Projects should support variables, which other entities use in resolution

Have any of the parties that have contributed use cases actually cited this as something they want and/or need?

Yes, this usage with projects came up specifically in a discussion in Ant Messerli (antonym) with respect to generating run books for Rackspace Private Cloud support needs. Given that CMDBs depend on some form of an open schema; and variables are how we implement this in Craton, we should expect that variables should be mixed into most Craton db entities.

Fix proposed to branch: master
Review: https://review.openstack.org/427777

https://review.openstack.org/427777 addresses acceptance criteria 1-3.

Since I updated the Acceptance Criteria, https://review.openstack.org/427777 now addresses #1-4.

Project support has not been added to the CLI yet, at least I don't see it in master. We'll need to address https://bugs.launchpad.net/python-cratonclient/+bug/1659237 before #5 (from Acceptance Criteria) can be addressed.

Reviewed: https://review.openstack.org/427777
Committed: https://git.openstack.org/cgit/openstack/craton/commit/?id=603cef7a31f89ee73259ed7ceeb859cc7eef7811
Submitter: Jenkins
Branch: master

commit 603cef7a31f89ee73259ed7ceeb859cc7eef7811
Author: Ian Cordasco <email address hidden>
Date: Wed Feb 15 08:41:49 2017 -0600

    Adds Variables support to Projects resource

    Includes Variables support, which is already present
    in several other Craton resources, in the Projects
    resource as well.

    Project variables will serve as a top-most scope
    of variables for resources that belong to a specific
    project.

    Partial-Bug: 1648626
    Closes-Bug: 1661670

    Change-Id: I574e834ce409efd8ceafb15fe30a86ae93df2a80

Remaining work for this:
* Implement mini-RBAC to re-introduce restrictions for Project CRUD as appropriate.

Currently, the lack of any sort of restrictions for Project calls is causing any non-admin user to get a 500 from oslo_db's generic multi-tenancy expecting a `project_id` column to be present for the record to compare with the Project ID associated with the user.

Related fix proposed to branch: master
Review: https://review.openstack.org/434936

Fix proposed to branch: master
Review: https://review.openstack.org/434976

Reviewed: https://review.openstack.org/434936
Committed: https://git.openstack.org/cgit/openstack/craton/commit/?id=01acb6449d2e6c1bbcad7b5f7eedd6f1b3845317
Submitter: Jenkins
Branch: master

commit 01acb6449d2e6c1bbcad7b5f7eedd6f1b3845317
Author: Thomas Maddox <email address hidden>
Date: Thu Feb 16 14:27:28 2017 +0000

    Removes left-over debugging logs

    This fix removes some left-over debug statements
    that made it through gate on accident.

    Change-Id: I95f0f9f20704c0f05b8f2c280e579b6064d4f89f
    Related-Bug: 1648626

Reviewed: https://review.openstack.org/434976
Committed: https://git.openstack.org/cgit/openstack/craton/commit/?id=bf1cdf474033becc9c1a1df62be5763fef4daffb
Submitter: Jenkins
Branch: master

commit bf1cdf474033becc9c1a1df62be5763fef4daffb
Author: Thomas Maddox <email address hidden>
Date: Thu Feb 16 15:36:21 2017 +0000

    RBAC-Lite for generic resources implementation

    This patch re-applies RBAC-lite to the /projects
    endpoint. For the top-level /projects endpoint,
    permissions have been narrowed to only root
    project users. Anything pertaining to a specific
    project has been narrowed to project admin users.

    This patch implements a decorator to afford us the
    same features for the generic resources functions
    that @require_project_admin_context and
    @require_admin_context decorators afforded us
    piecemeal for other DB API functions.

    Change-Id: I875a9a8cb68c76d27f613bac6f4b87f3a1e2b411
    Closes-Bug: 1665237
    Closes-Bug: 1648626