The *_domain_id parmaeters should not have any default. Otherwise
keystoneauth ignores the *_domain_name parameters and it requires
only *_domain_id parameters are used.
Closes-Bug: #1620999
Change-Id: I1f8c9184761313f9fc5fda2f257e52233e0196d1
Python 2 has been deprecated for almost two years, and has not been
guaranteed to work with glance_store for a while. This patch removes all
traces of six, unicode strings and Python 2 tweaks.
Co-Authored-By: Cyril Roelandt <cyril@redhat.com>
Change-Id: Ifa78924d7ecf4f2d9a54c677888ab2926530c487
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.
md5 is allowed when in a non-security context. There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added to
oslo_utils. See https://review.opendev.org/#/c/750031/
This patch is to replace the instances of hashlib.md5() with this new
encapsulation, adding an annotation indicating whether the usage is
a security context or not.
It looks like the uses of the md5 are primarily for checksums and
generation of etags.
With this patch, all the unit and functional tests appear to pass
on a FIPS enabled system.
Change-Id: I0603ba217d6dc19f5c9f73c60c7b365efd28d30b
Depends-On: https://review.opendev.org/#/c/760160
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I3e92b23ab2a335b378f156c0456fb1d52706ed12
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Remove hacking and friends from lower-constraints, they are not needed
for installation.
Change-Id: I99b8b24f714858f6b289e5e7b5976e519bb81c11
pass configured cacert for Swift to the keystoneauth's Session
as well so that the swift endpoint can be resolved from the catalog
when a custom CA bundle is used.
Change-Id: I439f6b5af34c685f72c9b4933c7eb0c77cc92e14
Closes-Bug: #1820817
As a part of vocabulary correction, changed the location
metadata key name from 'backend' to 'store'. Modified
corresponding tests as well.
Change-Id: I1a8056a316fcfae8b4b32f74fb62f90eaceb9467
bp:multi-store-vocabulary-correction
As a part of vocabulary correction, changed the location
metadata key name from 'backend' to 'store'. Modified
corresponding tests as well.
bp:multi-store-vocabulary-correction
Change-Id: Ida27628c54607b43e76389029f1f6f78ccc49f93
For updating location metadata with store information to the images
which are existed prior to enabling multiple stores, added new
public attribute 'url_prefix' to each of the store instance.
Implements: blueprint location-uri-prefix
Change-Id: Icd760d30e947867c2b5b87f86bbe4b1a4240d214
While testing glance with Ceph Rados Gateway using latest Ceph release
(Nautilus), i've found that glance fails to upload the manifest using
dynamic large objects mode because of the value used in ETag request.
This issue has been reported to Ceph as it seems related to some recent
change in radosgw code [1].
However, checking at the upload workflow used by glance and comparing
to Swift documentation [2], I wonder if adding the etag is actually
providing any value. In the Swift the ETag header is used to validate
integrity when uploading chunks, not the manifest while glance is doing
exactly the oposite, not sending the etag in the chunks (I guess to
avoid checksuming big images, which makes sense to me) and sending it
when puting the manifest.
This patch is removing the etag header when sending the PUT request for
the manifest in chunked uploads.
[1] https://tracker.ceph.com/issues/39160
[2] https://docs.openstack.org/swift/latest/api/large_objects.html#dynamic-large-objects
Closes-bug: #1824533
Change-Id: I0b563dfcdc30026669fb089c82db8c3df7edc808
As of version 3.5.0 moxstub will be deprecated, so remove it where it has
been used.
Change-Id: I2622c457871815311241d2eea562d7a3c70b0795
Signed-off-by: Chuck Short <chucks@redhat.com>
As of 3.7, the configparser module will not allow defaults values to be None.
This patch replaces such values with "default".
Change-Id: Id5a414412cd66d479fb8f8784cba5deddc628dfd
Closes-Bug: #1785641
Adds the ability to compute a "multihash" (see the Glance spec
for what this is exactly). To maintain backward compatability,
a new store_add_to_backend_with_multihash function is added.
Backward compatability for each store's add() method is achieved
by a back_compat_add wrapper.
Co-Authored-by: Scott McClymont <scott.mcclymont@verizonwireless.com>
Co-Authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>
Change-Id: I063d0900b7dc7e0d94dfb685971eb9b17ed67c7b
Partially-implements: blueprint multihash
Added multi store support for http, swift, sheepdog and vmware driver.
The default behavior is maintained for backward compatibility.
DocImpact
Partial-Implements: bp multi-store
Change-Id: I93ccdafc6e740065ff4ca3adc6b49eb82e8afa10