This patch adds a config option to allow
configuring the cache_time for identity elements.
It is also including a complementary fix for
change I49e46e010c543f831959581b2122f59068f2c07b
that missed adjusting the correct template, and
used the wrong comparison "is not None".
Closes-bug: #2054418
Related-bug: #1771114
Change-Id: I57d376eb6c1f0f38cdd028aacf397aaf7f3a1cda
These updates, on the master branch, are to support testing the caracal
packages and support of the charms for caracal. They do NOT lock the charms
down, and don't change the testing branches to stable branches.
Change-Id: If3fd48454e7959fdd6e2e1708b80a97c76576063
This is necessary to avoid collisions between
same usernames used service users.
Depends-on: I4fbfa8fba84b11c4e30e4db9a0c358db1e8c94f1
Closes-Bug: #2030755
Change-Id: I500fd131cbd6cd5c2b38fdbe81b8b48e50a3e3f7
Patch out charmhelpers.osplatform.get_platform() and
charmhelpers.core.host.lsb_release() globally in the unit tests to
insulate the unit tests from the platform that the unit tests are being
run on.
Change-Id: I4fbfa8fba84b11c4e30e4db9a0c358db1e8c94f1
Bug LP 1863232 introduced a new Apache configuration option called
WSGISocketRotation which allows users to disable wsgi socket
rotation. This patch makes this configurable with a new
wsgi-socket-rotation config option that defaults to the Apache
default and can optionally be set to False.
Closes-Bug: #2021550
Change-Id: Ia5852c3ebe84bd0355670f262cbe5e1cd433a08d
This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix
any inadvertant accesses of ['ca'] in the relation data before it is available
from vault in the certificates relation. Fix in charmhelpers is in [1].
[1] https://github.com/juju/charm-helpers/pull/824
Closes-Bug: #2028683
Change-Id: I3117e17bc89254031ac244842d868ed1ed5af9ba
Add the 'docs' key and point it at a Discourse topic
previously populated with the charm's README contents.
When the new charm revision is released to the Charmhub,
this Discourse-based content will be displayed there. In
the absense of the this new key, the Charmhub's default
behaviour is to display the value of the charm's
'description' key.
Change-Id: I6a9834d838803b6eea967e7c15be9fe7fe0ca052
We use a default expiration_time (dogpile-expiration-time)
of 600s which means that role assignments will take up to
this amount of time before all caches are updated to
reflect changes. This may not be suitable for some clouds
that make frequent changes to role assignments and lowering
the global value is not recommended so this overrides the
[role] cache_time to a more appropriate value and also
makes it configurable. We leave default value as None so
that the global value is still inherited but this at least
allows it to be customised.
Change-Id: I49e46e010c543f831959581b2122f59068f2c07b
Closes-Bug: #1771114
The package-upgrade action performs package upgrades for the current
OpenStack release.
The code path used is similar to the openstack-upgrade action, with the
difference being that package-upgrade will not execute if an openstack
upgrade is available (based on the openstack-origin setting).
This change includes a charm-helpers sync.
Change-Id: Ifd99ea307a6e4d1d034d7c1e494e2cd8abd894e9
Sync charmhelpers to pull in fix to https() so it returns false
if there is a pending certificate request
Change-Id: I6e79570070fb3b6aa85485bbb40a820cb352c68e
Closes-Bug: #2015103
* Voting was turned on for jammy-antelope in the
project-template for charm-functional-jobs in zosci-config
* Voting for jammy-antelope bundles with non-standard names
is turned on in individual charms
* Kinetic-zed bundles/tests are removed
Change-Id: I18f3112b7fca0e6af35aa4f6231b9ca9a5414a3e
When the mysql password is changed via the shared-db relation, the
shared-db hook handler needs to restart keystone's apache2 so that the
password is picked up and used by keystone during the rest of the hook.
Change-Id: I37ed94d5937a9abf46fd12cd6f230ddb5a298b0e
This patch adds two actions:
1. An action to list the service usernames that can be rotated.
2. An action to rotate a service username that is on the list of
usernames that can be rotated.
Change-Id: I3a8a6af7ec8b0ea32da04eff34fafd32f43cee0e
func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1005
This change add several configuration options to enable HTTP checks
to the HAProxy configuration, instead of the default TCP connection
checks (which continue to be the default)
Closes-Bug: #1880610
Change-Id: I50a9442ae66da71793a5e9904d23c26d1fbbdf42
There is a requirement for some end users where we need to specify
auth_ttl to a higher level. This should help with these users
Change-Id: Ifd515d7c103a6b24c4f5da500442406f04fb372f
This parameter is added to the relation in order to configure service
tokens on related services. The role of the service user is required for
service token validation.
Closes-Bug: #1992840
Change-Id: Id7e84d38a9f774179808137548307c9174a87f87
The linked bug shows the install of the charm with openstack-origin set
to zed. This happens because configure_installation_source() causes the
openstack-release package to be installed *before* the zed cloud archive
sources are configured into /etc/apt and an apt update done. This means
that the openstack-release package says "yoga" despite the zed packages
actually being installed.
Then, on the config-changed hook, it sees that the installed version is
showing as yoga and tries to do an upgrade. This fails, as the charm
hasn't yet bootstrapped, and the charm tries to bootstrap after
upgrading the packages.
There's a few bugs here which are exposed, but the tactical fix is to
force the openstack-release to match the installed packages.
Change-Id: I3f47daf6bda6b62ffe4152ede2709f802f0ab606
Closes-Bug: #1989538
This patch adds kinetic to the metadata.yaml and ensures
that a run-on base for 22.10 is added in the
charmcraft.yaml
Change-Id: If25f1ddf91af0c1ddedc8e8c470ce70e61838424
* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml
Change-Id: Idf4a6cd1e0888576f890b00aa5b343936900d6dd
This change adds a new configuration in line Apache's frontend
configuration to include (if present) the files generated by the
keystone-openidc charm to configure Open ID Connect configuration
Change-Id: I8c96b1f1ffad84d57276fd60461c1aee60b32d3b
Validates if the provided vip address(es) are in the subnet that the unit is in. If not, shows the message with invalid vips along with 'blocked' status.
Closes-Bug: #1958178
Change-Id: I6bb3e21f3934d6d2483564fba9216504a62d15dc
Add new option default_authorization_ttl used for
federation to set validity of group memberships
coming from a mapping.
Closes-Bug: #1970388
Change-Id: I4a8dbc501e14d1201ceed27077554924c56e3abd
- Add 22.04 to charmcraft.yaml
- Update metadata to include jammy
- Remove impish from metadata
- Update osci.yaml to include py3.10 default job
- Modify tox.ini to remove py35,py36,py37 tox target and add py310
target.
- ensure that the openstack-origin is yoga
Change-Id: I82a3ae55422e0871bddf37debf1089c9a9a3e843
We need to ensure value for 'service' provided on
identity relation before doing valid_services lookup.
Change-Id: I42fb9dbb48b3bcf8fd40700db84ec8210b8433a4
Related-Bug: #1965967
Moved rotate-admin-password action to admin-password.py and made
changes to the unit test accordingly. Putting admin password
related actions together will reduce confusion and improve
maintainability
Change-Id: I27f8d3a279833dde5f6021e9d78a5ab2f05445b2
Implemented a new action to provide users the possibility of
retrieving Keystone service's admin password via juju action.
The result of this action is equivalent to running
“juju run --unit {keystone unit} leader-get admin_passwd”.
Closes-Bug: #1858657
Change-Id: I231c4b73016f7e7b4ba7f06219dd8e212402a339
A charm joined to keystone via the identity-service relation can
now specify additional roles that can be granted to admin. This
is done by setting the relation data key `add_role_to_admin` the
value is a comma seperated list of roles that should be granted
to admin.
Change-Id: I7ecac3d64eece1845dc963886e09cc2be149ae03
This update is to ensure that the Zuul Canonical CI builds the charm
before functional tests and ensure that that artifact is used for the
functional tests. This is to try to ensure that the charm that gets
landed to the charmhub is the same charm that was tested with.
Change-Id: Ia2f3bcba500de242a93d9f0bf073a9c5c3aad89a
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.
Note that https://github.com/openstack/charms.openstack is used during tests
and he need `mock`, unfortunatelly it doesn't declare `mock` in its
requirements so it retrieve mock from other charm project (cross dependency).
So we depend on charms.openstack first and when
Ib1ed5b598a52375e29e247db9ab4786df5b6d142 will be merged then CI
will pass without errors.
Drop Python 3.5 testing.
Rework some unit tests that use unittest.mock features not introduced
until Python 3.7.
Depends-On: Ib1ed5b598a52375e29e247db9ab4786df5b6d142
Change-Id: I029c77ed697620725dc040d1849a691eb10c9351