Commit Graph

3630 Commits

Author SHA1 Message Date
Zuul b6edfda344 Merge "Drop all remaining logics for certificate resources" 2024-03-08 16:18:59 +00:00
Zuul 33d188e0af Merge "Prohibit certificate order resource" 2024-03-08 16:18:58 +00:00
Douglas Mendizábal 8f92d6f508 Update devstack plugin for Secure RBAC
This patch refactors the devstack plugin to separate the legacy (now
deprecated) RBAC settings from the Secure RBAC (new default) settings.

The legacy policies can still be deployed by setting
ENFORCE_SCOPE=False.

Change-Id: Idec818e43016402de0188cf5ade032a1aee638ff
2024-03-01 14:09:27 -05:00
Takashi Kajinami 9833751613 Drop all remaining logics for certificate resources
Since we removed certificate order, we no longer have to maintain
these logics.

This also removes the release note for deprecation of symantec
certificate plugin, which was added during this cycle, because
the plugin is also being removed by this change.

Change-Id: I8e901024677e889d05ad8653389fb46487bc7745
2024-02-27 23:33:47 +09:00
Takashi Kajinami 901cf2cc39 Prohibit certificate order resource
It was announced that this resource will be removed in Pike release.
Multiple cycles have passed since then, so we may be really ready to
remove it.

Note that this is the first step and removes only API layer logic.
Further logic removal will be done in the subsequent change.

Change-Id: Ib0eb3b11815b40237d42735097076b7c89cf9516
2024-02-22 13:16:49 +09:00
Zuul 5a458ecc98 Merge "Update python classifier in setup.cfg" 2024-02-20 18:43:33 +00:00
Zuul 4c87c7caf5 Merge "Bump hacking" 2024-02-14 11:17:22 +00:00
Zuul da1ebfc7f5 Merge "Fix releasenotes build of yoga moved to unmaintained" 2024-02-13 15:25:26 +00:00
Zuul 1250e8dc25 Merge "Simplify .coveragerc" 2024-02-09 15:38:40 +00:00
Takashi Kajinami 0dbc19b6a1 Fix releasenotes build of yoga moved to unmaintained
The stable/yoga branch has been deleted and replaced with the
unmaintained/yoga branch, update the reno config accordingly.

Co-Authored-By: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I442eb5dcdb04d2dbeb5925f200257524abb53868
2024-02-05 10:58:23 +00:00
Zuul 2316790cda Merge "Enable SRBAC test" 2024-01-31 06:10:42 +00:00
Takashi Kajinami d9b1b5ad8e Bump hacking
hacking 3.0.x is too old.

Change-Id: I21778b05eea73ac3c6b5a83727e8636d0bf4752e
2024-01-27 22:30:46 +09:00
Takashi Kajinami ff2d105886 Simplify .coveragerc
We check only files in the barbican directory so can use the source
option.

Change-Id: I3b5ddb6ed73d558db42031618e2e1bee3318ffa2
2024-01-25 23:38:54 +09:00
Ghanshyam Mann 897b88a1f6 Update python classifier in setup.cfg
As per the current release tested runtime, we test
till python 3.11 so updating the same in python
classifier in setup.cfg

Change-Id: I3d018102a9390ff4ba2a00c09025fcee28b37423
2024-01-03 21:24:09 -08:00
Takashi Kajinami 73de2e8c35 Get rid of unused periodic_task
Currently Barbican is not using the periodic_task framework implemented
in oslo_service but implements its own mechanism based on the lower-
level thread group.

Change-Id: Idc69d61e07826923f3227aad6249252c3f739362
2023-12-16 01:35:44 +09:00
Takashi Kajinami 6acb4f8d24 Remove unused wsgi/ssl options from oslo.service
Barbican does not provide wsgi server based on oslo.service library,
thus these options are not used.

Change-Id: I74c67b61796bcc7e5418144b10134e6171b1777f
2023-12-16 01:34:27 +09:00
Zuul 85fbe403fe Merge "Remove unnecessary comment lines from setup.cfg" 2023-12-15 16:30:20 +00:00
Zuul 47f4df915f Merge "Fix zuul config warning" 2023-12-15 16:30:18 +00:00
Zuul 8323ce32cd Merge "Fix expired links" 2023-12-15 16:09:02 +00:00
Zuul 04f91f01d3 Merge "pkcs11: Remove deprecated token_label option" 2023-12-15 16:09:01 +00:00
Zuul 15bb4e180b Merge "Fix python shebang" 2023-12-15 16:08:59 +00:00
Zuul 7decf74ae5 Merge "Enable Secure RBAC by default" 2023-12-15 16:08:57 +00:00
Zuul 887150520b Merge "Add python 3.10 to setup.cfg metadata" 2023-12-15 16:08:56 +00:00
Zuul a3c0df0435 Merge "Use consistent [database] options" 2023-12-15 16:03:09 +00:00
Takashi Kajinami 20b4b34299 pkcs11: Remove deprecated token_label option
It was deprecated in favor of the token_labels option some cycles
ago[1].

[1] 1ca03610d7

Change-Id: I20b15e23f06af8df86d888e86081058b8c96a77a
2023-12-15 16:54:45 +09:00
Stephen Finucane 4fb8df1e8e Replace deprecated pyOpenSSL API
This was removed [1] recently and is preventing us bumping the upper
constraint.

[1] 0035c11382

Change-Id: I77debbfa35a8eeeb30ce83a32954da21d9c9ba62
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2023-12-14 10:06:32 +00:00
Takashi Kajinami 12aa8a9339 Use consistent [database] options
Currently Barbican is not using oslo.db to set up database connection
but it's own implementation directly using sqlalchemy. Because of this
the database parameters were not updated and these are based on
the names in quite old oslo.db library.

This change updates the database options so that the name of these
parameters become consistent with oslo.db.

This would help us replace current own implementation by oslo.db in
the future.

Change-Id: I36926e62842780068f7e66564233c121c37565d0
2023-11-27 10:15:56 +09:00
Takashi Kajinami d3445bd6ec Fix zuul config warning
This change resolves the following warning detected by zuul.

  All regular expressions must conform to RE2 syntax, but an
  expression using the deprecated Perl-style syntax has been detected.
  Adjust the configuration to conform to RE2 syntax.

  The RE2 syntax error is: invalid perl operator: (?!

Change-Id: I0c1be68030470b88dd4268d509e4c445667dc645
2023-11-25 20:46:17 +09:00
Zuul 6dc5a6c8d3 Merge "Deprecate Symantec certificate plugin" 2023-11-22 09:42:44 +00:00
Zuul 02a3e5e3d6 Merge "Revert "Temporarily make sqlalchemy master job no-voting"" 2023-11-21 13:38:43 +00:00
Zuul ebc296e3c2 Merge "Update master for stable/2023.2" 2023-11-21 12:00:38 +00:00
wu.chunyang e385199fac Add python 3.10 to setup.cfg metadata
Add python 3.10 to setup.cfg
refer to: https://governance.openstack.org/tc/reference/runtimes/2023.2.html

Change-Id: I78cd993e89d4e32bce68d9ff6936c85eea578cdb
2023-11-14 08:48:04 +00:00
Takashi Kajinami f1b68658d4 Deprecate Symantec certificate plugin
This plugin has never been updated for 7 years. This plugin requires
the symantecssl library but the library can't be found in the Internet
and is not generally available. We have never tested it in upstream
CI because of lack of that dependent library.

Change-Id: I26493c2b0130f3cb86d866bd08fa5bbacbcc4725
2023-11-11 08:10:09 +00:00
Takashi Kajinami ba70d14435 Remove unnecessary comment lines from setup.cfg
These lines have been kept so long without being commented in, so are
not needed.

Change-Id: I742d793169828cae97ea617c1b025d98672487e3
2023-11-11 08:09:50 +00:00
Takashi Kajinami 2a7578fd6f Revert "Temporarily make sqlalchemy master job no-voting"
This reverts commit 2e89feed00.

Reason for revert:
The new oslo.utils version is now available in upper constraints.

Change-Id: I088584c65eae2a9930e37eff3377ad10b2a795f3
2023-11-11 08:08:29 +00:00
Takashi Kajinami 2e89feed00 Temporarily make sqlalchemy master job no-voting
The job is currently broken because of [1].

[1] https://bugs.launchpad.net/oslo.utils/+bug/2042886

Change-Id: I131bd8e54e34bf953ad043842232927c00ee68c7
2023-11-08 02:22:46 +09:00
Takashi Kajinami 90437d9a6c Fix python shebang
The current shebang requires /usr/bin/python which is not available in
Ubuntu Jammy by default.

Change-Id: Id64d6bba35e3dcecac7772964b81aea51661b6cb
2023-10-17 16:04:36 +00:00
Zuul 90a1d5cc55 Merge "Add tempest to devstack how-to" 2023-10-14 20:52:15 +00:00
Zuul fa8e52ccb7 Merge "Update secret:delete policy to allow admin to delete secret" 2023-10-02 12:17:09 +00:00
Zuul 8830b38b46 Merge "Vault: enable RSA from ordered container functional test" 2023-10-02 11:00:56 +00:00
Zuul 43d8643bb9 Merge "Bump Hashicorp Vault version to 1.13.2" 2023-10-02 10:57:24 +00:00
Zuul 5955382894 Merge "Logrotate all log files" 2023-10-02 10:57:23 +00:00
Zuul a5dc2f60a2 Merge "Fix missing oslo.versionedobjects library option" 2023-10-02 10:32:24 +00:00
Zuul de0f9a929b Merge "Migrate back to Launchpad" 2023-10-02 10:09:32 +00:00
OpenStack Release Bot 475e23708c Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.

Sem-Ver: feature
Change-Id: I78055f46d39df17cb373de1e56fe9ef4598ecfe9
2023-09-15 14:06:13 +00:00
renliang cc14717f6a Fix expired links
update the address for
https://registry.hub.docker.com/r/jmvrbanac/simple-keystone

Change-Id: I095bbeed7bceffd273293defa814193c999df090
2023-09-06 17:15:59 +08:00
Douglas Mendizábal 6dcb00f8b9 Enable Secure RBAC by default
This patch sets both `enforce_new_defaults` and `enforce_scope` to the
default value of `True` as the next step in the implementation of Secure
RBAC [1].

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html

Change-Id: I935cb34877c8edf62f33f1ba1fe31c942780b3a0
2023-08-31 13:52:27 -05:00
Zuul c8e3dc14e6 Merge "db: Replace use of backref" 2023-08-28 08:06:46 +00:00
Zuul 92afa382c4 Merge "Add job to test with SQLAlchemy master (2.x)" 2023-08-25 21:05:29 +00:00
Zuul 9f5b1e6bf6 Merge "db: Update 'select()' calls" 2023-08-25 21:05:28 +00:00