The aim is to use a single sqlalchemy session for an RPC request.
The context object passed to EngineAPI methods is actually an RpcContext
which contains the same data as the RequestContext. The @request_context
decorator turns this back into a RequestContext which can now have other
behaviours added to it.
RequestContext now has a lazy loaded session attribute.
Save calls on created entities need to be passed the shared session.
Change-Id: Ied4e66deaca205362b84fb698f75cc872886607d
Add a flag to the stack_get dbapi call, defaulted to False,
which allows us to specify that the admin context is being used
hence we don't want tenant-scoping condition applied.
This is needed to allow the admin context to retrieve stored
credentials per-stack (e.g for the periodic per-stack tasks)
Change-Id: I55e307b7940f7da13bd169271744e80d95ea0bd9
Signed-off-by: Steven Hardy <shardy@redhat.com>
Add option to retrieve all watch rules for a given stack, which
will be required to move to periodic watch threads per-stack
Ref bug 1078779
Change-Id: I350e2ee72c7eec0b91bf85ac52bb04e3cd00b4db
Signed-off-by: Steven Hardy <shardy@redhat.com>
Rework WatchRule to refer to stacks by uuid not name, this will
help us move to allowing non-unique stack names containing WatchRule
resources
Ref bug 1078779
Change-Id: Idbbbd65a05d7036860cc2feb044d568210071d21
Signed-off-by: Steven Hardy <shardy@redhat.com>
Rename stack_get_by_tenant to stack_get_all_by_tenant
This aligns better with other dbapi calls and better describes
the actual purpose of the call
Change-Id: If410220f8423f31718e6bcbfeca62a45c94c4d18
Signed-off-by: Steven Hardy <shardy@redhat.com>
This means that all calls to stack_get_by_name need to provide a context.
Without this change, 2 tenants cannot create stacks with the same name.
Change-Id: I98c35a5d51c5c7d66e0b8a0fddc04f221d1d6ab7
For the migrate upgrade, existing integer keys remain and any subsequent stack
will be assigned a uuid.
For a migrate downgrade, it should work fine if there have been no stacks added
since ugrade. Added stacks will have their IDs 'truncated' back to an integer
which will require some manual fixup after downgrade.
Change-Id: Ib882bece911fcbc96fffab16a9f0e5ce3cb55fed
Tenant names may come and go, but UUIDs are universally unique. Therefore,
ownership of the stack should be keyed on the tenant_id, not the tenant
name.
Change-Id: I7ec410aeaeceb6319299935b5f34d7c4e9c63d67
Signed-off-by: Zane Bitter <zbitter@redhat.com>
Add watch_rule_get_by_name, and move the previous
watch_rule_get to look up rule by ID, which is consistent
with the other api calls. Lookup by id is required for
WatchRule rework
Ref #217
Change-Id: I4b5d08ffcd31b6b522c65edd0a202e8cf5a367b8
Signed-off-by: Steven Hardy <shardy@redhat.com>
Add watch_rule_update DB API call, needed for WatchRule
refactor/rework
Ref #217
Signed-off-by: Steven Hardy <shardy@redhat.com>
Change-Id: Ie8321d390ab96e987bfa4c97c26f1e0305f6bd48
All unit tests now run in 4 seconds, instead of 64 seconds on a HDD.
_ENGINE global setting had to be moved into get_engine() so that migration works, otherwise get_engine() creates a new isolated in-memory database for
every call.
Other unit test speedups in this change are to stub out some eventlet sleeps
which saves about 5 seconds.
Change-Id: I3643b73dd9bd86c414934b7c78db67402587f570
Return the decrypted user_creds record as a dict copy
and do not decrypt the credentials direct into the
sqlalchemy model object, or we can inadvertently
end up committing decrypted credentials to the DB
Ref #218
Change-Id: I0df9afcb271804557c94cdf0c913f7a26affdc83
Signed-off-by: Steven Hardy <shardy@redhat.com>
Align watch_data_get_all with other "all" methods, and
return all watch data without requiring an ID. We may
also need by_id and by_name variants but this is more
consistent and makes things easier for cloudwatch.
Change-Id: I09c90278349efc769ab7c719f686a1fd854b425a
Signed-off-by: Steven Hardy <shardy@redhat.com>
This patch uses an encryption key generated in install.sh to perform
symmetrical encryption on sensitive authentication information stored
in the database for HA operations.
Change-Id: Ifd09f3f566ba3ebd941a6f453953576011b518b9
Signed-off-by: Ian Main <imain@redhat.com>
This patch switches from per-user stacks to per-tenant stacks.
Change-Id: Ia7ac65033560bcff1db83d4d673945029e06ea6a
Signed-off-by: Ian Main <imain@redhat.com>
Implements initial support for UpdateStack, currently
all resources default to delete/create on update.
Ref #171
Change-Id: I3e6e63143d554c21ccdee19879c4dfb8b6e693d7
Fixes problem where per-resource destroy() operations do not
delete the underlying database row because the model delete
method is broken
Change-Id: I3562c9048f8d4e54c1ea51090e74abe982ffb330
Signed-off-by: Steven Hardy <shardy@redhat.com>
When getting the stack by name in the metadata server
we don't know the owner_id so allow retrieval just by name.
I suspect this will be a short term solution until we get proper
stack names.
Change-Id: I8845b2b33a5bae30aae66c06af01c1a27c990305
Signed-off-by: Angus Salkeld <asalkeld@redhat.com>
Importing rpc.common requires the use of the global cfg.CONF.
In fact, most of common requires the use of this global. This
patch removes all the object specific access to config options
and directly accesses the global in prep for rpc openstack-common
import.
Change-Id: I5989a436964c199df0dc38dbb191dc3d867e5ce7
Signed-off-by: Steven Dake <sdake@redhat.com>
Allows heat to match openstack-common log calling conventions such
as using a context object or instance UUID for better traceability.
Change-Id: Idaa6c04270d9d7143c85988d685c0f9e241b635b
Signed-off-by: Steven Dake <sdake@redhat.com>
Store the TimeoutInMinutes common query parameter
value in the DB so it can be returned correctly
with show_stack/DescribeStacks
ref #125
Change-Id: I4ccc79b586087f61e415d5d2c24b7bd52844399a
Signed-off-by: Steven Hardy <shardy@redhat.com>
SQLAlchemy caches objects in the database per-session, but cannot cache
queries. A query just generates a list of object primary keys, which is
then used to fetch the corresponding objects from the cache (if possible)
or database. Therefore a query which filters by primary key is a waste of
time, since it just returns (surprise!) the key we started off with. If we
have the primary key (in this case the id field), just look up the object.
Change-Id: I7123c12372b26c0e1b91b2496921c54d9d992cd8
Signed-off-by: Zane Bitter <zbitter@redhat.com>
Previously we could only refresh or expire the entire object.
Change-Id: I2207349d6ffff435538a577943316cd13e7f1355
Signed-off-by: Zane Bitter <zbitter@redhat.com>
The user credentials are only for a particular stack and should be deleted
when that stack is deleted.
Fixes #162.
Change-Id: Id5d1f101df17ede1843e4f2fca51903c956667ca
Signed-off-by: Zane Bitter <zbitter@redhat.com>
It is no longer used since we now store the parameters and can recreate the
parsed template from the raw template.
Change-Id: Id725bcde7b30ce33d122ccf9c6d5c571f7d754da
Signed-off-by: Zane Bitter <zbitter@redhat.com>
This was causing recursion depth errors, and the exceptions in question are
never being specifically caught anywhere anyway.
Fixes #137
Change-Id: Iebd2693bb1418392ebb041fbbb788bef28aae581
Signed-off-by: Zane Bitter <zbitter@redhat.com>
This allows us to use the raw template + the parameters
in place of the parsed_template.
Using the parsed template we lose the dependancy information
that is necessary when deleting the stack.
Change-Id: Icc6ed9ae1617ea9f760a674b44630918669124f9
Signed-off-by: Angus Salkeld <asalkeld@redhat.com>
the db was caching the object, so we need to 'expire'
it to make sure we are getting live data.
Change-Id: I1108daccc96f3dcfa33fda968ea30d83e03aad2d
Signed-off-by: Angus Salkeld <asalkeld@redhat.com>
Fixes #143
The stack retrieval DB calls were already fixed in previous commits but
there was still one query (resource_get_by_physical_resource_id) that
would return any resource, not just the ones owned the user.
Change-Id: Ie02ff1e8ba6ea8da2c3d0c7f0a87c32452824fc6
This finishes up the API calls with per-user returns of stacks and
events.
Change-Id: Iab6118f35978a6f62ad4d3454842cb7f3d686bc8
Signed-off-by: Ian Main <imain@redhat.com>
Fixes #62.
This commit implements the `DescribeStackResource`,
`DescribeStackResources` and `ListStackResources` AWS API calls.
Change-Id: Id9161b3c3eb527d5936c5b8978e32a67ba6c12bb
This code was previously misleading, as it appeared to get stacks by id,
but actually got them by name. This patch adds a separate API, so
get_stack() gets the stack by id and get_stack_by_name() gets it by name.
Change-Id: I1cbbb3f9211661ad665e208d87298f177825f8ac
Signed-off-by: Zane Bitter <zbitter@redhat.com>
Unfortunately, as long as the user_creds_id column is not nullable the
script will still fail if there is data in the database. However with this
patch it is at least left in a recoverable state. Also, downgrades now
work.
Change-Id: Ibb7b7664ad2532154fab90a50bbb95ae9ccfbb91
Signed-off-by: Zane Bitter <zbitter@redhat.com>
Raise a specific exception (NotFound) if something is not found in the
database. Then we can match on this exception, rather than searching the
error message (which effectively makes the text of error messages part of
the API).
Change-Id: I22673ffb1407cf95b1fe24eaec8824039c1dda4e
Signed-off-by: Zane Bitter <zbitter@redhat.com>
This patch takes the credentials passed in from the context and allows
you to store them in the database in the 'user_creds' table for later
use with HA operations. It also adds a 'username' to the stack table
for direct comparison and user validation to support per-user stacks.
Thanks to Angus for fixing the tests for me :)
Signed-off-by: Ian Main <imain@redhat.com>
With the new release of pep8 we have some different requirements.
This patch fixes them all.
Change-Id: Ief16becba47007460f8b125907b055aa51de999e
Signed-off-by: Ian Main <imain@redhat.com>
Fix watch db tables and silly programming errors.
get basic posting data to metadata server working
add watch_rule_get_all()
check for alarms in a periodic task
delete watch_data when the rule is deleted
add a last_evaluated field to the watch_rule
remove unused option to watch_data_get
take better account of the sample period.
- still much to be done here (evaluation periods).
add some useful stats to cfn-push-stats
fix how the metric is accessed
fix a divide by zero
Change-Id: Iaf98499d0e3ac6d6f951ea38b3b0f409669258da
Signed-off-by: Angus Salkeld <asalkeld@redhat.com>
The database impl was raising an exception if no parsed template
exists. The logic that was looking up the parsed template
expects None to be returned if the template isn't stored.
* I also fixed some pep8 errors.
Similarly to the way heat-api works, the engine does all the heavy lifting (db
access, etc.) while the metadata server provides the API layer that communicates
with the engine.
Signed-off-by: Tomas Sedovic <tomas@sedovic.cz>
Jenkins