The new library is already supported in django 3.2 and gives us better
support for IPv6 addresses and encrypted connections.
Also, the same library is being used by all other OpenStack projects.
Depends-on: https://review.opendev.org/c/openstack/devstack/+/898302
Closes-Bug: #2039225
Change-Id: I964ac4d0d62dff4c1f7c1f1373763fbf23024269
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: Id594011ff45e988de1131a4b6a20dd440f60fffe
This patch adds support for MFA TOTP on openstack dashboard.
A new configuration variable OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED
was added false by default.
If enabled, users needing TOTP are prompted with a new form.
keystone doc: https://docs.openstack.org/keystone/latest/admin/auth-totp.html
Demonstration video : https://youtu.be/prDJJdFoMpM
Change-Id: I1047102a379c8a900a5e6840096bb671da4fd2ff
Blueprint: #totp-support
Closes-Bug: #2030477
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: I67e1b0cdf5a78258b41edbdd31e46d1bbc92173f
The final revision of I86ac21bf82c1667135abd4f20fb4514da0899450 is buggy
and doesn't work.
This commit fixes it and adds a proper test.
Also, this commit updates the docs with a proper horizon version that
corresponds to Zed release (the feature was introduced before final Zed
cut so the author tried to guess the final release number).
Change-Id: Id921b69df13af3cc209236f0446d82dd30e4d8a2
This is follow-up of I8438bedaf7cead452fc499e484d23690b48894d9 and
ensures the OPENSTACK_ENDPOINT_TYPE parameter is used when
OPENSTACK_KEYSTONE_ENDPOINT_TYPE is not set. This avoids backward-
incompatible change which affects deployments with endpoint type set
to non-default values.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I94d2d3e31fc0103773fb5d3ed2f5f792e8851f78
The [1] changed the previous behavior of Horizon by
changing the hardcoded internal endpoint type to using
OPENSTACK_ENDPOINT_TYPE so it's no longer possible to use
internal endpoint type for Keystone but public for others.
This adds the OPENSTACK_KEYSTONE_ENDPOINT_TYPE config opt
to set the endpoint type for Keystone when grabbing it from
the service catalog.
[1] https://review.opendev.org/c/openstack/horizon/+/730781
Change-Id: I8438bedaf7cead452fc499e484d23690b48894d9
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I5ab71b2a53a7b18b719c4561cd0a48c3ef6ab5e4
This patch adds a tab for cinder user messages for volume backups.
Cinder user messages show error details for cinder resources like if we
are unable to create a volume backup due to some failure in cinder it
will show us the reason for failure.
It also updates project and admin SnapshotDetailsTabs to use
DetailTabsGroup instead of TabGroup to improve top padding.
Also adds the fail_reason in the detail view, if backup errored.
Related-Bug https://bugs.launchpad.net/cinder/+bug/1978729
Change-Id: I4e639211043270e814fac489f915588af03f966a
The new setting should allow an administrator to specify default user_data
for new VMs. The default user_data can be a string template that accepts
request object which has info about the user, so the default user_data can
be personalized.
Change-Id: I86ac21bf82c1667135abd4f20fb4514da0899450
The new settings ``LAUNCH_INSTANCE_DEFAULTS.enable_metadata`` and
``LAUNCH_INSTANCE_DEFAULTS.enable_net_ports`` allow to hide Metadata and
Network Ports tabs from launch instance workflow.
It is implemented in the similar way to existing enable_scheduler_hints
setting and doesn't change default behaviour
Change-Id: I3d1ae5ab6cee614dd2c400f66570e320efbe6100
As discussed in the horizon meetings or in horizon PTG sessions,
horizon team agreed to deprecate django version of Images, Keypair
and Roles panel as we think that feature gaps between the two
implementations have been closed. Let's mark the Django version as
deprecated for all these panels and gather more attention
from operators.
Change-Id: I965f9dbdd5e78b52a788f73b359c1c6fbc18637e
keystone does not distinguish public and admin endpoints since
Train [1], so there is no need to use a separate endpoint for
keystone admin operations. admin endpoint still can be configured
but there is no functional difference anymore from other endpoints.
We do not need to require admin endpoint and can use an endpoint
specified by OPENSTACK_ENDPOINT_TYPE for all API operations.
This commit reverts commit f9bab3fe195eb13635aa70cb910d94df98d66cf3
as we no longer need the workaround.
[1] https://review.opendev.org/c/openstack/keystone/+/664246
Closes-Bug: #1950659
Change-Id: I2660fd2df8081e1d2d9c84626037f94bd9d137a5
Add file to the reno documentation build to show release notes for
stable/yoga.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.
Sem-Ver: feature
Change-Id: I3b552201ec02221ffefd0dce0d99327a020fccee
Since not all services are ready to use the system scope token,
we need a way to disable and enable the use of system scope
token on a per-service basis. This setting let us configure
which services should use the system scope token. By default
the list is empty and system scope token is not used at all.
Change-Id: I5e0cdc7288221571f183a37b800c19dc4cff5707
Previously, ToggleSuspend class checked 'os-rescue' policy for resuming
an instance. To align to resume operation, this fix changes to
'os-suspend-server:resume'.
Closes-Bug: #1963652
Change-Id: If6386ecdb81fb1f0d88dab447ee81c251b9857b7
The Multiple Simultaneous Logins Control is a feature designed
for securing Horizon dashboard sessions. The default Horizon
configuration allows the same user to login several times
(e.g. different browsers) simultaneously, that is, the same user
can have more than one active session for Horizon dashboard. When
there is the need to control the active sessions that one user can
have simultaneously, it will be possible to configure the Horizon dashboard
to disallow more than one active session per user. When multiple simultaneously
sessions are disabled, the most recent authenticated session will be considered
the valid one and the previous session will be invalidated.
The following manual tests encompass both simulteaneous session control
configuration: 'allow' and 'disconnect' and were verified with this code
change before submitting it:
Test Plan:
PASS: Verify that a user is able to login to Horizon dashboard (when
configuration is 'disconnect')
PASS: Verify that a user is able to start a second Horizon dashboard
session and the first session is finished (when configuration is
'disconnect')
Failure Path:
PASS: Verify that when a user fails to authenticate a second Horizon
dashboard session the first session stills active (when configuration is
'disconnect')
Regression:
PASS: Verify that a user is able to login to Horizon dashboard (when
configuration is default: 'allow')
PASS: Verify that a user is able to start multiple simultaneous Horizon
dashboard sessions (when configuration is default: 'allow')
Implements: blueprint handle-multiple-login-sessions-from-same-user-in-horizon
Signed-off-by: Hugo Brito <hugo.brito@windriver.com>
Co-authored-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I8462aa98398dd8f27fe24d911c9bfaa7f303eb93