Zane Bitter [Sun, 17 Jun 2012 14:05:57 +0000 (16:05 +0200)]
Get stacks from the DB by either name or id
This code was previously misleading, as it appeared to get stacks by id,
but actually got them by name. This patch adds a separate API, so
get_stack() gets the stack by id and get_stack_by_name() gets it by name.
Zane Bitter [Fri, 15 Jun 2012 14:19:08 +0000 (16:19 +0200)]
Fix latest DB migration script
Unfortunately, as long as the user_creds_id column is not nullable the
script will still fail if there is data in the database. However with this
patch it is at least left in a recoverable state. Also, downgrades now
work.
Zane Bitter [Tue, 12 Jun 2012 14:23:35 +0000 (16:23 +0200)]
Raise NotFound exceptions from database
Raise a specific exception (NotFound) if something is not found in the
database. Then we can match on this exception, rather than searching the
error message (which effectively makes the text of error messages part of
the API).
Zane Bitter [Tue, 5 Jun 2012 07:46:10 +0000 (09:46 +0200)]
Tidy up Resource creation and deletion
Most of this code is common between resources, so put it in the parent
Resource class and have subclasses provide handle_create()/handle_delete()
methods for all their extra needs.
Ian Main [Fri, 15 Jun 2012 00:46:12 +0000 (17:46 -0700)]
Add a user creds database table and associate stacks with username.
This patch takes the credentials passed in from the context and allows
you to store them in the database in the 'user_creds' table for later
use with HA operations. It also adds a 'username' to the stack table
for direct comparison and user validation to support per-user stacks.
Steven Hardy [Wed, 13 Jun 2012 14:45:46 +0000 (15:45 +0100)]
heat API : return response body as XML not JSON
AWS API returns response as XML, this implements a new response serializer which
turns dicts returned from the engine into AWS style XML responses. Ref #125.
Updated following review comment.
Change-Id: I8170ed814be0b5cea98761a2723e12be216374a3 Signed-off-by: Steven Hardy <shardy@redhat.com>
Ian Main [Tue, 12 Jun 2012 23:37:26 +0000 (16:37 -0700)]
Pass Full Credentials to Engine
In order to support HA operations, eg restarting an instance, we
need to have full credentials in the engine. This patch passes
in the credential information into the engine and uses it to validate
the the user. A future patch will have this information stored in
database and associated with each stack. It also assigns the username
in the case of EC2 style authentication allowing us to support
per-user stacks with EC2 auth.
Change-Id: I4b92f83d4d10a2bfebd4ddedc8a4f53b3e1217fe Signed-off-by: Ian Main <imain@redhat.com>
Zane Bitter [Tue, 5 Jun 2012 10:07:37 +0000 (12:07 +0200)]
Fix parsing of metadata
I broke metadata in bece6593f00f8e096f045982673f85c67863b932 by no longer
updating the parsed template in the database. We need to resolve references
runtime data before storing the parsed template, because the metadata code
uses this directly.
Zane Bitter [Fri, 1 Jun 2012 08:50:15 +0000 (10:50 +0200)]
Refactor template resolution
Resolve functions in templates by making a copy of the data rather than
modifying the original. This means that e.g. a resource resolving functions
in its own template data does not result in changes to the data held by the
Stack.
This patch also refactors all of the template resolution methods to operate
using a common parsing algorithm to move through the tree.
Finally, the resources have been worked to load data as it is needed,
rather than requiring external code to put them into the correct state
before using them.
Zane Bitter [Thu, 31 May 2012 09:17:30 +0000 (11:17 +0200)]
Don't use sys.exc_value
sys.exc_value has been deprecated since Python 1.5, and is not thread-safe.
The replacement is sys.exc_info(), but in this case we don't need even that
since we have the exception in question available.
Zane Bitter [Thu, 31 May 2012 09:17:30 +0000 (11:17 +0200)]
Get list properties working again
The CloudFormation documentation is very confusing on this point.
'CommaDelimitedList' is one of the data types that are valid for a
Parameter (the others are 'String' and 'Number'). A CommaDelimitedList
parameter takes the form of a string where the list members are delimted by
commas:
"item1,item2,item3"
However the documentation also uses the phrase "Comma Delimited List" to
refer to the type of some Resource Properties that are, in fact, simply
lists:
[ "item1" , "item2" , "item3" ]
...as if there were *another* way to represent lists. (Note that the
items here need not be strings, and in fact are usually objects of some
variety.)
So we need a different data type to represent the latter. (This patch
changes the name from 'TupleList' to just 'List', since the actual Python
sequence type is just an implementation detail.) In future, we should
probably also verify that only the 3 valid Parameter types are used, and
perhaps that list Properties contain only objects of the correct type.
Ian Main [Tue, 29 May 2012 21:09:57 +0000 (14:09 -0700)]
Authentication Overhaul
This patch updates the authentication system set up in heat:
- We now authenticate against the 'heat' service at the entry
point to each api call in the engine.
- We are now using the 'Context' class to contain the authentication
information as intended.
- The two context classes are unified and we now use the same one
for both WSGI and RPC. This is the intended design as the
context is loaded by the WSGI middleware and then passed into the
RPC methods.
- We are now doing token authentication in the API that works with
both native keystone and AWS style authentication. That token is
then passed on to the engine for further authentication for various
endpoints.
Note that the heat-api-paste.ini file requires updating in order for
this to work on your system. Admin user and password must be set
properly in the authtoken section in order to perform token based
authentication.
I suspect there will be a few bugs in here yet. This is just part of
the authentication/identification changes we need to make but I wanted
to get this in so we could continue to work with a boto based client.
Change-Id: Ib635ecd3088304e8d51d8e1fc31a8b1bf751caf3 Signed-off-by: Ian Main <imain@redhat.com>
Angus Salkeld [Fri, 25 May 2012 09:24:29 +0000 (19:24 +1000)]
Add the basic cloudwatch feature
Fix watch db tables and silly programming errors.
get basic posting data to metadata server working
add watch_rule_get_all()
check for alarms in a periodic task
delete watch_data when the rule is deleted
add a last_evaluated field to the watch_rule
remove unused option to watch_data_get
take better account of the sample period.
- still much to be done here (evaluation periods).
add some useful stats to cfn-push-stats
fix how the metric is accessed
fix a divide by zero
Jeff Peeler [Wed, 23 May 2012 20:13:00 +0000 (16:13 -0400)]
Add functional test to verify jeos and stack ops
(Tox.ini has been modified to only run tests tagged with 'unit'
to prevent this test from running with unit tests.)
This test requires an OpenStack install present and will not run on
StackForge. This test creates a JEOS, waits for glance registration,
detects key registered with keystone, creates stack, and verifies over
SSH that:
- cfn helper script SHAs match tree
- verifies presence of wordpress
- verifies expected user data is present in multipart mime file
closes #112
Change-Id: I22a0dfe41986d466ac689c050fc33585e3e6229e Signed-off-by: Jeff Peeler <jpeeler@redhat.com>
Steven Dake [Wed, 23 May 2012 14:42:19 +0000 (07:42 -0700)]
Only run cfn-init once
cloud-config-final.service (atleast in Fedora 16) runs the user scripts. So
there is no need to run them in cloud-config.service (which this file is processed
by).
May need a revisit on deb based systems.
Change-Id: Ib7c3d56a50bcdc4ea68626e1d57a28a4ec70e1b4 Signed-off-by: Steven Dake <sdake@redhat.com>
Code Review / openstack-build / heat-build.git / log