For queens sync

Change-Id: I381411ad2285257b49bd78ae22c734cea07315c9
2018-07-11 16:45:41 -07:00 · 2018-07-11 16:45:41 -07:00 · c215f71376
parent 6fde26184b
commit c215f71376
48 changed files with 264 additions and 118 deletions
--- a/.stestr.conf
+++ b/.stestr.conf
@ -0,0 +1,3 @@
+[DEFAULT]
+test_path=${OS_TEST_PATH:-./gbpservice/neutron/tests/unit}
+top_dir=./
--- a/devstack/lib/nsx
+++ b/devstack/lib/nsx
@ -5,7 +5,7 @@ function prepare_nsx_policy {
    NSXLIB_NAME='vmware-nsxlib'
    GITDIR[$NSXLIB_NAME]=/opt/stack/vmware-nsxlib
    GITREPO[$NSXLIB_NAME]=${NSXLIB_REPO:-${GIT_BASE}/openstack/vmware-nsxlib.git}
-    GITBRANCH[$NSXLIB_NAME]=${NSXLIB_BRANCH:-stable/pike}
+    GITBRANCH[$NSXLIB_NAME]=${NSXLIB_BRANCH:-stable/queens}

    if use_library_from_git $NSXLIB_NAME; then
        git_clone_by_name $NSXLIB_NAME
--- a/devstack/local.conf.nfp
+++ b/devstack/local.conf.nfp
@ -43,10 +43,10 @@ if [[ $ENABLE_NFP = True ]]; then
        # Make sure that your public interface is not attached to any bridge.
        PUBLIC_INTERFACE=

-        enable_plugin neutron-fwaas http://git.openstack.org/openstack/neutron-fwaas stable/pike
-        enable_plugin neutron-lbaas https://git.openstack.org/openstack/neutron-lbaas stable/pike
-        enable_plugin neutron https://github.com/openstack/neutron.git stable/pike
-        enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/pike
+        enable_plugin neutron-fwaas http://git.openstack.org/openstack/neutron-fwaas stable/queens
+        enable_plugin neutron-lbaas https://git.openstack.org/openstack/neutron-lbaas stable/queens
+        enable_plugin neutron https://github.com/openstack/neutron.git stable/queens
+        enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/queens
        enable_plugin octavia https://git.openstack.org/openstack/octavia
        #enable_plugin barbican https://git.openstack.org/openstack/barbican master
        #enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git master
--- a/gbpservice/contrib/nfp/service_plugins/firewall/nfp_fwaas_plugin.py
+++ b/gbpservice/contrib/nfp/service_plugins/firewall/nfp_fwaas_plugin.py
@ -23,10 +23,10 @@ from neutron.db.l3_db import DEVICE_OWNER_ROUTER_INTF
 from neutron.db.l3_db import EXTERNAL_GW_INFO
 from neutron.db.models.l3 import RouterPort
 from neutron.db import models_v2
-from neutron.extensions import l3
-from neutron.plugins.common import constants as n_const
 from neutron_lib import constants as nlib_const
 from neutron_lib import exceptions as n_exc
+from neutron_lib.exceptions import l3
+from neutron_lib.plugins import constants as n_const

 import neutron_fwaas.extensions
 from neutron_fwaas.services.firewall import fwaas_plugin as ref_fw_plugin
--- a/gbpservice/network/neutronv2/local_api.py
+++ b/gbpservice/network/neutronv2/local_api.py
@ -11,15 +11,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-from neutron.extensions import address_scope
-from neutron.extensions import l3
 from neutron.extensions import securitygroup as ext_sg
 from neutron.notifiers import nova
-from neutron.plugins.common import constants as pconst
 from neutron import quota
 from neutron_lib.callbacks import registry
 from neutron_lib import constants as nl_const
 from neutron_lib import exceptions as n_exc
+from neutron_lib.exceptions import address_scope as api_err
+from neutron_lib.exceptions import l3
+from neutron_lib.plugins import constants as pconst
 from neutron_lib.plugins import directory
 from oslo_log import log as logging
 from oslo_utils import excutils
@ -578,7 +578,7 @@ class LocalAPI(object):
        try:
            self._delete_resource(self._core_plugin, plugin_context,
                                  'address_scope', address_scope_id)
-        except address_scope.AddressScopeNotFound:
+        except api_err.AddressScopeNotFound:
            LOG.warning('Address Scope %s already deleted',
                        address_scope_id)

--- a/gbpservice/neutron/db/servicechain_db.py
+++ b/gbpservice/neutron/db/servicechain_db.py
@ -14,9 +14,9 @@ import ast

 from neutron.db import api as db_api
 from neutron.db import common_db_mixin
-from neutron.plugins.common import constants as pconst
 from neutron_lib.db import model_base
 from neutron_lib import exceptions as n_exc
+from neutron_lib.plugins import constants as pconst
 from neutron_lib.plugins import directory
 from oslo_log import helpers as log
 from oslo_log import log as logging
--- a/gbpservice/neutron/extensions/cisco_apic_l3.py
+++ b/gbpservice/neutron/extensions/cisco_apic_l3.py
@ -13,8 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-from neutron.extensions import l3
 from neutron_lib.api import converters
+from neutron_lib.api.definitions import l3
 from neutron_lib.api import extensions

 from gbpservice.neutron.extensions import cisco_apic
--- a/gbpservice/neutron/extensions/group_policy.py
+++ b/gbpservice/neutron/extensions/group_policy.py
@ -16,12 +16,12 @@ import re
 from neutron.api import extensions as neutron_extensions
 from neutron.api.v2 import attributes as attr
 from neutron.api.v2 import resource_helper
-from neutron.plugins.common import constants
 from neutron_lib.api import converters as conv
 from neutron_lib.api import extensions
 from neutron_lib.api import validators as valid
 from neutron_lib import constants as nlib_const
 from neutron_lib import exceptions as nexc
+from neutron_lib.plugins import constants
 from neutron_lib.services import base as service_base
 from oslo_config import cfg
 from oslo_log import log as logging
--- a/gbpservice/neutron/extensions/patch.py
+++ b/gbpservice/neutron/extensions/patch.py
@ -10,17 +10,19 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+from neutron.api import extensions
 from neutron.db import address_scope_db
 from neutron.db import api as db_api
 from neutron.db import common_db_mixin
 from neutron.db import l3_db
 from neutron.db import models_v2
 from neutron.db import securitygroups_db
-from neutron.extensions import address_scope as ext_address_scope
 from neutron.objects import subnetpool as subnetpool_obj
 from neutron.plugins.ml2 import db as ml2_db
+from neutron_lib.api import attributes
 from neutron_lib.api import validators
-from neutron_lib import exceptions as n_exc
+from neutron_lib import exceptions
+from neutron_lib.exceptions import address_scope as api_err
 from oslo_log import log
 from oslo_utils import excutils
 from sqlalchemy import event
@ -185,7 +187,7 @@ def _get_tenant_id_for_create(self, context, resource):
    elif ('tenant_id' in resource and
          resource['tenant_id'] != context.project_id):
        reason = _('Cannot create resource for another tenant')
-        raise n_exc.AdminRequired(reason=reason)
+        raise exceptions.AdminRequired(reason=reason)
    else:
        tenant_id = context.project_id

@ -207,13 +209,137 @@ def _delete_address_scope(self, context, id):
    with context.session.begin(subtransactions=True):
        if subnetpool_obj.SubnetPool.get_objects(context,
                                                 address_scope_id=id):
-            raise ext_address_scope.AddressScopeInUse(address_scope_id=id)
+            raise api_err.AddressScopeInUse(address_scope_id=id)
        address_scope = self._get_address_scope(context, id)
        address_scope.delete()

 address_scope_db.AddressScopeDbMixin.delete_address_scope = (
    _delete_address_scope)

+
+def extend_resources(self, version, attr_map):
+        """Extend resources with additional resources or attributes.
+
+        :param attr_map: the existing mapping from resource name to
+        attrs definition.
+
+        After this function, we will extend the attr_map if an extension
+        wants to extend this map.
+        """
+        processed_exts = {}
+        exts_to_process = self.extensions.copy()
+        check_optionals = True
+        # Iterate until there are unprocessed extensions or if no progress
+        # is made in a whole iteration
+        while exts_to_process:
+            processed_ext_count = len(processed_exts)
+            for ext_name, ext in list(exts_to_process.items()):
+                # Process extension only if all required extensions
+                # have been processed already
+                required_exts_set = set(ext.get_required_extensions())
+                if required_exts_set - set(processed_exts):
+                    continue
+                optional_exts_set = set(ext.get_optional_extensions())
+                if check_optionals and optional_exts_set - set(processed_exts):
+                    continue
+                extended_attrs = ext.get_extended_resources(version)
+                for res, resource_attrs in extended_attrs.items():
+                    res_to_update = attr_map.setdefault(res, {})
+                    if self._is_sub_resource(res_to_update):
+                        # kentwu: service_profiles defined in servicechain
+                        # plugin has a name conflict with service_profiles
+                        # sub-resource defined in flavor plugin. The attr_map
+                        # can only have one service_profiles so here we make
+                        # this very same service_profiles to have the
+                        # attributes from both plugins. This behavior is now
+                        # consistent with Pike.
+                        if (ext_name == 'servicechain' and
+                                res == 'service_profiles'):
+                            res_to_update.update(resource_attrs)
+                        # in the case of an existing sub-resource, we need to
+                        # update the parameters content rather than overwrite
+                        # it, and also keep the description of the parent
+                        # resource unmodified
+                        else:
+                            res_to_update['parameters'].update(
+                                resource_attrs['parameters'])
+                    else:
+                        res_to_update.update(resource_attrs)
+                processed_exts[ext_name] = ext
+                del exts_to_process[ext_name]
+            if len(processed_exts) == processed_ext_count:
+                # if we hit here, it means there are unsatisfied
+                # dependencies. try again without optionals since optionals
+                # are only necessary to set order if they are present.
+                if check_optionals:
+                    check_optionals = False
+                    continue
+                # Exit loop as no progress was made
+                break
+        if exts_to_process:
+            unloadable_extensions = set(exts_to_process.keys())
+            LOG.error("Unable to process extensions (%s) because "
+                      "the configured plugins do not satisfy "
+                      "their requirements. Some features will not "
+                      "work as expected.",
+                      ', '.join(unloadable_extensions))
+            self._check_faulty_extensions(unloadable_extensions)
+        # Extending extensions' attributes map.
+        for ext in processed_exts.values():
+            ext.update_attributes_map(attr_map)
+
+extensions.ExtensionManager.extend_resources = extend_resources
+
+
+def fill_post_defaults(
+        self, res_dict,
+        exc_cls=lambda m: exceptions.InvalidInput(error_message=m),
+        check_allow_post=True):
+    """Fill in default values for attributes in a POST request.
+
+    When a POST request is made, the attributes with default values do not
+    need to be specified by the user. This function fills in the values of
+    any unspecified attributes if they have a default value.
+
+    If an attribute is not specified and it does not have a default value,
+    an exception is raised.
+
+    If an attribute is specified and it is not allowed in POST requests, an
+    exception is raised. The caller can override this behavior by setting
+    check_allow_post=False (used by some internal admin operations).
+
+    :param res_dict: The resource attributes from the request.
+    :param exc_cls: Exception to be raised on error that must take
+        a single error message as it's only constructor arg.
+    :param check_allow_post: Raises an exception if a non-POST-able
+        attribute is specified.
+    :raises: exc_cls If check_allow_post is True and this instance of
+        ResourceAttributes doesn't support POST.
+    """
+    for attr, attr_vals in self.attributes.items():
+        # kentwu: Patch needed for our GBP service_profiles attribute. Since
+        # parent and parameters are both sub-resource's attributes picked up
+        # from flavor plugin so we can just ignore those. These 2 attributes
+        # don't have allow_post defined so it will just fail without this
+        # patch.
+        if attr == 'parent' or attr == 'parameters':
+            if 'allow_post' not in attr_vals:
+                continue
+        if attr_vals['allow_post']:
+            if 'default' not in attr_vals and attr not in res_dict:
+                msg = _("Failed to parse request. Required "
+                        "attribute '%s' not specified") % attr
+                raise exc_cls(msg)
+            res_dict[attr] = res_dict.get(attr,
+                                          attr_vals.get('default'))
+        elif check_allow_post:
+            if attr in res_dict:
+                msg = _("Attribute '%s' not allowed in POST") % attr
+                raise exc_cls(msg)
+
+attributes.AttributeInfo.fill_post_defaults = fill_post_defaults
+
+
 # TODO(ivar): while this block would be better place in the patch_neutron
 # module, it seems like being part of an "extension" package is the only
 # way to make it work at the moment. Tests have shown that Neutorn reloads
--- a/gbpservice/neutron/extensions/servicechain.py
+++ b/gbpservice/neutron/extensions/servicechain.py
@ -15,11 +15,11 @@ import abc
 from neutron.api import extensions as neutron_extensions
 from neutron.api.v2 import attributes as attr
 from neutron.api.v2 import resource_helper
-from neutron.plugins.common import constants
 from neutron_lib.api import converters as conv
 from neutron_lib.api import extensions
 from neutron_lib.api import validators as valid
 from neutron_lib import exceptions as nexc
+from neutron_lib.plugins import constants
 from neutron_lib.services import base as service_base
 from oslo_config import cfg
 from oslo_log import log as logging
--- a/gbpservice/neutron/plugins/ml2/drivers/grouppolicy/stitching/driver.py
+++ b/gbpservice/neutron/plugins/ml2/drivers/grouppolicy/stitching/driver.py
@ -10,10 +10,10 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-from neutron.plugins.ml2 import driver_api as api
 from neutron.plugins.ml2.drivers.openvswitch.mech_driver import (
        mech_openvswitch as base)
 from neutron_lib.api.definitions import portbindings
+from neutron_lib.plugins.ml2 import api

 from gbpservice.neutron.services.servicechain.plugins.ncp import plumber_base

--- a/gbpservice/neutron/plugins/ml2plus/driver_api.py
+++ b/gbpservice/neutron/plugins/ml2plus/driver_api.py
@ -16,7 +16,7 @@
 import abc
 import six

-from neutron.plugins.ml2 import driver_api
+from neutron_lib.plugins.ml2 import api as driver_api

 BULK_EXTENDED = 'ml2plus:_bulk_extended'

--- a/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py
+++ b/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py
@ -32,9 +32,6 @@ from aim import context as aim_context
 from aim import exceptions as aim_exceptions
 from aim import utils as aim_utils
 from neutron.agent import securitygroups_rpc
-from neutron.callbacks import events
-from neutron.callbacks import registry
-from neutron.callbacks import resources
 from neutron.common import rpc as n_rpc
 from neutron.common import topics as n_topics
 from neutron.db import api as db_api
@ -47,19 +44,21 @@ from neutron.db import models_v2
 from neutron.db import provisioning_blocks
 from neutron.db import rbac_db_models
 from neutron.db import segments_db
-from neutron.extensions import external_net
-from neutron.plugins.common import constants as pconst
 from neutron.plugins.ml2 import db as n_db
-from neutron.plugins.ml2 import driver_api as api
 from neutron.plugins.ml2 import driver_context as ml2_context
 from neutron.plugins.ml2.drivers.openvswitch.agent.common import (
    constants as a_const)
 from neutron.plugins.ml2 import models
+from neutron_lib.api.definitions import external_net
 from neutron_lib.api.definitions import portbindings
+from neutron_lib.callbacks import events
+from neutron_lib.callbacks import registry
+from neutron_lib.callbacks import resources
 from neutron_lib import constants as n_constants
 from neutron_lib import context as nctx
 from neutron_lib import exceptions as n_exceptions
 from neutron_lib.plugins import directory
+from neutron_lib.plugins.ml2 import api
 from opflexagent import constants as ofcst
 from opflexagent import host_agent_rpc as arpc
 from opflexagent import rpc as ofrpc
@ -2259,7 +2258,7 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
                # TODO(amitbose) Consider providing configuration options
                # for picking network-type and physical-network name
                # for the dynamic segment
-                seg_args = {api.NETWORK_TYPE: pconst.TYPE_VLAN,
+                seg_args = {api.NETWORK_TYPE: n_constants.TYPE_VLAN,
                            api.PHYSICAL_NETWORK:
                            segment[api.PHYSICAL_NETWORK]}
                dyn_seg = context.allocate_dynamic_segment(seg_args)
@ -3355,7 +3354,7 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
        return net_type == ofcst.TYPE_OPFLEX

    def _is_supported_non_opflex_type(self, net_type):
-        return net_type in [pconst.TYPE_VLAN]
+        return net_type in [n_constants.TYPE_VLAN]

    def _use_static_path(self, bound_segment):
        return (bound_segment and
@ -3365,7 +3364,7 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
    def _convert_segment(self, segment):
        seg = None
        if segment:
-            if segment.get(api.NETWORK_TYPE) in [pconst.TYPE_VLAN]:
+            if segment.get(api.NETWORK_TYPE) in [n_constants.TYPE_VLAN]:
                seg = 'vlan-%s' % segment[api.SEGMENTATION_ID]
            else:
                LOG.debug('Unsupported segmentation type for static path '
--- a/gbpservice/neutron/plugins/ml2plus/extension_overrides/patched_address_scope.py
+++ b/gbpservice/neutron/plugins/ml2plus/extension_overrides/patched_address_scope.py
@ -14,10 +14,11 @@
 #    under the License.

 from neutron.extensions import address_scope
+from neutron_lib.api.definitions import address_scope as apidef


 class Patched_address_scope(address_scope.Address_scope):
    def update_attributes_map(self, attributes):
        super(Patched_address_scope, self).update_attributes_map(
            attributes,
-            extension_attrs_map=address_scope.RESOURCE_ATTRIBUTE_MAP)
+            extension_attrs_map=apidef.RESOURCE_ATTRIBUTE_MAP)
--- a/gbpservice/neutron/plugins/ml2plus/plugin.py
+++ b/gbpservice/neutron/plugins/ml2plus/plugin.py
@ -27,7 +27,6 @@ from neutron.db import api as db_api
 from neutron.db.models import securitygroup as securitygroups_db
 from neutron.db import models_v2
 from neutron.db import provisioning_blocks
-from neutron.extensions import address_scope as as_ext
 from neutron.plugins.ml2.common import exceptions as ml2_exc
 from neutron.plugins.ml2 import managers as ml2_managers
 from neutron.plugins.ml2 import plugin as ml2_plugin
@ -140,14 +139,19 @@ class Ml2PlusPlugin(ml2_plugin.Ml2Plugin,

    def _handle_security_group_change(self, resource, event, trigger,
                                      **kwargs):
-        context = kwargs.get('context')
-        security_group = kwargs.get('security_group')
+        if 'payload' in kwargs:
+            context = kwargs['payload'].context
+            security_group = kwargs['payload'].desired_state
+            original_security_group = kwargs['payload'].states[0]
+        else:
+            context = kwargs.get('context')
+            security_group = kwargs.get('security_group')
+            original_security_group = kwargs.get('original_security_group')
        # There is a neutron bug that sometimes it will create a SG with
        # tenant_id field empty. We will not process it further when that
        # happens then.
        if not security_group['tenant_id']:
            return
-        original_security_group = kwargs.get('original_security_group')
        mech_context = driver_context.SecurityGroupContext(
            self, context, security_group, original_security_group)
        if event == events.PRECOMMIT_CREATE:
@ -296,7 +300,7 @@ class Ml2PlusPlugin(ml2_plugin.Ml2Plugin,
               'tenant_id': address_scope['tenant_id'],
               'shared': address_scope['shared'],
               'ip_version': address_scope['ip_version']}
-        self._apply_dict_extend_functions(as_ext.ADDRESS_SCOPES, res,
+        self._apply_dict_extend_functions(as_def.COLLECTION_NAME, res,
                                          address_scope)
        return self._fields(res, fields)

@ -481,12 +485,12 @@ class Ml2PlusPlugin(ml2_plugin.Ml2Plugin,

    @gbp_extensions.disable_transaction_guard
    def create_address_scope(self, context, address_scope):
-        self._ensure_tenant(context, address_scope[as_ext.ADDRESS_SCOPE])
+        self._ensure_tenant(context, address_scope[as_def.ADDRESS_SCOPE])
        with db_api.context_manager.writer.using(context):
            result = super(Ml2PlusPlugin, self).create_address_scope(
                context, address_scope)
            self.extension_manager.process_create_address_scope(
-                context, address_scope[as_ext.ADDRESS_SCOPE], result)
+                context, address_scope[as_def.ADDRESS_SCOPE], result)
            mech_context = driver_context.AddressScopeContext(
                self, context, result)
            self.mechanism_manager.create_address_scope_precommit(
@ -514,7 +518,7 @@ class Ml2PlusPlugin(ml2_plugin.Ml2Plugin,
                                          self).update_address_scope(
                                              context, id, address_scope)
            self.extension_manager.process_update_address_scope(
-                context, address_scope[as_ext.ADDRESS_SCOPE],
+                context, address_scope[as_def.ADDRESS_SCOPE],
                updated_address_scope)
            mech_context = driver_context.AddressScopeContext(
                self, context, updated_address_scope,
--- a/gbpservice/neutron/services/grouppolicy/common/constants.py
+++ b/gbpservice/neutron/services/grouppolicy/common/constants.py
@ -10,7 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-from neutron.plugins.common import constants
+from neutron_lib.plugins import constants


 constants.GROUP_POLICY = "GROUP_POLICY"
--- a/gbpservice/neutron/services/grouppolicy/drivers/resource_mapping.py
+++ b/gbpservice/neutron/services/grouppolicy/drivers/resource_mapping.py
@ -18,13 +18,13 @@ from keystoneclient.v2_0 import client as k_client
 from neutron.common import exceptions as neutron_exc
 from neutron.db import api as db_api
 from neutron.db import models_v2
-from neutron.extensions import l3 as ext_l3
 from neutron.extensions import securitygroup as ext_sg
 from neutron_lib.api.definitions import port as port_def
 from neutron_lib import constants as n_const
 from neutron_lib import context as n_context
 from neutron_lib.db import model_base
 from neutron_lib import exceptions as n_exc
+from neutron_lib.exceptions import l3 as ext_l3
 from neutron_lib.plugins import directory
 from oslo_config import cfg
 from oslo_db import exception as oslo_db_excp
@ -1727,15 +1727,15 @@ class ResourceMappingDriver(api.PolicyDriver, ImplicitResourceOperations,
        group_id = context.current['policy_target_group_id']
        if context.current.get('proxy_gateway'):
            pts = context._plugin.get_policy_targets(
-                context._plugin_context, {'policy_target_group_id': group_id,
-                                          'proxy_gateway': True})
+                context._plugin_context, {'policy_target_group_id': [group_id],
+                                          'proxy_gateway': [True]})
            pts = [x['id'] for x in pts if x['id'] != context.current['id']]
            if pts:
                exc.OnlyOneProxyGatewayAllowed(group_id=group_id)
        if context.current.get('group_default_gateway'):
            pts = context._plugin.get_policy_targets(
-                context._plugin_context, {'policy_target_group_id': group_id,
-                                          'group_default_gateway': True})
+                context._plugin_context, {'policy_target_group_id': [group_id],
+                                          'group_default_gateway': [True]})
            pts = [x['id'] for x in pts if x['id'] != context.current['id']]
            if pts:
                exc.OnlyOneGroupDefaultGatewayAllowed(group_id=group_id)
@ -3071,7 +3071,7 @@ class ResourceMappingDriver(api.PolicyDriver, ImplicitResourceOperations,
        # Get all the EP for this tenant
        ep_list = context._plugin.get_external_policies(
            context._plugin_context,
-            filters={'tenant_id': context.current['tenant_id']})
+            filters={'tenant_id': [context.current['tenant_id']]})
        for ep in ep_list:
            # Remove rules before the new ip_pool came
            ip_pool_list = gbp_utils.convert_ip_pool_string_to_list(ip_pool)
@ -3087,7 +3087,7 @@ class ResourceMappingDriver(api.PolicyDriver, ImplicitResourceOperations,
        # Get all the EP for this tenant
        ep_list = context._plugin.get_external_policies(
            context._plugin_context,
-            filters={'tenant_id': context.current['tenant_id']})
+            filters={'tenant_id': [context.current['tenant_id']]})
        for ep in ep_list:
            # Cidrs before the ip_pool removal
            ip_pool_list = gbp_utils.convert_ip_pool_string_to_list(ip_pool)
--- a/gbpservice/neutron/services/grouppolicy/plugin.py
+++ b/gbpservice/neutron/services/grouppolicy/plugin.py
@ -14,11 +14,11 @@ import netaddr
 import six

 from neutron.db import api as db_api
-from neutron.plugins.common import constants as pconst
 from neutron.quota import resource_registry
 from neutron_lib.api.definitions import portbindings
 from neutron_lib import constants
 from neutron_lib import context as n_ctx
+from neutron_lib.plugins import constants as pconst
 from neutron_lib.plugins import directory
 from oslo_log import helpers as log
 from oslo_log import log as logging
--- a/gbpservice/neutron/services/servicechain/plugins/ncp/node_drivers/heat_node_driver.py
+++ b/gbpservice/neutron/services/servicechain/plugins/ncp/node_drivers/heat_node_driver.py
@ -15,8 +15,8 @@ import time
 from heatclient import exc as heat_exc
 from neutron.db import api as db_api
 from neutron.db import models_v2 as ndb
-from neutron.plugins.common import constants as pconst
 from neutron_lib.db import model_base
+from neutron_lib.plugins import constants as pconst
 from oslo_config import cfg
 from oslo_db import exception as db_exc
 from oslo_log import helpers as log
--- a/gbpservice/neutron/services/servicechain/plugins/ncp/node_drivers/nfp_node_driver.py
+++ b/gbpservice/neutron/services/servicechain/plugins/ncp/node_drivers/nfp_node_driver.py
@ -20,9 +20,9 @@ import threading
 from keystoneclient import exceptions as k_exceptions
 from keystoneclient.v2_0 import client as keyclient
 from neutron.common import rpc as n_rpc
-from neutron.plugins.common import constants as pconst
 from neutron_lib.db import model_base
 from neutron_lib import exceptions as n_exc
+from neutron_lib.plugins import constants as pconst
 from oslo_config import cfg
 from oslo_log import log as logging
 import oslo_messaging
--- a/gbpservice/neutron/services/servicechain/plugins/ncp/plugin.py
+++ b/gbpservice/neutron/services/servicechain/plugins/ncp/plugin.py
@ -11,8 +11,8 @@
 #    under the License.

 from neutron.db import api as db_api
-from neutron.plugins.common import constants as pconst
 from neutron.quota import resource_registry
+from neutron_lib.plugins import constants as pconst
 from oslo_config import cfg
 from oslo_log import helpers as log
 from oslo_log import log as logging
--- a/gbpservice/neutron/services/servicechain/plugins/sharing.py
+++ b/gbpservice/neutron/services/servicechain/plugins/sharing.py
@ -10,7 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-from neutron.plugins.common import constants as pconst
+from neutron_lib.plugins import constants as pconst
 from neutron_lib.plugins import directory
 from oslo_log import log as logging

--- a/gbpservice/neutron/services/sfc/aim/flowc_driver.py
+++ b/gbpservice/neutron/services/sfc/aim/flowc_driver.py
@ -13,10 +13,10 @@
 from networking_sfc.db import flowclassifier_db as flc_db
 from networking_sfc.extensions import flowclassifier
 from networking_sfc.services.flowclassifier.drivers import base
-from neutron.callbacks import events
-from neutron.callbacks import registry
-from neutron.callbacks import resources
 from neutron_lib.api import validators
+from neutron_lib.callbacks import events
+from neutron_lib.callbacks import registry
+from neutron_lib.callbacks import resources
 from neutron_lib.plugins import directory
 from oslo_log import log as logging

--- a/gbpservice/neutron/services/sfc/aim/sfc_driver.py
+++ b/gbpservice/neutron/services/sfc/aim/sfc_driver.py
@ -24,10 +24,10 @@ from networking_sfc.extensions import flowclassifier as flowc_ext
 from networking_sfc.extensions import sfc as sfc_ext
 from networking_sfc.services.sfc.common import context as sfc_ctx
 from networking_sfc.services.sfc.drivers import base
-from neutron.callbacks import events
-from neutron.callbacks import registry
 from neutron.db import api as db_api
 from neutron.db import models_v2
+from neutron_lib.callbacks import events
+from neutron_lib.callbacks import registry
 from neutron_lib import constants as n_constants
 from neutron_lib.plugins import directory
 from oslo_log import log as logging
--- a/gbpservice/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py
+++ b/gbpservice/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py
@ -19,13 +19,13 @@ import webob.exc
 import mock
 from neutron.api import extensions
 from neutron.api.rpc.callbacks.producer import registry
-from neutron.plugins.common import constants
 from neutron import policy
 from neutron.services.trunk.rpc import server as trunk_server
 from neutron.tests.unit.api import test_extensions
 from neutron.tests.unit.db import test_db_base_plugin_v2
 from neutron_lib import constants as nl_constants
 from neutron_lib import context
+from neutron_lib.plugins import constants
 from neutron_lib.plugins import directory
 from oslo_utils import importutils
 from oslo_utils import uuidutils
--- a/gbpservice/neutron/tests/unit/db/grouppolicy/test_servicechain_db.py
+++ b/gbpservice/neutron/tests/unit/db/grouppolicy/test_servicechain_db.py
@ -14,8 +14,8 @@
 import six
 import webob.exc

-from neutron.plugins.common import constants
 from neutron_lib import context
+from neutron_lib.plugins import constants
 from oslo_config import cfg
 from oslo_utils import uuidutils

--- a/gbpservice/neutron/tests/unit/plugins/ml2plus/extensions/fake_extension.py
+++ b/gbpservice/neutron/tests/unit/plugins/ml2plus/extensions/fake_extension.py
@ -13,7 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-from neutron.extensions import address_scope as as_ext
+from neutron_lib.api.definitions import address_scope as as_def
 from neutron_lib.api.definitions import subnetpool as subnetpool_def
 from neutron_lib.api import extensions
 from neutron_lib import constants
@ -29,7 +29,7 @@ EXTENDED_ATTRIBUTES_2_0 = {
                                 'is_visible': True,
                                 'enforce_policy': True},
    },
-    as_ext.ADDRESS_SCOPES: {
+    as_def.COLLECTION_NAME: {
        'address_scope_extension': {'allow_post': True,
                                    'allow_put': True,
                                    'default': constants.ATTR_NOT_SPECIFIED,
--- a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py
+++ b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py
@ -1114,7 +1114,11 @@ class TestAimMapping(ApicAimTestCase):
        self._check_network(net)

        # updating SVI flag is not allowed
-        self._update('networks', net['id'], {SVI: 'False'}, 400)
+        data = {'network': {SVI: False}}
+        req = self.new_update_request('networks', data, net['id'], self.fmt)
+        resp = req.get_response(self.api)
+        self.assertEqual(resp.status_code, 400)
+
        self.assertEqual(True, net[SVI])
        self._check_network(net)

@ -4505,7 +4509,7 @@ class TestExtensionAttributes(ApicAimTestCase):
        self.assertFalse(extn.get_network_extn_db(session, net2['id']))

    def test_network_with_nested_domain_lifecycle(self):
-        session = db_api.get_session()
+        session = db_api.get_reader_session()
        extn = extn_db.ExtensionDbMixin()
        vlan_dict = {'vlans_list': ['2', '3', '4', '3'],
                     'vlan_ranges': [{'start': '6', 'end': '9'},
@ -4665,11 +4669,16 @@ class TestExtensionAttributes(ApicAimTestCase):
                                      dn=self.dn_t1_l1_n1,
                                      nat_type='edge')

-        self._update('networks', net1['id'],
-            {'network':
-             {DN: {'ExternalNetwork': 'uni/tn-t1/out-l1/instP-n2'}}},
-            400)
-        self._update('networks', net1['id'], {'apic:nat_type': ''}, 400)
+        data = {'network': {DN:
+                            {'ExternalNetwork': 'uni/tn-t1/out-l1/instP-n2'}}}
+        req = self.new_update_request('networks', data, net1['id'], self.fmt)
+        resp = req.get_response(self.api)
+        self.assertEqual(resp.status_code, 400)
+
+        data = {'network': {'apic:nat_type': ''}}
+        req = self.new_update_request('networks', data, net1['id'], self.fmt)
+        resp = req.get_response(self.api)
+        self.assertEqual(resp.status_code, 400)

    def test_external_subnet_lifecycle(self):
        session = db_api.get_reader_session()
--- a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_l3_apic_aim.py
+++ b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_l3_apic_aim.py
@ -85,7 +85,7 @@ class TestCiscoApicAimL3Plugin(test_aim_mapping_driver.AIMBaseTestCase):
                           'name': ROUTER}}
        router = self.plugin.create_router(self.context, attr)

-        with mock.patch('neutron.callbacks.registry.notify'):
+        with mock.patch('neutron_lib.callbacks.registry.notify'):
            info = self.plugin.add_router_interface(self.context,
                                                    router['id'],
                                                    interface_info)
--- a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_plugin.py
+++ b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_plugin.py
@ -17,6 +17,8 @@ import mock
 import testtools

 from neutron.api import extensions
+from neutron.conf.plugins.ml2 import config  # noqa
+from neutron.conf.plugins.ml2.drivers import driver_type
 from neutron.tests.unit.api import test_extensions
 from neutron.tests.unit.db import test_db_base_plugin_v2 as test_plugin
 from neutron.tests.unit.extensions import test_address_scope
@ -30,6 +32,9 @@ from gbpservice.neutron.tests.unit.plugins.ml2plus.drivers import (

 PLUGIN_NAME = 'gbpservice.neutron.plugins.ml2plus.plugin.Ml2PlusPlugin'

+config.register_ml2_plugin_opts()
+driver_type.register_ml2_drivers_vlan_opts()
+

 # This is just a quick sanity test that basic ML2 plugin functionality
 # is preserved.
--- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_neutron_resources_driver.py
+++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_neutron_resources_driver.py
@ -12,9 +12,9 @@
 # limitations under the License.

 import mock
-from neutron.plugins.common import constants as pconst
 from neutron_lib import constants
 from neutron_lib import context as nctx
+from neutron_lib.plugins import constants as pconst
 from neutron_lib.plugins import directory
 import webob.exc

--- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
+++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
@ -19,16 +19,16 @@ from keystonemiddleware import auth_token  # noqa
 import mock
 import netaddr
 from neutron.db.qos import models as qos_models
-from neutron.extensions import external_net as external_net
 from neutron.extensions import securitygroup as ext_sg
-from neutron.plugins.common import constants as pconst
 from neutron.services.qos.drivers.openvswitch import driver as qos_ovs_driver
 from neutron.tests.unit.extensions import test_address_scope
 from neutron.tests.unit.extensions import test_l3
 from neutron.tests.unit.extensions import test_securitygroup
 from neutron.tests.unit.plugins.ml2 import test_plugin as n_test_plugin
+from neutron_lib.api.definitions import external_net
 from neutron_lib import constants as cst
 from neutron_lib import context as nctx
+from neutron_lib.plugins import constants as pconst
 from neutron_lib.plugins import directory
 from oslo_utils import uuidutils
 import unittest2
--- a/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_heat_node_driver.py
+++ b/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_heat_node_driver.py
@ -16,9 +16,9 @@ import itertools
 import copy
 import heatclient
 import mock
-from neutron.extensions import external_net as external_net
-from neutron.plugins.common import constants
+from neutron_lib.api.definitions import external_net
 from neutron_lib import context as neutron_context
+from neutron_lib.plugins import constants
 from oslo_serialization import jsonutils
 from oslo_utils import uuidutils
 import webob
--- a/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_ncp_plugin.py
+++ b/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_ncp_plugin.py
@ -15,9 +15,9 @@ import webob.exc

 import mock
 from neutron.common import config
-from neutron.plugins.common import constants as pconst
 from neutron_lib import context as n_context
 from neutron_lib import exceptions as n_exc
+from neutron_lib.plugins import constants as pconst
 from neutron_lib.plugins import directory
 from oslo_config import cfg
 from oslo_serialization import jsonutils
--- a/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_nfp_node_driver.py
+++ b/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_nfp_node_driver.py
@ -12,7 +12,7 @@
 # limitations under the License.

 import mock
-from neutron.plugins.common import constants
+from neutron_lib.plugins import constants
 from oslo_serialization import jsonutils
 import webob

--- a/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_traffic_stitching_plumber.py
+++ b/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_traffic_stitching_plumber.py
@ -12,8 +12,8 @@

 import mock
 from neutron.common import config  # noqa
-from neutron.plugins.common import constants as pconst
 from neutron_lib import context as n_context
+from neutron_lib.plugins import constants as pconst
 from oslo_config import cfg

 from gbpservice.neutron.services.servicechain.plugins.ncp import model
--- a/gbpservice/neutron/tests/unit/services/sfc/test_aim_sfc_driver.py
+++ b/gbpservice/neutron/tests/unit/services/sfc/test_aim_sfc_driver.py
@ -21,9 +21,9 @@ from networking_sfc.services.flowclassifier.common import config as flc_cfg
 from networking_sfc.services.flowclassifier import driver_manager as fc_driverm
 from networking_sfc.services.sfc.common import config as sfc_cfg
 from networking_sfc.services.sfc import driver_manager as sfc_driverm
-from neutron.callbacks import exceptions as c_exc
 from neutron.db import api as db_api
 from neutron.db.models import l3 as l3_db
+from neutron_lib.callbacks import exceptions as c_exc
 from neutron_lib import context
 from neutron_lib.plugins import directory
 from oslo_log import log as logging
--- a/gbpservice/neutron/tests/unit/test_extension_group_policy.py
+++ b/gbpservice/neutron/tests/unit/test_extension_group_policy.py
@ -14,11 +14,11 @@ import copy
 import re

 import mock
-from neutron.plugins.common import constants
 from neutron.tests import base
 from neutron.tests.unit.api.v2 import test_base
 from neutron.tests.unit.extensions import base as test_extensions_base
 from neutron_lib import constants as n_consts
+from neutron_lib.plugins import constants
 from oslo_utils import uuidutils
 from webob import exc

--- a/gbpservice/neutron/tests/unit/test_extension_group_policy_mapping.py
+++ b/gbpservice/neutron/tests/unit/test_extension_group_policy_mapping.py
@ -13,8 +13,8 @@
 import copy
 import six

-from neutron.plugins.common import constants
 from neutron_lib import constants as n_constants
+from neutron_lib.plugins import constants

 from gbpservice.neutron.extensions import group_policy as gp
 from gbpservice.neutron.extensions import group_policy_mapping as gpm
--- a/gbpservice/neutron/tests/unit/test_extension_servicechain.py
+++ b/gbpservice/neutron/tests/unit/test_extension_servicechain.py
@ -13,9 +13,9 @@
 import copy

 import mock
-from neutron.plugins.common import constants
 from neutron.tests.unit.api.v2 import test_base
 from neutron.tests.unit.extensions import base as test_extensions_base
+from neutron_lib.plugins import constants
 from oslo_utils import uuidutils
 from webob import exc

--- a/gbpservice/nfp/orchestrator/config_drivers/heat_driver.py
+++ b/gbpservice/nfp/orchestrator/config_drivers/heat_driver.py
@ -16,7 +16,7 @@ import time

 from heatclient import exc as heat_exc
 from neutron.db import api as db_api
-from neutron.plugins.common import constants as pconst
+from neutron_lib.plugins import constants as pconst
 from oslo_config import cfg
 from oslo_serialization import jsonutils
 import yaml
--- a/gbpservice/tests/contrib/devstack/local-aim.conf
+++ b/gbpservice/tests/contrib/devstack/local-aim.conf
@ -13,7 +13,7 @@ SKIP_EXERCISES=volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregate

 enable_plugin group-based-policy https://github.com/openstack/group-based-policy.git master

-enable_plugin networking-sfc https://git.openstack.org/openstack/networking-sfc.git stable/pike
+enable_plugin networking-sfc https://git.openstack.org/openstack/networking-sfc.git stable/queens

 ENABLE_APIC_AIM_GATE=True

--- a/gbpservice/tests/contrib/functions-gbp
+++ b/gbpservice/tests/contrib/functions-gbp
@ -16,7 +16,7 @@ XTRACE=$(set +o | grep xtrace)

 function prepare_gbp_devstack_pre {
    cd $TOP_DIR
-    sudo git checkout stable/pike
+    sudo git checkout stable/queens
    sudo sed -i 's/DEST=\/opt\/stack/DEST=\/opt\/stack\/new/g' $TOP_DIR/stackrc
    sudo sed -i 's/source $TOP_DIR\/lib\/neutron/source $TOP_DIR\/lib\/neutron\nsource $TOP_DIR\/lib\/neutron-legacy/g' $TOP_DIR/stack.sh
 }
@ -25,15 +25,15 @@ function prepare_gbp_devstack_post {
    # The following should updated when master moves to a new release
    # We need to do the following since the infra job clones these repos and
    # checks out the master branch (as this is the master branch) and later
-    # does not switch to the stable/pike branch when installing devstack
+    # does not switch to the stable/queens branch when installing devstack
    # since the repo is already present.
    # This can be worked around by changing the job description in
-    # project-config to set BRANCH_OVERRIDE to use the stable/pike branch
-    sudo git --git-dir=/opt/stack/new/neutron/.git --work-tree=/opt/stack/new/neutron checkout stable/pike
-    sudo git --git-dir=/opt/stack/new/nova/.git --work-tree=/opt/stack/new/nova checkout stable/pike
-    sudo git --git-dir=/opt/stack/new/keystone/.git --work-tree=/opt/stack/new/keystone checkout stable/pike
-    sudo git --git-dir=/opt/stack/new/cinder/.git --work-tree=/opt/stack/new/cinder checkout stable/pike
-    sudo git --git-dir=/opt/stack/new/requirements/.git --work-tree=/opt/stack/new/requirements checkout stable/pike
+    # project-config to set BRANCH_OVERRIDE to use the stable/queens branch
+    sudo git --git-dir=/opt/stack/new/neutron/.git --work-tree=/opt/stack/new/neutron checkout stable/queens
+    sudo git --git-dir=/opt/stack/new/nova/.git --work-tree=/opt/stack/new/nova checkout stable/queens
+    sudo git --git-dir=/opt/stack/new/keystone/.git --work-tree=/opt/stack/new/keystone checkout stable/queens
+    sudo git --git-dir=/opt/stack/new/cinder/.git --work-tree=/opt/stack/new/cinder checkout stable/queens
+    sudo git --git-dir=/opt/stack/new/requirements/.git --work-tree=/opt/stack/new/requirements checkout stable/queens

    source $TOP_DIR/functions
    source $TOP_DIR/functions-common
--- a/requirements.txt
+++ b/requirements.txt
@ -2,5 +2,5 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.

-pbr>=1.6
-oslosphinx>=2.5.0,<2.6.0  # Apache-2.0
+pbr>=2.0.0,!=2.1.0  # Apache-2.0
+oslosphinx>=4.7.0,<4.19.0  # Apache-2.0
--- a/run_tests.sh
+++ b/run_tests.sh
@ -154,9 +154,9 @@ function run_tests {
 }

 function copy_subunit_log {
-  LOGNAME=`cat .testrepository/next-stream`
+  LOGNAME=`cat .stestr/next-stream`
  LOGNAME=$(($LOGNAME - 1))
-  LOGNAME=".testrepository/${LOGNAME}"
+  LOGNAME=".stestr/${LOGNAME}"
  cp $LOGNAME subunit.log
 }

--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -2,42 +2,41 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.

-e git+https://git.openstack.org/openstack/neutron.git@stable/pike#egg=neutron
+-e git+https://git.openstack.org/openstack/neutron.git@stable/queens#egg=neutron

 -e git+https://github.com/noironetworks/apicapi.git@master#egg=apicapi

 -e git+https://github.com/noironetworks/python-opflex-agent.git@master#egg=python-opflexagent-agent

-e git+https://github.com/openstack/vmware-nsx.git@stable/pike#egg=vmware_nsx
-e git+https://github.com/openstack/vmware-nsxlib.git@stable/pike#egg=vmware_nsxlib
+-e git+https://github.com/openstack/vmware-nsx.git@stable/queens#egg=vmware_nsx
+-e git+https://github.com/openstack/vmware-nsxlib.git@stable/queens#egg=vmware_nsxlib

 -e git+https://git.openstack.org/openstack/python-group-based-policy-client@master#egg=gbpclient
-e git+https://git.openstack.org/openstack/neutron-vpnaas@stable/pike#egg=neutron-vpnaas
-e git+https://git.openstack.org/openstack/neutron-lbaas@stable/pike#egg=neutron-lbaas
-e git+https://git.openstack.org/openstack/neutron-fwaas@stable/pike#egg=neutron-fwaas
-e git+https://git.openstack.org/openstack/networking-sfc@stable/pike#egg=networking-sfc
+-e git+https://git.openstack.org/openstack/neutron-vpnaas@stable/queens#egg=neutron-vpnaas
+-e git+https://git.openstack.org/openstack/neutron-lbaas@stable/queens#egg=neutron-lbaas
+-e git+https://git.openstack.org/openstack/neutron-fwaas@stable/queens#egg=neutron-fwaas
+-e git+https://git.openstack.org/openstack/networking-sfc@stable/queens#egg=networking-sfc
 hacking<0.12,>=0.11.0 # Apache-2.0

-cliff>=2.3.0 # Apache-2.0
-coverage>=4.0 # Apache-2.0
+cliff>=2.8.0,!=2.9.0  # Apache-2.0
+coverage!=4.4,>=4.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
-httplib2>=0.7.5
+httplib2>=0.9.1  # MIT
 mock>=2.0 # BSD
-python-subunit>=0.0.18 # Apache-2.0/BSD
+python-subunit>=1.0.0 # Apache-2.0/BSD
 requests-mock>=1.1 # Apache-2.0
-sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
+sphinx!=1.6.6,>=1.6.2 # BSD
 ordereddict
-testrepository>=0.0.18 # Apache-2.0/BSD
-testtools>=1.4.0 # MIT
-testresources>=0.2.4 # Apache-2.0/BSD
+testtools>=2.2.0 # MIT
+testresources>=2.0.0 # Apache-2.0/BSD
 testscenarios>=0.4 # Apache-2.0/BSD
-WebTest>=2.0 # MIT
-oslotest>=1.10.0 # Apache-2.0
-os-testr>=0.8.0 # Apache-2.0
+WebTest>=2.0.27 # MIT
+oslotest>=3.2.0 # Apache-2.0
+os-testr>=1.0.0 # Apache-2.0
 ddt>=1.0.1 # MIT
-pylint==1.4.5 # GNU GPL v2
-reno>=1.8.0 # Apache2
-pyOpenSSL>=0.14.0,<=0.15.1
+pylint==1.4.5 # GPLv2
+reno>=2.5.0 # Apache-2.0
+pyOpenSSL>=16.2.0  # Apache-2.0

 # Since version numbers for these are specified in
 # https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt,
--- a/tools/tox_install.sh
+++ b/tools/tox_install.sh
@ -8,7 +8,7 @@
 DIR=/home/zuul/src/git.openstack.org/openstack/requirements
 if [ -d "$DIR" ]; then
    cd $DIR
-    git checkout stable/pike
+    git checkout stable/queens
 fi

 set -e
--- a/tox.ini
+++ b/tox.ini
@ -9,7 +9,7 @@ setenv = VIRTUAL_ENV={envdir}
 passenv = TRACE_FAILONLY GENERATE_HASHES http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
 usedevelop = True
 install_command =
-  {toxinidir}/tools/tox_install.sh {env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=stable/pike} {opts} {packages}
+  {toxinidir}/tools/tox_install.sh {env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=stable/queens} {opts} {packages}
 deps = -r{toxinidir}/requirements.txt
       -r{toxinidir}/test-requirements.txt
 whitelist_externals = sh