deNBI / perunKeystoneAdapter

Perun Keystone Adapter parses data propagated by Perun data and modifies a connected Keystone.
https://perunkeystoneadapter.readthedocs.io/en/latest/
Apache License 2.0
5 stars 0 forks source link

Feature/nested projects #25

Closed Be-El closed 5 years ago

Be-El commented 5 years ago

This large change set implements support for nested project and a complete quota support for nova, neutron and cinder.

To use it:

Example: python denbi/scripts/perun_propagation.py -q -v -v --role member --domain adapter_test -n test/resources/perun.tar.gz

Projects will be created as sub project of the project given by OS_PROJECT_NAME; they inherit the role assignment (-> user is also admin), and the accumulated quotas of sub projects may not exceed the parent project quota.

I've tested the change only in this setup; I did not perform any tests with cloud admin credentials or other setups. The code should work in these environments, too....but please test it before merging it!

I'll extend the branch with a documentation update later.

The test dataset in test/resources/perun.tar.gz is also extended to set a cinder and neutron quota.

pep8speaks commented 5 years ago

Hello @Be-El! Thanks for updating this PR. We checked the lines you've touched for PEP 8 issues, and found:

Line 235:181: E501 line too long (264 > 180 characters) Line 237:181: E501 line too long (182 > 180 characters)

Line 13:1: E302 expected 2 blank lines, found 1

Comment last updated at 2019-03-27 14:16:51 UTC
jkrue commented 5 years ago

Before merging this branch we have to make sure that it still works with with cloud-admin permissions, which is currently not that case. However in every case the unit tests must be adjusted to run successful with cloud-admin and domain-admin credentials. The tests can not run successfully in current state, since the idea to make as less api calls as possible is skipped. Anyway, I like the idea of a factory class for different services (nova, neutron and cinder) quotas as a very flexible solution, but then we have to adjust the tests.
Another import point is to update the documentation, testing the quota setting needs a full Openstack setup - the keystone-in-a-container solution will not work anymore.

Work to do (before merging):

I can do most of things, but need then some help when testing in a domain-admin environment

jkrue commented 5 years ago

@Be-El Could you check if the adapter still works with an domain-admin-account ? Thx

Be-El commented 5 years ago

Two fixes:

jkrue commented 5 years ago

@Be-El , @pbelmann I update the PR, improve documentation, logging and the example service. I fix also a bug setting the quotas. What's missing ?

I run the PKS from pr branch on our development cloud, it's working fine ;-)

What do you think, could we merge the pull request and open new issues for the missing parts?