GitLab

Class RegexURLPattern doesn't contain `_get_callback' method any more
and resolve the callback when we try to retrieve it.

Implement our own is_hop_by_hop function.

In case creating a VM fails before the OP_INSTANCE_CREATE job is
enqueued in Ganeti, the VM and its NICs must be deleted, and the
resources must be released from Quotaholder, which is exactly what is
done when a VM is deleted from Ganeti. Instead of duplicating the code,
this commit uses the same function that is used by snf-dispatcher, by
mocking an successfully OP_INSTANCE_REMOVE.

Refs: #4063

Remove trailing slash from the endpoints' publicURL field in service
definitions. These values end up in the response of POST /tokens, and,
according to the keystone API, should not end in slash. A trailing slash
breaks some clients, which do no proper checking before appending a
suffix.

Note that these URLs are not meant to act as a base path in the strict
semantics of http://tools.ietf.org/html/rfc3986#section-5.2.3 . Suffixes
should be merged into by a simple append (modulo catering for the joining
slash).

URLs are still configured as groups per prefix ending in a slash, eg:
'^account/' and '^ui/'. Permanent redirects are added for all non-API
endpoints (ui, helpdesk, admin, etc), so that `BASE_PATH/path' leads to
`BASE_PATH/path/'.

API method decorator should initialize the AstakosClient with the retry
argument set, in order to avoid errors caused by getting an old
connection from pool.

allow API views to define supported serializations.

Introduce assertMethodNotAllowed method in BaseAPITest class. The method
asserts that provided response is a valid ``Method not allowed`` API response.

- avoid registering root url in case <base_path> equals to root url
- additional helper redirect for non trailing slash <base_path> endpoint

Make the default status code of API Fault and AstakosClientException
to be 500.

Pithos api default serialization for listing is text insted of json.
However the common api decorator if not specified otherwise used to
json as the default serialization.
So we introduced a new optional argument (defaults to json) to override
the default serialization for the api method.

Conflicts:
	snf-pithos-app/pithos/api/util.py

`snf_django.lib.api.urls.api_patterns` acts as django `patterns` method
used commonly in urls modules. Using api_patterns to register urls will
result all patterns to be exempted from csrf protection.

extend_with_root_redirects can be used by components to easily extend the
registered urlpatterns with utility redirect views for the root urls.

https://service.deployment.vendor.tld/service-base/api-prefix/hard/path
|___________________________________| |__________| |________| |_______|
             BASE_HOST                  BASE_PATH    PREFIX    Hardcoded
|_________________________________________________|
             SERVICE_BASE_URL

- Introduce <SERVICE>_BASE_URL setting, and <API>_PREFIX constants
  for all services. Extract BASE_HOST, BASE_PATH from the setting.

- Use settings and constants to construct top-level patterns
  (base-path/api-prefix) in services' urls.py

- Refactor/extend proxy() to be compatible with the above.

- Change URLs passed around (ui, e-mails) to be compatible.
  (needs more work)

Notes:

This configuration REQUIRES that any rewriting and proxying on the
front-end must eventually result in the application server (gunicorn)
getting the original path of the request, otherwise the view-generated
URLs will be different.

Changes:
- set top-level urlpatterns from <SERVICE>_BASE_URL
- rename setting: APP_INSTALL_URL to CYCLADES_BASE_URL
- rename setting: ASTAKOS_URL to ASTAKOS_BASE_URL everywhere
- introduce setting: PITHOS_BASE_URL
- update shipped .confs, quick install admin guide, upgrade guide
- fix urls/views/reverse()/other that were broken
- (more not listed)

Wrap all calls to astakosclient for commissions to raise 500, if any
error other than QuotaLimit(413) occurs.

The ``X-Forwarded-Host`` header should not be forwared to the target
because django appends its value to the Host header and
results in validate_host() failure.

Raise a BadRequest if request is missing Content-Type header field.

Since v0.14 everything belonging in a README file should be written
as part of the documentation and thus under docs/. Remove all
unnecessary README files, adjust MANIFEST.in and setup.py files
accordingly and move README files that should be merged into the
documentation under docs/older/.

This will be followed by a commit that merges all necessary
information included in the remaining REAMDE files under docs/older/
in the corresponding guides and docs, so that everything is up-to-date.

Since 0.13 there is only one single Changelog file at the root
directory. Thus, any new component should not have its own
Changelog file. Specifically, remove local Changelog files for:

* snf-astakosclient
* snf-branding
* snf-django-lib

- Avoid proxying Connection, Host and Cookie headers
- Cleanup non headers keys (e.g. wsgi.*)
- Set X-Forwarded-For header

reverse commits ab30f5f163a13dfc7f9bec4d263208dd35f09d16 &
1439d6383113b151b6a3316e320a0418fa30d421

decorate also ``django.contrib.auth.views`` utilized by
astakos

CookieAuthenticationMiddleware.process_request() synchronizes
the astakos cookie with the request user.
If an astakos cookie is set but there is no logged in user,
the middleware deletes the cookie.
Respectively, if there is a logged in user but the astakos cookie
is not set, the middleware setis the cookie.
In order to set/delete the cookie, redirects to the request path.

For checking whether the user is logged in or not,
utilized the django.contrib.auth.models.User.is_authenticated() method.
This returns always True for django.contrib.auth.models.User instances
(request.user for non authenticated requests is
 django.contrib.auth.models.AnonymousUser instance)

Some astakos api calls are decorated by
astakos.api.utils.user_for_token()
which checks the X-Auth-Token request header and if its valid
sets the request.user to the respective AstakosUser instance.

Therefore, the above check succeeded for these calls
and the middleware used to set the cookie.
Subsequent requests read the cookie and
if it did not comform with the request.user
(no authentication info supplied)
redirected to request path for deleting it.

In order to resolve this undesired behavior
the cookie fix() method has been changed
and if it is actually an api call request
it returns immediately without affecting the cookie.