This patch moves the Security Groups tab from the Access and Security
panel into its own panel under the Network panel group. As this is the
last tab in Access and Security, that panel is also removed by this
patch.
Change-Id: Id29c7ce635d46383742aec140def265d4b249aa5
Implements: blueprint reorganise-access-and-security
This patch makes the Floating IPs tab in Access & Security its own panel
under Project > Network
Change-Id: Ibb83ae5a0448d2824c10f867e620cec8219b7b72
Implements: blueprint reorganise-access-and-security
This patch moves the API Access view, from a tab on the Access
& Security panel to its own panel under the Compute panel group
Change-Id: I1e523ba2e7e959474c0fc77f8b6c42994a481081
Implements: blueprint reorganise-access-and-security
As part of the breaking up of Access and Security, move the Key Pairs
tab to a new panel under Compute. Separate patches will address Floating
IPs, Security Groups, and API Access.
Fixes include:
- Should be significantly faster to access Key Pairs, as we are no
longer running multiple API calls for the other Access & Security tabs
at the same time. Hooray for speed!
- Should be easier for new users to find where Key Pairs are located.
- Reduce reuse of identical translatable strings
- Use common templates instead of duplication
- Updated policy rules and added missing rules to table get_data
- Small cleanup of the Key Pair download page, which was previously
using modal classes despite not being a modal.
Change-Id: I66f1f65a2cb49bd10e0364b12efba4346f373ed3
Implements: blueprint reorganise-access-and-security
If none of the floating IPs listed within Horizon are attached to an
instance, do not request a list of Nova instances (because we have no
use for it). Apply the same behavior for Volumes tab (both Admin and
Project). This patch both saves us from making unnecessary and
potentially expensive call to Nova and lays the ground for a more
selective request of instance details from Nova. The latter will be
possible once Nova supports filtering instance details by >1
instance_id. For reference see
https://blueprints.launchpad.net/nova/+spec/get-multi-servers-filter
Change-Id: Ie7563b9e03b286b4cf51507463213162af3383b1
Partial-Bug: #1442310
The Security Groups table (Project > Access & Security) is initially
ordered by the group's uuid string which makes the table appear to be
randomly sorted. This patch adds a default sorting by the groups'
``name`` attributes.
Change-Id: Ica2831e043e2e7fec8129df4feee93f6c8be3462
Closes-Bug: #1484514
A network operation can fail because of different
reasons - yet in many places just one error message
is provided. Combined with too broad exception clause,
and incorrect assumptions on the reasons of failure
(e.g. Neutron service being unavailable causes all
other sorts of errors like inability to Allocate IP
or Associate it) this leads to multiple errors when just one
would suffice. The fix aims to provide sensible error
messages in case the network service is down. This includes
returning only unique messages in a single response.
Partial-Bug: #1301374
Change-Id: Id6c620ca51f7703f35c0c172e39fdf237fa42278
Co-Authored-By: Timur Sufiev <tsufiev@mirantis.com>
If the config option 'enable_router' is set to False,
Floating IP features are disabled when Neutron is enabled.
It does not affect when Neutron is disabled.
It also adds unit tests for api.network.servers_update_addresses
which is affected by this change.
Completes blueprint hide-router-panel-by-config
Closes-Bug: #1292022
Change-Id: Ib63c6a0e7bb5661d4a60d10a1722fdad978b50bb
This is a fix for the issues encountered when a service is not
configured or a service endpoint is not reachable. This fix
will add tolerance for these errors so that an error message is
displayed but the dashboard page will still load, not an error page.
This makes it easier for the user to recover by allowing them to
go to a different page, select a different region, or logout. This
makes sense in many cases such as when a region only contains an
image service endpoint, or when a single endpoint is not reachable
for whatever reason.
It also adds permissions to the panels that require compute or
image services so that the dashboard will not display them if
the service is not configured.
To test these changes you will need to set up your keystone service
catalog so that not all services are available in all regions, or
some of the service endpoints are not reachable.
Change-Id: Ie04699d1fb1d4db13a7f4dcf1bdfd23bf21aab80
Closes-Bug: 1323811
Closes-Bug: 1207636
Remove vim setting:
comment - # vim: tabstop=4 shiftwidth=4 softtabstop=4
at the top of source code files, except for files in
openstack/common.
Change-Id: I9a5c6b17c6ef7ecec601f4503dfc7b31fc72e90a
Close-bug: #1229324
"Key Pair" wins the Google popularity contest (880k vs 300k),
and "Keypair" is not listed in Webster. Ispell autocorrects
it to "Key Pair" (or Key-Pair)
Change-Id: I4710b194dfd3c53f21fc99ce53db94cc5af0c158
Related-Bug: #1210533
We have a lot of import with #noqa that is there to ignore h302,
because it's traditional to import and use a name directly, instead
of a whole module. This hides other errors and gives people the
impression that it's actually fine to import non-modules, you just
have to slap #noqa on those lines.
I went through the code and identified about a dozen names that are
most commonly imported this way. I remove the #noqa tag from them,
and added them to the list in import_exceptions.
I also removed a few unused imports that were revealed in the process.
Change-Id: I27afb8e2b1d4759ec974ded9464d8f010312ee78
This patch replaces some method imports with module imports and
makes H302 test enabled.
Fixes bug 1188531
Change-Id: Ibfbddeaa19cbbb244da58ffd5c918c41f03a0c65
Fixes all occurrences of this. We have a custom exception handler
in Horizon anyway that only catches ClientException in most of these
cases, but this commit lets us gate on the other cases.
Change-Id: Iea3dc13817f3e5b775b2024424bf3a906da5584b
Closes-Bug: #1211657
This patch replaces relative imports with full paths and
makes H304 test enabled.
Fixes bug 1188535
Change-Id: I47254cf9a790727102f7993d0fd107da514983df
blueprint quantum-security-group
Rule table view
* Add direction and ethertype columns (which are specific to Neutron)
It may be better to hide "Direction" and "Ether Type" columns
unless Quantum security group is enabled.
* Merge ip_protocol/from_port/to_port into one column for better view
* Use "::/0" for IPv6 ANY instead of "0.0.0.0/0"
* Rename "Source" column to "Remote".
(The naming "source" does not fit egress rules)
* Display security group name in the title of rule detail view
Rule creation form
* New arguments 'direction' and 'ethertype' in security_group_rule_create()
* Set the default value of 'direction' to 'ingress' in forms.handle()
* Rename 'ip_protocol' to 'rule_menu' and 'source' to 'remote'
Note that rule_menu is retrieved from rule.ip_protocol in the unit tests
since they are tests for custom TCP/UDP/ICMP rules.
Network abstraction layer for security group management
* Move security group methods to api.network
* Add Neutron security group API implementation
* Move base classes for network abstraction to a separate module
(api/network_base.py) to avoid circulated import between
api.network and api.nova/api.neutron
Add a configuration parameter to control Neutron security group support
* Neutron security group support is enabled when Neutron is enabled and
enable_security_group in OPENSTACK_NEUTRON_NETWORK in settings is True.
* Not all neutron plugins support security group, so we need a way
to control neutron security group is enabled or not.
* It can be determined by supported extension list from Neutron
and it is a possible future work.
Move get_int_or_uuid to openstack_dashboard/utils/filters.
* get_int_or_uuid is now used in security_group implementation as
well as floating IP logics.
* In addition the depth of the directory tree becomes longer and
it is hard to fit the import line in 80 chars.
It is a good chance to move it to a common directory.
Add __repr__ to API**Wrapper to make it easier to debug.
Limitations:
Neutron supports per-port security group. security groups can be
associated with a port instead of an instace and each port can have
a different set of security groups. It is not a scope of this BP
and is a future work.
Change-Id: I5410e88043a364596037b9ebcc566cd50b317614
This patch adds a region selector dropdown
at the top of both the Project and Admin dashboards if
more than one region is available in the user's service
catalog. The user is allowed to choose from any region
available in the service catalog. By selecting a region,
the user is limited to accessing endpoints in that
region only as long as the go through api.base.url_for
If there are more than one endpoint for a service in a
region the first in the catalog is returned. Further
work on the blueprint will handle that complexity.
Supporting Keystone v2.0 and v3 catalog formats.
Partially implements blueprint multiple-service-endpoints
Change-Id: I1ab6539c7c5f4b1ae4b1716059370e86b6ca4d2e
This patch also re-organizes imports to import one per line.
Change-Id: Ia958e3a30a48d4308d08d51df243c1272425c316
Fixes: bug 1188529
Fixes: bug 1188537
Modifying the api.nova.server_list() method to optionally handle
pagination. The method will also work without pagination to
support the many other place than the instance views that continue
to call the method.
Fixes: bug #1046915
Change-Id: I8195f1f2d8922e1722743d7a2d627a8645e8b3bd
What this does:
* Makes the Access & Security panel use tabs for each of
the tables instead of trying to shove them all inline.
* Adds an "API Access" tab to the above set of tabs.
* Combines the features of the API Endpoints table, the
EC2 Credentials download and the OpenRC file download
into the API Access tab mentioned above.
* Uses the service "type" instead of "name" in the Endpoints
table to be nicer about service API abstraction.
Fixes bug 1065671 and fixes bug 1120627.
Change-Id: Iccc65b32d37dc97a96538443cf8c5c08fcea7250
Rob Cresswell