* Update keystonemiddleware from branch 'master'
to 1625b38ca097485fd400ca22104813fc8f8ba607
- Merge "Remove six again"
- Remove six again
There are still a few usages of six left. This removes these to drop
implicit dependency on six completely.
Change-Id: Ie88321ed03f7fe14ed603a1523c626f196949f21
* Update keystonemiddleware from branch 'master'
to fd8e080635ab1f0ea189ea8d1a491944bf1e2e8f
- Merge "Update master for stable/2024.1"
- Update master for stable/2024.1
Add file to the reno documentation build to show release notes for
stable/2024.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.
Sem-Ver: feature
Change-Id: I3d6cb06aab6beb48617752e5af893003729be2fa
* Update keystonemiddleware from branch 'master'
to c76b8e1c0787394d712504d5b7707a71963c1ec4
- Merge "reno: Update master for unmaintained/victoria"
- reno: Update master for unmaintained/victoria
Update the victoria release notes configuration to build from
unmaintained/victoria.
Change-Id: I30826ab7d75a34c98552308360ba7e5542146fb8
* Update keystonemiddleware from branch 'master'
to 15128d036b97a630481e88da22007852fd313cde
- Merge "reno: Update master for unmaintained/wallaby"
- reno: Update master for unmaintained/wallaby
Update the wallaby release notes configuration to build from
unmaintained/wallaby.
Change-Id: Ie3df3a7864ecac6d87f227e5651eed370a02160d
* Update keystonemiddleware from branch 'master'
to 7a3b01a0ff80ef35d54558d18194b3923e1ccda2
- Merge "reno: Update master for unmaintained/xena"
- reno: Update master for unmaintained/xena
Update the xena release notes configuration to build from
unmaintained/xena.
Change-Id: I3e195414085b464569a11c32885cb7899d5de931
* Update keystonemiddleware from branch 'master'
to ebb842abf01745be4dbd280764faee6d32b2a76b
- Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I6f369136c0e338e8f8da9ef6a926b4317ee31e94
* Update keystonemiddleware from branch 'master'
to b81c50fea9c444cb5e4d11fd0fd0fcae5c0d2c4f
- reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.
Change-Id: I2ed11a848cce29e1d5142cac4359312d9fc03391
* Update keystonemiddleware from branch 'master'
to 5ba77c0be5d7f108892c3666d69945f542bb1829
- Merge "Update python classifier in setup.cfg"
- Update python classifier in setup.cfg
As per the current release tested runtime, we test
python version from 3.8 to 3.11 so updating the
same in python classifier in setup.cfg
Change-Id: I7790eb33aabcc87dd3722508999b6ebc92f90913
* Update keystonemiddleware from branch 'master'
to b82269621d0b178c206f51bc007c656bb55eddfc
- Python 3.12: do not use utcnow()
The datetime.datetime.utcnow() function is deprecated in Python 3.12,
Change-Id: I52e947e017ad1455c0310fe20fdc63354a254757
* Update keystonemiddleware from branch 'master'
to 9073ee4c34f6ba5a7c8b4fd6e3ade2dd90937b3d
- Merge "Update master for stable/zed"
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Iae839fd30f40c83709b4f8c9fe3dc5bedb7bcb8a
* Update keystonemiddleware from branch 'master'
to 4098a28c68efaa023201982605a24bdbec89f369
- Merge "Update master for stable/2023.2"
- Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: If95bbdba6a4302c8cad1e67e02e12e9fc9693396
* Update keystonemiddleware from branch 'master'
to 9ade074c9b665926e939c9b6b45bebb1e307b2f1
- Merge "External OAuth2.0 Authorization Server Support"
- External OAuth2.0 Authorization Server Support
Added the ability to authenticate using a system-scoped token and the
ability to authenticate using a cached token to the
external_oauth2_token filter.
Implements: blueprint enhance-oauth2-interoperability
Change-Id: I1fb4921faaafd5288d5909762ff5553e5e2475dc
* Update keystonemiddleware from branch 'master'
to e49893e5989e7dd081257f1a0ee171fb9ad67308
- Merge "External OAuth2.0 Authorization Server Support"
- External OAuth2.0 Authorization Server Support
The external_oauth2_token filter has been added for accepting or denying
incoming requests containing OAuth 2.0 access tokens that are obtained
from an External Authentication Server.
Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614
Implements: blueprint enhance-oauth2-interoperability
Change-Id: I529c5b0c89933395b126e86651ef09368dd7e6b4
* Update keystonemiddleware from branch 'master'
to ee96389dbf31d7366fdc4c14fbb2b7af0d328cd9
- Merge "auth_token: fix issue when data in cache gets corrupted"
- auth_token: fix issue when data in cache gets corrupted
Previously token cache was not correctly handling the case when data
in memcached is un-decryptable.
The cache process was returning a null value that was not considered
resulting a python exception raised
The commit fixes the issue by adding a condition to validate the value
returned.
Closes-bug: #2023015
Change-Id: Ic48d20569980781febc194083651736bed446953
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
* Update keystonemiddleware from branch 'master'
to d36c86ce4c8822de63a436cf109baddb313af40f
- Merge "Switch to 2023.1 Python3 unit tests and generic template name"
- Switch to 2023.1 Python3 unit tests and generic template name
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope. Also,
updating the template name to generic one.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: I8227da5a3f63845cb0151c329237d280fd3d5521
* Update keystonemiddleware from branch 'master'
to fe644edbc5e54d3e0ae552a1a5d0b8088506cdc7
- Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I8016ba267c9c72132c49a07aa15f28d068ebebd1
* Update keystonemiddleware from branch 'master'
to 22408f8da0e8a14a1a24dc9237448e78a5673cf9
- Remove six
Change-Id: Ib3edfdd087ed1d954f1ecf72a191138f8f1c46a1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
* Update keystonemiddleware from branch 'master'
to 0f48ff3e8d3c7d3311a58442b8cf71d6e3658620
- Bump hacking to 6.0.x
A note about dependency ordering is removed from the requirements file:
this is no longer true with the dependency resolver introduced with pip
20.3.
Change-Id: I615be3453db37588edf98a46ce484efc5e051f11
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
* Update keystonemiddleware from branch 'master'
to 626df3a5e9e9d4fbea2649a9cfa0048083bdb88b
- Make tox.ini tox 4.0.0 compatible/fix gate
* Removed skipsdist=True to make sure placement available in the virtual
env. Without this, our entrypoints are not available.
* Removed basepython = python3 as we assume all developer switched to
python3 in their env already
* Removed ignore_basepython_conflict = True as without the basepython
definition generative targets now work without conflict
See [1] for a similar change made to placement.
It is also necessary to fix issues with the gate. For reasons that I
have yet to grok, a mock of 'requests.request' used in some test is no
longer functioning as expected. My guess is that something is now
importing requests before us and interfering with the mock but never
mind - we can easily bypass the issue by mocking 'requests.post'
instead.
[1] https://review.opendev.org/c/openstack/placement/+/868418/
Change-Id: I3b8263afbf0ccee88ceaac2040d5ad274f22d74a
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
* Update keystonemiddleware from branch 'master'
to 2ad28a3a14185f8da82266ea1a0d5d68a43acc5c
- Merge "Update master for stable/2023.1"
- Update master for stable/2023.1
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: I8f97f3d30dde94ad512f75e0e2ff0718021dfde6
* Update keystonemiddleware from branch 'master'
to 92cdf8a0a5df0a7862eaa950060794a43b8ad4ec
- Add timeout for requests
Bandit emits errors for request methods without the timeout parameter.
It's better to follow the instruction to avoid hanging.
Added timeout parameters and config options to set timeout.
[1] https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html
Change-Id: I0c022c3cc57f30530ebdef6e434753ece2bdf912
* Update keystonemiddleware from branch 'master'
to a59020fdab670314ac1ab3d0b77e89b352d7cf27
- OAuth 2.0 Mutual-TLS Support
The oauth2_mtls_token filter has been added for accepting or denying
incoming requests containing OAuth 2.0 certificate-bound access
tokens that are obtained from keystone identity server by users
through their OAuth 2.0 credentials and Mutual-TLS certificates.
Co-Authored-By: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp>
Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614
Change-Id: I49127d845954ad6eab39e6e6305948ef0e4ed7b5
Implements: blueprint support-oauth2-mtls
* Update keystonemiddleware from branch 'master'
to 1c820f0c1c009a9ea33c7852491397f652cf0ae5
- Add missing doc requirements
This updates the test-requirements to fix No module error in oslo_config.sphinxconfiggen when executing tox with doc env.
Change-Id: I4bfe30b3517f4a6c5c536afa150c66ef8522a2d0
* Update keystonemiddleware from branch 'master'
to e05466c5f439cd05482f109e6eb97a50ba156698
- Remove cache invalidation when using expired token
This can create a race condition for long running services that reuse
their token (eg. Kubernetes Cinder CSI plugin) in this case for
example:
1 [user] Asks nova to attach a volume to a server
2 ...the user's token expires
3 [user] Asks cinder if the volume has been attached
4 [nova] Asks cinder to attach the volume
In step 3 the token is marked as invalid in the cache and step 4 fails
even if allow_expired is true
Closes-Bug: #1987355
Change-Id: Ice8e34440a5fe1baa370646ed70b5e085c4af70e
* Update keystonemiddleware from branch 'master'
to dc0b79649506a520463622c6ff0e0383a2dea6a0
- Fix pep8 gate
This updates the test-requirements to more recent flake8-docstrings
and pep8 versions. I also added some more ignores that would take
significant work to update and fixed some minor linting issues.
Change-Id: Ia416658b8a4bfb8f43f8df170053abb3ae958d44
* Update keystonemiddleware from branch 'master'
to aeeb64d349524433dda05cf12994ea4f8676c098
- Merge "Bump tox minversion to 3.18.0"
- Bump tox minversion to 3.18.0
Since tox 3.18.0, the whitelist_externals option has been deprecated in
favor of the new allow_list_externals option[1].
This change bumps the minversion of tox so that we can replace
the deprecated option.
[1] https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23
Change-Id: Ib19bf79da06d656831cdb117e390d4583262f862
* Update keystonemiddleware from branch 'master'
to d2a3b53276738785b4e89860639382d8c0b70260
- Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I402897d72b841518308321832e5e00312598d74f
* Update keystonemiddleware from branch 'master'
to f7ac6a1b24e584ab6264f66636a58011a4f3c7af
- OAuth2.0 Client Credentials Grant Flow Support
The oauth2_token filter has been added for accepting or denying
incoming requests containing OAuth2.0 client credentials access tokens
that are obtained from keystone identity server by users through their
application credentials.
Change-Id: I15e438681749ed2c2666804a9efd8d4712a7b01c
* Update keystonemiddleware from branch 'master'
to 9c49da6887eaff67d19fe0d12fb1046dde3bdaec
- Fix logging notifier unit test
For unknown reasons, the `create_notifier()` in
`test_api_request_no_messaging()` used `oslo_messaging.Notifier`
instead of the `_LogNotifier` that should be originally used,
causing unit test to fail.
This patch fixes this issue by changing `use_oslo_messaging` config to
False for this test.
Change-Id: I32f9dc596525e912e37984764f68564e26ecfd3b
* Update keystonemiddleware from branch 'master'
to 2bda844bb219df355d74b5c5b21f86244921a1c2
- Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I071933cb8a392b14a36940133880d5e777301d1f
* Update keystonemiddleware from branch 'master'
to dd31878b291e342ce478382e42d4e9dc29322258
- Merge "setup.cfg: Replace dashes by underscores"
- setup.cfg: Replace dashes by underscores
Since setuptools v54.1.0[1], the parmeters with dash have been
deprecated in favor of the new parameters with underscore.
This change updates the parameters accordingly to avoid the warnings
like the example below.
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: Id43f253899b5af1f40a41d7fff1f78c316b31367
* Update keystonemiddleware from branch 'master'
to f442cb3ad45581bcb239da2ad9e2ebefd6ce24f3
- Merge "Update python testing as per zed cycle teting runtime"
- Update python testing as per zed cycle teting runtime
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Add release notes and update the python
classifier for the same.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Co-Authored-By: Ghanshyam Mann <gmann@ghanshyammann.com>
Change-Id: I0b6a6b22ce7e9e2de4cf7eadd87699d7b26cdda6
* Update keystonemiddleware from branch 'master'
to f550deec967cd5bafd5bbaf01096504ef456183c
- Merge "Remove translation sections from setup.cfg"
- Remove translation sections from setup.cfg
These translation sections are not needed anymore, Babel can
generate translation files without them.
Change-Id: I50b3b5feef4b5e78e9f920bc20bbaf75db70b787
* Update keystonemiddleware from branch 'master'
to fef9959705e7d2a2e24bd3bf5f447fbc3d54b936
- Merge "Remove references to 'sys.version_info'"
- Remove references to 'sys.version_info'
We support Python 3.6 as a minimum now, making these checks no-ops.
Change-Id: Iff6abdc56c5627505e774f40af339e1b5790c4d5
* Update keystonemiddleware from branch 'master'
to 99f7518f8ecab895e3e61a92cd719687d3baff05
- Merge "Update Python 3 job template"
- Update Python 3 job template
We should use the template corresponding to the release.
Change-Id: I659fb6cd3eb5be92c1c5568ee417f1ee32e7124f
* Update keystonemiddleware from branch 'master'
to 255808424cf92e32e40f286f33862d23a07b7a45
- Merge "Add oslo.config.opts entrypoint for audit middleware options"
- Add oslo.config.opts entrypoint for audit middleware options
... so that each service using the audit middleware can include these
parameters in .conf file generated by oslo-config-generator by adding
that entrypoint to the command.
Closes-Bug: #1939632
Change-Id: Ied954c633570c51af9504514ffed18e12de8caac
* Update keystonemiddleware from branch 'master'
to 4e8442299f831104c7e87f2260744b40a01334fc
- Merge "Add Python 3 only classifier"
- Add Python 3 only classifier
Python 2 support was removed during Ussuri cycle. This change adds
the classifier to clearly state that only Python 3 is supported.
Change-Id: I4bfe0bd6eaed2c5edeef00de4c5f9830ceaee71b
* Update keystonemiddleware from branch 'master'
to d60ccd46b9d11a3127f20dd6da69d2faedb50269
- Drop lower-constraints.txt and its testing
As discussed in TC PTG[1] and TC resolution[2], we are
dropping the lower-constraints.txt file and its testing.
We will keep lower bounds in the requirements.txt file but
with a note that these are not tested lower bounds and we
try our best to keep them updated.
[1] https://etherpad.opendev.org/p/tc-zed-ptg#L326
[2] https://governance.openstack.org/tc/resolutions/20220414-drop-lower-constraints.html#proposal
Change-Id: Ifb9dc54424256d5cffe557894b2d26b2401ebf92
* Update keystonemiddleware from branch 'master'
to c4b78c71e58d6540811279007b10e65e2319717b
- Update master for stable/yoga
Add file to the reno documentation build to show release notes for
stable/yoga.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.
Sem-Ver: feature
Change-Id: If921b464cca97f9f99a45594ab37aed00e91fe77
* Update keystonemiddleware from branch 'master'
to 8a05709d69addef5d55262cd6bb179ec741b6f0c
- Update master for stable/xena
Add file to the reno documentation build to show release notes for
stable/xena.
Change-Id: Ib64b3684d3fdaa3b9edb28a9c5d0f8487dffd912
* Update keystonemiddleware from branch 'master'
to 7edcd324839c006692af57872c9ba0ace9f88770
- Update master for stable/wallaby
Add file to the reno documentation build to show release notes for
stable/wallaby.
Co-authored-by: Kristi Nikolla <knikolla@bu.edu>
Change-Id: Ifa326381f0c901e712367d4d51218aef18eb26f2
* Update keystonemiddleware from branch 'master'
to e18d213adde345f7fa5b76a46c231dae25be45e2
- Merge "Update master for stable/victoria"
- Update master for stable/victoria
Add file to the reno documentation build to show release notes for
stable/victoria.
Change-Id: Id05ff8460cfa4f1762f2d0096088bc341e95c1da
* Update keystonemiddleware from branch 'master'
to 90df936708aee36d77cead548d04cb7db2327f47
- Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: Iaa7fbc7f8c6fdb33755d0d212dd4c710f40981c3
* Update keystonemiddleware from branch 'master'
to 788d3c4969e3446778496f3a9055f654602ae2c1
- Switch to eventlet-safe oslo.cache's MemcacheClientPool
In past days there were discussions about various issues
with memcached connections [1][2][3].
After investigation it looks like common root cause for above
problems is keystonemiddleware. More precisely said the way
how keystonemiddleware is caching tokens.
Currently it's using some home-made CachePool with direct
usage of memcached library, moreover it looks like its
approach is not eventlet-safe.
Discussion can be mainly found in [4].
Fortunately keystonemiddleware can use "advanced cache pool",
which is oslo.cache's implementation and was added long time ago [5],
but it is turned on only if memcache_use_advanced_pool=True.
This patch is switching to more elaborated oslo.cache CachePool
and adding deprecation warning about eventlet-unsafe variant
of keystonemiddleware's memcache pool.
How to reproduce ?
with memcache_use_advanced_pool=False
1. Build clean ENV of openstack
2. Deploy core projects (keystone,glance,nova,placement...)
3. Run while true; do COMMAND FOR SERVICE; done
- several bashes, in parallel (5-7)
COMMAND FOR SERVICE:
- openstack network list
- openstack volume list
- openstack server list
- openstack image list
4. Check memcached connections (which will grow up):
- ss | grep 11211 | wc -l every second
How to fix and test it ?
Repeat above, to fix:
- with memcache_use_advanced_pool=True
OR
- apply this patch
Compare measurements in graph.
[1] https://bugs.launchpad.net/keystonemiddleware/+bug/1892852
[2] https://bugs.launchpad.net/oslo.cache/+bug/1888394
[3] https://bugs.launchpad.net/keystonemiddleware/+bug/1883659
[4] https://review.opendev.org/c/openstack/oslo.cache/+/742193
[5] https://review.opendev.org/c/openstack/keystonemiddleware/+/268664
Closes-Bug: #1883659
Closes-Bug: #1892852
Closes-Bug: #1888394
Change-Id: I0e96334b65a0bf369ebf1d88651d13feb8d2ecac
* Update keystonemiddleware from branch 'master'
to 0a2309dae39dd0d99bd2f422d565ddcc91c28b16
- Updating lower-constraints job as non voting
There is an ongoing discussion in ML to drop the
lower-constraints job [1].
Moving it to Non-voting until any decision is being
made in TC meeting.
[1]: http://lists.openstack.org/pipermail/openstack-discuss/2021-January/019672.html
Change-Id: I405d6790360563526d13c0b3e8ae0576d98a67d8
* Update keystonemiddleware from branch 'master'
- Merge "[goal] Migrate testing to ubuntu focal"
- [goal] Migrate testing to ubuntu focal
As per victoria cycle testing runtime and community goal[1]
we need to migrate upstream CI/CD to Ubuntu Focal(20.04).
Fixing:
- bug#1886298
Bump the lower constraints for required deps which added python3.8 support
in their later version.
Story: #2007865
Task: #40190
Closes-Bug: #1886298
[1] https://governance.openstack.org/tc/goals/selected/victoria/migrate-ci-cd-jobs-to-ubuntu-focal
Change-Id: I602c3ce7c94a039e3fd550cbb47a8e8f095aacea
* Update keystonemiddleware from branch 'master'
- Merge "Use unittest.mock instead of third party mock"
- Use unittest.mock instead of third party mock
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Idc319f3f8a3ddd57cba91e4cefc66dbb18d5cc22
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
* Update keystonemiddleware from branch 'master'
- Merge "Change the default Identity endpoint to internal"
- Change the default Identity endpoint to internal
In [0] the ``interface``option was added in order to allow the Identity
endpoint that is being used when validating tokens to be
configured by the deployer. Change the default to using the internal
endpoint, as that should be what most deployments will end up using.
[0] https://review.opendev.org/651790
Depends-On: https://review.opendev.org/651492
Closes-Bug: 1830002
Change-Id: I0ce8b6d8cd408c7fac8107972e7be70839e337fb