Retrieving that information for every network can take considerable time
on large deployments with large number of networks, and for some kinds
of network drivers (ovn binary) this will be always zero anyways.
This setting lets us disable that column to speed up the networks view.
Change-Id: I1f1561916067d3f4a02f10ec9f62e8ba777a1501
This patch adds support for MFA TOTP on openstack dashboard.
A new configuration variable OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED
was added false by default.
If enabled, users needing TOTP are prompted with a new form.
keystone doc: https://docs.openstack.org/keystone/latest/admin/auth-totp.html
Demonstration video : https://youtu.be/prDJJdFoMpM
Change-Id: I1047102a379c8a900a5e6840096bb671da4fd2ff
Blueprint: #totp-support
Closes-Bug: #2030477
The final revision of I86ac21bf82c1667135abd4f20fb4514da0899450 is buggy
and doesn't work.
This commit fixes it and adds a proper test.
Also, this commit updates the docs with a proper horizon version that
corresponds to Zed release (the feature was introduced before final Zed
cut so the author tried to guess the final release number).
Change-Id: Id921b69df13af3cc209236f0446d82dd30e4d8a2
This is follow-up of I8438bedaf7cead452fc499e484d23690b48894d9 and
ensures the OPENSTACK_ENDPOINT_TYPE parameter is used when
OPENSTACK_KEYSTONE_ENDPOINT_TYPE is not set. This avoids backward-
incompatible change which affects deployments with endpoint type set
to non-default values.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I94d2d3e31fc0103773fb5d3ed2f5f792e8851f78
The [1] changed the previous behavior of Horizon by
changing the hardcoded internal endpoint type to using
OPENSTACK_ENDPOINT_TYPE so it's no longer possible to use
internal endpoint type for Keystone but public for others.
This adds the OPENSTACK_KEYSTONE_ENDPOINT_TYPE config opt
to set the endpoint type for Keystone when grabbing it from
the service catalog.
[1] https://review.opendev.org/c/openstack/horizon/+/730781
Change-Id: I8438bedaf7cead452fc499e484d23690b48894d9
The new setting should allow an administrator to specify default user_data
for new VMs. The default user_data can be a string template that accepts
request object which has info about the user, so the default user_data can
be personalized.
Change-Id: I86ac21bf82c1667135abd4f20fb4514da0899450
The new settings ``LAUNCH_INSTANCE_DEFAULTS.enable_metadata`` and
``LAUNCH_INSTANCE_DEFAULTS.enable_net_ports`` allow to hide Metadata and
Network Ports tabs from launch instance workflow.
It is implemented in the similar way to existing enable_scheduler_hints
setting and doesn't change default behaviour
Change-Id: I3d1ae5ab6cee614dd2c400f66570e320efbe6100
As discussed in the horizon meetings or in horizon PTG sessions,
horizon team agreed to deprecate django version of Images, Keypair
and Roles panel as we think that feature gaps between the two
implementations have been closed. Let's mark the Django version as
deprecated for all these panels and gather more attention
from operators.
Change-Id: I965f9dbdd5e78b52a788f73b359c1c6fbc18637e
Since not all services are ready to use the system scope token,
we need a way to disable and enable the use of system scope
token on a per-service basis. This setting let us configure
which services should use the system scope token. By default
the list is empty and system scope token is not used at all.
Change-Id: I5e0cdc7288221571f183a37b800c19dc4cff5707
The Multiple Simultaneous Logins Control is a feature designed
for securing Horizon dashboard sessions. The default Horizon
configuration allows the same user to login several times
(e.g. different browsers) simultaneously, that is, the same user
can have more than one active session for Horizon dashboard. When
there is the need to control the active sessions that one user can
have simultaneously, it will be possible to configure the Horizon dashboard
to disallow more than one active session per user. When multiple simultaneously
sessions are disabled, the most recent authenticated session will be considered
the valid one and the previous session will be invalidated.
The following manual tests encompass both simulteaneous session control
configuration: 'allow' and 'disconnect' and were verified with this code
change before submitting it:
Test Plan:
PASS: Verify that a user is able to login to Horizon dashboard (when
configuration is 'disconnect')
PASS: Verify that a user is able to start a second Horizon dashboard
session and the first session is finished (when configuration is
'disconnect')
Failure Path:
PASS: Verify that when a user fails to authenticate a second Horizon
dashboard session the first session stills active (when configuration is
'disconnect')
Regression:
PASS: Verify that a user is able to login to Horizon dashboard (when
configuration is default: 'allow')
PASS: Verify that a user is able to start multiple simultaneous Horizon
dashboard sessions (when configuration is default: 'allow')
Implements: blueprint handle-multiple-login-sessions-from-same-user-in-horizon
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Co-authored-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I8462aa98398dd8f27fe24d911c9bfaa7f303eb93
horizon already deprecated launch instance Django based implementation
in the wallaby cycle [1]. This patch remove code for launch instance
Django based implementation as angular based implementation is the
default one from long and all features gaps between angular and Django
implementation is closed.
It also moves SetAdvanced step code to ``resize_instance.py`` as
``workflows/create_instance.py`` file is deleted and remove server_group
option from Advanced Options of resizing instance action because
"server_group" is not required while resizing an instance as per
nova-api reference [2].
Closes-Bug: #1869222
[1] https://review.opendev.org/c/openstack/horizon/+/779125
[2] https://docs.openstack.org/api-ref/compute/?expanded=resize-server-resize-action-detail#resize-server-resize-action
Change-Id: I5e01cd81f309491f1a58ea93911030366a86e3c7
horizon doc job is failing because sphinx 4.4.0 raise an error
for the hardcoded extlinks link [1]. This patch fixes those links
to unblock the doc gate job.
Closes-Bug: #1958290
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
[1] https://github.com/sphinx-doc/sphinx/pull/9800
Change-Id: Ica1a16522421a697efdab882afe6d9c08ff05e0b
This patch update default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE
to 'member' from '_member_'. If a user tries to create a new project now
it leads to "Could not find default role "_member_" in Keystone" error.
Also long time ago keystone-bootstrap changed the default member role
that is created to member from the legacy _member_ role. Any deployments
that might still be using _member_ should set this explicitly.
Closes-Bug: #1957173
Change-Id: I1fc7f44326b82ceb303f8d663ff0b42f0bdf7855
By using OPENSTACK_KEYSTONE_URL instead of the HTTP_REFERRER
the authentication request between Horizon and Keystone continues
to work in situations where the HTTP_REFERRER is an external keystone
endpoint that Horizon does not have access to.
Change-Id: I9c5c8d59c5f5a8570dbb563ae224d45406a73ba5
Closes-bug: #1874705
Add the LAUNCH_INSTANCE_DEFAULTS.default_availability_zone settings in
VM creation dashboard in order to let administrator select a default
availability zone instead of a random one when many are available.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I297ff7f3c8e725c24c7f7687786c784f61f5d4e2
As discussed in the horizon meeting, we think that feature gaps
between the two implementations have been closed. Let's mark
the Django version as deprecated and gather more attentions
from operators.
Change-Id: I55379c0897bad46decfabb443afe9439a31a3164
This commit allows horizon to handle deprecated policy rules.
The approach is explained in the document updated by this change.
oslo.policy requirement is updated. oslo.policy 3.2.0 is chosen
just because it is the first release in Victoria cycle.
requirements.txt and lower-constraints.txt are updated accordingly
including oslo.policy dependencies.
Change-Id: If5059d03f6bd7e94796065aa1b51c0c23ac85f5e
Part of the removal of OPENSTACK_NOVA_EXTENSIONS_BLACKLIST (3/3)
Clean up nova extensions related code in the API layer.
Change-Id: I9730095365342cac1023f4112bae4b3a28cdeaf7
This introduces a new setting OPENSTACK_USE_SIMPLE_TENANT_USAGE
as a replace of SimpleTenantUsage in OPENSTACK_NOVA_EXTENSIONS_BLACKLIST.
We received feedbacks on the need to control whether SimpleTenantUsage
is used or not, so we need a new setting before retiring
OPENSTACK_NOVA_EXTENSIONS_BLACKLIST.
Change-Id: Ib786ea2ac232fcd851f4b276b9144c14c0b62a0a
This commit clarify the plan on the removal of
OPENSTACK_NOVA_EXTENSIONS_BLACKLIST setting.
We received feedbacks that SimpleTenantUsage nova API feature can
affect the nova API performance in larger deployments like [1].
Stopping the usage of SimpleTenantUsage in horizon is a good workaround
and it was the main motivation we introduced this setting.
Considering the situation that nova dropped the extension mechanism,
I believe the right way is to introduce a new setting which controls
the usage of SimpleTenantUsage rather than keeping the blacklist setting.
The current deprecation notice does not explain the migration path.
This commit clarifies the current plan.
[1] https://review.opendev.org/#/c/743600/
Change-Id: I10fdbf23b56745b1be6497532530dd394c62ff29
Ceilometer support in osprofile was removed long ago[1] and no longer
available.
[1] 0bb909c7a039f17b957d920c93d366d89e581280
Change-Id: I11be3a2f854ac75ba5dc3fd82e84cb3d99f81034
+ Adds endpoint for listing available policies
+ Support to select a storage policy for new containers
+ Display container storage polcy on dashboard.
Change-Id: I588452fd5d6417859f5dd19ccedcb18f420ab646
This reverts commit 4e911e2889.
We don't need this change on the latest master. I'm unable to reproduce
an original bug without this patch.
Closes-Bug: #1834167
Change-Id: Iaffdb64fb0bc58525554ac9d40d2aeadb0876ffd
This introduces a new config option `DEFAULT_BOOT_SOURCE` to allow
operators to configure a default instance boot source.
Change-Id: Ia9b0d1d24ae69958b6606b9a645bd54f70b3aacc
Implements: blueprint default-instance-boot-source
All of the nova API extensions have been mainlined several releases ago
and there is no potential performance issue in the nova API.
This option is used only to toggle features in horizon and
there seems no performance issues controlled by the option in horizon.
Considering this situation, this option is deprecated now.
Change-Id: If8e58e8324bad919ea45d0ccb10e21371d97f470
The keystone doesn't use 5000 port anymore from Newton version. And all
the references should be changed together.
Change-Id: I3f02686ab5b3abf48f129fde92e90427ca148317
neutron supports the qutoas API from long ago and most deployments
are expected to enable the neutron quotas support in horizon.
This commit changes the default value of enable_quotas in
OPENSTACK_NEUTRON_NETWORK to True.
Part of blueprint ini-based-configuration
Change-Id: I5923f08752e6a5ccd4c9cf2fa1deb6c879111f43
Keystone V2 API was deprecated in Stein release in Horizon and
removed from Keystone in Queens release.
Change-Id: I917e273d3174adf0874e516b3d635ccb8ba58a27
Kubernetes can use OpenStack application credentials for authentication.
Generate a kubeconfig file and make it available to download along with the
openrc and clouds.yaml files.
blueprint kubernetes-config-gen
Change-Id: I298370e7abf4f0d480bd5199060f24bab6d6daaa
Set absolute paths in the LOCALE_PATHS configuration param to allow
Django work with current supported locales.
Change-Id: I62fffe04860b7b4b63f227ad99729ab4e8384d8f
Related-Bug: #1818639
Closes-Bug: #1830886
SHOW_KEYSTONE_V2_RC is deprecated since Stein release and it's safe
to remove it now.
Keystone v2 support removal will be implemented in a follow up patch.
Change-Id: Ib3098789a3aef47f4f4b84fd56f03376ce2ea96f
Cinder API v3 is a default version for Horizon so we need
to use it in the documentation.
data-processing API version is removed from the Horizon
documentation since it's availale in a separate plugin.
Change-Id: I5f178b70f73c23f8220f44a418eec689f0bc3b1c
Add RBAC Policies panel to support Role-Based Access Control
functionality.
Implements: blueprint rbac-policies
Change-Id: I883ad629d735dadf49e8bf9c50475050fdfcf797