There are no test changes as all new code is tested by the
extension_info functional tests, and should we want to eliminate the
extension_info portion of our API later, new tests would just make
this much harder to tear down.
This modifies default policy to drop os-disk-config as well as
modifying extension tests to pass even though we're injecting
additional hardcoded items into the list for compatibility.
Part of bp:api-no-more-extensions
Change-Id: I0192ccef7e858fd0ff15c339f683abaabbdc09b7
This removes the modification of the images resource. There are no
additional tests or test changes, as existing functional tests cover
these cases and guaruntee correct output.
Part of bp:api-no-more-extensions
Change-Id: I1d5bee3152a3725c5c7303462c5c383900a1e3c7
The last caller of this was removed in
Ieb8374bff81b26c680cae6e6ca92ab736209570d but this was left behind.
Partially implements blueprint remove-legacy-v2-api-code
Change-Id: Ibcf826e081d061cc6a9b963981edd16d31e0cc37
This removes the support for legacy v2 extensions which were allowed
to be generators to have a pre / post processing phase. The modern
compute api stack never supported this construct.
Because of the remove of the 'pre' phase, the 'post_process' phase is
just renamed to 'process'.
All pre_process and generator tests are removed.
Change-Id: Ia34c1f814fb938915d74c6845dfa5135cba29d0a
In module netaddr valid_ipv4 raise exception AddrFormatError
if address is specified as empty string. Method is_valid_ipv4
catches the exception and returns boolean value. So we'd better
use it from oslo.utils.
Change-Id: I452d437692e44f4e20ff1b064032d247c0ab7530
When microversion>=2.26 is requested to show server details
we should pre-load 'tags' when getting the instance from the
database. Listing server details already does this, but show
didn't.
Failing to do this can also result in a 500 response from the
server. The scenario is you delete a server and then poll for
it to be gone using 'nova show'. In between the time that the
server is retrieved from the database and the view builder
creates the response, the instance is deleted and since
instance.tags is not set it will attempt to lazy-load the tags
which will fail with an InstanceNotFound.
We need to also fix the lazy-load issue in the instance object
but that will come in a follow-on change.
Change-Id: Iae6551028179e31699c06d06284ca4c1660be240
Closes-Bug: #1592963
This adds the basic framework for registering and using default policy
rules. Rules should be defined and returned from a module in
nova/policies/, and then added to the list in nova/policies/__init__.py.
A new context.can() method has been added for policy enforcement of
registered rules. It has the same parameters as the enforce() method
currently being used.
To establish the full pattern for usage the policy checks in the servers
API module have been registered and converted to the new usage.
Now that some policy checks are registered they're being used properly
by tests. Some tests have been updated so that the instance project_id
matches the context project_id in order to pass the 'admin_or_owner'
check.
Change-Id: I71b3d1233255125cb280a000b990329f5b03fdfd
Partially-Implements: bp policy-in-code
With commit e83842b80b we
attempt to load keypairs for an instance from instance_extra,
but if that hasn't been migrated yet we fall back to loading
the keypair from the database by name.
If the keypair was deleted, the instance object will just set
an empty KeyPairList for instance.keypairs and we'll get an
IndexError when using self.instance.keypairs[0] in
_metadata_as_json.
This adds a check that instance.keypairs actually has
something in it. If not, we log a message and don't return
any key values in the metadata dict - same as if instance.key_name
wasn't set to begin with.
Change-Id: If823867d1df4bafa46978e62e05826d1f12c9269
Closes-Bug: #1592167
This adds the auto-allocated-topology validation into
the neutron validate_networks path, which is called from
the compute API when creating instances.
If there are no available networks for the project and the
user specifically requested that a network be automatically
allocated for them (via the 'auto' network id on the request),
then we have to check that:
1. The auto-allocated-topology extension is available in neutron.
2. The dry-run validation for auto-allocated-topology passes.
Otherwise we fail the request with a 409 error. Since the
network API is raising a new type of exception, we have to handle
it in the REST API.
Part of blueprint get-me-a-network
Change-Id: Id174ddc6cd61b55f80ff2d55d5fc7b462ae144fd
This removes the portions of the os-disk-config extension that handles
additional attributes being passed in during
create/update/resize/rebuild. These are folded directly into
servers.py with a new module wide function for translating REST in =>
attr dict data structures.
Tests which use disk_config as the example for loading and using these
extensions are removed.
As this is the only in tree extension that hooks the resize entry
point, that is fully removed from setup.cfg and well as any extension
manager processing.
Part of bp:api-no-more-extensions
Change-Id: I691a3a917a3dbaa86072d689e9ebf42ba356ca60
This removes the portions of the os-disk-config extension which extend
the returned responses by adding attributes to the servers object.
Tests are updated / removed where appropriate.
Follow ups will be done to remove the request handling, as well as the
image response handling.
Part of bp:api-no-more-extensions
Change-Id: I795365ed9d0a786b56fcb18400ceee26ca8f1c96
Currently, instance tags can be set at any time during the instance
lifecycle, possibly because it does not go through the compute API.
This makes the valid instance states for the instance tag update API
consistent with the instance metadata update API. If instance tag
update is requested outside of the valid states, a 409 conflict error
will be returned.
Closes-Bug: #1591381
Change-Id: Id53a31654e105854f4942e6d47a1bea90a3e9c3b
Out of quota error has been changed from 413 to 403 in
I7c179748769b8a0e2cc2e476ebefe33449f6f304, but those
remained in expected error code in image metadata APIs.
Trivial-Fix
Change-Id: Id49c34750931508fb96251a4e1b3d1d8612f7f0d
This removes the facility in the API router to have limited lists of
extensions. From this point forward, what is in Nova is loaded, no
exceptions.
A number of unit tests and fakes have to be updated to pass after
this, as many unit tests were sending small lists of extensions to the
API router to simplify the responses they were getting back. This also
required stubbing out the request db cache in some cases, because
extensions later get content from there to avoid additional db
hits. As well as adjusting a few samples tests which now return more
data because all the extensions are always loaded.
There is much cleanup to happen after this, but this is the smallest
unit to get us over this boundary which will start letting us to
refold extensions back into the base views (and massively simplify the
API code).
This does not yet remove the config options because there is another
place those get used in servers.py and the testing fallout of that is
much bigger.
The reno will come with that patch.
Change-Id: I3e72f5e23ce39148f31dfdb76d18f403c6d04842
With the legacy v2 policy checking removed these authorizer
methods are no longer used and can be removed.
Related to blueprint remove-legacy-v2-api-code
Change-Id: I767f4b77388e487cf77bbf8f421ef703a0cc0e80
The skip_policy_check flag is used to skip the legacy v2 API
policy check points in the v2.1 API. The legacy v2 API is removed
and all the old policy check points removed also. This flag is
useless anymore, this patch cleanup them.
Partially implements blueprint remove-legacy-v2-api-code
Change-Id: Ia4a8d9954bf456253101b936f8b4ff513aaa73b2
The discription of version 2.30 is not indented as others,
trival fix it to be the same with others.
Trival-fix
Change-Id: I8f955d8cfee70dad17b5ea3d7f48e54e67895a8b
Now v2 API legacy code has been removed, functional
tests do not need to set the v2 extensions.
This patch removes the extension setting on osapi_compute_extension
flag.
Partially implements blueprint remove-legacy-v2-api-code
Change-Id: If5db4b141702fa94777fc5706dec6c3fb6c9c594
When admin-password operation is not supported by libvirt qemu/kvm
SetAdminPasswdNotSupported exception is raised, compute manager doesn't
handle it, which cause instance state to be set to error.
Closes-bug: #1522338
Change-Id: Ic63e8f723ff19dfa63199e77ea76680bff5a123b
After modifying the evacuate action, we now add a new microversion
change for modifying the live-migrate call so that the scheduler is
called when the admin user provides an hostname unless the force
field is provided.
APIImpact
Implements: blueprint check-destination-on-migrations-newton
Change-Id: I212cbb44f46d7cb36b5d8c74a79065d38fc526d8
Adding a new microversion for changing the evacuate action behaviour
to call the scheduler anyway unless the admin user provides a force
flag that then keeps the previous behaviour by forcing the conductor
to call the destination without verifying it.
Implements: blueprint check-destination-on-migrations
APIImpact
Change-Id: I9ecbe3d481bf17b12072511da4bb106ff1b6404e
Jenkins