minor improvement to the library policy to improve robustness.
Because actions by default execute in asynchronously, if we wait
to create the security group until the security group is needed,
the policy may attempt to attach to a security group before it is
created.
Change-Id: I0c2b1939c5b48d4576f821b482f120537c923808
Action execution allows using policy to trigger data source client
methods. But some of these methods require a python structure as input,
which cannot be constructed by the congress policy language.
With this patch, the policy language can construct JSON/YAML strings,
which get loaded as python structure before passing to the data source
client methods.
Because there is no automated way to know which arguments to which
methods are non-scalar structures, the functionality requires a
data source driver to specify that information in
self.method_structured_args.
The patch also other related changes:
- specifies the desired structured arguments for the
neutronv2 drivers
- omits the neutron client update_* made redundant by the special
update_resource_attr action.
- updates a policy library to make use of the feature
Depends-On: I34d1a392d4539ede01666002cfa301c21f9cd4bd
Change-Id: I33860ffdcda3e0bc67e488ff2b35bba57241cf02
This commit removes the ceilometer datasource driver support in congress, as
ceilometer API is removed in Queens release.
Reference:https://review.openstack.org/#/c/512286/
Change-Id: Ib7ade0951f8a85102d95a0f01c3d63337f6b2404
Closes-Bug: #1729761
images_permitted_by_name definition incorrectly referred
to image tags instead of image names. Fixed with this patch.
Change-Id: I0cd5e0a2049b848b498b6f1b1f4608b5b3c3f196
Because of temporarily very unstable gate so close to RC1 deadline,
aggregating several RC1 targeted changes into one patch to make
deadline.
Included changes:
Temporarily disabled replica tempest test because of instability.
Update URL home-page in documents according to document migration
Author: Luong Anh Tuan <tuanla@vn.fujitsu.com>
Policy library loads only .yaml, .yml
Also skip-continue rather than exit congress on loading failure
(for example because of incorrect format or file system error)
Update auth_url in manual testing script
To work with latest keystone/devstack.
Add sample outputs from manual testing scripts
Add documentation and update release notes for policy library
Add auto-generated config reference
Part of doc-migration work
Closes-Bug: 1706158
Change-Id: If2606739f02418d14251dccc4d3a5f9fe10ca48f
Correct wrong variable name in unprotected_ports rule.
Reduce rule comment to 255 char limit in UnsafeTraffic policy.
Change-Id: I1b0adff2740191ba0dd68d109ef9640041a40bd0
Removed column references in non-datasource tables. Not allowed.
Also renames file name from - to _ to follow convention.
Also limits rule comment to max length of 255 chars per schema/database limit
Change-Id: I306b43a53e435d27560a5438fdec4ced399735cf
Some users want the monitoring but not the remediation
Partially implements: blueprint policy-library
Partial-Bug: 1669948
Change-Id: Id14b2148f6ce41e9ffbd23d403fb4d5ebfb840da
policy that classifies security groups and extends to
network ports and compute instances.
flags security groups labeled as secure that nonetheless
allow unsafe traffic.
Partially implements: blueprint policy-library
Partial-Bug: 1669948
Change-Id: I779493a1dcf4eb4b09d2f9c28a730edd5365cfc7