Adds a value for http-timeout for drydock, in support
of the long sync /validatedesign invocation without
disconnecting the client.
Change-Id: I482dec7092ca4204accf13913621c7b2e16eeaf9
NOTE: This has become a monolithic commit to get gate
settings/scripts in place for CI
- Add Makefile with UCP standard entrypoints
- Move Dockerfile into images/drydock per UCP standards
- Add values.yaml entries for uWSGI threads and workers
- Add environment variables to chart Deployment manifest
for uWSGI thread and workers
- Add threads and workers specification to uWSGI commandline
in entrypoint
- Test that the Drydock API is responding
- Test that the Drydock API rejects noauth requests
- Fix Makefile utility script to work behind a proxy
Correct task success voting
Some tasks were incorrectly considered partial_success even when
no failure occurred.
- Network configuration erroneously marked messages as errors
- Update result propagation logic to only use the latest retry
The deploy_nodes task ended as incomplete due to a missing
subtask assignment
Also added a node check step to prepare_nodes so that nodes that
are already under provisioner control (MaaS) are not IPMI-rebooted.
Tangential changes:
- added config item to for leadership claim interval
- added some debug logging to bootaction_report task
- fix tasks list API endpoint to generate valid JSON
Improve task concurrency
When tasks are started with a scope of multiple nodes,
split the main task so each node is managed independently
to de-link the progression of nodes.
- Split the prepare_nodes task
- Begin reducing cyclomatic complexity to allow for
better unit testing
- Improved tox testing to include coverage by default
- Include postgresql integration tests in coverage
Closes #73
Change-Id: I600c2a4db74dd42e809bc3ee499fb945ebdf31f6
Move sample config to etc/drydock
Update docs to generate a config with tox
Update configuration for Keystone
- Add config generation to tox.ini
- Fix default in bootdata config
- Add keystone dependencies
- Add config generator config
- Move sample config to a skeleton etc/drydock tree
Use PasteDeploy for WSGI integration
Using keystonemiddleware outside of a PasteDeploy
pipeline is deprecated. Move Drydock to use PasteDeploy
and integrate with keystonemiddleware
Update Falcon context object
Add keystone identity fields to context object
Clean up context marker field
Fix AuthMiddleware for keystone
Update falcon middleware to harvest headers injected
by keystonemiddleware
Fix context middleware
Update context middleware to enforce
a UUID-formatted external context marker
Lock keystonemiddleware version
Lock keystonemiddleware version to the Newton release
Sample drydock.conf with keystone
This drydock.conf file is known to integrate successfully
with Keystone via keystonemiddleware and the password plugin
Add .dockerignore
Stop adding .tox environment to docker images
Integrate with oslo.policy
Add oslo.policy 1.9.0 to requirements (Newton release)
Add tox job to generate sample policy.yaml
Create DrydockPolicy as facade for RBAC
Inject policy engine into API init
Create a DrydockPolicy instance and inject it into
the Drydock API resources.
Remove per-resource authorization
Update Drydock context and auth middleware
Update Drydock context to use keystone IDs instead of names as required
by oslo.policy
Update AuthMiddleware to capture headers when request provides
a service token
Add RBAC for /designs API
Add RBAC enforcement for GET and POST of
/api/v1.0/designs endpoint
Refactor check_policy
Refactor check_policy into the base class
Enforce RBAC for /designs/id endpoint
Enforce RBAC on /designs/id/parts endpoint
Enforce RBAC on /designs/id/parts/kind
Enforce RBAC on /designs/id/parts/kinds/
Enforce RBAC on /tasks/ endpoints
Create unit tests
- New unit tests for DrydockPolicy
- New unit tests for AuthMiddleware w/ Keystone integration
Address impacting keystonemiddleware bug
Use v4.9.1 to address https://bugs.launchpad.net/keystonemiddleware/+bug/1653646
Add oslo_config fixtures for unit testing
API base class fixes
Fix an import error in API resource base class
More graceful error handling in drydock_client
Create shared function for checking API response status codes
Create client errors for auth
Create specific Exceptions for Unauthorized
and Forbidden responses
Ignore generated sample configs
Lock iso8601 version
oslo.versionedobjects appears to be impcompatible with
iso8601 0.1.12 on Python 3.2+
Update docs for Keystone
Note Keystone as a external depdendency and
add notes on correctly configuring Drydock for
Keystone integration
Add keystoneauth1 to list_opts
Explicitly pull keystoneauth password plugin
options when generating a config template
Update reference config for keystone
Update the reference config template
for Keystone integration
Add keystoneauth1 to requirements
Need to directly include keystoneauth1 so that
oslo_config options can be pulled from it
Update config doc for keystoneauth1
Use the keystoneauth1 generated configuration options
for the configuration docs
Remove auth options
Force dependence on Keystone as the only authentication
backend
Clean up imports
Fix how falcon modules are imported
Default to empty role list
Move param extraction
Enforce RBAC before starting to parse parameters
Implement DocumentedRuleDefault
Use DocumentedRuleDefault for policy defaults at request
of @tlam. Requires v 1.21.1 of oslo_policy, which is tied
to the Pike openstack release.
Change sample output filenames
Update filenames to follow Openstack convention
Fix tests to use hex formatted IDs
Openstack resource IDs are not hyphenated, so update
unit tests to reflect this
Fix formating and whitespace
Refactor a few small items for code review
Update keystone integration to be more
robust with Newton codebase
Centralize policy_engine reference to
support a decorator-based model
RBAC enforcement decorator
Add units tests for decorator-based
RBAC and the tasks API
Minor refactoring and format changes
Change-Id: I35f90b0c88ec577fda1077814f5eac5c0ffb41e9