Remove Location header from createImage and createBackup responses¶
https://blueprints.launchpad.net/nova/+spec/remove-create-image-location-header-response
The createImage and createBackup APIs return a Location header in the response which is a URL pointing at what is most likely an internal Glance API server, and is therefore not accessible to the end user. The URL is also not versioned for the Image service, so unless the cloud provides an alias, the URL is wrong anyway. This spec proposes to replace the Location header with a simple response body json dict that contains the image_id for the snapshot image.
Problem description¶
The createImage and createBackup APIs return a Location header in the
response which is built from the CONF.glance.api_servers configuration
within Nova that is most likely using internal addresses for Glance, making it
unusable for the end user.
Client code like Tempest [1] and python-novaclient [2] have always ignored
the Location header in the response and just parsed the URL to get the image ID
and use it for their own GET /v2/images/{image_id} request.
Also, the URL in the Location header response is unversioned, but reading the
image service API reference docs for the versions document and the examples,
there is always a versioned prefix on the URL, e.g. GET /v1/images or
GET /v2/images. The fact the URL returned from nova is unversioned likely
means this is a legacy artifact before Glance was split out from Nova.
Use Cases¶
As a user, I want to be able to use an accurate response from the createImage and createBackup APIs to poll the status on the created snapshot image in the Image service.
Proposed change¶
This blueprint proposes to remove the Location header in the response and just return the image_id in a response body dict with a new microversion for the createImage and createBackup APIs.
Alternatives¶
We could change the code that generates the Location header URL to use the public interface for the image service type in the service catalog. This would require more work since we would have to likely make the interface to use configurable. Also, given how many client libraries are already ignoring the Location header and not using it directly, but instead just parsing the image ID from the URL, we can create a cleaner break from the broken behavior of the past by returning a simple json response body with the value consumers actually care about.
Data model impact¶
None
REST API impact¶
In a microversion, the response for the createImage and createBackup server action APIs will replace the Location header with a json dict response body that contains a single image_id key mapped to the snapshot image ID (uuid) created.
So rather than return a response with a header like:
Location: http://172.21.1.10:9292/images/f5d5b63b-e710-4d59-aa12-a9bd42f6652a
We will return a response with a body like:
{
'image_id': 'f5d5b63b-e710-4d59-aa12-a9bd42f6652a'
}
Security impact¶
None. This is arguably more secure since we would no longer be leaking internal Glance API server IPs out of the public compute REST API.
Notifications impact¶
None. There are actually compute.instance.snapshot.start and
compute.instance.snapshot.end notifications but they do not actually
contain the snapshot image ID, for whatever reason, so there is no impact to
those existing notifications.
Other end user impact¶
python-novaclient will need to be updated to handle the change in response
format in the microversion for the nova image-create CLI.
The nova backup CLI in python-novaclient does not currently parse the
Location header from the server response to print the snapshot image ID, so
there are no changes to python-novaclient for the createBackup change.
Performance Impact¶
None
Other deployer impact¶
None
Developer impact¶
None
Implementation¶
Assignee(s)¶
- Primary assignee:
Matt Riedemann (mriedem)
Work Items¶
Add the microversion response change to the createImage and createBackup server action APIs.
Update documentation, including making a note in the API reference docs that the Location header in the response before the microversion is likely broken.
Dependencies¶
None
Testing¶
Unit and functional (API samples) tests as normal.
Since the createImage and createBackup APIs currently do not return a response body there is not actually an existing response schema validation check in Tempest, so one would have to be added.
Documentation Impact¶
The createImage and createBackup API reference documentation will be updated.
References¶
This originally came up as a bug: https://bugs.launchpad.net/nova/+bug/1679285
History¶
Release Name |
Description |
|---|---|
Pike |
Introduced |
