Custom actions python API
Now:
Mistral allows to implement new actions and plug them into Mistral via a mechanism based on Stevedore. The issue is that a developer who is writing an action doesn't have a clearly scoped API that the action can use in its implementation.
The goal:
Create an API for action developers. More detailed on what should be in the API is at [1]. The idea is to have Actions API defined in a separate Mistral subproject called 'mistral-lib'. This project should define this API and its implementation. It may also contain utility classes and functions commonly by Mistral subprojects.
Motivation for using custom actions and not workflows:
* Some things are easier to do with python code.
* In some cases python code is more readable than a workflow
* When a code already exists, it’s better to reuse it in an action, than duplicate the logic to a workflow
Solution ideas/steps:
* Create a spec
- Proposed Actions API
- Module decomposition (e.g. what should be in mistral-lib and why)
* Make necessary changes in all components
* Move OpenStack actions to 'mistral-extra' and reimplement them with using Actions API.
Questions:
* What do we want to move into mistral-lib? Specifically, do context.py and other security modules need to be in mistral-lib? What about exceptions?
Links:
* https:/
* https:/
* https:/
* https:/
Notes:
* Questions to ask in order to understand if something needs to be in "mistral-lib"
** Does it need to be exposed to 3rd parties? Then Yes
** Is it a base class used in mistral, mistral client, mistral-lib? Then Yes
Decisions:
* Create a copy (maybe more optimized for external usage) of keystone_utils and move it into mistral-extra where our OpenStack action will reside
* mistral lib will contain code concerned with 3rd party action development
* mistral-extra will contain OpenStack specific integration + other generic actions like Ansible actions
* Update the spec (maybe after we have code)
* re-enable CI on mistral-extra (thrash)
Blueprint information
- Status:
- Complete
- Approver:
- Renat Akhmerov
- Priority:
- High
- Drafter:
- Renat Akhmerov
- Direction:
- Approved
- Assignee:
- Dougal Matthews
- Definition:
- New
- Series goal:
- Accepted for stein
- Implementation:
-
Implemented
- Milestone target:
- None
- Started by
- Renat Akhmerov
- Completed by
- Renat Akhmerov
Related branches
Related bugs
Sprints
Whiteboard
It seems odd right now when executing custom actions from the CLI that you would be required to provide auth twice, once to mistral when calling execute and having to provide an additional auth method inside the action itself. It would be beneficial to define some sort of security model for all actions (including custom) to ensure auth only needs to happen once.
rakhmerov: totally agree with that
Gerrit topic: https:/
Addressed by: https:/
Custom actions API specification
Addressed by: https:/
Restructure mistral-extra repo
Addressed by: https:/
Initial project layout
Addressed by: https:/
Allow external access to cached clients
Addressed by: https:/
[WIP] Adds minimum common shared code for custom actions API
12/23/2019: rakhmerov: I'd rather treat this BP as implemented now since most of the things mentioned in the descriptions were taken care of. We still need to work on mistral-extra: move openstack actions over there and add more utilities for other custom things.
We also need to revisit how we plug actions into the system.
Work Items
Dependency tree
* Blueprints in grey have been implemented.
