With directly provide auth string(with contain a json formate
with auth_type and auth info), we can release context to specific
auth_type and give user the ability to provide other Keystone
(or their own) authentication method (like using
`v3applicationcredential` or others).
The format for `auth` and `auth_type` follows exactly Keystone
plugins like in clouds.yaml file [1].
[1] https://docs.openstack.org/keystoneauth/latest/
plugin-options.html#additional-loaders
Change-Id: Ic4dc2292a82860b9bb54ecb9e3b1a4dc806dab2c
Story: #2002126
Task: #26904
This provides an option to specify a swift container for stack
actions and all child templates and env files will be fetched
from the container, if available. However, files coming in the
'files' map from the client will have precedence, if the same
is also present in swift.
Change-Id: Ifa21fbcb41fcb77827997cce2d5e9266ba849b17
Story: #1755453
Task: 17353
Stack and its nested stacks should be in *_COMPLETE state for
it to be migrated. Also, we should not allow migration of a
nested stack.
This also changes stack_get_all_by_owner_id() to not select the
backup stacks. This seems to be used only in convergence code
path and migrate_convergence_1().
Change-Id: Icd54465d0c593557a12d853ddee4ee8ce6483499
Closes-Bug: #1767962
Story: #1767962
Task: #17363
We return back the sensitive information to user
when some exceptions happened, for example,
when DBError happened, we return the whole sql
statement to user, it's not safe.
This patch changes to return the message if the
exception is the HeatException, otherwise the message
won't be revealed to user.
Change-Id: I6e01b1003a39106274e79c3b413917a30b5651b6
Closes-Bug: #1708122
cryptography module throws an InvalidToken exception that does
not have any error message.
Change-Id: Ied520cd9ff60032fad1ae13e4a81dad6847d82ab
Closes-Bug: #1711047
We use StackValidationFailed in many different scenarios and
the the message is at times extremely unhelpful, specifically
when the validation error is deep in a nested stack.
Change-Id: I0183bdf81442e62325a427b4eec5c4cd9b7cb91f
Closes-Bug: #1686360
Supports to specify string values 'none' and 'auto' for
networks while creating nova server. auto: automatically
allocate network resources if none are available;
none: do not attach a NIC at all. Nova supports these
string values since api version '2.37'.
Change-Id: If65f193dfdaedec3e549a8bd7b39e5f1c02be658
Blueprint: support-auto-none-special-network
Closes-Bug: #1646360
If getting an output from a child stack fails with an error, we didn't pass
on the error message to the parent stack that was requesting it but instead
reported essentially that the given output did not exist.
Change-Id: I5653baf310a29dc4829ad570c769cf67ce12695e
Partial-Bug: #1599114
It's possible that we could end up with multiple resources with the same
physical resource ID, but that would be undetectable since we return only
one from the database layer. This change allows us to detect the problem an
return an error where the result is rendered ambiguous.
Change-Id: I2c5ddbe6731c33a09ec7c4a7b91dcfe414da4385
It would raise an error if conflicting merge strategies
are specified for a paramater or parameter_default in
environment files.
Change-Id: I9f7b15cde73b370a0cdd71a94e9f88e804cb3819
Closes-Bug: #1644217
Storing sys.exc_info() in a local variable in HeatException.__init__ would
have caused a reference loop in cases where formatting the exception
message failed.
Change-Id: I29502344713e5d4da761d9277b445a6921dbd83b
Related-Bug: #1626675
Now that we raise them in only a single place each, there's not a lot of
value in having a custom exception type for condition-related errors in the
template any more, and in fact there was no code to handle them
appropriately in heat-api so it would have resulted in 500 errors to the
client if they ever escaped heat-engine anyway.
Just use the existing StackValidationFailed exception type. This provides
more flexible control over the path than InvalidConditionReference did.
Also, raising ValueError in the Invalid function means that
StackValidationFailed will be raised with the path, so it will be much
easier for users to find where they have used an invalid function.
Change-Id: Iaa6ca030fc144efc75e707910f84bfa7385fa9e2
Now we can use the param schema to decide the type for
parameters/parameter defaults and the param specific
merge startegy when doing environment merging.
Change-Id: Idd08d9729deac463175c1bbfd70230b9700afad8
Blueprint: environment-merging
It makes no sense for an exception that is used for local flow control -
especially flow control between the Resource superclass and its
subclasses - to be defined in the heat.common.exceptions module where
user-facing exceptions whose definitions must be shared between the engine
and api are defined.
This patch moves it back to the original, correct location and adds
docstrings so people will actually know what it's for.
Technically both this and the original move were breaking changes to the
third-party Resource plugin API. This exception seems much less likely to
be in widespread use than UpdateReplace (c.f. preceding patch) though.
This reverts commit 5120f096d7.
Change-Id: I73dc671cd7e6e37ecb0f13545c7fa93d58e6e8ff
Related-Bug: #1611104
A deeply misguided effort to move all exceptions out of the
heat.engine.resource module, where they belong, and into the
heat.common.exception module, where they largely do not, broke the API for
third-party resource plugins. Unfortunately this happened a couple of
releases back already, so we can't simply put UpdateReplace back where it
belongs as that would also break the de-facto third-party API.
This change adds an alias in the correct location and a comment indicating
that it will move back at some time in the future. It also switches all of
the in-tree uses back to heat.engine.resource.UpdateReplace, in the hope
that third-party developers will be more inclined to copy from that.
This reverts commit 4e2cfb991a.
Change-Id: Iedd5d07d6c0c07e39e51a0fb810665b3e9c61f87
Closes-Bug: #1611104
This adds support for the following to the template:
heat_template_version: 2016-10-14
resources:
...
res_a:
type: OS::Nova::Server
external_id: the-new-server-id
properties:
...
Co-Authored-By: Rico Lin <rico.l@inwinstack.com>
blueprint external-resources
Change-Id: I8fda1380504d1d8b1e96649bf20b86d6309fdeca
This changes:
1. Support 'Conditions' for AWSTemplateFormatVersion: 2010-09-09
2. Support 'conditions' for heat_template_version: 2016-10-14
3. There is no need to add a new HeatTemplateFormatVersion template,
because we decide to support conditions in AWSTemplateFormatVersion
and heat_template_version: 2016-10-14, so remove the
HeatTemplateFormatVersion.2016-10-14
4. Move the definition of function 'equals' to hot/functions.py
5. Mark 'equals' as condition function which supported in conditions.
Change-Id: I2e7bdfa1c2052e75f35f2bd0003cdc170188d8b8
Blueprint: support-conditions-function
In cases where a resource is "in use," a Conflict exception may be
thrown, in which case it is worth trying to delete again up to
action_retry_limit times before giving up. Also introduce the
exception PhysicalResourceExists for future use.
Change-Id: Ib9305ff55904638491c6d43599a639d3a658f54b
Release version names are easier for template authors to remember than
seemingly arbitrary dates. It should also make it clearer to new Heat
users that heat_template_version is not like a BIND zone file version
(which would be incremented with each version of the template).
Change-Id: Iae9b6a676702b2a115b18fdfb1ab2afbe5faacde
blueprint support-alias-for-heat-template-version-names
in heat/contrib/rackspace/rackspace/tests/test_auto_scale.py:270:
mock nova and glance client methods to satisfy contraints, contraints should be constraints
in heat/heat_integrationtests/functional/test_resource_group.py:51
triggering validation of nested resource custom contraints, contraints should be constraints
in heat/heat/common/exception.py:258:
"""Keep this for AWS compatiblility.""" compatiblility should be compatibility
in heat/heat/engine/resources/openstack/ceilometer/alarm.py:349:
1) so we don't create watch tasks unneccessarly , unneccessarly should be unnecessarily
in heat/heat/engine/resources/openstack/neutron/vpnservice.py:462:
The Internet Key Exchange policy identifyies the authentication and , identifyies should be identifies
in heat/heat/engine/resources/openstack/nova/server.py:1426:
if 'security_groups' present for the server and explict 'port' , explict should be explicit
in heat/heat/engine/service.py:182:
releasing the lock to avoid race condtitions. condtitions should be conditions
in heat/heat/engine/sync_point.py:134:
don't aggresively spin; induce some sleep, aggresively should be aggressively
in heat/heat/tests/openstack/heat/test_software_deployment.py:889:
Test bug 1332355, where details contains a translateable message, translateable should be translatable
in heat/heat/tests/test_environment.py:596:
make sure the parent env is uneffected, uneffected should be unaffected
in heat/heat/engine/resources/openstack/nova/server.py:472:
'ignorning it or by replacing the entire server.'), ignorning should be ignoring
in heat/contrib/rackspace/rackspace/resources/cloud_server.py:104:
'retained for compatability.'), compatability should be compatibility
in heat/heat/engine/stack.py:1258:
" ID %(trvsl_id)s, not trigerring rollback."), trigerring should be triggering.
Change-Id: Ic4ddb65dbfaf61751a330b853780689209f9f4b5
Closes-Bug: #1595376
Apart from the fact that this method relied on knowledge of the template
format, it also checked nothing useful since we now won't even be able to
create the Parameters object unless all of the parameter definitions are in
fact dicts.
Change-Id: I950420b9016d350a427754d6a482b6ddf456bd6f
It helps client plugin to create client based on the required api
version given at run time instead of hard-coded version.
implements blueprint enable-client-plugin-to-use-a-given-service-api-version
Change-Id: I1cf3cdf498b7a97b6aa262eb3012edda8ad2aaaf
This patch removes specific DeploymentConcurrentTransaction exception
and adds one common ConcurrentTransaction exception. New exception may
be re-sed for another cases with concurrent transactions with different
error message.
Change-Id: Iaa82732702ad6035a7784eb6689c2536535142f9
Now, we set 'fixed_ips' to [] for server ports when prepare
for server replacement, but the ports are still in-use if only
set 'fixed_ips' to []. So this patch will to detach the ports from
nova server to make sure same ports can be attached to new one in
prepare_for_replace(). Also, when restoring server, we need to detach
ports from existing server, and then to attach them to previous
server.
We check the interface attach/detach complete by list the
server.interfaces, this change will use 'retry' wrapper to re-poll
the server interfaces for several times (by new config option
'max_interface_check_attempts', default is 10), then will raise
exception if the attach/detach still not complete.
Closes-Bug: #1533076
Change-Id: I7b322f9cf16c100dcd0365bc3091c289f00f0548
Add a new "immutable" boolean field to the parameters section in a HOT
template. A value of True will result in the engine rejecting
stack-updates that include changes to that parameter. When not
specified in the template, "immutable" defaults to False to ensure
backwards compatibility with old templates.
blueprint: immutable-parameters
Change-Id: If17df0b97e96ff2a1926451634e4744d6c3e26f1
When a client is not installed, Heat should behave as if the service was
unavailable. We recently started exposing exceptions when checking for
service availability, which displayed that it fails if the client plugin
returs None. Let's test and handle that case.
Change-Id: I71d5fd5be2efd7734d8569e4d26ab1b512453343
Closes-Bug: #1543759
Restricts update/replace of resource based on
environment 'restricted_actions' entry for a resource.
This also adds a 'preview_update' method to Resource
class which is now leveraged by stack-preview.
Change-Id: Iea80a6572aa696ee607682e5113204d1c82389fa
Blueprint: stack-update-restrict
We seem to be masking client exceptions when checking
resource availability, it would be good to provide the
proper error message to the user.
Change-Id: I9b82b3d5d8382f2c253febf84b8d68ab7f128c5d
Closes-Bug: #1542361
Adds the error_code for resource type exceptions and
for resource type error code starts with 99xxx.
implements blueprint heat-template-validate-improvements
Change-Id: Id73cfd06bfb28e15a52696757bb9f10cbe2596e3
Since we use EntityNotFound for a bunch of not found cases.
We should have entity and name as attribute for cases that we need to
make sure the correctness when exception happens.
Change-Id: I782c372723f188bab38656e5b7cc401d23808ffb
For exception which showing not found message, we change the super class to
EntityNotFound in order to categorize exception
Change-Id: I0e5bc9ed1254a596240044a23cb7ab59f36de7cb
Closes-Bug: #1515603
This reverts commit 9a4d719ea1 and creates a
new exception type, InvalidGlobalResource, that is raised when a
non-existent template is referenced in the global environment and which
results in an HTTP 500 error.
This fixes the cases where we could return 404 or 500 errors as a result of
template validation failures, when we should return a 400 error.
Change-Id: I3c7b3182957448bb13514696cc2e12f5aaddd253
Closes-Bug: #1518458
Related-Bug: #1447194
ricolin