Make sure that all password options is defined with secret=True so that
the given values do not appear in debug logs.
Also remove the redundant default=None .
Change-Id: I989e825ef160a65a5a72c58d6fd4e8099044bcd5
The purpose of md5 was not specified.
Veritas drivers use mds hashes which pop on bandit as security issues
Putting "usedforsecurity=False" properly shows the hash function
is not use for security.
Change-Id: I78a5b708cd970dcb60f480d8e6a201d0768645fc
To appease Bandit, timeouts have to be
everywhere. So here are some timeouts
so Bandit stops crying.
Change-Id: I2a913f3b87e16554b1bd68543fcf254cc4226031
To appease Bandit since SHA1 angers
the beast, usedforsecurity=False will be
bolted to the hash function
Change-Id: I33bbb7070ada5509ca05c90d7a38077d38f54a1f
Bandit yelled at this use of urlopen
but the security issue it's worried about
does not apply in this case
Change-Id: Id71c0ee4138b695ff19085a284ccced6b1a9dbba
If we are manually creating these things, we don't want any
automatically created. This is a latent issue that was being exposed by
SQLAlchemy 2.0's tweaked session management.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I9d760ebbfcca176a39b44f20fb92e16eaf6284c5
This patch adds a delete cli command to ShareCommands
The helper CLI command checks if service if up. If service
is down, it deletes the share instance
Closes-Bug: #1867030
Change-Id: I6a0575c1ed86213010e50fe1b7a733cdf7fa1736
This is reported upstream [1] but I suspect the root cause is that we
were relying on a bug in Alembic: renaming tables doesn't really make
sense as a batch operation, which by definition works by recreating
tables with an updated schema (to support SQLite and its lack of full
'ALTER' support).
[1] https://github.com/sqlalchemy/alembic/issues/1453
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I1da6d117778bbbad64b2df2dfd2f8aeef8a7084c
Resolve the following RemovedIn20Warning warning:
Using strings to indicate relationship names in Query.join() is
deprecated and will be removed in SQLAlchemy 2.0. Please use the
class-bound attribute directly.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I155b4ce4b605720c8335d465124fd32cc973a737
Change Ie8831c04b7b4515deea27b1ceb472d07cda91ca0 replace the only users
of 'autoload' with 'autoload_with'.
Change-Id: I37bbe45d6d9ce41a3c238e33d4469f9a362491ad
Replaces Huawei driver's use of Python's
native XML library methods with defusedxml's
methods instead. The native library is vulnerable
to XML attacks while defusedxml isn't. This also
makes Bandit 3 issues happier.
Change-Id: I27d1204ec7dafd3b578d1261c3fd2e371ae405fb
after testing using an assert for DML without a transaction,
we can now turn autocommit off. enginefacade should be used
completely now
Change-Id: I2ee07c7e41ea43c2ab24a4a095550dd0b5fe47dd
Now that we have migrated all of our DB APIs to enginefacade, we can
clean up the outstanding TODOs.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: Iee198a16f030f1205d38b7c232d4e3a42642c756
Thankfully the APIs being migrated here were _mostly_ sharing sessions
already, so we can simply migrate from public (decorated) methods to
private methods with minimal fuss.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: Id1b555e48106662d15e8c50567a5f3acecf6a8f1
We need to maintain these on quotas (for now) but not on other
operations.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I991d6127c14b5f06ca9ca8e6caccbc392e639b42
Make use of the `get_optional_share_creation_data` driver interface
to metadata in shares' created using the cephfs protocol.
Closes-Bug: #2050010
Change-Id: I91b51f974840f593334f2dcddfcfd45adfe87780
The WalkVersionsMixin class was already removed from oslo.db, because
of removal of sqlalchemy-migrate support.
Change-Id: I952e0aed8705fd4fc0b89f6ee34f31da1b30c656
- A new config option named ``admin_metadata_keys`` was introduced
and we expect it to be set in the DEFAULT section of the manila
configuration file. It is expected that administrators will provide
a list of metadata keys that can only be updated by administrators
through this configuration option.
- Drivers will be able to set metadata while creating shares
through the `get_optional_share_creation_data` driver interface.
Closes-Bug: #2050010
Change-Id: I6412710c7db89747d23033e1a5a6be9de5886b0b
The is_valid_ipvN methods from oslo.utils raises an exception for
non-string values, because of the change in netaddr 1.0.0. This adds
a wrapper logic to retain the previous behavior, which is preferred by
manila.
Change-Id: If1297e4d54fd645969ca79690a1c558c9efdbc8d