* Update castellan from branch 'master'
to 8c89839e37919d7a0f6ab58d3fcf9fc50735b9e8
- Use upper-constraint in doc generation
Currently doc jobs are broken because the latest sphinx 7.2.0 is not
compatible with the latest release of openstackdocstheme.
This updates the docs/releasenotes target to use the global upper
constraints to avoid that issue.
Change-Id: I7eef81e2cfc2156dd8aa076e09de4904dda6eb9a
* Update castellan from branch 'master'
to 718bde6e3f0778fd6fa0964e32942c3debe4ebd3
- Merge "reno: Update master for unmaintained/xena"
- reno: Update master for unmaintained/xena
Update the xena release notes configuration to build from
unmaintained/xena.
Change-Id: Iab48a01fca4c2f67cb81379ac59031038c9bfb08
* Update castellan from branch 'master'
to 86a28d334efc2e0bed864c27fdc7933165f0b425
- Merge "reno: Update master for unmaintained/wallaby"
- reno: Update master for unmaintained/wallaby
Update the wallaby release notes configuration to build from
unmaintained/wallaby.
Change-Id: Iffda7484b0b6fd3849301a93d9b177b0692b8a61
* Update castellan from branch 'master'
to 03b5caba88ec1713ac7e8fbe1f608e463c4ebf25
- Merge "reno: Update master for unmaintained/victoria"
- reno: Update master for unmaintained/victoria
Update the victoria release notes configuration to build from
unmaintained/victoria.
Change-Id: If32844bcfaa61f0836ff73818f72073a5cfc9b80
* Update castellan from branch 'master'
to 9558ccd6ff19f69428410650ae5d80a1d7b31f8f
- Update master for stable/2024.1
Add file to the reno documentation build to show release notes for
stable/2024.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.
Sem-Ver: feature
Change-Id: I3ed6662c2c6c440435eae5d6f05a8abb83dae142
* Update castellan from branch 'master'
to d578cbcce94fd1d7023feb15918c639b7c087d5f
- Add release note about new consumer interfaces
Since bc6d87b96912212ab797ad7634b2a45e37ea5fc6 was merged, any
implementations inheriting the base KeyManager class should implement
the two new consumer interfaces. This documents that upgrade impact
so that the note appears in release note.
Change-Id: Id6ba2f3dff279371a13e319773b4579c82338774
* Update castellan from branch 'master'
to 4925356be6f0f347b36119a981fefdd9c5c29ac8
- Raise ManagedObjectNotFoundError in MockKeyManager
Currently the MockKeyManager raises KeyError when a key is not found
for a get() or delete() but a real key manager raises
ManagedObjectNotFoundError in the case of not found [1][2].
This updates the MockKeyManager to raise the same exception as a real
key manager so that projects using it in tests will be able to test
their handling of "not found" scenarios properly.
[1] a662b30764/castellan/key_manager/barbican_key_manager.py (L617)
[2] a662b30764/castellan/key_manager/barbican_key_manager.py (L644)
Change-Id: I3184a229f6690854dda1edc12e74bb483b47a057
* Update castellan from branch 'master'
to e4c44a460d0bd152f5a923ceae5011b1cb82a84a
- Merge "tox: Drop envdir"
- tox: Drop envdir
tox now always recreates an env although the env is shared using envdir
options.
~~~
$ tox -e genpolicy
genpolicy: recreate env because env type changed from
{'name': 'genconfig', 'type': 'VirtualEnvRunner'} to
{'name': 'genpolicy', 'type': 'VirtualEnvRunner'}
~~~
According to the maintainer of tox, this functionality is not intended
to be supported.
https://github.com/tox-dev/tox/issues/425#issuecomment-1011944293
Change-Id: I5db68dc1ca25626d7f50c2fa9319896721c08d3d
* Update castellan from branch 'master'
to 1d423e1bfa77b1a16eef454846158cd5e8cee55d
- reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.
Change-Id: Ic2c7f652bcec232b16249c1c6341cd86c07aae38
* Update castellan from branch 'master'
to 3b4e09f8cd4d7e752fda8b12a465e4e87c37eee9
- Update python classifier in setup.cfg
As per the current release tested runtime, we test
python version from 3.8 to 3.11 so updating the
same in python classifier in setup.cfg
Change-Id: I8b5ffec9f1622341950e8104795b98b33ccb3a45
* Update castellan from branch 'master'
to 7b19136668011aab3ef238b2101f12e53ac87138
- Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: I678310a4dcc6268263a7a42f4f425907f35079e4
* Update castellan from branch 'master'
to 46cb956cf056128b25a36adb9f71f9849f844815
- Moves supported python runtimes from version 3.8 to 3.10
Within 2023.2 python version 3.9 and 3.10 are the
supported python runtimes [1].
[1] https://review.opendev.org/c/openstack/governance/+/872232
Change-Id: Ibea17ce03a0e4f5ef018afeb934660e0dc1bfc60
* Update castellan from branch 'master'
to cecdde7672a3dec843753dff162b4c8ba58f8c36
- Update master for stable/2023.1
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: Ic3218dd69770273a5b4cae181bc21d015501378f
* Update castellan from branch 'master'
to a2c3d54c820f8bfd57fe48da6c1550737412de90
- Merge "Implement force parameter"
- Implement force parameter
This change adds the force parameter to the secret delete
method. By default, a secret cannot be deleted if it
contains consumers.
This code cannot be merged without a corresponding release and
bump of version for the barbicanclient.
Co-Authored-By: Mauricio Harley <mharley@redhat.com>
Change-Id: I84fd870b1cd19975a5bb832ed6fd6d18ec56eb5a
* Update castellan from branch 'master'
to 300c60ca978fd390c374ffddf6c45bcef673cb23
- Merge "Add support for specifying Vault KV path"
- Add support for specifying Vault KV path
This commit adds support for a Vault path that is relative to
the root of the Vault KV store. This configuration is optional
and will be a noop for existing deployments.
Change-Id: If34c38c8f0a2f13ea90f564bfe5e933e5e748da4
* Update castellan from branch 'master'
to bc6d87b96912212ab797ad7634b2a45e37ea5fc6
- Add secret consumers
This change adds the ability to add or remove consumers to a
managed object to allow services to indicate which object is
associated with a specific secret. At this time, only barbican
supports consumers.
This code cannot be merged without a corresponding release and
bump of version for the barbicanclient.
Co-Authored-By: Mauricio Harley <mharley@redhat.com>
Depends-On: https://review.opendev.org/c/openstack/requirements/+/873906
Change-Id: Ic25ac329f87db5992e32ef0b2d7d4020f37b2dee
* Update castellan from branch 'master'
to fe10397ac05b0376a75be57d7c6f31dc5f470e9e
- Initial change to add secret consumers
This adds consumers to the objects. Unit tests are
also covered.
Co-Authored-By: Ade Lee <alee@redhat.com>
Co-Authored-By: Mauricio Harley <mharley@redhat.com>
Change-Id: I598209e30d8f0e4515292b1f8c9a89aa952bac4e
* Update castellan from branch 'master'
to fb6b880eafe9609c511c183e85f8c40dbb7a4606
- Fix tox4 error
tox.ini started failing with Tox4 which had some
incompatible changes. One of them is due to the
skipsdist = True.
This also adds setup-vault-env.sh to allowlist_externals, since it
fails otherwise.
Change-Id: If0ace2c2ef0915d9a4ffcba99d664ffe97621b12
* Update castellan from branch 'master'
to 316db6cb534dfeb7bafacd13864c8144a95f20f6
- Make tests more consistent
Tests periodically fail right now because the cleanup which is
running in a different thread sometimes removes the managed objects
before we have completed testing with them. The change to use
concurrency=1 will slow down the tests, but also make them more
consistent.
Also, when things are not cleaned up, you can get false positive
results if multiple objects contain the same content. This will
fix this problem by making the contents unique.
Change-Id: Ic2b9e6afe9371dbe135e90fa6df36a8e91921556
* Update castellan from branch 'master'
to 88fe06e37371208d27ee681bb55df1eac93e0dbb
- Add Python3 antelope unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: I0b09c4b655a3f80eba34520a51bb7aff173764ad
* Update castellan from branch 'master'
to c6ad6b931518f1fd9ba8d67895e036e22d47cf38
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I3136f2dc8f4a6b2f9d15a12a880fa1a5c551343e
* Update castellan from branch 'master'
to 73569c8ff07706c33bd8961a9ab03a94bcb47a63
- Drop python3.6/3.7 support in testing runtime
In Zed cycle testing runtime, we are targetting to drop the
python 3.6/3.7 support, project started adding python 3.8 as minimum,
example nova:
- 56b5aed08c/setup.cfg (L13)
Change-Id: I356f666d481e3514f5806221491171d95ae5789c
* Update castellan from branch 'master'
to d2e843720883cb9e3590046d4ed48d192a114dd4
- Remove redundant override of logging_context_format_string
The target value is exactly same as the default defined in oslo.log,
thus this override is just redundant.
Change-Id: I91fcc035526d655f0b885f5b6a176dc18577a3a3
* Update castellan from branch 'master'
to e045a4c667361ea8b89fe9133fe435f09c242c7f
- Merge "Add Python3 zed unit tests"
- Add Python3 zed unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for zed.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: I81a053eb2bf52a871277c0965fce6a13ce4ac3bc
* Update castellan from branch 'master'
to 6d5cc58c7f3d793ebff6b5582e8a8d0dae3041ef
- Merge "Updating python testing classifier as per Yoga testing runtime"
- Updating python testing classifier as per Yoga testing runtime
Yoga testing runtime[1] has been updated to add py39
testing as voting. Unit tests update are handled by the
job template change in openstack-zuul-job
- https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/820286
this commit updates the classifier in setup.cfg file.
[1] https://governance.openstack.org/tc/reference/runtimes/yoga.html
Change-Id: I85d655b21aad1f7101904a19f1eeae9874319206
* Update castellan from branch 'master'
to a160e5c8dc2858bd59c786a4718922882f22be28
- Replace the deprecated argument tenant
The deprecated argument tenant from RequestContext
has been removed since [1], so we switch to 'project_id'.
[1] https://review.opendev.org/c/openstack/oslo.context/+/815938
Change-Id: I4e3e4c50ba5d829ed739e278b5286f2bf4808870
* Update castellan from branch 'master'
to 3e0fad7783cead6823eac7e464192b2e59e8a552
- Update master for stable/yoga
Add file to the reno documentation build to show release notes for
stable/yoga.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.
Sem-Ver: feature
Change-Id: I600b3e54f31a622862c178452ab68c1059f34036
* Update castellan from branch 'master'
to 86712360f345866e108e12eda1075101635dd1ec
- remove unicode from code
Change-Id: I086d90b6f46e31582d412b8725e48cba5c21d6bc
* Update castellan from branch 'master'
to ebafb3c656aa08329d05103ebbfd67c47c4c12a4
- Merge "Fix gitignore pattern for vault related files"
- Fix gitignore pattern for vault related files
previous pattern ignored any file that started with 'vault_'.
While not affecting changes to the vault_key_manager.py file that was
already checked into the repository, this pattern effectively hides said
file from many modern search tools (like ack, ag or ripgrep)
that by default ignore files according to .gitignore patterns.
This patch changes this pattern to ignore 'vault_*' files and
directories only in the root of the repo.
Change-Id: Id2095d9a401154435c346916e10df777b70d28dc
* Update castellan from branch 'master'
to 4b6f73a671e13b6cdb936c3f72c095b1f7944117
- Support setting Vault kv version config
Change-Id: If1e244c808eeb5303b6b29d723cd60cdb66e6e86
* Update castellan from branch 'master'
to ecf625b65c77e74cae4d3784b66bf64da6feac6e
- Add support for Vault Namespaces
Vault Namespaces [0] is a feature available in Vault Enterprise that
can be considered as a more advanced isolation feature on top of current
KV Mountpoint option in Castellan Vault plugin.
Passing a namespace in all request headers (including Auth) allows to organize
Vault-in-Vault style of isolation, with clients using the same simple URI path
but accessing separate sets of entities in Vault.
[0] https://www.vaultproject.io/docs/enterprise/namespaces
Change-Id: I627c20002bb2a0a1b346b57e824f87f856eca4c9
* Update castellan from branch 'master'
to aa3a760b614efd10e63617dd59b655950e9dd565
- Add Python3 yoga unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for yoga.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: Id850ad18409023a9303fbeb4f9326dd4a3878134
* Update castellan from branch 'master'
to d9e2af2b2f3a5022073772ec9716b1abc488a84f
- Update master for stable/xena
Add file to the reno documentation build to show release notes for
stable/xena.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.
Sem-Ver: feature
Change-Id: I1f1fdd54490efa1ca406c7e6b807ce643a73f613
* Update castellan from branch 'master'
to 17cd8335e13cc7b15818e9a0ea9a0f9d5e5cc150
- Merge "barbican key manager: Add support for service user"
- barbican key manager: Add support for service user
This change adds support to the Barbican key manager for configuring a
service user. This can be used to provide additional security through
the combination of a user token and a service token, with appropriate
modifications to Barbican API policy.
Use of a service user is enabled via the [barbican]
send_service_user_token option, which defaults to False. When set to
True, the service user is configured via keystoneauth options in the
barbican_service_user group.
Change-Id: I143cb57c8534a8dc0a91e6e42917dd0c134170c0
* Update castellan from branch 'master'
to 2073f450bee172da1b94f333d9b8751262c8f340
- Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23
Change-Id: Id9b9f5c3a99f6b3717a69a65e1aadc25aa4d48b4
* Update castellan from branch 'master'
to 0d0c2f2a9ef3e0842dfa5b49467d11e2be00da99
- Add missing font for PDF doc generation
openstack-tox-docs job started to fail with the following error:
! LaTeX Error: File `tgtermes.sty' not found.
This patch adds the required font package to bindep doc profile.
Change-Id: I242da5c4fcc3096a47f85bd8a265ad8f072b2a30
* Update castellan from branch 'master'
to d48fee9bcb5b1932b129aeb8d6118835b7ef05e4
- Merge "Remove lower-constraints remnants"
- Remove lower-constraints remnants
These were missed in change: I1d4de15d017a306e64df8447cf1bd64c70cf361a
Change-Id: I906c1e5f24aa93d7cc65f149b9164f85a7c57e7c
* Update castellan from branch 'master'
to 977e083c7efe0a4a9a6885739c4470fd05d3d375
- setup.cfg: Replace dashes with underscores
Resolves warnings like the following:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
Change-Id: I172ea38886f6d6ed55eb8ef4337824e075fd1297
* Update castellan from branch 'master'
to f8b79a2b66bc9ed54fb538bf3b21e528f5b15a69
- Merge "Simplify the reference to barbican parameters"
- Simplify the reference to barbican parameters
... so that we can easily identify the logics which are referring to
configuration parameters.
Change-Id: I93427a64b83f474c7c2dd45c8c200e7a3c9bc6f9
* Update castellan from branch 'master'
to 984ebb2bf85b6fd683e3ea07f6dae79cf0afee8d
- Merge "Allow specifying region of barbican endpoint"
- Allow specifying region of barbican endpoint
This change introduces a new option to define the region to which
the Barbican endpoint belongs. This is required if the deployment has
multiple regions and a single Keystone instance stores multiple
Barbican endpoints for different regions.
This change also ensures that the same interface and region are used
in endpoint detection and api version detection.
Change-Id: If2c0055d45922937e259a8f22f5879c9faa41e35
* Update castellan from branch 'master'
to 1e7008cda77bb57ac98fd5750daa076cbe322bcf
- Merge "Add Python3 xena unit tests"
- Add Python3 xena unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for xena.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: Ia049005001e29c84957ebebbeae922cab0f60e97
* Update castellan from branch 'master'
to 106dfe0dbc38f95cb463d58cad5bdc9bc954d8aa
- Merge "Update master for stable/wallaby"
- Update master for stable/wallaby
Add file to the reno documentation build to show release notes for
stable/wallaby.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/wallaby.
Sem-Ver: feature
Change-Id: Ia9a6c82e840dc8cbd6d37aca394e718a03ba4c77
* Update castellan from branch 'master'
to 35f1a20d517100c18ab53d2b5bf0afbf769a8f94
- Fix assertion typo in barbican key manager unit test
Change-Id: Ibd761519cb6ef2ee27aebe2b02c80c8c5c0b7ca4