Commit Graph

333 Commits

Author SHA1 Message Date
Zuul 7d42213243 Merge "reno: Update master for unmaintained/xena" 2024-03-12 14:26:30 +00:00
Zuul 62577b2d4c Merge "reno: Update master for unmaintained/wallaby" 2024-03-12 14:18:19 +00:00
Zuul 7375e6d19d Merge "reno: Update master for unmaintained/victoria" 2024-03-12 13:11:47 +00:00
OpenStack Release Bot 44e16d63f4 Update master for stable/2024.1
Add file to the reno documentation build to show release notes for
stable/2024.1.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.

Sem-Ver: feature
Change-Id: Ia1af098d026e47fa815839bd6ac096eb1f7d70c1
2024-03-08 14:23:08 +00:00
OpenStack Release Bot 2caee2b19e reno: Update master for unmaintained/xena
Update the xena release notes configuration to build from
unmaintained/xena.

Change-Id: I8fd9b0b90b290e13568d4a35591a2a13c8f06edc
2024-03-07 14:26:46 +00:00
OpenStack Release Bot 5df1c1f681 reno: Update master for unmaintained/wallaby
Update the wallaby release notes configuration to build from
unmaintained/wallaby.

Change-Id: I07e11ba899cda493b4f182acfcc578a3eba65f0d
2024-03-07 14:22:27 +00:00
OpenStack Release Bot 5f629586e7 reno: Update master for unmaintained/victoria
Update the victoria release notes configuration to build from
unmaintained/victoria.

Change-Id: I236a657c41113965a7dd24fa51839d01de896dbe
2024-03-07 14:17:05 +00:00
Zuul f0c7eca61b Merge "Display coverage report" 2024-02-07 07:14:04 +00:00
Takashi Kajinami e4593665d1 Display coverage report
... for easy reference. Also make sure old data is purged.

This also fixes the missing coverage command, and the wrong option in
.coveragerc .

Change-Id: I7d4dcaea2e42d564c8f4264aecd15588085d63e3
2024-02-07 12:26:30 +09:00
OpenStack Release Bot bb92acbdb4 reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.

Change-Id: Ib885d27b46a1c8dfb95b93ce0afae32de4ab6b83
2024-02-06 14:29:04 +00:00
Zuul f61be93449 Merge "Bump hacking" 2024-01-27 11:11:04 +00:00
Zuul 036fa0a291 Merge "add new kernel capabilities" 2024-01-26 10:59:40 +00:00
Takashi Kajinami ef0c3f1186 Bump hacking
hacking 3.0.x is too old.

Change-Id: I33cd4c78c4f6c4ba8e09db7b6f175b8da2cc5f64
2024-01-26 01:14:08 +09:00
Ghanshyam Mann c6cecb3dfc Update python classifier in setup.cfg
As per the current release tested runtime, we test
python version from 3.8 to 3.11 so updating the
same in python classifier in setup.cfg

Change-Id: I8315fd463d9a12ddd325bf2d0d829fecf1b56242
2024-01-11 16:19:19 -08:00
Zuul f14f240eb1 Merge "Fix wrong path in coveragerc" 2023-12-19 18:32:55 +00:00
Sven Kieske a2fe33adb8
add new kernel capabilities
CAP_PERFMON, CAP_BPF and CAP_CHECKPOINT_RESTORE
are added.

Change-Id: I5f7758b7284fc16251cccd9114c3ec0e4cc95f93
Signed-off-by: Sven Kieske <kieske@osism.tech>
2023-12-19 16:07:09 +01:00
Takashi Kajinami 1c9f7b0fb5 Fix wrong path in coveragerc
Change-Id: I81fa21ffd05b2b6c94a5c9071eb551996272e4b1
2023-12-19 20:50:37 +09:00
Sven Kieske 054567a08e
fix broken links in readme
the current links are wrong, they link to:

https://en.wikipedia.org/wiki/%5CPrinciple_of_least_privilege
(notice the backslash) and:
https://specs.openstack.org/openstack/%5Coslo-specs/specs/liberty/privsep.html
both links don't work this way.

you can see the broken links here:
https://opendev.org/openstack/oslo.privsep
or here:
https://github.com/openstack/oslo.privsep

from the spec:
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#hyperlink-targets

> An external hyperlink's URI may begin on the same line as
> the explicit markup start and target name, or it may begin
> in an indented text block immediately following, with no
> intervening blank lines. If there are multiple lines in the
> link block, they are concatenated.
> Any unescaped whitespace is removed
> (whitespace is permitted to allow for line wrapping).

Change-Id: Ia21359cdaa0453fc02b8f5bd61ce9d2efd569051
Signed-off-by: Sven Kieske <kieske@osism.tech>
2023-10-26 14:57:13 +02:00
Zuul 121b2fbac2 Merge "Bump bandit" 2023-09-29 11:50:26 +00:00
OpenStack Release Bot f79b916b5b Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.

Sem-Ver: feature
Change-Id: I3edb58e46a1a0f401179033e73d7fa984a2ff3b5
2023-09-07 09:37:52 +00:00
Zuul e46ad9c44d Merge "setgid should be called before setuid" 2023-07-14 15:22:09 +00:00
OpenStack Proposal Bot 1f9d71260e Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I3f263194f71469ca9ca67f3d99b10dc75c448e20
2023-06-22 04:16:41 +00:00
Hervé Beraud ee4c01ac43 Bump bandit
Change-Id: I818a0a186788cd219218687887d4145c41a92c7c
2023-05-17 11:39:54 +02:00
Ghanshyam 9c026804de Revert "Moves supported python runtimes from version 3.8 to 3.10"
This reverts commit 71385bb17d.

Keeping Python 3.10 in setup.cfg classifier and zuul.yaml changes.

Reason for revert: 

Needed-By: https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/882175

TC has been discussing about re-adding the python 3.8
testing in current master 2023.2 release testing.

- https://meetings.opendev.org/meetings/tc/2023/tc.2023-04-25-18.00.log.html#l-191
- https://lists.openstack.org/pipermail/openstack-discuss/2023-April/033469.html

While governance changes are under review, TC agreed to add py3.8 testing
so that we do not see more project/lib dropping python 3.8 and make them
uninstalable on python 3.8

- https://meetings.opendev.org/meetings/tc/2023/tc.2023-05-02-18.00.log.html#l-17
- https://review.opendev.org/c/openstack/governance/+/882165

Also adding py3.8 testing back in job https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/882175

Change-Id: Ifc84faac1687cbd3c3c3f54d7d1b822185879cd6
2023-05-05 18:57:21 +00:00
Hervé Beraud 71385bb17d Moves supported python runtimes from version 3.8 to 3.10
Within 2023.2 python version 3.9 and 3.10 are the
supported python runtimes [1].
[1] https: //review.opendev.org/c/openstack/governance/+/872232

Change-Id: I5070e9aea6afae75307a6cc3ce5df6d80adf29fa
2023-04-10 13:05:30 +09:00
Max Lamprecht 33fec1971b setgid should be called before setuid
If you setuid to a non-zero value first(meaning you're no longer root),
then call setgroups, the effective uid of the process
is now no longer root, meaning that the internal setgid call fails

This also removes the duplicated if loop

Closes-Bug: #1628360
Change-Id: I5d66fccd9ffb07df0c2e4435ec3da767b3b61117
2023-03-03 08:49:26 +01:00
OpenStack Release Bot e2a4f5cf77 Update master for stable/2023.1
Add file to the reno documentation build to show release notes for
stable/2023.1.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.

Sem-Ver: feature
Change-Id: I269a611aa0abfef841c4a90b12ad60b4b930fd17
2023-02-24 15:21:53 +00:00
Rodolfo Alonso Hernandez c2b6df05e0 Setup logging without fixing evenlet logging
Since [1], ``oslo_log.log.setup`` can be called without applying the
fix for eventlet in native threads [2]. This fix clashes with the
oslo.privsep logging handler that replaces the original one. This
handler is implemented to allow the sync between the daemon process
and the process making the privileged call.

Once the oslo.log library version is bumped to 5.0.2, the try clause
can be removed.

[1]https://review.opendev.org/c/openstack/oslo.log/+/864252
[2]https://review.opendev.org/c/openstack/oslo.log/+/852443

Closes-Bug: #1995514
Related-Bug: #1995091
Change-Id: I7a4c55228064cb2dd4f4a359cdd81fd288baaf68
2023-02-08 10:58:08 +01:00
OpenStack Release Bot 1020c6fbf5 Add Python3 antelope unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope.

See also the PTI in governance [1].

[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html

Change-Id: Ib361f6d795f6e199b5405e9011b5942617be2e40
2022-09-09 09:17:57 +00:00
OpenStack Release Bot 6537764258 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: I2c7531ae610eb4f6a734f06445f097401e313405
2022-09-09 09:17:56 +00:00
Takashi Kajinami e62d408071 Remove logic for Python < 3.8
... because now this library supports only Python >= 3.8.

Change-Id: I6146d7421f4eaf613419a6887b208549d85a61d1
2022-07-17 01:02:03 +09:00
Hervé Beraud b0b2422dbb Drop python3.6/3.7 support in testing runtime
In Zed cycle testing runtime, we are targetting to drop the
python 3.6/3.7 support, project started adding python 3.8 as minimum,

example nova:
- 56b5aed08c/setup.cfg (L13)

Also indicates that we support python 3.9.

Change-Id: I25eabd9b58b0bb0babbedcd0203a262b15addcbf
2022-05-05 16:03:55 +02:00
songwenping fa16f4dc6e Remove unnecessary unicode prefixes
All strings are unicode by default in Python 3. No need to mark them as
such.

Change-Id: I506a7bcd8fb3de2088bf37ebbb117896de9ddc77
2022-04-19 15:11:57 +08:00
Zuul 73610db919 Merge "Add note explaining max_buffer_size value" 2022-04-11 21:59:32 +00:00
Zuul 9bdd2bf457 Merge "Bump max_buffer_size for Deserializer" 2022-03-22 14:10:04 +00:00
Stephen Finucane 394bd3782f Add note explaining max_buffer_size value
Follow-up for change I135917522daff95377d07566317ef0fc0d16e7cb

Change-Id: Ibc63dcf6d130c9d55a6f4c1f38c2da928fe2a4bd
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2022-03-22 12:32:38 +00:00
Pierre Riteau 46e1920d3b Fix formatting of release list
Change-Id: I5ea3060d9f8271391636e48ebb1b8ee54d0ef8c1
2022-03-22 12:21:40 +00:00
OpenStack Release Bot 24b3a99c6c Add Python3 zed unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for zed.

See also the PTI in governance [1].

[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html

Change-Id: I3035369a71ec17713a3e0d8ccb229e92751de024
2022-03-04 17:19:19 +00:00
OpenStack Release Bot 4ff6561c36 Update master for stable/yoga
Add file to the reno documentation build to show release notes for
stable/yoga.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.

Sem-Ver: feature
Change-Id: I25b75ca2f3d0b9da30398e6364f2211636ed2aed
2022-03-04 17:19:17 +00:00
Zuul 2b26dea61a Merge "Remove six" 2022-02-11 19:02:07 +00:00
Stephen Finucane 7f7b9d921e Remove six
This wasn't actually recorded in our list of dependencies, but we were
using it all the same. In any case, it's no longer necessary so remove
it.

Change-Id: Ia29fdf5058c2b22327cb0ba16c28bef3660e9ceb
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2021-12-21 11:35:00 +00:00
Mohammed Naser c223dbced7 Bump max_buffer_size for Deserializer
Since msgpack 0.6.0, some limits were introduced for the
deserializer which were put in to avoid any denial of service
attacks using msgpack.  These limits were raised to 100MiB
in the release of msgpack 1.0.0.

The default buffer sizes that were implemented were quite low
and when running certain `privsep` commands, especially for
Neutron when using linux bridge, where there is a large amount
of netdevs, privsep would crash since msgpack would fail to
decode the message since it considers it too big:

  ValueError: 1174941 exceeds max_str_len(1048576)

In this commit, the `max_buffer_size` is bumped to the value
that ships with msgpack==1.0.0 to allow for users who don't
have that to continue to function. Also, since `msgpack` is
only being used by the internal API, we're not worried about
a third party coming in and overwhelming the system by
deserializing calls.

This fix also addresses some weird behaviour where privsep
will die and certain OpenStack agents would start to behave
in a strange way once they hit a certain number of ports (since
any privsep calls would start to fail).

Closes-Bug: #1844822
Closes-Bug: #1896734
Related-Bug: #1928764
Closes-Bug: #1952611
Change-Id: I135917522daff95377d07566317ef0fc0d16e7cb
2021-12-01 13:25:43 +04:00
OpenStack Release Bot fa138406f7 Add Python3 yoga unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for yoga.

See also the PTI in governance [1].

[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html

Change-Id: Iee171b088bff0f21b44065e84a4bfcb742e36ace
2021-09-10 14:37:55 +00:00
OpenStack Release Bot df622f166d Update master for stable/xena
Add file to the reno documentation build to show release notes for
stable/xena.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.

Sem-Ver: feature
Change-Id: I9a7ec424eddc04346da8cbeadbe9f03c521de583
2021-09-10 14:37:54 +00:00
Zuul a3256ac9d3 Merge "Add except path with exception debug to send_recv" 2021-08-20 17:45:19 +00:00
Zuul 9aac44a7f7 Merge "Changed minversion in tox to 3.18.0" 2021-08-10 10:19:36 +00:00
Corey Bryant 4f1450677f Add except path with exception debug to send_recv
The related bug resulted when an exception occurred within the
future.result() call. This caused the finally block to be executed,
and therefore myid to be deleted from self.outstanding_msgs prior
to _reader_main() checking if the msgid not in self.outstanding_msgs.
This caused _reader_main() to raise an AssertionError because the
msgid was no longer in outstanding_msgs. This is a small step forward
to log a warning when this siutation occurs.

Related-Bug: #1927868
Change-Id: I2eed242e0c796b8a2aa3d1b21bd1da4c497f624d
2021-08-02 13:24:16 -04:00
elajkat f7f3349d6a Add timeout to PrivContext and entrypoint_with_timeout decorator
entrypoint_with_timeout decorator can be used with a timeout parameter,
if the timeout is reached PrivsepTimeout is raised.
The PrivContext has timeout variable, which will be used for all
functions decorated with entrypoint, and PrivsepTimeout is raised if
timeout is reached.

Co-authored-by: Rodolfo Alonso <ralonsoh@redhat.com>
Change-Id: Ie3b1fc255c0c05fd5403b90ef49b954fe397fb77
Related-Bug: #1930401
2021-06-23 09:43:33 +02:00
Zuul fa47d53dcb Merge "Allow finer grained log levels" 2021-06-22 17:22:35 +00:00
yangyawei fee00ebb11 Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Change-Id: I4ad1fbca83af0f0c89c3f18d38caa66ee735ea3e
2021-06-07 16:55:32 +08:00