As stated in i18n guide it is normal to import i18n functions
(_, _LW..) directly and we can include i18n functions in
hacking exceptions.
Also there is no need to make exceptions for six moves
because pep8 passes correctly without it.
Change-Id: I9c9aa490f1447bb7ae221809df7bc110c27d1336
Client doesn't support image deletion in batches in v2 now.
It's useful. So it's need to add it.
Change-Id: Idf5a6890b3fd01a65fecab2033b21367c30bc6b1
Closes-bug:#1485407
The oslo.utils function has exception_to_unicode that can
replace glance util function exception_to_str.
So we don't to have this exception_to_str function in glance
anymore.
Change-Id: I332bc55558087920fdd6ae2d822bece5166f5ba6
Add parsing the endpoint URL and check the path string only
in order to decide the API version.
Change-Id: Ib0a035f3bed31e2162a1231a5f5dcc3907d37243
Closes-Bug: #1489727
In case that a sensetive header (that should be obscured by its SHA1
hash) is None, the safe_header throws an exception which fails the
calling process and by that may harm the functionality.
Change-Id: I56944a382fd546eba0a6dd6d6b1cecf83b1dc106
Closes-Bug: #1491311
We have a basic implementation for a fallback mechanism that will use v1
rather than v2 when downloading schema files from glance-api fails.
However, this is not sound. If the schemas are cached already, we won't
check if v2 is available and fail to fallback.
This patch fixes the aforementioned issue by getting the list of
available versions from the server only when the API versions was not
explicitly specified through the CLI. That is, for all commands that
don't pass `--os-image-api-version 2`, we'll check v2's availability and
we'll fallback to v1 if it isn't available.
This patch also changes how we handle `/versions` calls in the client.
The server has been, incorrectly, replying to requests to `/version`
with a 300 error, which ended up in the client re-raising such
exception. While I think 300 shouldn't raise an exception, I think we
should handle that in a spearate patch. Therefore, this patch just
avoids raising such exception when `/version` is explicitly called.
This fallback behaviour and the check on `/versions` will be removed in
future versions of the client. The later depends on this bug[0] being
fixed.
[0] https://bugs.launchpad.net/glance/+bug/1491350
Closes-bug: #1489381
Change-Id: Ibeba6bc86db2a97b8a2b4bd042248464cd792e5e
Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm. This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.
In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False. When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.
This patch/spec proposes removing the custom code because:
* It is a burden to maintain
Eg adding new code such as keystone session support is more complicated
* It can introduce additional failure modes
We have seen some bugs related to the 'custom' certificate checking
* Newer Operating Systems disable SSL for us.
Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
'off'. This makes both servers and client less likely to have compression
enabled.
* Newer combinations of 'requests' and 'python' do this for us
Requests disables compression when backed by a version of python which
supports it (>= 2.7.9). This makes clients more likely to disable
compression out-of-the-box.
* It is (in principle) possible to do this on older versions too
If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
operating system/python combinations, the requests library should
disable SSL compression on the client side.
* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.
Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling
Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf
Currently glanceclient doesn't enforce disk-format or container-format
presence in the command line on image-create when providing image data
(with --file, --location, --copy-from), which means that the POST
request is made with the whole image and error is reported by Glance
API.
This post enforces presence of those arguments when image data is
provided so we can get the error quicker and avoid sending unnecessary
data over the network.
Change-Id: I5914fa9cfef190a028b374005adbf3a804b1b677
Closes-Bug: #1309272
Due to a typo in an attribute named, an Attribute error is raised
causing failure in connection to glance through HTTPS
Urllib3 PoolManager class has a connection_pool_kw attribute
but not connection_kw
Closes-Bug: #1479020
Change-Id: Id4d6a5bdcf971d09e80043fd2ab399e208fd931c
This commit enables new flake8 checks:
* E265 block comment should start with '# '
* H405 multi line docstring summary not separated with an empty line
* E123 closing bracket does not match indentation of opening bracket's line
* H238 old style class declaration, use new style (inherit from `object`)
* E128 continuation line under-indented for visual indent
and makes related changes in the code.
Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c
As stated in the OpenStack Hacking Guidelines, it is prefered
that only modules should be imported.
Also updated tox.ini to ignore opestack/common among others.
Change-Id: I2f0a603c31052eadee581c11880c0ec6bd392829
This fixes a bug where if iteration is interrupted, we're stuck until
the iterable is garbage collected, which can be a very long time (e.g. if
the iterable is held in an exception stack frame).
Co-authored-by: Stuart McLaren <stuart.mclaren@hp.com>
Change-Id: Ibe9990e8c337c117a978b1cd8ec388c4bc6d3b4b
Closes-bug: 1461678
To make this work we create a different HTTPClient that extends the
basic keystoneclient Adapter. The Adapter is a standard set of
parameters that all clients should know how to use like region_name and
user_agent. We extend this with the glance specific response
manipulation like loading and sending iterables.
Implements: bp session-objects
Change-Id: Ie8eb4bbf7d1a037099a6d4b272cab70525fbfc85
When using the client with python 3.4 and no ssl compression the following
stack trace ocurrs:
TypeError: startswith first arg must be bytes or a tuple of bytes, not str
Closes-bug: 1442883
Related-bug: 1357430
Change-Id: I8e28f0bb1f3e866f11851247ce31470ca8c2af4f
Since the release of the 0.16.1 client, using the 'no ssl compression'
option, whether on the command line, or via the library -- Nova does this by
default -- a stack trace was generated.
Closes-bug: 1442664
Related-bug: 1357430
Change-Id: I2b8ddcb0a7ae3cfccdfc20d3ba476f3b4f4ec32d
Added option '--human-readable' to image-show cli which allows users
to display image size in human-readable format.
Change-Id: Ic3452ce4560d3cf90fa7f59f98e5ff42e804f8c9
Closes-Bug: #1434381
Mainly to improve consistency, use range() from six.moves
renames across glance.
Behaves consistently like py2 xrange() and py3 range().
Change-Id: I7c573a3a9775f454b98d25f2a14f8e9f5f4ac432
Other OpenStack services which instantiate a 'https' glanceclient using
ssl_compression=False and insecure=False (eg Nova, Cinder) are leaking
sockets due to glanceclient not closing the connection to the Glance
server.
This could happen for a sub-set of calls, eg 'show', 'delete', 'update'.
netstat -nopd would show the sockets would hang around forever:
... 127.0.0.1:9292 ESTABLISHED 9552/python off (0.00/0/0)
urllib's ConnectionPool relies on the garbage collector to tear down
sockets which are no longer in use. The 'verify_callback' function used to
validate SSL certs was holding a reference to the VerifiedHTTPSConnection
instance which prevented the sockets being torn down.
Change-Id: Idb3e68151c48ed623ab89d05d88ea48465429838
Closes-bug: 1423165
Currently, on systems like Fedora and Debian, it is possible to import
urllib3 as well as requests.packages.urllib3. They functionally point to
the same code but sys.modules considers them to be separate items. When
downstream packagers unvendor urllib3 from requests, they also change
all the imports inside of the package. So if the code imports urllib3
from requests.packages.urllib3 and modifies globals in a submodule, that
will not be visible to requests since it has been rewritten to use
urllib3 (not requests.packages.urllib3). By handling this logic
ourselves, we can issue a release until upstream packages and requests
can fix this and cut a new release.
Change-Id: Ic77ce8a06d9d148a899b4b8695990fca8fdaefc5
Closes-bug: 1396550
The oslo.utils libraries are moving away from namespace packages.
This requires oslo.utils>=1.2.0
bp drop-namespace-packages
Change-Id: I803df61e91eabb96329d859aef6bea03530fb84f
When keyboard interrupt is received by glanceclient, the return code as
of now is 1.
But since the client was terminated by an keyboard interrupt, the return
code should be 130. (http://tldp.org/LDP/abs/html/exitcodes.html)
It is useful when people are writing automation test cases and want to
validate based on the return code.
Change-Id: Ia70116ab6f0708a0ce6eeaed07c1e7a56e68c9f4
Closes-Bug: #1373231
Some generated header values may in fact be None. Trying to encode None
causes the client to fail with an exception and cannot be worked around
by the user.
Change-Id: I638b1fba0ef9a07d726445d8c2cdd774140f5b83
Closes-bug: 1415935
This module now lives in oslo.utils, so import it from there instead.
Co-Authored-By: Ian Cordasco <ian.cordasco@rackspace.com>
Change-Id: Ib35dc840992433542490670781badd9529ec8947
If we don't explicitly close a response after streaming its download,
then we can run into HTTPConnectionPool full warnings. It also will hurt
performance if we have to continuously create new sockets for new
responses. Calling close will return the connection to the pool so it
can be reused. Note this is only necessary when streaming a response. If
we don't stream it, then requests will return the connection to the pool
for us.
Change-Id: I803bd4dd0e769c233501d5e5ff07a19705fbe233
Closes-bug: 1341777
The returns from requests' response.content is a bytes type. Under
python 3 this fails in error handling and string conversion. The
response.text variable should be used to treat a response body as a
string.
Closes-Bug: #1407531
Change-Id: Ifd588b5f6820ef21beb186d88d0b3f1a267695aa
The move to the requests library (dbb242b) broke the progress bar during
downloading an image with --progress enabled, due to requests returning
a generator, which has no __len__ function. This patch adds an iterable
wrapper which provides the length, sourced from Content-Length headers.
Closes-Bug: #1384664
Change-Id: I48598a824396bc6e7cba69eb3ce32e7c8f30a18a
kairat_kushaev