This adds descriptions to the properties of:
* OS::Neutron::VPNService
* OS::Neutron::IPsecSiteConnection
* OS::Neutron::IKEPolicy
* OS::Neutron::IPsecPolicy
as well as gettext wrapping for the attributes description
Use the generic RequestLimitExceeded exception when possible
Rather than having lots of specific exceptions that all pertain to request
limitation, we can just use the RequestLimitExceeded exception when applicable,
which can also simplify the handling of exception mapping in fault.py.
In order to limit a stack's size in future changes, we need to know
how many resources are already in the stack. We also need to be able
to find the root stack object of a nested stack.
Steven Hardy [Thu, 12 Sep 2013 11:00:28 +0000 (12:00 +0100)]
Migrate remaining TEXT columns to LONGTEXT
To avoid cases where mysql silently truncates json data
when it is > 2^16 bytes, migrate all remaining TEXT columns
to LONGTEXT, in a similar way to the fix for bug #1210799
Combined with the fix for bug #1215501 which limits the request
body size, we should never truncate, even if mysql is configured
such that it can happen
Currently if defined SecurityGroups and SubnetId properties for
instance in heat template, the SecurityGroups were not associated
to the port created within the previous SubnetId, in another word,
the instance are not allocated to the specified security groups
defined in heat template.
* Modifies function _build_nics() in instance.py, adding an item
'security_groups' in the post body of create_port sending by neutronclient.
* Adds a new function _get_security_groups_id() to map security_groups
names to ids.
* Adds corresponding unit tests.
Use physical_resource_name as Ref for Instance/AS Group
This allows to distinguish groups by stack when using resource
OS::Metering::Alarm with the rule:
matching_metadata: {
'metadata.user_metadata.groupname': { 'Ref': 'WebServerASGroup'}}
Previously if any exceptions accidentally made their way to
eventlet.wsgi.server's response handler it would print their traceback.
We only want to show users tracebacks in debug mode. In production we
want them suppressed.
API services currently send the traceback to clients. While the client
hides it from user view, it is still present in the response, exposing
the service to details of the engine that administrators likely would
not like to have exposed.
The old dbinstance will soon be overtaken by the trove resource.
- The only reason for keeping this around is for people that don't
have trove installed and want to use the AWS resource.
- Seperating it out into a TemplateResource really makes it easier
for deployers and users to customise it.
- The old dbinstance did nothing "special" in python, and was really
one of the first "TemplateResources" as it attempted to convert properties
into parameters. Since this in now done a lot better in the TemplateResource
lets just make use of that.
This will make it easier to migrate to other distros and versions.
At the moment we need the templates installed into /etc/heat/templates
and this is not very nice for the tests. So this patch
replaces "/etc/heat/templates" with the project's own template
path so we can at least test the api of the template resources.
Steve Baker [Thu, 5 Sep 2013 23:39:43 +0000 (11:39 +1200)]
Set a small max_template_size for test_long_yaml
Currently this test takes 22 seconds to run. As the intent
of the test seems to be to assert that limits are enforced,
this change reduces the default limit to speed test execution time.
Steve Baker [Fri, 30 Aug 2013 05:21:56 +0000 (17:21 +1200)]
Only validate credentials on create based on resources
This change relaxes the validation which checked for credentials
on stack create and update.
As implemented, having any of the following resources
in the template will result in credentials being mandatory
on create and update:
* AWS::AutoScaling::ScalingPolicy
* OS::Heat::HARestarter
* AWS::CloudFormation::WaitConditionHandle
For all other templates, credentials are not needed.
When trusts are merged, this logic could also be used to decide
whether a trust token needs to be created at all.
Vijendar Komalla [Thu, 29 Aug 2013 13:59:46 +0000 (08:59 -0500)]
Implement parallel delete
This is first patch in the series to implement parallel delete
and it includes following changes:
1. changing Stack.delete to use stack_task
2. In Resource.delete polling for check_delete_complete
3. Updating unit tests to use TaskRunner for resource.delete and
resource.destroy
This parallelises updates for AWS::CloudFormation::Stack resources, but not
for autoscaling groups. Other types of nested stacks (the old LoadBalancer
and DBInstance resources, and provider templates) have not yet implemented
stack updates.
It was previously impossible to stub out a task with mox, because when the
TaskRunner attempted to get the __name__ attribute it prompted an assertion
in the mock. Using hasattr() instead of getattr() eliminates this issue.
Steven Hardy [Mon, 2 Sep 2013 15:32:40 +0000 (16:32 +0100)]
Migrate stored credentials to keystone trusts
Migrate the stored user_creds, which currently only supports
storing username/password credentials to use the keystone v3
API OS-TRUST extension, which allows explicit impersonation of
users calling heat (trustors) by the heat service user (the
trustee)
Note this feature is made optional via a new config option,
defaulted to off, and it requires the following patches to
keystoneclient (in 0.3.2 release) and keystone to work:
Also note that if the feature is enabled, by setting
deferred_auth_method=trusts in heat.conf, you must add
a keystone_authtoken section, which is also used by the
keystoneclient auth_token middleware.
There is no point in trying to run the py33 unit tests until eventlet is
ported to Python 3. Meanwhile the expected failure means we get a bunch
of garbage and extra lag time when trying to run 'tox' before sending to
gerrit for review/CI checks.
Code Review / openstack-build / heat-build.git / log