Codebase list python-castellan / 460a0c2
Merge tag '1.2.3' into debian/stein castellan 1.2.3 release meta:version: 1.2.3 meta:diff-start: - meta:series: stein meta:release-type: release meta:pypi: no meta:first: no meta:release:Author: Hervé Beraud <hberaud@redhat.com> meta:release:Commit: Hervé Beraud <hberaud@redhat.com> meta:release:Change-Id: Ifdd08c9f3457470c6fc0a142c10982bcbfb0450e meta:release:Code-Review+2: Sean McGinnis <sean.mcginnis@gmail.com> meta:release:Code-Review+2: Thierry Carrez <thierry@openstack.org> meta:release:Workflow+1: Thierry Carrez <thierry@openstack.org> Michal Arbet 3 years ago
8 changed file(s) with 51 addition(s) and 10 deletion(s). Raw diff Collapse all Expand all
+2
-2
.gitreview less more
00 [gerrit]
1 host=review.openstack.org
1 host=review.opendev.org
22 port=29418
33 project=openstack/castellan.git
4 defaultbranch=stable/rocky
4 defaultbranch=stable/stein
+2
-2
.zuul.yaml less more
3838 s-object: false
3939 s-proxy: false
4040 devstack_plugins:
41 barbican: git://git.openstack.org/openstack/barbican
41 barbican: https://opendev.org/openstack/barbican
4242 tox_environment:
4343 PYTHONUNBUFFERED: 'true'
4444 tox_install_siblings: false # I don't know what this means
4545 tox_envlist: functional
46 zuul_work_dir: src/git.openstack.org/openstack/castellan
46 zuul_work_dir: src/opendev.org/openstack/castellan
4747
4848 - project:
4949 check:
+4
-0
bindep.txt less more
0 # This is a cross-platform list tracking distribution packages needed for install and tests;
1 # see https://docs.openstack.org/infra/bindep/ for additional information.
2
3 unzip
+12
-3
castellan/key_manager/barbican_key_manager.py less more
6868 cfg.BoolOpt('verify_ssl',
6969 default=True,
7070 help='Specifies if insecure TLS (https) requests. If False, '
71 'the server\'s certificate will not be validated'),
71 'the server\'s certificate will not be validated, if '
72 'True, we can set the verify_ssl_path config meanwhile.'),
73 cfg.StrOpt('verify_ssl_path',
74 default=None,
75 help='A path to a bundle or CA certs to check against, or '
76 'None for requests to attempt to locate and use '
77 'certificates which verify_ssh is True. If verify_ssl '
78 'is False, this is ignored.'),
7279 cfg.StrOpt('barbican_endpoint_type',
7380 default='public',
7481 choices=['public', 'internal', 'admin'],
121128
122129 try:
123130 auth = self._get_keystone_auth(context)
124 sess = session.Session(auth=auth,
125 verify=self.conf.barbican.verify_ssl)
131 verify_ssl = self.conf.barbican.verify_ssl
132 verify_ssl_path = self.conf.barbican.verify_ssl_path
133 verify = verify_ssl and verify_ssl_path or verify_ssl
134 sess = session.Session(auth=auth, verify=verify)
126135
127136 self._barbican_endpoint = self._get_barbican_endpoint(auth, sess)
128137 self._barbican_client = barbican_client_import.Client(
+5
-0
castellan/options.py less more
3838 def set_defaults(conf, backend=None, barbican_endpoint=None,
3939 barbican_api_version=None, auth_endpoint=None,
4040 retry_delay=None, number_of_retries=None, verify_ssl=None,
41 verify_ssl_path=None,
4142 api_class=None, vault_root_token_id=None,
4243 vault_approle_role_id=None, vault_approle_secret_id=None,
4344 vault_kv_mountpoint=None, vault_url=None,
5455 :param retry_delay: Use this attribute to set retry delay.
5556 :param number_of_retries: Use this attribute to set number of retries.
5657 :param verify_ssl: Use this to specify if ssl should be verified.
58 :param verify_ssl_path: Use this to specify the CA path.
5759 :param vault_root_token_id: Use this for the root token id for vault.
5860 :param vault_approle_role_id: Use this for the approle role_id for vault.
5961 :param vault_approle_secret_id: Use this for the approle secret_id
9496 group=bkm.BARBICAN_OPT_GROUP)
9597 if verify_ssl is not None:
9698 conf.set_default('verify_ssl', verify_ssl,
99 group=bkm.BARBICAN_OPT_GROUP)
100 if verify_ssl_path is not None:
101 conf.set_default('verify_ssl_path', verify_ssl_path,
97102 group=bkm.BARBICAN_OPT_GROUP)
98103 if barbican_endpoint_type is not None:
99104 conf.set_default('barbican_endpoint_type', barbican_endpoint_type,
+7
-2
castellan/tests/unit/test_options.py less more
6161 self.assertEqual(number_of_retries,
6262 conf.get(bkm.BARBICAN_OPT_GROUP).number_of_retries)
6363
64 verify_ssl = True
65 options.set_defaults(conf, verify_ssl=True)
64 verify_ssl = False
65 options.set_defaults(conf, verify_ssl=False)
6666 self.assertEqual(verify_ssl,
6767 conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl)
68
69 verify_ssl_path = '/mnt'
70 options.set_defaults(conf, verify_ssl_path='/mnt')
71 self.assertEqual(verify_ssl_path,
72 conf.barbican.verify_ssl_path)
6873
6974 barbican_endpoint_type = 'internal'
7075 options.set_defaults(conf, barbican_endpoint_type='internal')
+6
-0
releasenotes/notes/bug-1876102-7c7288fb6e90b11d.yaml less more
0 ---
1 fixes:
2 - |
3 Add a new parameter, ``verify_ssl_path``, that can be used to
4 configure the path to CA certs when verifying requests to
5 Barbican.
+13
-1
tox.ini less more
99 VIRTUAL_ENV={envdir}
1010 OS_TEST_PATH=./castellan/tests/unit
1111 deps =
12 -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt}
12 -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/stein}
1313 -r{toxinidir}/requirements.txt
1414 -r{toxinidir}/test-requirements.txt
1515 commands = stestr run --slowest {posargs}
103103 -c{toxinidir}/lower-constraints.txt
104104 -r{toxinidir}/test-requirements.txt
105105 -r{toxinidir}/requirements.txt
106
107 [testenv:bindep]
108 basepython = python3
109 # Do not install any requirements. We want this to be fast and work even if
110 # system dependencies are missing, since it's used to tell you what system
111 # dependencies are missing! This also means that bindep must be installed
112 # separately, outside of the requirements files, and develop mode disabled
113 # explicitly to avoid unnecessarily installing the checked-out repo too (this
114 # further relies on "tox.skipsdist = True" above).
115 deps = bindep
116 commands = bindep test
117 usedevelop = False