Merge tag '1.2.3' into debian/stein
castellan 1.2.3 release
meta:version: 1.2.3
meta:diff-start: -
meta:series: stein
meta:release-type: release
meta:pypi: no
meta:first: no
meta:release:Author: Hervé Beraud <hberaud@redhat.com>
meta:release:Commit: Hervé Beraud <hberaud@redhat.com>
meta:release:Change-Id: Ifdd08c9f3457470c6fc0a142c10982bcbfb0450e
meta:release:Code-Review+2: Sean McGinnis <sean.mcginnis@gmail.com>
meta:release:Code-Review+2: Thierry Carrez <thierry@openstack.org>
meta:release:Workflow+1: Thierry Carrez <thierry@openstack.org>
Michal Arbet
3 years ago
0 | 0 | [gerrit] |
1 | host=review.openstack.org | |
1 | host=review.opendev.org | |
2 | 2 | port=29418 |
3 | 3 | project=openstack/castellan.git |
4 | defaultbranch=stable/rocky | |
4 | defaultbranch=stable/stein |
38 | 38 | s-object: false |
39 | 39 | s-proxy: false |
40 | 40 | devstack_plugins: |
41 | barbican: git://git.openstack.org/openstack/barbican | |
41 | barbican: https://opendev.org/openstack/barbican | |
42 | 42 | tox_environment: |
43 | 43 | PYTHONUNBUFFERED: 'true' |
44 | 44 | tox_install_siblings: false # I don't know what this means |
45 | 45 | tox_envlist: functional |
46 | zuul_work_dir: src/git.openstack.org/openstack/castellan | |
46 | zuul_work_dir: src/opendev.org/openstack/castellan | |
47 | 47 | |
48 | 48 | - project: |
49 | 49 | check: |
0 | # This is a cross-platform list tracking distribution packages needed for install and tests; | |
1 | # see https://docs.openstack.org/infra/bindep/ for additional information. | |
2 | ||
3 | unzip |
68 | 68 | cfg.BoolOpt('verify_ssl', |
69 | 69 | default=True, |
70 | 70 | help='Specifies if insecure TLS (https) requests. If False, ' |
71 | 'the server\'s certificate will not be validated'), | |
71 | 'the server\'s certificate will not be validated, if ' | |
72 | 'True, we can set the verify_ssl_path config meanwhile.'), | |
73 | cfg.StrOpt('verify_ssl_path', | |
74 | default=None, | |
75 | help='A path to a bundle or CA certs to check against, or ' | |
76 | 'None for requests to attempt to locate and use ' | |
77 | 'certificates which verify_ssh is True. If verify_ssl ' | |
78 | 'is False, this is ignored.'), | |
72 | 79 | cfg.StrOpt('barbican_endpoint_type', |
73 | 80 | default='public', |
74 | 81 | choices=['public', 'internal', 'admin'], |
121 | 128 | |
122 | 129 | try: |
123 | 130 | auth = self._get_keystone_auth(context) |
124 | sess = session.Session(auth=auth, | |
125 | verify=self.conf.barbican.verify_ssl) | |
131 | verify_ssl = self.conf.barbican.verify_ssl | |
132 | verify_ssl_path = self.conf.barbican.verify_ssl_path | |
133 | verify = verify_ssl and verify_ssl_path or verify_ssl | |
134 | sess = session.Session(auth=auth, verify=verify) | |
126 | 135 | |
127 | 136 | self._barbican_endpoint = self._get_barbican_endpoint(auth, sess) |
128 | 137 | self._barbican_client = barbican_client_import.Client( |
38 | 38 | def set_defaults(conf, backend=None, barbican_endpoint=None, |
39 | 39 | barbican_api_version=None, auth_endpoint=None, |
40 | 40 | retry_delay=None, number_of_retries=None, verify_ssl=None, |
41 | verify_ssl_path=None, | |
41 | 42 | api_class=None, vault_root_token_id=None, |
42 | 43 | vault_approle_role_id=None, vault_approle_secret_id=None, |
43 | 44 | vault_kv_mountpoint=None, vault_url=None, |
54 | 55 | :param retry_delay: Use this attribute to set retry delay. |
55 | 56 | :param number_of_retries: Use this attribute to set number of retries. |
56 | 57 | :param verify_ssl: Use this to specify if ssl should be verified. |
58 | :param verify_ssl_path: Use this to specify the CA path. | |
57 | 59 | :param vault_root_token_id: Use this for the root token id for vault. |
58 | 60 | :param vault_approle_role_id: Use this for the approle role_id for vault. |
59 | 61 | :param vault_approle_secret_id: Use this for the approle secret_id |
94 | 96 | group=bkm.BARBICAN_OPT_GROUP) |
95 | 97 | if verify_ssl is not None: |
96 | 98 | conf.set_default('verify_ssl', verify_ssl, |
99 | group=bkm.BARBICAN_OPT_GROUP) | |
100 | if verify_ssl_path is not None: | |
101 | conf.set_default('verify_ssl_path', verify_ssl_path, | |
97 | 102 | group=bkm.BARBICAN_OPT_GROUP) |
98 | 103 | if barbican_endpoint_type is not None: |
99 | 104 | conf.set_default('barbican_endpoint_type', barbican_endpoint_type, |
61 | 61 | self.assertEqual(number_of_retries, |
62 | 62 | conf.get(bkm.BARBICAN_OPT_GROUP).number_of_retries) |
63 | 63 | |
64 | verify_ssl = True | |
65 | options.set_defaults(conf, verify_ssl=True) | |
64 | verify_ssl = False | |
65 | options.set_defaults(conf, verify_ssl=False) | |
66 | 66 | self.assertEqual(verify_ssl, |
67 | 67 | conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl) |
68 | ||
69 | verify_ssl_path = '/mnt' | |
70 | options.set_defaults(conf, verify_ssl_path='/mnt') | |
71 | self.assertEqual(verify_ssl_path, | |
72 | conf.barbican.verify_ssl_path) | |
68 | 73 | |
69 | 74 | barbican_endpoint_type = 'internal' |
70 | 75 | options.set_defaults(conf, barbican_endpoint_type='internal') |
0 | --- | |
1 | fixes: | |
2 | - | | |
3 | Add a new parameter, ``verify_ssl_path``, that can be used to | |
4 | configure the path to CA certs when verifying requests to | |
5 | Barbican. |
9 | 9 | VIRTUAL_ENV={envdir} |
10 | 10 | OS_TEST_PATH=./castellan/tests/unit |
11 | 11 | deps = |
12 | -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} | |
12 | -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/stein} | |
13 | 13 | -r{toxinidir}/requirements.txt |
14 | 14 | -r{toxinidir}/test-requirements.txt |
15 | 15 | commands = stestr run --slowest {posargs} |
103 | 103 | -c{toxinidir}/lower-constraints.txt |
104 | 104 | -r{toxinidir}/test-requirements.txt |
105 | 105 | -r{toxinidir}/requirements.txt |
106 | ||
107 | [testenv:bindep] | |
108 | basepython = python3 | |
109 | # Do not install any requirements. We want this to be fast and work even if | |
110 | # system dependencies are missing, since it's used to tell you what system | |
111 | # dependencies are missing! This also means that bindep must be installed | |
112 | # separately, outside of the requirements files, and develop mode disabled | |
113 | # explicitly to avoid unnecessarily installing the checked-out repo too (this | |
114 | # further relies on "tox.skipsdist = True" above). | |
115 | deps = bindep | |
116 | commands = bindep test | |
117 | usedevelop = False |