Update cASO configuration for Ussuri onwards

alvarolopez · alvarolopez · commit 4f192e0404ee · 2021-10-29T12:40:23.000+02:00
Fixes #88
diff --git a/caso/messenger/ssm.py b/caso/messenger/ssm.py
@@ -59,6 +59,7 @@ def push_compute_message(self, queue, entries):
         message = "APEL-cloud-message: v%s\n" % self.compute_version
         aux = "%%\n".join(entries)
         message += "%s\n" % aux
+        message = message.encode("utf-8")
         queue.add(message)
 
     def push_ip_message(self, queue, entries):
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
@@ -39,26 +39,31 @@ In order to do so, we are going to setup a new role ``accounting`` a new user
     # For each of the projects, add the user with the accounting role
     openstack role add --user accounting --project <project> accounting
 
-Moreover, this user needs access to Keystone so as to extract the users
+Policy modifications
+--------------------
+The accounting user needs access to Keystone so as to extract the users
 information. In this case, we can can grant the user just the rights for
-listing the users adding the appropriate rules in your
-``/etc/keystone/policy.json`` as follows. Replace the line::
+listing the users adding the appropriate rules in your policy configuration.
+The modifications in the policy depend on the Keystone version, please ensure
+that you are applying the correct changes.
 
-      "identity:list_users": "rule:admin_required",
+Keystone Versions from Ussuri onwards (version >= 17.0.0)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-with::
+You need to modify the ``identity:list_users`` policy in either your
+``/etc/keystone/policy.json`` or ``/etc/keystone/policy-yaml``, contaning the
+following policy rules::
 
-      "identity:list_users": "rule:admin_required or role:accounting",
+    "identity:list_users": "(role:admin) or (role:reader and domain_id:%(target.domain_id)s) or (role:accounting)"
 
-Recent Keystone versions leverage a ``/etc/keystone/policy-yaml`` file, if this
-is your case, substitute the line::
+Keystone Versions from until Train (version < 17.0.0)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-   "identity:list_users": "rule:admin_required"
-
-with::
-
-   "identity:list_users": "rule:admin_required or role:accounting"
+You need to modify the ``identity:list_users`` policy in either your
+``/etc/keystone/policy.json`` or ``/etc/keystone/policy-yaml``, contaning the
+following policy rules::
 
+      "identity:list_users": "rule:admin_required or role:accounting"
 
 Publishing benchmark information for OpenStack flavors (optional)
 -----------------------------------------------------------------
diff --git a/releasenotes/notes/new-ussuri-configuration-03b764a39f461eda.yaml b/releasenotes/notes/new-ussuri-configuration-03b764a39f461eda.yaml
@@ -0,0 +1,6 @@
+---
+other:
+  - |
+    Keystone versions from Ussuri onwards (>= 17.0.0) implement a new policy.
+    Please check the documentation so as to ensure that you are applying the
+    correct changes.
diff --git a/releasenotes/notes/reno.cache b/releasenotes/notes/reno.cache
@@ -0,0 +1,54 @@
+---
+file-contents:
+  releasenotes/notes/multi-region-support-4395450dfbc4e8a3.yaml:
+    features:
+    - "Add multi-region support in order to extract information from several \nregions\
+      \ through different configuration files.\n"
+  releasenotes/notes/new-release-notes-b79c3d7a778fc946.yaml:
+    features:
+    - 'New IP accounting record is implemented. Now cASO is able to extract IP
+
+      accounting and publish it using its JSON rendering. No new configuration
+
+      needs to be done, but the cASO user needs to have access to the Neutron
+
+      endpoints.
+
+      '
+    - "cASO now allows to specity the projects to extract records from as project\n\
+      IDs, rather than names. When dealing with different identity domains this\n\
+      is troublesome, therefore we need to allow users to specify project IDs \nrather\
+      \ than names.\n"
+    fixes:
+    - Define the correct entrypoints for the V2 and V4 messengers.
+    - Generate LOG warnings when mappings cannot be found.
+    prelude: 'Starting with this version cASO release notes are published within the
+      documentation. This version is a major release that implements IP accounting
+      record, as well as several bugfixes. There are no upgrade notes to take into
+      account.
+
+      '
+  releasenotes/notes/refactor-extractor-e826c64087e17065.yaml:
+    prelude: 'This version includes a refactoring of the base extractors, dropping
+      support for the ceilometer extractor that was unmaintained for a long period
+      of time.
+
+      '
+    upgrade:
+    - 'Ceilometer extractor is no longer supported.
+
+      '
+notes:
+- files:
+  - - releasenotes/notes/refactor-extractor-e826c64087e17065.yaml
+    - !!binary |
+      MmVkMDJjY2IwYTEyMDMyZmIxNjZkMTBlZGVhZmJmNmE5ZGJjMDZkZg==
+  version: 2.1.0
+- files:
+  - - releasenotes/notes/multi-region-support-4395450dfbc4e8a3.yaml
+    - !!binary |
+      OTY4NDYyYWNmOTQ0NTEyZGNlZmQ5MDJiNzI2ODc1ZTNmYjZmMzM5Mg==
+  - - releasenotes/notes/new-release-notes-b79c3d7a778fc946.yaml
+    - !!binary |
+      NTNhM2RhMzhhM2Y2YjZjOTk4YTIwMTNmMjJkYzhiNTgyNDYyZWI1MQ==
+  version: 2.0.0
