* Update puppet-barbican from branch 'master'
to d2625af949e7ac65174b7158afc1bfab532a925e
- Deprecate parameters for certificate plugins
... because certificate plugins were deprecated some time ago in
Barbican and are being removed in this cycle.
Depends-on: https://review.opendev.org/c/openstack/barbican/+/909640
Change-Id: Ie2dacb037a3d5ba8f1732ddb8f4b8ea8ded1e5ed
* Update puppet-barbican from branch 'master'
to 9c0930273dbdb58cf3b292c71b711c0dc2e796ea
- Merge "Refactor resource dependencies"
- Refactor resource dependencies
This refactors resource dependencies to improve the following points.
- Avoid unnecessary dependencies across services. For example aodh
service does not require cinder db.
- Restart only api service when config files like paste.ini, which
are used only be api service is changed.
Change-Id: Iad138f5d2e8c7427e02b889c43c26f00213636f3
* Update puppet-barbican from branch 'master'
to 33492bfc70a22e3aed766556e1fdd3e93905bfe9
- Support [queue] asynchronous_workers option
... which determines number of processes launched in barbican-worker.
Change-Id: Ia31a7d440ba3102afa7b5972fe893cfb4f1817a1
* Update puppet-barbican from branch 'master'
to ce4ec934ef75d5866c7f584fb9b4c770dabb2d3c
- reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.
Change-Id: I416555000af29749a62695a6ca7bb1d693d77b98
* Update puppet-barbican from branch 'master'
to 4947050bc7a0fd64880b2caa2c45344e8aac78be
- Merge "Make 'file_path' a class method"
- Make 'file_path' a class method
This is required to support prefetch and purge properly.
Change-Id: Ia7e10057637d26489bf4fa5589aaa1de6a03b151
* Update puppet-barbican from branch 'master'
to b23fc4b8cbf4e0d4fcc4f901cb150542cc9c5c40
- Merge "vault: Drop redundant hard-coded default of use_ssl"
- vault: Drop redundant hard-coded default of use_ssl
... because the option defaults to false in Barbican itself.
Change-Id: I328421404969571111a24d9c8a42c3da884a512b
* Update puppet-barbican from branch 'master'
to f5b72e871d1c87f64f1176016e613f4c52a5dbf2
- Merge "kmip: Leverage the service default"
- kmip: Leverage the service default
The kmip plugin uses the reasonable default tcp port (5969) in case
the port option is not set.
Change-Id: Ic32a397e93479f7d54e22e3f94e35c7c95dbbca4
* Update puppet-barbican from branch 'master'
to 784c7fd120d82b2dc1d47a1cdad6f6c26524711c
- retry_scheduler: Simplify package/service check
... by maintaining os-family handling in the centralized place.
Change-Id: Ib0cc4d0470296fa58fd89cc53bb982bd7424afbb
* Update puppet-barbican from branch 'master'
to 19f90329831a0e7d70cd983dbb277e18cf1e8314
- Use new openstackclient tag
The new openstackclient tag was added so that we can get all resources
about openstack CLI more easily. This adds this tag to barbicanclient
because the package provides some sub-commands.
Change-Id: I8f1f8b4a6de6ca0d95c2f53a89a1d50a6c82d29e
* Update puppet-barbican from branch 'master'
to af6d42ba7b977515ffa3901a39c2ef8c5dc9f419
- Bump supported Debian version to 12 (Bookworm)
Debian 12 was released in June 2023. Recent versions of OpenStack
(actually, 2023.1 and later) no longer support Debian 11.
Change-Id: I82bdaa9a664a6b8e0ad26c8d1af10e40136b1d60
* Update puppet-barbican from branch 'master'
to 1b0cdc9824e43e0745d4c724f0f6fe4485dd56b9
- Merge "Accept array for barbican::api::enabled_secret_stores"
- Accept array for barbican::api::enabled_secret_stores
The parameter defines the value of [secretstore] stores_lookup_suffx
option, which is a ListOpt.
Change-Id: I78954f70700cbcfe1f76f311d1a61cd1c6e45abf
* Update puppet-barbican from branch 'master'
to bbf38b69397f7b19f80a7f22f483c45269cd0a73
- Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: I5489002d9978bbf0815ed3fcd3ab591d7efda573
* Update puppet-barbican from branch 'master'
to 7bcaae05f631a3489223f47fabc5c1d3c151989c
- Remove cleanup of [DEFAULT] bind_host and bind_port
The cleanup logic was added before 2023.1 release so we can assume
these options are purged before a deployment is upgraded.
Change-Id: If6949bb89b01104abe09515c6b93f7d7fed709d5
* Update puppet-barbican from branch 'master'
to 2f4fe1dac3b695e551b884a1b7a5e68db091c87b
- Remove usage of deleted manifest_dir
Recent update in rspec-puppet removed some of the config interfaces for
old puppet versions[1]. This drops usage of these interfaces to resolve
the following error in unit tests.
```
An error occurred while loading ./spec/unit/provider/manila_spec.rb.
Failure/Error: c.manifest_dir = File.join(fixture_path, 'manifests')
NoMethodError:
undefined method `manifest_dir='...
```
[1] 316d95923c
Change-Id: I32d647ddd8faf036af14817f94c7c8e3e26178b1
* Update puppet-barbican from branch 'master'
to 9a721bee487a9d43a9270b27efea417ac64a8c3b
- Bump upper version of stdlib
... because we are currently using v9.0.0 in CI. Lower version may be
bumped after 2023.2 release.
Change-Id: Ieb5a53f71e74b669f4040526d3dea01d2903bc39
* Update puppet-barbican from branch 'master'
to 21312a3279b9e6475782e88016bdae171dd473f1
- Merge "RabbitMQ: Add support for quorum queue options"
- RabbitMQ: Add support for quorum queue options
Depends-on: https://review.opendev.org/894866
Change-Id: I55b5eb5d6139f464f633d5c13827fea91378e3b7
* Update puppet-barbican from branch 'master'
to db0bd5156d9088949c3d3c875169686891c4d7b4
- Do not restart services after policy file changes
The oslo.policy library has implementations to detect change in policy
rules and reload the new rules without service restart.
Change-Id: Ibe9d189f1c12a91a7327f819726695aa52417ac7
* Update puppet-barbican from branch 'master'
to 02d4ae58d9d780bfbfe3b40bec5f22b39f980db4
- Exclude release note files
The directory contains the source files to generate the release note
document, so is not required.
Change-Id: I7e1ed7c68d8eb6d652a1fee3200281b3fd626790
* Update puppet-barbican from branch 'master'
to 73eaefe9bd8e04a81eacd1e5dc31af7ab4664d97
- Add .pdkignore to exclude some files from tar ball
We've seen release job failures caused by too large tarball, which
contains irrelevant files like git history.
Let's exclude these files to reduce size of the archive.
The file is copied from the puppetlabs repositories with some files
specific to OpenStack projects added.
Change-Id: If07c4836d38c11776c5fa40491a90c841f49c837
* Update puppet-barbican from branch 'master'
to d459be69cdc75a1226253d4ae4249c940a3d0bf1
- Ensure purge_config takes a boolean value
The purge_config parameters only accept boolean values. This enforces
that using the typed parameters.
Change-Id: I669f1a2ff2462d60afe2fbd0c33e607d20cb14fc
* Update puppet-barbican from branch 'master'
to 6e2515b4fd34eeda3575f4efbec55a1b1ec6625e
- Merge "Add per module policy service refresh"
- Add per module policy service refresh
Updating the policies for this project should only
refresh the services that reads it.
Change-Id: I42153ec891feb569a9614166104be5382d893f96
* Update puppet-barbican from branch 'master'
to 7775352fcd21ff181d9e1d554cb3588cb565e3f7
- authtoken: Make password required
The password parameter is not really optional. This makes it
a required parameter to give more sensible validation error.
Change-Id: I482621899616f6e3dc902900b0933ffa58ca519a
* Update puppet-barbican from branch 'master'
to 2079fb1ff54247040185019b88727e6343ae25ba
- Merge "replace validate_legacy with proper data types"
- replace validate_legacy with proper data types
the validate_legacy function is marked for deprecation in
v9.0.0 from puppetlabs-stdlib.
Change-Id: I0707b0a8b200480dbfb8f52353596127cf4dc8b5
* Update puppet-barbican from branch 'master'
to e1f09fece0ea5f580a1f90799ef5b6a347e8a6f2
- Remove support for Puppet 6
... because Puppet 6 reached its EOL in February 2023.
Change-Id: Id9664008696c94cd0029c01792f7af9def87e11d
* Update puppet-barbican from branch 'master'
to 9fe8664d78ed9db196e13d12f5b146fba4eabc30
- Bump upper version of puppetlabs-inifile
... because now we use v6.0.0 in CI jobs.
Depends-on: https://review.opendev.org/880118
Change-Id: I7aafde233da748d71ca53b141f3c920d5ee4295d
* Update puppet-barbican from branch 'master'
to 362da39e952719a2b03719deca71796705b0c3a9
- Update master for stable/2023.1
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: Iba74b22fcaec8635bf77bf9bb2ea20c6e3a16341
* Update puppet-barbican from branch 'master'
to 578e24a0b9146ca1e0e62d76164f2eb4f5a63265
- Add strict validation about boolean parameters
This ensures the parameters used by if-else logic accept only boolean
values because non-boolean can result in unexpected behavior.
Change-Id: I963d73e46f82a780486fa282b424151485e43d1e
* Update puppet-barbican from branch 'master'
to 729f5d286c5a5a03e9a95f934d25f82a6761f357
- Replace legacy facts and use fact hash
... because the latest lint no longer allows usage of legacy facts and
top scope fact.
Change-Id: I6e76d095bb0f78ef4962f1150da94e4d4153a374
* Update puppet-barbican from branch 'master'
to 626681f04d8e65647204e4b59e08f87145973160
- CentOS: Install barbican-retry service
RDO now provides the package to launch the barbican-retry service[1].
This change ensures the package and the service are configured by
the corresponding class.
[1] https://review.rdoproject.org/r/c/openstack/barbican-distgit/+/40434
Change-Id: I134feadb75b397bc159a8fe9e3dbc87915339785
* Update puppet-barbican from branch 'master'
to 0480d0a2924108a694faf7cdc959bdf6c3a916d1
- Merge "apache: Clean up deprecated public_* parameters"
- apache: Clean up deprecated public_* parameters
These were deprecated during the previous cycle so can be removed now.
Change-Id: I4e2e29d98803015b50c0f11678645cd5166e7d3c
* Update puppet-barbican from branch 'master'
to acd9bf33731a5a727d43555d892c4b9f5e7fe6d7
- Expose policy_default_rule
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.
Change-Id: I7eb5ab771da3b6e2c446f4d8e83394a544fd147d
* Update puppet-barbican from branch 'master'
to fb2bca25fad536f7fac10b811c91f2602fd745fc
- Switch to Ubuntu Jammy (22.04)
... because Focal no longer supports the recent releases such as Zed.
Change-Id: I4b74a04fc0eccb0065608481d5e0e4f65d01d11c
* Update puppet-barbican from branch 'master'
to 9c6f3af402a86040edc4cd9658336bbcc6963ea2
- api: Remove deprecated ssl parameters
These parameters were deprecated during the previous cycle[1] because
these are not actually used by barbican.
[1] 109ea49acbc89d9009a6201be5feb08e36d31678
Change-Id: I6471ed0fe696f2c6455150adc63c9c896037e404
* Update puppet-barbican from branch 'master'
to a79ac82ef2cf4b01c1f9ee3ab371fdf13738b942
- Remove deprecated client_package_ensure
The parameter has had no effect for several cycles and was formally
deprecated during the previous cycle[1].
[1] 6c60f0d67e337df676fc8caf5a89e070566248f8
Change-Id: Ib94130cf8215e3a832e4d44645ce90a2450627d2
* Update puppet-barbican from branch 'master'
to 30b8c1e1ae5289414d85b52445d654d15224f23e
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I31c91decbc3a7c84cc98fcbc6c47542ad2dc3bd9
* Update puppet-barbican from branch 'master'
to 334a0686c251ceee83bbf9610d4b973ed7949563
- Enable memcached in acceptance tests
... because it is required as cache backend.
Change-Id: If92f66b6c3a7031f228ab969671afacd3db9ebea
* Update puppet-barbican from branch 'master'
to eb2b84ea8fd4513c00a1b38e6d7041e1d6d81a23
- Fix inconsistent parameter/resource names of wsgi::apache
The barbican::wsgi::apache class names a few parameters and resources
differently from the other modules. To make its interface and
implementation consistent with the other implementations, this renames
these inconsistent names. The old parameter names are kept but will be
removed in a future release.
Change-Id: I49ca51e4ea7a2404dfdbd0c88ce39339750da4f6
* Update puppet-barbican from branch 'master'
to 5b21717a19d4dd7993f895d07d3d53254c7de54c
- Use standard parameter description format for wsgi::apache
Currently parameter description of the <module>::wsgi::apache classes
are formatted differently in individual modules, and this is making
the maintenance effort quite difficult.
This change updates the description format following the srandard one
we are globally using in our modules to reduce undesired differences
between modules.
Change-Id: Ifac421c3a74bf600e8b0e596a8449e5f25cda90b
* Update puppet-barbican from branch 'master'
to 38981908d8b36a78601614f6728233a31045149b
- Add Apache WSGI logging parameters for pipe/syslog
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)
Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: I77f1d65b1f6085fdb1205de9654a8d6d2da496f5
* Update puppet-barbican from branch 'master'
to 5d4084a9511794c5d39c837f863c9db986d28ba4
- Remove the temporal logic to fix barbican_api pipeline
The old wrong value should be fixed when the deployment is updated to
stable/yoga, and the logic is no longer used in stable/zed and later.
Related-Bug: #1946378
Change-Id: I699847c127e5890857446585ededc9d860b0dc78
* Update puppet-barbican from branch 'master'
to 577a44a522416b9ae0bad8a3fd10045565865d6b
- Adapt to new type validation in puppetlabs-apache
The puppetlabs-apache module is enforcing more strict data type
validation[1].
This change updates the default values to adapt to that change.
[1] f41251e336
Closes-Bug: #1983300
Depends-on: https://review.opendev.org/851652
Change-Id: I9573f53e24dcf0666e4649189ccd8fcab0dbcc26
* Update puppet-barbican from branch 'master'
to 50d44acc7cc76830c49572cd93a24ce9e0161882
- Merge "Clean up baribcan::api::retry_scheduler_* parameters"
- Clean up baribcan::api::retry_scheduler_* parameters
... because these were deprecated during Yoga cycle[1].
[1] 0d4580b27dd8a45e07c065e1dfc7ce446eb1dd77
Change-Id: I781d06e3ba9c9b9ab7fd8360095cdb67917f016c
* Update puppet-barbican from branch 'master'
to b50eb0a28af49d2f5350ec322fdde663c6eb7b8c
- Merge "Remove support for [p11_crypto_plugin] token_label"
- Remove support for [p11_crypto_plugin] token_label
... because it was deprecated during Wallaby cycle[1].
[1] 4403fe7247151d324f80b865cc2d5a0a078d25fa
Change-Id: Ia9b89d92256f51d5a48a19849715335f6856e839
* Update puppet-barbican from branch 'master'
to 9a343b0de553effd6915d5f0b86971f5bde06e46
- Merge "Debian/Ubuntu: Enable validations in acceptance tests"
- Debian/Ubuntu: Enable validations in acceptance tests
Now a few deployment validations are implemented in acceptance tests
but these are enabled in only CentOS/RHEL. This enables these in Debian
and Ubuntu because there is no distro-specific requirement.
Change-Id: I7b50f49fe4316c83f169bfdbdd5d79a5e3b9b253