Nova API microversion 2.92 removed the ability to generate a private
key. The user or client is now responsible for generating the key pair.
Start doing that using cryptography, which is in our requirements
(unlike paramiko, which nova uses).
included:
https://review.opendev.org/c/openstack/ec2-api/+/857880https://review.opendev.org/c/openstack/ec2-api/+/859192
Change-Id: I0032de8cd779beafbd6848a2aecbcb6455e8eada
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
- bump version from 2 to 3 for cinderclient
- update aws ec2 interface for create_colume and
create_network_interface. add cilent_token param
- fix describe network interface - something was
changed in neutron ports output
- set metadata port for OVN conf file also
Change-Id: Ie3e5a5930d5a8159050ecc0900239935558dddd7
the in_() operator accepts a list or other non-string sequence.
the error message indicates that a plain string is being passed
which is invalid. 1.3 erroneously allows this to silently pass,
producing a useless expression:
>>> print(column('q').in_('fake-string'))
q IN (:q_1, :q_2, :q_3, :q_4, :q_5, :q_6, :q_7, :q_8, :q_9, :q_10, :q_11)
1.4 correctly detects this error.
Change-Id: I43dd37f975b49de21cd34bbc8ce9378e09e88420
Currently ec2api uses the volume v2 API by default, but v2 API was
deprecated a while ago and will be removed fron cinder shortly.
This patch ensures that ec2api uses the volume v3 API instead by
default.
Closes-Bug: #1908993
Change-Id: I280d3c009893c67d215b0c7106eec7fe2435c335
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Iadefcc287b8557723a9bebc816080cf65636686b
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
Remove hacking and friends from lower-constraints, it's not needed
there.
Change-Id: I48fcd2521d99d0b77b976e87cc638fe5ac051315
If rules are created or searched with full permissions (ports 1 - 65535),
they are created or found with "null" ports
instead of (ports 1 - 65535).
Depends-On: I24d1a0016f76f6813a9f62294e7eeb9785fa711b
Change-Id: Ic3fbe89720135039ba2c2afaebf3fafebac4d7e3
It looks like something has changed in mock 3.x, resulting in some
functions that are wrapped by mock not being called or being called
incorrectly. This breaks some of the assertions we have. There is almost
certainly a bug (or is it a feature, who knows) but the fact is these
tests were extremely tightly coupled to the implementation and probably
didn't need to be. Stop attempting to spy on them and resolve the issue.
We also start using 'assert_not_called' since that's available in mock
3.x.
Change-Id: I06dddc4eba36f80398732ab4f2b7cbc4d7717a00
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-Bug: #1831870
If floating ip is on a port attached to devices other than a nova
compute instance, (e.g. it is attached to a loadbalancer) ignore it.
Change-Id: Icda92f0f4b5246aebb082cf48bef751d9e6df2ba
This change allows for the EC2 API call to RegisterImage to support
external URLS provided for the "ImageLocation" parameter:
https://docs.aws.amazon.com/cli/latest/reference/ec2/register-image.html
It enforces that all standards defined there are adhered to
This changes affects RegisterImage from S3 Bucket, requiring
that the "ImageLocation" for it begin with an "s3://" (case-insensitive).
Change-Id: I2a5e93de68b1a654418781fc77369d91dd17dd48
Signed-off-by: Tyler Parcell <Parcell.Tyler@gmail.com>
The commit I34b12b96de3ea21beaf935ed8a9f6bae2fe0d0bc and
Ib384ae8130dcc6cbd47a837d11ca171ce02ef29e introduced the
deprecated oslo_utils.timeutils.isotime() is deprecated
as of 1.6.
The deprecation message says to use the datetime.datetime.isoformat()
instead, but the format of the string generated by isoformat isn't
the same as the format of the string generated by isotime. The string
is used in tokens and other public APIs and we can't change it
without potentially breaking clients.
So the workaround is to copy the current implementation from
oslo_utils.timeutils.isotime() to ec2api.api.ec2utils.
For more informations:
https://docs.openstack.org/oslo.utils/latest/reference/timeutils.html
Change-Id: Id62fb53264b04a7ea6ae3035a129353c5cfa040a
Closes-Bug: #1461251
when two clients come for functions where check_default_vpc
is present then one goes to create default vpc and other fails.
it fails because vpc with is_default flag is already in DB
but children objects (like subnets) are not yet created.
For we will lock check_default_vpc function.
Another way is to rework _create_vpc. It can create VPC
without is_default flag. And at the end it can set the flag.
First thread will pass this. And second thread will fail at flag set
operation and will revert all created object. Then second thread
can check presence of default VPC again.
This way is better cause it can work across several controllers.
Change-Id: I5586fa234257b72721e328a9fa2375a56d1553c2
ec2-api jobs have been switched to use
ec2api-tempest-plugin for ec2-api tests, so
we can remove the in-tree tempest tests now.
Change-Id: I82ace9ebd1ca5216c2e3fc3d75f07146417ebf94
ec2api tempest plugin is ready to use for testing the
ec2-api in gate.
This patch moves the 'ec2-api-functional-neutron-full' job
to run test from plugin.
After this we can remove the in-tree ec2-api tempest plugin.
Change-Id: I87698147d644b615f5941db5a6bf4810e9110a58
cinder introduced a new status 'reserved' for volume.
It means that volume has reserved for attaching.
Cause AWS doesn't know such status then we need to convert
it to status 'attaching'.
Change-Id: I84ee29eefc8a9db3982c61820e2cf72a56946132
Modify the ec2api.tests.functional.api.test_images.ImageTest.test_check_simple_image_attributes test case to allow AMI image types.
Change-Id: Idc94f84977dacaf9e2a3d3968288bc4396507fff
Closes-Bug: #1710597
replacement of functions performed earlier with nova-cert service
function decrypt_text copied from novaclient to image api
certificates in devstack for uploading image to s3 are created by openssl
Change-Id: Ibf7b90ea29085656005317c4aa0fd96f3313da0c
The i18n team has decided not to translate the logs because it seems
like it not very useful; operators prefer to have them in English so
that they can search for those strings on the internet.
Since we have removed log translations completely, we should add hacking
rule to prevent future mistakes.
Change-Id: Ia7524308ef2675f8d41ac80b37dfc7e3787efd90
if configured adds the resulting metadata tree to the cache and
upon next request retrieves the data from the cache
reduces the time of the second and subsequent sequential requests
to the metadata approximately from 2.5 seconds to 0.1
Change-Id: Ia1408f6ef407eb97db1789b5b60d6b36b162ba4d
removed NovaEngine in addresses, availability_zones, instances, security_groups
removed unit tests for NovaEngine
disabled some unit tests using NovaEngine for further reworking
Closes-bug: #1691484
Change-Id: I662d5b57b9e46be80c1d2093038ada83897565eb
[1] moves the attr decorator from test.py to tempest/lib. So, all the
references to tempest.test has to be moved to tempest.lib.decorator.
[2] https://review.openstack.org/#/c/456236/
Change-Id: I03287250a614c8df328cfaccdbee68aa159964a9
1.As mentioned in [1], we should avoid using six.iteritems to achieve
iterators. We can use dict.items instead, as it will return iterators
in PY3 as well. And dict.items/keys will more readable.
2.In py2, the performance about list should be negligible, see the
link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: Ib7ad61bac89e14561719434085b63cbad7e9a9be
Nova engine works incorrect in case when describe is using in metadata.
Security-group-list in nova cannot be filtered by tenant,
listing all secgroups in case of big amount of groups can be slow
and may have limitations in number.
Co-Author: tikitavi <rtikitavi@gmail.com>
Change-Id: I199b0f4f4febad4c23a0d8968f7858763bcbf00c
Closes-Bug: #1660888
current devstack deploys glance version '2' only.
use it.
messages in keystone's exceptions was changed.
fix unit tests that checks it.
Change-Id: I7ed1f0ff518efa374a5e3b693c5785958c77340d
Tempest has provided stable library remote_client under tempest.lib
since the commit Idb2206c239f25bc8b8530275e84c834233b9544b
This patch switches to use it.
Change-Id: I5972f53f05afaf73c3d96aa9d4352afe320b4f69
Tempest provides stable library interfaces under tempest.lib.
This patch switches to use it for data_utils.
Change-Id: Icc562ededf2282d4a5abd44814d403a43cfc1e48