Tomas Sedovic [Tue, 19 Jun 2012 12:54:27 +0000 (14:54 +0200)]
Make the describe-resource API calls user-aware
Fixes #143
The stack retrieval DB calls were already fixed in previous commits but
there was still one query (resource_get_by_physical_resource_id) that
would return any resource, not just the ones owned the user.
Angus Salkeld [Wed, 20 Jun 2012 11:24:44 +0000 (21:24 +1000)]
Make the saving cfn-signaling more reliable
1) The metadata saved in manager.py was not always showing up
in the db (from wait_condition.py)
2) Reuse a little method in parser.py to retrieve the parsed_template
db entry (and store the parsed_template_id).
Steven Hardy [Mon, 18 Jun 2012 10:30:50 +0000 (11:30 +0100)]
heat api/engine : Reworked approach to aligning with AWS date format
Modifies heat internal default date-string representation to match AWS spec
Note heat.common.utils.strtime default format loses sub-second precision
Avoids having to regex mangle datetime string format
ref #125
Change-Id: I1347e82b1c3ccac5eac7c85858cf8009723547c2 Signed-off-by: Steven Hardy <shardy@redhat.com>
Steven Hardy [Sat, 16 Jun 2012 07:39:10 +0000 (08:39 +0100)]
heat API : Align time format with AWS spec
- Reformat ListStacks/DescribeStacks responses to align time format with AWS spec
- Remove duplicate member tags in DescribeStacks (now handled by XMLResponseSerializer)
ref #125
Change-Id: Ib001acba591dba52f3f56052427d2b298d781ea0 Signed-off-by: Steven Hardy <shardy@redhat.com>
Zane Bitter [Sun, 17 Jun 2012 14:05:57 +0000 (16:05 +0200)]
Move parsing of parameters out of template parser
The format of the params received by the manager is a property of the Heat
API protocol, not of the template, so it makes sense not to have the parser
extracting the template parameter data from them. This simplifies the
implementation of #123 (Nested Stacks).
Zane Bitter [Sun, 17 Jun 2012 14:05:57 +0000 (16:05 +0200)]
Get stacks from the DB by either name or id
This code was previously misleading, as it appeared to get stacks by id,
but actually got them by name. This patch adds a separate API, so
get_stack() gets the stack by id and get_stack_by_name() gets it by name.
Zane Bitter [Fri, 15 Jun 2012 14:19:08 +0000 (16:19 +0200)]
Fix latest DB migration script
Unfortunately, as long as the user_creds_id column is not nullable the
script will still fail if there is data in the database. However with this
patch it is at least left in a recoverable state. Also, downgrades now
work.
Zane Bitter [Tue, 12 Jun 2012 14:23:35 +0000 (16:23 +0200)]
Raise NotFound exceptions from database
Raise a specific exception (NotFound) if something is not found in the
database. Then we can match on this exception, rather than searching the
error message (which effectively makes the text of error messages part of
the API).
Zane Bitter [Tue, 5 Jun 2012 07:46:10 +0000 (09:46 +0200)]
Tidy up Resource creation and deletion
Most of this code is common between resources, so put it in the parent
Resource class and have subclasses provide handle_create()/handle_delete()
methods for all their extra needs.
Ian Main [Fri, 15 Jun 2012 00:46:12 +0000 (17:46 -0700)]
Add a user creds database table and associate stacks with username.
This patch takes the credentials passed in from the context and allows
you to store them in the database in the 'user_creds' table for later
use with HA operations. It also adds a 'username' to the stack table
for direct comparison and user validation to support per-user stacks.
Steven Hardy [Wed, 13 Jun 2012 14:45:46 +0000 (15:45 +0100)]
heat API : return response body as XML not JSON
AWS API returns response as XML, this implements a new response serializer which
turns dicts returned from the engine into AWS style XML responses. Ref #125.
Updated following review comment.
Change-Id: I8170ed814be0b5cea98761a2723e12be216374a3 Signed-off-by: Steven Hardy <shardy@redhat.com>
Ian Main [Tue, 12 Jun 2012 23:37:26 +0000 (16:37 -0700)]
Pass Full Credentials to Engine
In order to support HA operations, eg restarting an instance, we
need to have full credentials in the engine. This patch passes
in the credential information into the engine and uses it to validate
the the user. A future patch will have this information stored in
database and associated with each stack. It also assigns the username
in the case of EC2 style authentication allowing us to support
per-user stacks with EC2 auth.
Change-Id: I4b92f83d4d10a2bfebd4ddedc8a4f53b3e1217fe Signed-off-by: Ian Main <imain@redhat.com>
Zane Bitter [Tue, 5 Jun 2012 10:07:37 +0000 (12:07 +0200)]
Fix parsing of metadata
I broke metadata in bece6593f00f8e096f045982673f85c67863b932 by no longer
updating the parsed template in the database. We need to resolve references
runtime data before storing the parsed template, because the metadata code
uses this directly.
Zane Bitter [Fri, 1 Jun 2012 08:50:15 +0000 (10:50 +0200)]
Refactor template resolution
Resolve functions in templates by making a copy of the data rather than
modifying the original. This means that e.g. a resource resolving functions
in its own template data does not result in changes to the data held by the
Stack.
This patch also refactors all of the template resolution methods to operate
using a common parsing algorithm to move through the tree.
Finally, the resources have been worked to load data as it is needed,
rather than requiring external code to put them into the correct state
before using them.
Zane Bitter [Thu, 31 May 2012 09:17:30 +0000 (11:17 +0200)]
Don't use sys.exc_value
sys.exc_value has been deprecated since Python 1.5, and is not thread-safe.
The replacement is sys.exc_info(), but in this case we don't need even that
since we have the exception in question available.
Zane Bitter [Thu, 31 May 2012 09:17:30 +0000 (11:17 +0200)]
Get list properties working again
The CloudFormation documentation is very confusing on this point.
'CommaDelimitedList' is one of the data types that are valid for a
Parameter (the others are 'String' and 'Number'). A CommaDelimitedList
parameter takes the form of a string where the list members are delimted by
commas:
"item1,item2,item3"
However the documentation also uses the phrase "Comma Delimited List" to
refer to the type of some Resource Properties that are, in fact, simply
lists:
[ "item1" , "item2" , "item3" ]
...as if there were *another* way to represent lists. (Note that the
items here need not be strings, and in fact are usually objects of some
variety.)
So we need a different data type to represent the latter. (This patch
changes the name from 'TupleList' to just 'List', since the actual Python
sequence type is just an implementation detail.) In future, we should
probably also verify that only the 3 valid Parameter types are used, and
perhaps that list Properties contain only objects of the correct type.
Ian Main [Tue, 29 May 2012 21:09:57 +0000 (14:09 -0700)]
Authentication Overhaul
This patch updates the authentication system set up in heat:
- We now authenticate against the 'heat' service at the entry
point to each api call in the engine.
- We are now using the 'Context' class to contain the authentication
information as intended.
- The two context classes are unified and we now use the same one
for both WSGI and RPC. This is the intended design as the
context is loaded by the WSGI middleware and then passed into the
RPC methods.
- We are now doing token authentication in the API that works with
both native keystone and AWS style authentication. That token is
then passed on to the engine for further authentication for various
endpoints.
Note that the heat-api-paste.ini file requires updating in order for
this to work on your system. Admin user and password must be set
properly in the authtoken section in order to perform token based
authentication.
I suspect there will be a few bugs in here yet. This is just part of
the authentication/identification changes we need to make but I wanted
to get this in so we could continue to work with a boto based client.
Change-Id: Ib635ecd3088304e8d51d8e1fc31a8b1bf751caf3 Signed-off-by: Ian Main <imain@redhat.com>
Code Review / openstack-build / heat-build.git / log