If we have situation, when we must specify at
least one of two conflicted resources, and there
is no specified resource, we get StackValidationFailed
with error msg looks like 'Either resource_1 or
resource_2 must be specified'. There are a few places,
where this situation appears. So it will be reasonable
to add special exception for these situations.
Change-Id: Ib107eff4fe8030fdbb40aa267b9e2b394ff7a186
If a user creates a stack without the heat_stack_owner role, we
try to create the trust and then fail somewhat cryptically by
letting the NotFound exception from keystoneclient get exposed to
the user. This is confusing, as it doesn't even mention the role
name (only the ID).
Instead, we can catch the NotFound and propagate a MissingCredential
error, with a list of the role names we need to create the trust.
This error is already correctly mapped to a bad request in the native
API, but not in the CFN exception map, so add it there to avoid 500
errors if this happens via heat-api-cfn.
Now, if a user lacks the required role, they will see an error like:
Missing required credential: roles ['heat_stack_owner']
Which is hopefully somewhat clearer.
Change-Id: Ief4956bdb76ddf0cdb0a642721b63c63b0d007d8
Closes-Bug: #1306665
Raise an appropriate exception, mapped to a 400 error for signals
to resources which cannot handle signals. In this case, the request
is inherently impossible to satisfy, because the plugin doesn't
support signals, so we should alert the user to this by saying it's
a bad request (rather than the current response which is a 500 error)
Change-Id: I8e47ee94e15309f378f62f2a9f6534a4eeddb389
Closes-Bug: #1346849
Move InvalidSchemaError to heat.common.exception and pass a keyword
argument so that it can be serialized properly.
Change-Id: Iada3273b2b0b129bc0125b68fecf1e0efc081611
Closes-Bug: #1336740
Move from oslo RPC to oslo.messaging.
Implements: blueprint oslo-messaging
Co-Authored-By: sdake@redhat.com
Change-Id: I2d222c248dd2cd405b8ec35c4c8198ed001fb69f
Replace str with six.text_type so that unicode exception messages can be
safely processed, and the change is PY3 compatible.
Closes-bug: #1295443
Change-Id: Ic27ec365b82797df37ae53f38d5d31e70cb65c67
Remove the serializers from heat.common.wsgi, so we break the
circular import which happens if you want to import
heat.api.aws.exceptions to do a determination based on exception
type, which is required to avoid the faultwrap exception disguise
which is not applicable to the CFN API.
Partial-Bug: #1291079
Change-Id: I7498d78f8ec6098b28fb183eaaa04aa81fced3eb
This patch adds validation to template parsing to detect any sections
that do not comply with allowed sections in a template. In the past,
there have been cases where small typos in section names (e.g.
'output' instead of 'outputs') did not get detected and caused issues
at a later point, i.e. by simply not showing any stack outputs.
The place where the template.validate() call has been added to the
parser code only affects new stacks and rejects invalid templates
with an error message. This does not affect stacks that are already
in the database (I did some tests to check this).
Change-Id: Ifed4207badeb364675c905224ba762a9d8eaedd9
Closes-Bug: #1297761
This patch is one in a series to re-enable H306 style check rule
(imports are in alphabetical order). It touches API files.
Implements: blueprint reduce-flake8-ignored-rules (partial)
Change-Id: I81c7c79516ce1a17055c3b9c12a94312ed3d1940
Implements a distributed stack lock using the database to avoid race
conditions when multiple engines are deployed.
Blueprint multiple-engines
Change-Id: If3c47dafcc5bc1b2188b7737205291bbab8bc231
In heat, almost 200 log message and at least 30 exception
message are not processed by _(), and will not been translated.
We should use '_("STRING ...")' to enable i18n support.
I will split to two parts for review easier because the files
lost of _() are too much.
Closes-Bug: #1249217
Change-Id: I2c86dc7770a7f6f107ba16711b9cba363ef9b906
This is a short term backout until it gets fixed.
This reverts commit c30530f126.
Closes-bug: #1250797
Change-Id: Ide1dc4a9d1469dee033e8bc08d8ab4da96f79fc0
Implements a distributed stack lock using the database to avoid race
conditions when multiple engines are deployed.
Blueprint multiple-engines
Change-Id: I7fba8808d8a4efbe7fd8fdff94fd9a53f3841c8b
This mostly fixes the accesses to .message, there is still the
translation that is using the .message.
Partial-bug: #1243883
Change-Id: I709f65e39c017d70eaca5d8f6d06e0227b67e816
A remote exception (included in conf.allowed_rpc_exception_modules)
is now restored to a subclass of its original type (with the
exception of non heap types which will always be restored to its
original type). Catching rpc_common.RemoteError is not enough
anymore.
Fixes bug #1214831
Change-Id: Iae3ce0c9d0d3f6565fab25ec899f83f19d46e81b
This reverts commit faf984cbb5.
Multi-engine support is being re-designed to account for the use-case in
bug #1211276.
Fixes bug #1211276
Change-Id: Ief89dd6a9c5014752db8065037dd1dd03efe789e
Raises an "Action in progress" error if an action is in progress when
another action is issued.
Fixes bug #1207032
Change-Id: I2b6fd92cfa4b93ac2531dd3d76bf2dfc01e58c50
Add api endpoints for generating a template based
on a resource implementation.
blueprint resource-template
Change-Id: Iebebad70befd1df6cd8989538cbb61350a17bc23
Add missing parameters checking logic to Parameter validation. It
has to be optional, since template validation makes use of the same
Parameter validation code.
Fixes bug #1198670
Change-Id: I4c85ebf496b19999e47cf3838e6ca160aa194f20
add some validation logic to Parameters, so that when an invalid param
is passed in an exception will be raised.
Fixes bug #1186790
Change-Id: I8aece556d8fc5cd5533f4baf041e345bdc5722ec
Implement a simple AccessPolicy resource, which can be used
to restrict in-instance users to specific resources when they
call the DescribeStackResource API action
Fixes bug 1115758
Signed-off-by: Steven Hardy <shardy@redhat.com>
Change-Id: Idc98531388e535ce16308fd5aab5ceecda1de682
We have been abusing AttributeError and ValueError rather than raising
exceptions that actually describe the problem. This opens the way for
changes that will allow us to handle a wide variety of specific exceptions.
Change-Id: I05c99601d4e877878195e658908fffa0e126f06c
Signed-off-by: Zane Bitter <zbitter@redhat.com>
Lots of (mostly whitespace) cleanups to align all the non-test code with
pep8 v1.3.4
ref bug 1092057
Change-Id: I444b288444dba4ec1da5854bd276d091c06d8489
Signed-off-by: Steven Hardy <shardy@redhat.com>
Add heat-specific HeatAPINotImplementedError, which
allows us to return a sensible error to requests for
API actions which have not yet been implemented
Change-Id: Ibaee8312e7e563d29801bd325d7638bca9efa622
Signed-off-by: Steven Hardy <shardy@redhat.com>
Move API exception-mapping function to the common exception.py
Change-Id: If64511be0d77d9c9f9e610bbb0564d57f4530499
Signed-off-by: Steven Hardy <shardy@redhat.com>
Move aws api common files to common directory
(so they can be more easily reused by cloudwatch)
Change-Id: I1a455ef11226dd960503bac5d79fa5c28607a1f6
Signed-off-by: Steven Hardy <shardy@redhat.com>
Peter Razumovsky