Single create was accepted on the condition that some unit test coverage was
added afterward. In testing I found a few errors involving the "pop" method,
and included those fixes here.
Closes-Bug: #1551427
Change-Id: If6dc8521ecf3bd194638f163e128fa2015320da8
Added hacking check to ensure not to use xrange. Also,
fixed issues with EoF missing newline [W391].
Change-Id: Iba8d240c042e46cb34eb6ed057534d62efb6f903
Closes-Bug: #1538118
Since single-create utilizes the existing objects already documented, I added an
example for the request and response, and indicated to look for more details
in the appropriate object's section.
Change-Id: Icdf7f21867457e22086f9c44ab657f95617bee1a
Closes-Bug: #1551428
The API WSME Types all inherit a to_dict method that accepts as a parameter
render_unsets. It is currently set to True by default but should be False for
consistency and also because it just makes better sense. This has caused some
unnecessary workarounds and work before it was known this existed.
Closes-Bug: 1555493
Change-Id: Idd21a003c0b1e3092f979013f8c19d75f17d0249
We were using inconsistent type checking for the project_id in various
API endpoints. This could lead to erratic behavior if some API requests
specified the project_id UUID with hyphens and some without hyphens and
normlization occurred.
This patch changes this behavior to use consistent type checking for the
project_id for all API endpoints. Since this bug is a regression that is
less than 2 weeks old, I've also introduced a few unit tests which
should ensure we don't have another regression of the desired behavior
anytime soon.
Change-Id: I4c3ec52c01547196160e977029ecc5ded97c79ed
Closes-Bug: #1555401
Currently Octavia cannot validate against SSL service endpoints,
which would be keystone, neutron, nova and glance in this case.
This patch adds a config option under nova, neutron and glance
sections to read the specified CA certificate files
for validation. It's slightly different in the case of glance,
because glance session method invocations depend on the endpoint
URL whether it starts with HTTP or HTTPS.
Also added is the "insecure" option for these services in case
the cert validation needs to be skipped.
For keystone, we read config params from keystone middleware. Thus,
instead of defining a new config option, we can make use of it's
pre-defined "cafile".
Barbican is not added because we do not yet have a barbican endpoint
override in it's config. This could be added in the future as a
separate patch, if needed.
Lastly, unrelated to the above, fixes the amphora REST api default
bind_port in octavia.conf
Change-Id: Id57672a3dc7c962b8ee07db0cb7a743041082c66
Closes-Bug: #1552987
This patch removes an unused configuration option
"haproxy_cert_dir" that was flagged as a potential security
risk.
Change-Id: I31af43e8265431767544802451d9b5c297d83d28
Closes-Bug: #1548556
Note: The only lines not tested in this have to do with the _lookup
method for manipulating L7 rules. Hence the reason the unit test here
ended up in the l7rule.py test file.
Closes-Bug: #1549003
Change-Id: I0c7325a7a974be51d4c57c3d430cad959a09250e
The L7Policy API type checker presently lists the redirect_pool_id
parameter as StringType(). While this is not incorrect, it is more
correct to call it a UuitType().
In addition to the above change, I removed unnecessary string length
checking on string response parameters.
No tests needed updating, as we already have good test coverage of the
validations we do on the redirect_pool_id in the L7Policy API.
Change-Id: I2bf70b51c6bc0949165f8af31c7d47c3407df08b
Closes-Bug: 1549013
For reasons of pure practicality, it is not a good idea to allow tenants
to create arbitrarily long lists of l7rules on their l7policies. After a
brief discussion we decided that 50 rules is good limit, especially
given that we expect most practical uses of L7 functionality to entail 1
to 4 rules per policy at most.
This commit also fixes a minor bug I noticed in the L7 rule API tests,
and cleans up the L7Rule API rule response specification.
Change-Id: I28b8161e85b9e86d4c44be3d48cbf94a3ce631f3
Closes-Bug: 1549100
This patch adds release notes for a feature added early in Mitaka.
Change-Id: If85d90ff30175011365da77776276a837a9fb252
Implements: blueprint activepassiveamphora
Our present amphora image create scripts set up the ssh daemon on the
amphora to bind to the wildcard interface (which is the default).
However, this causes problems for anyone who tries to set up a listener
on TCP port 22, since haproxy will not be able to bind to the same IP.
This patch introduces a dhclient post-bind script to the amphora image
to gracefully rebind the SSH-daemon to only the load balancer management
net IP when it comes up on the network, solving the above use case. This
patch has the secondary benefit of making the amphora's SSH daemon only
respond to requests on the management network, which incrementally
increases the security of the amphora.
Change-Id: Iab93cec1f4dc4a2e37ad3cb8a92c132383dcda6a
Closes-Bug: #1551505
Testing of the API shows that it didn't react well to having
non-essential parameters set to 'None' in update requests. This
patch moves L7Policy validations much sooner in the update process
(ie. we catch them at the API), and otherwise reorganizes most of
the L7Policy validation code into the common validations file both so
that it can be called from various locations in the code base, and
so that we can have an easier time unit testing the validation code.
Closes-Bug: 1550913
Change-Id: I7c14a8cef3d74b2b8d6f4d1ec4f6f9f32f96b9ad
Swift is not default enabled by devsatck, and it is not used
by Octavia by default too. The content in the sample local.conf
is useless.
Change-Id: Ie3accb5c1be455f0212fbc07d4f5c26a55529b3c
Deprecated amp_image_id option with the new amp_image_tag option.
Also switched devstack plugin to rely on the tag to update the image
used for new load balancers.
Implements: blueprint use-glance-tags-to-manage-image
Change-Id: Ibc28b2220565667e15ca2b2674e55074d6126ec3
The previously-merged patches for L7 and shared pools did not include
release notes. This commit adds the missing release notes.
Change-Id: I0c216addf9e85d512fd2fe689db1e819d183b36c
Partially-Implements: blueprint lbaas-l7-rules
