Add support for stateful attribute of security groups,
using --stateful and --no-stateful flag on security group.
This allows a user to create security groups with stateful
false.
Change-Id: Ifd20b5fc47fd0ea0bb5aeda84820dcc0fb1e8847
Blueprint: stateless-security-groups
Depends-On: https://review.opendev.org/711513/
The '--hint' option for 'server create' expects a key-value pair like so:
openstack server create --hint group=245e1dfe-2d0e-4139-80a9-fce124948896 ...
However, the command doesn't complain if this isn't the case, meaning
typos like the below aren't indicated to the user:
openstack server create --hint 245e1dfe-2d0e-4139-80a9-fce124948896
Due to how we'd implemented this here, this ultimately results in us
POSTing the following as part of the body to 'os-servers':
{
...
"OS-SCH-HNT:scheduler_hints": {
"245e1dfe-2d0e-4139-80a9-fce124948896": null
}
...
}
Which is unfortunately allowed and ignored by nova due to the use of
'additionalProperties' in the schema [1]
Do what we do for loads of other options and explicitly fail on invalid
values. This involves adding a new argparse action since none of those
defined in osc-lib work for us. This is included here to ease
backporting of the fix but will be moved to osc-lib in a future patch.
[1] https://github.com/openstack/nova/blob/19.0.0/nova/api/openstack/compute/schemas/servers.py#L142-L146
Change-Id: I9e96d2978912c8dfeadae4a782c481a17cd7e348
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Story: #2006628
Task: #36840
Related-Bug: #1845322
This commit introduces the --access-rules option for 'application
credential create' as well as new 'access rule' commands for listing,
showing, and deleting access rules.
bp whitelist-extension-for-app-creds
Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa
We had this library capped at a release that is a few years old. Now
that we have dropped py2 testing, we can pick up the latest version.
This uncovered a few things to clean up. Mostly the fact that mock is
now a part of the StdLib unittest since Python 3.3.
Change-Id: I27484dd4c25378413ff16e97a35a1a46062357bc
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
1. As mentioned in [1], we should avoid using six.iteritems to achieve
iterators. We can use dict.items instead, as it will return iterators
in PY3 as well. And dict.items/keys will more readable.
2. In py2, the performance about list should be negligible,
see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I4b9edb326444264c0f6c4ad281acaac356a07e85
Implements: blueprint replace-iteritems-with-items
This patch removes using the "name" option for a marker when
--deleted is also used. The find_resource() function
that is being called does not correctly handle using the marker
as the "name" in the search when also using deleted=True.
One simple way to fix this is force the marker to only be an ID
when --deleted is used. This is how the nova client works.
Using the --deleted option is available to users with the admin
role by default. If you're an admin listing --deleted servers
with a marker by name, find_resource() is going to fail to find
it since it doesn't apply the --deleted filter to find_resource().
The find_resource() function is trying to find the marker server
by name if it's not found by id, and to find it by name it's
listing servers with the given marker as the name, but not
applying the --deleted filter so it doesn't get back any results.
In the story it was suggested modifying find_resource to include
the deleted query param when it's specified on the command line but
that didn't work because it still results in something like this:
http://192.168.1.123/compute/v2.1/servers?deleted=True&name=4cecd49f-bc25-4a7e-826e-4aea6f9267d9
It seems like there are bugs in find_resource().
Restricting the marker to be the server ID when listing deleted servers
is probably OK since if you're using --deleted you're an admin and you could
be listing across all projects and if you're filtering by a server across all
projects anyway (not that you have to, I'm just saying if you are), or even
showing a server in another project, you have to do it by id rather than name
because find_resource() won't find the server in another project by name, only ID.
story: 2006761
Task: 37258
Change-Id: Ib878982b1d469212ca3483dcfaf407a8e1d2b417
For negative tests that are asserting an argparse failure
it would be useful to assert the specific reason for the
failure in the test rather than just getting an exception,
especially to avoid false positives in the tests when what
is being tested and failing isn't the actual expected reason
for the failure.
This wraps the check_parser code that parses the args and
mocks sys.stderr so we can trap that output and put it in the
exception message that gets raised to the test.
As a result, we can tighten up a test that was passing before
for the wrong reason [1].
[1] https://review.opendev.org/#/c/673725/12/openstackclient/tests/unit/compute/v2/test_server.py@605
Change-Id: I0f1dc1215bdfb3eba98ccaf66a0041d220b93812
Added ``--disable-delete-on-termination`` and
``--enable-delete-on-termination`` options to the
``openstack server add volume`` command that enables users to mark
whether to delete the attached volume when the server is destroyed.
Depends-On: https://review.opendev.org/#/c/681267/
Part of blueprint support-delete-on-termination-in-server-attach-volume
Change-Id: I6b5cd54b82a1135335a71b9768a1a2c2012f755b
Until now-ish Volume v3 has been a pass-through to v2. In order
to prepare to make the Volume v3 commands stand-alone copy the
v2 functional tests to v3.
This is the first of a series of reviews to completely separate
Volume v2 and v3 commands. Once these are split we can begin to
implement v3 microversion support and/or start using the
OpenStack SDK as the REST library.
Change-Id: Iefd78d8ef6bb851d7360596337a88ee8f8476767
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
While investigating the referenced story/bug I noticed that
wait_for_status in
openstackclient.tests.functional.compute.v2.test_aggregate.AggregateTests
was doing a lot more than it should ever need to (it probably got copied
in from somewhere). The two places calling it only need to a) check the
output of `openstack aggregate show`, and b) try once -- since they just
got done creating the aggregate synchronously, there should never be a
need to delay/retry. So this commit removes the helper method and just
inlines the check.
At the same time, the addCleanup(aggregate delete) directives are moved
above their respective creates. This is a defensive best practice which
makes sure cleanup happens even if something fails very soon after the
actual back-end create (as was in fact the case with the referenced
bug/story).
It is unknown whether this will impact the referenced bug.
Change-Id: I0d7432f13642fbccd5ca79da9c76adfcbabb5fa9
Story: 2006811
Related-Bug: #1851391
python-novaclient 16.0.0 removed the deprecated
list_extensions module [1] so this changes the
extensions command to use openstacksdk to get the
compute API extensions.
The functional test ExtensionTests.test_extension_list_compute
ensures this works.
[1] https://review.opendev.org/686516/
Change-Id: I9894bc395c0474aaa6494ac4534862efe4ea7984
Story: #2006769
Task: #37284
Fix various things so the functional tests will work under python3:
- A hashlib.md5() can only be update()d with an encoded string in py3.
- There's no dict.iteritems(), change to dict.items() (which is already
an iterator).
- Open temp files with 'w+' mode rather than the default 'w+b' (as an
alternative to encoding all the write and expected-read payloads as
bytes).
- (This is a weird one) Explicitly raise SkipTest from unittest (rather
than unittest2, which is where cls.skipException landed). Not sure why
this is busted, but this moves the ball.
Change-Id: Ic9b2b47848a600e87a3674289ae7ae8c3e091fee
AggregateTests.wait_for_status() was a classmethod, those often
are sources of conflict in parallel testing...
Change-Id: I6211fd9c36926ca97de51a11923933d4d9d2dfda
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
This patch adds a new parameter ``--availability-zone`` to
``openstack server unshelve`` command. This can help users to specify
an ``availability_zone`` to unshelve a shelve offloaded server from
2.77 microversion.
Depends-On: https://review.opendev.org/679295
Implements: blueprint support-specifying-az-when-restore-shelved-server
Change-Id: Ia431e27c2a17fe16466707cc362532860ecf22df
This patch introduces a new option --parent into project list,
to specify a parent project to filter projects which has
the given project as their parent.
Depends-on: https://review.opendev.org/#/c/677101
Change-Id: I6725262cf040e0ec6ceca9cf0462ce59224049c6
Multiple subnets with the same name are occasionally created when
running tests in parallel.
Change-Id: Ifb85e39ee53b529e2b97abf782c7fba93d48e9e2
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
Add following commands:
floating ip port forwarding create
floating ip port forwarding delete
floating ip port forwarding list
floating ip port forwarding set
floating ip port forwarding show
Closes-Bug: #1811352
Change-Id: I6a5642e8acce28fc830410d4fa3180597b862761
Pick up newer versions of this library. Thankfully no serious changes
are needed.
Change-Id: I69e523844529fc1c8aa0c1ce764182dbe29cfeb6
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The token_endpoint was a compatibility auth type to maintain support
for the --url global option that dated back to the beginning of
OpenStack CLI auth. The common keystoneauth library implements
'admin_token' which provides the same functionality using
--endpoint rather than --url.
Change-Id: I1b9fbb96e447889a41b705324725a2ffc8ecfd9f
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
Rename metadata to property in all aggregate commands
Beef up functional tests to reduce street racing
Change-Id: I4598da73b85a954f3e6a3981db21891b45d9548c
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
Add these tests before hacking on the global args and removing
the compatibility stuff so we can clearly see what actually changes.
Change-Id: Ic86c89da1475b4914ff7cb2396199cd219a12097
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
Change the functional test TestCase.openstack() method to add a
way to not include the --os-auth-type option in order to test the
default auth-type logic.
Change-Id: I0f1ca2f7517a41278afaad5aaf4e98accb16bea2
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
This adds a --boot-from-volume option to the server create
command which is used with the --image or --image-property
option and will create a volume-backed server from the
specified image with the specified size. Similar to the
--volume option, the created root volume will not be deleted
when the server is deleted. The --boot-from-volume option
is not allowed with the --volume option since they both create
a block device mapping with boot_index=0.
Change-Id: I88c590361cb232c1df7b5bb010dcea307080d34c
Story: 2006302
Task: 36017
The --block-device-mapping option on the server create
command currently only supports booting from volume and
volume snapshot. A common boot-from-volume scenario is
providing an image and letting nova orchestrate the
creation of the image-backed volume and attaching it to
the server.
This adds support for type=image in the --block-device-mapping
option. The volume size is required in this case. Note that
the CLI currently says if type=snapshot that size is also required
but that's technically not true. When booting from a volume
snapshot, the compute API will use the size of the volume snapshot
to create the volume if an explicit size is not provided. For the
purposes of this patch, we need the size anyway for the image
being the block device mapping source type.
Change-Id: I57b3c261d8309f7b9f62a3e91612bce592a887a3
Story: 2006302
Task: 36016
With compute API microversion 2.53 there is a single
PUT /os-services/{service_id} API which takes the service
id as a UUID. Since the openstack compute service set
command only takes --host and --service (binary) to identify
the service, this change checks if 2.53 or greater is being
used and if so, looks up the service by host and binary and
calls the appropriate methods in novaclient.
If the command cannot uniquely identify a compute service
with the given host and binary, an error is raised. A future
change could add an --id option to be used with 2.53+ to
pass the service id (as UUID) directly to avoid the host/binary
filtering.
Change-Id: I868e0868e8eb17e7e34eef3d2d58dceedd29c2b0
Story: 2005349
Task: 30302
These are currently exposed as flags on the 'openstack server resize'
command but they are in fact operation and should be exposed as commands
in their own right.
The old flag-based variants are deprecated for removal in 4.0.
Change-Id: I733796d3bda6c3755a3d3548bbe695abb474a6a0
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The configuration show should not require auth to just display the
OSC config object. Changes to make it not require auth have
knock-on effects of needing to change a bunch of tests that use it
assuming it _does_ require auth so change those to use 'extension list'
instead.
This sets up further testing of the command line options for changes
in behaviour when we switch to straight SDK usage for configuration.
Change-Id: I6c52485341214ba401064c0f2d1e2b95fdc225c0
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
neutron create-port API has extra_dhcp_opts parameter, this parameter
can set port with special extra dhcp options.
Change-Id: I199f17e95c509a33f809ac85c65f685a37acd198
Adds the --host and --hypervisor-hostname options to
``openstack server create`` CLI.
Depends-On: https://review.opendev.org/670558
Change-Id: If188c3d96fa506dbe62ef256418f2f9bca1520c2
Blueprint: add-host-and-hypervisor-hostname-flag-to-create-server
When adding a security group rule, if no IP address is given
we will use '0.0.0.0/0', but if the ethertype is IPv6 we will
leave it as None. Change this to be '::/0' to match what we
do for IPv4 - use the "any" address. The neutron server
treats them both the same when checking for duplicates.
Because there are most likely entries in the DB using None
for the IP, print them as '0.0.0.0/0' or '::/0' so it is more
obvious what address they are actually referring to.
Also change to display the Ethertype column by default
instead of with --long, since easily knowing IPv4 or IPv6
is useful.
Change-Id: Ic396fc23caa66b6b0034c5d30b27c6ed499de5a6
Closes-bug: #1735575
When the --name-lookup-one-by-one option passed to the 'server list'
command, the image and flavor names will be looked up for each
server being listed instead of fetching all image/flavor names.
The current code assumes all servers have an image attribute, but
servers booted from volumes have no image, so the following error is
raised when listing BFV servers with --name-lookup-one-by-one:
AttributeError: ('unicode'|'str') object has no attribute 'get'
The error occurs when the code attempts server.image.get('id').
This fixes the --name-lookup-one-by-one code not to assume an image
for a server. The unit tests for 'server list' have also been
robustified to feature one BFV server to enhance our test coverage.
Story: #2006063
Task: #34777
Change-Id: I312c971346c7ded93f6fcaa515098554b8580295
