This flag was incorrectly set to False in the API extension
implementation. This extension is still not implemented in Neutron.
Change-Id: I87ea4e8bf4b4bc6a6934a349ac28765107c1536a
Related-Bug: #2051831
The flag "netaddr.core.ZEROFILL" cannot be used with IPv6 addresses
with netaddr>=1.0.0
Change-Id: I116ea2abbee13a73302ebca9c65707f427a7d9d0
Closes-Bug: #2055173
That will avoid unnecessary warning messages in the logs. The
role enforcer only loads the following 3 rules:
* _ADMIN_CTX_POLICY = 'context_is_admin'
* _ADVSVC_CTX_POLICY = 'context_is_advsvc'
* _SERVICE_ROLE = 'service_api'
This functionality was implemented in [1]. oslo.policy library
is bumped to version 4.3.0 that contains this patch.
[1]https://review.opendev.org/c/openstack/oslo.policy/+/907196
Closes-Bug: #2048198
Change-Id: I1581b95035c4afebf63518b64c35bc0c61c292e9
Arguably, using `None` as service name by default is probably wrong, but
I don't think we can safely change it now.
Change-Id: Iad19f1af0019b40fc5618fc55647ccd7553f2272
This extension adds a new field to the "subnet" resource:
"router:external". This boolean field, that is False by default,
represents if the subnet belongs to an external network.
Related-Bug: #2051831
Change-Id: I75a9c30f1e8031d40a548df345b02fbe0bc47706
hacking 3.0.x is really old. Let's bump it to the latest version
available.
This also fixes some errors detected but some rules are excluded now.
See the comments in tox.ini for further details.
Change-Id: I2565e5f5e791dfdd9bbc1890b35c413965d83626
Copied some constants and an exception based on TODO
comments, so we can consume in the future.
TrivialFix
Change-Id: Iac9070c840a3276b5805d8c58437da3363890f67
With the move to sqlalchemy 2.0 some of the API methods
have changed, but these tests were never updated.
Also added an sqlalchemy-master job so we do not regress.
Depends-on: https://review.opendev.org/c/openstack/requirements/+/900517
Closes-bug: #2043141
Change-Id: I9e1c796dcda725844ea6b7a0d5c8a8c11560b2b3
The ``CallbacksManager`` class considers, by default, that the events
starting with "before_" and "precommit_" can raise an Exception
(``CallbackFailure``) in case that the callbacks associated to these
methods exit with an error.
However there are some other events (those started with "after_") that
won't generate an exception in case of error. The error will be logged
but the process will continue.
This new functionality adds the possibility of adding any kind of event
and mark is as "cancellable". The ``CallbacksManager`` instance will check
the errors returned by the callback methods and if any of them is marked
as "cancellable", the manager will raise a ``CallbackFailure`` exception,
terminating the process.
In case of being a Neutron worker, for example, the
``oslo_service.service.Services`` class will restart the process again.
Related-Bug: #2036607
Change-Id: Ie1e7be6d70cca957c1b1b6c15b402e8bc6523865
During review of the series it was requested to make the default
values for 'enable_default_route_bfd' and
'enable_default_route_ecmp' configurable.
In order to determine the correct value at runtime, Neutron needs
the attributes to be filled with something other than 'True' or
'False' when not provided in the request.
Needed-By: I581f4c5e5cfa275f8a6f0adec405f205e877ac55
Related-Bug: #2002687
Change-Id: I9096685fb79a84e11a8547a5aaa16f7f2df48a56
This reverts commit a014720912.
Reason for revert: It is not needed to have network in the EXT_PARENT_RESOURCE_MAPPING as we will keep NET_OWNER rules and use
them for subnets and ports API.
Please see [1] for more detailed explanation why it's better to keep NET_OWNER rules for those policies.
[1] https://review.opendev.org/c/openstack/neutron/+/889153
Change-Id: Ia2cd6301e04ac502888ee2b8042ea8c19873a95a
A new event AFTER_STATUS_UPDATE is added, that will be published to
callbacks when a resource's status is updated in the DB. The first use
of this new event is to indicate when the L3 DB layer has updated
floating IPs status.
Change-Id: I1a85d1af7b4f50a5319c64e47c52ccdaa345e362
Partial-Bug: #2020823
In the 'port-hardware-offload-type' extension, the default value for
``hardware_offload_type`` should be ATTR_NOT_SPECIFIED, in case this
value is not defined in the API call when creating a new port.
NOTE: this extension is still under development thus it is legit to
modify it.
Related-Bug: #2013228
Change-Id: I7aadac451c59388c3d647f4ec5380e18a72c67be
A column that is primary key creates an index by default. There is no
need to create another one by passing index=True.
Related-Bug: #2024044
Change-Id: Ie74934754598292b125d2be7edb4bbcbb898a230
As we are moving to the new S-RBAC policies, we want to use "service"
role for all service to service communication. See [1] for details.
This require from Context class property similar to old "is_advsvc" but
with new naming convention and using new policy rule.
This patch adds this new property together with all required policies
and rules.
For now "ContextBase.is_advsvc" property will return True if one of the
advsvc OR service_role will be True to make it working in the same way
with both old and new policies but once we will get rid of the old
policies we should also remove is_advsvc property from the ContextBase
class.
[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-2
Change-Id: Ic401db8b4e2745234e61fe2c05afd5b4ab719a03
It's needed so network can be used as ext_parent for e.g. subnets in
the API policy rules.
Related-bug: #2023679
Change-Id: Ib446dffcd60e18b578a4d816ab5881e2fabc3e51
The L3 "router" extension is not needed for "network_ha". Furthemore,
this L3 "router" extension cannot be used with all ML2 plugins (for
example ML2/OVN uses "ovn-router" instead)
Related-Bug: #2016198
Change-Id: I949cbd7e27b2183200b58878b45ed7c1d7b3d7a7