Fix tempest jobs to properly use tempest-horizon as tempest-plugin in
job configuration.
Flake8 3.8.0 fixed a few bugs so that additional issues are marked, fix
these.
Co-Authored-By: Andreas Jaeger <aj@suse.com>
Change-Id: I2aca3286ea2cc1ade567087786781952489d6efa
neutron 'quota_details' extension was added in Pike to provide
a convenient way to retrieve resource usage in neutron without listing
individual resources. It was added in Pike release and we will have
six releases since then once Ussuri release is shipped. Enough time has
passed to migrate it to the new mechanism, so it is time to deprecate
the legacy way for future cleanup.
Change-Id: Ie0b4613bf9fdcd96481b3bb1139b4fb153bfef83
openstack_dashboard/settings.py defines a custom formatwarning function,
but it looks unnecessary. When using the custom function, there are
downsides: locations which cause warnings are not shown, and
no newline is added at the end of warning messages.
Change-Id: Ibd331dc77026ed8ca812822b08253650bcb140bc
This reverts commit 4e911e2889.
We don't need this change on the latest master. I'm unable to reproduce
an original bug without this patch.
Closes-Bug: #1834167
Change-Id: Iaffdb64fb0bc58525554ac9d40d2aeadb0876ffd
This patch allows administrators to set disk_formats only for glance,
while horizon will retrieve list of supported formats from glance API.
IMAGE_BACKEND_SETTINGS still may be used to redefine display name
of the format or additionally limit list of availble ones.
Change-Id: Ia4ea513023895f4ad2a87f91e3d2837c7668d9ae
Closes-Bug: 1853822
It seems hacking 2.0.0 was shipped with incompatible changes
(which is not surprising as this is a new major version).
Let's fix these errors and use a newer hacking.
Change-Id: I8da9dca5d8d74f6dfc2340dabc8d50e6253358e2
Some remaining default values of openstack_dashboard are still defined
in settings.py. This commit moves them to openstack_dashboard/defaults.py.
If the default values are same as those defined in horizon,
they are just dropped.
Part of blueprint ini-based-configuration
Change-Id: I723a8f9064450972d4510ac9e8b423f3041d1cac
test_parse_isotime_filter in test_filters is updated to match
TIME_ZONE=UTC. Previously TIME_ZONE was not set in horizon.test.settings
and the default value America/Chicago was used. Horizon uses UTC as the
default value of TIME_ZONE, so it is better to use UTC for testing too.
horizon settings in openstack_dashboard.settings are moved to
under horizon.
Part of blueprint ini-based-configuration
Change-Id: I9abdbbe0dcefc08ffea61143e3c0a87ed87b2e2a
This commit also moves descriptions of settings defined in openstack_auth
from openstack_dashboard/settings.py and local_settings.py(.example)
to openstack_auth/settings.py.
Note that if openstack_dashboard has different default settings
from openstack_auth defaults, they are now moved to
openstack_dashboard/defaults.py.
Part of blueprint ini-based-configuration
Change-Id: I59eebc388de0bcbd4d1fe35c6138efbd3e04c5b8
This commit mainly covers settings in the remaining files
under openstack_dashboard.
Note that HORIZON_CONFIG, horizon and openstack_auth are not covered.
They will be covered by follow-up patches.
Part of blueprint ini-based-configuration
Change-Id: Ibd70e030445a073d9a62da9867850f4893135a89
This commit mainly covers settings
in openstack_dashboard/dashboards/project/.
Part of blueprint ini-based-configuration
Change-Id: I22413d2fe20576a507634dc4e2d0354c7db8800a
Set absolute paths in the LOCALE_PATHS configuration param to allow
Django work with current supported locales.
Change-Id: I62fffe04860b7b4b63f227ad99729ab4e8384d8f
Related-Bug: #1818639
Closes-Bug: #1830886
SHOW_KEYSTONE_V2_RC is deprecated since Stein release and it's safe
to remove it now.
Keystone v2 support removal will be implemented in a follow up patch.
Change-Id: Ib3098789a3aef47f4f4b84fd56f03376ce2ea96f
Cinder consistency group has been replaced by the generic group feature.
Horizon support of the generic group (in the project dashboard) is
available since Rocky release and it covers all existing support
for consistency group in horizon.
The consistency group support is horizon was marked as deprecated
in Stein release [1].
This commit drops the consistency group support.
[1] https://review.openstack.org/#/c/626846/
Change-Id: I11187d2b03b7e0033a6c6ba3f8be25b8b5e4dd74
Currently horizon defines default values of settings in the logic
using getattr(settings, <setting name>, <default value>) and
it is not easy to handle the default values of available settings.
This commit starts the effort to define default settings explicitly.
This is a preparation for ini-based-configurations.
It covers settings in openstack_dashboard/api.
Part of blueprint ini-based-configuration
Change-Id: Id4c3287f0a572fd14ea93b54bcab8fabda39e583
openstack_dashboard/context_processors.py:94:15: C0122: Comparison should be link['url'] != 'horizon:project:api_access:openrcv2' (misplaced-comparison-constant)
openstack_dashboard/settings.py:467:4: C0412: Imports from package horizon are not grouped (ungrouped-imports)
openstack_dashboard/enabled/_1370_project_vg_snapshots.py:9:0: C0301: Line too long (86/80) (line-too-long)
openstack_dashboard/enabled/_1360_project_volume_groups.py:9:0: C0301: Line too long (85/80) (line-too-long)
openstack_dashboard/usage/base.py:62:8: W0106: Expression "[instance_list.extend(u.server_usages) for u in self.usage_list]" is assigned to nothing (expression-not-assigned)
openstack_dashboard/dashboards/project/images/utils.py:43:12: W0106: Expression "[public_images.append(image) for image in images]" is assigned to nothing (expression-not-assigned)
openstack_dashboard/dashboards/project/images/utils.py:75:12: W0106: Expression "[community_images.append(image) for image in images]" is assigned to nothing (expression-not-assigned)
openstack_dashboard/api/glance.py:47:4: C0412: Imports from package glanceclient are not grouped (ungrouped-imports)
openstack_dashboard/api/cinder.py:60:4: C0412: Imports from package cinderclient are not grouped (ungrouped-imports)
openstack_auth/user.py:358:4: E0211: Method has no argument (no-method-argument)
openstack_auth/user.py:362:4: E0211: Method has no argument (no-method-argument)
openstack_dashboard/api/keystone.py:75:4: C0412: Imports from package keystoneclient are not grouped (ungrouped-imports)
horizon/loaders.py:43:16: W0706: The except handler raises immediately (try-except-raise)
horizon/themes.py:174:8: W0706: The except handler raises immediately (try-except-raise)
Change-Id: I40cf3ffbc4519657e11180d2e2fe7401387c5556
This commit changes the default SESSION_ENGINE to the cached
sessions and the default cached backend to memcached.
The cached sessions with memcahced is our current recommendation, but
we do not use it in our default settings and do not test it in our CI
(horizon-dsvm-tempest-plugin). It is better to use the recommended
configurations in our CI.
The previous default SESSION_ENGINE, the signed cookies, has
a limitation on the length o cookies and using keystone3 can hit this
easily. It is not ready for production for most cases.
For a cache backend, considering multi-process web server deployments,
memcahced is recommended rather than a local memory backend.
Note for developers: If you use "tox -e runserver" for developments,
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' might not
work expectedly. From my testing, I was forced to log-in frequently
when moving pages. If you hit this, my suggestion is to configure
SESSION_ENGINE to django.contrib.sessions.backends.signed_cookies.
Change-Id: I1c4578ec5a7f70a59c6348d76ad0c12956a18573
Closes-Bug: #1736021
Add a new config SESSION_REFRESH (default True) which
turns SESSION_TIMEOUT into an idle timeout rather than
a hard timeout.
The existing hard timeout is awful UX, and while
SESSION_TIMEOUT could be set to a higher value, it
still makes for a somewhat unpleasant experience.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Icc6942e62c4e8d2fac57988b0a2233a8073b1944
Operators now can control whether the links of "Download OpenRC" and
"Download clouds.yaml" are displayed or not via new settings
SHOW_OPENRC_FILE and SHOW_OPENSTACK_CLOUDS_YAML.
openrc and clouds.yaml files provided by horizon now assume
the basic simple deployment and do not cover keystone authentication
like saml2, openid and so on. The default openrc and clouds.yaml
from horizon do not make sense for such environments.
Change-Id: I1407a24387c7d7bd2c20c995cebf1350f8090e72
Partial-Bug: #1795851
In favor of keystone v2 support, SHOW_KEYSTONE_V2_RC now defaults
to False. SHOW_KEYSTONE_V2_RC setting is also deprecated.
Along with this change, "v3" part of "OpenStack RC File (Identity API v3)"
is now unnecessary, so "v3" information is dropped.
Change-Id: If0359e2dc1f2c8fb5f3c87046fd23043f94abc21
Django looks for and uses if it exists a locale directory in each of
the installed apps listed in INSTALLED_APPS [1]. horizon and
openstack_dashboard are specified in INSTALLED_APPS, so there is no need
to specify horizon/locale and openstack_dashboard/locale explicitly.
We can drop them without any side-effect.
[1] https://docs.djangoproject.com/en/1.11/topics/i18n/translation/#javascript-catalog-view
Change-Id: Ibe364b2a16894a51fe17411f29a326aef621472c
Related-Bug: #1804289
The "request" attribute is not available in
openstack_auth.backend.KeystoneBackend.get_user when session data is restored
and it's the first request to happen after a server restart.
As stated by the function document, the "request" attribute needs to be
monkey-patched by openstack_auth.utils.patch_middleware_get_user
for this function to work properly.
This should happen in openstack_auth.urls at import time. But there is nowhere
in Horizon where this module is imported at startup. It's only introspected
by openstack_dashboard.urls due to AUTHENTICATION_URLS setting.
Without this monkey-patching, the whole authentication mechanism falls back
to "AnonymousUser" and you will get redirected to the login page due
to horizon.exceptions.NotAuthenticated being raised by
horizon.decorators.require_auth as request.user.is_authenticated will be False.
But if a user requests a page under auth/, it will have the side-effect of
monkey-patching django.contrib.auth.middleware as expected. This means that
once this request is completed, all following requests to pages other than
the ones under auth/ will have there sessions properly restored and
you will be properly authenticated.
Therefore this change introduces a dummy middleware which sole purpose is
to perform this monkey-patching as early as possible.
There is also some cleanup to get rid of the previous attempts at
monkeypatching.
Closes-bug: #1764622
Change-Id: Ib9912090a87b716e7f5710f6f360b0df168ec2e3
memoized now operates as a LRU cache that additionally uses
weakrefs to clear keys.
The max_size of the LRU cache can be set per decorated
function when defined, but a global default can be set too.
Change-Id: I431d61283cd613f09664f8f370dd3fd126fc724f
BREACH is a category of vulnerabilities and not a specific
instance affecting a specific piece of software. To be vulnerable,
a web application must:
* Be served from a server that uses HTTP-level compression
* Reflect user-input in HTTP response bodies
* Reflect a secret (such as a CSRF token) in HTTP response bodies
More details on breach attack - http://breachattack.com/
Since horizon falls under this category, we can include django-debreach
module within horizon as a requirement which provides mitigation against the breach attacks.
https://github.com/lpomfrey/django-debreach
CSRF token masking is a built-in feature within Django 1.10+,
therefore only content-length modification feature provided by django-debreach
can be enabled.
Depends-On: I32f11e089fc794444ef267b463c7fb2ad8cfa96a
Change-Id: I2b4999ca7b0e1762c5273c4fe96f5ee768f44339
Blueprint: mitigate-breach-attacks
In scenarios where the cloud operators have only a single Identity Provider,
we can have a default redirection to remove unnecessary user clicks and
improve user experience.
Closes-bug: #1784368
Change-Id: I251703dcaeac43174fbcba7e0658c6f92098b2e0
Nose has been in maintenance mode for the past several years. It has
issue with exit code [1] which leads to false positive results for our
seleniun-headless job.
This patch changes test runner for Horizon tests and does the following
things:
* Django test runner executes test in a different order than Nose does.
That's why we've got an issue with side-effect in
horizon.tests.unit.tables.test_tables.MyToggleAction class. This patch
adds workaround to it.
* Rename filename of test files to names starting with 'test_'
so that the django test runner can find tests expectedly.
* '--with-html-output' option is temporary dropped and will be added in
a following patch.
* Integraion tests is marked via django.test.tag mechanism which is
introduced in Django 1.10
* 'selenium-headless' is broken now because we don't have geckodriver on
gates, this patch makes it non-voting.
* 'tox -e cover' is fixed
* Remove @memorized decorator from
dashboards.project.images.images.tables.filter_tenant_ids function.
[1] https://github.com/nose-devs/nose/issues/984
Depends-On: https://review.openstack.org/572095
Depends-On: https://review.openstack.org/572124
Depends-On: https://review.openstack.org/572390
Depends-On: https://review.openstack.org/572391
Related blueprint: improve-horizon-testing
Change-Id: I7fb2fd7dd40f301ea822154b9809a9a07610c507
- HORIZON_IMAGES_ALLOW_UPLOAD (deprecated in Newton)
- CUSTOM_THEME_PATH (deprecated in Mitaka)
- DEFAULT_THEME_PATH (deprecated in Mitaka)
- OPENSTACK_TOKEN_HASH_ENABLED (deprecated in Mitaka)
- TOKEN_DELETION_DISABLED
(not documented but it was marked as deprecated in Ocata
in django-openstack-auth commit 5810f9c6)
The related logics related to dropped deprecated settings
have been dropped too.
- custom_path and default_path of get_available_themes() were
dropped as they are no longer needed in favor of
the removal of CUSTOM_THEME_PATH and DEFAULT_THEME_PATH.
- Unused remove_project_cache(), is_token_deletion_disabled()
and delete_token() have been dropped.
Change-Id: Ic9406623cc092884c4136f78fb967b129bfda487
The docstring of getExtensions service in cinder.service.js
was a copy from nova service and not correct. The docstring was
updated based on the current cinder v2 API.
Thanks to a recent improvement in reno, touching release notes
in older releases in the master branch no longer polute the rendered
release notes. Changing URLs (or other things) in the master branch
does not affect the rendered release notes, but updating URLs to the
latest would help avoiding mechanical patches of updating links :)
Change-Id: I2aec3adeb400323d42a3a5083f8bc0798eeff917
This patch allows Horizon to accept additional xstatic modules
in plugin dashboards. Related static files would be collected
and included in every page.
Change-Id: Ie49a522b28aaf6e028c5b218968d68189dd7eef1
Closes-Bug: #1755339