Adds a new yaql function 'decryptData' which pairs with 'encryptData' on
the dashboard side.
Requires a valid secret storage backend (e.g. Barbican) to be configured
via Castellan in murano.conf, e.g.
[key_manager]
auth_type = keystone_password
auth_url = <auth_url>
username = <username>
password = <password>
project_id = <project_id>
user_domain_name = <user_domain_name>
Murano will still work fine without this config but the encrypt/decrypt
functions will be unavailable.
Partially-Implements blueprint: allow-encrypting-of-muranopl-properties
Depends-On: I1be3a1e11e3f4c2170062927ad359bf679eb25d9
Change-Id: I09416b6d35ed2dafa823eca98262a4e23081e6eb
This patch set makes the following changes:
* using the new standards
* Update doc/source/index.rst with new links
* Move content of install-guide to the doc/source/install
Change-Id: Ic16671191832d949d2ea0626dcbf334ba60c56ef
This commit sets warning-is-error for sphinx_build in setup.cfg and also
fixes multiple warnings to make the build pass
* Removed :option: see https://docs.openstack.org/contributor-guide/rst-conv/inline-markups.html#option
* Removed stale and unreferenced documents
* Marked telnet_example as orphan
* Added first-app to the index
* multiple code-block fixes
Change-Id: I9c659860fcb4f29fba5f7f07a6a952becfc354da
1.Unskip test_deploy_app_with_volume_creation test
2.change flavor from m1.small to m1.tiny, to reduce the
test failing chances.
Closes-Bug: #1701230
Change-Id: Ib996bf50e1b7d542b98cf9d7125b824771c143d6
murano user will as the trustee user, need have privilege to get_project,
So need the the admin role.
Change-Id: Ie1c876675322e31349c9815fa45e15128eb4856d
Closes-Bug: #1702594
To remove hardcoded constant called 'ITERATORS_LIMIT', that can be
exceeded (2000) having big amount of objects. It is easy to achieve
in big cloud with user that is allowed to view lots of resources.
Change-Id: I818561ca044bad505402b69d22a41ea892e15fcc
Closes-Bug: #1690179
The tempest test is currently broken and blocks the gate.
This commit adds expectedFailure decorator around it.
So when the bug is fixed we would not forget to unskip the test.
Change-Id: Id3adbf59e116e2d73c74e782a345c7ca8d6fa41e
Related-Bug: #1701230
The API catalog endpoint `show_categories` was deprecated back
in Liberty cycle. It should be removed.
This commit removes the deprecated endpoint `show_categories`,
removes it from the API router, and removes references to it
in Tempest tests -- which now test `list_categories` instead.
Change-Id: If1bea7448c0d4aa5fdf37c8400323589d73fdb21
While Tempest's own plugin documentation recommends that
plugins only consume tempest.lib [0], the BaseTestCase in
tempest.test is more feature-rich, comprehensive, and fault-tolerant
than the BaseTestCase in tempest.lib.
Many plugins like keystone_tempest_plugin already use the
BaseTestCase in tempest.test. Also, QA PTL said it would be
fine to make the transition when asked in IRC [1][2].
This commit specifically:
- uses the base tempest class pattern specified in
`tempest.test.BaseTestCase`: skip_checks for skipping tests based
on environment config settings; setup_clients for instantiating
clients and client managers; resource_setup for setting up
class-level resources; and resource_cleanup for cleaning up
class-level resources
- removes unusued helpers like verify_nonempty, except in classes
that explicitly already use it
- removes clearing credentials in tearDown because the code isn't
even executed due to a bug introduced by
I51434685555c1da92401891a60285bf52571b8b5
- separate admin clients from non-admin clients by using os_admin
vs os_primary
[0] https://docs.openstack.org/developer/tempest/plugin.html#plugin-structure
[1] http://eavesdrop.openstack.org/irclogs/%23openstack-qa/%23openstack-qa.2017-06-12.log.html#t2017-06-12T20:38:19
[2] http://eavesdrop.openstack.org/irclogs/%23openstack-qa/%23openstack-qa.2017-06-12.log.html#t2017-06-12T21:45:56
Change-Id: Ia09dbc52ba13ca822a539e509e0e517592435aec
This adds the entry point and config file necessary for using the
oslo.policy sample generation script. It also adds a tox target to
simplify the usage of it. Finally, this commit adds
murano.common.policies.base.list_rules to
murano.common.polices (__init__.py) so that the base rules are
also included in the generated policy file.
Note that the policy sample is generated as a YAML which is
the standard adopted by Nova [0] and Keystone [1] and is now
the standard across OpenStack since Ocata [2]:
While the old json format policy file is still supported,
we recommend using the newer YAML format file, more intuitive
syntax.
The output from tox -egenpolicy will be:
murano.policy.sample.yaml in murano/etc.
The policy documentation was already updated in
I1a8581a559e4333a74d56a5bdce7e6d1f117907d
[0] e845d66a1b/etc/nova/nova-policy-generator.conf
[1] https://github.com/openstack/keystone/blob/master/config-generator/keystone-policy-generator.conf
[2] https://docs.openstack.org/ocata/config-reference/policy-yaml-file.html#older-json-format-policy
Change-Id: I2356ac0b2033bd83caaf2672189670fc300e55fd
Partially-Implements: blueprint policy-in-code
html_last_updated_fmt option is interpreted as a
byte string in python3, causing Sphinx build to break.
This patch makes it utf-8 string.
Change-Id: I0a164ea268a4069a7d09c1058008cb97bf9d1275
Running py2* post py3* tests results in error. Add
'rm -f .testrepository/times.dbm' command in testenv to
resolve this.
Change-Id: I64ad33b0076dd8c12981e966ef8a0c141d18c89d
This commit removes the murano default policy.json file from
etc/murano and references to it in murano's devstack plugin.
(References to the policy.json in muranodashboard remain
the same).
This commit specifically:
- removes the default policy.json
- removes references to it in devstack plugin
- adds base rules to murano.common.policies.__init__ because
they are the last rules to be included
- updates base admin_api rule to is_admin:True from
is_admin:1 (because the latter was causing issues)
- updates Murano policy documentation
Partially Implements: blueprint policy-in-code
Depends-On: Ia372983d2bd1010cd19f04061f3276ed16e9c1c9
Change-Id: I1a8581a559e4333a74d56a5bdce7e6d1f117907d
This commit implements policy in code for (static) actions
API. The default rules for the (static) actions API were
removed from the policy.json and moved into code under
`murano.common.policies.action`.
This commit specifically:
- Moves policy actions related to the (static) actions
API from the policy.json into code.
- Documents the API information and paths associated with
each actions-related policy.
Partially Implements: blueprint policy-in-code
Change-Id: Ia372983d2bd1010cd19f04061f3276ed16e9c1c9
This patch add scripts for running API serces via WSGI.
The follow-up patch will add the devstack install support.
Change-Id: I3b836041559004a629f2cb2a506e53bf04fbdf23
Partially-Implements: blueprint murano-api-wsgi
This commit adds the search package API to api-ref.
Change-Id: I05cbd8d91427549923f51fd4f31bd84cd30f06d4
Partially-Implements: blueprint murano-api-ref
This commit adds the static (actions) API to api-ref.
Change-Id: I7a5e8781f9b2d5cdbecb58c55cf55fb0d2edbb21
Partially-Implements: blueprint murano-api-ref
This commit implements policy in code for categories
API. The default rules for the categories API were
removed from the policy.json and moved into code under
murano.common.policies.category.
This commit specifically:
- Moves policy actions related to the categories
API from the policy.json into code.
- Documents the API information and paths associated with
each category-related policy.
Partially Implements: blueprint policy-in-code
Change-Id: I7171369650d7d55ed44154481d03d48153f3640a
This commit implements policy in code for deployments
API. The default rules for the deployments API were
removed from the policy.json and moved into code under
murano.common.policies.deployment.
This commit specifically:
- Moves policy actions related to the deployments
API from the policy.json into code.
- Documents the API information and paths associated with
each deployment-related policy.
Partially Implements: blueprint policy-in-code
Change-Id: I246261b6df4b5225b67499c89281b942013007ed
This commit implements policy in code for packages
API. The default rules for the packages API were
removed from the policy.json and moved into code under
murano.common.policies.env_template.
This commit specifically:
- Moves policy actions related to the packages
API from the policy.json into code.
- Documents the API information and paths associated with
each package policy.
Partially Implements: blueprint policy-in-code
Change-Id: I9a091606bec7c74ce7cf53fd327a2a40c6b9c364
This commit implements policy in code for the environment templates
API. The default rules for the environment templates API were
removed from the policy.json and moved into code under
murano.common.policies.env_template.
This commit specifically:
- Moves policy actions related to the environment templates
API from the policy.json into code.
- Documents the API information and paths associated with
each environment template policy.
- Updates the ``create_environment`` policy action documentation
in murano.common.policies.environment to include API
/v1/templates/{env_template_id}/create-environment
which enforces this policy as well.
Partially Implements: blueprint policy-in-code
Change-Id: I715f4b0a61fd4404e20b88736a9a4c86fc038b55
This patch introduces the beginning implementation for registering
default policy rules in code. Default rules are defined under
murano.common.policies. Each API's policies are defined in a
sub-folder under that path and __init__.py contains all the
default policies in code which are registered in the ``init``
enforcer function in murano/common/policy.py.
The default rules for the environments API was removed from the
policy.json and moved into code under
murano.common.policies.environment. This can be gradually done
for the rest of the APIs in follow-up patches.
This commit does the following:
- Creates the ``policies`` module that contains all the default
policies in code.
- Adds the base policy rules into code (the admin_api,
context_is_admin, and default rules).
- Adds the environment default policy module with default
policy rules for the environments API.
Partially Implements: blueprint policy-in-code
Change-Id: Iebf2c60d1d31b73829fad189ada7ceee28e714bd