Updated pep8 requirements and fixed resulting
codes to fix broken pep8 job.
Updated docker image build process to use roles
to ensure docker rather than using manual docker
install process to fix broken ranger image job.
Co-Authored-By: Jeremy Houser <jeremyhouser@protonmail.com>
Co-Authored-By: Chi Lo <cl566n@att.com>
Change-Id: I28df0a27e4b354dd53c17fbb1a9468cb7ff5bc16
When CMS API call is made for either create and update customer, a
A new optional customer domain field is introduced for CMS API call
to create or update customer. The customer domain value will be used
by Rds to set the customer and users domain value when generating the
heat template. In the event customer domain is not provided by the
CMS API call, a default value will be retrieved from the config file.
Change-Id: I58dbae760d56b756b72c5d9eaf7c0b61cf193847
RMS can access database to verify if customer, flavor, and image
recources exist for a particular region. This avoids the need
to invoke an api call to CMS, FMS, and IMS services while these
services also making api call to RMS itself.
Change-Id: Ic64e848b03a8fd8f078162f59a148b2dfb3322df
When a user with a domain different than
the domain of the user authorizing heat
to create the resources that ranger defines
is added to a customer template, heat returns
stack validation as the user cannot be found
in the domain of the authorizing user.
Updated to check if use match auth user and
if not, use ranger conf domain as previous
Change-Id: I1406b61c695a5d9a3d94e732b95c2b683c94852b
Heat must have the domain of the user
in order to validate the user for role
assignment. Regardless of if roles are being
changed or assigned, heat always requires
and validates this data when heat receives
a project template. This work persists the user
domain when calls are made to CMS so that
RDS can add this data to project heat templates.
Change-Id: I5a8e72241e68dac730c3522d820a17d926fa3be8
Changed ranger rms authentication to use
auth of site in request rather than site
of the ranger region when authorizing
updating the site
Change-Id: I85899e319b47eb70b1a5569894097a21b57e92c0
This commit provides the following uuid management:
(1) Remove uuid record from database after the uuid owned by
a Ranger service (cms, fms, ims) resource is deleted.
(2) Remove stale uuid record from database when such
record is inadvertently created during unsuccessful Ranger
service resource creation.
(3) Add authentication for uuidgen service delete uuid API.
Change-Id: Ifebd68851ff6c0996e7b19d331f4dd99682bd7d2
RMS has three rules which were not included into
the top level policy.json. These rules have been
moved to the top level in order to fix 403 against
uuid server. RMS specific policy.json was not
pointed at by any code, so with this fix
the file has been removed.
Change-Id: I8bf507a6336b8b07885e3e11490f1324bf29c5d4
add_tenants logic:
a) allow add tenant only if flavor already assigned to region(s)
b) each tenant in the request will be validated against the
regions assigned to flavor - at least ONE tenant must
pass validation:
i. if NO tenant in tenant list is associated with any of the
regions assigned to the flavor, Ranger will reject the
request entirely and user will be prompted to submit new
request with valid tenants.
ii. only the tenants in tenant list that pass validation will
be kept in flavor tenant list; those that failed
validation will be DROPPED from the tenant list.
delete_region logic (only for flavors with tenants):
a) if a tenant is associated only with the deleted region, the
delete_region logic will delete the tenant from fms table
and the tenant is dropped from the tenant list.
However, if the tenant is associated with other regions still
assigned to the flavor, the tenant stays in the list.
Change-Id: I31935477733c8597741cf7c7c57350ab1e2b4452
When an image is created with a url that is in excess
of 240 characters, the transacations table in ranger
audit database throws error "sqlalchemy.exc.DataError:
(MySQLdb._exceptions.DataError) (1406, "Data too long
for column 'event_details' at row 1")". By removing
this url from the log, we prevent this error while
maintaining other important data. Also restored ranger
to allowed projects in ranger policy.json
Change-Id: I4af73beed9bd40054f8d1e7281bc6f9216fdd243
Added update statement which will update
old ranger deployment databases to add
ranger region domain name
Change-Id: If0020b8d3e9c5ff2cabfa5d8d6f9656806f2bc6c
Ranger region now includes a field which declares
which openstack domain a resource should be deployed
in. This change updates rds to create resources in
that domain via the heat template
Change-Id: I43144eb75a34661fae15399b9d32842d65327621
This patch removes RDS service call to retreive resource status by
CMS, FMS, and IMS Ranger services. These services retrieve the
status by accessing the resource status database directly.
Change-Id: I7695eb5dca697f3326fa2d19aa45681e4b5fc2ce
This patch also removed transaction id hooks when calling
RootController default get. As a result, uuids record will
not be created.
Change-Id: I2ca0be02256ec62c8f9d48266867cc44121c1c4b
Refactor ranger to allow domain
for resource deployment to be
defined in create region api call,
rather than only being retrieved
from ranger configuration.
Change-Id: I1b481c49d4402438c8aa91a8ebd8b6dbe797997b
Update orm script to fix the incorrect shebang interpreter.
Cleanup resource_status entry whenever delete region is executed
from cms (customer), fms (flavor), and ims (image).
Also remove unused programs from ranger.
Change-Id: Ie7b512db2f7d45d1c5beede709ab127d72283a5e
Current application of audit trail does
not allow for filenames of excess size.
This patchset doubles the allowed space
to allow for files with names of excess
length.
Change-Id: I4d064c67ecd0e77f6e280452eb8afd386445bb6c
policy.json will be updated to become
monolithic under orm/ directory, maintaining
all previous rules. Also update policy.json to
allow for ranger project as an authorized project
to use for authing through ranger. Also removes
unused git classes.
Change-Id: I547cb601318b507f759c264644c781743673be72
This patch fixes the search issue when listing customer with
multiple search criteria using metadata and user parameter as filter.
Change-Id: Ida44ea79df1d1a7186f939b1470f7da52d3cee23
Issue error message when tenant list in add_tenant request does not
contain any valid tenant for flavor already assigned to region(s).
Also update corresponding unit tests.
Change-Id: Iea81e812ba26038a06fbb80f7a7ca6d4274c3884
Remove previously-added foreign key in resource_status
table that causes issue with updating resource status table.
Also update resource_template_data table to include region field
and replace transaction_id with resource_id.
Modify RDS logic accordingly.
Change-Id: I71b61b0cfb76545058ef26c0117f007b6d6784d3
Fix for the issue where Ranger resource (CMS, FMS) create
request failing with 'group not found' error when it is
assigned with region group type.
Change-Id: Ibbd71148153d860dcff4a5512fd3277cb7b39d8c
Update Ranger to remove logic to stage heat template to git repo.
Instead, pass heat template directly to ranger-agent.
Added logic to create/update/delete heat template entry in rds database.
Remove git repo logic from ranger.
Ranger to pass token to ranger-agent for request authentication.
Reintroduce commit #693590 changes that were inadvertently removed.
Change-Id: If95076e8343bbb50a7231b74fd4a80906b2a0785
As of Stein, injected_files, injected_file_content_bytes,
and injected_path_content_bytes have been deprecated.
This patchset removes those variables.
Change-Id: I0a7fa6860a8f5573ae2435c3740c7fb4ec4bb54e
Fixes number of errors so that ranger json
sent to heat matches the parameters that heat
expects for resource allocation
Change-Id: I23d77923756fb7f86e311a6fea89cc7724d63b5b
Git push may fail when concurrent git pushes to code cloud occurs. This
patch provides retries capability when git push failed.
Change-Id: I6cab95cb4caf3bf914c47046a20007570ff634d0
