Fix E402 (module level import not at top of file) pep8 errors
and no longer ignore new failures.
Trivialfix
Change-Id: If9a202f1f322b5b03966c692e33e94b7c872079b
Remove The following _MAX_LEN constants from
neutron/api/v2/attributes.py and use the corresponding DB field size
constants from neutron_lib.db.constants instead.
NAME_MAX_LEN --> NAME_FIELD_SIZE
TENANT_ID_MAX_LEN --> PROJECT_ID_FIELD_SIZE
DESCRIPTION_MAX_LEN --> DESCRIPTION_FIELD_SIZE
LONG_DESCRIPTION_MAX_LEN --> LONG_DESCRIPTION_FIELD_SIZE
DEVICE_ID_MAX_LEN --> DEVICE_ID_FIELD_SIZE
DEVICE_OWNER_MAX_LEN --> DEVICE_NAME_FIELD_SIZE
In alembic migration scripts, the raw numerical value is used.
For more information, see:
http://lists.openstack.org/pipermail/openstack-dev/2016-October/105789.html
NeutronLibImpact
Change-Id: I734890372584fe27e5d6ec38c0cad2de882ff11c
This allows access to external networks to be controlled via the
RBAC framework added during Liberty with a new 'access_as_external'
action.
A migration adds all current external networks to the RBAC policies
table with a wildcard indicating that all tenants can access the network
as RBAC.
Unlike the conversion of shared networks to RBAC, the external table
is left in the DB to avoid invasive changes throughout the codebase
to calculate the flag relative to the caller. So the current 'external'
flag is used throughout the code base as it previously was for wiring
up floating IPs, router gateway ports, etc. Then the RBAC entries are
only referenced when determining what networks to show the tenants.
API Behavior:
* Marking a network as 'external' will automatically create a wildcard
entry that allows that network to be accessed by all tenants.
* An external network may have all of its RBAC entries deleted and then
only an admin will be able to attach to it.
* An RBAC 'access_as_external' entry cannot be deleted if it is required
for a tenant that currently has a router attached to that network.
* Creating an 'access_as_external' RBAC entry will automatically convert
the network into an external network. (This is to enable a workflow
where a private external network is never visible to everyone.)
* The default policy.json will prevent a non-admin from creating wildcard
'access_as_external' RBAC entries to align with the current default policy
we have on setting the 'external' field on the network to prevent poluting
everyone else's network lists.
* The default policy.json will allow a tenant to create an
'access_as_external' RBAC entry to allow specific tenants
(including itself) the ability to use its network as an external network.
Closes-Bug: #1547985
DocImpact: External networks can now have access restricted to small subsets
of tenants
APIImpact: 'access_as_external' will be allowed as an action in the RBAC
API for networks
Change-Id: I4d8ee78a9763c58884e4fd3d7b40133da659cd61
Brian Haley