CONFspirator was written to just specifically for Adjutant
and it allows us to do oslo.config style config management
and definition with nested groups and for yaml.
This is a major change that touches vast amounts of the
code simply because of how much the config touches.
Actions, Tasks, DelegateAPIs, and Notification Handlers
now can define config in their own class and this will
be added to the config.
All the other config is located in `adjutant.config`,
with everything now registed nicely on the config tree,
and grouped in much saner ways.
CONFspirator will also now allow Adjutant to be entirely
configured via environment variables.
We have removed `modify_dict_settings` because that is
now entirely handled by CONFspirator's test utils.
`NotificationEngine`s are now `NotificationHandler`s.
`test_settings.py` is gone! And we now have better ways
to define test settings and defaults.
Project line length bumped to 88, and bugbear added to enforce
that instead.
Story: 2004488
Change-Id: I1d97d72d06b3a3a5df90355d3a4b4fe414381424
This patch splits out the Task layer and the API
layer. This will better allow us to build more logic
into the task layer, and better allow the APIs to be
more flexible.
This sets the foundations for future additions to task
definitions, async task processing, and an overhaul of
the config system for the service.
- Task model and logic moved to 'tasks' app
- TaskViews are now DelegateAPIs
- stage email templates have been moved to the tasks app
- better define Task model indexes
- rename task/action stage pre_approve to prepare
- rename task/action stage post_approve to approve
- Added new TaskManager class for handling tasks
- Removed redundant ip_address value on Task model
- Remove redundant UserSetPassword view
- Added custom exception handling for the API
- Add new exception types
- Simplified error responses by raising exceptions
- standardized task API response codes on 202 unless
task is completed
- Use 503 Service Unavailable for service issues
- Various task_types changed:
- create_project to create_project_and_user
- invite_user to invite_user_to_project
- reset_password to reset_user_password
- edit_user to edit_user_roles
- update_email to update_user_email
- reissuing task token now deletes old task tokens
Story: 2004489
Change-Id: I33381c1c65b28b69f6ffeb3d73b50be95ee30ba7
Invite user workflow now defaults to domain_id from
the project.
Create project workflow now default to getting domain
and parent id from config.
Identity manager now has setting to flag the inability to
edit/create users, which some actions now support.
Fix an issue with email comparison when username_is_email was true.
Change-Id: I8548914e3d2283b17f3015595ea72c4c8084d7f5
Patch to make sure that True and False is consistent between
documentation and the configuration template
Change-Id: I562fbccc27a92a9c4f0ed851951f78da0cc5319c
* Makes it easier to add more services to the quota actions
* Fixes issues with endpoints that don't exist
* Allows deployers to override the services using the quotas
available
Change-Id: Iff64d33a7f3773d5c9b1674c3dccb4804804b0a0
* Token caching can cause errors when a user is removed from a
project when they have a still valid token for it.
* Default was to cache for 5 minutes
* This adds a setting in the conf file that will set the cache
time.
* -1 Disables the cache
Change-Id: I70b05f6a09b195dd87452689eb6e211d812fc8c8
Closes-Bug:1736304
* Adjutant-UI now supports views for Tasks, we should link to
it in the default notification templates.
* To make this possible, and other potential uses, deprecate
the TOKEN_SUBMISSION_URL in favor of HORIZON_URL
* clean up some formatting issues with the notification template
Change-Id: I1419fafe94812e64a0b3984f9f38528ec67ac8e4
* API Reference and documentation as two seperate sphinx
document sets
* Information from the Devstack guide and README moved over
to the new documentation
* Configuration examples
* Examples of building plugins
* Both use the new sphinx-rtd-theme
Change-Id: If347905aa14b77b5943f1a9de97f6e287b98ce95
Accessable at v1/openstack/quotas/.
A GET request returns json specifiing quota size, the current quota,
the current usage, and some details of any currently active quota
change tasks.
A POST request will update the quota for the project to a given
size. The data must contain a JSON dict with 'size' in it,
which will be the name of one of the pre-defined sizes.
Optionally regions (a list of region names) can be specified
which will restrict the update operation to those regions.
Change-Id: I907664f79f6eef0b5239139999cc7a28d246e446
* While useful in some cases, this isn't really a standard
thing most clouds will really do and shouldn't be a default
in the example conf.
Change-Id: Ida6ef9f421749f9e83122cd4c838366ac6c84045
* This patch is just a search and replace with minor tweaks.
* No functional changes, just renaming.
Change-Id: I103790be7c0cd9234545e25e21ab1768cb5eb131
The task only allows the current user to update their own email
address, a confirmation email is sent to the new address before
the switch.
Change-Id: I62b169d262c6455ffec96bdb29e254279e973851
Currently set up as an additional action added to the task in the
configuration file. At each stage (corresponding to the current email
section lables) a template and subject can be specified detailing
the email to be sent. This will be sent to the users email address
or otherwise an override email address set from the task.
In the configuration sending to the users email address can be
turned off with the line
email_current_user: false
Additionally an email can be sent out to a group of roles within
a project using:
email_roles:
- project_admin
Or to a number of specific emails:
email_additional_addresses:
- admin@example.org
Or to an address specified in the task cache
email_in_task_cache: true
(Cache key "additional_emails")
Change-Id: I6d454bdfefb7549322fea6cf0c91fac76b5aa89a
* Cleaned up some of the code that gets the action settings.
* Added the option of per task action settings just in case
a given task needs to reuse an action with different settings.
Change-Id: I8194cd3155ac3db3faaf0de8b87617f3891d0b10
* Massive restructure of actions folders
** This was followed by a series of renames and changes
that were requried throughout the codebase.
* The 'tenant_setup' app is gone and merged into the core
actions app properly.
* Action classes and tests now split into multiple modules.
* Clean up of test decorators so they are only set at the
class level rather than per test (much cleaner).
* Actions now allow version structuring in some capacity
similar to the api modules.
* Added app configs for 'stacktask.action.v1' and
'stacktask.api.v1' to avoid a duplicate label problem
in django.
* Moved the startup checks to their own app, and ensured
that it is imported last. This is required because
'stacktask.api' was being imported before
'stacktasl.actions.v1' and thus not all the action classes
had been setup yet. This way it is a global set of checks
that always occur last.
Change-Id: Iaf3e8d8147ccbf230b7ca6592dd9a017bee70ddb
Because the notifications mechanisms haven't been used much,
a change got through that effectively disabled the notification
engines.
* Fixes the conf to actually reflect what the code expects.
* Handling the no html template case.
* getting rid of broken .login() call for RT engine.
Change-Id: Ifc57d31a677cac9d120b43988da7dc455e4608d9
* added new templates for signup
* changed task type for openstack SignUp to 'signup'
* making the templates change based on the user state
(default/existing/disabled)
Change-Id: I3d8209fd15425d6f8eefb9c03ad891c26c3b20f8
* Removes duplication of code in validate
* Breaks large validation functions into atomic, reusable pieces in
super classes.
* Started applying the rule where validation does not leave any side
effects on class members other than the valid boolean.
* Validate functions are not called after the first fail, this
gives less feedback to user, but is probably reasonable general
assumption as some validation relies on others passing.
* Adding some tests for NewUser validation.
* Refactored how the FakeManager handled resource objects or
ids being passed to it.
* Fixed some issues with logs being spat out during tests.
Change-Id: Iea0afce06e92d8f1a1bda0cc03a32c00909828d1
* This action can be run for new projects to
ensure their size matches a set of size templates.
* Changes can be applied separately per region and service.
Change-Id: I3ef0fe0ba1f9d7df6a6f68e30cadbc19bbc0306f
* Renamed Actions to include consistent suffix.
* Config change: 'handle_duplicates' is now renamed to 'duplicate_policy'
* Refactored duplicate code into shared functions.
* Adding a functional serializer test.
Change-Id: I79fa06f7098df7cc7fe2a228a606a0f4f54b5510
Reworking NewProject as a standalone and making NewProjectWithUser
for use with signup style tasks.
NewProject and NewProjectWithUser now create the project and user
at post_approve and then resets the user password at submit.
- This change allows signup tokens to expire and a new signup to
use the reset feature to still get access. The process still
appears exactly the same to the end user.
- Existing users creating a new project will also get created at
post_approve step, but as they needed no token this
functionality does not change from an outside perspective.
Fixing a project creation issue with keystone V3, wasn't setting
domain.
More standardisation in action handling functions.
Duplicate error now returns 409 rather than 400 for clarity.
Adding an "approved_by" values to tasks both for auditing and for
possible future logic checks.
Reworking of Network resource creation into two variant actions.
Reworking AddAdminToProject to be more generic and allow a list of
users.
Fixing issues with logic for task approval and task updating.
Change-Id: Ieba9907e5632dd441a86c41de291c6a7d0c8764a
Changing how we send emails to allow the option of setting
an envelope header from address different to the message from
address. That way we can redirect bounces to a given address.
This address can also have the task uuid added to it for later
parsing down the line, and that email will by default not be
visible to the user unless they look at the email source.
Also removing error notification handling for reset password
as errors for those tasks should not be auto acknowledged as
someone should have to check those. I am leaving the auto
acknowledge for user invites because notification there will be
visible to the end-user and do not need to be handled by the
admins.
Worth noting, smtp requests to email addresses on the smtp
server StackTask is sending through, may respond right away
in the event of a bounce (due to being a trusted source) and the
error handling in place is useful for situations regarding
internal email bounces as those may not generate a fully
fledge bounce response.
Change-Id: I52bb89a430aec2a90cea5bba8e24f050526bfbc6
* All non-admin urls are now set in the config.
* All taskviews are registered in the models.py file of api.v1
** Based in part on how keystone handles it's own plugins, where
the url will be defined in the modules, and the conf simply
enables them. Less configurable, but safer.
* StackTask now does a startup check to confirm all expected
taskviews and actions have been registered
** Means we can add more startup sanity checks in future too.
* Taskviews 'default_action' is now 'default_actions'
** 'default_actions' can be overridden in conf
* TaskView settings 'actions' renamed to 'additional_actions'
Change-Id: Ic036407cbaf292830cbe60cbed4a8db0be5e87e3
* Since we have no html templates yet, made them optional
* updated the default invite user template to show project id
and roles
Change-Id: I1984dbe09243d7a044d1c3bfa157725c926c6271
* This change brings the role name in line with the upstream (unapproved) spec:
https://review.openstack.org/#/c/245629/5/specs/common-default-policy.rst
* Renamed mod_or_owner decorator to mod_or_admin
* Debian package version bumped to 0.1.1a4
Change-Id: I312c2a6baec22959f83ab1e09370de868076730b
* Not a proper fix, just blocking this endpoint for now.
- Also skipping related test.
* Also some minor pep8 fixes.
Change-Id: Ic5a28ccd9f2aa4a3bca1f6437d9fba495db3c642
* switching to the keystone v3 api
* various fixes to tests after user_store changes
* minor pep8 cleanup
Change-Id: Ie40cfcae0e392aef9a3e92da4acd4f0a21a627b0
* basic template for error ignoring in the conf
- Not a catch all automatic system.
- Mainly a guideline for the conf, as actually
ignoring the error means having the code there to
do so. This just helps define how to put it in
the conf.
* also clearly differentiating between error notification
and standard for the purposes of notification engines.
Change-Id: I0d793541d6a5a402772d3030619c39e1563a9290
* Different email templates for each type
of password reset.
* For now the force reset will be mainly for new users,
hence "initial_password" template.
Change-Id: Ie0fecacfed7d767727bd2729fca888a45467a43d
* Larger shared default dict, which can be overwritten.
* Saves on duplication
* needed for upcoming change to notifications
Change-Id: I60bd7055abdedc0a067e90e3bcdc2dfdc3451cee
* Moved to conf, and added to test settings.
* Also added same rank management to each role list
based on what we want the current permission model to be.
Change-Id: I7f8c2f8e7b4898d8a62776629eb6c437d7c9a155
* In order for resetting of passwords to work correctly duplicate
tasks need to be allowed. In this case as well, older duplicates should
be cancelled.
* Added a conf setting, and updated the duplicate check code to handle this.
Change-Id: Ie6b93d271dda3a6df54e3c58e9f23c9b701cf652
* Otherwise allowed query for any user_id, now is limited
to only return something if that id is from a user with
roles on your project.
* Renaming filters to 'role_blacklist' for clarity.
Change-Id: If06430e70051ac08899d03b2ff9481c928f058ef
Mostly done, but does need proper tests.
* shift actions into their own sub folder structure for clarity
* create new sub folder for notications
* update other code to reflect those changes
* add first basic notification engine
* add RT notification engine
* minor django url and context changes to avoid future deprecation
* getting rid of secondary migration for column rename (as not in prod)
Change-Id: I46932b6d78b93e86580506c887548fd24c0750f5
* task_view was bound to the view name, which was not consistent
for filtering as there are several ways of creating a task.
* Changed settings to also be used via that task_type field.
Change-Id: I4b8e84c6470ea538416842353737128cb7bb08fb