[openstack-dev] [Ceilometer] Question on decorators in Ceilometer pecan framework

2014-08-08 Thread Pendergrass, Eric
Hi, We have been struggling to get a decorator working for proposed new RBAC functionality in ceilometer-api. We're hitting a problem where GET request query parameters are mucked up by our decorator. Here's an example call: curl -H X-Auth-Token:$TOKEN

Re: [openstack-dev] [Ceilometer] Question on decorators in Ceilometer pecan framework

2014-08-08 Thread Pendergrass, Eric
Sorry, wrong BP review link below. Here is the correct one: https://review.openstack.org/#/c/112127/3. Please disregard the wiki link. From: Pendergrass, Eric Sent: Friday, August 08, 2014 6:50 AM To: openstack-dev@lists.openstack.org Cc: Giannetti, Fabio Subject: [Ceilometer] Question

Re: [openstack-dev] [Ceilometer] Question on decorators in Ceilometer pecan framework

2014-08-08 Thread Pendergrass, Eric
Wrong link again, this is embarrassing :( https://review.openstack.org/#/c/112137/3 From: Pendergrass, Eric Sent: Friday, August 08, 2014 7:15 AM To: openstack-dev@lists.openstack.org Subject: RE: [Ceilometer] Question on decorators in Ceilometer pecan framework Sorry, wrong BP review link

Re: [openstack-dev] [Ceilometer] Question on decorators in Ceilometer pecan framework

2014-08-08 Thread Pendergrass, Eric
From: David Stanek [mailto:dsta...@dstanek.com] Sent: Friday, August 08, 2014 7:25 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Ceilometer] Question on decorators in Ceilometer pecan framework It looks like maybe WSME or Pecan is

[openstack-dev] [Ceilometer] Way to get wrapped method's name/class using Pecan secure decorators?

2014-08-12 Thread Pendergrass, Eric
Hi, I'm trying to use the built in secure decorator in Pecan for access control, and I'ld like to get the name of the method that is wrapped from within the decorator. For instance, if I'm wrapping MetersController.get_all with an @secure decorator, is there a way for the decorator code to

Re: [openstack-dev] [Ceilometer] Way to get wrapped method's name/class using Pecan secure decorators?

2014-08-12 Thread Pendergrass, Eric
import state state.controller On 08/12/14 04:08 PM, Pendergrass, Eric wrote: Hi, I'm trying to use the built in secure decorator in Pecan for access control, and I'ld like to get the name of the method that is wrapped from within the decorator. For instance, if I'm wrapping

Re: [openstack-dev] [Ceilometer] Way to get wrapped method's name/class using Pecan secure decorators?

2014-08-12 Thread Pendergrass, Eric
by, is there a way for the decorator code to know it was called by MetersController.get_all On 08/12/14 04:46 PM, Pendergrass, Eric wrote: Thanks Ryan, but for some reason the controller attribute is None: (Pdb) from pecan.core import state (Pdb) state.__dict__ {'hooks

Re: [openstack-dev] [Ceilometer] Way to get wrapped method's name/class using Pecan secure decorators?

2014-08-14 Thread Pendergrass, Eric
`, we'd probably need to add a feature to pecan. On 08/12/14 06:38 PM, Pendergrass, Eric wrote: Sure, here's the decorated method from v2.py: class MetersController(rest.RestController): Works on meters. @pecan.expose() def _lookup(self, meter_name

Re: [openstack-dev] [Ceilometer] Way to get wrapped method's name/class using Pecan secure decorators?

2014-08-20 Thread Pendergrass, Eric
work. On 08/14/14 04:38 PM, Pendergrass, Eric wrote: Sure, Doug. We want the ability to selectively apply policies to certain Ceilometer API methods based on user/tenant roles. For example, we want to restrict the ability to execute Alarm deletes to admins and user/tenants who have

[openstack-dev] [Ceilometer] Ceilometer API RBAC enhancement proposal (work in progress)

2014-08-20 Thread Pendergrass, Eric
To anyone who's interested, we're working on a proposal and implementation of a fine-grained v3 compatible RBAC scheme for the API. The WIP spec change is here: https://review.openstack.org/#/c/112137/ I realize this will need to move from Juno to Kilo because it won't make Juno. And the code

[openstack-dev] [Ceilometer] Add a filter between auth_token and v2

2014-01-08 Thread Pendergrass, Eric
I need to add an additional layer of authorization between auth_token and the reporting API. I know it's as simple as creating a WSGI element and adding it to the pipeline. Examining the code I haven't figured out where to begin doing this. I'm not using Apache and mod_wsgi, just the

[openstack-dev] [Ceilometer] Compute meter names prefaced by instance:

2013-12-06 Thread Pendergrass, Eric
Hi, I've been out for nearly 3 weeks and noticed Compute meter names are now prefaced by instance: http://docs.openstack.org/developer/ceilometer/measurements.html Not sure when this happened but I was wondering if the change applies across all OpenStack. Will Nova use the change for

[openstack-dev] [Keystone] Removed admin role from admin user/tenant, can't add back

2014-07-24 Thread Pendergrass, Eric
In an effort to test ceilometer roles I removed the admin role from the admin tenant and user. Now I can't add it back since I don't have a user/tenant combo with the admin role: keystone user-role-add --role e4252b63c308470b8cb7f77c37d27632 --user 8c678720fb5b4e3bb18dee222d7d7933 --tenant

[openstack-dev] [Ceilometer] Error running ceilometer tox tests

2014-04-28 Thread Pendergrass, Eric
Hi, I pulled devstack yesterday and have been trying to get any test to run successfully. My process is this: Install tox =1.6,1.7 Install libmysqlclient-dev Install mongodb-server Source .tox/py27/bin/activate Install test-requuirements packages in venv Install pytidylib 0.2.1 from

[openstack-dev] [qa] Debugging tox tests with pdb?

2014-05-07 Thread Pendergrass, Eric
Hi, I've read much of the documentation around Openstack tests, tox, and testr. All I've found indicates debugging can be done, but only by running the entire test suite. I'd like the ability to run a single test module with pdb.set_trace() breakpoints inserted, then step through the test.

[openstack-dev] Ceilometer: Proposal to add resource_metadata to reporting Meter object

2013-06-26 Thread Pendergrass, Eric
Our group would like to have resource_metadata available on the Meter object (currently it's not there). The reason is so we may supply additional customized attributes associated with a Meter. Examples include other timestamp values, a project owner, and processing status. Currently, to get

[openstack-dev] [Ceilometer]How to change Keystone properties

2013-06-26 Thread Pendergrass, Eric
I've been editing /etc/ceilometer/ceilometer.conf trying to change the keystone provider: [keystone] auth_host=some host auth_port=35357 auth_protocol=https auth_uri=https://some host:35357 admin_user=user admin_password=some password Tracing throught auth_token.py, I see none of the

[openstack-dev] [Ceilometer] Disable keystone authorization in ceilometer-api?

2013-07-10 Thread Pendergrass, Eric
Does anyone know how to disable keystone authorization in ceilometer-api? Is there a ceilometer.conf option for this? Thank you smime.p7s Description: S/MIME cryptographic signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org

[openstack-dev] [Ceilometer] Allow multiple projects (tenants) in the received kwargs for v2 queries

2013-09-17 Thread Pendergrass, Eric
I'm implementing a role based access control system where I'll use a list of projects to determine which projects a user can query. This project list will come from an upstream filter based on roles associated with the user's auth token. In the current v2/meters/meter_id (Sample) code, the