- Manila share server deletion happens asynchronously. If deletion of
share server fails in between, share server network ports remained as
it is. So we should better delete share network ports first and then
continue share server deletion.
- It may be possible, that there are ports existing without a
corresponding manila network allocation entry in the manila db, because
port create request may have been successfully sent to neutron, but not
stored in db. So query(and delete) those from neutron after db entries
are deleted.
Closes-bug: #2067266
Change-Id: Id86dade1194494e599aea9adad06e4ca6cb119b6
Deferred deletion states deferred_deleting, error_deferred_deleting are
visible for non-admin user in 'share/snapshot show' command. Fixed this.
partially-implements: bp/deferred-deletion
Closes-bug: #2067456
Change-Id: I42ddda3144a3f52b4bc0420d5acde1e5e7560264
When snpashot are soft deleted i.e. they are renamed if delete fails,
sometime we face issue in rename operation. This is due to busy
snapshot clone split operations. So perform rename and then start clone
split.
Closes-bug: #2025641
Change-Id: I1093a610f31f5971bb23b9f89c64f5f129ac2fb9
This is a mostly complete example showing request body, request query
string and response body schemas in action. The only thing not included
yet is descriptions for fields, which is still being worked on.
Change-Id: I14db582eec6db25ea5437675f8207dcf94228b25
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Partially-implements: bp json-schema-validation
We're in a non-SLURP release cycle; this means that we'd test upgrading to
the release produced by this cycle is supported only from stable/2024.1 (Caracal).
So set "grenade_from_branch" to stable/2024.1 and run only the "skip-level"
grenade job. When we get into the 2025.1 cycle, we can run the regular
grenade job as well.
Change-Id: If17ddd1bc06810d94db43dec3bb877d5045621ad
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Bandit raises a flag at evals, suggests using
literal_eval which does not work here.
Instead of using eval to parse the attributes,
should use getattr method instead.
When using getattr, unit tests fail
because of problems with mocking requests.
Applying nosec and reported a bug.
Related-Bug: 2065727
Change-Id: Ib5404d9e165be5879f5351c3f0952648ae702b2d
Adds specific rule to no sec comment for ZFSSA driver.
Follow up to change Id71c0ee4138b695ff19085a284ccced6b1a9dbba
Depends-On: I532ff3f0b2613340e0cb46c3b7e57a22cfa50c61
Change-Id: I997d45d3d3850af30510af41ef335242f02642fc
Adds a timeout to a post so Bandit
stops crying. Adds a nosec comment to
an MD5 hash because I can't tell if it's
used for security or not.
Change-Id: I46ad1a7ca723157488525ca7239cbd0ef421b975
This is mostly a copy-paste from Nova (which was also copied to Cinder).
It should probably live in oslo.service or elsewhere, but for now we
vendor the code here. The main change is that we use the Draft 2020-12
schema rather than the Draft 4 schemes currently used elsewhere (though
those will be changing too).
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I76285d95bd7b9a6489c7839220fc941f1acdc263
Partially-implements: bp json-schema-validation
Adds correct rule to nosec in QNAP driver
Follow up to change I171c90a281c7b62c2601131293f9f00a926641e2
Change-Id: Ice0621cd20345cea04539588bdadc93ad6a15a15
Use low-level os.path function + __file__ which are already used in
the other places.
Also consistency use os.path.join to compose file paths instead of
bare +, to avoid confusions about trailing / .
Change-Id: I1363e4befe41f3bb63b66b2589011e51828bcbbe
cElementTree was deprecated in Python 3.3 .
Use defusedxml instead of the built-in xml module to avoid potentially
malicious operation[1].
[1] https://docs.python.org/3/library/xml.html#xml-vulnerabilities
Change-Id: I7b2d2843fb82873e6194c040c6cdfd515de2cefe
The periodic database queries made by the share manager service to
process deferred deletion of shares has been fixed to consider the
host in addition to the share's state. This both improves performance
of the periodic task, as well as fixes incorrect behavior where
incorrect shares are retrieved by the query.
Partially-implements: bp/deferred-deletion
Change-Id: I813a3130ae015a6b8778bb2a288075b949313c73
These are detected as errors since the clean up was done[1] in
the requirements repository. Minimum versions are bumped to avoid
installing known bad versions.
[1] 314734e938f107cbd5ebcc7af4d9167c11347406
Change-Id: I9ce84c193903b36109bc81c08bd760a50bbfd473
Adds a Bandit testing environment to the tox.ini file and
adds a job to project.yaml Zuul CI file to run the Bandit
test environment. Also includes a nosec comment to ignore
a hardbinding to 0.0.0.0 in service.py
Depends-On: I78a5b708cd970dcb60f480d8e6a201d0768645fc
Depends-On: I27d1204ec7dafd3b578d1261c3fd2e371ae405fb
Depends-On: I2a913f3b87e16554b1bd68543fcf254cc4226031
Depends-On: I46ad1a7ca723157488525ca7239cbd0ef421b975
Depends-On: Ib5404d9e165be5879f5351c3f0952648ae702b2d
Depends-On: Id71c0ee4138b695ff19085a284ccced6b1a9dbba
Depends-On: I33bbb7070ada5509ca05c90d7a38077d38f54a1f
Depends-On: I3e974a2113b29af1111f27ca1afeb78091a0ec75
Depends-On: I0e686c91ce02ea42719d00d17f6ed659e97470ac
Depends-On: I171c90a281c7b62c2601131293f9f00a926641e2
Change-Id: I8eb93cdcd5d47a6a5495ee7277c72d5f028cb412
Replaces qnap driver's use of Python's
Standard XML library methods with defusedxml's
methods instead.The defusedXML protects the app
from XML attacks.
Instructed bandit to skip the line 86 of api.py
of qnap driver. _create_unverified_context was
intentionally used by developer which bandit
wasn't happy about.
Change-Id: I171c90a281c7b62c2601131293f9f00a926641e2
Bandit is yelling about possible SQL injection
because an SQL command is being amended, but
it's being amended onto a blank string so I
do not think this is a security issue. Also,
Bandit is yelling about 0.0.0.0 being binded
but this is intentional and will break stuff
if changed.
Change-Id: I3e974a2113b29af1111f27ca1afeb78091a0ec75
Bandit is yelling but these aren't used for security
purposes, I think, so this will sort out Bandit
Change-Id: I0e686c91ce02ea42719d00d17f6ed659e97470ac
Make sure that all password options is defined with secret=True so that
the given values do not appear in debug logs.
Also remove the redundant default=None .
Change-Id: I989e825ef160a65a5a72c58d6fd4e8099044bcd5
The purpose of md5 was not specified.
Veritas drivers use mds hashes which pop on bandit as security issues
Putting "usedforsecurity=False" properly shows the hash function
is not use for security.
Change-Id: I78a5b708cd970dcb60f480d8e6a201d0768645fc