Commit Graph

32 Commits

Author SHA1 Message Date
Nate Johnston bba805af02 Retire the Congress project
Recently the TC has worked on determining the criteria for when an
OpenStack project should be retired.  When there was not a PTL nominee
for the Congress project, that triggered the TC to review the project
health per [1], and the TC has determined [2] that development work on
the project has ceased.  This decision was announced in the
openstack-discuss mailing list in April 2020 [3].

This commit retires the repository per the process for governance
removal in the Victoria cycle as specified in the Mandatory Repository
Retirement resolution [4] and detailed in the infra manual [5].

Should interest in developing Congress as part of OpenStack revive,
please revert this commit to have the project rejoin the list of active
projects.

The community wishes to express our thanks and appreciation to all of
those who have contributed to the Congress project over the years.

[1] https://governance.openstack.org/tc/reference/dropping-projects.html
[2] http://eavesdrop.openstack.org/irclogs/%23openstack-tc/latest.log.html#t2020-04-20T15:36:59
[3] http://lists.openstack.org/pipermail/openstack-discuss/2020-April/014292.html
[4] https://governance.openstack.org/tc/resolutions/20190711-mandatory-repository-retirement.html
[5] https://docs.opendev.org/opendev/infra-manual/latest/drivers.html#retiring-a-project

Change-Id: I21c9ab9820f78cf76adf11c5f0591c60f76372a8
2020-05-28 18:12:16 +02:00
Eric K c77c8dcf97 library policy create security groups up-front
minor improvement to the library policy to improve robustness.
Because actions by default execute in asynchronously, if we wait
to create the security group until the security group is needed,
the policy may attempt to attach to a security group before it is
created.

Change-Id: I0c2b1939c5b48d4576f821b482f120537c923808
2018-08-03 05:19:32 +00:00
Eric K 24268428e0 Load JSON/YAML string to structure for datasource action execution
Action execution allows using policy to trigger data source client
methods. But some of these methods require a python structure as input,
which cannot be constructed by the congress policy language.

With this patch, the policy language can construct JSON/YAML strings,
which get loaded as python structure before passing to the data source
client methods.

Because there is no automated way to know which arguments to which
methods are non-scalar structures, the functionality requires a
data source driver to specify that information in
self.method_structured_args.

The patch also other related changes:
- specifies the desired structured arguments for the
neutronv2 drivers
- omits the neutron client update_* made redundant by the special
update_resource_attr action.
- updates a policy library to make use of the feature

Depends-On: I34d1a392d4539ede01666002cfa301c21f9cd4bd

Change-Id: I33860ffdcda3e0bc67e488ff2b35bba57241cf02
2018-07-22 17:17:07 +00:00
Eric K 71afca0ebe Update and fix tag-based policy in library
Change-Id: I0c5090e5518ee585b5fccb85e5f4612750c6d9e9
2018-05-11 10:46:55 -07:00
melissaml 245c499fd1 Trivial: Update pypi url to new url
Pypi url changed from [1] to [2]

[1] https://pypi.python.org/pypi/<package>
[2] https://pypi.org/project/<package>

Change-Id: I4747ffe5ade2b3ea764f2f65a7e3b9b34c51e004
2018-04-21 02:58:59 +08:00
Eric Kao fa10dbc919 Library policy for tag-based network security zone
Change-Id: I0233d1560169605be8aa51a79d0e71ff596568ea
2017-12-12 16:11:11 -08:00
Anusha Ramineni b72ae35044 Remove ceilometer datasource driver from congress
This commit removes the ceilometer datasource driver support in congress, as
ceilometer API is removed in Queens release.
Reference:https://review.openstack.org/#/c/512286/

Change-Id: Ib7ade0951f8a85102d95a0f01c3d63337f6b2404
Closes-Bug: #1729761
2017-11-07 09:21:33 +05:30
Eric Kao da43f70a82 Fix rule in permitted image library policy
images_permitted_by_name definition incorrectly referred
to image tags instead of image names. Fixed with this patch.

Change-Id: I0cd5e0a2049b848b498b6f1b1f4608b5b3c3f196
2017-10-31 19:00:48 +00:00
Eric Kao 5e5a02418f Final changes for pike RC1
Because of temporarily very unstable gate so close to RC1 deadline,
aggregating several RC1 targeted changes into one patch to make
deadline.

Included changes:
Temporarily disabled replica tempest test because of instability.

Update URL home-page in documents according to document migration
Author: Luong Anh Tuan <tuanla@vn.fujitsu.com>

Policy library loads only .yaml, .yml
Also skip-continue rather than exit congress on loading failure
(for example because of incorrect format or file system error)

Update auth_url in manual testing script
To work with latest keystone/devstack.

Add sample outputs from manual testing scripts

Add documentation and update release notes for policy library

Add auto-generated config reference
Part of doc-migration work

Closes-Bug: 1706158

Change-Id: If2606739f02418d14251dccc4d3a5f9fe10ca48f
2017-08-10 08:32:51 -07:00
Jenkins 243acb5d3b Merge "Fix lib policies SecurityGroups and UnsafeTraffic" 2017-08-03 18:58:04 +00:00
Jenkins f17456382c Merge "Fix CrossProjectNetwork lib policy" 2017-08-03 08:25:48 +00:00
Jenkins f48d0091ad Merge "Fix network gateway lib policy syntax" 2017-08-03 03:56:59 +00:00
Eric Kao 58d04ef53c Fix lib policies SecurityGroups and UnsafeTraffic
Correct wrong variable name in unprotected_ports rule.
Reduce rule comment to 255 char limit in UnsafeTraffic policy.

Change-Id: I1b0adff2740191ba0dd68d109ef9640041a40bd0
2017-07-31 18:31:52 -07:00
Eric Kao 211ca29f96 Fix CrossProjectNetwork lib policy
Removed column references in non-datasource tables. Not allowed.

Also renames file name from - to _ to follow convention.

Also limits rule comment to max length of 255 chars per schema/database limit

Change-Id: I306b43a53e435d27560a5438fdec4ced399735cf
2017-07-31 18:28:17 -07:00
Eric Kao 2ee5fda883 Fix syntax and reference in lib policy volume encryption
Missing , fixed.
Missing policy reference fixed.

Change-Id: I6e98687022903bc65d572fe706ec19f9f021e76a
2017-07-30 21:25:06 -07:00
Eric Kao 5b1ac4f0ae Fix network gateway lib policy syntax
Removed extra trailing '

Change-Id: I7db5f7cb49b82b27c411dea76b53d849a955f048
2017-07-30 21:16:38 -07:00
Jenkins a2b63ca164 Merge "add server utilization policy" 2017-07-25 23:39:11 +00:00
Jenkins 79205d0a50 Merge "Add cross project network policy" 2017-07-25 23:05:54 +00:00
Jenkins 63ce1aba20 Merge "Split disallowed flavor policy into monitor and remediation" 2017-07-25 21:16:58 +00:00
Eric Kao 9498f70111 add server utilization policy
Partial-Bug: 1669948
Change-Id: I3df9e6b61728939102a0a598582073192cd159d5
2017-07-25 13:57:01 -07:00
Eric Kao 9203c09d4f Add cross project network policy
Partial-Bug: 1669948

Change-Id: I5938bde60cd35d6f261e88175e01be3ded0ab99f
2017-07-25 13:54:49 -07:00
Jenkins b279e3bf2e Merge "add security groups and unsafe traffic policies" 2017-07-25 20:06:36 +00:00
Jenkins 127b685c5f Merge "Add network gateway policy" 2017-07-25 20:06:30 +00:00
Jenkins f2bb5917b0 Merge "add volume encryption policies" 2017-07-25 20:06:24 +00:00
Eric Kao c7e13f4947 Split disallowed flavor policy into monitor and remediation
Some users want the monitoring but not the remediation

Partially implements: blueprint policy-library
Partial-Bug: 1669948

Change-Id: Id14b2148f6ce41e9ffbd23d403fb4d5ebfb840da
2017-07-25 19:13:50 +00:00
Eric Kao bd877fe918 add security groups and unsafe traffic policies
policy that classifies security groups and extends to
network ports and compute instances.

flags security groups labeled as secure that nonetheless
allow unsafe traffic.

Partially implements: blueprint policy-library
Partial-Bug: 1669948

Change-Id: I779493a1dcf4eb4b09d2f9c28a730edd5365cfc7
2017-07-20 16:48:44 -07:00
Eric Kao fff4b24a4b Add network gateway policy
Partially implements: blueprint policy-library
Partial-Bug: 1669948

Change-Id: I805f7347258fcdf034fc345d193096607765c851
2017-07-20 15:50:50 -07:00
Eric Kao 63127e7ad3 add volume encryption policies
Partially implements: blueprint policy-library
Partial-Bug: 1669948

Change-Id: I0ec9cd6b946d453c4dedf2b9f32c541a9ffe9787
2017-07-18 23:12:32 -07:00
Eric Kao c4a1844a27 Add disallowed images policy to library
Partially implements: blueprint policy-library
Partial-Bug: 1669948

Change-Id: I0fb306ea2e0be84f1a75b6a951aba471bb3cd6d4
2017-07-18 13:17:59 -07:00
Eric Kao 842bafdb7f fix YAML format in library policy
Change-Id: Idaa6782eed8b0e26a9dd55fbf87ae78f650fc22d
2017-07-12 15:53:46 -07:00
Eric Kao cd9aa33451 Automatically load library policy files at start
harness.py loads library policy from disk files to DB

uniqueness constraint added on library policy name.

devstack plugin updated to install library policy files
to default location

updated congress stand-alone install instruction

Partially implements: blueprint policy-library
Closes-Bug: 1693619
Closes-Bug: 1693672

Change-Id: I51097081f6576755751231feb5ed2b0be642d91e
2017-07-06 17:45:19 -07:00
Tim Hinrichs 1c1f39d243 Add initial policy library
Change-Id: I2dbe3b06421f97785b63e10684c60396697d43f1
2017-04-07 18:11:01 -07:00