This was only useful with XenAPI and can therefore be removed.
Change-Id: I9512f605dd2b3b0e88c951ed086250d57056303d
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
limits and used_limits extensions were megred in
- I76e02214e958a55b6de8033243b46b259949e5ac
But policy were left in separate file. limits policy
is in policies/limits which is general policy to get the
limit of project. used_limit is in polocies/used_limit
which is enforced in view builder for gettting the limit
of other project.
This commit:
- move used_limit in policies/limit file
- move the used_limit policy enforcement from view buidler to limit API controller.
- adjust the tests due to above changes.
Partial implement blueprint policy-defaults-refresh
Change-Id: Iefe41cc95cd967b368588dea5ff195bb4af3eca7
This exposes the 'nova-console' service via a REST API, a service that
can only be used with XVP VNC consoles, which in turn require the
'nova-xvpvncproxy' service. We we would like to remove the
'nova-console' and 'nova-xvpvncproxy' services, so start here.
Part of blueprint remove-xvpvncproxy
Change-Id: I2ee3b8c44e5d85e9b3c811ed3c5e6cddc563054f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Drop support for most of the 'os-networks' REST APIs excluding those
that proxy through to neutron.
This API now returns a 410 response for the non-proxy routes.
Unit tests are removed for removed APIs and the functional API sample
tests are just asserting the 410 response now same. The latter are also
expanded to cover APIs that weren't previously tested.
The API sample docs are left intact since the API reference still builds
from those and can be considered more or less branchless, so people
looking at the API reference can apply it to older deployments of nova
before these APIs were removed.
Note: yes, the API samples are correct. It really is a useless API when
used with neutron.
Change-Id: I68bfa77a520382317fc490a4f6c12dd62fc6dcda
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This is a nova-network-only API. As with previously removed APIs, this
API now return a 410 response for all routes.
There are some DB methods that were only used by this API. They will be
removed separately in a future change.
Change-Id: Iaa7fb6c548613164d33793822ee85339f9f7fefb
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Add a new server topology API to show server NUMA information:
- GET /servers/{server_id}/topology
Add new policy to control the default behavior:
- compute:server:topology:index
- compute:server:topology:host:index
Change-Id: Ie647ef96597195b0ef00f77cece16c2bef8a78d4
Implements: blueprint show-server-numa-topology
Signed-off-by: Yongli He <yongli.he@intel.com>
Thankfully the bulk of this is neatly organized in a single directory
and can be removed, now that the bulk of the references to it have been
removed. The only complicated area is the tests, though effort has been
taken to minimise the diff here wherever possible.
Part of blueprint remove-cells-v1
Change-Id: Ib0e0b708c46e4330e51f8f8fdfbb02d45aaf0f44
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Drop support for the os-cells REST APIs, which are part of the cells v1
feature which has been deprecated since Pike.
This API now returns a 410 response for all routes.
Unit tests are removed and the functional API sample tests are just
asserting the 410 response now. The latter are also expanded to cover
APIs that weren't previously tested.
The API sample docs are left intact since the API reference still builds
from those and can be considered more or less branchless, so people
looking at the API reference can apply it to older deployments of nova
before os-cells was removed.
A release note added for previous cells v1 removals is amended to note
this additional change.
Part of blueprint remove-cells-v1
Change-Id: Iddb519008515f591cf1d884872a5887afbe766f2
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The 'os_compute_api:flavors' policy has been deprecated
since 16.0.0 Pike.
Remove the 'os_compute_api:flavors' policy.
Change-Id: I771b6f641d25d6b27076cf36dd8552df50b7ccd3
The hide_server_address_states config option and related
policy rule were deprecated in Queens:
I6040e8c2b3e132b0dfd09f82ae041b4786a63483
They are now removed in Stein as part of the API extension
merge effort.
Part of blueprint api-extensions-merge-stein
Change-Id: Ib3582038274dedbf524ffcaffe818ff0e751489d
API extensions policies have been deprecated in 17.0.0
release[1]. This commit removes them.
[1] Ie05f4e84519f8a00ffb66ea5ee920d5c7722a66b
Change-Id: Ib3faf85c78bc2cdee13175560dc1458ddb6cb7a8
Drop support for the os-floating-ip-dns API which has been deprecated
since Newton:
Idca478c566f9a7b5b30a3172453ce7c66d9fd8f0
This API now returns a 410 response for all routes.
Unit tests are removed and the functional API sample tests are just
asserting the 410 response now.
The API sample docs are left intact since the API reference still builds
from those and can be considered more or less branchless, so people
looking at the API reference can apply it to older deployments of nova
before os-floating-ip-dns was removed.
The release note added for previous nova-network API removals is
amended to note this additional change.
Part of blueprint remove-nova-network
Change-Id: I0c4b586292814b8483226aee315f41cbefc86a1e
Drop support for the os-floating-ips-bulk API which has been deprecated
since Newton:
Idca478c566f9a7b5b30a3172453ce7c66d9fd8f0
This API now returns a 410 response for all routes.
Unit tests are removed and the functional API sample tests are just
asserting the 410 response now.
The API sample docs are left intact since the API reference still builds
from those and can be considered more or less branchless, so people
looking at the API reference can apply it to older deployments of nova
before os-floating-ips-bulk was removed.
The release note added for previous nova-network API removals is
amended to note this additional change.
Part of blueprint remove-nova-network
Change-Id: I89d081108b398d8efba9636279088c61349b21e6
Depends-On: https://review.openstack.org/582945
This drops support for the os-fixed-ips compute REST API which has been
deprecated since
Newton: I1a8a44530be29292561e90d6f7bd7ed512a88ee3
Now it returns 410 response. Unit tests are removed and the functional API
sample test is just asserting the 410 response now. The API sample docs are
left intact since the API reference still builds from those and can be
considered more or less branchless, so people looking at the API reference
can apply it to older deployments of nova before os-fixed-ips was removed.
Part of blueprint remove-nova-network
Change-Id: I61f758ff9285448d431b45f67c70286082b4ee90
This drops support for the os-virtual-interfaces compute REST API
which has been deprecated since Newton:
I1a8a44530be29292561e90d6f7bd7ed512a88ee3
Now it returns 410 response.
Unit tests are removed and the functional API sample test is just
asserting the 410 response now. The API sample docs are left intact
since the API reference still builds from those and can be considered
more or less branchless, so people looking at the API reference can
apply it to older deployments of nova before os-virtual-interfaces was
removed.
Depends-On: https://review.openstack.org/571556/
Part of blueprint remove-nova-network
Change-Id: Id7f94a643e5d7b8a842c0f4a5c9f796d6566b365
This drops support for the fping compute REST API which
has been deprecated since Newton:
I1a8a44530be29292561e90d6f7bd7ed512a88ee3
To match the os-cloudpipe and os-certificates removals
the os-fping controller now returns a 410 response.
The related fping_path configuration option is removed
along with the related fping policy rules.
Unit tests are removed and the functional API sample
test is just asserting the 410 response now.
The API sample docs are left intact since the API reference
still builds from those and can be considered more or
less branchless, so people looking at the API reference
can apply it to older deployments of nova before os-fping
was removed.
A release note is started which we can build on for each
nova-network specific API that we remove in this series.
Part of blueprint remova-nova-network
Change-Id: Ia36aaa8f74adc2b540c49523db522cd85ab17ed2
This commit removes the cloudpipe API from nova. This has been
deprecated since change I415760ff634dd85974f0c3f79e788e633852efb5 and no
longer works without nova-cert and the pending removal of the deprecated
nova-network.
Implements bp remove-nova-cert
Change-Id: Ifd1fb13a5953cc66f9cc2561d30a9efcd3f4c92e
This commit removes nova-cert which has been deprecated since change
Id7a1fc943cbe6d860a50d3cc776717b55351004b. The APIs have been hard coded
to return a 410 whenever they're called now. For the API ref a new
section for obsolete apis is added to the bottom of the page and the
certificates api ref is moved there.
Implements bp remove-nova-cert
Change-Id: I2c78a0c6599b92040146cf9f0042cff8fd2509c3
We have signaled many times the use of API extensions to change the API
has been deprecated, including:
04f8612aa9
This patch ensures we no longer check any of the discoverable rules when
compiling the list of extensions to list in the API. This stops users
from being able to use policy to hide certain API extensions. This was
never that useful, but now you can't turn any extensions off and we
report the API version number, it is basically useless.
Note the change in the policy cmd unit test is to ensure now there are
no rules that use the ANY rule, we correctly check we return an empty
list of rules that match.
blueprint remove-discoverable-policy-rules
Change-Id: I61d8063708731133177534888ba7f5f05a6bd901
The os-pci API was never part of the v2.0 API and was added
to the v3 API, but when the v3 API turned into the v2.1 API
which is backward compatible with the v2.0 API, the os-pci
API was removed from v2.1. The original intent was to enable
it in a microversion but that never happened.
We should just delete this API since it has a number of issues
anyway:
1. It's not documented (which makes sense since it's not enabled).
2. The PciHypervisorController just takes the compute_nodes.pci_stats
dict and dumps it to json out of the REST API with no control over
the keys in the response. That means if we ever change the fields
in the PciDevicePool object, we implicitly introduce a backward
incompatible change in the REST API.
3. We don't want to be reporting host stats out of the API [1].
4. To make the os-hypervisors extension work in a multi-cell environment
we'd have to add uuids to the PciDevices model and change the API to
return and take in uuids to identify the devices for GET requests.
5. And last but not least, no one has asked for this in over two years.
As a result of removing this API we can also remove the join on the
pci_devices table when showing details about an instance or listing
instances, which were added years ago because of the PciServerController:
Id3c8a0b187e399ce2acecd4aaa37ac95e731d46c
Id3e60c3c56c2eb4209e8aca8a2c26881ca86b435
[1] https://docs.openstack.org/developer/nova/policies.html?#metrics-gathering
Closes-Bug: #1426241
Closes-Bug: #1673869
Change-Id: I9099744264eeec175672d10d04da69648dec1a9d
Registers in-code the last remaining policy rules.
Adds missing 'discoverable' rules. Without them,
the extension_info API can fail, as it tries to check the
os_compute_api:os_server_tags:discoverable rule. As it wasn't
previously registered, when listing the available extensions,
an exception of type PolicyNotRegistered is encountered.
In order to validate this, functional/api_sample_tests/test_extension_info.py
now runs without mocking policy.authorize.
Switches extension_info to context.can.
Switches nova.cells.filters to context.can.
Switches network.neutronv2.api to context.can.
Removes the rest of the entries in etc/policy.json.
Removes DefaultPolicyTestCase, as it tests the default
policy rule, which is not registered.
Removes rules from fake_policy.py that brings no value,
that are the same as the default values.
Removes extensions authorizer factories.
Removes nova.policy.enforce.
Change-Id: Ie7771768f4f3efe0edc787c12f297aa93d533d7e
Partially-Implements: bp policy-in-code
This removes personality extension, as well as the rebuild extension
point for servers.
We add an operation flag to translate extension because personality
extension uses different kwarg names depending on the operation. This
is done with a set of constants which should prevent typos silently
causing failures.
A few variables are renamed in servers.py to avoid multiline
statements.
Part of bp:api-no-more-extensions
Change-Id: I47deae0279f85d9a355d1248b6e90af732406514
This folds this back into the main rebuild flow. As there were no unit
tests for this, doing so was pretty simple.
Part of bp:api-no-more-extensions
Change-Id: I19f791ed5af917b5509940765fedc1b944fcf315
Adds default values for policy rules in code and removes
them from etc/policy.json file. The change is validated
by the nova.tests.unit.test_policy unit tests.
Adds default policy rules in policy_fixture. The policy_fixture
is currently loading an incomplete set of policy rules (from
policy.json or fake_policy), resulting in unit tests running
with an incomplete set of policy rules.
Co-Authored-By: Andrew Laski <andrew@lascii.com>
Partially-Implements: bp policy-in-code
Change-Id: I7a7dc2a111d536380a763169320a0820b0715a11
This adds the basic framework for registering and using default policy
rules. Rules should be defined and returned from a module in
nova/policies/, and then added to the list in nova/policies/__init__.py.
A new context.can() method has been added for policy enforcement of
registered rules. It has the same parameters as the enforce() method
currently being used.
To establish the full pattern for usage the policy checks in the servers
API module have been registered and converted to the new usage.
Now that some policy checks are registered they're being used properly
by tests. Some tests have been updated so that the instance project_id
matches the context project_id in order to pass the 'admin_or_owner'
check.
Change-Id: I71b3d1233255125cb280a000b990329f5b03fdfd
Partially-Implements: bp policy-in-code
Stephen Finucane