Modernize project setup by nuwang · Pull Request #328 · CloudVE/cloudbridge

nuwang · 2026-05-14T19:53:59Z

No description provided.

Replace setup.py/setup.cfg with a PEP 621 pyproject.toml using setuptools build backend. Version is read dynamically from cloudbridge.__version__. Coverage config moves into [tool.coverage.run]; flake8 stays in setup.cfg (no pyproject support). Drop stale Py2/old-Py3 classifiers and bdist_wheel universal flag; declare requires-python = ">=3.13" to match tox.ini and CI. Update deploy workflow to use `python -m build`, and pip-cache keys in integration workflows to hash pyproject.toml.

Replace six.string_types/text_type/integer_types with str/int; six.u()-on-string-types branches were dead in Py3 and deleted. six.reraise inside an active except becomes a bare raise; the middleware Py2/Py3 fork collapses to `raise cb_ex from e`. Switch gcp/helpers from six.moves.urllib.parse to stdlib urllib.parse, and inline six.ensure_binary. Also remove the configparser try/except shim in base/provider.py that fell back to Py2's SafeConfigParser.

Update README badge URLs and table header from py3.8 to py3.13 so they match the filenames the integration-cloud workflow writes to the gist. Refresh docs to reflect the modern environment: - install.rst: prerequisite is Python 3.13. - testing.rst: tox envs are py3.13-*; replace the gone `setup.py test` section with pytest equivalents. - release_process.rst: dependencies live in pyproject.toml; build with `python -m build`; CI is GitHub Actions, not Travis; drop six. - provider_development.rst: tox env is py3.13; new provider deps go in pyproject.toml under [project.optional-dependencies]. - troubleshooting.rst: generalize the macOS Python 3.6 cert path. Source cleanups: - openstack/resources.py: drop the urllib.parse/urlparse try/except shim. - gcp/helpers.py: drop "required for Python 2.7" comments (the str() wrappers remain — e.content is bytes, casts are still useful). - tests/__init__.py and tests/test_compute_service.py: drop py27-only invocation guidance and the u"" string-format workaround.

.readthedocs.yaml: add the now-required build.os, build.tools.python, and sphinx.configuration blocks — RTD retired the implicit-defaults build platform in late 2024. docs/conf.py: drop vestigial `import sphinx_rtd_theme` and the html_theme_path call (sphinx_rtd_theme >= 1.0 auto-discovers via entry points); bump copyright through 2026. docs/requirements.txt: raise floors to sphinx>=8 / sphinx_rtd_theme>=3 and drop the comment about a long-resolved sphinx bug. tox.ini: remove the pypy environment from envlist — CI never ran it, and pypy can't realistically build the Azure SDK's C extensions. requirements.txt: drop sshpubkeys (was a moto 1.0.0 workaround; we run moto 5.x now). cloudbridge/__init__.py: replace the custom NullHandler subclass with logging.NullHandler (in stdlib since Py3.1). Add TODO.rst capturing the deferred mechanical sweeps (object base class, super(), f-strings, typing builtins, ruff/mypy, pre-existing flake8 import-order errors, untracked dev artifacts).

The skip specifier was `>=5.0.0`, which silently masks the test for every future moto release. Pin to the exact known-broken version (5.2.1) so newer releases re-run the test — we want to discover an upstream fix the first time CI installs a newer moto, not stay quiet forever.

The Azure provider reads AZURE_REGION_NAME for its region and the test framework reads CB_PLACEMENT_AZURE for placement, but neither was plumbed through the workflow's env: block. Setting either as a repo secret had no effect — the secret reached GitHub but never got into the runner process, and so never reached tox or the test code. The provider silently fell back to its hardcoded `eastus` default, overriding whatever the secret said. Add both, gated on `matrix.cloud-provider == 'azure'` to match the secret-scoping pattern the rest of the Azure block already uses.

Two related bugs surfaced by test_instance_methods on the CI run for PR #328: * ``remove_floating_ip`` was clearing port_id via ``Connection.network.update_ip(fip, port_id=None)``. Some openstacksdk versions strip ``None`` kwargs from the PUT body, which meant the Neutron-side disassociation never happened and the FIP stayed bound to the instance's port. Switch to a direct neutronclient ``update_floatingip(id, {'floatingip': {'port_id': None}})`` call so the wire payload explicitly carries ``port_id: null``. Also make remove_floating_ip a no-op (instead of an AttributeError) when the FIP id has already been deleted, which happens when a test's nested cleanup_actions detach + delete in sequence. * ``_all_addresses`` was unioning Nova's view of ``server.addresses`` with a live Neutron query. Nova's info_cache lags ~60s and isn't re-queried on server-show, so a FIP detached on the Neutron side still appeared in ``public_ips`` / ``private_ips`` until Nova caught up. Read only **fixed** IPs from Nova (filtering by ``OS-EXT-IPS:type``) and trust Neutron exclusively for floating IPs.

The previous condition keyed off `ec2:Region`, which AWS only populates in the request context for actions that operate on a region-scoped resource. Service-level `Describe*` calls (e.g. `DescribeAvailabilityZones`) don't have it set, and despite the `StringEqualsIfExists` semantics, IAM evaluated the condition as a non-match — denying the call even though `ec2:*` covered the action. Switch to `aws:RequestedRegion`, which IAM itself populates on every authenticated API call from the endpoint region. Always present, no need for the `IfExists` qualifier. This is AWS's recommended pattern for region-scoping inline policies and works uniformly across services. The role's actual deployed policy is updated by re-running .github/aws/setup.sh against the account; this commit only refreshes the source-of-truth file.

pytest-xdist with -n 5 races against the shared default vnet/subnet: multiple workers call get_or_create_default cold, all find nothing, all try to create cloudbridge-net/cloudbridge-subnet, and Azure ARM rejects all but one with AnotherOperationInProgress or cancels in- flight create LROs. The losing workers' tests then fail at VM creation because they have no usable subnet. Drop the -n 5 default for the azure factor only. Other clouds keep parallel since their tests don't share singleton default resources the same way.

`test_zones` iterates over every AWS region and calls `describe_availability_zones` against each region's endpoint (via cloudbridge.providers.aws.resources.AWSRegion.zones, which spins up a per-region EC2 client). For all calls outside us-east-1, `aws:RequestedRegion` is the target region, so the existing `aws:RequestedRegion == us-east-1` condition rejected them with `UnauthorizedOperation` even though `ec2:*` covered the action. Add a separate `EC2ReadAnyRegion` statement allowing `ec2:Describe*`, `ec2:Get*`, `ec2:List*` without a region condition. Mutations (`RunInstances`, `CreateVpc`, etc.) remain pinned to us-east-1 via the existing `EC2FullAccessUsEast1` statement, so the safety boundary against accidentally provisioning in other regions is preserved. The deployed inline policy is updated by re-running .github/aws/setup.sh; this commit only refreshes the source-of-truth.

This reverts commit c4b42f5.

nuwang added 5 commits May 15, 2026 01:23