Client certificate authentication will replace basic authentication.
A single client certificate will be generated by admin for the
configuration agent (openstack, container,..).
This commit focuses on certificate generation and coordination of
certificate management on backend, storage and in the agent itself.
Adding constraints support to libraries is slightly more complex than
services as the libraries themselves are listed in upper-constraints.txt
which leads to errors that you can't install a specific version and a
This change adds constraints support by also adding a helper script to
edit the constraints to remove vmware-nsxlib.
Sometimes function under test makes multiple calls to the backend,
and being able to provide list of different responses would improve
Upon startup we inquire the backend for the list of firewall section, as
we want to find the specific default section.
Because the firewall section should be located at the bottom, it is more
likely it is located at the end of the list, thus iterating the list in
reversed fashion may save few cycles on startup.
Following OpenStack Style Guidelines:
[H203] Unit test assertions tend to give better messages for more
specific assertions. As a result, assertIsNotNone(...) is preferred
over assertNotEqual(None, ...) and assertIsNot(None, ...)
The method "init_default_section" isn't used and was replaced priviously
with "init_default" method under the the class NsxLibFirewallSection in
the same module.
When updating the name of a router, the name of associated router
ports should also be updated. The current code has a bug that also
tries to update the attachment at the same time. This patch fixes
For allowed address pairs to be functional on NSXv3 plugin, we
need to enforce both Spoof Guard and MAC Learning switching
profile. MAC Learning is used to learning the mac address and
spoof guard is used for switch security to ensure only added
allowed address pairs to be allowed on this port.
Moreover, during fix bug #1631540, we removed the parameter
"mac_change_allowed". After further discussion with NSX team,
it doesn't have negative effect to add it back. The value it can
bring is to support guest VM on ESX host to change MAC address (
the mac_address still needs to be in allowed address pairs) on the
(Cherry picked from: I2c725df74835165587170f6136c06494d1bfcf7b)
We are replacing all usages of the retrying package with
tenacity with an end goal of removing the retrying package
from our requirements.
(Cherry picked from: Ie1b082848ac6153d29af7779de914071dc8c1ba5)
The NSX3Client did not get the nsx managers IPs, and they where missing
from error messages.
To fix this, and also better fix a similar problem with max_attempts,
the client init method may get another instance of the client, and copy
relevant information from it.
This option is used by the copy-constructor "new_client_for" without the
RestClient class being aware of arguments relevant only to the NSXClient.
Also adding a new test for a resource error message, to make sure it contains
the nsx_manager ip.
(Cherry picked from : I9e7e28eb5fd69ace44547d40cf8cd09e2457c5ed)
Support configuration of name or uuid (instead of only uuid) for
2 nsx_v3 parameters: dhcp_profile, metadata_proxy.
nsxlib part was cherry picked from: Ife6263b7cf1759a2fc309205552eb79138d512a1
Releasenote translation publishing is being prepared. 'locale_dirs'
needs to be defined in conf.py to generate translated version of the
Note that this repository might not get translated release notes - or
no translations at all - but we add the entry here nevertheless to
prepare for it.
Remove old and unused constraints environments from tox.ini. Those
have never been used. Use standard environments as default list.
Note that the repo has in the past not used constraints in OpenStack
CI, this change keeps the status quo.
For more information about constraints see: