File bnc869696-admin_password_injection.patch of Package openstack-dashboard
From 4c523bc5ae643d220545933a9fcc897aace365da Mon Sep 17 00:00:00 2001
From: Kieran Spear <kispear@gmail.com>
Date: Wed, 13 Nov 2013 15:01:43 +1100
Subject: [PATCH] Add option to disable server password fields
Not many hypervisors support setting a server admin password via Nova.
This change adds an item to OPENSTACK_HYPERVISOR_FEATURES called
'can_set_password' that controls whether password settings fields
are displayed in the UI.
Change-Id: I03399c171b2b7cbf756292cee283419d6235461f
Closes-bug: #1250713
(cherry picked from commit e4288adbf1d0cec5067ee9a7db816b8cbda43f85)
Conflicts:
doc/source/topics/settings.rst
openstack_dashboard/dashboards/project/instances/tests.py
Change-Id: I3d49da36fe6a5034ca006170dce964e2046c4cab
---
doc/source/topics/settings.rst | 5 +++-
openstack_dashboard/api/nova.py | 5 ++++
.../dashboards/project/instances/forms.py | 4 ++++
.../instances/templates/instances/_rebuild.html | 2 ++
.../dashboards/project/instances/tests.py | 28 ++++++++++++++++++++--
.../dashboards/project/instances/views.py | 1 +
.../project/instances/workflows/create_instance.py | 6 +++++
.../local/local_settings.py.example | 1 +
openstack_dashboard/test/settings.py | 1 +
9 files changed, 50 insertions(+), 3 deletions(-)
diff --git a/doc/source/topics/settings.rst b/doc/source/topics/settings.rst
index 1f5eeea..b613644 100644
--- a/doc/source/topics/settings.rst
+++ b/doc/source/topics/settings.rst
@@ -204,7 +204,7 @@ If Keystone has been configured to use LDAP as the auth backend then set
``OPENSTACK_HYPERVISOR_FEATURES``
---------------------------------
-Default: ``{'can_set_mount_point': True, 'can_encrypt_volumes': False}``
+Default: ``{'can_set_mount_point': True, 'can_encrypt_volumes': False, True, 'can_set_password': True }``
A dictionary containing settings which can be used to identify the
capabilities of the hypervisor for Nova.
@@ -217,6 +217,9 @@ In the Havana release, there will be a feature for encrypted volumes
which will be controlled by the ``can_encrypt_volumes``. Setting it to ``True``
in the Grizzly release will have no effect.
+Setting ``can_set_password`` to ``False`` will remove the option to set
+an administrator password when launching or rebuilding an instance.
+
``OPENSTACK_NEUTRON_NETWORK``
-----------------------------
diff --git a/openstack_dashboard/api/nova.py b/openstack_dashboard/api/nova.py
index 1d6e763..4e6f404 100644
--- a/openstack_dashboard/api/nova.py
+++ b/openstack_dashboard/api/nova.py
@@ -697,3 +697,8 @@ def extension_supported(extension_name, request):
if extension.name == extension_name:
return True
return False
+
+
+def can_set_server_password():
+ features = getattr(settings, 'OPENSTACK_HYPERVISOR_FEATURES', {})
+ return features.get('can_set_password', True)
diff --git a/openstack_dashboard/dashboards/project/instances/forms.py b/openstack_dashboard/dashboards/project/instances/forms.py
index b8afdf7..133e62e 100644
--- a/openstack_dashboard/dashboards/project/instances/forms.py
+++ b/openstack_dashboard/dashboards/project/instances/forms.py
@@ -63,6 +63,10 @@ class RebuildInstanceForm(forms.SelfHandlingForm):
choices.insert(0, ("", _("No images available.")))
self.fields['image'].choices = choices
+ if not api.nova.can_set_server_password():
+ del self.fields['password']
+ del self.fields['confirm_password']
+
def clean(self):
cleaned_data = super(RebuildInstanceForm, self).clean()
if 'password' in cleaned_data:
diff --git a/openstack_dashboard/dashboards/project/instances/templates/instances/_rebuild.html b/openstack_dashboard/dashboards/project/instances/templates/instances/_rebuild.html
index 3749c39..14fcb7e 100644
--- a/openstack_dashboard/dashboards/project/instances/templates/instances/_rebuild.html
+++ b/openstack_dashboard/dashboards/project/instances/templates/instances/_rebuild.html
@@ -17,7 +17,9 @@
<div class="right">
<h3>{% trans "Description" %}:</h3>
<p>{% trans "Select the image to rebuild your instance." %}</p>
+ {% if can_set_server_password %}
<p>{% trans "You may optionally set a password on the rebuilt instance." %}</p>
+ {% endif %}
</div>
{% endblock %}
diff --git a/openstack_dashboard/dashboards/project/instances/tests.py b/openstack_dashboard/dashboards/project/instances/tests.py
index b2b066f..960638e 100644
--- a/openstack_dashboard/dashboards/project/instances/tests.py
+++ b/openstack_dashboard/dashboards/project/instances/tests.py
@@ -22,6 +22,7 @@ import uuid
from django.core.urlresolvers import reverse # noqa
from django import http
+from django.test import utils as test_utils
from django.utils.datastructures import SortedDict # noqa
from django.utils.http import urlencode # noqa
@@ -978,7 +979,8 @@ class InstanceTests(test.TestCase):
'profile_list',),
api.glance: ('image_list_detailed',)})
def test_launch_instance_get(self,
- block_device_mapping_v2=True):
+ block_device_mapping_v2=True,
+ expect_password_fields=True):
image = self.images.first()
api.nova.extension_supported('BlockDeviceMappingV2Boot',
@@ -1042,12 +1044,23 @@ class InstanceTests(test.TestCase):
'<SetNetwork: setnetworkaction>',
'<PostCreationStep: customizeaction>'])
+ password_field_label = 'Admin Pass'
+ if expect_password_fields:
+ self.assertContains(res, password_field_label)
+ else:
+ self.assertNotContains(res, password_field_label)
+
boot_from_image_field_label = 'Boot from image (creates a new volume).'
if block_device_mapping_v2:
self.assertContains(res, boot_from_image_field_label)
else:
self.assertNotContains(res, boot_from_image_field_label)
+ @test_utils.override_settings(
+ OPENSTACK_HYPERVISOR_FEATURES={'can_set_password': False})
+ def test_launch_instance_get_without_password(self):
+ self.test_launch_instance_get(expect_password_fields=False)
+
def test_launch_instance_get_no_block_device_mapping_v2_supported(self):
self.test_launch_instance_get(block_device_mapping_v2=False)
@@ -2033,7 +2046,7 @@ class InstanceTests(test.TestCase):
self.assertRedirectsNoFollow(res, INDEX_URL)
@test.create_stubs({api.glance: ('image_list_detailed',)})
- def test_rebuild_instance_get(self):
+ def test_rebuild_instance_get(self, expect_password_fields=True):
server = self.servers.first()
api.glance.image_list_detailed(IsA(http.HttpRequest),
filters={'is_public': True,
@@ -2051,6 +2064,17 @@ class InstanceTests(test.TestCase):
self.assertTemplateUsed(res, 'project/instances/rebuild.html')
+ password_field_label = 'Rebuild Password'
+ if expect_password_fields:
+ self.assertContains(res, password_field_label)
+ else:
+ self.assertNotContains(res, password_field_label)
+
+ @test_utils.override_settings(
+ OPENSTACK_HYPERVISOR_FEATURES={'can_set_password': False})
+ def test_rebuild_instance_get_without_set_password(self):
+ self.test_rebuild_instance_get(expect_password_fields=False)
+
def _instance_rebuild_post(self, server_id, image_id,
password=None, confirm_password=None):
form_data = {'instance_id': server_id,
diff --git a/openstack_dashboard/dashboards/project/instances/views.py b/openstack_dashboard/dashboards/project/instances/views.py
index cebc5c0..7d618ed 100644
--- a/openstack_dashboard/dashboards/project/instances/views.py
+++ b/openstack_dashboard/dashboards/project/instances/views.py
@@ -207,6 +207,7 @@ class RebuildView(forms.ModalFormView):
def get_context_data(self, **kwargs):
context = super(RebuildView, self).get_context_data(**kwargs)
context['instance_id'] = self.kwargs['instance_id']
+ context['can_set_server_password'] = api.nova.can_set_server_password()
return context
def get_initial(self):
diff --git a/openstack_dashboard/dashboards/project/instances/workflows/create_instance.py b/openstack_dashboard/dashboards/project/instances/workflows/create_instance.py
index a3eedfc..b068d90 100644
--- a/openstack_dashboard/dashboards/project/instances/workflows/create_instance.py
+++ b/openstack_dashboard/dashboards/project/instances/workflows/create_instance.py
@@ -412,6 +412,12 @@ class SetAccessControlsAction(workflows.Action):
help_text = _("Control access to your instance via keypairs, "
"security groups, and other mechanisms.")
+ def __init__(self, request, *args, **kwargs):
+ super(SetAccessControlsAction, self).__init__(request, *args, **kwargs)
+ if not api.nova.can_set_server_password():
+ del self.fields['admin_pass']
+ del self.fields['confirm_admin_pass']
+
def populate_keypair_choices(self, request, context):
try:
keypairs = api.nova.keypair_list(request)
diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example
index a1a8474..42a87a9 100644
--- a/openstack_dashboard/local/local_settings.py.example
+++ b/openstack_dashboard/local/local_settings.py.example
@@ -151,6 +151,7 @@ OPENSTACK_KEYSTONE_BACKEND = {
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': True,
+ 'can_set_password': True,
}
# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
diff --git a/openstack_dashboard/test/settings.py b/openstack_dashboard/test/settings.py
index 627f4f2..b14d483 100644
--- a/openstack_dashboard/test/settings.py
+++ b/openstack_dashboard/test/settings.py
@@ -108,6 +108,7 @@ OPENSTACK_NEUTRON_NETWORK = {
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': True,
+ 'can_set_password': True,
}
OPENSTACK_IMAGE_BACKEND = {
--
1.8.4.5
