In case that a sensetive header (that should be obscured by its SHA1
hash) is None, the safe_header throws an exception which fails the
calling process and by that may harm the functionality.
Change-Id: I56944a382fd546eba0a6dd6d6b1cecf83b1dc106
Closes-Bug: #1491311
There's a corner case where password may be requested twice. In a fresh
environment, when schemas have not be downloaded for v2, the client will
ask for a password to download the schemas and then it'll ask for the
password again to run the actual command. This happens because we parse
the CLI arguments twice to make sure we're parsing them for the right
client version.
This patch checks if the password is unset in the newly parsed arguments
and if it's been set in the previously parsed ones. In this case it
keeps the set password. I believe this approach is safer than re-using
the already parsed arguements which may have been parsed for a different
API version (might happen because we fallback to v1 if v2 is not
available).
Change-Id: I080253170e3e84a90363e5bb494cf137895fe2e7
Closes-bug: #1488892
Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm. This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.
In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False. When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.
This patch/spec proposes removing the custom code because:
* It is a burden to maintain
Eg adding new code such as keystone session support is more complicated
* It can introduce additional failure modes
We have seen some bugs related to the 'custom' certificate checking
* Newer Operating Systems disable SSL for us.
Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
'off'. This makes both servers and client less likely to have compression
enabled.
* Newer combinations of 'requests' and 'python' do this for us
Requests disables compression when backed by a version of python which
supports it (>= 2.7.9). This makes clients more likely to disable
compression out-of-the-box.
* It is (in principle) possible to do this on older versions too
If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
operating system/python combinations, the requests library should
disable SSL compression on the client side.
* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.
Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling
Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf
Currently glanceclient doesn't enforce disk-format or container-format
presence in the command line on image-create when providing image data
(with --file, --location, --copy-from), which means that the POST
request is made with the whole image and error is reported by Glance
API.
This post enforces presence of those arguments when image data is
provided so we can get the error quicker and avoid sending unnecessary
data over the network.
Change-Id: I5914fa9cfef190a028b374005adbf3a804b1b677
Closes-Bug: #1309272
Now that we have stable branches for clients, it's easier to keep track
of the current default image's schema in Glance and update it
respectively. This patch adds the current image schema, including the
schema-properties.
One good reason to do this is to be able to react when a running Glance
instance is not around to be introspected. It's really unfortunate that
things like help text can't be rendered when there image schema is not
available in the system.
We could keep the schema in a json file but rather than shipping data
files with glanceclient we can just have it in the python modules.
Change-Id: I9b8cc1d18d6717ccf991fb8149ab13c06d653ee4
Closes-bug: #1481729
Now we have claimed v2 is the current API version of Glance,
we should change the Glance client as well to be consistent
with Glance server.
DocImpact
Change-Id: I09c9e409d149e2d797785591183e06c13229b7f7
Previously when listing images via v2, the first image of each batch
was validated against the v2 schema.
This could lead to unpredictable behaviour where a particular image
which failed the schema check may or may not be the first of a batch.
In some cases it also meant that operation by one user could affect the
ability of another other to list images.
Change-Id: I22974a3e3d9cbdd254099780752ae45ff2a557af
Closes-bug: 1477910
Due to a typo in an attribute named, an Attribute error is raised
causing failure in connection to glance through HTTPS
Urllib3 PoolManager class has a connection_pool_kw attribute
but not connection_kw
Closes-Bug: #1479020
Change-Id: Id4d6a5bdcf971d09e80043fd2ab399e208fd931c
This commit enables new flake8 checks:
* E265 block comment should start with '# '
* H405 multi line docstring summary not separated with an empty line
* E123 closing bracket does not match indentation of opening bracket's line
* H238 old style class declaration, use new style (inherit from `object`)
* E128 continuation line under-indented for visual indent
and makes related changes in the code.
Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c
Add new tests for v2 tasks module to cover following cases:
- getting list of tasks using the marker
- getting list of tasks using sort_key & sort_dir keys
Change-Id: Ic126999ebb16e51cc472fe8f86dfe1fced0bc016
Closes-Bug: 1433637
This set provides API and shell commands support for:
- CRUD on metadef_tags;
Change-Id: I09bdf43edee6fff615d223f1a6df7c15a1e40565
Implements: blueprint metadefs-tags-cli
DocImpact
Several tests with cert verification are broken. This
code fixes it by setting right imports. Also some typos
are fixed too.
Change-Id: Ie014f90714c3dabee65459fd704dd11b1770c7de
Closed-Bug: #1472234
mock 1.1.0 was released on 10 July 2015 which prevents users from using
non-existent assertion methods. This broke the test in the diff.
Co-Authored-By: Ian Cordasco <graffatcolmingov@gmail.com>
Closes-Bug: #1473454
Change-Id: I162b76bbd7d96c96787a8dd8f9642ca1c80c596a
The v2 Glance client implementation ignores the marker attribute if
it's passed to the client as part of the kwargs. Include support
for the attribute, as the v1 client supports it and it makes it
easier to work with the Glance client.
Change-Id: Ifaa59129bc4178212b890ea591673cb154e0f110
Closes-bug: 1465373
As stated in the OpenStack Hacking Guidelines, it is prefered
that only modules should be imported.
Also updated tox.ini to ignore opestack/common among others.
Change-Id: I2f0a603c31052eadee581c11880c0ec6bd392829
This fixes a bug where if iteration is interrupted, we're stuck until
the iterable is garbage collected, which can be a very long time (e.g. if
the iterable is held in an exception stack frame).
Co-authored-by: Stuart McLaren <stuart.mclaren@hp.com>
Change-Id: Ibe9990e8c337c117a978b1cd8ec388c4bc6d3b4b
Closes-bug: 1461678
To make this work we create a different HTTPClient that extends the
basic keystoneclient Adapter. The Adapter is a standard set of
parameters that all clients should know how to use like region_name and
user_agent. We extend this with the glance specific response
manipulation like loading and sending iterables.
Implements: bp session-objects
Change-Id: Ie8eb4bbf7d1a037099a6d4b272cab70525fbfc85
Show the owner and status information when adding -v or --verbose
to the image-list command.
Closes-bug: #1381514
Change-Id: I90bf622147b12ed157072fad0823af58223caf91
Disallowed fields(schema, created_at and updated_at) were
getting deleted from Metadef namespace instead of Metadef object.
Change-Id: Id80e204c7af1ac6926c66627d290a15c4e6b00d9
Closes-Bug: #1433884
If there was a problem importing a library we would incorrectly raise
an unsupported version error:
$ glance --os-image-api-version 1 image-list
"1" is not a supported API version. Example values are "1" or "2".
We should change this to provide information on the failed import, eg:
$ glance --os-image-api-version 1 image-list
No module named badimport
We also now raise the full stacktrace in this case if '--debug' is passed
on the command line.
Change-Id: I1c687ae6c5da239090b0b7a4a855b3271a9076da
Related-bug: 1402632
Now Glance /images/detail API of v1 supports parameter
'changes-since' to query deleted images. But it's missed
in client. This patch will add the parameter.
Related-Bug: #1432701
Change-Id: Id38e3a78b4b2ef680ea04d35e32beb4b9c8efa00
Since `assertIn` is provided for checking if value exists in given
container, it is not formal to use `assertTrue` for it.
Change-Id: Ie1392839b5ca436957463bb29f2784d48cfcbf75
On occassion the values from schema are presented in a different order.
Compare them in an unordered way as we only care that both are present.
Change-Id: Ib2d44587196f43c73f4b0a3796fac9f4dc20f20f
This patch moves the glanceclient unit tests to the standard directory
(xxxclient/tests/unit) in preparation for adding functional gate tests
'check-glanceclient-dsvm-functional' in the same vein as existing client
tests for other projects, eg:
* check-novaclient-dsvm-functional
* check-keystoneclient-dsvm-functional
* check-neutronclient-dsvm-functional
Change-Id: I29d4b9e3a428c851575ee9afde40d6df583456c4
David Edery