Cinder v2 API is deprecated since pike release. Along with the removal
of cinder v2 API support in cinderclient (change I335db5c1799e drops
v2 support), this commit drops cinder v2 support in horizon.
The next release of python-cinderclient drops v2 support,
so horizon needs to use v3 classes.
Includes a workaround in unit tests for two cinderclient.v3 classes
that are missing in the cinderclient releases prior to 8.0.0. The
workaround can be removed once cinderclient change I335db5c1799edb2
is merged and released.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Iab0f097fab6696462572dc6ea53767c91e5411b1
All strings are considered as unicode strings in python 3,
so we no longer need "u" prefix (u'...').
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I796d2fcdca066475bbf29d25cbf2aa67b2b2178b
Kyestone V2 support was removed in Train, so it's safe to do such cleanup.
* Functions which just return horizon settings are dropped and
the settings are referred directly now.
* The service catalog in the sample test data is updated to match
the format of the keystone API v3.
* Related to the above change of the sample service catalog,
openstack_dashboard.test.unit.api.test_keystone.ServiceAPITests is
updated to specify the region name explicitly because 'RegionTwo'
endpoint is no longer the second entry of the endpoint list in the
keystone API v3.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Ib60f360c96341fa5c618595f4a9bfdfe7ec5ae83
This feature was added in Keystone V3 API. Proposed patch adds support
to Horizon
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Closes-bug: #1766485
Change-Id: Ic20a58c76826d703b43fa6a2d77ae5f77dcda1f4
The keystone doesn't use 5000 port anymore from Newton version. And all
the references should be changed together.
Change-Id: I3f02686ab5b3abf48f129fde92e90427ca148317
In the users tab of the project details view, the users
table displays now the users which have a role on the project
through a group. ie: if a group is member of the project, and
if a user is a member of this group, then it will be displayed
in the table even if it is not directly a member of the project.
An extra column is added to the table: "role from group" which
display the list of "role(group)" the user has on the project.
To be able to test the membership of user to a project through
a group, "user_group_membership" data has been added to keystone
data.
Change-Id: I968bad7d285acfaf7a8ccd7458593bbcad498ce2
Partial-Bug: #1785263
We no longer use port 35357 for keystone v3 API admin operation
and it is recommended to use port 5000.
This commit updates keystone catalog for keystone v3 API.
It also replace keystone v2 URL with v3 one.
Note that keystone v2 data is kept as-is.
Change-Id: Ia152d602b80ae418e0020b3ba30a11016a83da6a
This patch adds support for creating application credentials in
keystone[1]. Application credentials can be created by any user for
themselves. An application credential is created for the currently
selected project. A user may provide their own secret for the application
credential, or may allow keystone to generate a secret for them. After
the application credential is created, the secret is revealed once to
the user. At that point they may download a clouds.yaml or openrc file
that contains the application credential secret and will enable them to
use it to authenticate. The secret is not revealed again.
[1] https://docs.openstack.org/keystone/latest/user/application_credentials.html
bp application-credentials
Depends-On: https://review.openstack.org/557927
Depends-On: https://review.openstack.org/557932
Change-Id: Ida2e836cf81d2b96e0b66afed29a900c312223a4
Cinder API v3 was introduced several releases ago and is backward
compatible with API v2 so it's safe to swith to use it.
Change-Id: I550e6c59bb14c17da78d7b2abcde5783b2b6825d
Closes-Bug: #1728761
Orchestration tab in the admin info panel needs a discussion.
It seems not to be covered by heat-dashboard yet.
blueprint heat-dashboard-split-out
Change-Id: I56e6edb1f2ac72e2f42d0e9f3291308e67f24cad
attribute-level imports are not checked by hacking module now.
most noqa is used to disable warnings on attribute-level imports.
This commit drops noqa for this purpose.
After this, there are only 3 noqa under openstack_dashboard/ :)
Change-Id: I4a449802f5dbd6e44e4b8b5c378a555d47d9a99f
The description for the OPENSTACK_KEYSTONE_DEFAULT_DOMAIN django
variable claims it refers to the ID of the domain. However, the
authenticate method of django_openstack_auth explicitly uses the name
when it requests a token[1], and when multidomain support is enabled
the user is asked for the domain name, not ID. If the operator tries to
set this variable to the ID of any domain besides keystone's own
Default domain, login will fail with "Could not find domain: <domain
ID>" in the keystone logs. This patch forces horizon to use the
variable as a name instead of an ID and updates the comment, so that
everything using this variable is consistent with each other.
This wasn't caught before because the unit tests were only testing
against the default domain, so this patch also adds a second, enabled,
non-default mock domain to test with.
[1] http://git.openstack.org/cgit/openstack/django_openstack_auth/tree/openstack_auth/backend.py?h=2.4.1#n148
Change-Id: I4d16f831c9fc446859c9fb964b7609d5a76338fe
This works around an issue where certain backends (e.g. LDAP)
did not provide a group name, only ID, which would cause most
identity management tasks in Horizon to fail. If no name is
provided, the ID is duplicated as the group name.
Change-Id: Iea87abf38d26cb2baff43521c7dd2ae0a00e9997
Closes-Bug: #1593571
Since large Glance images even temporarily stored on dashboard side
tend to fill up Web Server filesystem, it is desirable to route image
payload directly to Glance service (which usually streams it to
storage backend, which in turn has plenty of space).
To make it possible we need to trick Django into thinking that a file
was selected inside FileInput, while its contents are not actually
transferred to Django server. Then, once image is created client-side
code needs to know the exact url the image payload needs to be
transferred to. Both tasks are solved via using ExternalFileField /
ExternalUploadMeta classes which allow to work around the usual Django
form processing workflow with minimal changes to CreateImage form
business logic.
The client-side code relies on CORS being enabled for Glance service
(otherwise browser would forbid the PUT request to a location
different from the one form content came from). In a Devstack setup
you'll need to edit [cors] section of glance-api.conf file, setting
`allowed_origin` setting to the full hostname of the web server (say,
http://<HOST_IP>/dashboard) and restart glance-api process.
A progress bar is implemented to track the progress of a file upload,
in case a really huge image is transferred.
The new machinery could be easily switched on/off with a single
setting `HORIZON_IMAGES_UPLOAD_MODE` set to 'direct' / 'legacy'.
Related-Bug: #1467890
Closes-Bug: #1403129
Implements blueprint: horizon-glance-large-image-upload
Change-Id: I01d02f75268186b43066df6fd966aa01c08e01d7
In case 'data' image attribute is a base string (instead of in-memory
or on-disk file), api.glance sends back an image wrapper with a redirect
url and a token to its caller, so the caller could upload the file to
that url directly.
Provide a unit test for api.glance behavior when an external upload
location is used. That also requires to fix glance stub endpoint data
in keystone_data.py since it didn't reflect the reality.
Also document the new HORIZON_IMAGES_UPLOAD_MODE setting that will
govern direct images upload and the define approach to deprecating the
old HORIZON_IMAGES_ALLOW_UPLOAD setting. The old setting is deprecated
as of Newton release and planned to be removed in P. 'Removing' means
that it will no longer be used / referenced at all in code, not the
actual presence in settings.py (it is removed from settings.py in this
commit). What really matters is if the customized value of
HORIZON_IMAGES_ALLOW_UPLOAD in local_settings.py will be still
considered during the deprecation period.
Help text in Django Create Image form in case if local file upload was
enabled was wrong, fixed that.
Related-Bug: #1403129
Partially implements blueprint: horizon-glance-large-image-upload
Change-Id: I24ff55e0135514fae89c20175cf9c764e871969b
Volumes tabs should be enabled when volumev2 endpoint is registered.
Currently, Horizon considers no volume service is running if there
is no V1 endpoint, which doesn't make sense as Horizon no longer
supports the cinder V1 protocol.
Co-Authored-By: itxaka <itxaka@redhat.com>
Change-Id: I35d821eedb75f73f9330ed11f921694104eed0c6
Closes-Bug: 1415712
Add the protocol tab under the Identity Provider detail
panel, this allows the user to manage the protocol on
the context of the Identity Provider,
Change-Id: I0e232b174382b1bc325e04cc343ae4d50e0cfed1
Implements: blueprint keystone-federation-protocol-mapping
Display the identity provider panel when the setting
OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT is set to True.
Change-Id: Iadf92eb7542013f9c212eccfa372c6335a319841
Implements: blueprint keystone-federation-idp
In the user table, description column is missing when using keystone V3
This patch add the 'Description'column in User table. This also
change to add 'Description' field the user_create and user_update form.
Change-Id: I90bb7a644f8f29ae0055c6c2ffc688a9b709f300
Closes-Bug: #1463247
Recently, the data processing service was renamed to
"data-processing" rather than "data_processing". Each
panel needs to be updated so that it will show up when
the data-processing service is enabled. Also updated
the underlying test data to reflect the update.
Change-Id: I38d7350215cbe5c5f406d75d6be7c9057957bc69
Closes-Bug: #1429987
Fix a number of unit tests so that they will work with the latest
cinderclient, which will be released by the end of Kilo.
The problem was that several horizon unit tests made calls into
python-cinderclient that should have been stubbed out (but were not).
These calls silently did nothing in the released python-cinderclient due
to a "feature" where certain GET functions would return an empty list
when the auth url was an empty string, instead of returning an auth
failure. Recent changes in the python-cinderclient authorization
functions closed this hole, which then revealed problems in the horizon
unit tests:
1) several tests were lacking stubs to cinder calls, and
2) the auth url in test of cinderclient v2 was empty due to a missing
dictionary entry in test_data/keystone_data.py
Change-Id: I33967a924f4e47009fdc1613248afd1bd377f34f
Closes-Bug: 1423425
Co-Authored-By: Richard Hagarty <richard.hagarty@hp.com>
The modal contains all the credentials used to access the user's
openstack and EC2 instance.
Change-Id: I750b2922a34dd06b2098eff95d817c852a18be07
Implements: blueprint api-access-page-enhancements
Co-Authored-By: Cédric Soulas <cedric.soulas@cloudwatt.com>
Added Domain User step in the Domain Update workflow for managing
domain-role assignment to User.
Change-Id: I629449c635319e3a4292a4e2be35c5d9fc8a7cf9
Implements: blueprint user-domain-role-assignment
Don't access keystoneclient's UserManager in tests. This should be
considered private data of keystoneclient and is not actually used by
horizon tests.
Change-Id: I261e79b31dfc7388adb3dc63a3a5e54042f05e54
Closes-Bug: #1347236
The bug is caused by consecutive client calls when
fetching users' roles in a project.
The fix was to use the /v3/role_assignments endpoint.
Which retrieves all roles in a single client call
(dashboards/admin/projects/workflows.py:
UpdateProjectGroupsAction and UpdateProjectUsersAction).
The compatibility to the previous keystoneclient version
is maintained.
In a scenario with 1000 users with a role in a project
(using devstack), the time to render the Modify Users
page dropped from 45s to 2.5s
Change-Id: Ic72ebea0db226faf98c5e04d00d76dedd1fb01c1
Closes-bug: #1278920
The plugins panel is used to show the various
hadoop flavors/versions that are supported by the
underlying Sahara API.
* also added basic panel tests
This code was originally from:
https://github.com/openstack/sahara-dashboard
Change-Id: Ib0c95334a5122529fddbfd9c0cd0d0c06e0c8ad3
Partial-Implements: blueprint merge-sahara-dashboard
Co-Authored-By: Nikita Konovalov <nkonovalov@mirantis.com>
Co-Authored-By: Dmitry Mescheryakov <dmescheryakov@mirantis.com>
The actual behavior is that horizon sends an empty string
on the "email" field when creating a new user if the field
isn't filled by the user.
To match the keystone client behaviour, instead of sending
an empty string, this patch sends a "None" value when the
field isn't filled by the user.
By doing this, when creating a new user from both,
keystone client and horizon, a "null" value is stored
under the same conditions.
in the database. This will keep the data consistency.
From the presentation point of view, when a "null" value
is received, it is presented as an empty string instead
of showing "None" on the "email" field of the users table.
Change-Id: Ib5df774b3fe9d82c084f380c9c11aea46b2984aa
Closes-Bug: #1265805
We have a lot of import with #noqa that is there to ignore h302,
because it's traditional to import and use a name directly, instead
of a whole module. This hides other errors and gives people the
impression that it's actually fine to import non-modules, you just
have to slap #noqa on those lines.
I went through the code and identified about a dozen names that are
most commonly imported this way. I remove the #noqa tag from them,
and added them to the list in import_exceptions.
I also removed a few unused imports that were revealed in the process.
Change-Id: I27afb8e2b1d4759ec974ded9464d8f010312ee78
This construct didn't work under PyPy, as a result of the fact that
datetime is implemented in Python in PyPy:
A simplification of the problem is this:
import datetime
class X(datetime.datetime):
pass
now = datetime.datetime.now()
X.isoformat(now)
This works under CPython, but fails under PyPy. This is because PyPy
creates a normal unbound method for `X.isoformat`, which checks that
`now` is an instance of `X`, which it isn't. Because datetime is
implemented in C, CPython skips those checks.
Change-Id: Id27e7a8b00156bd9688bdb36d2c38b04785c2d0c
Add display of Domain ID and Domain Name in the Create and Update
Projects page to give user a hint where the Project will be created.
For Keystone V2, the two fields will be hidden.
When the Domain Context is set, the Project will be created in that
Domain Context. Otherwise, the Project will be created in the Domain
of the logon user.
On project creation, the listing of available users and groups will
be based on the Domain where it will be created. While on project
update, the listing of available users and groups will be based on
the Domain of the Project.
Fixes bug 1215196
Change-Id: Ia2ab25956621d01c2173e08402241b7f60401e0f
Adding ceilometer api basic function wrappers.
Adding Class wrapper of each ceilometer object.
Adding ceilometer general usage wrappers for common statistics over
list of Resources and ResourceAggregates.
Adding specific table statistics wrappers.
Adding tests and test data for Ceilometer API.
Best to be tested with commit for resource usage panel at:
https://review.openstack.org/#/c/35590/ - this commit is for the
test purpose only.
Link to bp: https://blueprints.launchpad.net/horizon/+spec/ceilometer
Implements bp ceilometer.
Change-Id: I5b3392de8bae2be8cbcba7a580af669676e54052
This patch set replaces a few method imports with
module imports in "openstack_dashboard/test/test_data".
Fixes bug 1215996
Change-Id: I3268d61044f31e7adca5ae752b4768df0e7fbbec
This patch replaces some method imports with module imports and
makes H302 test enabled.
Fixes bug 1188531
Change-Id: Ibfbddeaa19cbbb244da58ffd5c918c41f03a0c65
Added Project Groups step in the Project workflow for managing
project-role assignment to Groups.
The feature is only enabled if the application is running KS V3.
Moved the logic for filtering Groups by Domain into keystone.py.
Change-Id: I48b1aba162646a5327f6442a864e2015596a99c6
Implements: blueprint group-role-assignment