This handle the senlin cluster disable/clean
for disable it will detach the polices from the cluster
and resize the cluster to zero (empty cluster)
for clean it will deatach the policies from cluster
clean the policies, receivers then clean the clusters then clean
the profiles
Change-Id: I09421d55c66d91a747bc786fdd250730c79dfd34
This feature allow the disable of most of the project resources
in some cases the admin want to disable the project and wait
for period of time before deleting the resources just in case
some resources are still usable or need to be moved to another
project
for nova the disable will stop the servers
for neutron it will change the admin_state_up to false which
will change the status of resource to down
for glance it will deactivate the images
for swift it will remove the read/write acls to container
for octaivia chenge the admin_state_up to false making the
status of loadbalancer down
for cinder it will change the volume to readonly
for the resources that dont have a way of disabling the
resource it will just log a warning
Change-Id: Ic2af6ad1ffb1e749a3d1ba687950264b5098bcdb
Was introduced in Ieecc4043b613e333948c32e7e93ad1d383d1f3ec
Co-Authored-By: Hamza Mahmoud Abdallah Alqtaishat <hamalq@verizonmedia.com>
Change-Id: Id70b60de95fac44a50b06166486a5fcc80d12eda
Update to use a new-style zuul role for devstack testing.
Remove references to Shade/os_client_config and use OpenstackSDK.
Change-Id: Ieecc4043b613e333948c32e7e93ad1d383d1f3ec
shade sends the swift object or container name unquoted as an url and in
shade.openstackcloud.py in get_object_metadata where OpenStackCloudException
errors with 404 status_code are silently ignored.
If the name contains special characters such as a '#' we therefore get no
metadata without errors.
The same thing happens after in shade.openstackcloud.py in delete_object when
calling self._object_store_client.delete : an OpenStackCloudHTTPError is
caught and the delete method returns False.
This resulted in ospurge not deleting such objects without even getting
an exception.
After investigation, the issue would be the same in openstacksdk which
copies the same code as shade.
Since nor shade nor openstacksdks perform url encoding of the name, we url
encode it ourselves before calling shade, since shade makes an http
request by calling the swift api with the object name as an url.
Closes-Bug: #1831753
Change-Id: Ie7aea2a14d920ca11012ff26d7f74017704765f5
Third party modules may want to modify existing resources behaviours.
To allow overriding existing resources, entry point modules need to be
loaded first.
It is not an issue to load them first since we sort the classes afterwards.
Change-Id: I92999d98df249649b79b13ca2be2691efdde737f
Shade retrieves the list of all tenants and filters the result.
This can be a huge issue on platforms with tons of tenants.
OpenstackSDK's get_project method acts also like shade's get_project method,
but OpenstackSDK's identity manager just recovers the desired tenant, so we
use this.
Also we pass the OpenStackConfig instance to shade or openstacksdk
because if we don't, they re-instantiate one uselessly.
Closes-Bug: #1820616
Change-Id: I737b031fa9f2e4394d58ac204bf28b422cec1c28
In utils.get_resource_classes we expect a list of strings.
However we are passing a string.
The test was succeding by pure luck.
If we pass something else (such as 'Stacks') we had multiple results.
This test was confusing for other developers implementing other tests.
Closes-Bug: #1820033
Change-Id: I8414b7582d94b199457a01e4916a7e7b6e51edbc
Add support to cleanup heat stacks.
Order it early since Heat is probably
orchestrating some servers, volumes etc
that will be removed.
Change-Id: I98c70ff5ac1c8ba5389cd97193152dfb29bec8e4
With this change, unit tests now pass on Python 2.7: tox -e py27.
Changes:
* Replace "yield from ..." with "for item in ...: yield item"
* Remove last annotations from utils.py
* tox.ini: use python3 as basepython rather than python3.5 to support
Python 2.7 and Python 3.6
* tox.ini: add py27 to envlist
Related-Bug: 1726399
Change-Id: Ief1a95402e8a31a34ada2937a7ae6a604f7f8757
Python 2 doesn't support type annotations: raise SyntaxError. Move
them to separated .pyi files to add Python 2 support without loosing
annotations.
Keep inline comments like "# type: Optional[str]".
Related-Bug: 1726399
Change-Id: Ib1a837e88cf76908f1007b3881703ffb433e6c2f
inspect.signature() was added to Python 3.3: add funcsigs on Python
2.7.
funcsigs dependency is specific to Python 2.7 and so not installed on
Python 3.
Change-Id: I951e7df9fcebdc2148cca477f4b064fc9a028e55
Related-Bug: 1726399
The __qualname__ attribute was added in Python 3. Falls back on
__name__ for Python 2 compatibility, when __qualname__ is not
available.
Related-Bug: 1726399
Change-Id: I19d07dc978250e5340327f05ea6ab62ac55489ed
* unittest.mock was added in Python 3.3 standard library: use
external 'mock' module, backport for Python 2.7
* assertRaisesRegex() method was added to Python 3.2 unittest module:
use external 'unitttest2' backport for Python 2.7 to not have to
rewrite unit tests just because of Python 2.7
Both added dependencies are specific to Python 2.7 and have no impact
on Python 3.
Related-Bug: 1726399
Change-Id: Ieb32e85d6f40f9b7bed5ba99900be2432d18da9e
types.SimpleNamespace was added in Python 3.3. Reimplement it in 3
lignes to add compatibility with Python 2.7.
Related-Bug: 1726399
Change-Id: I1553a39ecbf315b5e89d3ec8070b15769cabb8d2
The resources cannot be loaded correctly if the command
is not issued at the top level of the package.
Bug report: https://bugs.launchpad.net/ospurge/+bug/1693409
Change-Id: I14dd2b62b1c30de8aee451b851af02577ad61957
After OSPurge has ran on one project, this patch asserts that volumes
and volume backups in other projects have not been deleted.
Also, we must separate the case when cinder-backup is running and when
it is not. We know (for now) that c-bak is enabled in Gate runs.
Change-Id: I0064e43c7b8476943370aa365b6c0d3160d157b0
This commit is a whole new version of OSPurge. Currently OSPurge suffers
from the following limitations:
* It's slow (monothread)
* It's not guaranteed to complete. If a resource fails to be deleted then
OSPurge can choke on deleting other resources that depends on the first one.
* Not properly unit tested.
* Not modular (one huge file to deal with all services)
This new version is:
* Faster (multithreaded, thanks to a ThreadPoolExecutor)
* Safe (we check and wait for some prerequisites before attempting a
delete)
* 100% unit tested.
* Modular (one file per service)
Note that it's Python3.5 compatible. It also uses OpenStack Shade
and OpenStack client-config libraries so that OSPurge focuses on the
cleaning logic only.
Overall I believe this is a better version of OSPurge and more future
proof. NOte that we tagged and released OSPurge 1.3 recently in case
the new version was not satisfactory to everybody.
Change-Id: I5eb92a0556df210ea3cb4e471b8db3b5bf7ed5ee
The openstack clients return unicode strings as ressource names.
In python2.7, we need to use unicode encoding when dealing with string
formatting otherwise it is treated as python2 str and we try to cast
a unicode string into an str.
In python 3 prefixing a string with u has no effect and is supported
and considered as a python3 str which are natively unicode strings.
Change-Id: Id77ed2f28fd206b900a0e273fece244517e55505
Closes-Bug: #1645761
Now also interfaces with owner "network:router_interface_distributed" are deleted.
Before this fix, interface and router deletion failed if DVR is enabled.
Change-Id: I33c5304845d4d7c2eee729aa334ec745dcac970e
Closes-Bug: #1552336
Ospurge can be used with keystone v2 and v3 with the new
authentication plugin (Session), the old one is deprecated.
Change-Id: Ife87da432f3f56c13679e6a93c8571620c635615
use keystoneclient.exceptions instead, the ones under apiclient
have been deprecated for a while.
also, the exceptions under keystoneclient.openstack.common are
just redirects to the top level keystone.exceptions, so fix a
reference of that as well.
Change-Id: I0912d5a96f42b7f61422a27f318752a17b7238cb
If ceilometerclient gets an auth-url, it tries some keystone
requests with the publicURL even if endpoint_type is 'internalURL'.
We force the endpoint-type and region name without providing auth-url.
Closes-Bug: #1513544
Change-Id: Ib214f9d25f32f7cd1f06c27d73a889ce032915e0