API Endpoint

Nova has a system for managing multiple APIs on different subdomains. Currently there is support for the OpenStack API, as well as the Amazon EC2 API.

Common Components

The nova.api Module

The nova.api.cloud Module

OpenStack API

The openstack Module

WSGI middleware for OpenStack API controllers.

class APIMapper(controller_scan=<function controller_scan at 0x2f171b8>, directory=None, always_scan=False, register=True, explicit=True)

Bases: routes.mapper.Mapper

APIMapper.connect(*args, **kargs)
APIMapper.routematch(url=None, environ=None)
class APIRouter(ext_mgr=None, init_only=None)

Bases: nova.wsgi.Router

Routes requests on the OpenStack API to the appropriate controller and method.

APIRouter.ExtensionManager = None
classmethod APIRouter.factory(global_config, **local_config)

Simple paste factory, nova.wsgi.Router doesn’t have one.

class APIRouterV3(init_only=None)

Bases: nova.wsgi.Router

Routes requests on the OpenStack v3 API to the appropriate controller and method.

APIRouterV3.API_EXTENSION_NAMESPACE = 'nova.api.v3.extensions'
classmethod APIRouterV3.factory(global_config, **local_config)

Simple paste factory, nova.wsgi.Router doesn’t have one.

static APIRouterV3.get_missing_core_extensions(extensions_loaded)
APIRouterV3.loaded_extension_info
class FaultWrapper(application)

Bases: nova.wsgi.Middleware

Calls down the middleware stack, making exceptions into faults.

static FaultWrapper.status_to_type(status)
class PlainMapper(controller_scan=<function controller_scan at 0x2f171b8>, directory=None, always_scan=False, register=True, explicit=True)

Bases: nova.api.openstack.APIMapper

PlainMapper.resource(member_name, collection_name, **kwargs)
class ProjectMapper(controller_scan=<function controller_scan at 0x2f171b8>, directory=None, always_scan=False, register=True, explicit=True)

Bases: nova.api.openstack.APIMapper

ProjectMapper.resource(member_name, collection_name, **kwargs)

The auth Module

class NoAuthMiddleware(application)

Bases: nova.api.openstack.auth.NoAuthMiddlewareBase

Return a fake token if one isn’t specified.

class NoAuthMiddlewareBase(application)

Bases: nova.wsgi.Middleware

Return a fake token if one isn’t specified.

NoAuthMiddlewareBase.base_call(req, project_id_in_path)
class NoAuthMiddlewareV3(application)

Bases: nova.api.openstack.auth.NoAuthMiddlewareBase

Return a fake token if one isn’t specified.

The backup_schedules Module

The faults Module

The flavors Module

The images Module

The servers Module

The sharedipgroups Module

EC2 API

The nova.api.ec2 Module

Starting point for routing EC2 requests.

class Authorizer(application)

Bases: nova.wsgi.Middleware

Authorize an EC2 API request.

Return a 401 if ec2.controller and ec2.action in WSGI environ may not be executed in nova.context.

class EC2KeystoneAuth(application)

Bases: nova.wsgi.Middleware

Authenticate an EC2 request with keystone and convert to context.

class Executor

Bases: nova.wsgi.Application

Execute an EC2 API request.

Executes ‘ec2.action’ upon ‘ec2.controller’, passing ‘nova.context’ and ‘ec2.action_args’ (all variables in WSGI environ.) Returns an XML response, or a 400 upon failure.

class FaultWrapper(application)

Bases: nova.wsgi.Middleware

Calls the middleware stack, captures any exceptions into faults.

class Lockout(application)

Bases: nova.wsgi.Middleware

Lockout for x minutes on y failed auths in a z minute period.

x = lockout_timeout flag y = lockout_window flag z = lockout_attempts flag

Uses memcached if lockout_memcached_servers flag is set, otherwise it uses a very simple in-process cache. Due to the simplicity of the implementation, the timeout window is started with the first failed request, so it will block if there are x failed logins within that period.

There is a possible race condition where simultaneous requests could sneak in before the lockout hits, but this is extremely rare and would only result in a couple of extra failed attempts.

class NoAuth(application)

Bases: nova.wsgi.Middleware

Add user:project as ‘nova.context’ to WSGI environ.

class RequestLogging(application)

Bases: nova.wsgi.Middleware

Access-Log akin logging for all EC2 API requests.

RequestLogging.log_request_completion(response, request, start)
class Requestify(app, controller)

Bases: nova.wsgi.Middleware

class Validator(application)

Bases: nova.wsgi.Middleware

Validator.validate_ec2_id(val)
ec2_error_ex(ex, req, code=None, message=None, unexpected=False)

Return an EC2 error response based on passed exception and log the exception on an appropriate log level:

  • DEBUG: expected errors
  • ERROR: unexpected errors

All expected errors are treated as client errors and 4xx HTTP status codes are always returned for them.

Unexpected 5xx errors may contain sensitive information, suppress their messages for security.

exception_to_ec2code(ex)

Helper to extract EC2 error code from exception.

For other than EC2 exceptions (those without ec2_code attribute), use exception name.

The apirequest Module

APIRequest class

class APIRequest(controller, action, version, args)

Bases: object

APIRequest.invoke(context)

The cloud Module

Cloud Controller: Implementation of EC2 REST API calls, which are dispatched to other nodes via AMQP RPC. State is via distributed datastore.

class CloudController

Bases: object

CloudController provides the critical dispatch between inbound API calls through the endpoint and messages sent to the other nodes.

CloudController.allocate_address(context, **kwargs)
CloudController.associate_address(context, instance_id, public_ip, **kwargs)
CloudController.attach_volume(context, volume_id, instance_id, device, **kwargs)
CloudController.authorize_security_group_ingress(context, group_name=None, group_id=None, **kwargs)
CloudController.create_image(context, instance_id, **kwargs)
CloudController.create_key_pair(context, key_name, **kwargs)
CloudController.create_security_group(context, group_name, group_description)
CloudController.create_snapshot(context, volume_id, **kwargs)
CloudController.create_tags(context, **kwargs)

Add tags to a resource

Returns True on success, error on failure.

Parameters:context – context under which the method is called
CloudController.create_volume(context, **kwargs)
CloudController.delete_key_pair(context, key_name, **kwargs)
CloudController.delete_security_group(context, group_name=None, group_id=None, **kwargs)
CloudController.delete_snapshot(context, snapshot_id, **kwargs)
CloudController.delete_tags(context, **kwargs)

Delete tags

Returns True on success, error on failure.

Parameters:context – context under which the method is called
CloudController.delete_volume(context, volume_id, **kwargs)
CloudController.deregister_image(context, image_id, **kwargs)
CloudController.describe_addresses(context, public_ip=None, **kwargs)
CloudController.describe_availability_zones(context, **kwargs)
CloudController.describe_image_attribute(context, image_id, attribute, **kwargs)
CloudController.describe_images(context, image_id=None, **kwargs)
CloudController.describe_instance_attribute(context, instance_id, attribute, **kwargs)
CloudController.describe_instances(context, **kwargs)
CloudController.describe_instances_v6(context, **kwargs)
CloudController.describe_key_pairs(context, key_name=None, **kwargs)
CloudController.describe_regions(context, region_name=None, **kwargs)
CloudController.describe_security_groups(context, group_name=None, group_id=None, **kwargs)
CloudController.describe_snapshots(context, snapshot_id=None, owner=None, restorable_by=None, **kwargs)
CloudController.describe_tags(context, **kwargs)

List tags

Returns a dict with a single key ‘tagSet’ on success, error on failure.

Parameters:context – context under which the method is called
CloudController.describe_volumes(context, volume_id=None, **kwargs)
CloudController.detach_volume(context, volume_id, **kwargs)
CloudController.disassociate_address(context, public_ip, **kwargs)
CloudController.get_console_output(context, instance_id, **kwargs)
CloudController.get_password_data(context, instance_id, **kwargs)
CloudController.import_key_pair(context, key_name, public_key_material, **kwargs)
CloudController.modify_image_attribute(context, image_id, attribute, operation_type, **kwargs)
CloudController.reboot_instances(context, instance_id, **kwargs)

instance_id is a list of instance ids.

CloudController.register_image(context, image_location=None, **kwargs)
CloudController.release_address(context, public_ip, **kwargs)
CloudController.revoke_security_group_ingress(context, group_name=None, group_id=None, **kwargs)
CloudController.run_instances(context, **kwargs)
CloudController.start_instances(context, instance_id, **kwargs)

Start each instances in instance_id. Here instance_id is a list of instance ids

CloudController.stop_instances(context, instance_id, **kwargs)

Stop each instances in instance_id. Here instance_id is a list of instance ids

CloudController.terminate_instances(context, instance_id, **kwargs)

Terminate each instance in instance_id, which is a list of ec2 ids. instance_id is a kwarg so its name cannot be modified.

CloudController.update_image(context, image_id, **kwargs)
class CloudSecurityGroupNeutronAPI

Bases: nova.api.ec2.cloud.EC2SecurityGroupExceptions, nova.network.security_group.neutron_driver.SecurityGroupAPI

class CloudSecurityGroupNovaAPI(**kwargs)

Bases: nova.api.ec2.cloud.EC2SecurityGroupExceptions, nova.compute.api.SecurityGroupAPI

class EC2SecurityGroupExceptions

Bases: object

static EC2SecurityGroupExceptions.raise_group_already_exists(msg)
static EC2SecurityGroupExceptions.raise_invalid_cidr(cidr, decoding_exception=None)
static EC2SecurityGroupExceptions.raise_invalid_group(msg)
static EC2SecurityGroupExceptions.raise_invalid_property(msg)
static EC2SecurityGroupExceptions.raise_not_found(msg)
static EC2SecurityGroupExceptions.raise_over_quota(msg)
get_cloud_security_group_api()
validate_ec2_id(val)

The images Module

The metadatarequesthandler Module

Tests

The api_unittest Module

The api_integration Module

The cloud_unittest Module

The api.fakes Module

The api.test_wsgi Module

The test_api Module

The test_auth Module

The test_faults Module

The test_flavors Module

The test_images Module

The test_servers Module

The test_sharedipgroups Module