As part of the Secure RBAC community goal, we should switch options
"enforce_new_defaults" and "enforce_scope" to be True by default.
It will be still possible to fallback to old policy rules by configuring
those config options to False in Neutron config.
Change-Id: I09c0026ccf87e6c0bb1fa59165c03dc508fba6fa
Config option allow_overlapping_ips is deprecated to removal now and
will be removed in the Z cycle.
Default value for that option is now set to True as this is supported by
IPAM module in Neutron.
Related-Bug: #1942294
Change-Id: I17bf5e4483025e9cc4ee04dd3e7c925f7bddc3db
Removed E125 (continuation line does not distinguish itself
from next logical line) from the ignore list and fixed all
the indentation issues. Didn't think it was going to be
close to 100 files when I started.
Change-Id: I0a6f5efec4b7d8d3632dd9dbb43e0ab58af9dff3
Today a number of classes define their supported_extension_aliases
using static strings rather than API definition ALIASes. This patch
switches them to use the ALIAS where applicable.
Change-Id: I716270c68a9fcd850c3c26de31bc13ea16def23d
Commit I81748aa0e48b1275df3e1ea41b1d36a117d0097d added the l3 extension
API definition to neutron-lib and commit
I2324a3a02789c798248cab41c278a2d9981d24be rehomed the l3 exceptions,
while Ifd79eb1a92853e49bd4ef028e7a7bd89811c6957 shims the l3
exceptions.
This patch consumes the l3 api def by:
- Removing the code from neutron that's now in lib.
- Using lib's version of the code where applicable.
- Tidying up the related unit tests as now that the l3 api def from lib
is used the necessary fixture is already setup in the parent chain when
setting up the unit test class.
NeutronLibImpact
Change-Id: If2e66e06b83e15ee2851ea2bc3b64ad366e675dd
Commit I0425384d5fd6864f336bd7a5c9a5e70f2b3568ff rehomed the extra route
extension's API defintion to neutron-lib. This patch consumes it
updating the code to use lib's implementation.
NeutronLibImpact
Change-Id: Iae3bd4f15e12c401e615cc06358b376b81b53dc5
Today our unit test code uses various ways to "patch" the global
RESOURCE_ATTRIBUTE_MAP as well as extension specific maps in some cases.
This patch consolidates such patching whereby tests should use neutron's
AttributeMapMemento in their setup() chain (only once) if they update
the global map and they should individually handle backup/restore of per
extension map updates. This change will simplify the code and make it
easier to phase-in API definition usage with neutron-lib where we have
some as API definitions and others not. Longer term the
AttributeMapMemento will be replace with neutron-lib's fixture as we
move all extension maps to API definitions in neutron-lib.
Change-Id: I2586f0b11b107d7f57214a0d65bcf7c38a5f0ebb
These unit tests initially asserted sequential allocation of IP
addresses, even though they have no need to specifically assert
that a specific IP was allocated. This made it difficult to
change out the IP allocation algorithm in the future and made
these tests fragile and poorly isolated.
This change breaks the dependency these unit tests have on a
specific IP allocation strategy and isolates them from any
changes that may be made to the order in which IP addresses
are allocated on a subnet.
Change-Id: Idc879b7f1e6496aa96b4f7ae6c3eaca6079bdcac
Partial-Bug: #1543094
In the patch for bug #1538767 (https://review.openstack.org/#/c/273278),
get_ports() is passed with context.elevated(), while later get_subnet()
for those ports is still passed with the original context. This could
cause "Subnet could not be found" exception for ports only accessible
in context.elevated() but not in the original context.
This commit replaces context with context.elevated() in get_subnet().
Related-Bug: #1538767
Change-Id: I21e73625e0a625a431bfb22f847c3b6f9671daea
Currently non-admin users can create extra-routes when the nexthop is on
router-interfaces subnets but not on external-network subnet. Indeed
user permissions are used to get router ports in order to validate
nexthops BUT non-admin users don't "see" router port on its external
network.
This change uses an elevated context instead of user context to enable
non-admins to create "external" extra-routes.
APIImpact
Closes-Bug: #1538767
Change-Id: I08b1d8586a4cd241a3589e8cb7151b77ab679124
Fix params order to correspond to real signature:
assertEqual(expected, actual)
Change-Id: I722b998f6eae47076f3d10213073296a0a9a2081
Closes-Bug: #1277104
Dictionaries are unorderable in py3K. This change defines the method
safe_sort_key[1] which could be used a sort function for list of
dictionaries and non-dictionaries.
[1] neutron.common.utils
Change-Id: I9c9fae53bb3ac5b8611c92164c9630c82c2d0ceb
Blueprint: neutron-python3
`contextlib.nested` is deprecated since Python 2.7 and incompatible with
Python 3. This patch removes all its occurences by using the helper
script at [1].
This is a necessary step to allow us running all unit tests with
Python 3 (not just a small subset as it is done now).
[1]: https://github.com/adrienverge/context_unnester
Change-Id: I8d1de09ff38ed0af9fb56f423a2c43476408e0fb
Blueprint: neutron-python3
Closes-Bug: #1428424
This change ensures that the structure of the unit test tree matches
that of the code tree to make it obvious where to find tests for a
given module. A check is added to the pep8 job to protect against
regressions.
The plugin test paths are relocated to neutron/tests/unit/plugins
but are otherwise ignored for now.
Change-Id: If307593259139171be21a71c58e3a34bf148cc7f
Partial-Bug: #1440834
Slawek Kaplonski