In Xena we have mangaed to move all policy checks to API layer,
now removing the dead code from policy and authorization layer
NOTE: Some of the code is still being used from policy layer,
hence keeping it there only at this moment.
Change-Id: Ibee749cde20687d8c243cf84ae80b4de67d8ef3d
This is a rather beefy change due to the number of usages of this
import. The changes are trivial though.
Change-Id: I7badeeaca438b0291f4ed86670e7f217e6372c61
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Made provision to pass image_id, request_id and user_id information
while creating new task.
Partially-Implements: blueprint messages-api
Change-Id: I299a222eeef81431143db3ba7fc08365c924326b
We would like to fully remove mox from the test tree. Even for tests
that don't use mox's validation, many of them are using the symbol
patching with self.stubs.Set. We can do the same thing with the
monkeypatch fixture instead.
This introduces self.stub_out to nova/test.py and an example of what a
stubs => stub_out change would look like.
The teardown function in the converted test was removed at the same
time, as those should no longer be used.
Part of the mox community goal for Rocky.
Change-Id: I8f471ff8fee600ebb4e8907bf240007b7b4fe59f
Signed-off-by: Chuck Short <chucks@redhat.com>
There are several places in the source code where
HTTP response codes are used as numeric values.
These values are used from six.moves and the
numeric values are replaced by constants.
All of the used status codes were replaced with symbolic constants
from six.moves.http_client.
More about six.moves.http_client can be found at [2],
under the table "Supported renames:".
Also, this change improves code readibility.
This patchset does not extract numeric values from
the code itself, but it can be found at [1].
[1]: Ib9e26dcea927e96e65c626c18421621d3a29a64d
[2]: https://pythonhosted.org/six/#module-six.moves
Change-Id: Idfc7b043552f428f01ac3e47b270ee0639a8f5bc
Closes-Bug: #1520159
This change introduces glance.common.timeutils that provides the
timeutils previously consumed from oslo_utils.
Oslo is deprecating some timeutils functionality which of Glance
depends on. Suggested replacement (isoformat) would break glance APIs
so it's cleaner to carry this functionality in Glance rather than
re-invent the wheel.
Co-Authored-By: Erno Kuvaja <jokke@usr.fi>
Co-Authored-By: Sabari Kumar Murugesan <smurugesan@vmware.com>
Change-Id: I91e1cc9a273249fd88749cecf21200f3f5e2bab1
The actual call is reactivate not activate. Therefore to stop the
internal server error occuring the activate needs to be renamed.
Change-Id: I9c74a3cd2bd460c6947477052af07838ef278d59
Closes-bug: 1515305
If a user tries to deactivate an image that is hosted by the admin that
has public visiblity, it will currently return a 500 error. This changes
that behaviour to return a Forbidden.
Closes-Bug: 1485940
Change-Id: Id7f645fc599e57f6c0842bba2b7a2f3db52784ae
The Oslo libraries have moved all of their code out of the 'oslo'
namespace package into per-library packages. The namespace package was
retained during kilo for backwards compatibility, but will be removed by
the liberty-2 milestone. This change removes the use of the namespace
package, replacing it with the new package names.
The patches in the libraries will be put on hold until application
patches have landed, or L2, whichever comes first. At that point, new
versions of the libraries without namespace packages will be released as
a major version update.
Please merge this patch, or an equivalent, before L2 to avoid problems
with those library releases.
Blueprint: remove-namespace-packages
https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages
Change-Id: Ifa8baab33cdb3e606cf175a8c29c3a4ef6c44480
The following replacements were done in unit tests to have
clearer messages in case of failure:
- assertTrue(* is None) with assertIsNone
- assertTrue(* is not None) with assertIsNotNone
- assertTrue(* in *) with assertIn
- assertTrue(* not in *) with assertNotIn
- assertFalse(* in *) with assertNotIn
- assertTrue(* == *) with assertEqual
- assertTrue(* != *) with assertNotEqual
Change-Id: I0c47f991c3974e441335e71c9d26fab8a127f2ca
Change I0b406e4662cfd3cb496b71be77ad10a90c178baa introduces a new
class TaskStub. This class is designed to be a subset of what a
task is in the domain layer: it doesn't contain input, message and
result. TaskStub should be used when listing tasks in order to avoid
extra-overhead of transporting these text fields.
As a result, the TaskDetails introduced by change
I0b406e4662cfd3cb496b71be77ad10a90c178baa doesn't need to exist.
With this patch, the domain layer contains Task and TaskStub instead
of Task, TaskStub and TaskDetails.
partially implements bp async-glance-workers
Change-Id: I2a20b0c5033c6920749370355c2d672dec707c28
Addressing bug 1307878, changes use of mutable lists and dicts as
default arguments and defaults them within the function. Otherwise,
those defaults can be unexpectedly persisted with the function between
invocations and erupt into mass hysteria on the streets.
To my knowledge there aren't known cases of the current use causing
specific issues, but needs addressing (even stylistically) to avoid
problems in the future -- ones that may crop up as extremely subtle or
intermittent bugs...or worse, security vulnerabilities.
In Glance's case there are ACL-related methods using this, so
although I haven't confirmed one way or the other yet, I've marked it
with SecurityImpact so that a more knowledgeable set of eyes can
review it in this context as well.
Closes-Bug: #1307878
SecurityImpact
Change-Id: Ic17c330eff701ff63701c0029b26db7093a1d73d
Partial Task patch, Id I4fbadc9a97e3147128c7c733384c7bb50918806f
removed the result and message vars of the Tasks class. However,
the succeed and fail methods were using those to update them
respectively. This patch introduces a new TaskStub class which
enables the PartialTask functionality without looking result
and message attrs of the Task class.
Fixes bug 1284975
Change-Id: I0b406e4662cfd3cb496b71be77ad10a90c178baa
Replace assertEqual(None, *) with assertIsNone in glance's
tests to have more clear messages in case of failure.
Also, replace assertTrue(* is not None) with assertIsNotNone
for the same reason.
Change-Id: If41a71bd750057c7136b03bef94c04517092134c
Closes-Bug: #1280522
- partial-task: Task that includes all the values except the 'Text'
columns(input, result & message).
- This patch is to have the database to return a partial-task list on users
invoking 'GET /v2/tasks'.
- Returning list of partial tasks will help in reducing the response time when the
user queries for the list of tasks.
- This patch also includes changes for making implementation and return values of
display task detail (GET /v2/tasks/{task_id}) and list tasks (GET /v2/tasks)
more explicit.
partially implements bp async-glance-workers
Change-Id: I4fbadc9a97e3147128c7c733384c7bb50918806f
Some of tests use different method of assertTrue(isinstance(A, B)) or
assertEqual(type(A), B). The correct way is to use assertIsInstance(A, B)
provided by testtools.
Change-Id: Ia8d38f73c159c7ef943a8f6cfe72b945cc493947
Closes-bug: #1268480
Every call to json.loads/json.dumps have been changed to
jsonutils.loads/jsonutils.dumps respectively. Import json has been removed
also replaced by import glance.openstack.common.jsonutils
654d80b416dc5f413cb791aa838ec8688bf7da44 Create openstack.common.jsonutils
Change-Id: I8ef580e5eb91526dfaef37050ce1f5c6d88d56b5
Closes-bug: #1257922
This commit makes the glance code base E125 and E126 compliant :
* E125 continuation line does not distinguish itself from next logical line
* E126 continuation line over-indented for hanging indent
Change-Id: I7120149bedb665fb66320498fe98948602a6cd52
Closes-bug: #1263437
- add REST API layer for async worker(tasks) to
support tasks operations.
- update to include sparse task for tasks.index
- add domain proxies for handling authorization,
policy enforce, notification while processing
task requests.
- add Task domain entity and TaskFactory to create
new Task domain entity objects.
- add integration test for testing tasks api
Co-authored-by: Fei Long Wang <flwang@cn.ibm.com>
Partially implement blueprint async-glance-workers
Change-Id: I072cbf351c06f59a7702733b652bfa63e5abbaa6
Includes:-
- Domain Task class
- Domain TaskFactory class
- DB TaskRepo class
- Necessary proxy classes for all of the above
- Tasks related exceptions
- Unit tests as applicable
Partially implement blueprint async-glance-workers
Change-Id: I619224bcc55b62303f3539454649528f2edc6e9d
Pass down the configure_via_auth value to the auth plugin to say whether or not
it should look in the service catalog for the glance registry endpoint. This
stops authentication by glance registry client from needlessly looking for an
"image" service endpoint when the user may not have it in their service catalog.
Fixes bug 1187888
Change-Id: I1c4a726ff0d6a345a27446500135f4f27cea5e39
Add additional case to the test glance.tests.unit.test.auth.required_creds,
to verify that plugin created without required
credential pieces raises an exception
Fixes: bug #1152009
Change-Id: I3fdd9224173bdb33a9bd2ab348e22675d735099f
Currently, KeystoneStrategy checks whether the required credentials are
present in the creds dict but it doesn't check whether they are valid or
not.
This patch checks whether the required creds are present and not None
otherwise a MissingCredentials exception will be raised.
Note: No need for checking parameters' values types since they'll be
instances of basestring once set otherwise they'll be None.
Fixes bug 1157765
Change-Id: I664a604c3cbf2fca60a88c4d887cd9a4b678c8a5
* The DB API now exposes a 'locations' image attribute rather than
'location'. The new field is guaranteed to be a list of zero of
more items
* The v1 and v2 APIs only look for the first item in the list of
locations.
* Related to bp multiple-image-locations
Change-Id: I830b383d8a8e50a01e461658fb9abe384de1a353
Only the owner of an image can add members to the image.
By default the status of the image member is requested.
The member can change the status of the image membership
to accepted or rejected. This is done to prevent spamming
the user's image list. A member cannot see the other members
of the image.
Related to bp glance-api-v2-image-sharing
Change-Id: I0d0deba4b0df52b2f8d105b779fb7de746229d3a
Adding image members to glance v2 api. A user can create image member,
list image members and delete image member for a given image.
Also adds the necessary authorization.
Related to bp glance-api-v2-image-sharing
Change-Id: Ifc0607d693f7b0218ebd7fc4824a64e9eba995b3
testtools.addCleanup is a more resilient way to perform cleanup activities,
as it will continue to clean things up even if there are unforseen problems.
Specifically, replace custom management of tempdirs with fixtures.TempDir
and replace tearDown methods that can be easily replaced with calls to
addCleanup in the setUp method. There are at least two temp dir creations that
did not have a corresponding cleanup in this patch, which is another reason
for using useFixture(fixtures.TempDir) instead of calls to mkdtemp.
Part of blueprint grizzly-testtools.
Change-Id: I4eb548010612bd5a8d30e8e2304fa66d3d5ffb7c
While doing this, remove some of the nose-isms, which don't play nicely.
Part of blueprint grizzly-testtools
Change-Id: I9ea398b25195ad5f9c5db876c3dbb49ef4a5ee99
This patch introduces domain objects that handle context-based
authorization checks. With this approach, we can eventually remove
ownership checks from the database apis.
Part of implementing bp:glance-domain-logic-layer
Change-Id: I30c7444220013f17dab6479f1b00f1598ab424d0
This patch refactors the get_endpoint function to make it more generic
and top level so that it can be more easily accessed and tested.
Adds service_type, endpoint_region, and endpoint_type options to
the get_endpoint function as well.
Added a new test suite specifically for get_endpoint.
The motivation for this change is that we'll need to be able to
parse the 'object-store' endpoint for each tenant in order to
enable multi-tenant storage in the swift storage backend.
Partially implements blueprint: swift-tenant-specific-storage
Change-Id: Icf773a1eb057fc9d65cf54890afa4638f2aee0b4
Pranali Deore