Commit Graph

75 Commits

Author SHA1 Message Date
Zuul b6edfda344 Merge "Drop all remaining logics for certificate resources" 2024-03-08 16:18:59 +00:00
Takashi Kajinami 9833751613 Drop all remaining logics for certificate resources
Since we removed certificate order, we no longer have to maintain
these logics.

This also removes the release note for deprecation of symantec
certificate plugin, which was added during this cycle, because
the plugin is also being removed by this change.

Change-Id: I8e901024677e889d05ad8653389fb46487bc7745
2024-02-27 23:33:47 +09:00
Ghanshyam Mann 897b88a1f6 Update python classifier in setup.cfg
As per the current release tested runtime, we test
till python 3.11 so updating the same in python
classifier in setup.cfg

Change-Id: I3d018102a9390ff4ba2a00c09025fcee28b37423
2024-01-03 21:24:09 -08:00
Zuul 85fbe403fe Merge "Remove unnecessary comment lines from setup.cfg" 2023-12-15 16:30:20 +00:00
wu.chunyang e385199fac Add python 3.10 to setup.cfg metadata
Add python 3.10 to setup.cfg
refer to: https://governance.openstack.org/tc/reference/runtimes/2023.2.html

Change-Id: I78cd993e89d4e32bce68d9ff6936c85eea578cdb
2023-11-14 08:48:04 +00:00
Takashi Kajinami ba70d14435 Remove unnecessary comment lines from setup.cfg
These lines have been kept so long without being commented in, so are
not needed.

Change-Id: I742d793169828cae97ea617c1b025d98672487e3
2023-11-11 08:09:50 +00:00
likui 6e1a7edeff Drop python3.6/3.7 support in testing runtime
In Zed cycle testing runtime, we are targetting to drop the
python 3.6/3.7 support, project started adding python 3.8 as minimum

[1] https://governance.openstack.org/tc/reference/runtimes/zed.html

Change-Id: I4ad4c5cc59800bc187a0ac0722c487726f7e18b3
2022-05-23 10:26:10 +01:00
Ghanshyam Mann 1d198ab481 Updating python testing classifier as per Yoga testing runtime
Yoga testing runtime[1] has been updated to add py39
testing as voting. Unit tests update are handled by the
job template change in openstack-zuul-job

- https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/820286

this commit updates the classifier in setup.cfg file.

[1] https://governance.openstack.org/tc/reference/runtimes/yoga.html

Change-Id: I92cc78df6245774c2038d35fb6e353cb2fa83cda
2021-12-14 02:46:30 +00:00
Yandong Xuan 6662fc9eca setup.cfg: Replace dashes with underscores
Resolves warnings like the following:

  UserWarning: Usage of dash-separated 'description-file' will not be
  supported in future versions. Please use the underscore name
  'description_file' instead

Change-Id: I5f4746bc4d40b76c562c39c2254f3b8381b4b52f
2021-04-26 14:35:46 +08:00
Ghanshyam Mann d6c01bba59 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:

1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.

2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.

Also replace policy.json to policy.yaml ref from doc and tests.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: Idaa65dac1c97324d671b9a07a2f3d51bb128e8c2
2021-02-02 08:36:59 -06:00
Andreas Jaeger 02b82e5a4c Cleanup py27 support
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove python 2.7 stanza from setup.py
- Add requires on python >= 3.6 to setup.cfg so that pypi and pip
  know about the requirement
- Remove obsolete sections from setup.cfg
- Update classifiers
- Use newer openstackdocstheme and Sphinx versions
- Cleanup */source/conf.py to remove now obsolete content.
- Remove Babel from requirements, it's not needed for running.
- Sync docs deps in tox.ini

Change-Id: Ie1fccdc777be978075e4689eda6c62578bd463e4
2020-04-29 19:10:48 +02:00
Ghanshyam Mann ab6898aa7f [ussuri][goal] Drop python 2.7 support and testing
OpenStack is dropping the py2.7 support in ussuri cycle.

Barbican is ready with python 3 and ok to drop the
python 2.7 support.

Complete discussion & schedule can be found in
- http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010142.html
- https://etherpad.openstack.org/p/drop-python2-support

Ussuri Communtiy-wide goal:
https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html

Depends-On: https://review.opendev.org/#/c/693631/
Change-Id: I77bf25fedb45433c7dbe655b4fd0c24dcf030549
2020-01-10 17:22:04 +00:00
Zuul ecb5565bd9 Merge "Rename README.md to README.rst" 2019-08-06 10:13:36 +00:00
Corey Bryant 6982e9707f Add Python 3 Train unit tests
This is a mechanically generated patch to ensure unit testing is in place
for all of the Tested Runtimes for Train.

See the Train python3-updates goal document for details:
https://governance.openstack.org/tc/goals/train/python3-updates.html

Change-Id: If8e7d6fbb7730705432fb9cc0d5d7a8b06bbe6c1
Story: #2005924
Task: #34198
2019-08-05 16:04:50 +00:00
Andreas Jaeger 89b31921e1 Rename README.md to README.rst
This repo uses RST files everywhere, let's be consistent and write the
README using RST as well.

This also fixes a PyPI upload issue where PyPI expects RST and cannot
handle markdown (unless we tell it is markdown). The alternative
solution is https://review.opendev.org/668502.

Change-Id: If9b22f6fea2f16350ba0997d02c6aba33fafcc7d
2019-08-05 18:02:09 +02:00
Ghanshyam Mann f8bf36efa2 Dropping the py35 testing
All the integration testing has been moved to
Bionic now[1] and py3.5 is not tested runtime for
Train or stable/stein[2].

As per below ML thread, we are good to drop the py35
testing now:
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/005097.html

[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004647.html
[2]
https://governance.openstack.org/tc/reference/runtimes/stein.html
https://governance.openstack.org/tc/reference/runtimes/train.html

Change-Id: I00d4b8a6f5687811af58960d5538c50ebe9fac4c
2019-04-14 18:56:48 +00:00
Zuul 34ac14dc0e Merge "Change openstack-dev to openstack-discuss" 2019-01-16 05:08:28 +00:00
whoami-rajat d3280f18f3 Add barbican-status upgrade check command framework
This adds basic framework for barbican-status upgrade
check commands. For now it has only "check_placeholder"
check implemented.
Real checks can be added to this tool in the future.

Change-Id: I40bfcc0c8755e814c1b63fdf323c32fda967968e
Story: 2003657
Task: 26120
2019-01-15 06:16:53 +00:00
kangyufei 9b27c024c3 Change openstack-dev to openstack-discuss
Change-Id: Id2e4045c799628a74447be9a33ebc38486a250a8
Depends-On: I847f875872bd1062eb731136df09a5946cb58ce0
2019-01-03 11:32:57 -05:00
Tuan Do Anh fdd3d15899 Update pypi url to new url
Pypi url changed from [1] to [2]

[1] https://pypi.python.org/pypi/<package>
[2] https://pypi.org/project/<package>

Change-Id: I8e368f74a60f4f50a2c29bdeac16519fedda2854
2018-07-12 14:01:28 +07:00
Nguyen Van Trung baec7f5490 Follow the new PTI for document build
For compliance with the Project Testing Interface as described in:
https://governance.openstack.org/tc/reference/project-testing-interface.html

For more detials information, please refer to:
http://lists.openstack.org/pipermail/openstack-dev/2017-December/125710.html

Change-Id: I31f34904335fa889c05153bf899067dba7453fbe
2018-06-07 12:33:15 +07:00
Ade Lee 89cb777941 Castellan based secret store
This will provide a Castellan based secret store, which will
allow secret stores which have a castellan backend to be used
behind barbican.  The initial example of this is the Vault
backend.

Unit tests have been added.  In local tests,
most of the functional tests do in fact pass with a local Vault
backend, though this will need to be demonstrated with a later
review which establishes a Vault based gate.

Change-Id: Ib30fb79304014592bfc37938839d60a4c10c244d
2018-05-14 01:37:48 -04:00
Jeremy Liu 06578940b9 Do not copy policy.json when installing barbican
Default policies are registered in code now.

Change-Id: I9051e622d6f23803d8c18e87b2c33fb6b0ec88a6
Closes-bug: #1758257
2018-03-23 17:28:51 +08:00
Zuul f12ddaa0be Merge "Add default configuration files to data_files" 2018-03-23 03:09:01 +00:00
Jeremy Liu 73420137a6 Use default policy in code
Delete policy.json from repo since we can use policies registered
in code.

We can also change default policy rules through below steps:

  - generate policy.yaml and copy to /etc/barbican
  - configure `policy_file=policy.yaml` in `oslo_policy` section
  - uncomment rules in policy.yaml and make changes as we desire
  - restart barbican api service
  - test whether new rules take effect on corresponding API

Change-Id: Ia64eac1eb4e30457b323c6ab99d26d3d40c28060
2018-02-09 08:16:43 +00:00
chenxing 2a58454289 Update the documentation link for doc migration
These links need to be updated due to the doc migration. Current
links are no longer effective.

Change-Id: I218995d5c8cde34286e2133a53bd7d19ae46c75d
2017-10-11 18:11:17 +08:00
Jesse Pretorius 5d162ebdda Add default configuration files to data_files
In order to make it simpler to use the default
configuration files when deploying services
from source, the files are added to pbr's
data_files section so that the files are
included in the built wheels and therefore
deployed with the code. Packaging and deployment
tools can then more easily use the default files
if they wish to.

This pattern is already established with similar
files for neutron and the glance metadefs as has
been mentioned in the related bug report.

Change-Id: Iacb17585a3235e95faa109ff11f1b039429ff770
Closes-Bug: #1718356
2017-09-21 15:01:08 +01:00
Jenkins b48f40ec0a Merge "Set entry point for dogtag config correctly" 2017-07-20 23:17:05 +00:00
Matthew Treinish 69561af93f
Add PBR wsgi_scripts entrypoint for barbican api
This commit makes the barbican wsgi script consistent with other
services by leveraging the pbr wsgi_scripts entrypoint to expose it.
While you could still leverage the bundled app.wsgi the entrypoint
barbican's behavior the same as other services. As part of this the
app.wsgi script is deprecated and will be removed in the future.

Change-Id: Id42f76dbfd59209232b37096a708ee18cbf96431
2017-07-14 16:35:48 -04:00
Jeremy Liu c91040aad9 Set entry point for dogtag config correctly
dogtag configurations have been moved to "plugin/dogtag_config_opts.py",
also remove non-existent entry point when generating barbican.conf

Closes-bug: #1704320
Change-Id: I9dd202d82797cb70051323fe949cc66f8a050022
2017-07-14 15:33:20 +08:00
Jeremy Liu 5e3662000e Maintain policy in code
This patch adds the basic framework for registering and using
default policy rules. Rules should be defined and returned from
a module in barbican/common/policies/, and then added to the
list in barbican/common/policies/__init__.py.

Also adds tox env to generate policy sample file.

Change-Id: If25b17ae7eed3f1a8e8e6f29701552a39d5a603f
2017-05-17 10:02:03 +00:00
Thomas Bechtold 06b76aa6e8 Use oslo-config-generator to generate barbican.conf.sample
Currently etc/barbican/barbican.conf is maintained by hand and can not
be regenerated based on the config settings defined in the code.
A common pattern for OpenStack projects is to use oslo-config-generator
for that task.

Co-Authored-By: Randall Burt <randall.burt@rackspace.com>
Depends-On: I90870dcb49cd96f6bf0fe353fa6e779ffd87a5af
Closes-Bug: #1584789
Change-Id: I5f3dcd2fc982f1178ef7dd662c24d3166f91b266
2017-04-05 08:02:35 +02:00
Cao Xuan Hoang e82957d1d5 Remove support for py34
The gating on python 3.4 is restricted to <= Mitaka. This is due to
the change from Ubuntu Trusty to Xenial, where only python3.5 is
available. There is no need to continue to keep these settings.

Change-Id: I4373f5ee1a7addfe981818ef059c73a57594d624
2017-02-08 16:48:10 +07:00
Jenkins 6134ec02f5 Merge "Add summary to metadata in setup.cfg file" 2016-11-03 20:20:33 +00:00
OpenStack Proposal Bot 63c5680663 Updated from global requirements
Change-Id: I4afbb0368bad527e4e6df90ba4c9897104fc10c4
2016-10-27 12:12:14 +00:00
Thomas Bechtold 3b95ff8f27 Add dogtag-pki and python-nss as extra requirement
dogtag imports pki so mention it as requirement. python-nss
is needed by dogtag-pki.
Also add a bindep.txt file which is used by bindep to install system
packages.
To install python-nss via pip, header files from nss-devel and
mozilla-nss-devel are needed.

Change-Id: Ia3276ad4be56d40fddbf458f215ab93e44ed6907
Depends-On: Ibedae54e631e9c3d3726453adcd204ce96b19d77
Closes-Bug: #1604417
2016-10-18 15:16:02 +02:00
Dave McCowan 8388a5c997 Add summary to metadata in setup.cfg file
Set "summary" equal to "OpenStack Secure Key Management".
This value is consumed by various bots and services.

Change-Id: I6d90c66b2eed408d182e2244f9415de4302d5c62
2016-10-06 17:14:47 -04:00
Jenkins 1fe54a5433 Merge "modify the home-page info with the developer documentation" 2016-08-16 21:46:57 +00:00
Eric Brown bf19558e02 Add Python 3.5 classifier and venv
Now that there is a passing gate job, we can claim support for
Python 3.5 in the classifier. This patch also adds the convenience
py35 venv.

Review that added the gate jobs:
https://review.openstack.org/#/c/336272/

Change-Id: I97ef7eef2d6adaec6bd1cd978b7e357c8560eba0
2016-08-05 05:56:31 +00:00
gengchc2 d1e39e0d88 modify the home-page info with the developer documentation
update home-page info

Change-Id: I6e97a41a5dd5c34b466d59f80a0326195a368c12
2016-07-29 17:13:22 +08:00
Priti Desai 953e45e88e Publishing API Guide to OpenStack site
Moving files from doc/source/api/userguide/*.rst
to api-guide/source/*.rst,
also add api-guide/source/conf.py for building api-guide,
add a new tox target named api-guide
Taking a reference from this patch which was used for the
similar migration of Nova api guide:
https://review.openstack.org/#/c/230186

Change-Id: I725e7939f9a88185de6ef32b311159b0924b7183
Partial-Bug: #1540665
Needed-By: I7b7c623e6299c803930e41d72510f1a67d909fa3
2016-03-16 12:44:50 -07:00
Eric Brown 9dd486be05 Update Python classifier for 3.4
Barbican is tested with py34, but the classifier states only 2.7
is supported. This adds 3.4 to the list.

Change-Id: Ic7b14714d9a17a3370a8eb138bf4940ffa4ba999
2016-03-08 10:26:23 -08:00
Jeff Feng 77a164b062 Introducing barbican-manage utility command
A new 'barbican-manage' utility command is introduced as Barbican
admin tool. This command interacts with Barbican service for
management operations which usually cannot be accomplished with
REST APIs. This can improve usability and extensibility in the
future.

The related blueprint is https://review.openstack.org/#/c/253719/

This CR includes
1) implementation of barbican_manage.py
2) unit test code
3) document of barbican-manage command

Co-Authored-By: Michael Perng <mperng@us.ibm.com>
Change-Id: I784b46df86742d00d1737e3f8964280514a7fa1b
2016-03-02 11:29:08 -06:00
Kaitlin Farr dfe9241e05 Remove version from setup.cfg
The release process has changed for Mitaka. Please see the mailing
list for details:

http://lists.openstack.org/pipermail/openstack-dev/2015-November/080692.html

Change-Id: I13fa7d296947168ffd985390d4d03edf941691bd
Depends-On: I5100cc67ef180acb16bbbd47e65b15eaf26065d3
2015-12-03 14:12:10 -05:00
Thomas Dinkjian ffcd649638 Move Key gen script to cmd folder
Moves the keygeneration script from bin to cmd folder.
This is preferred because other scripts for HSM interaction
such as the PKEK re-wrap are located here.

Change-Id: I731ec087e96114d00bd983edd60d2e1806399e16
2015-11-06 15:12:39 -06:00
Thierry Carrez 99390c7073 Open Mitaka development
Bump preversion to mark the start of the Mitaka development branch.
The liberty release branch will be cut from the previous commit.

Change-Id: I0008ef88d5dc7aae070a91695a573e97c8bb76b0
2015-09-24 18:17:58 +02:00
jfwood 02dc4cdb71 Add retry server and functional tests to DevStack
Add a retry scheduler server process to the DevStack start/stop
processes. This includes adding a PBR entry point and barbican.cmd
script for the retry scheduler process, as other projects such as
Glance and Nova are doing now. Eventually we'll want to move over all
our boot scripts to the entry point approach. Verify functional test
for generating a simple certificate order, which is the first of the
extended-workflow order types that utilize the retry processing logic.
Also add try/catch around the retry process because if we don't pass
back a retry interval to the Oslo periodic task framework, it stops
rescheduling tasks! Also added delays to the functional test order
status check as for SQLite I was noticing disk I/O concurrency errors
otherwise. Yes, I'd still like to support SQLite for local functional
testing.

Change-Id: Ib7b50ab7f7354fefebfdf654689427ae7bf59e58
2015-07-12 10:41:03 -05:00
John Vrbanac 9d5b06ba7e Adding script for rewrapping p11 KEKs
This script pulls all project available KEKs and rewraps them
with a MKEK specified in the barbican config file.

Change-Id: I5f130b8f6d744195e3ed6c708e96b23b200eea2b
2015-07-08 13:28:13 -05:00
Dave Walker (Daviey) 63102c02dc Drop file extensions for /usr/bin/*
Previously there were 4 python scripts being installed
into /usr/{local/}bin/ which contained the extension *.py.
There was also a developers script called barbican.sh
to create a developer's environment.

This change switches away from installing them as scripts,
preferring to use pbr's console_scripts entry point.  This
means that the scripts were moved to be part of a 'cmd'
module within the barbican module.

The barbican.sh script is also no longer installed as it
seems inappropriate to install this on consumers machines.

A few cosmetic changes were added to achieve pep8.

Change-Id: I452b56535ec18228060370be899af2a63d138472
Closes-Bug: 1454587
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
2015-07-03 00:46:35 +01:00
Doug Hellmann d800211b9d Update version for Liberty
Update the version for Liberty, switching from date-based versioning
to pre-versioning using SemVer. See
http://lists.openstack.org/pipermail/openstack-dev/2015-May/065211.html
and
http://lists.openstack.org/pipermail/openstack-dev/2015-June/067082.html
for details.

Change-Id: I6a35fa0dda798fad93b804d00a46af80f08d475c
2015-06-17 18:37:39 +00:00