This patch factors out an authenticate() function for use by both
the heat service authentication and the resource authentication.
This fixes the AWS auth method for creating resources - issue #153.
Change-Id: I134e993263ae6ba4890f56bfbe6a6a3205b7f921
Signed-off-by: Ian Main <imain@redhat.com>
The service_name field is not unique between distros or versions of
openstack, but is used to select endpoints for communication with nova
and volume services. The nova client will sort out the correct operation
based upon the service_type field.
The service_name field should probably just be removed from the API
definition upstream.
Tested on F16 & Devstack U12.
Change-Id: I36409dba9d9ec2b453a027fc1e2e78f7c8ace2a2
Signed-off-by: Steven Dake <sdake@redhat.com>
This was broken by 3b91d100a6. Resources
should be removed from the DB only when the stack is deleted.
Change-Id: I6822aee8453afd6076793cff9206a035cff33588
Signed-off-by: Zane Bitter <zbitter@redhat.com>
Raise a specific exception (NotFound) if something is not found in the
database. Then we can match on this exception, rather than searching the
error message (which effectively makes the text of error messages part of
the API).
Change-Id: I22673ffb1407cf95b1fe24eaec8824039c1dda4e
Signed-off-by: Zane Bitter <zbitter@redhat.com>
Most of this code is common between resources, so put it in the parent
Resource class and have subclasses provide handle_create()/handle_delete()
methods for all their extra needs.
Change-Id: I14c6afa9fdd1ecc065036fa93bde2a693b6c3eb2
Signed-off-by: Zane Bitter <zbitter@redhat.com>
- Don't return a dict error
- in manager return full response
- return the result in Resource.validate()
Change-Id: I585ea9dd9cf747927fb4effb90cfff49cba20931
Signed-off-by: Angus Salkeld <asalkeld@redhat.com>
I broke metadata in bece6593f0 by no longer
updating the parsed template in the database. We need to resolve references
runtime data before storing the parsed template, because the metadata code
uses this directly.
Change-Id: I753fe199779ae1b0046366abadca0111a81463c6
Signed-off-by: Zane Bitter <zbitter@redhat.com>
Resolve functions in templates by making a copy of the data rather than
modifying the original. This means that e.g. a resource resolving functions
in its own template data does not result in changes to the data held by the
Stack.
This patch also refactors all of the template resolution methods to operate
using a common parsing algorithm to move through the tree.
Finally, the resources have been worked to load data as it is needed,
rather than requiring external code to put them into the correct state
before using them.
Change-Id: I79eafaefc9ced07b652fac7162aa2edbfa7f547a
Signed-off-by: Zane Bitter <zbitter@redhat.com>
With the new release of pep8 we have some different requirements.
This patch fixes them all.
Change-Id: Ief16becba47007460f8b125907b055aa51de999e
Signed-off-by: Ian Main <imain@redhat.com>
Allow the Resource class to instantiate the correct type of object for each
resource.
Change-Id: I518f27fa27f675b9e497aac40962331833077aed
Signed-off-by: Zane Bitter <zbitter@redhat.com>
This patch updates the authentication system set up in heat:
- We now authenticate against the 'heat' service at the entry
point to each api call in the engine.
- We are now using the 'Context' class to contain the authentication
information as intended.
- The two context classes are unified and we now use the same one
for both WSGI and RPC. This is the intended design as the
context is loaded by the WSGI middleware and then passed into the
RPC methods.
- We are now doing token authentication in the API that works with
both native keystone and AWS style authentication. That token is
then passed on to the engine for further authentication for various
endpoints.
Note that the heat-api-paste.ini file requires updating in order for
this to work on your system. Admin user and password must be set
properly in the authtoken section in order to perform token based
authentication.
I suspect there will be a few bugs in here yet. This is just part of
the authentication/identification changes we need to make but I wanted
to get this in so we could continue to work with a boto based client.
Change-Id: Ib635ecd3088304e8d51d8e1fc31a8b1bf751caf3
Signed-off-by: Ian Main <imain@redhat.com>
The Wordpress HA template is now able to utilize the cfn-push-stats and send
alarm messages to the metadata server.
Change-Id: I52b615d3401dc2665e2b30e4a925d61ed204c827
Signed-off-by: Tomas Sedovic <tomas@sedovic.cz>
This ensures that resources will not get deleted multiple times when
something else fails during stack deletion.
Signed-off-by: Zane Bitter <zbitter@redhat.com>
This is a start on issue #111
While no actual validation is done by this patch, this patch introduces
the framework for validating in each of the resource types and returning
an appropriate error when a validation error occurs.
Signed-off-by: Steven Dake <sdake@redhat.com>
This patch removes all the print statements and puts in proper logging
statements. Some of these (db tracebacks) are now logged as warnings.
Signed-off-by: Ian Main <imain@redhat.com>
I was getting a traceback here causing the whole 'heat describe' to
return an error when really it was just the one aspect failing. Use
try/rescue and log a warning.
Signed-off-by: Ian Main <imain@redhat.com>
Made sure that `run_tests.sh` works properly (it was failing on the heat/bin
directory) and that all tests pass and the generated logs are .gitignored.
Signed-off-by: Tomas Sedovic <tomas@sedovic.cz>
We need to get ipaddresses which are lost as they are
not stored in the template so we need to retrieve them
at runtime.
Signed-off-by: Angus Salkeld <asalkeld@redhat.com>
When an existing security group is not found in nova, heat will trigger
an exception and the stack won't be created.
Signed-off-by: Steven Dake <sdake@redhat.com>
Ian Main
Steven Dake
Angus Salkeld
Zane Bitter
Tomas Sedovic
Chris Alfonso