Now we can use keystonemiddleware and murano context middleware for requests
from outside OpenStack so we don't need to recreate keystoneclient for each
request and can easily get token from the request headers. That makes
authorization proccess a lot easier in terms of source code.
Change-Id: If937501074b85d43921fdb108f8af3babeded828
Closes-Bug: #1512254
New middleware will solve the problem with non-Openstack requests by
adding some minimal required headers.
Change-Id: I49986e73d0eb3da1ce13d22771c6bcb5a28ba846
Implements: bp external-request-middleware
Murano doesn't handle request properly if it is behind an SSL
termination proxy. In this case HTTP redirection and returned URLs
use http instead of https.
New middleware helps to handle the situation below properly. The purpose of the
SSLMiddleware is to update the wsgi.url_scheme environment variable of
the request with the value contained in an HTTP header that can be
configured in the configuration file (by default: 'X-Forwarded-Proto')
Closes-Bug: #1504610
Change-Id: Id7cfa1bce00c965b618a4f3e4ca2c915a57bbe52
In this commit we added new murano service called murano-cfapi.
It's Cloud Foundry Service Broker API implementation for OpenStack.
* add new entrypoint for murano-cfapi
* add provision/deprovision operations for Cloud Foundry.
partial-implement: bp cloudfoundry-api-support
Change-Id: I5cdb612774f5e46ec7fc787f961e5c7e16ed8501
Add new API calls that will provide logging and can be
consumed by MuranoPL workflows. It will improve debuggability.
Application author can use logs to improve application quality.
Implements: blueprint logging-api-for-muranopl
Change-Id: I747cf7f5fca20960f2304605e1c7241f465f5dc1
This commit adds request-id filter to paste config and adds support for
request_id to the ContextMiddleware. This would mean, that request-id,
generated for each particular request to api would be returned to the
caller in the form of 'x-openstack-request-id' header
Targets blueprint: murano-x-openstack-request-id-support
Change-Id: Id3d593c33fd31bae7226052b908750e5c000f730
To follow latest community practices we need to use oslo_log in
murano instead of handcrafted libs.
Unsupported log level 'audit' was changed to 'info'.
Change-Id: I40c0f3790e34bf80d0b63554e86b3cbc019eefca
oslo.service has graduated, so murano should consume it.
Use the 1.16.0 version of the oslo.messaging library.
Change-Id: I774c70bdf06b304f7d958eac488dc28b7625fb12
Closes-Bug: #1466851
Depends-On: I4159450f54609c5185146472179d4299fe0c9d30
Depends-On: Ifa7a03b21aaf6911039c465696a0476e97905793
Adds request param all_tenants allowing listing environments from all tenants.
Congress data source needs populate its tables by data from all tenants.
Similar machansim uses nova to allow list servers from all tenants.
Partially implements: blueprint murano-api-all-tenants-search
Change-Id: I842292720a475992a137c1e4715873a059ec605c
Corresponding changes were made in murano common policy file
and in requirements.
Change-Id: Ic7c4f61db0bb2655c4c0041500bd74e8890ea038
Closes-Bug: #1458945
Also, there were some issues with policy:
* 'publicize_image' instead of 'publicize_package';
* corresponding actions have different names;
* user could not upload packages by default;
* user could mark package public/unpublic;
* user could delete pablic packages.
Change-Id: I5459016a4e7401b58fcb343e40d0047a4959b7df
Closes-Bug: #1439240
Closes-Bug: #1436289
Network configuration is extracted into a separate file.
By default this is netconfig.yaml residing near murano.conf
But the name and path can be changed in config file.
Example of net-config can be found in etc/murano/netconfig.yaml.sample
If no file present old behavior is kept
Change-Id: I7b74eea69ee2ffe1c721b751e564b54252dcfbe3
Implements: blueprint configure-environment-network-defaults
Adds new API calls, responsible for add,
browse and delete categories.
Implements blueprint enable-category-management
Change-Id: I9da0680cfa244ef225be0706a54f492644c0dcba
* Set admin rule for a several API calls and remove direct check in code
* Now admin can configure policy.json and enable package management for regular users
* Update common policy module
Closes-Bug: #1412868
Change-Id: I8d0725b613564529d32a5acef289f4822f32915c
These scripts were not supported for a long time. Upstream
distributions have their own version of init scripts for Murano.
Change-Id: I80f439fc2667b05a5bcf2091559ae7a332bfcbee
Similarly with the way it was done in the murano-agent, added
the ability to use the oslo-config-generator for creating a sample
configuration file murano.conf.sample.
Now to create the file, you must run:
tox -egenconfig
Change-Id: I8b06336d75eccfd598ce9033333884f75f393a09
If it doesn't find a router by the name specified in router_name
in murano.conf, create a router with that name. Uses
external_network_id or external_network_name as the
external_gateway_info ID. Requires:
https://review.openstack.org/#/c/119800
Change-Id: If8b966a7d43eb2af485113de2a0708e554605725
Murano should not use first available router it may create
different networking issues cause router may not have access to
external network.
Closes-bug: #1366124
Change-Id: I223a4862c3b20cfb20281be6bd9376be3644ad92
* Provide exceptions details in the response body
* Decode package exception message to keep correct formatting
Partly-Closes-Bug: #1328662
Change-Id: I28000ec42db644d5db75f92d968955f7dd620091
Some parameters were ommitted in murano sample config file
This patch adds config params from openstack to config checker
Closes-Bug: #1356787
Change-Id: I8221bc3aa063ecb53e210adf7a2222c92da1c049
In some circumstances murano-agent isn't required (e.g. in
environments where heat SW config is capable alone of performing
configuration). In this case it's not necessary to have the
additional overhead of rabbitMQ connections for the AgentListener
that will never receive a message.
Patch adds a config option 'disable_murano_agent' that no-ops
AgentLister.start() and raises an exception on Agent._send()
Change-Id: I565caaae21925c48f2a0adea18036239cac91c77
Implements: blueprint disable-murano-agent
This patch enables check to make sure that murano-api.conf.sample
is always up to date. To make sure that your change keeps the sample
config in sync you can run:
$ tox -e pep8
It'll generate a config file from current source code and will
compare it with etc/murano/murano.sample.conf
getopt workaround for OS X users:
* install GNU getopt by using homebrew (brew install gnu-getopt) or
macports (port install getopts);
* add it to the PATH before the actual getopt before running tox;
* if you'd like to make it default just add it to your bashrc/zshrc/etcrc,
for example, for brew you should add:
export PATH=$(brew --prefix gnu-getopt)/bin:$PATH
Side effects:
Turns out our code depends on posix_ipc through
openstack/common/lockutils.py. Added it to requirements.txt
Change-Id: I57b3660b8a15e17c88040d4b190b36364cd7c5bf
Closes-bug: #1291318
Adds ability for deploy-time auth checks to allow/disallow
functionality, in line with other openstack projects.
Includes update of code in openstack/common, which is why the
patchset is so large. oslo-incubator changeset is May 27th
caed79d8239679cb74476bb0d9e5011b4fcc39da.
Implements blueprint policy-checks-in-api
Change-Id: I67a431dcc74f0a77ed48b7a489136d5008773cea
That way it works like Glance (see http://tinyurl.com/jwqtj23) and
allows for complex query pagination (to cycle through pages filtered
by some criteria, muranoclient uses 'next_marker' pointer).
Implements: blueprint app-catalog-pagination
Change-Id: If71da70fa835a1ee7a271ebf7238c0a4c64d4123
Added a new package ( io.murano.lib.networks.Neutron) to handle networking via Neutron
The package introduces a class 'NewNetwork' (io.murano.lib.networks.neutron.NewNetwork)
This class is capable of the following:
- Create a new Network (L2 segment)
- Use NetworkExplorer class to allocate an available CIDR
- Create a new Subnet (L3 segment) in the created Network with the allocated CIDR
- Use NetworkExplorer class to locate an available router
- Use NetworkExplorer class to detect the default DNS nameserver
- Uplink the created subnet to the located router
Also, as this class extends io.murano.resources.Network, it implements the addHostToNetwork method
The implementation creates a Neutron Port and connects that port to a created network and intance
This commit also modifies the environment-creation logic of the API, allowing to add default networks
to the Environment object.
This is a temporary solution: in future the instantiation of this object(s) should be done in MuranoPL
This commit concludes the minimum set of functionality needed to implement AdvancedNetworking
in 0.4.x feature set.
Closes-bug: #1308921
Change-Id: I885620099995b0d402a23def3ff428fb902973d2
Added a NetworkExplorer class (maps to io.murano.system.NetworkExplorer) to explore
the Network Environment of an active tenant.
The class is able to locate the default router (if present) and allocate available
CIDR range for the selected router. The latter requires some configuration options
(for proper CIDR segmentation)
This commit adds python-neutronclient to the requirements, as NetworkExplorer has
to directly interact with Neutron
This classes is a crucial part of AdvancedNetworking implementation
Partial-Bug: #1308921
Change-Id: Ib9daa1b1521d9bc17a53d7e131be6c9f43faa013
* Added package property to MuranoClass
* Added new class loader: PackageClassLoader
* Support loading packages from API and file-system
* Extended ApplicationPackage to support getting resources from packages
* Rewritten ResourceLoader to support loading resources from packages
Co-Authored-By: Serg Melikyan <smelikyan@mirantis.com>
Change-Id: I47e70f960104f78433c285411328f315638186da
Now db should be created by a command:
murano-manage --config-file /etc/murano/murano-api.conf db_sync
Change-Id: I34fe5b4fad7588d882dddaee729fa3fc751608d4
Added all missing parts to complete MuranoPL implementation:
- system classes
- base classes
- integration with oslo.messaging
- package entry-point & other things to run engine
Integrated engine with API
Note: some tests are marked to be skipped,
will be enabled via separate commit.
Partially-Implements: blueprint new-metadata-dsl
Change-Id: I3c1c2326b48da57647d55ea8edfba56f1657d7d6
This patch adds a new service which provides
an endless loop to update statistics information.
There is no actual code for stats themselves.
the intension is to save a collected stats to DB
on a periodic basis.
Change-Id: Ia00a5068c2f744b0318a523860ccc5eba225868e
Partly-Implements: blueprint api-request-stats
* Remove muranoapi/openstack/common/rpc
* Remove muranoapi/openstack/common/notifier
* Add ResultEndpoint for handling results from Conductor
* Add ReportNotificationEndpoint for handling reports from Conductor
* Add ConductorClient to send environments to Conductor
* Update murano-api.conf.sample with new RabbitMQ settings
* Clean-up openstack-common from rpc/notifier modules
Change-Id: I4b63f3e2b848143af99dff3c7d39080cc39516a0
