Custom actions python API

Registered by Renat Akhmerov


Mistral allows to implement new actions and plug them into Mistral via a mechanism based on Stevedore. The issue is that a developer who is writing an action doesn't have a clearly scoped API that the action can use in its implementation.

The goal:

Create an API for action developers. More detailed on what should be in the API is at [1]. The idea is to have Actions API defined in a separate Mistral subproject called 'mistral-lib'. This project should define this API and its implementation. It may also contain utility classes and functions commonly by Mistral subprojects.

Motivation for using custom actions and not workflows:

* Some things are easier to do with python code.
* In some cases python code is more readable than a workflow
* When a code already exists, it’s better to reuse it in an action, than duplicate the logic to a workflow

Solution ideas/steps:

* Create a spec
  - Proposed Actions API
  - Module decomposition (e.g. what should be in mistral-lib and why)
* Make necessary changes in all components
* Move OpenStack actions to 'mistral-extra' and reimplement them with using Actions API.


* What do we want to move into mistral-lib? Specifically, do and other security modules need to be in mistral-lib? What about exceptions?




* Questions to ask in order to understand if something needs to be in "mistral-lib"
** Does it need to be exposed to 3rd parties? Then Yes
** Is it a base class used in mistral, mistral client, mistral-lib? Then Yes


* Create a copy (maybe more optimized for external usage) of keystone_utils and move it into mistral-extra where our OpenStack action will reside
* mistral lib will contain code concerned with 3rd party action development
* mistral-extra will contain OpenStack specific integration + other generic actions like Ansible actions
* Update the spec (maybe after we have code)
* re-enable CI on mistral-extra (thrash)

Blueprint information

Renat Akhmerov
Renat Akhmerov
Dougal Matthews
Series goal:
Accepted for stein
Milestone target:
Started by
Renat Akhmerov
Completed by
Renat Akhmerov

Related branches



It seems odd right now when executing custom actions from the CLI that you would be required to provide auth twice, once to mistral when calling execute and having to provide an additional auth method inside the action itself. It would be beneficial to define some sort of security model for all actions (including custom) to ensure auth only needs to happen once.

rakhmerov: totally agree with that

Gerrit topic:,topic:bp/mistral-custom-actions-api,n,z

Addressed by:
    Custom actions API specification

Addressed by:
    Restructure mistral-extra repo

Addressed by:
    Initial project layout

Addressed by:
    Allow external access to cached clients

Addressed by:
    [WIP] Adds minimum common shared code for custom actions API

12/23/2019: rakhmerov: I'd rather treat this BP as implemented now since most of the things mentioned in the descriptions were taken care of. We still need to work on mistral-extra: move openstack actions over there and add more utilities for other custom things.
We also need to revisit how we plug actions into the system.


Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.