Nova API microversion 2.92 removed the ability to generate a private
key. The user or client is now responsible for generating the key pair.
Start doing that using cryptography, which is in our requirements
(unlike paramiko, which nova uses).
included:
https://review.opendev.org/c/openstack/ec2-api/+/857880https://review.opendev.org/c/openstack/ec2-api/+/859192
Change-Id: I0032de8cd779beafbd6848a2aecbcb6455e8eada
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The target value is exactly same as the default defined in oslo.log,
thus this override is just redundant.
Change-Id: Ib386df2d8abf561c5b1c266f4c64d544e93c5d62
- bump version from 2 to 3 for cinderclient
- update aws ec2 interface for create_colume and
create_network_interface. add cilent_token param
- fix describe network interface - something was
changed in neutron ports output
- set metadata port for OVN conf file also
Change-Id: Ie3e5a5930d5a8159050ecc0900239935558dddd7
the in_() operator accepts a list or other non-string sequence.
the error message indicates that a plain string is being passed
which is invalid. 1.3 erroneously allows this to silently pass,
producing a useless expression:
>>> print(column('q').in_('fake-string'))
q IN (:q_1, :q_2, :q_3, :q_4, :q_5, :q_6, :q_7, :q_8, :q_9, :q_10, :q_11)
1.4 correctly detects this error.
Change-Id: I43dd37f975b49de21cd34bbc8ce9378e09e88420
Currently ec2api uses the volume v2 API by default, but v2 API was
deprecated a while ago and will be removed fron cinder shortly.
This patch ensures that ec2api uses the volume v3 API instead by
default.
Closes-Bug: #1908993
Change-Id: I280d3c009893c67d215b0c7106eec7fe2435c335
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Iadefcc287b8557723a9bebc816080cf65636686b
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
Remove hacking and friends from lower-constraints, it's not needed
there.
Change-Id: I48fcd2521d99d0b77b976e87cc638fe5ac051315
If rules are created or searched with full permissions (ports 1 - 65535),
they are created or found with "null" ports
instead of (ports 1 - 65535).
Depends-On: I24d1a0016f76f6813a9f62294e7eeb9785fa711b
Change-Id: Ic3fbe89720135039ba2c2afaebf3fafebac4d7e3
It looks like something has changed in mock 3.x, resulting in some
functions that are wrapped by mock not being called or being called
incorrectly. This breaks some of the assertions we have. There is almost
certainly a bug (or is it a feature, who knows) but the fact is these
tests were extremely tightly coupled to the implementation and probably
didn't need to be. Stop attempting to spy on them and resolve the issue.
We also start using 'assert_not_called' since that's available in mock
3.x.
Change-Id: I06dddc4eba36f80398732ab4f2b7cbc4d7717a00
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-Bug: #1831870
If floating ip is on a port attached to devices other than a nova
compute instance, (e.g. it is attached to a loadbalancer) ignore it.
Change-Id: Icda92f0f4b5246aebb082cf48bef751d9e6df2ba
We want to default to running all tox environments under python 3, so
set the basepython value in each environment.
We do not want to specify a minor version number, because we do not
want to have to update the file every time we upgrade python.
We do not want to set the override once in testenv, because that
breaks the more specific versions used in default environments like
py35 and py36.
Change-Id: Id2964291cd5e56af09f84d1aeab8138c10f9758f
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This change allows for the EC2 API call to RegisterImage to support
external URLS provided for the "ImageLocation" parameter:
https://docs.aws.amazon.com/cli/latest/reference/ec2/register-image.html
It enforces that all standards defined there are adhered to
This changes affects RegisterImage from S3 Bucket, requiring
that the "ImageLocation" for it begin with an "s3://" (case-insensitive).
Change-Id: I2a5e93de68b1a654418781fc77369d91dd17dd48
Signed-off-by: Tyler Parcell <Parcell.Tyler@gmail.com>
The commit I34b12b96de3ea21beaf935ed8a9f6bae2fe0d0bc and
Ib384ae8130dcc6cbd47a837d11ca171ce02ef29e introduced the
deprecated oslo_utils.timeutils.isotime() is deprecated
as of 1.6.
The deprecation message says to use the datetime.datetime.isoformat()
instead, but the format of the string generated by isoformat isn't
the same as the format of the string generated by isotime. The string
is used in tokens and other public APIs and we can't change it
without potentially breaking clients.
So the workaround is to copy the current implementation from
oslo_utils.timeutils.isotime() to ec2api.api.ec2utils.
For more informations:
https://docs.openstack.org/oslo.utils/latest/reference/timeutils.html
Change-Id: Id62fb53264b04a7ea6ae3035a129353c5cfa040a
Closes-Bug: #1461251
when two clients come for functions where check_default_vpc
is present then one goes to create default vpc and other fails.
it fails because vpc with is_default flag is already in DB
but children objects (like subnets) are not yet created.
For we will lock check_default_vpc function.
Another way is to rework _create_vpc. It can create VPC
without is_default flag. And at the end it can set the flag.
First thread will pass this. And second thread will fail at flag set
operation and will revert all created object. Then second thread
can check presence of default VPC again.
This way is better cause it can work across several controllers.
Change-Id: I5586fa234257b72721e328a9fa2375a56d1553c2
ec2-api jobs have been switched to use
ec2api-tempest-plugin for ec2-api tests, so
we can remove the in-tree tempest tests now.
Change-Id: I82ace9ebd1ca5216c2e3fc3d75f07146417ebf94
ec2api tempest plugin is ready to use for testing the
ec2-api in gate.
This patch moves the 'ec2-api-functional-neutron-full' job
to run test from plugin.
After this we can remove the in-tree ec2-api tempest plugin.
Change-Id: I87698147d644b615f5941db5a6bf4810e9110a58
current version of migration API doesn't allow to
pass several commands to one execute
Depends-On: I9f1f39b30d43dc16a474febcf6549cf1901732ec
Change-Id: I0a74c87c4c782a7a26aa0e67fada994cb3e31434
cinder introduced a new status 'reserved' for volume.
It means that volume has reserved for attaching.
Cause AWS doesn't know such status then we need to convert
it to status 'attaching'.
Change-Id: I84ee29eefc8a9db3982c61820e2cf72a56946132
When ec2-api-metadata and nova-api are using the same
memcached server as a cache backend, the cached values
get intermixed due to the fact that the cache keys are
the same. The result is that either nova-api or
ec2-api-metadata will report cache value errors.
This commit fixes this potential problem by using
a different cache key prefix for the ec2-api metadata
entries.
Change-Id: Ibd26b33b3370d5c9c6cca0bb6e0d9c9eb03c0d50
Closes-Bug: #1717494
keystoneclient.session has been long deprecated in favor of
keystoneauth1.session. This change corrects the import to use
keystoneauth1.session instead of keystoneclient.session.
Change-Id: I4a0992c5dd171975fd561d4472cb0c1d24592e8a
Modify the ec2api.tests.functional.api.test_images.ImageTest.test_check_simple_image_attributes test case to allow AMI image types.
Change-Id: Idc94f84977dacaf9e2a3d3968288bc4396507fff
Closes-Bug: #1710597