As part of the Secure RBAC community goal, we should switch options
"enforce_new_defaults" and "enforce_scope" to be True by default.
It will be still possible to fallback to old policy rules by configuring
those config options to False in Neutron config.
Change-Id: I09c0026ccf87e6c0bb1fa59165c03dc508fba6fa
If not set availability_zone_hits when create router, should use
configuration parameter default_availability_zones.
At present, only the creation parameters are validate, and the default
availability zones not validate.
Creating a network is the same as creating a route.
Closes-bug: #1938261
Change-Id: I1c7f50b69a31d725b762e3061f09a0bd5b077a58
assertItemsEqual was removed from Python's unittest.TestCase in
Python 3.3 [1][2]. We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.
NOTE(dmllr): added hacking check
[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277
Change-Id: I7c20fec08e5dc9f67b34100c925ea6724bbd25f0
Today a number of classes define their supported_extension_aliases
using static strings rather than API definition ALIASes. This patch
switches them to use the ALIAS where applicable.
Change-Id: I716270c68a9fcd850c3c26de31bc13ea16def23d
In before, filtering of AZs is using the filter implementation of
agents. To filter the AZs, users need to find the AZ fields to filter,
locate their corresponding fields in agent, and compile the filters
based on the mapping between AZ and agent. This is undesirable.
This patch improve the filtering of AZ by converting the AZ filters
to agent filters. The supporting AZ filters are:
* name: the name of the availability zone
* state: the value is either 'available' or 'unavailable'
* resource: the value is either 'network' or 'router'
NOTE: For backward-compatibility, the old filters still works but
its usage is discourage.
APIImpact: Add filters to specify attributes of availability zones
Needed-By: Icbf427f20ca912a40d68e8042abeeabffeb3005f
Change-Id: Id882f949cc73a34290c311f3ce3d69d1b809c29f
The agent extension's API definition was moved into neutron-lib with
commit Iae4746aa2e3f68a7120696a12a6ae717115dbc31
This patch consumes it by removing the rehomed code and using the
APIExtensionDescriptor for the parent class of the extension.
NeutronLibImpact
Change-Id: I18aebec1e2b5b361d9b96192d4a59e5424c6a80b
Commit I1d4ded9959c05c65b04b118b1c31b8e6db652e67 rehomed the
availability zone extension's API definition into neutron-lib. This
patch consumes it, removing the rehomed logic in neutron and switching
over to lib's version of it.
NeutronLibImpact
Change-Id: I761381de0d6e26a0380386700e7921b824991669
Today our unit test code uses various ways to "patch" the global
RESOURCE_ATTRIBUTE_MAP as well as extension specific maps in some cases.
This patch consolidates such patching whereby tests should use neutron's
AttributeMapMemento in their setup() chain (only once) if they update
the global map and they should individually handle backup/restore of per
extension map updates. This change will simplify the code and make it
easier to phase-in API definition usage with neutron-lib where we have
some as API definitions and others not. Longer term the
AttributeMapMemento will be replace with neutron-lib's fixture as we
move all extension maps to API definitions in neutron-lib.
Change-Id: I2586f0b11b107d7f57214a0d65bcf7c38a5f0ebb
Stevedore documentation suggest that full import paths are not supposed
to be user visible. Since unit tests emulate users when configuring
oslo.config, we better off relying on well known plugin aliases than
internal details.
For in-tree that may be not a big deal, but with it we set a bad example
for third parties that may later find their tests broken eg. when we
decide to move code around.
TrivialFix
Change-Id: I7bd036ac3df7e7f4c678356d0a793e7d38599dda
The extensions fields were not being added to the response being
sent back to the user for ports and networks that weren't from
ML2 extensions (e.g. availability zones). This created an
inconsistent response between creates and updates/gets. It also
resulted in incomplete data in the AMQP create notification emitted
in the API layer.
This patch adjusts ML2 to call the _apply_dict_extend_functions
method after creating ports and networks. To make this work, another
DB lookup to get the latest model state was necessary. However, this
is part of an already expensive operation (create) so the performance
impact should be minimal.
This issue stems from the fact that db_base_plugin_v2 does not
process extensions when its create_port, create_network methods
are called. This original skipping behavior was added back in
patch If0f0277191884aab4dcb1ee36826df7f7d66a8fa as a performance
improvement to deal with dictionary extension functions that
performed DB lookups. However, at this point the dictionary
extension functions should have been optimized to skip any DB
lookups to avoid the massive performance penalties they incur
during list operations.
An alternative to this patch was to adjust the db_base_plugin_v2
to stop skipping extensions. However, because this is usually
called by inheriting plugins before they process extensions
for the new port/network, the extensions do not yet have the
required information to extend the dict and will fail. So each
core plugin will need to apply similar logic to support extensions
that rely on the extend_dict functions.
Closes-Bug: #1541774
Change-Id: Iea2c0e7f9ee5eeae28b99797874ca8a8e5790ec2
This patch adds the availability_zone support for network.
APIImpact
DocImpact
Change-Id: I9259d9679c74d3b3658771290e920a7896631e62
Co-Authored-By: IWAMOTO Toshihiro <iwamoto@valinux.co.jp>
Partially-implements: blueprint add-availability-zone
This patch adds the availability_zone attribute to agents and
supports availability_zone API.
Availability_zone support for resources (network/router) and
the schedulers are included in subsequent patches.
APIImpact
DocImpact
Co-Authored-By: IWAMOTO Toshihiro <iwamoto@valinux.co.jp>
Change-Id: Id7a62000ab0484412b3970199df8c374568fe70d
Partially-implements: blueprint add-availability-zone