These all belong in separate files. Make it so.
We also rename the volume_attachment schema file to volume_attachments,
to better link it to the actual API code, and tweak an error message to
fix some capitalization.
Change-Id: Iffefc263bbf19d18137207c0432c16fdb3c513f9
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This change tightens the validation around the attachment
update API to ensure that it can only be called if the source
volume has a non empty migration status.
That means it will only accept a request to swap the volume if
it is the result of a cinder volume migration.
This change is being made to prevent the instance domain
XML from getting out of sync with the nova BDM records
and cinder connection info. In the future support for direct
swap volume actions can be re-added if and only if the
nova libvirt driver is updated to correctly modify the domain.
The libvirt driver is the only driver that supported this API
outside of a cinder orchestrated swap volume.
By allowing the domain XML and BDMs to get out of sync
if an admin later live-migrates the VM the host path will not be
modified for the destination host. Normally this results in a live
migration failure which often prompts the admin to cold migrate instead.
however if the source device path exists on the destination the migration
will proceed. This can lead to 2 VMs using the same host block device.
At best this will cause a crash or data corruption.
At worst it will allow one guest to access the data of another.
Prior to this change there was an explicit warning in nova API ref
stating that humans should never call this API because it can lead
to this situation. Now it considered a hard error due to the
security implications.
Closes-Bug: #2112187
Depends-on: https://review.opendev.org/c/openstack/tempest/+/957753
Change-Id: I439338bd2f27ccd65a436d18c8cbc9c3127ee612
Signed-off-by: Sean Mooney <work@seanmooney.info>
nova stopped supporting custom image properties many years
ago with the introduction of ovo.
when the image property show feature was added it incorrectly
filtered the instance_system_metadata table for the image prefix
but didnt restrict the responce to only standard image properties
This change adds that filtering and fixes minor issues with the
responce schema validation.
Related-Bug: #2098384
Change-Id: I11a8783b02f35b7dfc964bf49f1a8a0a2469abc3
Signed-off-by: Sean Mooney <work@seanmooney.info>
Neutron has used the term project instead of tenant for a long time now.
Rename the option accordingly and drop deprecated group and deprecated
name aliases from other options in the '[api]' group.
Change-Id: I5a547c7b6232c24b3a0f0c6d0ac916229a91b038
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is mostly uneventful save for us needing to fix our API ref, which
indicated that the 'OS-EXT-IMG-SIZE:size' field shown in the 'show' and
'detail' views was a string rather than an int. You can confirm this is
*not* the case like so:
>>> import openstack
>>> conn = openstack.connect()
>>> conn.conn.compute.get('https://example.com/compute/v2.1/images/detail').json()
(obviously replace 'https://example.com/' with a compute API host)
Change-Id: Ia318478dfdb50f8d57a74958b3555f6ad97351ec
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Keystone project manager role can be used for the project-level
management APIs. Nova introduced the manager role in policy
defaults.
To introduced the manager role, we need to make migrations
policies more granular. Adding the separate policies for host
related operation allow us to open the migration operations
to project manager role. Existing policy is checked if migration
without specifying host and new policy is checked if host is
specified. Same will be applied to list migrations, new policy
will control to return the host info.
Also, Adding doc and releasenotes.
Partial implement blueprint policy-manager-role-default
Change-Id: Ie7d135e4d24ac6d53c46a4c69ade0b0bda554e71
Signed-off-by: Ghanshyam Mann <gmaan@ghanshyammann.com>
Signed-off-by: ghanshyam <gmaan@ghanshyammann.com>
Yet another proxy API documented, albeit very loosely. We also remove a
conditional that can never be reached: we will always have a network
from neutron by time we attempt to show it. If we didn't, we'd have
exited early due to an exception.
Change-Id: I008975b3eabf5f3552ebad7e5bbe847b9c7eaa16
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
These are all empty and are purely here to satisfy the check for
schemas and to allow us to potentially populate them for documentation
purposes later.
Change-Id: Ia52bc78b3392ec69382f3427f5676d52f9abee6d
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
* Set additionalProperties to False, as expected
* Correct copy calls (not that it matters)
Change-Id: I97d8206d2df5deee0521ae69a73a32a7136c37be
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We also fix some issues in the api-ref, since it'll be another while
before we can replace that.
Change-Id: If661e3af796475637c0e76b3dfbfd5b7a7f38c24
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
* Add a note explaining presence of xvpvnc console type
* Make 'url' mandatory in create response
* Remove unnecessary description fields: we will populate these later
* De-deuplcate request body schemas
* Re-add references to the rdp console to the api-ref
Change-Id: I5555b8cf7a83fad689e98522850b5550b49566ed
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
* Address an off-by-one error: the cpu_info field was modified in v2.28,
not v2.27,
* Correct the api-ref to indicate that the 'servers' field is not
actually required and will be missing if '?with_servers=false', while
the 'name' and 'uuid' fields of servers entries *are* required.
* Clarify a comment about the above in the schemas.
* Uncouple the '_hypervisor_response' and '_hypervisor_detail_response'
helper schemas. The minor increase in lines of code is worth it for
the decrease in complexity.
* Add the 'host_ip', 'hypervisor_type', and 'hypervisor_version' fields
to the list of required fields for "detail"-style responses (show and
detailed list).
* Make the 'current_workload', 'disk_available_least', 'free_disk_gb',
'free_ram_mb', 'host_ip' and 'running_vms' fields of the hypervisor
"detail"-style responses nullable, and the 'current_workload',
'disk_available_least', 'free_disk_gb', 'free_ram_mb' and
'running_vms' fields of the deprecated statistics API nullable.
Change-Id: Ibe55b44e65fe17141c63cceae8a003816ffe4f23
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The user_id and project_id fields can be null. Explain why.
Change-Id: I34353ec7e55845a83f5e2f1dc4b41dead4ac5c81
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Most of these were already tackled as part of the server actions. We add
a schema for the RDP console, even though it's deprecated, since it
allows us to complete validation.
Change-Id: If13541b47b2b35f5a352049add65ced35f91f216
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Quite a few test fixes need here in order to ensure our tests generate
valid output.
Change-Id: I33377c06f40aed70d574cdc8aada27a61128ea61
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We also resolve a small mishap that has led to some unused schemas.
Change-Id: Iad8ab646f5c14ec1396fd48616e09d4271ccb304
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We split this one up due to its size, which itself is mainly due to the
amount of aliasing that went on in early versions as well as the amount
of changes that have been made over the years.
This focuses on the statistics view. We also reorder the output fields
in the view alphabetically just to make reviewing the schema slightly
easier.
Change-Id: I950a7e2286d451b37b2f7cbd02c4a0a82ac64361
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We split this one up due to its size, which itself is mainly due to the
amount of aliasing that went on in early versions as well as the amount
of changes that have been made over the years.
This focuses on the show view as well as the closely related detailed
view.
Change-Id: I06b1a8f0a30e9260f118921a13e85c4c534d9c8f
Stephen Finucane