Add support for stateful attribute of security groups,
using --stateful and --no-stateful flag on security group.
This allows a user to create security groups with stateful
false.
Change-Id: Ifd20b5fc47fd0ea0bb5aeda84820dcc0fb1e8847
Blueprint: stateless-security-groups
Depends-On: https://review.opendev.org/711513/
(cherry picked from commit 5e62411e5f)
In the os quota list command, project parameter is completely ignored
ending up in a request to all projects and then all quotas. This patch
enables back the parameter and does a single call to quotas if specified.
Change-Id: Ie17c256e2bdc307dcd94ad5be7abdbffa776d369
Story: 2007422
Task: 39043
(cherry picked from commit 3e83e7471b)
Since the openstack SDK still has the neutron-lbaas entries in the network quota,
but those are already deprecated [1], the 'opentack quota show' command shows those
as None value.
This fix removes those empty deprecated values from the output.
[1] https://review.opendev.org/#/c/658494/
Change-Id: I8dbdba2a029ea8e6a268ddf29627e1466a7e3a8a
(cherry picked from commit e9bd4ef007)
The patch https://review.opendev.org/#/c/673389/ introduced a regression
by changing the osc-lib interface.
Two conflicting attempts to fix the regression were launched:
1) Reverting the patch.
2) The patch https://review.opendev.org/683119 changes the exception
from the generic CommandError back to a specific Forbidden exception.
The patch https://review.opendev.org/683118 catches this exception
and passes on, i.e. re-implements the same behavior as before.
The first idea was implemented, the initial patch reverted. The second
idea was partially implemented. The change in python-openstackclient
(683118) was merged. The change in osc-lib was approved but failed to
merge because the initial change had been reverted.
Now we have again a situation where the exception produced in osc-lib
does not match the exception expected by the caller.
It is unclear if the osc-lib interface will ever get a rebased version
of https://review.opendev.org/683119 merged, so the safest way to
address the issue is to also catch the exception that used to be
thrown before the inital change and is again thrown after the inital
change has been reverted.
Change-Id: I2ea2def607ec5be112e42d53a1e660fef0cdd69c
(cherry picked from commit 0a8753dc3e)
Keystone let's users remove role assignments that reference non-existent
users and groups. This is nice when keystone backs to an identity store
like LDAP and users or groups are removed.
Previously, openstackclient would validate the user and group existed in
keystone before sending the request to delete the role assignment. This
commit updates the code to bypass that validation so that users can use
IDs to forcibly cleanup role assignments.
Change-Id: I102b41677736bbe37a82abaa3c5b3e1faf2475d5
Story: 2006635
Task: 36848
(cherry picked from commit e246732670)
I was writing some additional functionality and noticed these tests were
missing. This commit adds tests for adding and removing system role
assignments for users and groups.
Change-Id: I30fdc6ec55e1eb1cfa55f4cbf92c3f001d89865f
(cherry picked from commit a8aad9fec8)
assertItemsEqual was removed from Python's unittest.TestCase in
Python 3.3 [1][2]. We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.
[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277
Change-Id: I1ad0da8deda3a8cbec384b5a9c88860a526eb48c
(cherry picked from commit a15b1addb4)
When we use "--property" parameter, client get lists these the
value is string type, but the type of the value 'is_domain'
should be boolean, so we should judge it and parse it.
The patch parse string to boolean for value 'is_domain'.
Co-Authored-By: Lance Bragstad <lbragstad@gmail.com>
Conflict:
Direct backports of this patch fail because the original tests
proposed to the Victoria (master) branch included keystone
``options``. Support for ``options`` was added in:
I9c3bdd741f28bf558267fb217818d947597ce13e
This backport removes the ``options`` key from the expected values in
the tests since feature support for ``options`` isn't going to be
backported. Otherwise, the functionality of this change is fully
tested like it is on later releases.
Change-Id: I37c9eb854524bde3a1530bfe2e3a03810fb1a676
Task: 30039
Story: 2005246
(cherry picked from commit 533af9f1b2)
Squashed two changes together since both are needed to fix jobs:
Resolve PEP8
No idea how this happened, but reviews started failing the
pep8 gate job. The failures are legitimate, see the commit.
I guess the pep8 tests became smarter and found these issues.
(cherry picked from commit 52ff421e3d)
Add libc6-dev to bindep
The python-builder base image was updated to no longer install
recommends. This is inline with the other Infra images and keeps
image sizes smaller. gcc recommended libc6-dev - but it turns out
we need that for limits.h for one of our depends. Add it to fix
our image builds.
(cherry picked from commit 97d027caec)
Change-Id: Id9a0dad644134dafd68eed37fe8f41c583d7a619
There is a much deeper and systemic issue going on here, but let's
start with fixing the immediate issue which is that adding a project
to an image fails trying to look up project information even if the
user passes the project id by id.
_is_uuid_like from sdk isn't perfect, but it'll be good enough
for this.
Change-Id: I541416d737b961c56aa2f584c172528632fd5537
In https://review.opendev.org/#/c/650374/ a work has been started to
switch image service support from glanceclient with all it's
dependencies to the SDK version. With this change version 1 (anyway
deprecated since ages) is also being switched to SDK.
Change-Id: Ic391500af02a73d81d64a9e9113cca85c9e24390
I'm guessing we should do this for everyone, but we have volume on
the brain right now. Rackspace is in the weird situation where
they do support v2 but only have v1 in the catalog (wut) So we
need to override the block-storage enpdoint by config. To do that,
we need to actually honor the config setting over here in OSC.
NOTE: We need to systemically overhaul how we're injesting config
over here - because there's too much variation. But we can leave
that for another day.
Story: 2007459
Task: 39137
Change-Id: Ifddf1ddd5abaa768ab18049c09d18bc269f3a4f5
This is a work to switch OSC from using glanceclient to OpenStackSDK.
With this change only v2 is using OpenStackSDK. V1 is still using
glanceclient and will be switched in a separate change.
Remove the direct depend on keystoneauth- let that flow through
openstacksdk.
Depends-on: https://review.opendev.org/#/c/698972
Change-Id: I36f292fb70c98f6e558f58be55d533d979c47ca7
This function should return an ordered set of ranges based on an
unordered list of numbers (int or str).
Change-Id: I918c8befc51236cc33d96a5c88fb6eafdd143e9c
Story: 2007341
Task: 38878
This new query parameter will allow to send a query sending the
"fields" parameter. This "fields" parameter contains the needed
API fields, translated into OVO fields in Neutron server, that
require to be retrieved from the DB.
As commented in the related bug, the OSC "list" command only
prints five parameters, none of them the security group rules. In
systems with a reasonable amount of security groups, skipping the
unnecessary rule load can save a lot of time.
Depends-On: https://review.opendev.org/#/c/710820/
Change-Id: I16f48e292997d029d68f66365db949b9f4b5a0c8
Closes-Bug: #1865223
The ``--default`` option should be only used for external network.
Default internal network is not currently supported so we disallow
it for now.
Change-Id: Ia9d39b40e1e041d7bda0f6a27d058e382b572e1a
Closes-Bug: #1745658
+ Add CLI option to specify swift storage policy
+ Add CLI flag to specify container uses public read ACLS
+ Show storage policy in container show data
Change-Id: I08ffa0d98bd39d467aa415771675f59bd77768ff
Added "qos_network_policy_id" to "port show" command. Because this is
just a read-only parameter and is read from the SDK port definition,
this patch only modifies the corresponding tests.
This patch is adding this new parameter to the test bench.
Change-Id: Ice7423e0e0b98a39cc36622b70eae5a8493a037c
Closes-Bug: #1851362
Does what it says on the tin. This action was added to osc-lib in change
If73cab759fa09bddf1ff519923c5972c3b2052b1.
Change-Id: I51efaa096bb26e297d99634c5d9cca34c0919074
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The '--hint' option for 'server create' expects a key-value pair like so:
openstack server create --hint group=245e1dfe-2d0e-4139-80a9-fce124948896 ...
However, the command doesn't complain if this isn't the case, meaning
typos like the below aren't indicated to the user:
openstack server create --hint 245e1dfe-2d0e-4139-80a9-fce124948896
Due to how we'd implemented this here, this ultimately results in us
POSTing the following as part of the body to 'os-servers':
{
...
"OS-SCH-HNT:scheduler_hints": {
"245e1dfe-2d0e-4139-80a9-fce124948896": null
}
...
}
Which is unfortunately allowed and ignored by nova due to the use of
'additionalProperties' in the schema [1]
Do what we do for loads of other options and explicitly fail on invalid
values. This involves adding a new argparse action since none of those
defined in osc-lib work for us. This is included here to ease
backporting of the fix but will be moved to osc-lib in a future patch.
[1] https://github.com/openstack/nova/blob/19.0.0/nova/api/openstack/compute/schemas/servers.py#L142-L146
Change-Id: I9e96d2978912c8dfeadae4a782c481a17cd7e348
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Story: #2006628
Task: #36840
Related-Bug: #1845322
This commit introduces the --access-rules option for 'application
credential create' as well as new 'access rule' commands for listing,
showing, and deleting access rules.
bp whitelist-extension-for-app-creds
Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa
This patch updates the network modules to use the new
osc_lib.utils.tags module and removes the in tree _tag.py version.
A previous patch[1] moves the _tag.py code to osc-lib to allow other
projects to leverage the code.
[1] https://review.opendev.org/662859
Change-Id: Id0c34029e327de50c5fd2732bae5fbf45bbd16ee
Follow-up to https://review.opendev.org/#/c/679834/ which
added the options and lacked both a release note and
minimal option-handling unit tests.
Change-Id: Ibb2820add9b2fedaf5a8b1a77babf043f6641724
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
We had this library capped at a release that is a few years old. Now
that we have dropped py2 testing, we can pick up the latest version.
This uncovered a few things to clean up. Mostly the fact that mock is
now a part of the StdLib unittest since Python 3.3.
Change-Id: I27484dd4c25378413ff16e97a35a1a46062357bc
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
