Nova API microversion 2.92 removed the ability to generate a private
key. The user or client is now responsible for generating the key pair.
Start doing that using cryptography, which is in our requirements
(unlike paramiko, which nova uses).
included:
https://review.opendev.org/c/openstack/ec2-api/+/857880https://review.opendev.org/c/openstack/ec2-api/+/859192
Change-Id: I0032de8cd779beafbd6848a2aecbcb6455e8eada
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
- bump version from 2 to 3 for cinderclient
- update aws ec2 interface for create_colume and
create_network_interface. add cilent_token param
- fix describe network interface - something was
changed in neutron ports output
- set metadata port for OVN conf file also
Change-Id: Ie3e5a5930d5a8159050ecc0900239935558dddd7
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
Remove hacking and friends from lower-constraints, it's not needed
there.
Change-Id: I48fcd2521d99d0b77b976e87cc638fe5ac051315
If rules are created or searched with full permissions (ports 1 - 65535),
they are created or found with "null" ports
instead of (ports 1 - 65535).
Depends-On: I24d1a0016f76f6813a9f62294e7eeb9785fa711b
Change-Id: Ic3fbe89720135039ba2c2afaebf3fafebac4d7e3
If floating ip is on a port attached to devices other than a nova
compute instance, (e.g. it is attached to a loadbalancer) ignore it.
Change-Id: Icda92f0f4b5246aebb082cf48bef751d9e6df2ba
We want to default to running all tox environments under python 3, so
set the basepython value in each environment.
We do not want to specify a minor version number, because we do not
want to have to update the file every time we upgrade python.
We do not want to set the override once in testenv, because that
breaks the more specific versions used in default environments like
py35 and py36.
Change-Id: Id2964291cd5e56af09f84d1aeab8138c10f9758f
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This change allows for the EC2 API call to RegisterImage to support
external URLS provided for the "ImageLocation" parameter:
https://docs.aws.amazon.com/cli/latest/reference/ec2/register-image.html
It enforces that all standards defined there are adhered to
This changes affects RegisterImage from S3 Bucket, requiring
that the "ImageLocation" for it begin with an "s3://" (case-insensitive).
Change-Id: I2a5e93de68b1a654418781fc77369d91dd17dd48
Signed-off-by: Tyler Parcell <Parcell.Tyler@gmail.com>
The commit I34b12b96de3ea21beaf935ed8a9f6bae2fe0d0bc and
Ib384ae8130dcc6cbd47a837d11ca171ce02ef29e introduced the
deprecated oslo_utils.timeutils.isotime() is deprecated
as of 1.6.
The deprecation message says to use the datetime.datetime.isoformat()
instead, but the format of the string generated by isoformat isn't
the same as the format of the string generated by isotime. The string
is used in tokens and other public APIs and we can't change it
without potentially breaking clients.
So the workaround is to copy the current implementation from
oslo_utils.timeutils.isotime() to ec2api.api.ec2utils.
For more informations:
https://docs.openstack.org/oslo.utils/latest/reference/timeutils.html
Change-Id: Id62fb53264b04a7ea6ae3035a129353c5cfa040a
Closes-Bug: #1461251
when two clients come for functions where check_default_vpc
is present then one goes to create default vpc and other fails.
it fails because vpc with is_default flag is already in DB
but children objects (like subnets) are not yet created.
For we will lock check_default_vpc function.
Another way is to rework _create_vpc. It can create VPC
without is_default flag. And at the end it can set the flag.
First thread will pass this. And second thread will fail at flag set
operation and will revert all created object. Then second thread
can check presence of default VPC again.
This way is better cause it can work across several controllers.
Change-Id: I5586fa234257b72721e328a9fa2375a56d1553c2
cinder introduced a new status 'reserved' for volume.
It means that volume has reserved for attaching.
Cause AWS doesn't know such status then we need to convert
it to status 'attaching'.
Change-Id: I84ee29eefc8a9db3982c61820e2cf72a56946132
keystoneclient.session has been long deprecated in favor of
keystoneauth1.session. This change corrects the import to use
keystoneauth1.session instead of keystoneclient.session.
Change-Id: I4a0992c5dd171975fd561d4472cb0c1d24592e8a
ignore 'tags' field when compare openstack sg rule with ec2
Change-Id: If1076c3e9d4fb84dc524450da5a9d7912f4ffbde
Depends-On: I9377e988fbdc822df46e91c0db6c8012697bc2ee
replacement of functions performed earlier with nova-cert service
function decrypt_text copied from novaclient to image api
certificates in devstack for uploading image to s3 are created by openssl
Change-Id: Ibf7b90ea29085656005317c4aa0fd96f3313da0c
The i18n team has decided not to translate the logs because it seems
like it not very useful; operators prefer to have them in English so
that they can search for those strings on the internet.
Since we have removed log translations completely, we should add hacking
rule to prevent future mistakes.
Change-Id: Ia7524308ef2675f8d41ac80b37dfc7e3787efd90
removed NovaEngine in addresses, availability_zones, instances, security_groups
removed unit tests for NovaEngine
disabled some unit tests using NovaEngine for further reworking
Closes-bug: #1691484
Change-Id: I662d5b57b9e46be80c1d2093038ada83897565eb
The i18n team has decided not to translate the logs because it seems
like it not very useful; operators prefer to have them in English so
that they can search for those strings on the internet.
See http://lists.openstack.org/pipermail/openstack-dev/2017-March/thread.html#113365.
Change-Id: I4418a388934ef58acb70c7f637b0236a6ccc7fe6
Closes-Bug: #1682101
1.As mentioned in [1], we should avoid using six.iteritems to achieve
iterators. We can use dict.items instead, as it will return iterators
in PY3 as well. And dict.items/keys will more readable.
2.In py2, the performance about list should be negligible, see the
link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: Ib7ad61bac89e14561719434085b63cbad7e9a9be
Nova engine works incorrect in case when describe is using in metadata.
Security-group-list in nova cannot be filtered by tenant,
listing all secgroups in case of big amount of groups can be slow
and may have limitations in number.
Co-Author: tikitavi <rtikitavi@gmail.com>
Change-Id: I199b0f4f4febad4c23a0d8968f7858763bcbf00c
Closes-Bug: #1660888
current devstack deploys glance version '2' only.
use it.
messages in keystone's exceptions was changed.
fix unit tests that checks it.
Change-Id: I7ed1f0ff518efa374a5e3b693c5785958c77340d
allocate-address without parameters allocate it in default vpc
associate and disassociate address in default vpc can be done by
public ip
release address in default vpc automatically disassociate it from
instance
add unit tests
Change-Id: I44b1aafdd6454805955871ff8076a6f6e81543ca
security groups in default vpc only
changed check_and_create_default_vpc function to return default vpc
fix unit test of describe_security_groups
Change-Id: I50bad4a6a7152eb03599e3985a43162c81500049