That will avoid unnecessary warning messages in the logs. The
role enforcer only loads the following 3 rules:
* _ADMIN_CTX_POLICY = 'context_is_admin'
* _ADVSVC_CTX_POLICY = 'context_is_advsvc'
* _SERVICE_ROLE = 'service_api'
This functionality was implemented in [1]. oslo.policy library
is bumped to version 4.3.0 that contains this patch.
[1]https://review.opendev.org/c/openstack/oslo.policy/+/907196
Closes-Bug: #2048198
Change-Id: I1581b95035c4afebf63518b64c35bc0c61c292e9
hacking 3.0.x is really old. Let's bump it to the latest version
available.
This also fixes some errors detected but some rules are excluded now.
See the comments in tox.ini for further details.
Change-Id: I2565e5f5e791dfdd9bbc1890b35c413965d83626
- Python 2 is no longer supported
- setup.py is no longer managed by the global tooling
- Recent pip does not require appropriate order in requirement files
Change-Id: I29e2375b68dc01f6e042717a6da3861cc0bd8f88
To implement properly new secure personas like system-reader or
system-admin we need to make neutron and neutron-lib to be aware about
system scope tokens.
Such token don't have is_admin set to True but model_query build by
such token shouldn't filter resources on the project_id as it don't even
have project_id provider.
This patch also bumps minimum required version of some packages to be
able to use oslo_policy 3.6.2 (the same as Neutron really requires in fact)
as old lower constraint version 1.3.0 didn't had "system_scope"
attribute in Context class.
That change of oslo_policy minimum version requires also changes in some
other dependencies. But all are aligned with what is actually in Neutro
so what effectively was tested by all neutron jobs already.
Closes-Bug: #1918506
Change-Id: Ic1795045ac755e4b941791d6695c25c4f30574ef
This change removes the requirement for python 2 and removes testing for
it, but tries to leave the code compatible with python2 where possible.
Co-Authored-By: Nate Johnston <nate.johnston@redhat.com>
Change-Id: I711ae939b5eaa1816af15b22527c38858507127f
When the change to add support for extended ethertypes was introduced,
one scenario for backwards compatibility was not addressed in the
validator: using the canonical string names for ethertypes. This was
previously supported in the original implementation, using 'IPv4' or
'IPv6' for example.
Since the list of canonical ethertype names is available from os-ken we
consume it from there, which adds an additional dependency for
neutron-lib.
Related-Bug: #1838473
Change-Id: I53c6538dfbeea9691d95c6c555f0c56ae13d1a33
This patch rehomes neutron.objects.common_types into
neutron_lib.objects.common_types and includes the test_common_types
from neutron as well. In addition some supporting logic is rehomed
including some utils. For full details on the rehomed code please see
the release note included herein.
Also see: https://bugs.launchpad.net/neutron/+bug/1815827
Change-Id: Ic4f1240fceea1e372e6cb68e747169f7236b9f08
- Set the process name of child neutron-servers to be something more
readily identifiable than today.
- Enable by default for all users of the workers module, neutron will
have a conf setting for its workers.
Matching neutron change:
https://review.openstack.org/637019
Partial-Bug: #1816485
Depends-On: https://review.openstack.org/637024
Change-Id: Ic6eca08f2ccacb3f8bf741c47a45e88cd3877b29
The rehome/consumption of the db api caused some errors in consumer
projects related to the ORM event listeners no longer getting
initialized [1]. While the short term fix [1] was to import neutron's
db api elsewhere, this doesn't work longer term as consumers need to
decouple from neutron, thus not importing neutron modules.
This patch rehomes the db api ORM event listeners into neutron-lib and
initializes them upon import of neutron_lib (top-level). This change
will allow consumers to load the event listeners by importing anything
from neutron-lib, thus breaking the dependency on neutron.
This patch also bumps the requirement for SQLAlchemy to match neutrons.
[1] https://bugs.launchpad.net/neutron/+bug/1802369
Related-Bug: 1802369
Change-Id: I3e702b99fd5084e8090f93c384aa1f704edceaff
This patch rehomes neutron.db._model_query into neutron-lib. While
our longer term goal is to use OVO rather than queries and tables, this
module is provided as a stepping stone (as mentioned in release note
herein). The patch also includes a few other APIs that are required for
the rehome including some utils and an exception class.
For more details see the spec on [1].
Also a sample consumption patch can be found on [2]. While it won't work
as-is with the depends on approach (it needs to be rebased on multiple
other DNMs in neutron) I tested it locally. In addition this change
was tested locally with a sample vmware-nsx consumption patch [3].
[1] https://review.openstack.org/#/c/473531/
[2] https://review.openstack.org/#/c/557786/
[3] https://review.openstack.org/#/c/557788/
Change-Id: I3e4b38aa3b6460ce916091c020adedd4ed2c4d26
This patch rehomes neutron.db.api into neutron-lib. In addition to the
public API's, some internal plumbing such as _add_to_rel_load_list and
_load_one_to_manys are also needed in order to bootstrap the database
environment for SQLA.
For a sample consumption patch see:
https://review.openstack.org/#/c/557037/
Change-Id: I753a58cd04a6b881415fbc1bf3e876da72f3da3e
Once we clean-up our debt with the patches under this one, there's no
need for the debtcollector in neutron-lib.
This patch removes debtcollector from our requirements and lower
constraints.
Change-Id: I6161fe44fb6f7cb2271620235bd87fe80ce26127
This patch implements the plumbing to support dynamically loadable
plugins for neutron versioned objects as per the spec [1]. Specifically
a utility class is introduced as a generic plugin manager for stevedore
based plugins in a given namespace. A global singleton instance of this
plugin manager is then wrapped to provide access to neutron versioned
objects.
Using this implementation:
- Neutron version object classes are registered as entry points. For
example [2].
- Consumers can then use the object registry in neutron_lib to access
them, for example [3].
As-is this change doesn't introduce any breakage risk; it's new
functionality that no one is using.
[1] I079d06502e6e7b1e20aea882979b0ecd9106eaeb
[2] https://review.openstack.org/#/c/553836/
[3] https://review.openstack.org/#/c/553835/
Change-Id: I39d9bab1e24fbcbd5f9b3abf80560da920f1cf26
The placement client is going to be used by other services aside from
segments; e.g. QoS plugin. It makes sense to move this file to a common
place, like neutron-lib.
Closes-Bug: #1723452
Partial-Bug: #1578989
Change-Id: I2f7d204828a620152ec9e005e057fc7fd77f9126
This patch rehomes neutron's availability zone extension into
neutron-libs API definition layout/structure. UTs and a reno are also
included.
Change-Id: Id8513a7a82609808829e3e66827f69f3fd0c3e4d
This patch rehomes the neutron common utils:
- load_class_by_alias_or_classname() function.
- synchronized decorator.
These utils are used by subprojects [1] and will
also be used as part of rehoming the logic in neutron's
manager module.
[1] http://codesearch.openstack.org/?q=load_class_by_alias_or_classname
Change-Id: I62958e30695663797d79ed6bd1260edbb46a1bf4