Various components defines different options for the client sessions.
Standardize them with the help of keystonauth1 lib.
Change-Id: I2f791caaf230a58b8426d1c1d6e1eb4316a85a28
Use the OpenStack standard keystoneauth1 library for loading
authentication plugins and register their options in the
murano_auth section.
Still provide a fallback if no murano_auth.auth_type is specified
to make old config files work.
Closes-bug: 1705838
Change-Id: Ie74364a4401f64fe42bf2206b6df760d2fc60edb
Murano used to have a custom, always-enabled ssl middleware, to parse
X-Forwarded-Proto header, to let murano work correctly behind an SSL
proxy. There is now an oslo middleware, that does the
same thing, but more thoroughly.
This commit replaces custom implementation with oslo one.
Co-Authored-By: Kirill Zaitsev <k.zaitsev@me.com>
Change-Id: I5444542b878434fb656e19b12d0f6e71df1ab95f
This patch add a murano_auth for murano auth with keystone,
This gives ability to fine-tune role-based privileges for
service-user going to execute trust-delegated tasks and the auth
configuration properties do not need to change when keystonemiddleware
deprecates its configuration properties.
Closes-Bug: #1643583
Closes-Bug: #1658648
Change-Id: If10fa8c938c264c7b5cadb3c3ed77f39488dcab7
After separation service broker from native murano on the configs/db
level GLARE support was broken. This patch updates config, devstack
script and partially service broker itself to take support back.
Change-Id: I0ea99bc491ba2ddebfc34a9c0aa681432aca7801
Closes-Bug: #1610130
1) Create separate config use the separate config.py
to use: tox -egencfconfig
2) Create separate db for murano service broker
to use: tox -e venv murano-cfapi-db-manage \
--config-file etc/murano/murano-cfapi.conf upgrade
Change-Id: Ifd3551ace000e496d99725f46dbead62f7ef64b0
partial-implement: bp separate-service-broker-from-murano
Group 'packages_opts' has always been inconsistent, since it included
'opts' into it's name and options in that group we related to both
engine and api. This commit moves engine related options to [engine]
group and api-related options to [murano] group.
This restores backward compatibility with liberty configs, that included
'load_packages_from' into [engine] group
'packages_opts' is added to all the options moved as deprecated_group,
thus retaining backward compatibility with old configs
Change-Id: I00b6f06ec352de4b57baaa86da9155bb36bcc23a
Closes-Bug: #1543027
This commit renames glance options to glare, to avoid confusion. It also
deprecates 'glance' group for glare opts.
According to Iced3c68010eb6bcd2a6a1ec8f1c6883f84cbe77f new endpoint is
going to be artifact, this commit reflects that.
Partial-Bug: #1550427
Change-Id: Ie4ac8cc6d31090fcad557201e319848bb4639477
* Single universal ClientManager class was dropped in favor of
of individual in-context methods to create OS clients without
ClientManager restrictions.
* Environment class was renamed to ExecutionSession to avoid
common confusion with io.murano.Environment
* execution_session_local module was introduced to simplify
keep of per-execution session (per-deployment) data. This
is similar to thread-locals with the difference that there can
be many threads in single session.
* All OS-clients related code was migrated to keystone client
sessions and API v3 (except for GLARE and Mistral that doesn't
support sessions). This increases performance and solves
authentication problems that could be caused by token expiration
even with trusts enabled.
* [DEFAULT]/home_region setting was introduced instead of
[murano]/region_for_services to configure what region
should be used by the clients by default (where Murano API
resides). All client factories respect this setting.
Change-Id: If02c7e5d7d39574d0621e0e8dc27d1f501a31984
Murano doesn't handle request properly if it is behind an SSL
termination proxy. In this case HTTP redirection and returned URLs
use http instead of https.
New middleware helps to handle the situation below properly. The purpose of the
SSLMiddleware is to update the wsgi.url_scheme environment variable of
the request with the value contained in an HTTP header that can be
configured in the configuration file (by default: 'X-Forwarded-Proto')
Closes-Bug: #1504610
Change-Id: Id7cfa1bce00c965b618a4f3e4ca2c915a57bbe52
This commit allows setting wsgi MAX_HEADER_LINE. This is done to allow
large keystone tokens. Also removes seeimngly unused run_server
function, to not cause confustion.
Change-Id: I2848c08d0758f39cb988079a8fabf36d6d2a2c98
Closes-Bug: #1190149
To follow latest community practices we need to use oslo_log in
murano instead of handcrafted libs.
Unsupported log level 'audit' was changed to 'info'.
Change-Id: I40c0f3790e34bf80d0b63554e86b3cbc019eefca
oslo.service has graduated, so murano should consume it.
Use the 1.16.0 version of the oslo.messaging library.
Change-Id: I774c70bdf06b304f7d958eac488dc28b7625fb12
Closes-Bug: #1466851
Depends-On: I4159450f54609c5185146472179d4299fe0c9d30
Depends-On: Ifa7a03b21aaf6911039c465696a0476e97905793
Corresponding changes were made in murano common policy file
and in requirements.
Change-Id: Ic7c4f61db0bb2655c4c0041500bd74e8890ea038
Closes-Bug: #1458945
This option was used, when there was a separate service for murano repository.
Now it's obsolete and should be removed.
Change-Id: I2e9611ec8ce7968ff2656660eebdafe87ac1811e
There were two unused imports in opts.py:
* eventlet_backdoor - not used anywhere
* lockutils - used only by unit tests
We don't need these options in generated sample config.
Change-Id: I3b7d4f326d42de94dec3fd53e18c4d21c0cb3708
Similarly with the way it was done in the murano-agent, added
the ability to use the oslo-config-generator for creating a sample
configuration file murano.conf.sample.
Now to create the file, you must run:
tox -egenconfig
Change-Id: I8b06336d75eccfd598ce9033333884f75f393a09