* Update charm-keystone from branch 'master'
to 16b543572d9c39561b23876b29237442333c1a51
- Updates for caracal tox.ini
Update the tox.ini file(s) to use the constraints file from
zaza-openstack-tests.
Change-Id: Ied77c915fd5dbfdf9a15acee0b721a352307e3dc
* Update charm-keystone from branch 'master'
to 004576e82b7541b0c100f33a7a6b590c651f5a5d
- Updates for caracal testing support
These updates, on the master branch, are to support testing the caracal
packages and support of the charms for caracal. They do NOT lock the charms
down, and don't change the testing branches to stable branches.
Change-Id: If3fd48454e7959fdd6e2e1708b80a97c76576063
* Update charm-keystone from branch 'master'
to ae431710e00cb654b11a43f164e6ed5d5d7ddf16
- Merge "Adds service_user_id into relation data"
- Adds service_user_id into relation data
This is necessary to avoid collisions between
same usernames used service users.
Depends-on: I4fbfa8fba84b11c4e30e4db9a0c358db1e8c94f1
Closes-Bug: #2030755
Change-Id: I500fd131cbd6cd5c2b38fdbe81b8b48e50a3e3f7
* Update charm-keystone from branch 'master'
to 85571b5837d5c9495d0da7e42247c87350c55a2c
- Improve platform mocking
Patch out charmhelpers.osplatform.get_platform() and
charmhelpers.core.host.lsb_release() globally in the unit tests to
insulate the unit tests from the platform that the unit tests are being
run on.
Change-Id: I4fbfa8fba84b11c4e30e4db9a0c358db1e8c94f1
* Update charm-keystone from branch 'master'
to b4ee292bb60c2558c6adc98e21545713a329fbf2
- Support disabling apache wsgi socket rotation
Bug LP 1863232 introduced a new Apache configuration option called
WSGISocketRotation which allows users to disable wsgi socket
rotation. This patch makes this configurable with a new
wsgi-socket-rotation config option that defaults to the Apache
default and can optionally be set to False.
Closes-Bug: #2021550
Change-Id: Ia5852c3ebe84bd0355670f262cbe5e1cd433a08d
* Update charm-keystone from branch 'master'
to b65d861ae3c5b9dfe4d0a9c9f527e36ce3b7cc98
- Ensure get_requests_for_local_unit doesn't fail on incomplete relation
This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix
any inadvertant accesses of ['ca'] in the relation data before it is available
from vault in the certificates relation. Fix in charmhelpers is in [1].
[1] https://github.com/juju/charm-helpers/pull/824
Closes-Bug: #2028683
Change-Id: I3117e17bc89254031ac244842d868ed1ed5af9ba
* Update charm-keystone from branch 'master'
to 16b009d74397983e07a77735c25ba62f5717711a
- Add 2023.2 Bobcat support
* sync charm-helpers to classic charms
* change openstack-origin/source default to bobcat
* add mantic to metadata series
* align testing with bobcat
* add new bobcat bundles
* add bobcat bundles to tests.yaml
* add bobcat tests to osci.yaml
* update build-on and run-on bases
* drop kinetic
* update charmcraft_channel to 2.x/stable
Change-Id: I6893deebdd105fb794dc06907b9366354d3e4ce0
* Update charm-keystone from branch 'master'
to b193e39009a3286fd99d0b8a10c437da1dbee4f0
- Merge "Add package-upgrade action"
- Add package-upgrade action
The package-upgrade action performs package upgrades for the current
OpenStack release.
The code path used is similar to the openstack-upgrade action, with the
difference being that package-upgrade will not execute if an openstack
upgrade is available (based on the openstack-origin setting).
This change includes a charm-helpers sync.
Change-Id: Ifd99ea307a6e4d1d034d7c1e494e2cd8abd894e9
* Update charm-keystone from branch 'master'
to 6b06af2472ee354f1ff7a4be3c3925ee17d13662
- Merge "Add docs key and point at Discourse"
- Add docs key and point at Discourse
Add the 'docs' key and point it at a Discourse topic
previously populated with the charm's README contents.
When the new charm revision is released to the Charmhub,
this Discourse-based content will be displayed there. In
the absense of the this new key, the Charmhub's default
behaviour is to display the value of the charm's
'description' key.
Change-Id: I6a9834d838803b6eea967e7c15be9fe7fe0ca052
* Update charm-keystone from branch 'master'
to 0cb787bb9d2e8a5c87821646f2387ae1f2dcd8a0
- Make role-cache-expiration configurable
We use a default expiration_time (dogpile-expiration-time)
of 600s which means that role assignments will take up to
this amount of time before all caches are updated to
reflect changes. This may not be suitable for some clouds
that make frequent changes to role assignments and lowering
the global value is not recommended so this overrides the
[role] cache_time to a more appropriate value and also
makes it configurable. We leave default value as None so
that the global value is still inherited but this at least
allows it to be customised.
Change-Id: I49e46e010c543f831959581b2122f59068f2c07b
Closes-Bug: #1771114
* Update charm-keystone from branch 'master'
to 23e2642b4150a33e5749e32d4c9d551580f748b2
- Charmhelper sync for https() pending request fix
Sync charmhelpers to pull in fix to https() so it returns false
if there is a pending certificate request
Change-Id: I6e79570070fb3b6aa85485bbb40a820cb352c68e
Closes-Bug: #2015103
* Update charm-keystone from branch 'master'
to be8600d97cf6d77a8a1b7a65a10ed40c6963671a
- Enable jammy-antelope voting and drop kinetic-zed tests
* Voting was turned on for jammy-antelope in the
project-template for charm-functional-jobs in zosci-config
* Voting for jammy-antelope bundles with non-standard names
is turned on in individual charms
* Kinetic-zed bundles/tests are removed
Change-Id: I18f3112b7fca0e6af35aa4f6231b9ca9a5414a3e
* Update charm-keystone from branch 'master'
to 3ea0c428a2d695dfbb1f0ed690b2a43a55d279f5
- Restart keystone's apache2 if mysql passwd rotated
When the mysql password is changed via the shared-db relation, the
shared-db hook handler needs to restart keystone's apache2 so that the
password is picked up and used by keystone during the rest of the hook.
Change-Id: I37ed94d5937a9abf46fd12cd6f230ddb5a298b0e
* Update charm-keystone from branch 'master'
to 0f974bb53997e042f5e7b814e207b0cc07319204
- Merge "Add service user password rotation actions"
- Add service user password rotation actions
This patch adds two actions:
1. An action to list the service usernames that can be rotated.
2. An action to rotate a service username that is on the list of
usernames that can be rotated.
Change-Id: I3a8a6af7ec8b0ea32da04eff34fafd32f43cee0e
func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1005
* Update charm-keystone from branch 'master'
to 04480c4ff4b37ad6aef619d452522721a728b587
- Add support for HAProxy L7 checks
This change add several configuration options to enable HTTP checks
to the HAProxy configuration, instead of the default TCP connection
checks (which continue to be the default)
Closes-Bug: #1880610
Change-Id: I50a9442ae66da71793a5e9904d23c26d1fbbdf42
* Update charm-keystone from branch 'master'
to b5c4eb2eae028ee6becd50249dd917e9e4f1d48f
- Add auth_ttl into keystone.conf
There is a requirement for some end users where we need to specify
auth_ttl to a higher level. This should help with these users
Change-Id: Ifd515d7c103a6b24c4f5da500442406f04fb372f
* Update charm-keystone from branch 'master'
to 6e5189646feb224d1b4f546fbe04df28c4f0e240
- Use juju-exec in chron jobs for juju3 support
Change-Id: Id2a92a134c2e663b3dca10dbc36dd7c7afc9c86b
* Update charm-keystone from branch 'master'
to 55bd7022242857fd8d8c1cc823411021e61bcba4
- Add admin-role parameter value to identity relation
This parameter is added to the relation in order to configure service
tokens on related services. The role of the service user is required for
service token validation.
Closes-Bug: #1992840
Change-Id: Id7e84d38a9f774179808137548307c9174a87f87
* Update charm-keystone from branch 'master'
to 2c33c74c8fb78ecfd61060663fb7b1a649fbd7d6
- Ensure openstack-release package is correct after install hook
The linked bug shows the install of the charm with openstack-origin set
to zed. This happens because configure_installation_source() causes the
openstack-release package to be installed *before* the zed cloud archive
sources are configured into /etc/apt and an apt update done. This means
that the openstack-release package says "yoga" despite the zed packages
actually being installed.
Then, on the config-changed hook, it sees that the installed version is
showing as yoga and tries to do an upgrade. This fails, as the charm
hasn't yet bootstrapped, and the charm tries to bootstrap after
upgrading the packages.
There's a few bugs here which are exposed, but the tactical fix is to
force the openstack-release to match the installed packages.
Change-Id: I3f47daf6bda6b62ffe4152ede2709f802f0ab606
Closes-Bug: #1989538
* Update charm-keystone from branch 'master'
to d9074b28c11b32361d07baeddd8fb8588cd0383e
- Ensure that kinetic/22.10 is enabled
This patch adds kinetic to the metadata.yaml and ensures
that a run-on base for 22.10 is added in the
charmcraft.yaml
Change-Id: If25f1ddf91af0c1ddedc8e8c470ce70e61838424
* Update charm-keystone from branch 'master'
to dafc5c7292627834d3276f11b741a4a9709f5002
- Merge "Add Kinetic and Zed support"
- Add Kinetic and Zed support
* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml
Change-Id: Idf4a6cd1e0888576f890b00aa5b343936900d6dd
* Update charm-keystone from branch 'master'
to cdce143628379ab509a31546cef4a9b0331ae660
- Include openidc-*.conf in Apache.
This change adds a new configuration in line Apache's frontend
configuration to include (if present) the files generated by the
keystone-openidc charm to configure Open ID Connect configuration
Change-Id: I8c96b1f1ffad84d57276fd60461c1aee60b32d3b
* Update charm-keystone from branch 'master'
to 965d292bd442a355403394d85dc4cd5a1839314d
- Validate vip address
Validates if the provided vip address(es) are in the subnet that the unit is in. If not, shows the message with invalid vips along with 'blocked' status.
Closes-Bug: #1958178
Change-Id: I6bb3e21f3934d6d2483564fba9216504a62d15dc
* Update charm-keystone from branch 'master'
to 9b2f7e545dd682e90d5403a8cb8145309c42d5cf
- Merge "Refactor admin password related actions code for better maintenance"
- Refactor admin password related actions code for better maintenance
Moved rotate-admin-password action to admin-password.py and made
changes to the unit test accordingly. Putting admin password
related actions together will reduce confusion and improve
maintainability
Change-Id: I27f8d3a279833dde5f6021e9d78a5ab2f05445b2
* Update charm-keystone from branch 'master'
to f5d9b9ed4095a46be0ba0067ace7bf1c93bdfd8b
- New option default_authorization_ttl
Add new option default_authorization_ttl used for
federation to set validity of group memberships
coming from a mapping.
Closes-Bug: #1970388
Change-Id: I4a8dbc501e14d1201ceed27077554924c56e3abd
* Update charm-keystone from branch 'master'
to 097556b753ec9a3a16d2738b361951b7e7c062a9
- Merge "Updates to enable jammy and finalise charmcraft builds"
- Updates to enable jammy and finalise charmcraft builds
- Add 22.04 to charmcraft.yaml
- Update metadata to include jammy
- Remove impish from metadata
- Update osci.yaml to include py3.10 default job
- Modify tox.ini to remove py35,py36,py37 tox target and add py310
target.
- ensure that the openstack-origin is yoga
Change-Id: I82a3ae55422e0871bddf37debf1089c9a9a3e843
* Update charm-keystone from branch 'master'
to 9e8c0c9928c9f2ffe7b735f888b6a5edd42c945d
- Ensure service name is not None before lookup
We need to ensure value for 'service' provided on
identity relation before doing valid_services lookup.
Change-Id: I42fb9dbb48b3bcf8fd40700db84ec8210b8433a4
Related-Bug: #1965967
* Update charm-keystone from branch 'master'
to 08960ba9b7a3c4559042ba9e86b900c6cc44016e
- Set service_type on identity relation
Also applies osci.yaml fix for Jammy.
Change-Id: I4cf5d8c0855bb9a3cd6068335fe8100366c0a66d
Related-Bug: #1965967
* Update charm-keystone from branch 'master'
to ae178d74711f548fe3fd3dda0568492aafe5b216
- Add rotate-admin-password action
This action allows the user to easily rotate the admin user's
password by replacing it with a randomly generated one.
Change-Id: I6ce69be15b11b00f804d3143d835ec3ce6515865
Related-Bug: #1927280
Func-Test-PR: https://github.com/openstack-charmers/zaza-openstack-tests/pull/720
* Update charm-keystone from branch 'master'
to 4949830cea2886e4dd565e601fee76bfbe364a57
- Add get-admin-password action with unit test
Implemented a new action to provide users the possibility of
retrieving Keystone service's admin password via juju action.
The result of this action is equivalent to running
“juju run --unit {keystone unit} leader-get admin_passwd”.
Closes-Bug: #1858657
Change-Id: I231c4b73016f7e7b4ba7f06219dd8e212402a339
* Update charm-keystone from branch 'master'
to 6f4894ea13527444f196a783ea7a467f2de85c36
- Related charm specify roles to be granted to admin
A charm joined to keystone via the identity-service relation can
now specify additional roles that can be granted to admin. This
is done by setting the relation data key `add_role_to_admin` the
value is a comma seperated list of roles that should be granted
to admin.
Change-Id: I7ecac3d64eece1845dc963886e09cc2be149ae03
* Update charm-keystone from branch 'master'
to ebc532bde331a56b633ae654b92cda833e64c2f9
- Update to classic charms to build using charmcraft in CI
This update is to ensure that the Zuul Canonical CI builds the charm
before functional tests and ensure that that artifact is used for the
functional tests. This is to try to ensure that the charm that gets
landed to the charmhub is the same charm that was tested with.
Change-Id: Ia2f3bcba500de242a93d9f0bf073a9c5c3aad89a
* Update charm-keystone from branch 'master'
to 074bb1f26c7fb4991eaa057bdd3e1d9b96b0766d
- Merge "Use unittest.mock instead of mock"
- Use unittest.mock instead of mock
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.
Note that https://github.com/openstack/charms.openstack is used during tests
and he need `mock`, unfortunatelly it doesn't declare `mock` in its
requirements so it retrieve mock from other charm project (cross dependency).
So we depend on charms.openstack first and when
Ib1ed5b598a52375e29e247db9ab4786df5b6d142 will be merged then CI
will pass without errors.
Drop Python 3.5 testing.
Rework some unit tests that use unittest.mock features not introduced
until Python 3.7.
Depends-On: Ib1ed5b598a52375e29e247db9ab4786df5b6d142
Change-Id: I029c77ed697620725dc040d1849a691eb10c9351
* Update charm-keystone from branch 'master'
to 24a263a14dbdadc2e277cdb6759b5b23b9b00011
- Merge "Add CMR gate test for vault <-> keystone"
- Add CMR gate test for vault <-> keystone
Add a gate test to check the keystone relating to vault via a
CMR.
Change-Id: Ife14892c69cf3ab2edcd7ade1346bb227ebe4250
* Update charm-keystone from branch 'master'
to b56dd7254522bbd4056da3ab1d560388dcf4a3c2
- Merge "Fix keystone charm path setting in test bundles"
- Fix keystone charm path setting in test bundles
Set keystone charm path in test/bundle/*.yaml to "../../"
Closes-Bug: #1947793
Change-Id: I4d32c78ddf83f6deb86c5b84d359929d23b94ba5
* Update charm-keystone from branch 'master'
to 6bf595e5da88270e6bc75df467c7de18c1d0e2c7
- Merge "Makefile: switch to python3"
- Makefile: switch to python3
Change-Id: I62404465e7e6827ca81363fa1a999f2e17d8a4b2
Signed-off-by: Joe Guo <joe.guo@canonical.com>
* Update charm-keystone from branch 'master'
to 4df4ed6da409c967ef0ca4de6a5c2b19960a1a74
- Merge "Ensure /etc/keystone/fernet-keys/ before bootstrap"
- Ensure /etc/keystone/fernet-keys/ before bootstrap
The /etc/keystone/fernet-keys/ directory must exist prior to
keystone-manage bootstrap being called.
Closes-Bug: #1951076
Change-Id: Ifa1ca433a658011365376a38e20b2901202bca21
* Update charm-keystone from branch 'master'
to 1a3523c7d8ee9a06a5405a36eb7ec63537fec342
- Merge "Spelling fixes found (mostly) by Codespell."
- Spelling fixes found (mostly) by Codespell.
Change-Id: I2803dc7efc8c357ca48a5284a3c95793363e0263
* Update charm-keystone from branch 'master'
to cc54bc260ec04750abaeba0fed761bf41dca10f6
- Merge "Additional test updates"
- Additional test updates
* drop xenial metadata and function tests
* switch to release-specific zosci functional tests
* switch to yoga zosci unit test job
* add py39
Change-Id: I6b5b33d17450361f9f11bbc21e0651c2e2d3c0cf
* Update charm-keystone from branch 'master'
to 44bf92f6bf0c1396222433a7fd2717960987f1ce
- Ease KeepAliveTimeout in line with keystoneauth1.session.Session
Apache2's default value for KeepAliveTimeout is 5 seconds, which is okay
for general web-page serving use cases. However, sessions and connection
pools created by keystoneauth1.session.Session can be terminated
unnecessarily during multiple API calls in a session due to the short
KeepAliveTimeout.
Let's ease KeepAliveTimeout to 75 seconds, which is fairly standard for
API services behind a reverse proxy since it's the default value of
nginx.
Closes-Bug: #1947010
Change-Id: Iff24f0f4b35fcc239abc14f37a76dcad8380d785
* Update charm-keystone from branch 'master'
to 1653424be2a4211389dec44b91efe5bf2c5fd8f1
- Cherry-pick test-requirements.txt from stable/21.10 for cffi
Change-Id: I767002d2db51cfd9a763750328ddb5314a6bf464
* Update charm-keystone from branch 'master'
to 1874a999ec061536174831c0d7127444d1a323f3
- Merge "Use the application data bag to set id and id_service notifications"
- Use the application data bag to set id and id_service notifications
When purely using relation-set from a leader, updates after
the leader has changed can lead to old data being persisted
on a relation in addition to newer data being set by the new
leader. When this happens, there can be issues with services
using old data to talk to other related services.
This change introduces the use of the application data bag
to ensure that all units related to keystone get the same
data from the leader, regardless of leadership changes.
While this change enables the application data bag for these
relations, it still sends the per-unit relation data as well
to maintain backwards compatibility. Charms that consume the
identity-service and identity-notification relations will
need an update to use the application data bag to complete
this change.
Partial-Bug: #1902264
Change-Id: Iadd795fec605e7704e5a6673906452279bbecb34
* Update charm-keystone from branch 'master'
to c2ca8d218428ea3a4a88be961af8dbc4dfd0a29a
- Merge "policy: correct domain_id match for admin_and_matching_domain_id"
- policy: correct domain_id match for admin_and_matching_domain_id
Ensure that the 'admin_and_matching_domain_id' rule correct
matches to the target.domain_id field, ensuring that domain
admins can actually query user and projects within a domain.
Change-Id: I4c000363dd7746f401613d99210e8ca12f34b010
Closes-Bug: 1830076