Use the generic RequestLimitExceeded exception when possible
Rather than having lots of specific exceptions that all pertain to request
limitation, we can just use the RequestLimitExceeded exception when applicable,
which can also simplify the handling of exception mapping in fault.py.
Steven Hardy [Thu, 12 Sep 2013 11:00:28 +0000 (12:00 +0100)]
Migrate remaining TEXT columns to LONGTEXT
To avoid cases where mysql silently truncates json data
when it is > 2^16 bytes, migrate all remaining TEXT columns
to LONGTEXT, in a similar way to the fix for bug #1210799
Combined with the fix for bug #1215501 which limits the request
body size, we should never truncate, even if mysql is configured
such that it can happen
Use physical_resource_name as Ref for Instance/AS Group
This allows to distinguish groups by stack when using resource
OS::Metering::Alarm with the rule:
matching_metadata: {
'metadata.user_metadata.groupname': { 'Ref': 'WebServerASGroup'}}
The old dbinstance will soon be overtaken by the trove resource.
- The only reason for keeping this around is for people that don't
have trove installed and want to use the AWS resource.
- Seperating it out into a TemplateResource really makes it easier
for deployers and users to customise it.
- The old dbinstance did nothing "special" in python, and was really
one of the first "TemplateResources" as it attempted to convert properties
into parameters. Since this in now done a lot better in the TemplateResource
lets just make use of that.
This will make it easier to migrate to other distros and versions.
At the moment we need the templates installed into /etc/heat/templates
and this is not very nice for the tests. So this patch
replaces "/etc/heat/templates" with the project's own template
path so we can at least test the api of the template resources.
Steve Baker [Thu, 5 Sep 2013 23:39:43 +0000 (11:39 +1200)]
Set a small max_template_size for test_long_yaml
Currently this test takes 22 seconds to run. As the intent
of the test seems to be to assert that limits are enforced,
this change reduces the default limit to speed test execution time.
Steve Baker [Fri, 30 Aug 2013 05:21:56 +0000 (17:21 +1200)]
Only validate credentials on create based on resources
This change relaxes the validation which checked for credentials
on stack create and update.
As implemented, having any of the following resources
in the template will result in credentials being mandatory
on create and update:
* AWS::AutoScaling::ScalingPolicy
* OS::Heat::HARestarter
* AWS::CloudFormation::WaitConditionHandle
For all other templates, credentials are not needed.
When trusts are merged, this logic could also be used to decide
whether a trust token needs to be created at all.
Vijendar Komalla [Thu, 29 Aug 2013 13:59:46 +0000 (08:59 -0500)]
Implement parallel delete
This is first patch in the series to implement parallel delete
and it includes following changes:
1. changing Stack.delete to use stack_task
2. In Resource.delete polling for check_delete_complete
3. Updating unit tests to use TaskRunner for resource.delete and
resource.destroy
This parallelises updates for AWS::CloudFormation::Stack resources, but not
for autoscaling groups. Other types of nested stacks (the old LoadBalancer
and DBInstance resources, and provider templates) have not yet implemented
stack updates.
It was previously impossible to stub out a task with mox, because when the
TaskRunner attempted to get the __name__ attribute it prompted an assertion
in the mock. Using hasattr() instead of getattr() eliminates this issue.
Steven Hardy [Mon, 2 Sep 2013 15:32:40 +0000 (16:32 +0100)]
Migrate stored credentials to keystone trusts
Migrate the stored user_creds, which currently only supports
storing username/password credentials to use the keystone v3
API OS-TRUST extension, which allows explicit impersonation of
users calling heat (trustors) by the heat service user (the
trustee)
Note this feature is made optional via a new config option,
defaulted to off, and it requires the following patches to
keystoneclient (in 0.3.2 release) and keystone to work:
Also note that if the feature is enabled, by setting
deferred_auth_method=trusts in heat.conf, you must add
a keystone_authtoken section, which is also used by the
keystoneclient auth_token middleware.
There is no point in trying to run the py33 unit tests until eventlet is
ported to Python 3. Meanwhile the expected failure means we get a bunch
of garbage and extra lag time when trying to run 'tox' before sending to
gerrit for review/CI checks.
Make error message for InvalidTemplateReference sane
Previously it was more or less incomprehensible. Now it will report the
non-existent resource the uesr tried to reference and the path (starting
with Resources) in the JSON document where the error occurred.
Bartosz Górski [Wed, 14 Aug 2013 10:52:37 +0000 (03:52 -0700)]
Allowing to pass network name to router gateway
This patch allows to pass newtork name instead of network id to create router
gateway. It is really useful feature because often router has gateway as public
network. It is easy to pass the name because id will change after deleting the
network and creating it again.
When getting a database record by ID, it is much more efficient to get() it
directly than to perform a query or the database to obtain the ID (again)
and then get it.
When getting a database record by ID, it is much more efficient to get() it
directly than to perform a query or the database to obtain the ID (again)
and then get it.
Since stack_get() returns only a single record that can be trivially
checked for deletion in code, do this rather than performing a query with a
filter.
Russell Bryant [Fri, 30 Aug 2013 21:57:29 +0000 (17:57 -0400)]
Sync rpc from oslo-incubator
This includes the following changes:
76972e2 Support a new qpid topology 284b13a Raise timeout in fake RPC if no consumers found 9721129 exception: remove 7b0cb37 Don't eat callback exceptions 69abf38 requeue instead of reject
Jeff Peeler [Fri, 23 Aug 2013 20:44:37 +0000 (16:44 -0400)]
Make security groups associated with Neutron port work
The security group names are now translated to UUIDs which is required
when using the python API. The lookup has been improved to find
existing security groups not part of the stack as well.
Steven Hardy [Fri, 30 Aug 2013 10:12:24 +0000 (11:12 +0100)]
Remove localhost references from tests
Using localhost in dummy URLs is a bad idea, because if you get
your mocking slightly wrong, some tests try to connect to the
services running in your local test environment.
Code Review / openstack-build / heat-build.git / log