Merge tag '0.18.0' into debian/rocky
castellan 0.18.0 release
meta:version: 0.18.0
meta:diff-start: -
meta:series: rocky
meta:release-type: release
meta:pypi: no
meta:first: yes
meta:release:Author: Ben Nemec <bnemec@redhat.com>
meta:release:Commit: Ben Nemec <bnemec@redhat.com>
meta:release:Change-Id: I1ad8057682e860d2f3b5b037c7f1b63e86bed9be
meta:release:Code-Review+2: Tony Breeds <tony@bakeyournoodle.com>
meta:release:Workflow+1: Tony Breeds <tony@bakeyournoodle.com>
Thomas Goirand
5 years ago
| 25 | 25 | vars: |
| 26 | 26 | devstack_services: |
| 27 | 27 | # is there a way to disable all services? I only want barbican |
| 28 | ceilometer-acentral: False | |
| 29 | ceilometer-acompute: False | |
| 30 | ceilometer-alarm-evaluator: False | |
| 31 | ceilometer-alarm-notifier: False | |
| 32 | ceilometer-anotification: False | |
| 33 | ceilometer-api: False | |
| 34 | ceilometer-collector: False | |
| 35 | horizon: False | |
| 36 | s-account: False | |
| 37 | s-container: False | |
| 38 | s-object: False | |
| 39 | s-proxy: False | |
| 28 | ceilometer-acentral: false | |
| 29 | ceilometer-acompute: false | |
| 30 | ceilometer-alarm-evaluator: false | |
| 31 | ceilometer-alarm-notifier: false | |
| 32 | ceilometer-anotification: false | |
| 33 | ceilometer-api: false | |
| 34 | ceilometer-collector: false | |
| 35 | horizon: false | |
| 36 | s-account: false | |
| 37 | s-container: false | |
| 38 | s-object: false | |
| 39 | s-proxy: false | |
| 40 | 40 | devstack_plugins: |
| 41 | 41 | barbican: git://git.openstack.org/openstack/barbican |
| 42 | 42 | tox_environment: |
| 43 | 43 | PYTHONUNBUFFERED: 'true' |
| 44 | tox_install_siblings: False # I don't know what this means | |
| 44 | tox_install_siblings: false # I don't know what this means | |
| 45 | 45 | tox_envlist: functional |
| 46 | 46 | zuul_work_dir: src/git.openstack.org/openstack/castellan |
| 47 | 47 | |
| 48 | 48 | - project: |
| 49 | name: openstack/castellan | |
| 50 | 49 | check: |
| 51 | 50 | jobs: |
| 52 | 51 | - castellan-functional-vault |
| 53 | 52 | - castellan-functional-devstack |
| 53 | - openstack-tox-lower-constraints | |
| 54 | - barbican-simple-crypto-devstack-tempest-castellan-from-git | |
| 54 | 55 | gate: |
| 55 | 56 | jobs: |
| 56 | 57 | - castellan-functional-vault |
| 57 | 58 | - castellan-functional-devstack |
| 59 | - openstack-tox-lower-constraints | |
| 60 | - barbican-simple-crypto-devstack-tempest-castellan-from-git |
| 11 | 11 | Team and repository tags |
| 12 | 12 | ======================== |
| 13 | 13 | |
| 14 | .. image:: https://governance.openstack.org/badges/castellan.svg | |
| 15 | :target: https://governance.openstack.org/reference/tags/index.html | |
| 14 | .. image:: https://governance.openstack.org/tc/badges/castellan.svg | |
| 15 | :target: https://governance.openstack.org/tc/reference/tags/index.html |
| 69 | 69 | default=True, |
| 70 | 70 | help='Specifies if insecure TLS (https) requests. If False, ' |
| 71 | 71 | 'the server\'s certificate will not be validated'), |
| 72 | cfg.StrOpt('barbican_endpoint_type', | |
| 73 | default='public', | |
| 74 | choices=['public', 'internal', 'admin'], | |
| 75 | help='Specifies the type of endpoint. Allowed values are: ' | |
| 76 | 'public, private, and admin'), | |
| 77 | ||
| 72 | 78 | ] |
| 73 | 79 | |
| 74 | 80 | BARBICAN_OPT_GROUP = 'barbican' |
| 182 | 188 | raise exception.Forbidden(reason=msg) |
| 183 | 189 | |
| 184 | 190 | def _get_barbican_endpoint(self, auth, sess): |
| 185 | if self.conf.barbican.barbican_endpoint: | |
| 186 | return self.conf.barbican.barbican_endpoint | |
| 191 | barbican = self.conf.barbican | |
| 192 | if barbican.barbican_endpoint: | |
| 193 | return barbican.barbican_endpoint | |
| 187 | 194 | else: |
| 188 | 195 | service_parameters = {'service_type': 'key-manager', |
| 189 | 196 | 'service_name': 'barbican', |
| 190 | 'interface': 'public'} | |
| 197 | 'interface': barbican.barbican_endpoint_type} | |
| 191 | 198 | return auth.get_endpoint(sess, **service_parameters) |
| 192 | 199 | |
| 193 | 200 | def _create_base_url(self, auth, sess, endpoint): |
| 39 | 39 | barbican_api_version=None, auth_endpoint=None, |
| 40 | 40 | retry_delay=None, number_of_retries=None, verify_ssl=None, |
| 41 | 41 | api_class=None, vault_root_token_id=None, vault_url=None, |
| 42 | vault_ssl_ca_crt_file=None, vault_use_ssl=None): | |
| 42 | vault_ssl_ca_crt_file=None, vault_use_ssl=None, | |
| 43 | barbican_endpoint_type=None): | |
| 43 | 44 | """Set defaults for configuration values. |
| 44 | 45 | |
| 45 | 46 | Overrides the default options values. |
| 55 | 56 | :param vault_url: Use this for the url for vault. |
| 56 | 57 | :param vault_use_ssl: Use this to force vault driver to use ssl. |
| 57 | 58 | :param vault_ssl_ca_crt_file: Use this for the CA file for vault. |
| 59 | :param barbican_endpoint_type: Use this to specify the type of URL. | |
| 60 | : Valid values are: public, internal or admin. | |
| 58 | 61 | """ |
| 59 | 62 | conf.register_opts(km.key_manager_opts, group='key_manager') |
| 60 | 63 | if bkm: |
| 85 | 88 | group=bkm.BARBICAN_OPT_GROUP) |
| 86 | 89 | if verify_ssl is not None: |
| 87 | 90 | conf.set_default('verify_ssl', verify_ssl, |
| 91 | group=bkm.BARBICAN_OPT_GROUP) | |
| 92 | if barbican_endpoint_type is not None: | |
| 93 | conf.set_default('barbican_endpoint_type', barbican_endpoint_type, | |
| 88 | 94 | group=bkm.BARBICAN_OPT_GROUP) |
| 89 | 95 | |
| 90 | 96 | if vkm is not None: |
| 65 | 65 | options.set_defaults(conf, verify_ssl=True) |
| 66 | 66 | self.assertEqual(verify_ssl, |
| 67 | 67 | conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl) |
| 68 | ||
| 69 | barbican_endpoint_type = 'internal' | |
| 70 | options.set_defaults(conf, barbican_endpoint_type='internal') | |
| 71 | result_type = conf.get(bkm.BARBICAN_OPT_GROUP).barbican_endpoint_type | |
| 72 | self.assertEqual(barbican_endpoint_type, result_type) |
| 28 | 28 | |
| 29 | 29 | .. note:: |
| 30 | 30 | |
| 31 | Other available environments are py35, pypy and pep8. | |
| 31 | Other available environments are py35 and pep8. | |
| 32 | 32 | |
| 33 | 33 | If you do not have the appropriate Python versions available, consider |
| 34 | 34 | setting up PyEnv to install multiple versions of Python. See the |
| 43 | 43 | information on this please see `Setting up a Barbican development environment`_ |
| 44 | 44 | and `Using Keystone Middleware with Barbican`_ |
| 45 | 45 | |
| 46 | .. _`Setting up a Barbican development environment`: https://docs.openstack.org/barbican/latest/setup/dev.html | |
| 47 | .. _`Using Keystone Middleware with Barbican`: https://docs.openstack.org/barbican/latest/setup/keystone.html | |
| 46 | .. _`Setting up a Barbican development environment`: https://docs.openstack.org/barbican/latest/contributor/dev.html | |
| 47 | .. _`Using Keystone Middleware with Barbican`: https://docs.openstack.org/barbican/latest/configuration/keystone.html | |
| 48 | 48 | |
| 49 | 49 | Castellan uses either ``/etc/castellan/castellan-functional.conf`` or ``./etc/castellan/castellan-functional.conf`` |
| 50 | 50 | in order to run functional tests. A sample file can be generated by running: |
| 0 | alabaster==0.7.10 | |
| 1 | appdirs==1.3.0 | |
| 2 | asn1crypto==0.23.0 | |
| 3 | Babel==2.3.4 | |
| 4 | bandit==1.1.0 | |
| 5 | cffi==1.7.0 | |
| 6 | cliff==2.8.0 | |
| 7 | cmd2==0.8.0 | |
| 8 | coverage==4.0 | |
| 9 | cryptography==2.1 | |
| 10 | debtcollector==1.2.0 | |
| 11 | docutils==0.11 | |
| 12 | dulwich==0.15.0 | |
| 13 | extras==1.0.0 | |
| 14 | fixtures==3.0.0 | |
| 15 | flake8==2.5.5 | |
| 16 | gitdb==0.6.4 | |
| 17 | GitPython==1.0.1 | |
| 18 | hacking==0.12.0 | |
| 19 | idna==2.6 | |
| 20 | imagesize==0.7.1 | |
| 21 | iso8601==0.1.11 | |
| 22 | Jinja2==2.10 | |
| 23 | keystoneauth1==3.4.0 | |
| 24 | linecache2==1.0.0 | |
| 25 | MarkupSafe==1.0 | |
| 26 | mccabe==0.2.1 | |
| 27 | mock==2.0.0 | |
| 28 | monotonic==0.6 | |
| 29 | mox3==0.20.0 | |
| 30 | msgpack-python==0.4.0 | |
| 31 | netaddr==0.7.18 | |
| 32 | netifaces==0.10.4 | |
| 33 | openstackdocstheme==1.18.1 | |
| 34 | os-client-config==1.28.0 | |
| 35 | oslo.config==5.2.0 | |
| 36 | oslo.context==2.19.2 | |
| 37 | oslo.i18n==3.15.3 | |
| 38 | oslo.log==3.36.0 | |
| 39 | oslo.serialization==2.18.0 | |
| 40 | oslo.utils==3.33.0 | |
| 41 | oslotest==3.2.0 | |
| 42 | pbr==2.0.0 | |
| 43 | pep8==1.5.7 | |
| 44 | pifpaf==0.10.0 | |
| 45 | prettytable==0.7.2 | |
| 46 | pycparser==2.18 | |
| 47 | pyflakes==0.8.1 | |
| 48 | Pygments==2.2.0 | |
| 49 | pyinotify==0.9.6 | |
| 50 | pyparsing==2.1.0 | |
| 51 | pyperclip==1.5.27 | |
| 52 | python-barbicanclient==4.5.2 | |
| 53 | python-dateutil==2.5.3 | |
| 54 | python-mimeparse==1.6.0 | |
| 55 | python-subunit==1.0.0 | |
| 56 | pytz==2013.6 | |
| 57 | PyYAML==3.12 | |
| 58 | reno==2.5.0 | |
| 59 | requests==2.14.2 | |
| 60 | requestsexceptions==1.2.0 | |
| 61 | rfc3986==0.3.1 | |
| 62 | six==1.10.0 | |
| 63 | smmap==0.9.0 | |
| 64 | snowballstemmer==1.2.1 | |
| 65 | Sphinx==1.6.2 | |
| 66 | sphinxcontrib-websupport==1.0.1 | |
| 67 | stevedore==1.20.0 | |
| 68 | testrepository==0.0.18 | |
| 69 | testscenarios==0.4 | |
| 70 | testtools==2.2.0 | |
| 71 | traceback2==1.4.0 | |
| 72 | unittest2==1.1.0 | |
| 73 | wrapt==1.7.0 | |
| 74 | xattr==0.9.2 |
| 0 | =================================== | |
| 1 | Queens Series Release Notes | |
| 2 | =================================== | |
| 3 | ||
| 4 | .. release-notes:: | |
| 5 | :branch: stable/queens |
| 3 | 3 | |
| 4 | 4 | pbr!=2.1.0,>=2.0.0 # Apache-2.0 |
| 5 | 5 | Babel!=2.4.0,>=2.3.4 # BSD |
| 6 | cryptography!=2.0,>=1.9 # BSD/Apache-2.0 | |
| 7 | python-barbicanclient!=4.5.0,!=4.5.1,>=4.0.0 # Apache-2.0 | |
| 8 | oslo.config>=5.1.0 # Apache-2.0 | |
| 6 | cryptography>=2.1 # BSD/Apache-2.0 | |
| 7 | python-barbicanclient>=4.5.2 # Apache-2.0 | |
| 8 | oslo.config>=5.2.0 # Apache-2.0 | |
| 9 | 9 | oslo.context>=2.19.2 # Apache-2.0 |
| 10 | 10 | oslo.i18n>=3.15.3 # Apache-2.0 |
| 11 | oslo.log>=3.30.0 # Apache-2.0 | |
| 11 | oslo.log>=3.36.0 # Apache-2.0 | |
| 12 | 12 | oslo.utils>=3.33.0 # Apache-2.0 |
| 13 | 13 | stevedore>=1.20.0 # Apache-2.0 |
| 14 | keystoneauth1>=3.3.0 # Apache-2.0 | |
| 14 | keystoneauth1>=3.4.0 # Apache-2.0 |
| 3 | 3 | hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0 |
| 4 | 4 | |
| 5 | 5 | coverage!=4.4,>=4.0 # Apache-2.0 |
| 6 | python-barbicanclient!=4.5.0,!=4.5.1,>=4.0.0 # Apache-2.0 | |
| 6 | python-barbicanclient>=4.5.2 # Apache-2.0 | |
| 7 | 7 | python-subunit>=1.0.0 # Apache-2.0/BSD |
| 8 | sphinx>=1.6.2 # BSD | |
| 9 | openstackdocstheme>=1.17.0 # Apache-2.0 | |
| 10 | oslotest>=1.10.0 # Apache-2.0 | |
| 8 | sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD | |
| 9 | openstackdocstheme>=1.18.1 # Apache-2.0 | |
| 10 | oslotest>=3.2.0 # Apache-2.0 | |
| 11 | 11 | testrepository>=0.0.18 # Apache-2.0/BSD |
| 12 | 12 | testscenarios>=0.4 # Apache-2.0/BSD |
| 13 | 13 | testtools>=2.2.0 # MIT |
| 0 | 0 | [tox] |
| 1 | 1 | minversion = 1.6 |
| 2 | envlist = py35,py27,pypy,pep8 | |
| 2 | envlist = py35,py27,pep8 | |
| 3 | 3 | skipsdist = True |
| 4 | 4 | |
| 5 | 5 | [testenv] |
| 6 | basepython = python3 | |
| 6 | 7 | usedevelop = True |
| 7 | 8 | install_command = pip install {opts} {packages} |
| 8 | 9 | setenv = |
| 13 | 14 | -r{toxinidir}/requirements.txt |
| 14 | 15 | -r{toxinidir}/test-requirements.txt |
| 15 | 16 | commands = python setup.py testr --slowest --testr-args='{posargs}' |
| 17 | ||
| 18 | [testenv:py27] | |
| 19 | basepython = python2.7 | |
| 16 | 20 | |
| 17 | 21 | [testenv:pep8] |
| 18 | 22 | commands = |
| 80 | 84 | |
| 81 | 85 | [hacking] |
| 82 | 86 | import_exceptions = castellan.i18n |
| 87 | ||
| 88 | [testenv:lower-constraints] | |
| 89 | deps = | |
| 90 | -c{toxinidir}/lower-constraints.txt | |
| 91 | -r{toxinidir}/test-requirements.txt | |
| 92 | -r{toxinidir}/requirements.txt | |