The list of users assigned to a project becomes invisible when a domain context
is set in Horizon. If a domain context is set, the user list call should
provide a list of users within the specified domain context, rather than users
within the user's own domain.
Groups tab of project also has the same problem.
Change-Id: Ia778317acc41fe589765e6cd04c7fe8cad2360ab
Closes-Bug: #2054799
This patch update default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE
to 'member' from '_member_'. If a user tries to create a new project now
it leads to "Could not find default role "_member_" in Keystone" error.
Also long time ago keystone-bootstrap changed the default member role
that is created to member from the legacy _member_ role. Any deployments
that might still be using _member_ should set this explicitly.
Closes-Bug: #1957173
Change-Id: I1fc7f44326b82ceb303f8d663ff0b42f0bdf7855
Part of the removal of OPENSTACK_NOVA_EXTENSIONS_BLACKLIST (1/3)
All references of nova extensions in the python code are cleaned up.
Note that the API layer is not touched yet as it is used by the
JavaScript side.
Change-Id: I66cd0a9629253a6462aace9902ef8200b94b2a21
Kyestone V2 support was removed in Train, so it's safe to do such cleanup.
* Functions which just return horizon settings are dropped and
the settings are referred directly now.
* The service catalog in the sample test data is updated to match
the format of the keystone API v3.
* Related to the above change of the sample service catalog,
openstack_dashboard.test.unit.api.test_keystone.ServiceAPITests is
updated to specify the region name explicitly because 'RegionTwo'
endpoint is no longer the second entry of the endpoint list in the
keystone API v3.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Ib60f360c96341fa5c618595f4a9bfdfe7ec5ae83
Changes test invocation from `manage.py test` to `pytest`. Adds addtitional
test requirements like pytest, pytest-django, pytest-html. Adds
`pytest.mark` alongside django's test `tag`. Adds posibility to export test
results into xml and html formats.
Depends-On: https://review.opendev.org/#/c/712315/
Related-Bug: #1866666
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Change-Id: Idb6e63cd23ca2ba8ca56f36eb8b63069bd211944
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I2de669d8e89b8daeb7ee5405ffab35af6307c40b
We don't support Python 2 anymore so we don't need this
compatibility library.
six.reraise usages are left as is until it'll be moved to some
base lib like oslo.utils to not re-implenent this method in
Horizon.
This patch also removes Python2-specific base test case methods
assertItemsEqual and assertNotRegexpMatches in flavor of new
Python 3 analogues.
Change-Id: I0b567382edf4d68674a7b8d0b02333fb57293958
An attacker could create an instance with a malicious name beginning
with an equals sign (=) or at sign (‘@’).
These are both recognized in Excel as metacharacters for a formula. The
attacker can create an instance name that includes a payload that will
execute code such as:
=cmd|' /C calc'!A0
This payload opens the calculator program when the resulting CSV is
opened on a Windows machine with Microsoft Excel. An attacker could
easily substitute this payload with another that runs any arbitrary
shell commands.
Quote the CSV output so this is no longer a possibility.
Closes-Bug: #1842749
Change-Id: I937fa2a14bb483d87f057b3e8be219ecdc9363eb
Domain info in the user detail panel was previously displayed
but it has been broken after the user detail panel was tabbified.
This commit fixes the handling of context data. This covers
domain_name, project_name and extras.
Similar change is applied to the project detail panel too.
Change-Id: I575ae9697783c36fdae5dd397d6783b979d0c4a6
Closes-Bug: #1809284
The 'Time since created' column name has been shortened to 'Age'
in project instances and admin instances meaning it fits properly
in table header cell and doesn't cause table header height to
increase.
Closes-Bug: #1614287
Change-Id: I94fc9eb260050e187445abd8236ac414b885b467
Co-Authored-By: Sam Wright <swright.wellington@gmail.com>
Add an extra tab "Groups" in the project details view which
displays the groups which have a role on the project (the
groups members of the project).
The groups are displayed in a table which is an extension
(inheritance) of the group table used in the Groups panel.
An extra column is added to this table, displaying the
roles of each group on project
Change-Id: Ie6338c7e10b67900d5a553d0328b29bfd4a28212
Closes-Bug: #1785263
In the users tab of the project details view, the users
table displays now the users which have a role on the project
through a group. ie: if a group is member of the project, and
if a user is a member of this group, then it will be displayed
in the table even if it is not directly a member of the project.
An extra column is added to the table: "role from group" which
display the list of "role(group)" the user has on the project.
To be able to test the membership of user to a project through
a group, "user_group_membership" data has been added to keystone
data.
Change-Id: I968bad7d285acfaf7a8ccd7458593bbcad498ce2
Partial-Bug: #1785263
Add an extra tab "users" in the project details view which
displays the users which have a role on the project (the
members of the project).
The users are displayed in a table which is an extension
(inheritance) of the user table used in the Users panel.
An extra column is added to this table, displaying the
roles of each user on project
Only users which have directly a role on the project
are displayed, the users which have a role through a
group are not displayed.
Change-Id: I88b40fcda300ee4640155347d479a972abb2df02
Partial-Bug: #1785263
Change the existing project details view into a tabbed view with
currently just one tab (overview tab) which presents general
informations of the project.
This is done to be able to add other tabs to the project
details view.
Change-Id: I207d0671e41c478c258226fd21f83b6e9fd38ea4
Partial-Bug: #1785263
This patch leave selenuim-headless non-voting since it was broken for a
while so we should be sure that it's stable enough.
Related blueprint: improve-horizon-testing
Change-Id: Ic2a877a4eefc2f10fb25e64c387b81fc18302a2a
Nose has been in maintenance mode for the past several years. It has
issue with exit code [1] which leads to false positive results for our
seleniun-headless job.
This patch changes test runner for Horizon tests and does the following
things:
* Django test runner executes test in a different order than Nose does.
That's why we've got an issue with side-effect in
horizon.tests.unit.tables.test_tables.MyToggleAction class. This patch
adds workaround to it.
* Rename filename of test files to names starting with 'test_'
so that the django test runner can find tests expectedly.
* '--with-html-output' option is temporary dropped and will be added in
a following patch.
* Integraion tests is marked via django.test.tag mechanism which is
introduced in Django 1.10
* 'selenium-headless' is broken now because we don't have geckodriver on
gates, this patch makes it non-voting.
* 'tox -e cover' is fixed
* Remove @memorized decorator from
dashboards.project.images.images.tables.filter_tenant_ids function.
[1] https://github.com/nose-devs/nose/issues/984
Depends-On: https://review.openstack.org/572095
Depends-On: https://review.openstack.org/572124
Depends-On: https://review.openstack.org/572390
Depends-On: https://review.openstack.org/572391
Related blueprint: improve-horizon-testing
Change-Id: I7fb2fd7dd40f301ea822154b9809a9a07610c507
- Add use_mox = True to tests which still depend on mox
- Remove use_mox = False from all tests converted into mock
- Update the warning messages
- Replace 'S'-release with 'Stein'
Part of blueprint mock-framework-in-unit-tests
Change-Id: I208185e97b2de346304a09643a9cb3f1425a7683
Signed-off-by: Akihiro Motoki <amotoki@gmail.com>
workflow.handle() method is split into action.handle()
for better modularization.
Part of blueprint horizon-plugin-tab-for-info-and-quotas
Change-Id: I4e26bc9d5bb79988c01c5999001d3f313ab75399
This commit converts the quota update workflow tab into
a separate workflow. After this change, admin cannot set
a project's quotas in the project creation workflow,
but the admin can update its quotas just after creating a project,
so I think it is not a problem.
Because of splitting quota update from a project create/update workflow,
our unit tests has been simplified significantly. Previously we needed
tests for **combination** of create/update project and quota update,
but we now need only tests for create/update project and quota update
separately.
Part of blueprint horizon-plugin-tab-for-info-and-quotas
Change-Id: I7b95428e89ddc1c7a85a1162db29cef9a9674129
After Django 2.0 support, we no longer supports Django 1.10 or older
(Actually Django 1.10 seems to work though).
The current django.VERSION branches are all related to Django 1.10
or older, so we can drop all conditions.
py35dj20 job is now voting.
blueprint django2-support
Change-Id: Iefc0ab1c62c82f2842ec7761a9b981da9351cbd2
(In Django 2.0) The django.core.urlresolvers module is removed
in favor of its new location, django.urls.
It was depreacted in Django 1.10:
https://docs.djangoproject.com/en/2.0/releases/1.10/#id3
blueprint django2-support
Change-Id: I46ab5c325491274b8eaffbf848e5d80f83c2fd26
Previously limit information was always retrieved but it is not
used in the admin overview. This commit moves the limit related logic
into a separate class ProjectUsageView.
testing of usage.views is covered by individual panel tests,
so UTs for panels which uses UsageView rather than the new
ProjectUsageView need to be updated in this commit.
blueprint make-quotas-great-again
Change-Id: Id93b66d11e3b0c98d1fbb0454bb43984c2999d92
identity.projects.views has a special logic related to neutron
quota, but it is time to merge this into usages.quotas.
This commit merges the logic into usages.quotas.
It is a preparation to use neutron default quotas API.
blueprint make-quotas-great-again
Change-Id: I35f0dede5d53ee6758996268cd1a6c2095565cc8
nova-network quotas are considered in usage/quotas.py previously.
This commit completely always disables nova-network quotas.
The nova API wrapper ensures nova-network quota fileds are not
included in responses from tenant_quota_get and default_quota_get.
Drop nova-network quota fields from the Admin Defaults panel and
the Identity Project quota form.
blueprint make-quotas-great-again
Change-Id: Ie69d3003f62d3a124d79a1fea003092f73372187
Much like the themable selects and checkboxes, number spinners
should also be themable.
Standard number spinners are not very customizable. We should use
existing buttons and fonts to add their functionality to allow a
richer experience if desired downstream.
An example of how to customize the spinner was placed in Material.
The example shows how to use flexbox to change layout type from
column to row, change icon order, and how to override the icons.
'autocomplete' needs to be false on this new element, otherwise
the browser will retain and load the last value without actually
triggering any JavaScript events by which we can key on and update
the state of the spinner buttons.
Change-Id: Ifd266cd515a903841e2d28e2f4731879116e3513
Closes-bug: #1598311
We no longer need to have SG and FIP API wrapper in api.network
as we only supports a single network back-end.
Completes blueprint drop-nova-network
Change-Id: I4e59d897508b497a3cd2ae2fda93b30b786610dc
Previously _get_tenant_(compute|network|volume)_usage are callled
regardless of resources are listed in enabled_quotas.
This commit retrives usage information only for resources listed
in eanbled_quotas.
floating_ips and security_groups were returned even when
they are included in disabled_quotas. They are not needed
and they are cleanup in this commit.
All (*_)QUOTA_FILEDS were previously a list but it is always used
after converting into a set, so this commit changes (*_)QUOTA_FIELDS
into a set in the initial definitions.
This is a preparation for fix of bug 1675504
Partial-Bug: #1675504
Change-Id: I41cdabde477d87aa8b35d1c908e18a69454286c3
novaclient 8.0.0 dropped python bindings for security group and
floating IP. This commit drops security group and floating IP logics
from the nova API wrapper.
The following changes are made accordingly.
* Update unit tests to consume neutron test data
* Drop API unit tests for nova security group and floating IP
Partially implement blueprint drop-nova-network
Change-Id: I946c508d7a82162fc8434213e006513867b79350
attribute-level imports are not checked by hacking module now.
most noqa is used to disable warnings on attribute-level imports.
This commit drops noqa for this purpose.
After this, there are only 3 noqa under openstack_dashboard/ :)
Change-Id: I4a449802f5dbd6e44e4b8b5c378a555d47d9a99f
Since the existence of a domain token was equivalent with having
selected a domain context with Keystone V2, some code confuses the
two. This is no longer true for Kestone V3, so we have to separate
the two concepts and use domain context when we mean the domain
context.
Close-bug: #1661537
Change-Id: Ifa66d8c397e34d16a4534e7216eb11c752699505
Implemented the "filter first" for the following identity panels:
- Users
- Groups
- Roles
- Projects
The functionality helps horizon not to hang and timeout when there is
a large set of identity resources to display. It can be turned on and
off easily.
In a subsequent patch set the same functionality will be added to
other identity views such as Project > Manage Members
Change-Id: I6e569712fb5159552a27271837cf2629059f5894
We don't want code in our settings.py and local_settings.py, and in
particular we don't want to have to import Python objects from all over
to set them as setting values -- instead, we can specify those as import
path strings. This also solves problems with importing order and loops.
This change is backwards-compatible, in the sense that you can still
import the objects directly and set them as the setting values.
Partially-Implements: blueprint ini-based-configuration
Change-Id: I8a346e55bb98e4e22e0c14a614c45d493d20feb4
Currently Horizon unable to change quotas if routers extension is
disabled, fix this by adding router and floatingip quotas to
disabled_quotas when router extension is disabled.
Change-Id: I14d8a6e2e439ab48b62ce64c88ebb4643d11e49f
Closes-bug: #1457598
Required modifying our URL pattern decorator to
be compatible with the slightly different callback
attribute mechanism in 1.10
Modified breadcrumb structures to always be 2-tuples
as tuple unpacking is now strictly enforced in 1.10
Also made the following things changed in Django 1.10.
- fixed the now-deprecated TEMPLATE_DEBUG.
- Caught up with Request context change
- SimpleTestCase.urls is removed in 1.10.
ROOT_URLCONF needs to be used instead.
Co-Authored-By: Richard Jones <r1chardj0n3s@gmail.com>
Co-Authored-By: Akihiro Motoki <motoki@da.jp.nec.com>
Change-Id: I59cbd8bff117813258539ed0724fe89a9f5b77ee
Implements: blueprint dj110
Implements server-side filtering in Identity->Projects
Projects (Only V3 supports server filtering)
Users (Only V3 supports server filtering)
Groups
Roles
This filtering method allows a user to filter by
several fields:
- Name
- UUID
- Enabled
Cannot implement filter by email ttps://review.openstack.org/#/c/110970/
Implements blueprint: server-side-filtering
Co-Authored-By: Daniel Castellanos <luis.daniel.castellanos@intel.com>
Change-Id: I37d6afdef84593e2779d21bec0c2f55e2794ab78
This change is to support extra properties in project and user.
To show an extra property in project/user table, you can customize.
The explanation of the method to add an extra property is added
by this patch.
In addition, when you do a create or update user, you can specify a
value of extra property by setting in local_settings.py
Change-Id: Ifee491f2a55d9207fe5da70136f749e1fc4bab82
Implements: blueprint support-extra-prop-for-project-and-user
As per agreed in Austin summit and then confirmed in the midcycle,
the inline_edit form/functionality is more an issue than a solution.
It leads to many bugs and UX is not the best.
Implements: blueprint remove-table-inline-edit
Change-Id: I91394e4a63afadb66659b6b7c04cb7f8da948ff8
Unit test "test_update_project_when_default_role_does_not_exist"
from identity/projects/tests.py has wrong indentation which stops
it from running. This patch fixes it along with the test itself.
Change-Id: Id2648ac99051f225654a1f1d504b0b5927bd6656
Closes-Bug: #1608928
Adds conditional block to nova quotas to exclude them if nova is not
enabled; adds 'permission' checks to the project overview and
access_and_security panels to only enable them if compute is enabled;
adds permission checks on compute and image to the admin overview
and metadef panels; disables 'modify quota' and 'view usage' project
actions; disables 'update defaults' if there are no quotas available.
The 'access and security' panel still appears (under Compute) but
tabs other than the keystone endpoint and RC download tab are hidden.
Closes-Bug: #1580116
Change-Id: I1b2ddee0395ad9f55692111604b31618c4eaf69e
Since Nova doesn't currently provide an API call to indicate whether
its quotas are disabled, we could use a parameter named
'enable_quotas' within 'OPENSTACK_HYPERVISOR_FEATURES' setting for
this purpose. This allows to avoid errors while trying to update
quotas which are disabled on service side. Also make disabled_quotas
collection to be a set instead of a list - this removes duplicate
fields that appear due to some possible quota overlaps between Nova
and Neutron.
Also, since we dropped out python2.6 support fancy set literals and
dict comprehensions can be used.
Co-Authored-By: Paul Karikh <pkarikh@mirantis.com>
Closes-Bug: #1286099
Change-Id: I10923f147e4c323aba8bbcc130d2016ad6725e86
In dashboard or panel, 'openstack.roles.xxx' is used
as a permission control. 'xxx' in 'openstack.roles.xxx'
is a real role name.
At the moment, it is not addressed OPENSTACK_KEYSTONE_ADMIN_ROLES.
This patch will address it.
Change-Id: Ic7200dfdf403b63ef3210750617ae102b15c02c8
Closes-Bug: #1534409
When checking with nova for the absolute limits
we were not taking into account the reserved
quotas (i.e. instance in rebuilding will take
cpu and ram) so this could lead to wrongly
thinking that the user could launch more instances
that its quota allowed. It also made the overview
page display wrong quotas as it didnt took into
account those reserved resources.
Change-Id: If51470d185ddc122acbdf4cf0d0fd952f3f791a0
Closes-bug: 1561310
First, the default default date range used on Overview panel is made
configurable (setting OVERVIEW_DAYS_RANGE). Second, its default value
is set to 1 day. Changing the default behavior is aimed to improve
load time of the default page in the presence of large amounts of
data. If OVERVIEW_DAYS_RANGE setting is explicitly set to None, the
behavior remains the same - the default date range is from the
beginning of the current month until today.
Co-Authored-By: Dmitry Sutyagin <dsutyagin@mirantis.com>
Change-Id: I55a0397f69e33ba9c8fb1f27d57838efcd8648af
Closes-Bug: #1508571
Once upon a time, the python-*client libraries were primarily built to
use httplib2. They have subsequently shift to using requests and thus
urllib3. The horizon test helpers code was maintaining a reference to
httplib2 as it intercepted errant library calls that were not mocked.
httplib2 is not actively maintained and OpenStack is moving to remove it
as a dependency. See
http://lists.openstack.org/pipermail/openstack-dev/2016-March/089225.html
for more details.
This patch removed the httplib2 dependency. Upon removing the
dependency it exposed a missed update from httplib2 to urllib3. A
function that was intended to catch unmocked calls was only listening
for httplib2 connections. This patch updates that failsafe to work with
urllib3. Upon doing so, it pointed out many, many missing mocks and in
turn, many broken tests that appeared to work because of API call
failures. This patch adds the missing mocks and fixes the broken tests.
The new failsafe prints the stack trace when an outside connection is
attempted. Additionally, to fix the fact that a missed mock used to
allow tests to potentially pass, as documented by bug 1517704, a test
failure is now forced on tests where a missing mock is detected.
Closes-Bug: #1517704
Implements blueprint: remove-httplib2-dep
Change-Id: Iaabdf03966c14c82e0c58a3b1ab1a6755c05adcb
The user/roles can be created in any order due to
python random seed ordering dictionaries, so the
mocks should be in random order
Change-Id: I23a9380fb65ac634831beb496af388381d0230d4
Partial-Bug: #1348818
Zhang Hua