... because certificate plugins were deprecated some time ago in
Barbican and are being removed in this cycle.
Depends-on: https://review.opendev.org/c/openstack/barbican/+/909640
Change-Id: Ie2dacb037a3d5ba8f1732ddb8f4b8ea8ded1e5ed
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: I5489002d9978bbf0815ed3fcd3ab591d7efda573
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: Iba74b22fcaec8635bf77bf9bb2ea20c6e3a16341
RDO now provides the package to launch the barbican-retry service[1].
This change ensures the package and the service are configured by
the corresponding class.
[1] https://review.rdoproject.org/r/c/openstack/barbican-distgit/+/40434
Change-Id: I134feadb75b397bc159a8fe9e3dbc87915339785
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.
Change-Id: I7eb5ab771da3b6e2c446f4d8e83394a544fd147d
These parameters were deprecated during the previous cycle[1] because
these are not actually used by barbican.
[1] 109ea49acb
Change-Id: I6471ed0fe696f2c6455150adc63c9c896037e404
The parameter has had no effect for several cycles and was formally
deprecated during the previous cycle[1].
[1] 6c60f0d67e
Change-Id: Ib94130cf8215e3a832e4d44645ce90a2450627d2
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I31c91decbc3a7c84cc98fcbc6c47542ad2dc3bd9
The barbican::wsgi::apache class names a few parameters and resources
differently from the other modules. To make its interface and
implementation consistent with the other implementations, this renames
these inconsistent names. The old parameter names are kept but will be
removed in a future release.
Change-Id: I49ca51e4ea7a2404dfdbd0c88ce39339750da4f6
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)
Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: I77f1d65b1f6085fdb1205de9654a8d6d2da496f5
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.
This change also adds support for request_headers so that both request
headers and response headers can customized.
Change-Id: I0e78f2183ffe14c310ee5c5632c203258c8c85cd
... because RDO will provide packages for only CentOS Stream 9 for Zed
release. This change removes RHEL 8 as well.
Depends-on: https://review.opendev.org/843503
Change-Id: I8c5b682b4ab977a2c6ed747229ae553be471481f
These parameters are used by oslo.service library but Barbican does not
provide wsgi servce based on the library.
Change-Id: Ie035ec4a4dbce089e9911e11f91c2c013998192b
During the previous cycle, a warning message was added to inform users
of this change.
Now the default value is updated so that SSL is disabled by default.
Change-Id: I72cf30d418b99ba06c4d5738544acb1930d4806f
This is the prep work to migrate some common parameters from the api
class to the base class, and implements basic functionality so that
the base class provides consistent functionality in all modules.
Change-Id: I0e20b135e8c29f1d27d39d2940d49ea30a1f512c
Add file to the reno documentation build to show release notes for
stable/yoga.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.
Sem-Ver: feature
Change-Id: I6aae792b573dbc4f158b7e453f183b83ef4418d3
This change adds an independent class for [retry_scheduler] parameters,
because these parameters are used not by the api service but the retry
daemon.
Currently no distro provides a package to install the service so
the new class only set parameters, which is incomplete. This will be
fixed once the packaging issue is resolved.
Change-Id: Ib8b649c2e5ac5fee5e5a3bd52caeb21780fc1f61
All strings are considered as unicode string from Python 3.
This patch drops the explicit unicode literal (u'...')
appearances from the unicode strings.
Change-Id: Ide1b433a4251c16fc383b6143b33284392455e30
Co-Authored-By: LiZekun <2954674728@qq.com>
Usage of service_name='barbican-api' in RHEL/CentOS was deprecated
during Victoria cycle[1]. This change removes that deprecated usage and
enforces the actual service name which is 'openstack-barbican-api', as
is done in the other modules.
[1] 67e4879c75
Change-Id: I696b3e3b1daa346b6667b288c21b5389d59eeac2
The apache class by default purge all default vhost config files, and
the other modules expect the default files are purged by that behavior.
This change removes the logic to replace the default vhost config file,
which is implemented only in a few modules, to make implementation
of all modules more consistent.
Change-Id: I0160bd0b7b8d5495031838119d401e44b3ddf7fa
To use the keystone notification feature, we need an independent
keyston-listner service. This change implements the missing capability
to manage the service and its package.
Closes-Bug: #1956397
Change-Id: Iedda0e9fe7b091b510ea9033db86921e4d2b4184
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: Ifbdde0718d1b6a6782c4f098fd152c3f636aa2c4
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.
Based on the following points, false is considered to be the more
reasonable default.
- Usage of SSL is optional and is not always required
- There are other methods(like load-balancer) to implement SSL
termination
- Enabling SSL doesn't work with the default values currently
defined, and requires additional parameters like ssl_cert.
- false is the default value defined in the base implementation in
puppet-openstacklib.
This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.
Change-Id: I0e802f714405a2dda6ead11be70090a8d754b059
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.
[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone
This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default fules
Depends-on: https://review.opendev.org/813614
Change-Id: I6d516813cc6aac6012bd598bab73672d7a62c41d
Add file to the reno documentation build to show release notes for
stable/xena.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.
Sem-Ver: feature
Change-Id: I1184a7e7e71deddeaf927d12a55f6303902329a1