The new stable upper-constraints file is only available
after the openstack/requirements repository is branched.
This will happen around the RC1 timeframe.
Recheck and merge this change once the requirements
repository has been branched.
The CI system will work with this patch before the requirements
repository is branched because zuul configues the job to run
with a local copy of the file and defaults to the master branch.
However, accepting the patch will break the test configuration
on developers' local systems, so please wait until after the
requirements repository is branched to merge the patch.
Change-Id: I3a23e8bce371332b4ddee015d6c6adc315769453
In Python 3, python-ldap no longer allows bytes for DN/RDN/field
names. Instead, text values are represented as str, the Unicode
text type.
This patch updates the code to adhere to this behavior.
More details about byte/str usage in python-ldap can be found at:
http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode
Change-Id: I9ef10432229aaffe4ac9bd733d608098cdae3b9a
Partial-Bug: #1798184
This is a mechanically generated patch to complete step 1 of moving
the zuul job settings out of project-config and into each project
repository.
Because there will be a separate patch on each branch, the branch
specifiers for branch-specific jobs have been removed.
Because this patch is generated by a script, there may be some
cosmetic changes to the layout of the YAML file(s) as the contents are
normalized.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I0f42d5863e6ca26cce8ce760df6f780dccaff9b6
Story: #2002586
Task: #24304
We want to default to running all tox environments under python 3, so
set the basepython value in each environment.
We do not want to specify a minor version number, because we do not
want to have to update the file every time we upgrade python.
We do not want to set the override once in testenv, because that
breaks the more specific versions used in default environments like
py35 and py36.
Change-Id: I0bfdf108da6dc819debe29b4998d507b86e343a4
This patch fixes a bug in ldappool which causes a bind attempt
utilizing a bad password to be retried until the retry limit has been
reached. Instead ldappool will now break out of the retry loop if the
ldap connection try block catches a ldap.INVALID_PASSWORD exception.
Previously ldappool would attempt to catch ldap.LDAPError which is
the base exception class for all ldap errors in the python-ldap
library. This is an issue because Keystone by default enables
ldappool and configures the default retry value to be 3. An LDAP
server with a password lockout threshold of 3 bad passwords will
lock out a user after a single bad password attempt through Keystone.
Change-Id: I2a9b850ce977260d4df1e9edf86417b8042a6fb8
Closes-Bug: #1785898
pyldap is meanwhile an outdated and deprecated fork, and the
Python 3.x compatibility fixes have been merged back to python-ldap.
Change-Id: I4b793a9a72b84005a57cc1e3f6f89a483d7eda5c
According to Openstack summit session [1],
stestr is maintained project to which all Openstack projects should migrate.
Let's switch to stestr as other projects have already moved to it.
[1] https://etherpad.openstack.org/p/YVR-python-pti
Change-Id: Ieca57f7c2e6b2ff5c95f8643985ad760c71e0fc3
Create a tox environment for running the unit tests against the lower
bounds of the dependencies.
Create a lower-constraints.txt to be used to enforce the lower bounds
in those tests.
Add openstack-tox-lower-constraints job to the zuul configuration.
See http://lists.openstack.org/pipermail/openstack-dev/2018-March/128352.html
for more details.
Change-Id: Ia0df9d71a43832405bb408967349ad84a6f73d5c
Depends-On: https://review.openstack.org/555034
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
We do not need tox_install.sh, pip can handle constraints itself
and install the project correctly. Thus update tox.ini and remove
the now obsolete tools/tox_install.sh file.
This follows https://review.openstack.org/#/c/508061 to remove
tools/tox_install.sh.
Change-Id: Icd931f97b8a11c9aa07ff7eecf2616ed4eacf420
The doc-migration spec requires all projects to treat warnings
as errors during sphinx build. This patches turns that function
on.
Change-Id: I3b57177cc1dfa34dea57e62bbc93fafa40899899
As part of the docs migration work[0] for Pike we need to switch to use
the openstackdocstheme.
[0]https://review.openstack.org/#/c/472275/
Change-Id: I47d858fafd5d57f00cab9d7a4b87950320febf70
html_last_updated_fmt option is interpreted as a
byte string in python3, causing Sphinx build to break.
This patch makes it utf-8 string.
Change-Id: I896d6d962e4c7f932bc7e0a566a3b47205be61fb
Closes-Bug:#1693670
pyldap's start_tls_s function calls ldap_start_tls_s[1] which, if called
twice, returns LDAP_LOCAL_ERROR which causes a LDAP queries to fail with
the traceback:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 258, in _create_connector
self._bind(conn, bind, passwd)
File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 227, in _bind
conn.start_tls_s()
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1095, in start_tls_s
res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1071, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 780, in start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 263, in _ldap_call
result = func(*args,**kwargs)
LOCAL_ERROR: {'desc': u'Local error'}
This means that currently keystone's [ldap]/use_pool and [ldap]/use_tls
options are incompatible. This patch fixes the problem by removing the
unnecessary call.
[1] https://linux.die.net/man/3/ldap_start_tls_s
Change-Id: I6baff12bcbd3b110e62f4bcdfb97c561d7ee5fe9
Since pbr already landed and the old version of hacking seems not
work very well with pbr>=2, we should update it to match global
requirement.
Partial-Bug: #1668848
Change-Id: I2ff5ed75751f3448ff47c4f598d91f65b21ac84d
Adding constraints support to libraries is slightly more complex than
services as the libraries themselves are listed in upper-constraints.txt
which leads to errors that you can't install a specific version and a
constrained version.
This change adds constraints support by also adding a helper script to
edit the constraints to remove .
Change-Id: I41c6b3a2c4875128679b2dd8177425dd9f515ebc
Without this change, ldappool might fail to bind to an LDAP server for
any number of reasons, but eats most of them and instead raises its own
not-very-descriptive error. A network failure or the LDAP server being
down is useful information that a user might be able to do something
with (see this related patch[1]) so let's add that to the list of
exceptions ldappool raises directly.
[1] https://review.openstack.org/#/c/390948
Change-Id: Iebb58f9046707a044ed86d8ce940e4c230ffd2aa
* properly utf8 encode password
* switch to pyldap, the drop in replacement for python-ldap
Change-Id: Ic0fc838b8e015d90c946c3d161d096afe0bb7a21
Depends-On: I9cf13a5be63a0abc964c5a6e29c92d16365d89d8
Depends-On: I330b9b8fd3b53a588f0a1ae0c7de16cf03adb3cd