This patch makes the Floating IPs tab in Access & Security its own panel
under Project > Network
Change-Id: Ibb83ae5a0448d2824c10f867e620cec8219b7b72
Implements: blueprint reorganise-access-and-security
This patch moves the API Access view, from a tab on the Access
& Security panel to its own panel under the Compute panel group
Change-Id: I1e523ba2e7e959474c0fc77f8b6c42994a481081
Implements: blueprint reorganise-access-and-security
As part of the breaking up of Access and Security, move the Key Pairs
tab to a new panel under Compute. Separate patches will address Floating
IPs, Security Groups, and API Access.
Fixes include:
- Should be significantly faster to access Key Pairs, as we are no
longer running multiple API calls for the other Access & Security tabs
at the same time. Hooray for speed!
- Should be easier for new users to find where Key Pairs are located.
- Reduce reuse of identical translatable strings
- Use common templates instead of duplication
- Updated policy rules and added missing rules to table get_data
- Small cleanup of the Key Pair download page, which was previously
using modal classes despite not being a modal.
Change-Id: I66f1f65a2cb49bd10e0364b12efba4346f373ed3
Implements: blueprint reorganise-access-and-security
Currently Horizon unable to change quotas if routers extension is
disabled, fix this by adding router and floatingip quotas to
disabled_quotas when router extension is disabled.
Change-Id: I14d8a6e2e439ab48b62ce64c88ebb4643d11e49f
Closes-bug: #1457598
I don't really know what this was meant to do, but what it actually
does doesn't make any sense -- when checking a quota for project
'foo' we really don't care about how many instances are used
in the entire cloud, only in project 'foo'.
Until Liberty, the all_tenant flag was broken in the nova
api, which probably explains why this was harmless until
Liberty.
Change-Id: I9e12c10951e7518ab1c622a4daac962bad332da5
Closes-Bug: #1610693
Adds conditional block to nova quotas to exclude them if nova is not
enabled; adds 'permission' checks to the project overview and
access_and_security panels to only enable them if compute is enabled;
adds permission checks on compute and image to the admin overview
and metadef panels; disables 'modify quota' and 'view usage' project
actions; disables 'update defaults' if there are no quotas available.
The 'access and security' panel still appears (under Compute) but
tabs other than the keystone endpoint and RC download tab are hidden.
Closes-Bug: #1580116
Change-Id: I1b2ddee0395ad9f55692111604b31618c4eaf69e
Previously, shared subnets were ignored by collecting used
networks; the "Create subnet" button is still enabled, but
subnet creation is forbidden by neutron due to quota reached.
Change-Id: I20b3373ab86631922945285a12ca4810b707b0be
Closes-Bug: #1588764
Once upon a time, the python-*client libraries were primarily built to
use httplib2. They have subsequently shift to using requests and thus
urllib3. The horizon test helpers code was maintaining a reference to
httplib2 as it intercepted errant library calls that were not mocked.
httplib2 is not actively maintained and OpenStack is moving to remove it
as a dependency. See
http://lists.openstack.org/pipermail/openstack-dev/2016-March/089225.html
for more details.
This patch removed the httplib2 dependency. Upon removing the
dependency it exposed a missed update from httplib2 to urllib3. A
function that was intended to catch unmocked calls was only listening
for httplib2 connections. This patch updates that failsafe to work with
urllib3. Upon doing so, it pointed out many, many missing mocks and in
turn, many broken tests that appeared to work because of API call
failures. This patch adds the missing mocks and fixes the broken tests.
The new failsafe prints the stack trace when an outside connection is
attempted. Additionally, to fix the fact that a missed mock used to
allow tests to potentially pass, as documented by bug 1517704, a test
failure is now forced on tests where a missing mock is detected.
Closes-Bug: #1517704
Implements blueprint: remove-httplib2-dep
Change-Id: Iaabdf03966c14c82e0c58a3b1ab1a6755c05adcb
Horizon should not move people from the instances page to
the security groups page after adding a FIP. It's already
too late to prevent bad things from happening and this
implies that it is not too late.
Change-Id: I03796253fc6b6c56572c6e841f3ce3102c9c6cdd
Closes-bug: #1550023
Volumes tabs should be enabled when volumev2 endpoint is registered.
Currently, Horizon considers no volume service is running if there
is no V1 endpoint, which doesn't make sense as Horizon no longer
supports the cinder V1 protocol.
Co-Authored-By: itxaka <itxaka@redhat.com>
Change-Id: I35d821eedb75f73f9330ed11f921694104eed0c6
Closes-Bug: 1415712
Replace assertEqual(None, *) with assertIsNone in
tests to have more clear messages in case of failure.
Closes-Bug: #1280522
Change-Id: I950881a51053d83762c941d813da6bbf9f8578c9
Some tests check for equality with quite large HTML fragments, when
the test is only interested in certain specific things (and not style
changes etc). This patch alters some of those tests (specifically ones
that were tripping up a dependent patch, but can be expanded) to check
the context data of the response, since the actual rendering is tested
by horizon's tests.
It also adds tests to check context data in 'normal' circumstances so
that no test coverage should be lost by this.
Change-Id: I09be82058edc923521ffb4c022515845a18b158d
Closes-Bug: #1517084
Previously, shared networks were ignored by collecting used
networks; the "Create network" button is still enabled, but
network creation is forbidden by neutron due to quota reached.
Change-Id: I97360e354ccb7c2aa58012f737a7e9c67f8d3ad6
Closes-Bug: #1513795
This change adds the ability to add / remove floating ips
from lbaas pool vips
Change-Id: I0037df067d58069aa3a48c41b4b0e97442f99952
Implements: blueprint lbaas-vip-fip-associate
mox doesn't work on Python 3, whereas mox3 works on Python 2 and Python
3. Cinder, Nova and many other projects already replaced mox with mox3.
mox3 is now maintained by OpenStack.
Partial-Implements: blueprint porting-python3
Change-Id: I10e6a9754ebd58a2640d73ec8966527c3aa1fe9a
The current icons for the batch actions of allocate and release
are download for associate and up-arrow for release. Changing to use
link and unlink icons.
Closes-Bug: #1398520
Change-Id: I2752b87a1b42073d8f54d4fb41fb5c689d3a36ec
There are still some scss mixins that use the old (from bootstrap 2)
image icons. Replacing them will have to be done in a separate patch.
I also link to the css file, instead of scss, because django-pyscss has
some problems finding the right file. This is reported and will have to
be fixed upstream to unbundle bootstrap.
Change-Id: I67e94a9283bcceef8fc89343f3f5b2d7e0d4449f
Partial-implement: blueprint font-icons-replace
Remove the redundant port_id from parameters of FloatingIpManager
disassociate function and the related.
Change-Id: I7425d654d9fee51b6b74e1cda888e12100a9cf3d
Closes-Bug: #1396050
The quotas code does not isloate counts to resources within the
current tenant/project. So if a user with the admin role makes
calls for quota items, the admin role will have counts of a global
list of resources. This changes that for the tenant quota call
to fallback to the request.user.project_id if no project was
otherwise specified for the tenant quota api call.
Change-Id: Ib0e6ce7774c4c03686a044f233dbb9aa36dbe1b9
Closes-bug: #1391242
The create subnet button (visible for each network in the networks list and on
the detail page when looking at an individual network) should be disabled if
the quota for subnets is at capacity.
Tests have been added to check that when the quota is exceeded the buttons are
disabled.
Change-Id: I7bba89c2d89a39220900480f0091bdc6215505fe
Closes-bug: 1369779
E127 continuation line over-indented for visual indent
Also fixes E127 introduces by other reviews
after other E127 fixes were merged.
Closes-Bug: #1375931
Change-Id: I0a09f1c2f74c707fc8a347f0ea5975bf2679976e
Added quota checks for security groups, networks and routers. If quotas are
exceeded then buttons to create are disabled and feedback is given to the
user.
Appropriate tests are also in place
Change-Id: Ie49db5397d87a0c9a583b64e5de34460144b5956
Closes-bug: 1278449
In Neutron deployments some VM port can be unreachable from
external network and cannot be associated with floating IP.
It is confusing if these ports are listed in Floating IP
Associate form.
Change-Id: I2d8faf0dbf4490d198b883fe1becfd950b1b4d14
Closes-Bug: #1252403
Neutron features like LBaaS, FWaaS or VPNaaS are provided as
extensions in Neutron. This commit changes these features are enabled
only when they are included in the extension list from Neutron.
It also change the default settings of enable_lb/firewall/vpn to True.
The default of these settings were set to False to avoid confusion to
users because LB/FW/VPNaaS are optional features in Neutron. By this
commit corresponding features in Horizon are enabled dynamically, so
it is reasonable to change the default to True.
This commit introduces Horizon version of override_settings
"update_settings" decorator which allows override an item in dict.
Django original override_settings replaces a dict completely,
however OpenStack dashboard setting has many dictionary configuration
and there are test case where we want to override only one item
in a dictionary and keep other items in the dictionary.
This version of override_settings allows this.
DocImpact
Implements blueprint neutron-feature-control-with-ext-list
Change-Id: I19424d448c800524de0ee8ac769974272dbb84a0
If the config option 'enable_router' is set to False,
Floating IP features are disabled when Neutron is enabled.
It does not affect when Neutron is disabled.
It also adds unit tests for api.network.servers_update_addresses
which is affected by this change.
Completes blueprint hide-router-panel-by-config
Closes-Bug: #1292022
Change-Id: Ib63c6a0e7bb5661d4a60d10a1722fdad978b50bb
Remove vim setting:
comment - # vim: tabstop=4 shiftwidth=4 softtabstop=4
at the top of source code files, except for files in
openstack/common.
Change-Id: I9a5c6b17c6ef7ecec601f4503dfc7b31fc72e90a
Close-bug: #1229324
This patch set removes leftovers of "# noqa" from imports
added to import_exceptions.
It also adds "django.test.utils.override_settings" to
import_exceptions, so a few more "# noqa" tags become
unnecessary.
Closes-Bug: #1273647
Change-Id: I39f856ac3ea371a2fcab272bbf358d0243164b6d
We have a lot of import with #noqa that is there to ignore h302,
because it's traditional to import and use a name directly, instead
of a whole module. This hides other errors and gives people the
impression that it's actually fine to import non-modules, you just
have to slap #noqa on those lines.
I went through the code and identified about a dozen names that are
most commonly imported this way. I remove the #noqa tag from them,
and added them to the list in import_exceptions.
I also removed a few unused imports that were revealed in the process.
Change-Id: I27afb8e2b1d4759ec974ded9464d8f010312ee78
quota names for security group are different between nova and neutron,
so the same appoach can be used for floating IP. This commit reverts
the change in get_default_quota_data in commit c44552fe66 and changes
get_disabled_quotas to determine security group and rules quotas come
from nova or neutron.
Change-Id: I9e39ac99f1e8c7ccdce64b2e2ab79615cac50892
Closes-Bug: #1235053
Also ensure that the correct quota is displayed in the Floating IPs
allocation page (Security & Access panel).
Closes-Bug: #1109140
Change-Id: I30d207fbf149bfbcfefeaddf91af49082b7b1f53
This patch replaces some method imports with module imports and
makes H302 test enabled.
Fixes bug 1188531
Change-Id: Ibfbddeaa19cbbb244da58ffd5c918c41f03a0c65
blueprint quantum-security-group
Rule table view
* Add direction and ethertype columns (which are specific to Neutron)
It may be better to hide "Direction" and "Ether Type" columns
unless Quantum security group is enabled.
* Merge ip_protocol/from_port/to_port into one column for better view
* Use "::/0" for IPv6 ANY instead of "0.0.0.0/0"
* Rename "Source" column to "Remote".
(The naming "source" does not fit egress rules)
* Display security group name in the title of rule detail view
Rule creation form
* New arguments 'direction' and 'ethertype' in security_group_rule_create()
* Set the default value of 'direction' to 'ingress' in forms.handle()
* Rename 'ip_protocol' to 'rule_menu' and 'source' to 'remote'
Note that rule_menu is retrieved from rule.ip_protocol in the unit tests
since they are tests for custom TCP/UDP/ICMP rules.
Network abstraction layer for security group management
* Move security group methods to api.network
* Add Neutron security group API implementation
* Move base classes for network abstraction to a separate module
(api/network_base.py) to avoid circulated import between
api.network and api.nova/api.neutron
Add a configuration parameter to control Neutron security group support
* Neutron security group support is enabled when Neutron is enabled and
enable_security_group in OPENSTACK_NEUTRON_NETWORK in settings is True.
* Not all neutron plugins support security group, so we need a way
to control neutron security group is enabled or not.
* It can be determined by supported extension list from Neutron
and it is a possible future work.
Move get_int_or_uuid to openstack_dashboard/utils/filters.
* get_int_or_uuid is now used in security_group implementation as
well as floating IP logics.
* In addition the depth of the directory tree becomes longer and
it is hard to fit the import line in 80 chars.
It is a good chance to move it to a common directory.
Add __repr__ to API**Wrapper to make it easier to debug.
Limitations:
Neutron supports per-port security group. security groups can be
associated with a port instead of an instace and each port can have
a different set of security groups. It is not a scope of this BP
and is a future work.
Change-Id: I5410e88043a364596037b9ebcc566cd50b317614
This patch also re-organizes imports to import one per line.
Change-Id: Ia958e3a30a48d4308d08d51df243c1272425c316
Fixes: bug 1188529
Fixes: bug 1188537
Created generic template _workflow_base.html
in horizon/templates/horizon/common folder
with 'workflow.name' to replace multiple nearly
identical templates with different titles.
Implements blueprint dry-templates
Change-Id: Ieb14e263381020ed6604149ff9295f8cc814a9e6
Modifying the api.nova.server_list() method to optionally handle
pagination. The method will also work without pagination to
support the many other place than the instance views that continue
to call the method.
Fixes: bug #1046915
Change-Id: I8195f1f2d8922e1722743d7a2d627a8645e8b3bd
What this does:
* Makes the Access & Security panel use tabs for each of
the tables instead of trying to shove them all inline.
* Adds an "API Access" tab to the above set of tabs.
* Combines the features of the API Endpoints table, the
EC2 Credentials download and the OpenRC file download
into the API Access tab mentioned above.
* Uses the service "type" instead of "name" in the Endpoints
table to be nicer about service API abstraction.
Fixes bug 1065671 and fixes bug 1120627.
Change-Id: Iccc65b32d37dc97a96538443cf8c5c08fcea7250
blueprint quantum-floating-ip
This commit allows OpenStack dashboard users to use Quantum floating
IP feature directly using Quantum API rather than Nova Proxy.
By this users can associates a floating IP per virtual NIC.
blueprint nova-net-quantum-abstraction
This commit defines an abstract class in api/network.py.
This class provides common interfaces related to network features
duplicated in Nova and Quantum. A concrete class to handle operations
should be defined in api/nova.py or api/quantum.py.
Change-Id: I780356a9f41e72e32ce1877d390ac7f99e96899c
In the current code both api.<method> and api.<category>.<method> are used.
Using api.<method> directly makes it difficult to identify which module
defined a method and forces developers to use unique method names among
projects. This commit removes api.<method> style method calls.
Change-Id: Iaefa1061f99b7865e02541df87c112a6b2868ec0
Fixes bug 1052561.
In Quanutm, Floating IPs are identified by UUID instead of integer ID.
After quantum-nova integration for FLoating IP has been implemented,
Horizon also needs to accept UUID style of ID for Floating IP.
Change-Id: I6ed919cbbc818c97cecef2fe3a91c8e5a7ac76e0
Moves everything OpenStack-specific (dashboards, apis, etc.)
into the openstack_dashboard project, achieving a much
cleaner separation between the project-specific code and
the generic Horizon framework code.
Change-Id: I7235b41d449b26c980668fc3eb4360b24508717b
Rob Cresswell