Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: Idc0c1839bfaab27a216815e74ef14a4fc4e38be3
This removes a few parameters deprecated in favor of the new
cloudkitty::fetcher::keystone class.
[1] 4e6806f54f
Change-Id: I0e363d7269bfea31464d8d74b07828bebd792c3a
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: I7b8de662f7c1a182916ca3c594791ed06e11e327
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.
Change-Id: Ia4e917d879a175c1919131bfa0bee9d679fe1a76
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I772b127039f085f6082afba2e57e7971a2acd05a
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)
Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: Iee4cf4b3e20d16624b89f6b004cc857ed5288510
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.
This change also adds support for request_headers so that both request
headers and response headers can customized.
Change-Id: I4ff7ea57f9c1b29b2209506969497b773cef02ec
... because RDO will provide packages for only CentOS Stream 9 for Zed
release. This change removes RHEL 8 as well.
Depends-on: https://review.opendev.org/843503
Change-Id: If91f5345ca967daae2fe7e3e052ce530fd1c6a7f
During the previous cycle, a warning message was added to inform users
of this change.
Now the default value is updated so that SSL is disabled by default.
Change-Id: I705dabab19974c2d9323e49051c8952e6d537820
Add file to the reno documentation build to show release notes for
stable/yoga.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.
Sem-Ver: feature
Change-Id: Ic7bf6d5fbc0ade2bf38078abab8bc0e8c308f670
All strings are considered as unicode string from Python 3.
This patch drops the explicit unicode literal (u'...')
appearances from the unicode strings.
Change-Id: I225cc9d5ca941d3efb02e46f1759db3df73e6313
Co-Authored-By: LiZekun <2954674728@qq.com>
After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.
Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.
Change-Id: I50c029b07a30c201b4d9bd4821265d4bf465ba9f
This change introduces a separate new class to manage [orchestrator]
parameters. The max_workers parameter in the processor class is
deprecated in favor of that new class.
Change-Id: Icd30923802064aec6a3ae9716b2ae30665998aae
The cloudkitty::ui class has been added to install the dashboard plugin
package. However the current implementation is incomplete and does not
define the required dependencies to install the plugin package before
starting the horizon service. Furthermore, the same can be achieved by
the horizon::dashboard resource type and that is considered to be more
"native" way.
This change deprecates the ui class so that we can get rid of it in
a future release.
Change-Id: I8eab557c13b3a6455a38b24732c692c5e823421a
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.
[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone
This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default fules
Depends-on: https://review.opendev.org/813614
Change-Id: I3c357f6188cdd60e6bb799063e76a600d885aa54
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: Ia12867af22002b6a6d1e40e9ded60c92d493023b
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.
Based on the following points, false is considered to be the more
reasonable default.
- Usage of SSL is optional and is not always required
- There are other methods(like load-balancer) to implement SSL
termination
- Enabling SSL doesn't work with the default values currently
defined, and requires additional parameters like ssl_cert.
- false is the default value defined in the base implementation in
puppet-openstacklib.
This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.
Change-Id: I24a692633133db5b453f65accf40f87687bec90e
This change introduces the new cloudkitty::cors class, which manages
parameters of the cors middleware from oslo.middleware.
Change-Id: Ida34189343e2202b557e71c214bfe5c01c6759fa
This change allows using different credentials for authtoken middleware
and keystone fetcher. This is useful when credentials for different
scopes are needed for these two modules.
Change-Id: I5e103786b6c179e68bc54fa2b4b26bbdd2127e55
Add file to the reno documentation build to show release notes for
stable/xena.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.
Sem-Ver: feature
Change-Id: Ia275b9fd508980a1c227ac035736ba16a5a455b6
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: I852a164417f9c782a518b8df0ae146eefd28e719