The hacking rule error code should be start with 'M', which stands for
Magnum.
PS: Error number begins with M301
Closes-Bug: #1465895
Change-Id: Ie9565c4a700a1bf85eed8c5db87a8c4012f5254b
This patch adds hacking rule check framework for magnum, and adds first rule:
policy.enforce_wsgi decorator must be the first decorator on a method.
refer this link for why we need this rule.
`https://review.openstack.org/#/c/190140/`
Closes-Bugs: #1465895
Change-Id: If98e47426b391b75755ca0b559aee1baa93b8503
Two purpose:
Make sure the policy enforce_wsgi decorator is called.
Make sure the request will be disallowed by policy, when it does not
satisfy the policy rule.
Co-Authored-By: yuntongjin <yuntong.jin@intel.com>
Change-Id: I4a4930d7951f416d3553c737c3523c37014d7101
Partial-implements: blueprint policy-enforce
Problem description:
If DevStack is used to instantiate the magnum plugin, and the
devstack localrc/local.conf has the default values for:
LOG_COLOR (default value = True)
SYSLOG (default value = False)
then upon startup (i.e. running DevStack's stack.sh), the magnum devstack
lib calls the DevStack common setup_colorized_logging function, but
without passing the optional 'project_var' and 'user_var' arguments to
this function. As a result, the setup_colorized_logging
function uses its default values of "user_name" and "project_name"
when it defines the logging_context_format_string (which in turn gets
configured in /etc/magnum/magnum.conf). The problem is that "user_name"
and "project_name" are not defined in the API context used by Magnum,
so that whenever the magnum plugin does a logging call, a KeyError
exception for the non-existant key "user_name" is generated.
Fix description:
The fix is to modify the Magnum context to use "user_name" and
"project_name" attributes to be consistent with the default context
format string set up by DevStack.
Change-Id: Ia0c34899609735ff9d8b4597101e004e2684657e
Closes-Bug: #1464376
Now the magnum.common.policy just support an "enforce" method to
wsgi policy check.
And this "enforce" method should be inline the body of wsgi method.
Such as:
from magnum.common import policy
class BaysController(rest.RestController):
....
@wsme_pecan.wsexpose(None, types.uuid_or_name, status_code=204)
def delete(self, bay_ident):
... doc string ...
policy.enforce(pecan.request.context, "bay:create")
.... common stuff ....
This inline style is ugly.
Now this patch is improving it.
This patch uses a decorator for policy check.
With this decorator we can do the policy check as follow:
from magnum.common import policy
class BaysController(rest.RestController):
....
@policy.enforce_wsgi("bay", "delete")
@wsme_pecan.wsexpose(None, types.uuid_or_name, status_code=204)
def delete(self, bay_ident):
...
Here: This decorator MUST appear first (the outermost decorator) on an API
method for it to work correctly.
The decorator use functools.wraps to decorator the wsgi function.
A common decorator(without functools.wraps) replaces the original function
with an new one, that means it will lose the information about the original
function, it would be a serious problem for pcen wsgi.
That's why we have functools.wraps. This takes a function used in a decorator
and adds the functionality of copying over the function name, docstring,
arguments list, etc.
ref: http://stackoverflow.com/questions/308999/what-does-functools-wraps-do
Co-Authored-By: yuntongjin <yuntong.jin@intel.com>
Change-Id: I9a7baf9559ff924ca4e261db2961b9d3c8763325
Partial-implements: blueprint policy-enforce
Includes backport "deafault external_network to "public""
heat-coe-templates: I03c74f2fb47a33820e0bac4947aeaaf096feade3
Includes backport "do not provide default image names"
Image naming is not standard enough for us to provide defaults.
heat-coe-templates: I67345c3ec807b15101c7248853469c860e0abe8d
Includes backport "minor README updates"
heat-coe-templates: I01270324a2ee31c8fe4369047806634dbbf1cb01
Change-Id: Idc3e27db85f8d06be82cc1c07c62384a4ee13c84
heat-coe-templates: I9e575028f5b4177c1f5833b1626ca38bf653768a
Includes backport "correct error introduced in baeaafd"
heat-coe-templates: Ibdc184c8956422215677bccd4115d0c9826e98d9
Includes backport "fixed parameter name mismatch"
heat-coe-templates: I7c1a477d68e4304d98f7ae368be6a727d3e46011
Includes backport "remove required/default comments"
with the move to names instead of UUIDs, we can provide sane
defaults for just about everything other than the ssh key.
heat-coe-templates: Id37465925ef42a88c5c7a74e570dbe50164fa5da
Includes backport "restore some comments"
these comments help provide logical structure to the template
heat-coe-templates: Ib4bc8193ff281d1c6230665f18bf6652925077f5
Includes backport "like a200304, but for kubeminions.yaml"
Add comments to kubeminons.yaml template
heat-coe-templates: Icbe41359b62032e6e422b4d82a1e0ada6c58d0e4
Change-Id: I18be04861691f7f6cda6542bf637cdeab95c8d16
Also update CoreOS template to match external_network param.
heat-coe-templates: If3f629ecd8c3628818039d7d570874bd483a65f6
Change-Id: I5a381d9b83dfd975d8eff980ada2161a38f8157d
When a development environment is under a proxy, tox is failed even if
environment variables of the proxy are set.
This patch fix this problem.
See:
https://review.openstack.org/#/c/189569
Closes-Bug: #1465086
Change-Id: I76727e598ebb77dc146370b576d6992db3ca1ec9
In oslo log library, some attributes have moved to a new module.
This commit updated the location of the attributes.
Change-Id: I1c37a00a7611b30d63a28a593065141a1e82b6c9
Closes-Bug: 1464916
The dev quickstart document needs to be updated to point to the
Kubernetes 0.15.0 release for cloning. The quickstart document also
needs to be updated to point to the v1beta3 manifest for the redis
pod-create example.
Change-Id: Ibf50e6a93ee0f57c82be4117aaf0aae48c339a85
Closes-Bug: #1464689
Below list of Kubernetes APIs doesn't return proper response object:
1. createPod
2. replacePod
3. deletePod
4. createReplicationController
5. replaceReplicationController
6. deleteReplicationController
7. createService
8. replaceService
9. deleteService
This patch fix this problem and also change the
impact on magnum code.
Change-Id: Ib8fd9c4ea8766e7a1e7d1a56cc8325ecd518557d
Closes-bug: #1463252
At this time, API Version object is not fully tested,
* __init__ method is not tested.
* __repl__ method is not tested.
* parse_headers method is not tested.
This patch adds these tests.
Change-Id: I5a1f02146681b68a5d77b5b50f7907999a6bb263
Closes-Bug: #1464441
Modify the kube file and classes into k8s_conductor to keep the
same style with the bay_conductor and the docker_conductor.
Change-Id: I2d32c443fbfbb130896d45406af5cfd0bf5d2203
Closes-Bug:#1464156
Raising NotAcceptable is useless if major version is different, because major
version is checked by controller itself.
Change-Id: Ie53af7c511b436459c9bb35e34f32ec2f3cef4f6
Closes-Bug: #1464113
At this time, we have a cloud driver for nova, but it isn't used by anywhere.
Change-Id: I23a12caa8651d5ae076b78d899905c96f3f8d61e
Closes-Bug: #1464109
To test Kubernetes API, we need bay created and as already in
magnum functional test, we were creating bay. So this patch
refactors the code to seperate methods for each operation. So
that it can be used at other places.
Change-Id: I64d1b13cdc7c86a007b200bf2e2547216a66eefc
Partial-bug: #1460236
Eli Qiao