Move the job definitions in-tree, updating them when needed.
This lead to several changes:
- update tox.ini and setup.cfg to align it to the newest standards
(including newer python classifiers);
- no more python 2.x jobs;
- bump hacking requirements to make the pep8 job work with the newest
python releases;
- ignore a few spurious flake8 warnings;
- switch to stestr as test runner;
- update cryptography dependency.
The old barbican simple-crypto job name is still available as an alias
for a while, but it is time to switch away from it, so directly
use the new job.
Depends-On: https://review.opendev.org/771443
Change-Id: Iba7b4106c49e4b492c97097648c7b8f599a2ca4b
Add the barbican-tempest tests that use
cursive from git. These tests are defined
in the barbican repo, and thus can be
reused here.
Needed-By: https://review.openstack.org/#/c/550996/
Change-Id: Id2aa88c12f42dd0d5ce8e0120a760be59338771e
The use of signer and verifier in cryptography has been
deprecated, and causes the following warning:
cursive/cursive/signature_utils.py:139: DeprecationWarning: signer
and verifier have been deprecated. Please use sign and verify
instead.
This patch adds a wrapper around the use of verifier, so
that sign and verify are used with cryptography, but the
client use of the library doesn't have to change.
Change-Id: Ib4aaa4fc9eb893b74f08bc8ff732a4dae152f685
Although mock is used in the unit tests at
d5e395cc35/cursive/tests/unit/test_signature_utils.py (L23)
it is not in test-requirements.txt.
This commit adds mock to test-requirements.txt.
Change-Id: I07aa5c65195ffe9453d2a5508e447b0bb8d834c0
ManagedObjectNotFoundError which is raised from a several places of
castellan library
(for example castellan/key_manager/barbican_key_manager.py) is not
caught in signature_utils.py.
Caught ManagedObjectNotFoundError and raised SignatureVerificationError
to avoid 500 error response.
Change-Id: Ia8310f8cc9604d11cc4a25617b55a1b61436cd71
Closes-Bug: #1736679
This change adds support for certificate validation, including
certificate inspection utilities. Validating a certificate
requires the certificate UUID of the certificate to validate,
a set of UUIDs corresponding to the set of trusted certificates
needed to validate the certificate, and a user context for
authentication to the key manager. A new certificate verification
context is included that is used to store the set of trusted
certificates once they are loaded from the key manager. This
context is used to validate the signing certificate, verifying
that the certificate belongs to a valid certificate chain rooted
in the set of trusted certificates.
All new certificate utility code is added in a new module named
certificate_utils.
For more information on this work, see the spec:
https://review.openstack.org/#/c/488541/
SecurityImpact
DocImpact
Change-Id: I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
Implements: blueprint nova-validate-certificates
This change makes the _REGISTERED_TYPES member
of the signature_utils object public so that it
can be referenced by Nova.
Change-Id: Ia1615dcd4ca20702693b6c5ebddc472fe29f224c
Releasenote translation publishing is being prepared. 'locale_dirs'
needs to be defined in conf.py to generate translated version of the
release notes.
Note that this repository might not get translated release notes - or
no translations at all - but we add the entry here nevertheless to
prepare for it.
Change-Id: Ie8e2150f98f5fd6e97e38d776fc1ae95f1fafbe4
Remove old and unused constraint environments.
Note: Constraints were unused in CI before and stay unused since
cursive is not part of global requirements process.
Change-Id: I29b8eda7d99b815893da0cadc2341053bee436be
This change adds a should_create_verifier method
to the signature_utils module, since the existing
signature verification code in Glance requires
this method.
Change-Id: Ic4be5dd900425ba0eceafca97b549a499dc6606e
tox -e releasenotes fails with:
Warning, treated as error:
WARNING: html_static_path entry
u'/home/aj/vcs/OpenStack/openstack/cursive/releasenotes/source/_static'
does not exist
Add missing directory - like done on similar projects -,
using a placeholder to make git happy.
Also, add build directory to .gitignore.
Remove .placeholder from .gitignore, those files are important!
Change-Id: I20d9881975eb491f6a977ae2de9406e64a659ca9