Keystone provided two in-tree catalog drivers, sql and templated.
However the templated driver hasn't been properly maintained.
The default template had not been updated for 8 years until it was
recently updated by [1].
This deprecates the driver assuming it's not widely used and sql driver
meets usual requirements.
This also restores the image service endpoints which were wrongly
removed by [1].
[1] c32bedb654
Related-Bug: #2013473
Change-Id: Iadb7bd5d7c4cf82aea2a7dbc1d8c4dbe53b9f763
Because these were removed by [1]. Also update the previous release
note to document the upgrade impact on catalog information (like
endpoint urls) including string interpolations requiring these removed
options.
[1] 2a3c73c49b
Change-Id: If78d0b93665410b86754ea35653ca9d4c15c81c5
The eventlet server implementation was removed during Newton, and have
not been used by any other implementations for a while.
Change-Id: I01f9adfc3e610d820c1834209d36c10568cccf41
Resolve the following LegacyAPIWarning warning:
The Query.get() method is considered legacy as of the 1.x series of
SQLAlchemy and becomes a legacy construct in 2.0. The method is now
available as Session.get()
Change-Id: I30d0bccaddff6a1d91fcd5660f490f904e7c8965
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This repo does not support Python 2 anymore, so we don't need
six for compatibility between Python2 and 3, convert six usage to Python
3 code.
Change-Id: Icba56808f38277b27af2ae5aac4b8507dee71b3b
While using the openstack client command, the list on endpoint filters
cannot be filtered by name. This adds an optional parameter on the query
to allow the name to be specified as filter. This fixes the behavior on
OSC to search.
Change-Id: Ia1cbc9f4ded8f2494b1bf7ba5e953be0dfaf11f5
Closes-Bug: #1828565
The region update API currently does not allow for adding any
extra values via the update API. This effectively means that while
an extra can be set at create time, they cannot be altered once
set, nor can any additional values be added.
This patch add the missing inclusion of extra to the new ref.
Change-Id: I6e99764c0e360656ddbb47ebb23fe9576c97b99f
Closes-Bug: #1729933
Add the callback action to delete endpoint group association by project
that was dropped in the conversion of OS-EP-FILTER to flask.
Change-Id: Id16f18f6bac9b232564bc7643f282a8ca2bd7080
Partial-Bug: #1776504
Migrate the OS-EP-FILTER API to flask-native dispatching. This does
not migrate the standard catalog "region", "service" or "endpoint"
APIs.
Change-Id: Ia7c2ab211e2f7fb136e5817390751121f97f4340
Partial-Bug: #1776504
We define unified parameter types for validating a request reference,
such as 'boolean', 'url' and 'description'. In order to keep the code
style consistent, each schema should use it in addition to its own
specific parameters.
For catalog schema, parameter 'description' in _region_properties and
_endpoint_group_properties has different definitions, which reduces the
readability of the code.
Change-Id: Ia94bc3368f3623a91ffde9a78d2310f8a8e290c2
Move the JSON Home Document and Version Discovery Documents out of
the webob-based mapper and into Flask.
This change removes the keystone.version.controller and
keystone.version.router modules as they have been moved into
keystone.api.discovery.
The keystone.api.discovery module is somewhat specialized as there
are no "resources" and it must handle multiple types of responses
based upon the ACCEPTS header (JSON Home or JSON). In lieu of the
flask-RESTful mechanisms, keystone.api.discovery utilizes bare
flask blueprint and functions. Minor scaffolding work has been done
to ensure the discovery blueprint can be loaded via the loader loop
in keystone.server.flask.application (a stub object in
keystone.api.discovery).
Partial-Bug: #1776504
Change-Id: Ib25380cefdbb7147661bb9853de7872a837322e0
This patchset removes the lingering code that supported paste.deploy
that is obsolted by the loader wrapped around keystone's use of Flask.
* The keystone-paste.ini file has been removed.
* All options have been removed (without deprecation) as they are no
longer referenced.
* The TokenAuthMiddleware code (with deprecation warning) has been
removed as it was only provided to ensure compatibility with paste.ini
files that were not updated (ensuring not breaking a deployer that
did not update paste.ini file to remove it from the pipeline).
* Paste deploy entrypoints have been removed.
Change-Id: I35064a440ef718f50c7e644e8b2d56a99c3ec74f
Basic conversion of Keystone's core application to flask framework.
This doesn't add much in the way of flask-specific-isms but should
get keystone running directly under flask. This implementation does
not use paste-deploy.
Change-Id: Ib4c1ed3f645dd55fbfb76395263ecdaf605caae7
Previously each region had its own entry for each service_type
with only it's own endpoints listed. This patch changes this
so that each service type has the endpoints from all regions
listed.
We also move the flawed templated get_v3_catalog function call
from the base catalog class into the templated class.
Change-Id: Ifddf08990539b6ac7d8289d410092b2ae9f5cbed
Closes-Bug: #1703666
This change converts the usage of self.<provider_api> to
keystone.common.providers_api.ProviderAPIs.<provider_api> in manager
and controller logic. This is the correct way to reference
providers from other managers and controllers now that dependency
injection has been eliminated.
Change-Id: I86e3e360b01b3ce27414c13da3d94e22076ee93c
Refactors all of keystone's dependency injection to maintain a
single centralized repository of instantiated objects. This
means that we are no longer having to resolve order. All
objects that need to reference the various manager APIs simply
do so via the __getattr__ built into the Manager common object
or the ProviderAPIMixin object.
This is also the first step towards correcting our tests to
where they cannot run "load_backends" multiple times.
This forces any/all managers to properly run super()
as the way to register the api is via __init__.
This eliminates all use of the @dependency.requires and
@dependency.provides decorators, simplifying the objects
all around.
Any instantiations of a Manager after keystone is running
will now generate an error, ensuring everything for keystone
is running before handling requests. An exception is for
CLI and CLI tests, as the CLI may directly instantiate
managers and will not lock the registry.
Change-Id: I4ba17855efd797c0db9f4824936b49e4bff54b6a
This commit makes it so all GET APIs within the endpoint filter API
support HEAD as well.
Change-Id: I6dd8b3f7494003bca110623a3b8133c81ff90877
Partial-Bug: 1696574
This change replaces the use of DictBase with the ModelDictMixin
for any SQL models that do not contain an extra column and renames
the DictBase to a more descriptive name of ModelDictMixinWithExtras.
A Docstring has been added indicating the continued usage of
ModelDictMixinWithExtras should not be done for any "new"
models.
Change-Id: I9a4767cacf7620e878df70084060f3e43e1318df
Do not call `to_dict` outside of a session context as if to_dict
interacts with lazy-loaded relationships it can cause errors. For
the most part these are edge-cases and unlikely to happen.
A couple FIXMEs were added to restructure the calls to allow for
`to_dict` to be moved into a method that will act within a session
context.
Change-Id: I769c2cdea1b08a780093d27cdc70bce9f004017b
In V2 Endpoint creation it returns 500 error due to missing
'region'. So, changed the way of fetching the same parameter to handle
None case.
Change-Id: I5c9ef206193072da73d3990d5f77003124db8265
Closes-Bug: #1557166
`endpoint_filter.sql` backend is the only left-over from
endpoint filter extension, all others has been moved into
keystone catalog dir.
This patch deprecate `endpoint_filter.sql` backend and
consolidate the backend with SQL backend.
This patch also update some related testcases to make sure
project id exists instead of some random uuids since original
logic from endpoint filter extension has the constraint and
this is make sense to inherent into SQL backend as well.
Partially implements: bp deprecated-as-of-ocata
Change-Id: I28b37fc98cf63da11c0dd200b5f657507c0bca6a
Keystone's various Manager classes typically handle the sending of
a notification. In order to send the notification an `initiator` is
needed. All Manager CRUD methods typically ask for this as a kwarg
since it's not required in all cases.
Most of the controller layers pass the initiator value as a
positional argument. This commit makes it so the controller passes it
as a kwarg since that's how the Manager class method signature
describes it.
Change-Id: Ic805f6ea2767c9c5cf01aa04ad554773b9cc8c39
The audit initiator is basically a context with all the information
about the current operation available. This information is all gathered
from the request and context so we can simplify its generation by moving
it onto the request object.
Change-Id: If91eacd3e07e0d9cd825f92b06c0ac819b3daf8c
dogpile.cache's region invalidation is not designed to work across
processes. This patch enables distributed invalidation of keys in a
region.
Instead of using a static cache key, we use the original cache key
and append a dynamic value to it. This value is looked up in
memcached using the region name as a key. So anytime the value of
the region key changes the cache keys in that region are
effectively invalidated.
Closes-Bug: #1590779
Change-Id: Ib80d41d43ef815b37282d72ad68e7aa8e1ff354e
Added validation for create service in the v2 api
Partially implements: bp schema-validation-extent
Change-Id: If6e24b6c0c005aa7568a652aed5ee9d8273d2da7
The templated catalog driver does not support some of the
association cleanup methods. Since these are called in normal
operation, we have to mask the raising of NotImplemented. This
masking is currently done in the controller, but should really
be done in the manager layer.
Testing is added for the methods affected at the manager layer,
and an existig v3 API test is tidied up.
Change-Id: Ie68774fef07678b67eb70b90a0e4b81fc0df88b9