1e907602e37fb55 bbe5a20164db6d0 74f87369af
Author: Eric Fried <email address hidden>
Date: Thu Sep 26 16:52:12 2019 -0500
Allow versioned discovery unauthenticated
Make routes to the versioned discovery documents (/v2, /v2.1) go through
paste pipelines that don't require authentication, while leaving their
sub-URLs (/v2.1/servers etc) requiring authentication.
To make this work, our URLMap matcher gets support for a very anything_ else. The former points to
rudimentary wildcard syntax, whereby api-paste.ini can differentiate
between {/v2.1, /v2.1/} and /v2.1/$
the unauthenticated discovery app pipeline; the latter points to the
existing "real API" pipeline. Similar for legacy v2.
This entails a slight behavior change: requests to /v2 and /v2.1 used to
302 redirect to /v2/ and /v2.1/, respectively. Now they just work.
Change-Id: Id4751501798285 0b167d5c637d93b 96ae00ba793
Closes-Bug: #1845530
Closes-Bug: #1728732