Commit Graph

1738 Commits

Author SHA1 Message Date
OpenStack Release Bot e071ad44b0 reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.

Change-Id: I607493fb73536ce938f67d1a7e79af3c78eca4f4
2024-02-06 15:50:24 +00:00
Zuul ec225c225c Merge "Update python classifier in setup.cfg" 2024-01-26 16:33:59 +00:00
Zuul 733a34bcef Merge "Change retries log level to warning instead of info" 2024-01-05 17:09:25 +00:00
Ghanshyam Mann 2db8309be9 Update python classifier in setup.cfg
As per the current release tested runtime, we test
python version from 3.8 to 3.11 so updating the
same in python classifier in setup.cfg

Change-Id: I8d3a53d2bc5207a5627edf881bb7eacdff56a7ec
2024-01-03 23:56:30 -08:00
Stephen Finucane b68be4b70e Bump hacking, other flake8 plugins
Address the couple of small issues it highlights.

Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I0b0b8ff96d024cc3432ce902e781fff7e594924e
2023-12-18 10:20:25 +00:00
Stephen Finucane 9df23dc6a8 Bump bandit
Address incompatibility with Python 3.8, which happens due to the older
bandits use of the private '_ast' module instead of 'ast' [1] and the
deprecated 'Num' having been removed from the former. The bump requires
an additional nosec for a line that is misidentified as a hardcoded
password.

A note about requirements ordering is removed as it hasn't been relevant
since pip 20.3 introduced the new dependency resolver.

[1] 09b0207e2b

Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: Icaaa3a2e24429bba5cf70c04062cfa5820c8a1bf
2023-12-18 10:17:14 +00:00
Stephen Finucane b5ddc0732e Remove dependency on oslo_config
Per the note in requirements.txt, we do not want to depend on any oslo
library. Fix the accidental inclusion of this library.

Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I0287fc2493831e9b52790f7d6db13b8a4ed7158e
2023-12-14 10:44:36 +00:00
Zuul 2bc0f5afb0 Merge "Allow setting retriable status codes for Adapter via configuration options" 2023-12-01 16:29:25 +00:00
Jaromir Wysoglad 3b492a7aa0 Fix "dictionary changed size during iteration"
We have hit an error with
"dictionary changed size during iteration" a few times during
this week in telemetry integration tests. It seems like it's
hitting only our ubuntu based jobs, I haven't seen this error
in a centos based job yet. Example of the failed job can be
found in [1], I extracted a traceback, which leads to keystoneauth1
into [2]. According to [3] and [4] using copy() should help with
the issue. The python docs [5] indicate, that copy() should always
be used when iterating through sys.modules

[1] https://zuul.opendev.org/t/openstack/build/c99db592871a441e9cddad2f4e60c2fc/console
[2] https://paste.opendev.org/show/bpzng2EUyFh1tvBHczt7/
[3] https://github.com/python/cpython/issues/84507
[4] https://github.com/python/cpython/issues/89516
[5] https://docs.python.org/3/library/sys.html#sys.modules

Change-Id: I50500c6a21bbe60050303cea4628ca9b71a3e0eb
2023-11-09 10:37:37 -05:00
Pierre-Samuel Le Stang b43cad9353
Change retries log level to warning instead of info
Closes-bug: 2042670
Change-Id: Id771077b1070a80b9acab5ffda66155f0dea22be
2023-11-06 09:25:59 +01:00
Pierre-Samuel Le Stang f136680870
Allow setting retriable status codes for Adapter via configuration options
Signed-off-by: Pierre-Samuel Le Stang <pierre-samuel.le-stang@corp.ovh.com>
Change-Id: Id7ad3f398891361abe62027248eba0f5eb1934d7
2023-10-20 10:03:46 +02:00
Zuul 44e477dfb5 Merge "Drop parameters when connecting to a redirected endpoint" 2023-10-06 17:25:18 +00:00
Zuul b0a6c8da6c Merge "Add project URLs from README as packaging metadata" 2023-10-06 15:28:23 +00:00
Julia Kreger 74f05249d1 Drop parameters when connecting to a redirected endpoint
When redirected, the server *generally* returns a fully
formed URI, but does not really have to, so we may end up
in a "depending on how the redirect was triggered" would
result in the response handling.

Ultimately, any behavior which is not an fully formed URI
would be invalid.

But our code was taking the URI we got back, and would then
re-issue the request with a list of parameters with the new
URL. Duplicating the parameters on the URI.

Example of what was occuring, when only provision_state=active
was a parameter before the redirect:

/v1/nodes?provision_state=active&provision_state=active

Co-Authored-By: Kristi Nikolla <knikolla@bu.edu>
Co-Authored-By: Jay Faulkner <jay@jvf.cc>

Story: 2010029
Task: 45316
Change-Id: I4969a42ee651ac2c559e378d879b673a1d788c57
2023-10-06 16:21:02 +02:00
Zuul 659a288cc1 Merge "Keep request-id at redirect" 2023-10-02 11:44:36 +00:00
OpenStack Release Bot efba3f9b38 Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.

Sem-Ver: feature
Change-Id: Ia73a8b414df7173dbc802e0175140f889a7cfa2d
2023-09-08 14:53:59 +00:00
Zuul e6f3999c6f Merge "Support PKCE with v3oidcdeviceauthz" 2023-08-15 11:19:13 +00:00
Zuul 28048af959 Merge "Add doc of OAuth 2.0 Mutual-TLS Authenticate" 2023-06-27 15:49:46 +00:00
Zuul 0195cc7ead Merge "Add doc of OAuth2.0 Client Credentials Grant Flow" 2023-06-14 18:29:45 +00:00
Vadym Markov c800dcee75 Keep request-id at redirect
Currently when redirects are used, the request id can get lost on redirect.
Proposed patch reuses req-id from redirect response and passes it to
actual request

Closes-Bug: #2000742
Change-Id: I98d5d4490b3d5667677cdd19f3c7b39abe6044ef
2023-05-27 13:04:05 +00:00
Arvid Requate 38303c3c9f Support PKCE with v3oidcdeviceauthz
In case the OAuth 2.0 client for keystone is configured in Keycloak to
require PKCE (for horizon Web-SSO), this also applies to other flows
like v3oidcdeviceauthz.

https://www.rfc-editor.org/rfc/rfc7636

Signed-off-by: Arvid Requate <requate@univention.de>
Change-Id: I8475a583844d9b97ed65a9909c31cebc31cfbebb
2023-05-23 09:53:10 +02:00
Dave Wilde c69ade60a6 Remove last reference to the python six package
We missed an import of the six package.

Change-Id: Id618b93d47a6e25a89144b3a93b12cbb5fc14797
2023-05-17 09:35:24 -05:00
Zuul 6e0f3eb61a Merge "Fix up some packaging metadata" 2023-05-16 16:23:12 +00:00
Zuul fe74dedb05 Merge "Make v3oidcpassword send client_id" 2023-05-16 16:23:11 +00:00
Steve Relf 30d61ad316 Make v3oidcpassword send client_id
Updates the v3oidcpassword function to also send the client_id as part of the request body,
this seems to be a requirement for services like onelogin.

Change-Id: I2392ef51302804c0c66c0fb52227db5f35bca3fd
2023-05-11 11:08:06 +00:00
Zuul 1462b7344e Merge "Add RFC required headers and data to the request" 2023-05-10 23:03:06 +00:00
Arvid Requate 3e15740c73 Add RFC required headers and data to the request
Fixup for 44e5b2deef

Signed-off-by: Arvid Requate <requate@univention.de>
Change-Id: I88bbfebd19f3e291c304f5bbd7f8dde2ed951821
2023-05-09 11:25:52 +02:00
OpenStack Release Bot 2e40bbf8e3 Update master for stable/2023.1
Add file to the reno documentation build to show release notes for
stable/2023.1.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.

Sem-Ver: feature
Change-Id: I9d1c3fab9382490c51471893c830c01106c07497
2023-04-27 13:56:02 +02:00
Zuul 8d24892f9d Merge "Remove six" 2023-04-21 16:29:11 +00:00
Zuul eb5ebfd4bd Merge "Switch to 2023.1 Python3 unit tests and generic template name" 2023-04-21 16:05:43 +00:00
Zuul f6e340270e Merge "Update master for stable/zed" 2023-04-21 16:05:42 +00:00
Zuul bf5aed34cd Merge "Replace abc.abstractproperty with property and abc.abstractmethod" 2023-04-21 16:05:40 +00:00
Zuul 3ffea9276e Merge "Allow federation to work with unversioned auth_url" 2023-04-21 15:58:42 +00:00
Zuul d2a100f85d Merge "setup.cfg: Restore python_requires after a typo" 2023-03-24 17:07:09 +00:00
Tim Burke 66cd04e2ab Add project URLs from README as packaging metadata
Change-Id: Ibdbc0b9228c6b24a521b9117ee0298a4a302bb98
2023-03-16 16:03:30 -07:00
Tim Burke 4e518145c3 Fix up some packaging metadata
https://pypi.org/pypi/keystoneauth1/json currently does not have a minimum
python version.

Also clean up a twine warning:

  warning: `long_description_content_type` missing. defaulting to `text/x-rst`.

Change-Id: Ibc4747c32afe646fe15baf52538f1ef1defc40c1
2023-03-16 16:00:52 -07:00
Zuul b80a6b62e4 Merge "New auth plugin v3oidcdeviceauthz" 2023-03-03 17:10:06 +00:00
Arvid Requate 44e5b2deef New auth plugin v3oidcdeviceauthz
OAuth 2.0 Device Authorization Grant

https://www.rfc-editor.org/rfc/rfc8628

Signed-off-by: Arvid Requate <requate@univention.de>
Change-Id: I8344ee5c9730c1533d58d7ccb04ddc3d2d517ade
2023-02-23 10:09:08 +01:00
sunyonggen ca28df8480 OAuth 2.0 Mutual-TLS Support
Added a new OAuth2mTlsClientCredential plugin, accessible via the
'v3oauth2mtlsclientcredential' entry point, making possible to
authenticate using an OAuth 2.0 Mutual-TLS client credentials.

Co-Authored-By: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp>
Change-Id: I0e02ef18da5d60cdd1bcde07b07c2071b74b73d6
Implements: blueprint support-oauth2-mtls
2023-02-10 20:56:45 +09:00
Dr. Jens Harbott 6ee21bd722 Fix docs build for tox4
Replace deprecated whitelist_externals with allowlist_externals. Drop
skipsdist = True setting.

Change-Id: Iced0ce2472e5c0bd09fba0d274ef2772883a0a49
2023-01-12 10:21:47 +01:00
Zuul c96b058212 Merge "Enforce scope mutual exclusion for system" 2022-12-20 22:37:30 +00:00
Grzegorz Grasza 5098d45cca Allow passing of version header
Add keyword option to get_version_data() to allow passing
of the version header so that we can get the microversions.
Specifically, this is so that we can re-use this function
in barbican, which recently implemented microversions, but
doesn't return them by default, for backward compatibility
with old clients.

Change-Id: I909750381a559f9dc61650c9f98c88d4481012b7
2022-12-20 15:58:04 +01:00
Stephen Finucane 192a27ae5f Remove six
This is no longer necessary since we only support Python 3.x.

A note is removed from requirements.txt since it's no longer relevant:
pip 20.3+ has a real dependency resolver.

Change-Id: Ie3006813a79fef1f128d388b906e4f1752347fa4
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
2022-12-14 10:47:25 +00:00
Pete Zaitcev bef3dfb6ae setup.cfg: Restore python_requires after a typo
The "python_equires" typo was introduced by the change
I3980fbc53ce4b954aff5e98087897ea94e50e4fc, commit
a1e209c9a1.

The typo apparently had a weird effect of declaring our
package as supporting Python 2, although obviously we
quit py2 long time ago.

Closes-bug: 1999431
Change-Id: Ife08f751bd64f2bbb04747ccc030d38ce78db712
2022-12-13 23:40:43 -06:00
Pavlo Shchelokovskyy 737790f732 Allow federation to work with unversioned auth_url
while e.g. V3Password works perfectly fine with unversioned auth_url
like 'http://keystone', everything based on FederationBaseAuth
does not and only requires versioned v3 auth_url.

Since OS_FEDERATION is implemented only in v3, this patch
makes sure that federated_token_url has v3 in it, thus allowing
for unversoned auth_url as well.

Closes-Bug: #1998366
Change-Id: I1f0b00b6f721c53bb5308e03223d0c1564ca81b3
2022-12-02 18:04:08 +00:00
Pavlo Shchelokovskyy ae646f8d37 Enforce scope mutual exclusion for system
we already fail when mutliple scope identifiers are provided, however
not when system scope is involved. As a result of the undocumented
priority of checks, when system scope is specified together with any
other scope, that other scope will silently be used.

Change-Id: I120ed63f6c1262d067eeb6168feab35278cacf6a
2022-12-02 18:03:47 +00:00
Hervé Beraud 11faa0e67d Fix linters and bindep on jammy
Bump linter requirements - follow the changes
made in keystone in commits
6dfde5b48b388e32e34a385c3a9ef48da7c7c49b and
5c71ebd7a92d25df83e2e7cc5fad9990e9eebbf5 in
order to fix compatibility with Python 3.10.

Remove python-dev from bindep - it's no longer
supported by jammy and lead us to the following
errors with the announce-release job:

```
No package matching 'python-dev' is available
```

Co-Authored-By: Herve Beraud <hberaud@redhat.com>
Change-Id: If687a2678733ce018bd31c602140f073ab1a1a65
2022-12-01 12:14:33 +00:00
sunyonggen ab0beab2c9 Add doc of OAuth 2.0 Mutual-TLS Authenticate
Added a new OAuth2mTlsClientCredential plugin, accessible via the
'v3oauth2mtlsclientcredential' entry point, making possible to
authenticate using an OAuth 2.0 Mutual-TLS client credentials.

Implements: blueprint support-oauth2-mtls
Change-Id: I4b85bcfbfad1e34624b48ecd6476d01a4adba9eb
2022-10-24 11:49:03 +09:00
OpenStack Release Bot 19db34ed1a Switch to 2023.1 Python3 unit tests and generic template name
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope. Also,
updating the template name to generic one.

See also the PTI in governance [1].

[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html

Change-Id: I2447df95b05fcd4f133f8c4d278c6284a67eb0b7
2022-09-14 09:18:50 +00:00
OpenStack Release Bot aaca2b3018 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: Ia0d14f0955504bdeb41c1eff4d6854293e1f3430
2022-09-09 15:12:22 +00:00