Train Series Release Notes

11.0.1

Security Issues

  • Data filtering on the GET /v1/dataframes and `` GET /v2/dataframes`` has been fixed. It was previously possible for users to retrieve data from other scopes through these endpoints.

11.0.0

New Features

  • Added a v2 API endpoint allowing to push dataframes into the CloudKitty storage. This endpoint is available via a POST request on /v2/dataframes. Admin privileges are required to use this endpoint.

  • A v2 storage driver for Elasticsearch has been added. It is marked as EXPERIMENTAL for now.

  • A force_granularity option has been added to the gnocchi collector’s extra_args. It allows to force a granularity to use when doing metric aggregations. If not specified or set to 0, the lowest available granularity will be used.

  • Added a v2 API endpoint allowing to retrieve dataframes from the CloudKitty storage. This endpoint is available via a GET request on /v2/dataframes. Being the owner of the scope or having admin privileges are required to use this endpoint.

Upgrade Notes

  • CloudKitty is now aware of timezones, and the API supports iso8601 formatted timestamps.

  • Section names that had been deprecated in cloudkitty 9.0.0 have been removed in 11.0.0. These include gnocchi_collector, tenant_fetcher, keystone_fetcher, source_fetcher and hybrid_storage.

Deprecation Notes

  • Since eventlet has been replaced with futurist, the [orchestrator]/max_greenthreads option has been deprecated and replaced with [orchestrator]/max_threads.

Bug Fixes

  • A validation issue causing the GET /v2/summary endpoint to systematically return a 400 error if any of the begin or end parameters was specified has been fixed.

  • An issue causing data not to be deleted from the storage backend when resetting a scope’s state through the API has been fixed.

  • It is not required anymore to prefix the url of a resource with a / when using cloudkitty.api.v2.utils.do_init.

  • Keystone authentication options are now registered with keystoneauth1 in the monasca collector helper functions, which allows to use the auth_section option even when using the source fetcher.

Other Notes

  • Data frames/points are now internally represented as objects rather than dicts.

  • Since data frames are now represented as objects internally, transformers are not used anymore and have been completely removed from the codebase.

  • The eventlet library has been replaced with futurist.

10.0.0

New Features

  • A Prometheus scope fetcher has been added in order to dynamically discover scopes from a Prometheus service using a user defined metric and a scope attribute. It can also filter out the response from Prometheus using metadata filters to have a more fine-grained control over scope discovery. It features HTTP basic auth capabilities and HTTPS configuration options similar to Prometheus collector.

  • Added a v2 API endpoint allowing to retrieve the state of several scopes. This endpoint is available via a GET request on /v2/scope and supports filters. Admin privileges are required to use this endpoint.

  • Added a v2 API endpoint allowing to reset the state of several scopes. This endpoint is available via a PUT request on /v2/scope and supports filters. Admin privileges are required to use this endpoint.

  • A v2 API has been bootstrapped. It is compatible with the v2 storage and will be the base for all upcoming API endpoints. It is marked as EXPERIMENTAL for now.

  • It is now possible to force a project_id to retrieve a specific metric from it with the monasca collector.

  • The processor is now able to run several parallel workers. By default, one worker is spawned for each available CPU. Workers can be limited through the max_workers option of the orchestrator section.

Upgrade Notes

  • The v1 API is now marked as CURRENT. The API root is now built with Flask instead of pecan

  • Metrics are now fetched concurrently with eventlet instead of one after another by the orchestrator, leading to a consequent performance improvement. The maximum number of greenthreads to use can be specified through the max_greenthreads option of the orchestrator section.

Security Issues

  • The default policy for the /v1/storage/dataframes endpoint has been changed from unprotected (accessible by any unauthenticated used) to admin_or_owner (accessible only by admins or members of the project).

  • Introduce bandit security checks and fix potential security issues detected by bandit linter. Remove unused option where host_ip was a binding to all interfaces. Using of insecure hash function, switch from sha1 to sha512.

Bug Fixes

  • HashMap module field mapping matching has been fixed: Field mapping values are always stored as strings. However, metadatas to match can be floats or integers (eg vcpus or ram). Given that mappings were matched with == until now, integers or float metadatas did never match.

  • CompileError: Can't resolve label reference for ORDER BY / GROUP BY. errors that were sometimes raised by SQLAlchemy when using the v1 storage backend and grouping on tenant_id and res_type have been fixed.