Ian Main [Tue, 29 May 2012 21:09:57 +0000 (14:09 -0700)]
Authentication Overhaul
This patch updates the authentication system set up in heat:
- We now authenticate against the 'heat' service at the entry
point to each api call in the engine.
- We are now using the 'Context' class to contain the authentication
information as intended.
- The two context classes are unified and we now use the same one
for both WSGI and RPC. This is the intended design as the
context is loaded by the WSGI middleware and then passed into the
RPC methods.
- We are now doing token authentication in the API that works with
both native keystone and AWS style authentication. That token is
then passed on to the engine for further authentication for various
endpoints.
Note that the heat-api-paste.ini file requires updating in order for
this to work on your system. Admin user and password must be set
properly in the authtoken section in order to perform token based
authentication.
I suspect there will be a few bugs in here yet. This is just part of
the authentication/identification changes we need to make but I wanted
to get this in so we could continue to work with a boto based client.
Change-Id: Ib635ecd3088304e8d51d8e1fc31a8b1bf751caf3 Signed-off-by: Ian Main <imain@redhat.com>
Angus Salkeld [Fri, 25 May 2012 09:24:29 +0000 (19:24 +1000)]
Add the basic cloudwatch feature
Fix watch db tables and silly programming errors.
get basic posting data to metadata server working
add watch_rule_get_all()
check for alarms in a periodic task
delete watch_data when the rule is deleted
add a last_evaluated field to the watch_rule
remove unused option to watch_data_get
take better account of the sample period.
- still much to be done here (evaluation periods).
add some useful stats to cfn-push-stats
fix how the metric is accessed
fix a divide by zero
Jeff Peeler [Wed, 23 May 2012 20:13:00 +0000 (16:13 -0400)]
Add functional test to verify jeos and stack ops
(Tox.ini has been modified to only run tests tagged with 'unit'
to prevent this test from running with unit tests.)
This test requires an OpenStack install present and will not run on
StackForge. This test creates a JEOS, waits for glance registration,
detects key registered with keystone, creates stack, and verifies over
SSH that:
- cfn helper script SHAs match tree
- verifies presence of wordpress
- verifies expected user data is present in multipart mime file
closes #112
Change-Id: I22a0dfe41986d466ac689c050fc33585e3e6229e Signed-off-by: Jeff Peeler <jpeeler@redhat.com>
Steven Dake [Wed, 23 May 2012 14:42:19 +0000 (07:42 -0700)]
Only run cfn-init once
cloud-config-final.service (atleast in Fedora 16) runs the user scripts. So
there is no need to run them in cloud-config.service (which this file is processed
by).
May need a revisit on deb based systems.
Change-Id: Ib7c3d56a50bcdc4ea68626e1d57a28a4ec70e1b4 Signed-off-by: Steven Dake <sdake@redhat.com>
Chris Alfonso [Mon, 21 May 2012 18:50:54 +0000 (14:50 -0400)]
Fixing _decompress to handle bundled and compressed
The api call to os.path.splitext returns the root and the ext;
however, for a .tar.gz the ext would just be the .gz, which meant
there was no handler for a file with a .gz extension.
Zane Bitter [Mon, 21 May 2012 18:18:33 +0000 (20:18 +0200)]
Fix problem with updating parsed template in DB
The parsed template would not always be updated correctly when the actual
template object had not changed (only the contents). This change forces an
update by making a copy.
Zane Bitter [Mon, 21 May 2012 12:53:03 +0000 (14:53 +0200)]
Improvements to uninstall script
- Kill only the specific heat processes we want (heat-api and heat-engine).
- Remove installations wherever they may be located.
- More robust handling of input.
Zane Bitter [Fri, 18 May 2012 12:02:39 +0000 (14:02 +0200)]
Delete networks when erasing OpenStack
This is required to remove any network interfaces created using nova. If
these are left behind they prevent a new installation of OpenStack
re-adding them.
Zane Bitter [Tue, 15 May 2012 13:03:38 +0000 (15:03 +0200)]
Report errors when resource creation fails
In order for the Stack creation to fail, resources must raise an exception
when their creation fails. The Stack's create code will set the resource
state appropriately; resources should not silently do it themselves.
Zane Bitter [Tue, 15 May 2012 09:42:37 +0000 (11:42 +0200)]
Modify command names for consistency
Replace 'events_list' with 'event-list' and 'jeos_create' with
'jeos-create'. This makes things consistent with the conventions of
OpenStack projects. The old versions will continue to work for now.
Zane Bitter [Mon, 14 May 2012 15:56:33 +0000 (17:56 +0200)]
Make 'heat help' show a list of commands
Previously we just printed an error message about not specifying a command
to get help about, and no hint about how to work out which commands even
existed.
Zane Bitter [Fri, 11 May 2012 16:54:38 +0000 (18:54 +0200)]
Add Getting Started guide to repo
Convert the Getting Started wiki page to ReStructuredText format and add it
to the repository. Also add a script that will extract the shell commands
from the document and run them, so we can use it as an integration test.
The script can be run using the command:
> bash -c "$(./tools/rst2script.sed docs/GettingStarted.rst)"
Chris Alfonso [Thu, 10 May 2012 19:31:31 +0000 (15:31 -0400)]
Allowed the database call to return no parsed template.
The database impl was raising an exception if no parsed template
exists. The logic that was looking up the parsed template
expects None to be returned if the template isn't stored.
Chris Alfonso [Thu, 10 May 2012 19:02:46 +0000 (15:02 -0400)]
Adding a deepcopy of the template before stack create validation
Calling stack.validate will modify the stack's template, which
we don't want to do. We just want to validate the template and move
on with an already parsed template.
Code Review / openstack-build / heat-build.git / log