Allows to configure optional field 'default_ad_site' from version 2.76.
Restrict to make sure either server or 'default_at_site' provided, but
not both.
APIImpact
Relates-bug: #1988146
Change-Id: I8e21e9170eace134a51efed84de1ccc58eb7eaaa
In manila/api/v1/security_service.py, the context.is_admin check is
removed, allowing the subsequent policy check to determine whether the
user can retrieve all security services. Authorization is determined by
the RBAC policy "security_services:get_all_security_services".
In manila/tests/api/v1/test_security_service.py, unit tests for listing
security services based on admin context were replaced with unit tests
for listing security services based on whether the user is authorized or
not.
The unit test test_security_services_list_all_tenants_policy_authorized
asserts that the security services are retrieved when
policy.check_policy returns True.
The unit test
test_security_services_list_all_tenants_policy_not_authorized asserts
that security services are not retrieved when policy.check_policy
raises a NotAuthorized exception.
Closes-Bug: #1916102
Change-Id: I6cce61237f5ee3ce60d8165f6fac5e7e5a63b4dd
Depends-On: https://review.opendev.org/c/openstack/manila-tempest-plugin/+/840727
This patch adds the possibility to create share networks with
multiple subnets in Manila. It also updates the share server api
to receive "share_network_subnet_id" instead of "share_network_id".
Each share network subnet must be associated with only one
availability zone. Each share network must have a single default
share network subnet.
DocImpact
APIImpact
Depends-On: I13bb48e7c03e16c26946ccf9d48e80592391a3d1
Partially-implements: bp share-network-multiple-subnets
Change-Id: Id8814a8b26c9b9dcb1fe71d0d7e9b79e8b8a9210
Closes-Bug: #1588144
Co-Authored-By: lseki <luciomitsuru.seki@fit-tecnologia.org.br>
Co-Authored-By: dviroel <viroel@gmail.com>
It will fail when non-admin tenants try to get share networks
and security services with option '{all_tenants: 1}'.
The reason is that the policy of 'get_all_share_networks' and
'get_all_security_services' are admin api, they do not allow
the non-admin tenants list the share networks and security
services with all_tenants=1. This patch removes the policy check
of non-admin tenants and allows non-admin tenants to request to
list with 'all_tenants=1', however 'all_tenants' in the request
is just ignored.
Change-Id: Ied021b66333f1254cd232bbc38562a4a9b762ad2
Co-Authored-By: Goutham Pacha Ravi <gouthampravi@gmail.com>
Related-Bug: #1721787
Replacing dict.iteritems()/.itervalues() with
six.iteritems(dict)/six.itervalues(dict) was preferred in the past,
but there was a discussion suggesting to avoid six for this[1].
The overhead of creating a temporary list on Python 2 is negligible.
[1]http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Partially-implements blueprint py3-compatibility
Change-Id: Ia2298733188b3d964d43a547504ede2ebeaba9bd
Manila API for update of security service reads policy for "show" operation
but should do it for "update" operation.
Change-Id: I675f834fcb75f3b7864094601e47c15f60a0864b
Closes-Bug: #1459631
Models "security_services" and "network_allocations" have attr "status" that is
not used indeed. So, remove it from models and add appropriate migrations.
Closes-Bug: #1459660
Change-Id: Idb3a69916e8052b16c9daebb9bb67b09d1714c46
Remove the broken XML support presently available in Manila
in order to comply with the general direction among other
OpenStack projects to support JSON only.
Change-Id: Ibb542fa223f7f7d1bf95f3d1f568987ef839cd12
Closes-Bug: #1440782
Module 'log' from oslo-incubator was removed after release of oslo_log library.
So, start using oslo_log, but keep oslo-incubator code yet other common modules
within Manila codebase use it.
Implements bp use-oslo-log-lib
Change-Id: I88224f7c2bd99adb78140dfc3fa73cea437f29cd
LOG.warn etc. should be translated separately and thus messages need to
be marked with _LW for LOG.warn, _LI for LOG.info and _LE for LOG.errors
and LOG.exception.
Mark all LOG invocations with proper translation marker.
Use ',' instead of '%' when adding variables to log messages to allow
lazy evaluation.
Add new hacking checks for these.
Change-Id: I31d3ee50f30c63d7d647b1c2b1eae50bf96f0c74
oslo.i18n provides the i18n function that were provided by
oslo-incubator's gettextutils module
Import _ where needed, oslo.i18n deprecated the builtin method.
Closes-Bug: #1382187
Change-Id: I12aa1c725aa4bb52a9aa46e9c3d2b303839de48b
We can filter security services only by status, name, id and type now.
Add new search options:
user,
server,
dns_ip,
domain
to _get_security_services in SecurityServiceController to be able to filter
security services by these fields.
Allow filtering security services by share network id.
Add information about share networks to result if 'detailed' mode enabled.
Add unit and tempest tests for filtering security services.
Implements bp improve-security-service-list-filtering
Change-Id: I8b3845c2d705188ec1dc0db33c1e20c8e6c5e559
When we attach security service to share network and create
share server associated with this share network, security service
or share-network should not be updated as well as deleted.
For update should be available only 'name' and 'description' fields.
Don't allow to remove assigned security-service from share-network
when share-servers exist.
Add unit and tempest tests.
Change-Id: Ide82edea355030b281dc709f8545abfd0fcd13fb
Closes-bug: #1357355
Fix H405:
H405 multi line docstring summary not separated with an empty line
With this patch, flake8 passes all checks (incl. hacking checks)
except the on-purpose disabled check H904.
Closes-Bug: #1333290
Change-Id: If41259aefc4d6d588da5036f1f25df17b88db04f
According to the latest revision of the logging guidelines message
of type AUDIT should be moved to INFO.
The latest revision is available at https://review.openstack.org/#/c/91446/
at the moment.
Change-Id: I9f8aaeec0bbd17e58ddb814eb7499dc9d6343ca6
Added db method share_network_get_all_by_security_service that
returns all share networks to which security service is assigned.
Added check to delete method in security service api that
gets list of share networks that security service is assigned at
and raises error if this list is not empty.
Closes-bug: 1304473
Change-Id: Ibb73f77095b035f33376aa1791448de3a1ed939b
Current index has only 'name', 'id' and 'status', and
it will be very useful to have additional key - 'type'.
Change-Id: I647a923ed59aa971e15669d7c9239967c815ea09
Because inside check_policy() there is hardcoded
'share' target prepended to all policies, any
policy we check will be checked against 'share'
policy. Change check_policy() to use explicit
target and action instead of just action.
Change wrap_check_policy decorator to be a
decorator maker which accepts resource name
as an argument.
Closes-Bug: #1274951
Partial-Bug: #1271943
Change-Id: I85c184035619d78107d56ea94918f608d8d7c282
Changed xml template for create/update security service
from SecurityServiceTemplates to SecurityServiceTemplate
Closes bug 1269829
Change-Id: I07f2847b8897cfbc2ee3e1952709925c3c056774
Add server side for share's networks. Implemented controller
will carry user requests to the DB and thus will allow
user to manage share's networks data.
Add share's networks support to the share API.
Partially implements bp: join-tenant-network
Change-Id: Ie4f3945255a049e80083f08a39d7f703a5c75c5e