Merge tag '3.0.2' into debian/ussuri
castellan 3.0.2 release
meta:version: 3.0.2
meta:diff-start: -
meta:series: ussuri
meta:release-type: release
meta:pypi: no
meta:first: no
meta:release:Author: Hervé Beraud <hberaud@redhat.com>
meta:release:Commit: Hervé Beraud <hberaud@redhat.com>
meta:release:Change-Id: I36461375db7a55aeb9cd87acf87870cb6db8f543
meta:release:Code-Review+2: Sean McGinnis <sean.mcginnis@gmail.com>
meta:release:Code-Review+2: Thierry Carrez <thierry@openstack.org>
meta:release:Workflow+1: Thierry Carrez <thierry@openstack.org>
Thomas Goirand
3 years ago
| 1 | 1 | host=review.opendev.org |
| 2 | 2 | port=29418 |
| 3 | 3 | project=openstack/castellan.git |
| 4 | defaultbranch=stable/rocky | |
| 4 | defaultbranch=stable/ussuri |
| 63 | 63 | cfg.BoolOpt('verify_ssl', |
| 64 | 64 | default=True, |
| 65 | 65 | help='Specifies if insecure TLS (https) requests. If False, ' |
| 66 | 'the server\'s certificate will not be validated'), | |
| 66 | 'the server\'s certificate will not be validated, if ' | |
| 67 | 'True, we can set the verify_ssl_path config meanwhile.'), | |
| 68 | cfg.StrOpt('verify_ssl_path', | |
| 69 | default=None, | |
| 70 | help='A path to a bundle or CA certs to check against, or ' | |
| 71 | 'None for requests to attempt to locate and use ' | |
| 72 | 'certificates which verify_ssh is True. If verify_ssl ' | |
| 73 | 'is False, this is ignored.'), | |
| 67 | 74 | cfg.StrOpt('barbican_endpoint_type', |
| 68 | 75 | default='public', |
| 69 | 76 | choices=['public', 'internal', 'admin'], |
| 108 | 115 | |
| 109 | 116 | try: |
| 110 | 117 | auth = self._get_keystone_auth(context) |
| 111 | sess = session.Session(auth=auth, | |
| 112 | verify=self.conf.barbican.verify_ssl) | |
| 118 | verify_ssl = self.conf.barbican.verify_ssl | |
| 119 | verify_ssl_path = self.conf.barbican.verify_ssl_path | |
| 120 | verify = verify_ssl and verify_ssl_path or verify_ssl | |
| 121 | sess = session.Session(auth=auth, verify=verify) | |
| 113 | 122 | |
| 114 | 123 | self._barbican_endpoint = self._get_barbican_endpoint(auth, sess) |
| 115 | 124 | self._barbican_client = barbican_client_import.Client( |
| 40 | 40 | def set_defaults(conf, backend=None, barbican_endpoint=None, |
| 41 | 41 | barbican_api_version=None, auth_endpoint=None, |
| 42 | 42 | retry_delay=None, number_of_retries=None, verify_ssl=None, |
| 43 | verify_ssl_path=None, | |
| 43 | 44 | api_class=None, vault_root_token_id=None, |
| 44 | 45 | vault_approle_role_id=None, vault_approle_secret_id=None, |
| 45 | 46 | vault_kv_mountpoint=None, vault_url=None, |
| 56 | 57 | :param retry_delay: Use this attribute to set retry delay. |
| 57 | 58 | :param number_of_retries: Use this attribute to set number of retries. |
| 58 | 59 | :param verify_ssl: Use this to specify if ssl should be verified. |
| 60 | :param verify_ssl_path: Use this to specify the CA path. | |
| 59 | 61 | :param vault_root_token_id: Use this for the root token id for vault. |
| 60 | 62 | :param vault_approle_role_id: Use this for the approle role_id for vault. |
| 61 | 63 | :param vault_approle_secret_id: Use this for the approle secret_id |
| 101 | 103 | group=bkm._BARBICAN_OPT_GROUP) |
| 102 | 104 | if verify_ssl is not None: |
| 103 | 105 | conf.set_default('verify_ssl', verify_ssl, |
| 106 | group=bkm._BARBICAN_OPT_GROUP) | |
| 107 | if verify_ssl_path is not None: | |
| 108 | conf.set_default('verify_ssl_path', verify_ssl_path, | |
| 104 | 109 | group=bkm._BARBICAN_OPT_GROUP) |
| 105 | 110 | if barbican_endpoint_type is not None: |
| 106 | 111 | conf.set_default('barbican_endpoint_type', barbican_endpoint_type, |
| 61 | 61 | self.assertEqual(number_of_retries, |
| 62 | 62 | conf.barbican.number_of_retries) |
| 63 | 63 | |
| 64 | verify_ssl = True | |
| 65 | options.set_defaults(conf, verify_ssl=True) | |
| 64 | verify_ssl = False | |
| 65 | options.set_defaults(conf, verify_ssl=False) | |
| 66 | 66 | self.assertEqual(verify_ssl, |
| 67 | 67 | conf.barbican.verify_ssl) |
| 68 | ||
| 69 | verify_ssl_path = '/mnt' | |
| 70 | options.set_defaults(conf, verify_ssl_path='/mnt') | |
| 71 | self.assertEqual(verify_ssl_path, | |
| 72 | conf.barbican.verify_ssl_path) | |
| 68 | 73 | |
| 69 | 74 | barbican_endpoint_type = 'internal' |
| 70 | 75 | options.set_defaults(conf, barbican_endpoint_type='internal') |
| 0 | --- | |
| 1 | fixes: | |
| 2 | - | | |
| 3 | Add a new parameter, ``verify_ssl_path``, that can be used to | |
| 4 | configure the path to CA certs when verifying requests to | |
| 5 | Barbican. |
| 10 | 10 | VIRTUAL_ENV={envdir} |
| 11 | 11 | OS_TEST_PATH=./castellan/tests/unit |
| 12 | 12 | deps = |
| 13 | -c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/openstack/requirements/raw/branch/master/upper-constraints.txt} | |
| 13 | -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/ussuri} | |
| 14 | 14 | -r{toxinidir}/requirements.txt |
| 15 | 15 | -r{toxinidir}/test-requirements.txt |
| 16 | 16 | commands = stestr run --slowest {posargs} |