Python 2 is no longer supported, thus usage of six can be removed.
Also, This removes B314 test from documentation because its actual
implementation was already removed[1].
[1] 9dbeefb55e
Change-Id: Ib01714e6462470dd5c3f6f06b52a3afeff573696
The default api-paste.ini file maintained in the Barbican repo provides
a pipeline with the audit middleware. This change adds the option for
the middleware to the barbican.conf file generated by generator, so
that users can find the related options easily.
Depends-on: https://review.opendev.org/804316
Change-Id: I9f3ee9968f7558498c6fdb31d9103750ec248446
The implementation follows nova and implements an is_supported
function, that can be used in controllers, to check the requested
version and take different code paths depending on the result.
This reverts commit 7b14d983e0.
Change-Id: I5651a69f93288ac1dfdc1c8b1ad0f904e370c127
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.
Also replace policy.json to policy.yaml ref from doc and tests.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: Idaa65dac1c97324d671b9a07a2f3d51bb128e8c2
This commit updates the versions of oslo.policy, keystonemiddleware, and
oslo.log to new versions that aid in implementing secure RBAC through
default roles and scope checking.
These dependencies will be used in a subsequent patch set to update
Barbican's default policies.
Change-Id: I5aa1ab349e6f6a65754b508e9181ef1f9a870ea3
Move constraints into deps, remove install_cmd.
The default install_cmd is just fine to use.
Increase constraints since they are now finally tested, see
http://lists.openstack.org/pipermail/openstack-discuss/2020-April/014237.html
showed that they are broken. The lower-constraints job is optional,
remove it.
Change-Id: Ieda45ef624e0cd4e60216b740cc04aff0783e863
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove python 2.7 stanza from setup.py
- Add requires on python >= 3.6 to setup.cfg so that pypi and pip
know about the requirement
- Remove obsolete sections from setup.cfg
- Update classifiers
- Use newer openstackdocstheme and Sphinx versions
- Cleanup */source/conf.py to remove now obsolete content.
- Remove Babel from requirements, it's not needed for running.
- Sync docs deps in tox.ini
Change-Id: Ie1fccdc777be978075e4689eda6c62578bd463e4
Barbican added support for AppRole in the Vault backend
for Stein. It requires at least version 1.2.1 to work.
Change-Id: I40f2a4932eaafa61fcdc3884c0d7e3f3470788c2
Story: 2005359
Task: 30329
Bandit 1.6.0 broke the -x command, block this release so that
pep8 tests pass again.
Sync with global requirements file to pass tests:
* update sphinx
* update jsonschema
Change-Id: If78421403ae188713820feb2071a8a889d9ccd7b
This adds basic framework for barbican-status upgrade
check commands. For now it has only "check_placeholder"
check implemented.
Real checks can be added to this tool in the future.
Change-Id: I40bfcc0c8755e814c1b63fdf323c32fda967968e
Story: 2003657
Task: 26120
This will provide a Castellan based secret store, which will
allow secret stores which have a castellan backend to be used
behind barbican. The initial example of this is the Vault
backend.
Unit tests have been added. In local tests,
most of the functional tests do in fact pass with a local Vault
backend, though this will need to be demonstrated with a later
review which establishes a Vault based gate.
Change-Id: Ib30fb79304014592bfc37938839d60a4c10c244d