3684 Commits

Author SHA1 Message Date
Paul Bourke
9248605e67 Add decryptData yaql function to murano engine
Adds a new yaql function 'decryptData' which pairs with 'encryptData' on
the dashboard side.

Requires a valid secret storage backend (e.g. Barbican) to be configured
via Castellan in murano.conf, e.g.

    [key_manager]
    auth_type = keystone_password
    auth_url = <auth_url>
    username = <username>
    password = <password>
    project_id = <project_id>
    user_domain_name = <user_domain_name>

Murano will still work fine without this config but the encrypt/decrypt
functions will be unavailable.

Partially-Implements blueprint: allow-encrypting-of-muranopl-properties
Depends-On: I1be3a1e11e3f4c2170062927ad359bf679eb25d9
Change-Id: I09416b6d35ed2dafa823eca98262a4e23081e6eb
2017-07-21 13:32:13 +01:00
zhurong
9cb54690e9 Adapt murano documentation for new standards
This patch set makes the following changes:
 * using the new standards
 * Update doc/source/index.rst with new links
 * Move content of install-guide to the doc/source/install

Change-Id: Ic16671191832d949d2ea0626dcbf334ba60c56ef
2017-07-11 11:38:08 +08:00
Jenkins
5b51862ab7 Merge "Mark doc warnings as errors" 2017-07-10 17:22:14 +00:00
Kirill Zaitsev
aafd1f0a9d Mark doc warnings as errors
This commit sets warning-is-error for sphinx_build in setup.cfg and also
fixes multiple warnings to make the build pass

* Removed :option: see https://docs.openstack.org/contributor-guide/rst-conv/inline-markups.html#option
* Removed stale and unreferenced documents
* Marked telnet_example as orphan
* Added first-app to the index
* multiple code-block fixes

Change-Id: I9c659860fcb4f29fba5f7f07a6a952becfc354da
2017-07-07 12:49:04 +03:00
zhurong
0c42290126 Unskip test_deploy_app_with_volume_creation test
1.Unskip test_deploy_app_with_volume_creation test
2.change flavor from m1.small to m1.tiny, to reduce the
test failing chances.

Closes-Bug: #1701230

Change-Id: Ib996bf50e1b7d542b98cf9d7125b824771c143d6
2017-07-07 08:34:23 +00:00
zhurong
df8002303f Make murano user has admin role
murano user will as the trustee user, need have privilege to get_project,
So need the the admin role.

Change-Id: Ie1c876675322e31349c9815fa45e15128eb4856d
Closes-Bug: #1702594
2017-07-06 10:43:45 +08:00
Margarita Shakhova
9a4bafa5d4 Add dsl_iterators_limit config option
To remove hardcoded constant called 'ITERATORS_LIMIT', that can be
exceeded (2000) having big amount of objects. It is easy to achieve
in big cloud with user that is allowed to view lots of resources.

Change-Id: I818561ca044bad505402b69d22a41ea892e15fcc
Closes-Bug: #1690179
2017-07-05 23:40:27 +00:00
Jenkins
0b35823605 Merge "Use default credentials if None has been passed" 2017-07-05 11:25:05 +00:00
Sofiia Andriichenko
2bee51e99a Use default credentials if None has been passed
Reason - credentials do not load  on import in tempest plugin clients.py


Change-Id: I0303d9c7c9d1b35486874ea999dc36b2430c6ac4
Closes-Bug: #1701255
2017-07-03 13:39:18 +00:00
bhavani.cr
b5347a103a Add Apache License Content in index.rst
Add Apache License 2.0 Content which is necessary
for ./releasenotes/source/index.rst.

Change-Id: Ie6567da1be069c3af639a8cce715235ccd34dbe8
2017-06-30 16:33:40 +00:00
Andreas Jaeger
d26e77908a Use openstackdocstheme everywhere
Update to use current 1.11 version of openstackdocstheme for all
documents.

Change-Id: I9e615e48267f61769a73268624e1c6b86c100da6
2017-06-30 11:09:07 +00:00
Kirill Zaitsev
8fcf417d1c Skip cinder volume creation test
The tempest test  is currently broken and blocks the gate.
This commit adds expectedFailure decorator around it.
So when the bug is fixed we would not forget to unskip the test.

Change-Id: Id3adbf59e116e2d73c74e782a345c7ca8d6fa41e
Related-Bug: #1701230
2017-06-29 13:45:46 +00:00
Jenkins
6e3ea6cdfc Merge "Use tempest.test.BaseTestCase for murano tempest tests" 2017-06-26 13:05:06 +00:00
Felipe Monteiro
fb3c5625df Remove long-ago deprecated show_categories
The API catalog endpoint `show_categories` was deprecated back
in Liberty cycle. It should be removed.

This commit removes the deprecated endpoint `show_categories`,
removes it from the API router, and removes references to it
in Tempest tests -- which now test `list_categories` instead.

Change-Id: If1bea7448c0d4aa5fdf37c8400323589d73fdb21
2017-06-22 15:58:25 +01:00
Jenkins
792057c5f3 Merge "Add policy sample generation" 2017-06-20 20:17:21 +00:00
Jenkins
9d502d26b4 Merge "Add widget for volume selection" 2017-06-20 06:53:29 +00:00
OpenStack Proposal Bot
6fd43bf81c Updated from global requirements
Change-Id: I59a6308bcb2425e7c78a3ebc19a95c8eec51e46e
2017-06-19 21:05:29 +00:00
Felipe Monteiro
2e8137af5e Use tempest.test.BaseTestCase for murano tempest tests
While Tempest's own plugin documentation recommends that
plugins only consume tempest.lib [0], the BaseTestCase in
tempest.test is more feature-rich, comprehensive, and fault-tolerant
than the BaseTestCase in tempest.lib.

Many plugins like keystone_tempest_plugin already use the
BaseTestCase in tempest.test. Also, QA PTL said it would be
fine to make the transition when asked in IRC [1][2].

This commit specifically:
  - uses the base tempest class pattern specified in
    `tempest.test.BaseTestCase`: skip_checks for skipping tests based
    on environment config settings; setup_clients for instantiating
    clients and client managers; resource_setup for setting up
    class-level resources; and resource_cleanup for cleaning up
    class-level resources
  - removes unusued helpers like verify_nonempty, except in classes
    that explicitly already use it
  - removes clearing credentials in tearDown because the code isn't
    even executed due to a bug introduced by
    I51434685555c1da92401891a60285bf52571b8b5
  - separate admin clients from non-admin clients by using os_admin
    vs os_primary

[0] https://docs.openstack.org/developer/tempest/plugin.html#plugin-structure
[1] http://eavesdrop.openstack.org/irclogs/%23openstack-qa/%23openstack-qa.2017-06-12.log.html#t2017-06-12T20:38:19
[2] http://eavesdrop.openstack.org/irclogs/%23openstack-qa/%23openstack-qa.2017-06-12.log.html#t2017-06-12T21:45:56

Change-Id: Ia09dbc52ba13ca822a539e509e0e517592435aec
2017-06-17 16:13:51 +01:00
Felipe Monteiro
b360bf7ab7 Add policy sample generation
This adds the entry point and config file necessary for using the
oslo.policy sample generation script. It also adds a tox target to
simplify the usage of it. Finally, this commit adds
murano.common.policies.base.list_rules to
murano.common.polices (__init__.py) so that the base rules are
also included in the generated policy file.

Note that the policy sample is generated as a YAML which is
the standard adopted by Nova [0] and Keystone [1] and is now
the standard across OpenStack since Ocata [2]:

    While the old json format policy file is still supported,
    we recommend using the newer YAML format file, more intuitive
    syntax.

The output from tox -egenpolicy will be:

    murano.policy.sample.yaml in murano/etc.

The policy documentation was already updated in
I1a8581a559e4333a74d56a5bdce7e6d1f117907d

[0] e845d66a1b/etc/nova/nova-policy-generator.conf
[1] https://github.com/openstack/keystone/blob/master/config-generator/keystone-policy-generator.conf
[2] https://docs.openstack.org/ocata/config-reference/policy-yaml-file.html#older-json-format-policy

Change-Id: I2356ac0b2033bd83caaf2672189670fc300e55fd
Partially-Implements: blueprint policy-in-code
2017-06-17 16:11:17 +01:00
Jenkins
6b1fb69fb0 Merge "Remove murano default policy.json" 2017-06-17 05:02:39 +00:00
Jenkins
764135fc48 Merge "Fix html_last_updated_fmt for Python3" 2017-06-17 03:03:25 +00:00
devray
b33cb51ea7 Add widget for volume selection
Change-Id: Ife95142a46c3a35dcaee6f08207fca8490b9b005
Depends-On:Ic99443384180c8d0df33e2b7c15b8e56cd086da3
Implements: blueprint volume-selection-ui-element
2017-06-16 17:46:02 -04:00
Vu Cong Tuan
a875b36dc0 Fix html_last_updated_fmt for Python3
html_last_updated_fmt option is interpreted as a
byte string in python3, causing Sphinx build to break.
This patch makes it utf-8 string.

Change-Id: I0a164ea268a4069a7d09c1058008cb97bf9d1275
2017-06-16 21:34:10 +07:00
Jenkins
0bd0bd5a4b Merge "Add 'rm -f .testrepository/times.dbm' command in testenv" 2017-06-16 05:27:26 +00:00
Van Hung Pham
2ee53dcae6 Add 'rm -f .testrepository/times.dbm' command in testenv
Running py2* post py3* tests results in error. Add
'rm -f .testrepository/times.dbm' command in testenv to
resolve this.

Change-Id: I64ad33b0076dd8c12981e966ef8a0c141d18c89d
2017-06-16 03:24:49 +00:00
Felipe Monteiro
fb1a2d5bbe Remove murano default policy.json
This commit removes the murano default policy.json file from
etc/murano and references to it in murano's devstack plugin.
(References to the policy.json in muranodashboard remain
the same).

This commit specifically:
  - removes the default policy.json
  - removes references to it in devstack plugin
  - adds base rules to murano.common.policies.__init__ because
    they are the last rules to be included
  - updates base admin_api rule to is_admin:True from
    is_admin:1 (because the latter was causing issues)
  - updates Murano policy documentation

Partially Implements: blueprint policy-in-code
Depends-On: Ia372983d2bd1010cd19f04061f3276ed16e9c1c9
Change-Id: I1a8581a559e4333a74d56a5bdce7e6d1f117907d
2017-06-16 03:07:49 +00:00
OpenStack Proposal Bot
e18c7bc2ed Updated from global requirements
Change-Id: Ibb53d962b7751f90ba3223fab5eac1175faee280
2017-06-15 16:26:23 +00:00
Jenkins
fa52193c87 Merge "Policy in code for actions/static actions" 2017-06-15 12:15:01 +00:00
Jenkins
08761f9b86 Merge "Add WSGI support script for murano API" 2017-06-14 20:57:02 +00:00
Felipe Monteiro
640f926092 Policy in code for actions/static actions
This commit implements policy in code for (static) actions
API. The default rules for the (static) actions API were
removed from the policy.json and moved into code under
`murano.common.policies.action`.

This commit specifically:
  - Moves policy actions related to the (static) actions
    API from the policy.json into code.
  - Documents the API information and paths associated with
    each actions-related policy.

Partially Implements: blueprint policy-in-code
Change-Id: Ia372983d2bd1010cd19f04061f3276ed16e9c1c9
2017-06-14 19:25:04 +01:00
Jenkins
f5c619261e Merge "docs: Add (static) actions API to api-ref." 2017-06-14 03:23:14 +00:00
Jenkins
192754ac0f Merge "Policy in code for categories" 2017-06-13 15:54:12 +00:00
Jenkins
9bcaaa9a58 Merge "docs: Add search package API to api-ref." 2017-06-12 21:00:10 +00:00
zhurong
7786eb2dc0 Add WSGI support script for murano API
This patch add scripts for running API serces via WSGI.
The follow-up patch will add the devstack install support.

Change-Id: I3b836041559004a629f2cb2a506e53bf04fbdf23
Partially-Implements: blueprint murano-api-wsgi
2017-06-12 13:55:25 +08:00
Felipe Monteiro
cd1a5d7a1d docs: Add search package API to api-ref.
This commit adds the search package API to api-ref.

Change-Id: I05cbd8d91427549923f51fd4f31bd84cd30f06d4
Partially-Implements: blueprint murano-api-ref
2017-06-12 02:22:03 +00:00
Felipe Monteiro
14f3893c98 docs: Add (static) actions API to api-ref.
This commit adds the static (actions) API to api-ref.

Change-Id: I7a5e8781f9b2d5cdbecb58c55cf55fb0d2edbb21
Partially-Implements: blueprint murano-api-ref
2017-06-11 03:08:39 +01:00
OpenStack Proposal Bot
a790aac162 Updated from global requirements
Change-Id: I5ff6817f9710234e980ea71f157790ea83e354ce
2017-06-10 21:40:06 +00:00
Felipe Monteiro
12024a7ae2 Policy in code for categories
This commit implements policy in code for categories
API. The default rules for the categories API were
removed from the policy.json and moved into code under
murano.common.policies.category.

This commit specifically:
  - Moves policy actions related to the categories
    API from the policy.json into code.
  - Documents the API information and paths associated with
    each category-related policy.

Partially Implements: blueprint policy-in-code
Change-Id: I7171369650d7d55ed44154481d03d48153f3640a
2017-06-09 18:11:16 +01:00
Jenkins
ca432ca554 Merge "Policy in code for deployments" 2017-06-09 12:32:45 +00:00
OpenStack Proposal Bot
6949a05e12 Updated from global requirements
Change-Id: I7205b0b49d10879ea492688053fb96e425a24924
2017-06-08 06:02:31 +00:00
Felipe Monteiro
5a06c48d02 Policy in code for deployments
This commit implements policy in code for deployments
API. The default rules for the deployments API were
removed from the policy.json and moved into code under
murano.common.policies.deployment.

This commit specifically:
  - Moves policy actions related to the deployments
    API from the policy.json into code.
  - Documents the API information and paths associated with
    each deployment-related policy.

Partially Implements: blueprint policy-in-code
Change-Id: I246261b6df4b5225b67499c89281b942013007ed
2017-06-07 19:25:48 +00:00
Jenkins
de887f73b2 Merge "Policy in code for packages" 2017-06-07 09:45:31 +00:00
Felipe Monteiro
7a01e294ff Policy in code for packages
This commit implements policy in code for packages
API. The default rules for the packages API were
removed from the policy.json and moved into code under
murano.common.policies.env_template.

This commit specifically:
  - Moves policy actions related to the packages
    API from the policy.json into code.
  - Documents the API information and paths associated with
    each package policy.

Partially Implements: blueprint policy-in-code
Change-Id: I9a091606bec7c74ce7cf53fd327a2a40c6b9c364
2017-06-06 14:02:00 +01:00
Jenkins
f0f6dece9e Merge "Remove dead code" 2017-06-06 12:57:37 +00:00
OpenStack Proposal Bot
4873eaf6af Updated from global requirements
Change-Id: Id5f003cf314beb357b6a8fb542843f5784984d6b
2017-06-05 17:23:10 +00:00
Felipe Monteiro
f8c346230c Policy in code for environment templates
This commit implements policy in code for the environment templates
API. The default rules for the environment templates API were
removed from the policy.json and moved into code under
murano.common.policies.env_template.

This commit specifically:
  - Moves policy actions related to the environment templates
    API from the policy.json into code.
  - Documents the API information and paths associated with
    each environment template policy.
  - Updates the ``create_environment`` policy action documentation
    in murano.common.policies.environment to include API
    /v1/templates/{env_template_id}/create-environment
    which enforces this policy as well.

Partially Implements: blueprint policy-in-code
Change-Id: I715f4b0a61fd4404e20b88736a9a4c86fc038b55
2017-06-02 17:16:03 +01:00
OpenStack Proposal Bot
458436040f Updated from global requirements
Change-Id: I8d1c059cb29383cc1027bcd8ae0f9511c8c5c42c
2017-06-01 17:53:51 +00:00
Paul Bourke
02d7a9cf39 Remove dead code
These functions are not used anywhere.

Change-Id: I6428cb056e59d1510e80e9dd463d1d133b32529c
2017-06-01 16:49:44 +01:00
Jenkins
a5d8b7c022 Merge "Policy in code" 2017-06-01 04:06:09 +00:00
Felipe Monteiro
5b01f9464b Policy in code
This patch introduces the beginning implementation for registering
default policy rules in code. Default rules are defined under
murano.common.policies. Each API's policies are defined in a
sub-folder under that path and __init__.py contains all the
default policies in code which are registered in the ``init``
enforcer function in murano/common/policy.py.

The default rules for the environments API was removed from the
policy.json and moved into code under
murano.common.policies.environment. This can be gradually done
for the rest of the APIs in follow-up patches.

This commit does the following:
  - Creates the ``policies`` module that contains all the default
    policies in code.
  - Adds the base policy rules into code (the admin_api,
    context_is_admin, and default rules).
  - Adds the environment default policy module with default
    policy rules for the environments API.

Partially Implements: blueprint policy-in-code

Change-Id: Iebf2c60d1d31b73829fad189ada7ceee28e714bd
2017-05-31 15:20:18 +00:00