The zoneinfo module was introduced in Python 3.9. We can use that
built-in module instead of the 3rd party library (pytz).
This is based on change I1f88bdadc68bfa726eac1da1c5824c1ed352ad98 in
oslo.utils.
Change-Id: I539120a6bfb850b0c4e384e51caa021761a4f6b8
The wrappertask decorator was deprecated some cycles ago[1]. This is
internal implementation so could be even removed directly.
[1] 2c58017a14
Change-Id: I0f2e25971201e2a01b3e86bd859e8a4bdb98d371
Based on the agreed steps to implement the SRBAC community goal, this
enables the new policy defaults and scope checks by default.
Change-Id: I315893150549d1174c3270c37c031e6a519f9a28
Resolve the following warning:
DeprecationWarning: distutils Version classes are deprecated. Use
packaging.version instead.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I1db934e673b896834956d680f847687834e18520
Unlike Cinder, Nova etc., we haven't had any sqlalchemy-migrate-based
migrations in Heat for some time. That means we don't need a transition
period to handle users that may not have the latest
sqlalchemy-migrate-based migration and we can remove these migrations
immediately. Doing so also means we can also remove sqlalchemy-migrate
from our dependencies. Hurrah!
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I825c58a42e9d430c9d660dae9bb70d1cb6f91079
No migrations yet: this is simply the output of 'alembic init' with some
minor tweaks.
A note about ordering of requirements is removed from requirements.txt:
it is no longer true with the new dependency resolver introduced in pip
20.3.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I7790222ab5eaf6c47dd386fe472275a3037a9898
This patch adds a new resource to support ``minimum_packet_rate_rule``
QoS rule in Neutron.
Related-Bug: #1922237
Story: 2009686
Task: 43997
See-Also: https://review.opendev.org/785236
Change-Id: I29e205979b40e3e0d0746e1c22fa679736c853b7
In support of the OSC migration, we need
to bump the lower-constraint for the
openstacksdk to allow for feature parity.
Change-Id: Ide69f84a76f06814cf74b73b57729f23dea1062b
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.
Also replace policy.json to policy.yaml ref from doc and code.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I1aa12bcd2638390f25d57ce8abeeec248121dc02
We received huge amount of warnings during service start.
Most about stop using `deprecated_reason` and `deprecated_since` by
`policy.DocumentedRuleDefault` directly. And should use them under
`policy.DeprecatedRule instead.
This patch apply for above suggestion.
Also bump oslo.policy lower-constraints and requirements to `3.7.0` to alias
policy behavior.
Story: 2008707
Task: 42041
Change-Id: Iefcfc30a051fe25ccc5121c7ddb817e8c271fcb6
This commit updates default policies to account for system scope
and default roles. This is part of a broader change to provide a
consistent and secure authorization experience across OpenStack
projects.
- Introduces basic/reusable check strings in base.py
- Implements secure RBAC for build info API
- Implements secure RBAC for the action API
- Implements secure RBAC for cloud formations
- Implements secure RBAC for events
- Implements secure RBAC for the resource API
- Implements secure RBAC for the service API
- Implements secure RBAC for software configs
- Implements secure RBAC for software deployments
- Implements secure RBAC for stacks
- Adds unit tests for legacy and new secure-rbac policies.
Change-Id: Iff1e39481ea3b1f00bd89dba4a00aed30334ecec
The broader OpenStack community is working towards implementing secure
RBAC, which is a common set of personas (role and scope permutations)
that deliver the most common asks for custom policies. It also addresses
long-standing issues with tenancy and enforce scope checking.
This commit updates the requirements for oslo.log, oslo.context,
oslo.i18n, oslo.policy, oslo.serialization and keystonemiddleware, which
are necessary for implementing this work. Subsequent patches will go
through and update the default policies.
Change-Id: Ib28f1b333f032b8c9f960a2510e4d23487541631
New pip version is quite strict and does not allow conflicting
minimum version deps in lower-constraints.
Change-Id: Ie524c54e3b982bc6b0786c875d34d177444ec6fc
This patch changes the lower-constraint requirements to make them
py3.8 compatible. See https://bugs.launchpad.net/nova/+bug/1886298
Markupsafe==1.1.1
PyMySQL==0.8.0
PyYAML==3.13
cffi==1.14.0
greenlet==0.4.15
kombu==5.0.1
lxml==4.5.0
oslo.db==6.0.0
paramiko==2.7.1
psycopg2==2.8
sqlalchemy-migrate==0.13.0
tenacity==6.1.0
Also update the test-setup.sh to work with recent version of mysql.
Change-Id: Ibe60d1e536f0e887eceea32b7cb4eec6318e96af
Partial-Bug: #1886298
The type of the entry point objects returned in stevedore has
been changed from`pkg_resources.EntryPoint` to
`importlib.metadata.EntryPoint`[1] and it does not have module_name
attribute.
It also bumps requirements/lower-constraints as stevedore==3.1.0 is
not backward compatible.
[1] https://review.opendev.org/#/c/740515/
Task: 40355
Change-Id: Icd68f6eab73e44406f2ff5073636dcdd111e00ea
Now that we only support Python 3, use the 'yield from' keyword instead
of the @wrappertask decorator for calling co-routines from a co-routine.
This should greatly simplify backtraces when calling nested co-routines.
Change-Id: If9beaff74cf4facbc4aa4b30f31a3a087bdcad8a
Six is in use to help us to keep support for python 2.7.
Since the ussuri cycle we decide to remove the python 2.7
support so we can go ahead and also remove six usage from
the python code.
Review process and help
-----------------------
Removing six introduce a lot of changes and an huge amount of modified files
To simplify reviews we decided to split changes into several patches to avoid
painful reviews and avoid mistakes.
To review this patch you can use the six documentation [1] to obtain help and
understand choices.
Additional informations
-----------------------
Changes related to 'six.b(data)' [2]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
six.b [2] encode the given datas in latin-1 in python3 so I did the same
things in this patch.
Latin-1 is equal to iso-8859-1 [3].
This encoding is the default encoding [4] of certain descriptive HTTP
headers.
I suggest to keep latin-1 for the moment and to move to another encoding
in a follow-up patch if needed to move to most powerful encoding (utf8).
HTML4 support utf8 charset and utf8 is the default charset for HTML5 [5].
Note that this commit message is autogenerated and not necesserly contains
changes related to 'six.b'
[1] https://six.readthedocs.io/
[2] https://six.readthedocs.io/#six.b
[3] https://docs.python.org/3/library/codecs.html#standard-encodings
[4] https://www.w3schools.com/charsets/ref_html_8859.asp
[5] https://www.w3schools.com/html/html_charset.asp
Patch 28 of a serie of 28 patches
six fully removed now!
Thank you six for the rendered services!
Change-Id: If44ee4b565cc9390fa0422fba4dda080b4f90b98
I hope I remembered all the discussion points we had about how to design
this plugin, so:
* Instead of changing OS::Neutron::ExtraRoute we introduce
OS::Neutron::ExtraRouteSet so we can take advantage of Neutron API's
ability to add/remove multiple extra routes at once.
* Addition and removal of extra routes is supposed to be atomic with
Neutron extension 'extraroute-atomic'. An update involves a removal
and an addition, therefore an update is not atomic operation. However
unless the responsibility for an extra route is moved from one stack
to another that should not be a problem.
* Sharing the responsibility for an extra route between stacks (that is
multiple stacks defining the same extra route) is not supported due
to the Neutron API not allowing this.
Let me know what did I forget.
Example template:
resources:
extrarouteset0:
type: OS::Neutron::ExtraRouteSet
properties:
router: { get_resource: router0 }
routes:
- destination: 10.0.0.0/24
nexthop: 10.0.0.10
- destination: 10.0.1.0/24
nexthop: 10.0.0.11
...
Change-Id: Ic1fe593d9821d844fd124b0212d444f6e3a0015e
Depends-On: https://review.opendev.org/675900
Story: #2005522
Task: #36264
- Bumps some of the lower constraints
- Fixes common/endpoint_utils.py to fallback to use auth_uri.
Change-Id: Ief0868d5feef3ee6b0689c6be27649ff009fbbcc
Add a OS::Blazar::Lease resource plugin to support Blazar which is a
resource reservation services in OpenStack.
Co-author: Asmita Singh <Asmita.Singh@nttdata.com>
Change-Id: I7683599d9e9443372d1f585985cee7c10fd08581
Task: 22882
Story: 2002085
This adds basic framework for heat-status upgrade
check commands. For now it has only "check_placeholder"
check implemented.
Real checks can be added to this tool in the future.
Change-Id: I83629184b49a6cf91928df702db23156433d99f6
Story: 2003657
Task: 26131
Currently the constraints do not reject an ipaddress for ipv4 which have
fewer than 3 dots such as 'a' or 'a.b' or 'a.b.c'.
This enhancement provides an extra check that an ipv4 address has syntax:
'a.b.c.d'
This also applies to CIDR
Change-Id: Ia7ec8bf107abd169b6b6a91d0b8bb913fc3cc7b9
Story: 2002552
Task: 22114
The old way of renaming is duplicated [1]. This patch uses the
new way to rename a container. In addition, this patch also
bump the version of python-zunclient to 2.0.0
[1] https://review.openstack.org/#/c/557595/
Change-Id: I4ef36a3c4a805b3e041fcb9456c297e59865485c
Add a Blazar client plugin which will be used by a couple of Balazar
resources under development.
Change-Id: I0f68fc0525db3ba299d77019a102f24b9d3cea87
Task: 19754
Story: 2002085
In the course of switching over to lower-constraints, the lower
constraints got out of sync with the requirements. This change fixes the
constraints using the script mentioned in
http://lists.openstack.org/pipermail/openstack-dev/2018-April/129056.html
Change-Id: Iae317fa745862ebde4115ca8e77a26c6c9be20ac