* Zuul deprecated (and now removed) declaring shared queues at a pipeline
level [1]. This patch fixes the syntax to make the gate work for
adjutant.
* Updates Django version to allow upper-constraints version
* Fix Django 3.2 warnings
* Fix flake8 errors
* Remove support for Python 3.6, Python 3.7
[1] https://lists.openstack.org/pipermail/openstack-discuss/2022-May/028603.html
Change-Id: Ic369b59bb062df867d78b006f06e48cf9c98a3ee
Adjutant's InviteUser action was not correctly checking inherited roles
which might allow someone to invite/create another user with roles outside
of those they inviting user can manage.
Change-Id: I1f45da4ce5ee6d1295a17767c432875c23106b15
Story: #2009326
Volumes v2 API was deprecated in pike and v3(.0)
is identical to v2 API.
v3 was introduced in Mitaka
Change-Id: I38613145ae4234956f36184eb62feb8e95647113
The feature set config group was entirely missed from the config
tree, and the group itself wasn't setup for lazy_loading despite
needing to be based on when it is meant to have config added to it.
Change-Id: Ia9569ebb76ffe91d592dbc94bc528bde4aa00fc4
The email function was incorrectly trying to get the user email
when sending out a quota update email. This has been fixed, and
a test added to confirm.
Change-Id: Id76af3ff50f752764a0ea25281443104d44adeb1
Keystone middleware sets the default identity interface as "internal".
This was causing issues with DevStack where "internal" endpoints
weren't being created.
We added a new config for interface, and have it default to 'public'.
Task: 41593
Story: 2008515
Change-Id: Ib8e546d5fbfbcb561e5b139893605d05c1a8ad62
The Nova and Neutron quota helper objects output the quota data with
the word 'secuirty' instead of 'security' in the key name. Adjutant-ui,
nova and neutron (among others) look for the keys with the correct
spelling. No other instance of the typo appears to exist in other
modules.
APIImpact: some keys returned by Adjutant are now correctly spelled
Change-Id: Idf2953027765119d70720592ccc1187472854fad
Tasks when defined can now set if they require the user submitting
a token to be authenticated.
keystone_user is now passed to actions when a token
is submitted. This requires all actions to update their submit
function, but a suitable fallthrough will exist for a cycle to
allow time.
Also fixes a minor issue around where error handling for
renamed or deprecated tasks is handled that cropped up
while testing this patch.
Change-Id: I4b51201872cb5a14f299f90e22a8b010d11a71cb
Example config generation now is in CONFspirator so we can instead
use that.
We now also natively get toml support through the new version of the
library.
Change-Id: Ic3a46d075dd83e11ee3cccc1ad2bbdb81005c60d
The task model rework has some migration ordering issues,
this fixes that and ensures action migrations don't
continue until other steps are done.
Change-Id: I3c3669a12e5d5d6b11fdf0e49b14894468287b6a
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Ida2ec7793c3863836e1c626eb72e0aa9f48b6810
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
When behind a proxy like HAProxy, we need a way to have
Django correctly know if the incoming request was actually
coming via HTTPS so when Adjutant returns generated URLs
of itself, it can correctly mark them as HTTPS.
This fixes and issue with the version URLs not being returned
as HTTPS when they should be.
Change-Id: I9824eadb9927a5d44f11c381fbe2b1576ffb66c0
Add an extra note which explains why the action
is invalid if not all roles are manageable, as
otherwise it is unclear why the action was invalid.
Change-Id: I4bc368cf16fca50135977b22c8a96aacd9740890
Introduce the concept of a feature set, which can be
registered to an entrypoint.
Rework all existing core elements into a 'core' feature
set.
Remove the ability to add in random django apps, and drop
the ablity for plugins to optionally be able to great
new DB models.
Change-Id: Idc5c3bf3facc44bb615fa4006d417d6f48a16ddc
CONFspirator was written to just specifically for Adjutant
and it allows us to do oslo.config style config management
and definition with nested groups and for yaml.
This is a major change that touches vast amounts of the
code simply because of how much the config touches.
Actions, Tasks, DelegateAPIs, and Notification Handlers
now can define config in their own class and this will
be added to the config.
All the other config is located in `adjutant.config`,
with everything now registed nicely on the config tree,
and grouped in much saner ways.
CONFspirator will also now allow Adjutant to be entirely
configured via environment variables.
We have removed `modify_dict_settings` because that is
now entirely handled by CONFspirator's test utils.
`NotificationEngine`s are now `NotificationHandler`s.
`test_settings.py` is gone! And we now have better ways
to define test settings and defaults.
Project line length bumped to 88, and bugbear added to enforce
that instead.
Story: 2004488
Change-Id: I1d97d72d06b3a3a5df90355d3a4b4fe414381424
This patch splits out the Task layer and the API
layer. This will better allow us to build more logic
into the task layer, and better allow the APIs to be
more flexible.
This sets the foundations for future additions to task
definitions, async task processing, and an overhaul of
the config system for the service.
- Task model and logic moved to 'tasks' app
- TaskViews are now DelegateAPIs
- stage email templates have been moved to the tasks app
- better define Task model indexes
- rename task/action stage pre_approve to prepare
- rename task/action stage post_approve to approve
- Added new TaskManager class for handling tasks
- Removed redundant ip_address value on Task model
- Remove redundant UserSetPassword view
- Added custom exception handling for the API
- Add new exception types
- Simplified error responses by raising exceptions
- standardized task API response codes on 202 unless
task is completed
- Use 503 Service Unavailable for service issues
- Various task_types changed:
- create_project to create_project_and_user
- invite_user to invite_user_to_project
- reset_password to reset_user_password
- edit_user to edit_user_roles
- update_email to update_user_email
- reissuing task token now deletes old task tokens
Story: 2004489
Change-Id: I33381c1c65b28b69f6ffeb3d73b50be95ee30ba7
This just gets rid of the byte part from:
default=b'default'
which exists in the initial migration file
Change-Id: I99c1625f27c4cf75cb8dedce6fdb46e70bb9c2ef
In some cases we do want to disable notifications a little more
selectively, but we should also log that we've done that in case
someone does so by accident and needs to debug.
Change-Id: I68dbf16002b9105df280261ff14de6299fe5aa78
When you are acting on a user or project with an id
there is no need for a domain_id as well, since
IDs are unique across all domains. Names are not.
Change-Id: Ib49ac4d3e1d3e0869195a67ecc922aae24e2a44e
Invite user workflow now defaults to domain_id from
the project.
Create project workflow now default to getting domain
and parent id from config.
Identity manager now has setting to flag the inability to
edit/create users, which some actions now support.
Fix an issue with email comparison when username_is_email was true.
Change-Id: I8548914e3d2283b17f3015595ea72c4c8084d7f5
Our internal auto-approval logic would approve a task before
it was even actually valid. While it would still exit and not
run, the fact that it was 'approved' still caused some minor
edge cases we want to avoid.
Change-Id: I078a56bb9647ccc7caa0485f0fa2a55d2da08048
There is a noticable delay when providing a valid username
to the password reset API. Ideally we want to fix this by handling
request in an async fashion, but that will likely have to wait
until we have moved to the planned worker/api model.
This just makes the API always take at least 3 seconds.
Change-Id: I82d46e9d64c65930dbe7d8821941ee9173431d56
Adding a validation util function to help with standardising
how we do action validation, so that validation doesn't continue
after one failure.
Change-Id: I4b46fbfa1382ca94b0821a76439675120be5af60
When Adjutant has sizes defined for a service
that isn't in all regions, we need to skip that
service when doing size comparisons if the current
usage doesn't contain that service.
Change-Id: Iea6a03d97e03501fff6e0635d079759faafbd18b
* Replaces large amounts of repeated code on the task view with a
_handle_task_error() function
* try and unify error handling to always return a list 'errors' or
a dict when specific field name errors are known.
Change-Id: I9d140db0af204524eadc4ba3a6d3eb7299b239b4
Lets set a default timestamp format for any datetime
strings we know we need to parse later. While we can always
parse the direct output of what we have now, lets control it
so we always have a valid format as expected.
Change-Id: I4af359ea30ace9361c9c5d21e91a0528076eb892