With change[1], the validation check for volume type during service
startup happens for single store also. (previously only for multi store).
This introduced an additional call to get_cinderclient failing assert
in test_migrate_image_after_upgrade.
Similar code changes can cause future failures on glance gate and the code
changes doesn't exist in glance. To address this, this patch loosens
up the strict checking on call count for every method and just verifies
it was called.
[1] https://review.opendev.org/c/openstack/glance_store/+/774703
Closes-Bug: #1916011
Change-Id: I8852bb02732845c145cca9483b0b33e0a9d73d9e
The enforce scope script should bounce the glance API after setting
configuration values for scope enforcement, not keystone.
Change-Id: Ia6c556be679f9cd81f9920ff33fa089b79afde10
This patch adds functional tests for cinder multiple stores[1] legacy
image migration and new image create.
NOTE: This has been proposed separately as it has a dependency on a
glance-store change[2] which will require a new release of glance-store
to reflect changes on the gate.
[1] https://review.opendev.org/#/c/748039
[2] https://review.opendev.org/#/c/750131
Depends-On: https://review.opendev.org/#/c/750131
Change-Id: I2a3a99bd27db1c72d49b36b87e073e0b97fc874d
This commit adds a devstack/plugin.sh script so that we can invoke it
from devstack. This is useful for deploying glance in particular ways we
need to test, like with new policy defaults for API protection testing.
Change-Id: I28c2d4701750bbd94c3f0ed106569091bea020b3
policy sample file with all the default rules
commented out is missing in glance doc which can be
used for reference or when few rules needs to
be overriden (and keep all other default rule commented
out).
Change-Id: I0cc461f7061358389186ac4751f6e037e1bf6dc7
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.
Also convert the ./glance/tests/etc/policy.json to policy.yaml
file. Replace policy.json to policy.yaml ref from doc and tests.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Depends-On: https://review.opendev.org/c/openstack/nova/+/773192
Change-Id: I17d0374dd4223688e5f95253802a4ae87377953a
Now that glance is using properties in the os_glance namespace for
internal purposes, we should exclude the counting of these from the
enforced image property quota.
Change-Id: I5fbe5eb12fd34e054137732a02c4cc5b687e7c77
Related-Bug: #1912001
This adds a general mechanism for reserving property names that start
with os_glance. This has been done informally already, but no
enforcement was performed, except for specific keys on update. As a
result, banning these keys from create, for example, was missed and
users are able to set these keys during an POST /images operation.
Depends-On: https://review.opendev.org/c/openstack/nova/+/771234
Change-Id: I31b4dae018d52ead773db25472013d783066ee17
Closes-Bug: #1912001
This adds some words to the api-ref doc, as well as a release note
about the blanket reservation of os_glance* properties.
Change-Id: I0cd6f35296a647fdb1f2cb44a688b34c0382c556
Related-Bug: #1912001
When either CONF.enabled_backends or CONF.glance_store.stores is set to
None (which may happen if they are not actually specified in the config
file), a TypeError is raised. Fix this and add tests.
Change-Id: I670f6db96998c8a2cec5d16fbca9f01857b866da
Closes-Bug: #1911700
This was a typo (by me) in the original implementation, but since
nothing was testing DELETE calls, it was never noticed.
Change-Id: I81f9d0a53493a1b9793bdaae082093f30df6e032
The ImageImportLocking test class has some useful helper functions
that are general enough to be used elsewhere. This moves those
to the SynchronousAPIBase test class.
Change-Id: Idbc6ab16ecac2eb9c83c58432f98414d68e16a52
Image v1 API and glance-registry has been removed from Glance.
This patch removes all descriptions about these 2 items, since they
are no longer available.
Change-Id: Ic72921523f73dcae5e9c443a55edecb710b2d251
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.
md5 is allowed when in a non-security context. There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added to
oslo_utils. See https://review.opendev.org/#/c/750031/
This patch is to replace the instances of hashlib.md5() with this new
encapsulation, adding an annotation indicating whether the usage is
a security context or not.
Reviewers need to pay particular attention as to whether the keyword
parameter (usedforsecurity) is set correctly.
It looks like the usage of md5() here is solely to determine a checksum
of an image.
With this patch and the dependent patch for glance_store, all the
unit and functional tests pass on a FIPS enabled system.
Depends-On: https://review.opendev.org/#/c/756157
Depends-On: https://review.opendev.org/#/c/760160
Change-Id: I3b6d78d9792d4655bf0f4989cf82aced3f27491b
This option was deprecated in the Ussuri release by change
I0f61f85a0aaa4f68e345fa08fbb6b039d3d32587 and it is now eligible
for removal following the standard OpenStack deprecation policy.
Change-Id: I78ec79f97bfdcc39772448296140f8d8f35adea1
Devstack is switching the default glance operational model back to pure-WSGI
mode for parity with the rest of the services. This adjusts our jobs to fit
with that so that we're testing the default, but also the standalone case.
After this change, we end up with the following for the vanilla devstack
jobs:
- The "-import" job, which takes the devstack default of WSGI mode,
with all the tweaks required for import to be enabled. It configures
import conversion to raw, metadata injection, and confirms that with a
post-run check for that metadata.
- The "-import-standalone" job, which inherits all the behaviors from
the job above, but configures glance in standalone mode.
Depends-On: https://review.opendev.org/#/c/742884
Change-Id: Ia3fb8aba83bbd7a1399aef136ce8857b14d08435
Add file to the reno documentation build to show release notes for
stable/victoria.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/victoria.
Change-Id: Ic5e63e7094f931e7ba21becdb8e785a761ebc822
Sem-Ver: feature
If import flow fail before reaching the end it never execute
the _DeleteFromFS task and the node_staging_uri is never cleaned up.
Implement the revert() function of the _WebDownload task to remove the
temporary file.
Change-Id: I6dd6a6e2a95a5bd17a80b6256852bb9fac5fa339
Co-Authored-By: Grégoire Unbekandt <gregoire.unbekandt@gmail.com>
Co-Authored-By: Abhishek Kekane <akekane@redhat.com>
Closes-Bug: #1795950
If the downloaded data size is different from the expected one, the
task "web-download" in the image import process will now fail.
Change-Id: Ie260486d795a6f4af1632f6f3708abc92fb47a3a
Closes-Bug: #1895663