755 Commits

Author SHA1 Message Date
Zuul
2f6e3bc578 Merge "Make some metadef operations admin-only" 2021-03-17 18:08:04 +00:00
Dan Smith
cf94c9aab2 Fix a typo in contributor docs
This just makes a trivial typo fix in the minor-code-changes doc.

Change-Id: If0093316c393b09ed4d936d2625b2d27024bfdbc
Co-Authored-By: Abhishek Kekane <akekane@redhat.com>
2021-03-15 11:26:44 -07:00
Abhishek Kekane
f8551de8c9 Make some metadef operations admin-only
This restricts all metadef resource manipulation to admin-only, but
still allow users to see everything. There are multiple low-grade
security issues with the metadef API, detailed in the related bug.
Restricting resource manipulation to admin-only solves most of these
concerns.

SecurityImpact
Depends-On: https://review.opendev.org/c/openstack/tempest/+/780108
Change-Id: I333c58e73c202c1f523030e54e03f2868459b595
Related-Bug: #1916926
2021-03-15 07:59:05 -07:00
Zuul
66281f0dbf Merge "Cleanup remaining tenant terminology in glance API docs" 2021-03-04 19:43:32 +00:00
Dan Smith
d8a6309893 Add administrator docs for distributed-import
This adds some text to the documentation about configuring the import
mechanism, including details about shared vs. local staging
directories. It also clarifies that *all* import methods require the
staging directory to be configured, as well as cleans up some
single-store-specific wording in this area.

Related to blueprint distributed-image-import

Change-Id: I726abe5d1104510e8da0e94f90f2b36d43b82cbe
2021-03-03 06:37:29 -08:00
Lance Bragstad
7d8aa54c75 Cleanup remaining tenant terminology in glance API docs
This commit addresses follow-on concerns from:

  https://review.opendev.org/c/openstack/glance/+/763920

Change-Id: I1785da0a791691c08b299e74c02b0c576477d88e
2021-02-12 00:05:27 +00:00
Cyril Roelandt
7839ab0925 Remove unused option "owner_is_tenant"
This option has been deprecated since Rocky.

Change-Id: I8edc957ad50ec28d80a06e76912f4226cea53562
2021-02-11 16:17:10 +01:00
Zuul
f2452863e7 Merge "[goal] Deprecate the JSON formatted policy file" 2021-02-03 14:45:20 +00:00
Zuul
5eca0f66db Merge "Add policy sample file in doc" 2021-02-02 17:12:25 +00:00
Ghanshyam Mann
0a9faeece4 Add policy sample file in doc
policy sample file with all the default rules
commented out is missing in glance doc which can be
used for reference or when few rules needs to
be overriden (and keep all other default rule commented
out).

Change-Id: I0cc461f7061358389186ac4751f6e037e1bf6dc7
2021-02-01 12:22:38 -06:00
Ghanshyam Mann
c107629f90 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:

1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.

2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.

Also convert the ./glance/tests/etc/policy.json to policy.yaml
file. Replace policy.json to policy.yaml ref from doc and tests.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-On: https://review.opendev.org/c/openstack/nova/+/773192
Change-Id: I17d0374dd4223688e5f95253802a4ae87377953a
2021-01-29 15:31:47 -08:00
Dan Smith
07951b095b Update docs and renos for os_glance reservation
This adds some words to the api-ref doc, as well as a release note
about the blanket reservation of os_glance* properties.

Change-Id: I0cd6f35296a647fdb1f2cb44a688b34c0382c556
Related-Bug: #1912001
2021-01-25 12:30:50 -08:00
Takashi Kajinami
81c6d4d678 [Doc] Remove description about v1 api and glance-registry
Image v1 API and glance-registry has been removed from Glance.
This patch removes all descriptions about these 2 items, since they
are no longer available.

Change-Id: Ic72921523f73dcae5e9c443a55edecb710b2d251
2020-12-17 17:26:06 +09:00
Brian Rosmaita
f102b74a28 Remove 'admin_role' option
This option was deprecated in the Ussuri release by change
I0f61f85a0aaa4f68e345fa08fbb6b039d3d32587 and it is now eligible
for removal following the standard OpenStack deprecation policy.

Change-Id: I78ec79f97bfdcc39772448296140f8d8f35adea1
2020-11-24 20:31:21 -05:00
Stephen Finucane
54a2231f17 docs: Remove cruft from 'conf.py'
Change-Id: Ie44453b647ce78a26246b8293794ebdec68fd120
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2020-09-17 17:21:55 +01:00
Stephen Finucane
d3d9982e66 docs: Convert table of image properties to definition list
This renders much flatter as is similar to what's used nowadays for
config options (via the 'oslo_config.sphinxext' extension)

Change-Id: If204d887ed0d65cfc5e75cc7739b0f8f59ce000f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2020-09-17 17:21:51 +01:00
Stephen Finucane
e1fe3024bb docs: Remove references to XenAPI driver
The XenAPI driver is dead. Let's hold the tissues and clear out
references from the documentation instead.

Change-Id: I6ec331cf7d2d1ded924893f707ed963027939754
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2020-09-17 17:09:17 +01:00
Abhishek Kekane
9bd06d24ac [Docs] Cinder multiple stores for glance
Change-Id: I1ec4d3f3f57f8a0576ea5ed09a289ab27882104b
2020-09-09 15:04:07 +00:00
Abhishek Kekane
52eaa56e40 [Doc] Policy support to copy unowned images
Change-Id: If0fd74d9f2eecb21153493457c58d767f12ffdeb
2020-07-27 16:54:01 +00:00
Erno Kuvaja
785eefcf78 Fix admin docs deplying under HTTPD
During Pike cycle there was efforts to deploy services under
Apache HTTPD. It became clear very quickly that Glance did not
operate properly when deployed as bare wsgi app under web
server but admin documentation was merged that indicated that
being somehow the preferred method. It was added to the doc
that in Pike release there was issues in these models.

There was never interest nor resources to fix the underlying
issues but the doc stayed in place indicating that those
issues could be only Pike related when they in matter of
fact has got even worse over the time. Due to the fact that
Glance is even more relying on eventlet than back then it's
time to clarify the docs and make clear it's not adviced
deployment model, it won't work and there is no itention
to change that.

Change-Id: I93dc7c999ff7a180e6b3ff760fa65328b9a883f3
Closes-Bug: #1887994
2020-07-20 11:15:16 +00:00
Erno Kuvaja
781da9354f Remove configs and entries for deprecated registry
Including removal of the example conf in docs.
Including glance-registry command entrypoint to eventlet.
Including rpc_controller from wsgi, changed to reject.
Not including the files devstack is depending on.

This change means that glance-registry starts and announces
that it has been removed.
This change means that when ran as wsgi app, all calls to
/rpc endpoint will be rejected.

This will allow devstack to make a graceful transition to
life without the glance registry, which was deprecated in
Newton release.

Change-Id: I7bf3284cba4c38605fb50b3c458e53f896f34086
2020-06-08 21:11:45 +01:00
Abhishek Kekane
f7b1631190 Exclude http store if --all-stores specified for import/copy operation
If operator has configured read-only 'http' store in multiple stores and while
importing or copying existing image in multiple stores if user has specified
--all-stores true then depending on `allow-failure`; if it is True then image
is imported/copied to other stores than http or if it is false then image can
not be imported/copied to other stores as well. Aslo, new image property
`os_glance_failed_imports` shows `http` as failed store.

Excluded `http` store from the list of stores for import/copying workflow
if user specifies --all-stores as True.

Change-Id: I2ad41022aa709491881e78129708da0ccc25f4f6
Closes-Bug: #1881958
2020-06-03 23:21:19 +00:00
Andreas Jaeger
03cb88a437 Switch to newer openstackdocstheme and reno versions
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems

Update Sphinx version as well.

Disable openstackdocs_auto_name to use 'project' variable as name.

Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.

Remove docs requirements from lower-constraints, they are not needed
during install or test but only for docs building.

openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.

See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html

Change-Id: Ib1796ac0c786c16bade68668f0d978ee71d29307
2020-05-30 16:56:09 +02:00
Dominic Schlegel
10f7130bcf fix typo in gerrit doc
Change-Id: I19bd52c949e146758d50a2732fdcc71a019b9228
2020-04-30 23:31:13 +02:00
khashf
bd16ab256e Add warning and note on image schema customization docs
An operator can modify /etc/schema-image.json to include arbitrary
properties (which was that file's original purpose) and assign them JSON
types other than 'string'. The type is enforced by image create/update
but an end-user making a call that sets a value on one of these gets a
500.

This patch add the following recommendations to the documentation:
- Value of `type` of each property in the JSON scheme must be `string`
- Do not delete items from the default schema-image.json file
- If operator's need is more complicated, suggest them using metadefs

Co-authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>

Change-Id: I879f4440a14b1e8420e230de84bfba5e0419a4d4
Closes-bug: #1856578
2020-04-15 09:16:30 -07:00
Zuul
fa18f745df Merge "Revise admin interoperable image import docs" 2020-04-14 14:45:47 +00:00
Zuul
8ccda62a21 Merge "Update 'common image properties' doc" 2020-04-14 14:45:44 +00:00
Abhishek Kekane
534dc9741a Ussuri final release notes
(Also hit a few lines in the docs affected by the heading-as-anchor
case sensitivity issue from Sphinx 3.0.0.)

Change-Id: Idc031028f6f78635c9836f9ef082f0eef632eb2f
2020-04-13 10:39:33 -04:00
Zuul
a14bd83f3e Merge "Do not decompress 'compressed' containers" 2020-04-09 11:40:16 +00:00
khashf
984e844c6a Update 'common image properties' doc
Update doc/source/user/common-image-properties.rst (live link [1]) to be
in sync with etc/schema-image.json

This patch does 2 actions:
1. Add the missing properties that are in etc/schema-image.json to
   the doc
2. Rearrange the order of appearance of properties in the doc to be
   the same as they appear in etc/schema-image.json

[1] docs.openstack.org/glance/latest/user/common-image-properties.html

Change-Id: I840f3cbeda28da8b02dd141fde582c9110aeb21e
Closes-bug: #1870336
2020-04-07 17:44:39 -07:00
Naohiro Sameshima
9e17151bdc Add description of how to use S3 driver
There is no description about S3 on the current page of Glance
Configuration Options Docs. So, add description which is required
to use the s3 driver.

Change-Id: I04373474f94537e2145f6acc30dded8cddc5ad3b
2020-04-07 19:46:32 +00:00
Zuul
2f2e118a58 Merge "Add Policy enforcement for several Metadata Definition delete APIs" 2020-04-07 19:29:26 +00:00
Erno Kuvaja
a2e0fb61e9 Do not decompress 'compressed' containers
Do not decompress the image if container_format is compressed

Change-Id: I913d9bf11479d2519f7887e42626e9e386d83d7a
2020-04-07 10:46:30 +01:00
Zuul
2d21685ee4 Merge "Remove all references to sheepdog" 2020-04-07 04:05:36 +00:00
khashf
30f821c624 Revise admin interoperable image import docs
This patch revises the documentation of the interoperable image import
feature available to admin operators to concisely describe Stein and
later releases.

Changes include:
- Remove enable_image_import option because it is no longer available
  since the release of Stein
- Simplify the language of the v1 API being deprecated

Change-Id: Ic155afd6de5b37a25743457e9a7ddd5a45dac4e8
Closes-Bug: #1808814
2020-04-06 15:43:21 -07:00
Sean McGinnis
d021dcc88d
Update uWSGI doc definition names
An update appears to have now made Sphinx definition titles case
insensitive, causing errors in our Apache wsgi docs where we define 'uwsgi'
the protocol and 'uWSGI' the project.

This change gets around those errors by appending 'protocol' and
'project' respectively to make the entries unique.

Change-Id: I7c1d57cf3181945c69397f870465f693b67efca2
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
2020-04-06 11:30:20 -05:00
Rick Bartra
d2cc0dc566 Add Policy enforcement for several Metadata Definition delete APIs
Several Metadata Definition delete APIs do not have RBAC. This
patchset add policy enforcment to the following APIs:

    - `Delete namespace`
    - `Delete object`
    - `Remove resource type association`
    - `Remove property definition`
    - `Delete tag definition`
    - `Delete all tag definitions`

The following actions are enforce and added to the policy.json:

    - `delete_metadef_namespace`
    - `delete_metadef_object`
    - `remove_metadef_resource_type_association`
    - `remove_metadef_property`
    - `delete_metadef_tag`
    - `delete_metadef_tags`

Most other APIs have policy enforcement, so the ones above should as
well. Without adding policy enforcement for the above APIs, all roles
can peform the delete APIs noted above.

Change-Id: I8cd6eb26b0d3401fa4667384c31e4c56d838d42b
Closes-Bug: #1782840
Co-Authored-By: julian.sy@att.com
2020-04-06 14:47:05 +00:00
Cyril Roelandt
772bae36ea Remove all references to sheepdog
The sheepdog driver has recently been removed from glance_store.

Change-Id: I58f0d20cadfae7a7df8b5dce6d8d4c66eaa2a148
2020-04-02 15:39:57 -05:00
Andreas Jaeger
89df136bc4 Update hacking and reenable local checks
Update to hacking 3.0.

Enable local hacking checks again, newer flake has a different
interface.

Remove hacking and friends from lower-constraints, they are not needed
for installation.

Unbreak docs:
Don't build apidocs for hacking - blacklist in doc/source/conf.py.

Change-Id: Ib230d72be9f0288d77cecd2c5ee0ff7aa91fc086
2020-04-02 18:00:44 +02:00
Andreas Jaeger
176d24de94 Cleanup old cruft
Make a few cleanups:
- Remove python 2.7 stanza from setup.py
- Update requirements: Remove sphinx, it's not needed for testing, add
  pygments which is really needed.
- Update doc/requirements: Remove python 2.7 support
- tox.ini: Remove testing of po files, the infra scripts do this since
  a long time
- Update conf.py, no need to import openstackdocstheme anymore.

Change-Id: I9d030eb450f2c7ae74c25b7564a01b8785503e5e
2020-03-28 08:18:01 +01:00
Erno Kuvaja
e0c5440819 Add decompression import plugin
Supported compression formats initially are:
* zip
* gzip
* lha/lzh _if_ lhafile is installed

Change-Id: Id125ebb5e8a9b22a8797d3158e60451d80bfaa14
2020-03-26 15:44:59 +00:00
Erno Kuvaja
f267bd6cde Add possibility to delete image from single store
This change introduces new 'v2/stores/<store_id>/<image_id>'
endpoint that accepts 'DELETE' method request. Once successful
the request will delete the image <image_id>'s location that
matches the store <store_id>. If the store is not read-only
or return image in use exception the image data will be
deleted. In the case of read-only store, the location will
be removed and if the image in use is raised, the call will
fail.

bp: delete-from-store

Co-authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>

Change-Id: I1cb45026489a96a283b82e8e7efc9975c181fceb
2020-03-13 14:46:13 +00:00
Abhishek Kekane
d6a56f7c10 Community Goal: Project PTL & Contrib Docs Update
This patch standardizes the CONTRIBUTING.rst file and adds the
required doc/source/contributor/contributing.rst

Change-Id: I3f7ee29094085f1abefacd75f44a16fb7e679a82
Story: #2007236
Task: #38523
2020-03-11 06:09:47 +00:00
Zuul
2f91ae61d2 Merge "Multiple import fails if "all_stores" specified as "true"" 2020-02-24 17:27:16 +00:00
Russell Tweed
517ff4fbe4 Document os_admin_user in Useful Image Properties
Add documentation of the os_admin_user property to the Useful Image Properties guide.

Change-Id: I10e1e738aeacc708350993f05d373eaa1293fd27
Closes-Bug: 1850412
2020-02-21 11:22:44 +00:00
Abhishek Kekane
d7de7ccbd6 Multiple import fails if "all_stores" specified as "true"
Newly added multiple import fails if user passes "all_stores" as "true"
in the request. The reason is if all_stores is specified then we are getting
stores using CONF.enabled_backends and unfortunately we are injecting
reserved stores 'os_glance_staging_store' and 'os_glance_tasks_store'
runtime. As a result import job tries to import the image in the
'os_glance_staging_store' store as well where it fails as that image
is already staged in this staging store.

Made a provision to exclude available reserved stores if "all_stores"
is specified.

Change-Id: If2616c275a969cdad5649e2cb0851275e5d0c7d2
Closes-Bug: #1863879
2020-02-19 12:03:58 +00:00
Ian Wienand
0035ab2538 Revert "Remove all example configs for deprecated registry"
This reverts commit 2a28696de9e18a3866631507739944ceb3460872.

Devstack still references a number of these files; revert until
devstack incorporates removal.

Change-Id: I1e90ceee1f87291668e447f180f37bb809763836
2020-02-14 14:30:44 +11:00
Erno Kuvaja
2a28696de9 Remove all example configs for deprecated registry
Including removal if the example conf in docs.

Change-Id: I00c77b8f7001d8fa0fde4083c2ee88c370c14a09
2020-02-13 15:33:50 +00:00
Abhishek Kekane
1754c9e2b0 Copy existing image in multiple stores
Added new import method 'copy-image' which will copy existing image into
specified list of stores. Introduced additional task which will serve
as internal plugin which will allow copying existing image into staging
area and then this data will be uploaded to specified stores via regula
import flow.

NOTE: This new import method 'copy-image' is only supported if multiple
stores are enabled in deployment.

APIImpact
Implements: blueprint copy-existing-image
Change-Id: I13eaab7ab013f44ce18465bdbdbe8052942570ff
2020-02-12 05:32:46 +00:00
Grégoire Unbekandt
92492cf504 Add ability to import image into multi-stores
The import image api now supports a list of stores to import data into.
This list can be specified through a new "stores" field that has been
added to the request body.
During import stage, Glance iterates overs this list and send the data
to each store one by one.
If an invalid backend is requested by the user, an exception is raised.
If an errors occurs during verify, already pushed data is removed and
image state is unchanged.

Change-Id: Id3ac19488c0a693d7042be4a3c83f3b9f12313d0
Implements: blueprint import-multi-stores
2020-02-10 09:39:01 +01:00