This patch updates default policy-in-code rules in horizon based on
nova/neutron/keystone/glance/cinder RC deliverables.
It also bumps a few packages versions in lower-constraints.txt and
requirements.txt to fix the failed lower-constraints job after
updating policy rules.
Change-Id: I168bb171076e3442b29670461a29d12c9988df52
pyscss v1.3.7 doesn't work with python 3.10. So this patch bump
pyscss version to latest i.e. v1.4.0 so it can support python 3.10
and consume other fixes included in pyscss v1.4.0.
Closes-Bug: #1960204
Depends-On: https://review.opendev.org/c/openstack/requirements/+/830615
Change-Id: I764aa5491df8c8d39f4f168241f91d19ce7fed26
Django 2.2 support was dropped. Django 2.2 ends its extended support
in April 2022[1]. Considering this, horizon dropped Django 2.2 support
and use Django 3.2 as default version of Django.
It also updates the python version from py38 to py39 for
"horizon-non-primary-django-jobs" and
"horizon-tox-python3-django" project template because py36
and py39 are now runtime for the Yoga cycle[2]. So I have updated it to
py39.
[1] https://www.djangoproject.com/download/
[2] https://review.opendev.org/c/openstack/governance/+/820195
Change-Id: I8886f12f7e51b721ac5123070086d5dcfefe4e72
I believe we need the following steps and it is what I did in past
when we bump the Django minimum version.
1. (already done) update global-requirements.txt to allow horizon to
update requirements.txt to include Django 3.2.
2. specify the required Django version which includes both 2.2 and 3.2
(at this point upper-constraints uses 2.2)
3. update upper-constraints.txt in the requirements repo to use Django 3.2
4. bump the min version of Django in horizon
(optionally) update non-primary-django tests to include non-primary versions of
Django. It seems you drops 2.2 support together when we support 3.2, so perhaps
this step is not the case though.
https://review.opendev.org/c/openstack/horizon/+/811412 directly updated
the min version to Django 3.2 which is incompatible with the global
upper-constraints.txt.
To avoid this, https://review.opendev.org/c/openstack/horizon/+/815206 made
almost all tests non-voting. I am not a fan of such approach and believe
there is a way to make the transition of Django version more smoothly.
---
This commit reverts the zuul configuration changes in
https://review.opendev.org/c/openstack/horizon/+/815206 and
https://review.opendev.org/c/openstack/horizon/+/811412.
horizon-tox-python3-django32 is voting now as we are making it
the default version.
Change-Id: I60bb672ef1b197e657a8b3bd86d07464bcb1759f
This patch update Django version to the current LTS version i.e. 3.2.
Django 2.2 is going to end its extended support by April 2022[1].
horizon and all its plugins already support Django3.2 version, So
let's make this the default version. It also bump few other packages
version in lower-constraints.txt to make it work with Django 3.2.
Note: It also change 'openstack-tox-py38' job to non-voting
which I will revert in follow-up patch once this patch is merged.
[1] https://www.djangoproject.com/download/
Change-Id: I49e323b76ad2c2e680c3f133d0f219d850f7908c
This patch update decorator version to 4.4.2 in
lower-constraints.txt to fix the lower-constraints job.
Change-Id: Ie1fa066a5b3615b88e808a99228ed7efd0c98678
django-pyscss is not compatible with Django 3.0.
django_pyscss_fix is a temporary workaround for django.utils.six
used in django-pyscss. It also add six in requirements.txt
as we use six module for this workaround.
This is just to run horizon for testing with Django 3.0+.
six is re-added to requirements.txt as it is used in the workaround.
Note that other codes in the horizon repo should not depend on six.
Change-Id: If79289b7518dd8eaf292a90d6fb790beb154cb7c
cinderclient 8.0.0 has been released. The workaround in horizon UT
can be dropped now with cinderclient>=8.0.0.
requirements.txt and lower-constrints.txt are updated
according to python-cinderclient 8.0.0 dependencies.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Ia59b266516584be71ddec935feb671399e0fd7ec
One of suggestions discussed in the mailling thread [1] is to decouple
linters from test-requirements.txt. We uses specific versions of linters
(hacking, flake8, pylint and bandit) and they are potentially incompatbile
with other libraries in test-requirements.txt.
One example is bandit incompatibility detected by the new pip resolver.
This commit moves linters to tox.ini and introduces a new tox envdir
shared by linter related tox envs.
Note that we have a unit test for a local hacking rule so hacking needs
to be installed as part of the default dependencies. We can have it in
test-requirements.txt but I think it is better to have it in tox.ini
as hacking is a part of linters and other linter dependencies are
declared in tox.ini now.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-December/thread.html#19362
Change-Id: Ia41c5f665f01bdab187c9256b2319885998d12c3
This bug only appears to be a cosmetic one where the TZ offset
would be calculated on current_year/01/01 so would remain in
daylight saving offset when displaying the timezones list.
(Note by amotoki)
The minimum version of Babel is bumped to 2.6.0
as Babel 2.3.4 returns "New Zealand Time" instead of "New Zealand
(Auckland) Time" returned from the latest Babel (2.9.0).
It is not a good idea to handle such difference in Babel in our UT
and there is no reason to stick to Bump 2.3.4.
2.6.0 was chosen as it is available in Ubuntu Focal and there is
no more reason than this.
Change-Id: I0600086cc51cf5abcf1631565e75146114189667
Closes-bug: #1822849
This commit allows horizon to handle deprecated policy rules.
The approach is explained in the document updated by this change.
oslo.policy requirement is updated. oslo.policy 3.2.0 is chosen
just because it is the first release in Victoria cycle.
requirements.txt and lower-constraints.txt are updated accordingly
including oslo.policy dependencies.
Change-Id: If5059d03f6bd7e94796065aa1b51c0c23ac85f5e
As discussed in the last horizon team meeting, we plan to upgrade
jquery to jquery 3 series. Jquery 3 upgrade assumes we already use
jquery 1.12.x ro 2.2.x. We already use jquery 1.12.4.1 in the master
for long but our requirements file says >=1.8.2. This commit bumps
the xstatic-jquery minimum requirement to 1.12.4.1 to ensure
we use 1.12.x before upgrading jQuery to 3.
xstatic-jquery-ui min version is also bumped to 1.12.0.1.
The current requirement is >=1.10.4 but we use 1.12.x series for long
and use 1.12.1.1 since 2018, so I believe it is safe to bump it.
Change-Id: I2a1ff5a4df5e278f89fcd73c26f1d8527b9c4d7f
Pip 20.x requires ensure_str method from six which was introduced
in v.1.12.0 and wrapt v.1.11 is required by astroid v.2.4.0 with
the pylint dependency. So this patch update six and wrapt version
in lower-constraints.txt to fix the gate.
It also updates the browser to Firefox in karma.conf.js and adds
'karma-firefox-launchers' in package.json because nodejs-job
fail with chromium-browser due to not able to access some URL.
It also removes 'karma-chrome-launcher' enteries from all files
as it is no longer used. So let's switch to Firefox browser to
unblock the gate then we can investigate later how to fix it with
chromium-browser.
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/766744
Co-Authored-By: Vishal Manchanda <manchandavishal143@gmail.com>
Change-Id: I13e68d89f55407b1b3c64219969912700feef500
Switch to openstackdocstheme 2.2.0 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* parallelizing building of documents
Update Sphinx version as well.
openstackdocstheme renames some variables, so follow the renames. A
couple of variables are also not needed anymore, remove them.
Set openstackdocs_pdf_link to link to PDF file.
Remove docs requirements from lower-constraints, they are not installed.
For more info. please refer [1].
[1] https://review.opendev.org/728938
Change-Id: I90d064e63baa5f067f38a881eb9a556dfb435e97
Changes test invocation from `manage.py test` to `pytest`. Adds addtitional
test requirements like pytest, pytest-django, pytest-html. Adds
`pytest.mark` alongside django's test `tag`. Adds posibility to export test
results into xml and html formats.
Depends-On: https://review.opendev.org/#/c/712315/
Related-Bug: #1866666
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Change-Id: Idb6e63cd23ca2ba8ca56f36eb8b63069bd211944
xstatic-mdi 1.4.57.0 and 1.6.50.2 have different ways (variables)
to define classes for material design icons.
As a result we need different ways for a workaround like
commit ddc52a7405.
It looks good to support 1.6.50.2 only to simplify the maintenance.
1.6.50.2 was released Feb 2019 and is used in horizon since Stein
release (in upper-constraints), so this change would be not risky.
Change-Id: Idd2e035fa85dfe8c20397d63ed8ae4bd09c84078
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I2de669d8e89b8daeb7ee5405ffab35af6307c40b
pyScss v1.3.7 doesn't require any bindep to be installed so it's prefer
to use it instead of adding bindep to all projects manually.
Depends-On: https://review.opendev.org/715240
Change-Id: I336a3449c1ed8be3984da6366e9b45f8e4d3f5c0
pyScss v1.3.5 implements 'function-exists' function now. It breaks
MaterialDesign-Webfont [1] which is provided by xstatic-mdi package.
This patch re-implements FontAwesome-based styles for Material theme to
not use MaterialDesign-Webfont classes.
Another advantage of this improvement is we can use the latest pyScss
(once it'll be released) and update xstatic-mdi too.
[1] https://github.com/Templarian/MaterialDesign-Webfont/issues/19
Closes-Bug: #1771559
Depends-On: https://review.opendev.org/714450
Change-Id: Ia9e1e807591d4428f585177f521d4cb9d463b917
pyScss and django-pyscss packages are not maintained for a long time. We
can't use the pyScss with teh setuptools>=46.0.0, so I forked these
project and switch horizon to use them.
Change-Id: I38a1c2c3455a10b4852d25f6c39b3c21f5c450fc
Depends-On: https://review.opendev.org/712976
This completes Mox removal from Horizon.
Change-Id: I73f7a01b7f655f7c1d0ba704f4417d6fe798a7eb
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Django 1.11 support was dropped. Django 1.11 ends its extended support
in April 2020 which is before Ussuri release. Considering this,
horizon dropped Django 1.11 support.
Unnecessary Django version checks in the code are also dropped.
Change-Id: I2c58934f2b026745fbc97a58212b91d149db3657
api.cinder.get_microversion function now supports OPENSTACK_SSL_NO_VERIFY
and OPENSTACK_SSL_CACERT config options.
This depends on commit 4a3a2c3c9a89ccff4e64d3da96de5b0af4303840 in
python-cinderclient, so the minimum version of python-cinderclient
is bumped to 5.0.0.
NOTE(amotoki): The stretegy of backporting to stable branches needs
a discussion with the requirements team as we cannot bump the
minimum version (at least the major version bump is surprising).
Change-Id: I22c6c60e10d8e9328f7f1e0c24d6c74496ec1a71
Closes-Bug: 1744670
Previously doc8 is run as part of pep8 tox env. This leads to some tricky
'deps' in pep8 which installs the docs dependencies. This can be fixed by
moving doc8 to the docs related tox envs (docs and releasenotes).
This also helps developers using devstack avoid hitting an error in
"manage.py compilemessages" in stack.sh. The error is caused by sphinx
installed under .tox directory (as compilemessages tries to compile all
message catalogs even under dot directories like .tox).
Developers sometimes change the horizon code under /opt/stack/horizon
and it is not surprising to run "tox -e pep8".
(I think it is more common compared to a chance to run "tox -e docs".)
Thus I believe it is reasonable to move doc8 to the docs env.
Change-Id: I6345ebbcd24afc358555e9be4b2ca700c4b33861
Some options are now automatically configured by the version 1.20:
- project
- html_last_updated_fmt
- latex_engine
- latex_elements
- version
- release.
This will shows the version selector of the doc, too.
Change-Id: I38f0385a1fd676a4ba18259af7ad384af31ebe5a
A fix for bug 1824017 bumped the minimum version requirement of
python-cinderclient to 4.0.0. The fix was backported to stable/stein,
so the minimum version bump should be covered by a release note.
python-cinderclient requirement is bumped to >=4.0.1
as 4.0.0 is blocked by global-requirements.txt [1].
It was suggested by the release team in the review of
horizon stein update release [2].
[1] 1baf07a773/global-requirements.txt (L256)
[2] https://review.opendev.org/#/c/655447/
Change-Id: I2b43e159da7e58980b2810a104ae2418f237d1c7
Related-Bug: #1824017
As of Stein, a minimum of python-cinderclient 4.0.0 is required to
create a volume. Cinder schema no longer accepts additional
properties on volume create that are not part of the API spec [1].
[1] https://review.openstack.org/#/c/573093/
Change-Id: I0fc4d5db39080985b471fe2465b7078e37417e4d
Closes-Bug: #1824017
Horizon uses python-memcached while running "tox -e runserver"
so we need to add it to test-requirement.txt as well as
lower-constraints.txt.
Change-Id: I4319cf1a54310171baf1dbaf2e10acae8123dac6
This command checks the configuration for invalid and deprecated
settings, as described in
https://governance.openstack.org/tc/goals/stein/upgrade-checkers.html
There is also a script in tools/find_settings.py that scans all python
files for the potential new settings, which is supposed to make it
easier to update the lists that the checks use.
Change-Id: Ie85cf4be3da1ab446c10883a4580e20ea154b67c
Story: 2003657
Task: 26132
Commit I7fb2fd7dd40f301ea822154b9809a9a07610c507 changed test runner to
not use nose. So it's safe to remove all references now.
Change-Id: I8856e4e91b25f059645eb5e0356d207f6fc119f2
BREACH is a category of vulnerabilities and not a specific
instance affecting a specific piece of software. To be vulnerable,
a web application must:
* Be served from a server that uses HTTP-level compression
* Reflect user-input in HTTP response bodies
* Reflect a secret (such as a CSRF token) in HTTP response bodies
More details on breach attack - http://breachattack.com/
Since horizon falls under this category, we can include django-debreach
module within horizon as a requirement which provides mitigation against the breach attacks.
https://github.com/lpomfrey/django-debreach
CSRF token masking is a built-in feature within Django 1.10+,
therefore only content-length modification feature provided by django-debreach
can be enabled.
Depends-On: I32f11e089fc794444ef267b463c7fb2ad8cfa96a
Change-Id: I2b4999ca7b0e1762c5273c4fe96f5ee768f44339
Blueprint: mitigate-breach-attacks
When a request that is being profiled completes and the response is
received, the middleware expires the profiling cookie. It also needs
to delete the profiling object that holds the base_id UUID so a new
base_id will be created for the next profile. Otherwise the same
base_id is used for subsequent queries and they become merged togther
in the database.
Change-Id: I379cebfa2ed5282c96df0e255a8ba04c65a8523c
Closes-Bug: #1777486
Depends-On: https://review.openstack.org/578362
manchandavishal