In order to reduce the load on the database backend, only lazy-load
a node's ports, portgroups, volume_connectors, and volume_targets.
With the power-sync as the main user, this change should reduce the
number of DB operations by two thirds roughly.
Change-Id: Id9a9a53156f7fd866d93569347a81e27c6f0673c
It is possible that an interface has both IPv4 and IPv6 addresses,
primarily when using SLAAC with OpenStack Neutron. When this is
the case, it is very likely that the first fixed IP would be a
SLAAC assigned port and the second IP is the IPv4 address.
In an environment where you are looking to boot via IPv4, no DHCPv6
infrastructure exists as IPv6 connectivity is provided via SLAAC,
you would not be able to use this network to boot off of.
This patch instead grabs all the fixed IP addresses, then inserts
the options that match the IP versions which are attached to the
interface, potentially resulting in both IPv4 and IPv6 options
being included (though the IPv6 ones would be largely omitted).
In environments where only IPv4 or IPv6 is in use on the port, it
will still only insert the options for those specific IP versions.
Story #2008660
Task #41933
Change-Id: I52e4ee022b17cb7f007534cb368136567b139a34
No longer explicit handle secure boot in PXE/iPXE derivatives since it's
now handled there.
Change-Id: I13b1d53578285b7171bfadb53bb2a7f69e7b53e3
Story: #2008270
Task: #41567
This patch proposes initial tests to perform validations in relation
to supporting project scope access in a deployment where system scope
is also delineated.
For now, these tests have been disabled with the exception of tests
whose scopes are unexpected to see project scope support.
* conductors
* drivers
* chassis
* deploy_templates
Change-Id: I29c2ea987464b5b210808d9ca806292b8ab2ddf4
One of the default role names in the RBAC model with system and
project scopes is reader. Reader replaces observer, and while this
was not done earlier to the tests in system scope was because it is
better to evolve the tests being able to run individual groups with
the same name as opposed to different names.
Change-Id: I57bab93adaf7e562c4c46febd612e1f27ea50bfa
This commit updates the policies for baremetal deploy template policies to
understand scope checking and account for a read-only role. This is part of a
broader series of changes across OpenStack to provide a consistent RBAC
experience and improve security.
Change-Id: I1d1d1bdae0171c44e122018a8a83b35dbb093c39
This commit updates the policies for baremetal event policies to understand
scope checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC experience and
improve security.
Change-Id: I9543b0524f2e85eae0d4fd4331ea1ed9a66322d8
Changed permission defaults for changing the node owner of a node
and disabling cleaning to be system administrator based privilges.
This was review feedback in the very final review jam of the change,
which was agreed upon.
Change-Id: I5b0e609be1bfe90bbe76782e0544f7943b0c12a9
This commit updates the policies for baremetal allocation policies to
understand scope checking and account for a read-only role. This is part of a
broader series of changes across OpenStack to provide a consistent RBAC
experience and improve security.
Change-Id: I1cb3a7e885710c19f20df63b83beaa787ffa3bc3
This commit updates the policies for baremetal conductor policies to understand
scope checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC experience and
improve security.
Change-Id: I331f46092405ffd399ad45ba4ccb6dc7639051e5
This commit updates the policies for baremetal volume policies to understand
scope checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC experience and
improve security.
Change-Id: I361a6410f5825b2dc97b50586475a4fa8e0f0f1f
This commit updates the policies for baremetal utility policies to understand
scope checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC experience and
improve security.
Also adds duplicate Heartbeat and Lookup test classes with the middleware
scope enforcement enabled and enforced, to ensure that we do not adversely
impact these special API endpoints.
Change-Id: I89176b3adf1489e12493c62b908bf135c912e017
