Starting from Openstack Bobcat (2023.2) Multi Factor Authentication
was added for Horizon. This change introduced a new variable called
OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED, which if set to True will display
a new form requesting for the user's TOTP code for MFA enabled users.
This change provides the missing OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED
config option for the charm, allowing the user to enable from the
charm's configuration. If the value is set to True, the new bobcat
template will render the following values:
OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED = True
AUTHENTICATION_PLUGINS = [
'openstack_auth.plugin.totp.TotpPlugin',
'openstack_auth.plugin.password.PasswordPlugin',
'openstack_auth.plugin.token.TokenPlugin'
]
Closes-Bug: #2058689
Change-Id: Ifedf587356693b58612b1fc4d7404f0f446158ce
This is so we can register extra region endpoints in horizon,
in situations where the keystone for the extra regions cannot be
integrated via juju (for example, completely separate deployment).
Closes-Bug: #1714926
Change-Id: I52cecec88437fd2bc5a012653f24471039e6b819
Many years ago change Ida7949113594b9b859ab7b4ba8b2bb440bab6e7d
attempted to change the timeouts of haproxy but did not succeed,
as deployments were still using the values from the charm's
templates/haproxy.cfg file, being effectively set to 30 seconds
and causing timeouts (see bug). Additionally, the description
of the config options became inaccurate, stating the default to
be a value that they were really not.
This patch addresses the timeout value discrepancy, adjusting
to the original change's intended values.
Closes-bug: #2045168
Change-Id: I83405727b4a116ec6f47b61211bf8ef3d2d9fbd6
These updates, on the master branch, are to support testing the caracal
packages and support of the charms for caracal. They do NOT lock the charms
down, and don't change the testing branches to stable branches.
Change-Id: Id88fe1d5e3b177099966c659d11b96e6d1fb4c4f
If network calls to retrieve ports and floating IPs take too long,
then the project > instances page cannot be loaded. This config
allows disabling the network calls when loading the page with
minor side-effects, as a workaround to avoid downtime while other
performance optimizations can be done on the side to allow
the page the load so the workaround is no longer needed.
Closes-bug: #2051003
Related-bug: #2045168
Change-Id: Iedad6ef48cbe0b776594f4ad8276d3d713cd360c
The commit 484b7d8260 introduced a new relation that relies on an
application databag to exchange data, although only the leader can write
to it, and the original patch didn't guard the relation_set() call with
a is_leader(), this patch addresses that problem wich produces a hook
failure on follower units when openstack-dashboard is deployed in HA.
Closes-Bug: #2046257
Related-Bug: #2030094
Change-Id: I1930b0b96f65cb627f896db67dddc6370cf6a413
Patch out charmhelpers.osplatform.get_platform() and
charmhelpers.core.host.lsb_release() globally in the unit tests to
insulate the unit tests from the platform that the unit tests are being
run on.
Change-Id: I9c5beab362cbf747eb757645fa3704043a2f14c7
This fixes issues found in testing with Django 4 in mantic.
ugettext_lazy was deprecated in Django 3.0 and removed in
Django 4.0. Switch to gettext_lazy.
Switch to PyMemcacheCache backend as the Django MemcachedCache
backend was removed in Django 4.1 in favor of the PyMemcacheCache
or PyLibMCCache backend. This depends on a new openstack-dashboard
package version that will be provided in an SRU for bug #2039225.
Closes-Bug: #2039226
Closes-Bug: #2039225
Change-Id: Ia8e4f6f5f50d58268e4c6fa80c9f9c65a56a26ea
openstack-dashboard exposes the hostnames (and IP addresses) that can be
used by users to load Horizon. There are 3 possible sources, they are
juju units ingress-address, os-public-hostname and vip config options
Closes-Bug: #2030094
Change-Id: I5eb524c6258f72980ef43175f2bed21d7ca078be
Bug LP 1863232 introduced a new Apache configuration option called
WSGISocketRotation which allows users to disable wsgi socket
rotation. This patch makes this configurable with a new
wsgi-socket-rotation config option that defaults to the Apache
default and can optionally be set to False.
Closes-Bug: #2021550
Change-Id: I671f4b7f655f12cc558fc64116e31f16560dd2e7
This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix
any inadvertant accesses of ['ca'] in the relation data before it is available
from vault in the certificates relation. Fix in charmhelpers is in [1].
[1] https://github.com/juju/charm-helpers/pull/824
Closes-Bug: #2028683
Change-Id: Iea8afd1720bac55321fbcc45aa21bb33f026b68e
There was a typo in actions.yaml for the resume action that was breaking
builds. This change fixes that typo. The charm will build.
Closes-Bug: 2030677
Change-Id: I470c5f340cbc1282d80396af3d19b9016bb10e2f
The relation data for for the LocalSettings context could cause the
priority sorting to break if the priority key wasn't cmpable (e.g. using
<, > or ==). This patch fixes the associated bug, by making the sorting
extra robust and ensuring that un-cmp-able values are 'greater' (e.g.
further down the list) that cmp-able values, and equal to each other.
E.g. a partially ordered set.
Change-Id: I6bbf7e5f81a772ffc6ea859c9ab7c05f2eb9fdc5
Closes-bug: #2023404
The package-upgrade action performs package upgrades for the current
OpenStack release.
The code path used is similar to the openstack-upgrade action, with the
difference being that package-upgrade will not execute if an openstack
upgrade is available (based on the openstack-origin setting).
This change includes a charm-helpers sync.
Change-Id: I7a36e0f5f47423ae8601d6ca86aa0fe311ecb735
* Voting was turned on for jammy-antelope in the
project-template for charm-functional-jobs in zosci-config
* Voting for jammy-antelope bundles with non-standard names
is turned on in individual charms
* Kinetic-zed bundles/tests are removed
Change-Id: I46c1bb4a5c751d12435b6a42a59dd90413937d49
When using custom themes, some strict structure should be
used in order for it to work correctly.
Closes-bug: #1897805
Change-Id: I535478b06f8789f245b6c9fc523806c02c47a369
This patch adds kinetic to the metadata.yaml and ensures
that a run-on base for 22.10 is added in the
charmcraft.yaml
Change-Id: Ib0157b2ab640aac2441eeb08524367129d84db8e
* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml
Change-Id: I2cb698f719106e54b06009f24ea47259419e9cad
The dashboard-plugin interface sends relation data json encoded but
the charm does not decode the local-settings key. This change decodes
the data. I have not been able to find any classic plugins that
rely on sending raw data but to maintain backwards compatability
just incase the charm will fallback to the old behaviour if the
relation data is not json encoded.
Change-Id: I3f956ae811cb6c46b5e2ab31f1353678a35e623a
Closes-Bug: #1986538
Since we are running haproxy in L4, we are tracking the incoming
byte rate from client IPs and rejecting TCP connections in a
sliding window.
This approach limits the incoming HTTP requests however image uploading
through the horizon web app is unaffected.
Change-Id: Ie40d28acb2dc2983fc9edbbeacfd671b380a8f6d
Closes-Bug: #1836514
Signed-off-by: Mert Kırpıcı <mert.kirpici@canonical.com>
This patch adds an option of enabling/disabling router panel view
in the horizon. To hide the router/floatin-ip panel, set the config
option 'enable-router-panel=False'. Default value is True.
Closes-Bug: #1966815
Change-Id: If6fb3b57f05a1ab6342077d2142bd47cfce57948
The configuration key customization-module is expected to set
HORIZON_CONFIG["customization_module"] in local_settings.py although
this was missing from the template for releases >= newton.
Change-Id: Ia741bf3d8298f66b4f1e2324159d4ab851634efb
Closes-Bug: #1977494
When enforce-ssl is set to false, a warning message comes up saying it is
set to true. This should stop the message from coming up when
enforce-ssl is false.
Related-Bug: #1818636
Change-Id: I6afe116c0cd1e04b5c37413c7daf556a9b05dee4