summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Make tests pass in 2022stable/trainBernhard M. Wiedemann2020-01-071-1/+2
| | | | | | | | | | | | | Background: As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future. The usual offset is +15 years, because that is how long I expect some software will be used in some places. This showed up failing tests in our package build. See https://reproducible-builds.org/ for why this matters. This makes it expire 1 year in the future to model realistic tokens. Change-Id: I73bde68be53afff4e8dff12d756b8381f34b2adb (cherry picked from commit 4a4c96ce9b28ed54f93a21ca405c5b34ef3c3429)
* Update TOX/UPPER_CONSTRAINTS_FILE for stable/trainOpenStack Release Bot2019-09-201-1/+1
| | | | | | | | | | | | Update the URL to the upper-constraints file to point to the redirect rule on releases.openstack.org so that anyone working on this branch will switch to the correct upper-constraints list automatically when the requirements repository branches. Until the requirements repository has as stable/train branch, tests will continue to use the upper-constraints list on master. Change-Id: I4f8872e30d85de9a1ab9babe5ead73a65407e5d9
* Update .gitreview for stable/trainOpenStack Release Bot2019-09-201-0/+1
| | | | Change-Id: I94130c964769e960459555ab433893643f4f1101
* Comment html_static_path entry in docs conf.pytrain-em7.0.1Gage Hugo2019-08-231-1/+1
| | | | | | | | | | | Currently with sphinx 2.2.0 the docs job is throwing a warning that the html_static_path entry does not exist. We treat warnings as errors so this causes the job to fail. This change comments the html_static_path entry in conf.py since the path currently does not exist so it appears to be unused. Change-Id: Ib2c74f4f37855cec250d09b23c45b5b7fde44c8d
* Merge "Bump the openstackdocstheme extension to 1.20"Zuul2019-08-163-32/+1
|\
| * Bump the openstackdocstheme extension to 1.20pengyuesheng2019-08-023-32/+1
| | | | | | | | | | | | | | | | | | | | | | | | Some options are now automatically configured by the version 1.20: - project - html_last_updated_fmt - latex_engine - latex_elements - version - release. Change-Id: I161a3983e23b0ae50c232eb63ca78f8fd230e91e
* | Blacklist sphinx 2.1.0 (autodoc bug)pengyuesheng2019-08-021-1/+1
|/ | | | | | See https://github.com/sphinx-doc/sphinx/issues/6440 for upstream details Change-Id: Ia166252623563438c42538320f6fbf7c74785520
* Merge "Add validation of app cred access rules"7.0.0Zuul2019-07-1810-6/+376
|\
| * Add validation of app cred access rulesColleen Murphy2019-07-1510-6/+376
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds a validation step in the auth_token middleware to check for the presence of an access_rules attribute in an application credential token and to validate the request against the permissions granted for that token. During token validation it sends a header to keystone to indicate that it is capable of validating these access rules, and not providing this header for a token like this would result in the token failing validation. This disregards access rules for a service request made by a service on behalf of a user, such as nova making a request to glance, because such a request is not under the control of the user and is not expected to be explicitly allowed in the access rules. bp whitelist-extension-for-app-creds Depends-On: https://review.opendev.org/670377 Change-Id: I185e0541d5df538d74edadf9976b3034a2470c88
* | Merge "print auth version for request strategy in debug"Zuul2019-07-121-1/+1
|\ \ | |/ |/|
| * print auth version for request strategy in debugushen2019-05-201-1/+1
| | | | | | | | | | | | | | previously it will print auth version of _requested_auth_version which will be none all the time. Change it to klass makes more sense. Change-Id: I1cec8f163e808f03f15ef053e5768cf711238f0d
* | Add Python 3 Train unit testsCorey Bryant2019-06-262-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | This is a mechanically generated patch to ensure unit testing is in place for all of the Tested Runtimes for Train. See the Train python3-updates goal document for details: https://governance.openstack.org/tc/goals/train/python3-updates.html Change-Id: Iae72e055b0f407c1643b6c6161af28b535712a7d Story: #2005924 Task: #34215
* | Merge "Remove PKI/PKIZ support"Zuul2019-06-2140-2364/+29
|\ \
| * | Remove PKI/PKIZ supportMorgan Fainberg2019-06-1940-2364/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | Keystone server no longer supports PKI/PKIZ. This change removes keystonemiddleware's support of PKI/PKIZ and associated code. Change-Id: I9a6639a2aa3774be61972d57f38220f66fd5c0e8 closes-bug: #1649735 partial-bug: #1736985
* | | Remove Diablo compatibility testsColleen Murphy2019-06-202-62/+0
| | | | | | | | | | | | | | | | | | | | | We really don't care about Diablo compatibility any more. Clean up the old cruft. Change-Id: Ib1f628eb40ba0cb6334300cb6dca7dcdfcddba1b
* | | Fix bandit warningLance Bragstad2019-06-201-2/+2
|/ / | | | | | | | | | | | | Bandit is throwing warnings because we use 'token' in a couple of variables. Change-Id: I9fd21974027bc2bda6036c34fa587a044faaacae
* | Merge "Add a new option to choose the Identity endpoint"6.1.0Zuul2019-06-126-9/+33
|\ \
| * | Add a new option to choose the Identity endpointJens Harbott2019-06-036-9/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously the admin Identity endpoint was hardcoded to be used. Now that keystone has dropped v2 support, deploying an admin Identity endpoint is no longer useful, so allow this to be changed by the deployer. Keep the default as using the `admin` endpoint, but create a deprecation message so that we can change the default in the future. Partial-Bug: 1830002 Change-Id: I993a45ccb1109d67e65bf32d1e134cc9bec2d88e
* | | Blacklist bandit 1.6.0 & cap sphinx for 2.7Gage Hugo2019-05-202-2/+3
| |/ |/| | | | | | | | | | | | | | | | | The latest version of bandit has broken directory exclusion, so multiple test files are getting flagged. This change blocks version 1.6.0 while this issue is fixed for 1.6.1. This change also caps sphinx at <2.0.0 for python version 2.7. Change-Id: I5d32d835886360522af21f735c74b2f85036f7f1
* | OpenDev Migration PatchOpenDev Sysadmins2019-04-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit was bulk generated and pushed by the OpenDev sysadmins as a part of the Git hosting and code review systems migration detailed in these mailing list posts: http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html Attempts have been made to correct repository namespaces and hostnames based on simple pattern matching, but it's possible some were updated incorrectly or missed entirely. Please reach out to us via the contact information listed at https://opendev.org/ with any questions you may have.
* | Bump memcached minimum versionColleen Murphy2019-04-172-2/+2
| | | | | | | | | | | | | | python-memcached==1.56 causes the unit tests to fail under python3.7, so bump to the latest allowed by upper-constraints. Change-Id: I22a596afcb6b7477f6753ea9896f7ac025be3a85
* | Merge "Update master for stable/stein"Zuul2019-04-122-0/+7
|\ \
| * | Update master for stable/steinOpenStack Release Bot2019-03-182-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add file to the reno documentation build to show release notes for stable/stein. Use pbr instruction to increment the minor version number automatically so that master versions are higher than the versions on stable/stein. Change-Id: Ieb590fa57bd3af81dbb39ac9de1d55e34de5cf22 Sem-Ver: feature
* | | Fix string format errorSean McGinnis2019-04-091-1/+1
| |/ |/| | | | | | | | | | | | | Attempt to escape quotes actually forgot one of the quotes, causing "invalid escape sequence" warnings in the logs. Change-Id: I843257ba5c26f7ba6c5cd3b1b7c53ed26cb9ee8d Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
* | Update the min version of toxVishakha Agarwal2019-04-091-1/+1
| | | | | | | | | | | | | | | | | | In Train, we will use python3.6 and 3.7 for which the minimum tox version required is 2.5[1] [1]https://tox.readthedocs.io/en/latest/changelog.html#v2-6-0-2017-02-04 Change-Id: I3110e024268ca989e5b09d3dc087087f2d1b1f6f
* | Run lower-constraints on Bionic and update python-keystoneclientLance Bragstad2019-03-263-14/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | This commit updates the version of python-keystoneclient to 3.10.0, which has fixes to handle different openssl versions: https://review.openstack.org/#/c/406175/2 Since we're bumping the minimum version of python-keystoneclient to include that fix, we can safely run lower-constraints on Bionic instead of Xenial. Change-Id: I52fa44fe76590aced193618406ad30eb70d04f9d
* | Run lower-constraints job on XenialLance Bragstad2019-03-261-1/+12
|/ | | | | | | | | | | | | | | | | The openstack-lower-constraints-jobs was updated to run in Ubuntu Bionic, but the underlying version of openssl changed, causing tests in keystonemiddleware to fail with the current version of python-keystoneclient: https://review.openstack.org/#/c/406175/ Instead of bumping the version immediately, we can ensure the lower-constraints job runs on Xenial for the time being, making it so we can backport this fix to stable/stein. A subsequent patch will update the job to use Bionic when we bump the minimum version of python-keystoneclient. Change-Id: I5a5ad8ad86df80755a304f70597578b7dfec2068
* Merge "Fix debug tox environment"Zuul2019-03-061-5/+2
|\
| * Fix debug tox environmentColleen Murphy2019-02-281-5/+2
| | | | | | | | | | | | | | | | | | | | Without this patch, inserting a breakpoint causes the debug tox environment to hang for a long time until the testenv timeout is reached. This patch modifies the testenv to use similar stdout/stderr settings that we use in keystoneclient and keystoneauth, which seems to fix the issue, and removes other unnecessary settings. Change-Id: I2f2f8f4738f43648a6bda067efe605db5807eaff
* | Drop py35 jobsVishakha Agarwal2019-03-013-3/+3
|/ | | | | | | | | | | | Python 3.5 was the target runtime for the Rocky release. The current target py3 runtime for Stein is Python 3.6, so there is no reason to keep testing against the older version. Also correct setup.cfg and tox.ini to reflect the current supported Python versions. https://governance.openstack.org/tc/reference/runtimes/stein.html#python-runtime-for-stein Change-Id: I7304a04870bd5a41ae593d543291a25d73cabe60
* Merge "add python 3.7 unit test job"6.0.0Zuul2019-02-151-0/+1
|\
| * add python 3.7 unit test jobCorey Bryant2019-02-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This is a mechanically generated patch to add a unit test job running under Python 3.7. See ML discussion here [1] for context. [1] http://lists.openstack.org/pipermail/openstack-dev/2018-October/135626.html Change-Id: Ic446881e279447d988357021d6403eb20d60070e Story: #2004073 Task: #27422
* | Fix service_token_role_required optionZhongShengping2019-02-151-3/+3
| | | | | | | | | | | | The service_token_roles_required should be correct. Change-Id: I009e3a495953d61fb0c29a8b629efa3322cb0ddd
* | trivial: fix convention in release noteLance Bragstad2019-02-121-1/+1
|/ | | | Change-Id: I189738bb844828765bd95d8302a7654a12863a00
* Add auth invalidation in auth_token for identity endpoint updateYang Youseok2019-02-074-0/+29
| | | | | | | | | | | | | Currently auth_token middleware does not concern identity endpoint update since service catalog is not updated after service having auth_token middleware started. Add invalidation logic when EndpointNotfound exception occurs so that auth_token middleware can be notified of sevice catalog update without restart. Change-Id: I631ee1538883d732fe3987b172d987f703dad5c0 Closes-Bug: #1813739
* Merge "Make sure audit middleware use own context"Zuul2019-01-094-10/+18
|\
| * Make sure audit middleware use own contextLeehom Li (feli5)2018-12-244-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | Keystone audit middleware requires to iterate req.context as dict, but Glance requires to access req.context.read_only. When glance enabled audit, they are conflict with each other. This patch fix this issue by store audit context in req.environ['audit.context'] Change-Id: Ib9a62a4cd0b7b9ffb9fa2d6440e8072d45ee0fee Closes-Bug: #1809101 Signed-off-by: Leehom Li <feli5@cisco.com>
* | Remove testr.conf as it's been replaced by stestrRui Yuan Dou2018-12-261-8/+0
| | | | | | | | Change-Id: I73e5ed94cdd786d392a6a6b61b8ef4f630715482
* | Trivial: Update pypi url to new urlmelissaml2018-12-162-4/+4
|/ | | | | | | | | Pypi url changed from [1] to [2] [1] https://pypi.python.org/pypi/<package> [2] https://pypi.org/project/<package> Change-Id: Ibb6247bfb2cfe1c77f6841be2773cbff9475e0c6
* Merge "Added request_id and global_request_id to CADF notifications"Zuul2018-12-123-2/+37
|\
| * Added request_id and global_request_id to CADF notificationsArtem Vasilyev2018-11-193-2/+37
| | | | | | | | | | Change-Id: I8d571d3414071c68b4fa565dec46cc2d2941331c Closes-Bug: #1803940
* | Change openstack-dev to openstack-discussVieri2018-12-051-1/+1
| | | | | | | | | | | | Mailinglists have been updated. Openstack-discuss replaces openstack-dev. Change-Id: Ic98b7942c1f394a45958c86eb2d091490fc25b1f
* | Merge "Add py36 tox environment"Zuul2018-11-271-1/+1
|\ \ | |/ |/|
| * Add py36 tox environmentColleen Murphy2018-11-061-1/+1
| | | | | | | | | | | | | | | | We already run python3.6 unit tests in CI. Add the py36 environment to the tox file so that developers with python3.6 available locally can opt into running that version too. Change-Id: Ic7aad3d4adfafba226d3b1d1b2106d55135ce6ff
* | Merge "Stop supporting revocation list"Zuul2018-11-0710-734/+9
|\ \ | |/ |/|
| * Stop supporting revocation listMorgan Fainberg2018-10-3010-734/+9
| | | | | | | | | | | | | | | | | | | | | | With keystone's move to eliminating pki, pkiz, and uuid tokens the revocation list is no longer generated. Keystonemiddleware no longer needs to attempt to retrieve it and reference it. Change-Id: Ief3bf1941e62f9136dbed11877bca81c4102041b closes-bug: #1361743 partial-bug: #1649735 partial-bug: #1736985
* | Documentation Fix - auth_url Port NumberDavid Olorundare2018-11-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Made a small fix to the documentation - replacing the current auth_url port number 35357, in the configuration section of the [keystone_authtoken], with 5000. This was based on an online conversation with Colleen; with the removal of the v2 API from keystone the project now recommends use of port 5000 instead of the previous one. Change-Id: I750a4d0e75e0b919fd00ddf21c0e7ce62d495f95
* | Fix audit target service selectionMichael Johnson2018-10-293-2/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The keystonemiddleware audit code would select the wrong OpenStack service endpoint for a request if the cloud is not using unique TCP ports for each service endpoint. As most services are no longer using a port per service, but instead using unique paths, this caused the audit to select the wrong target service. This leads to incorrect audit logging due to the wrong audit map being used. This patch checks the request to see if a TCP port was present in the request, and if not, fall back to using the target_endpoint_type configured in the audit map file. Change-Id: Ie2e0bf74ecca485d599a4041bb770bd6e296bc99 Closes-bug: 1797584
* | Merge "Skip the services with no endpoints when parsing service catalog"Zuul2018-10-283-0/+29
|\ \
| * | Skip the services with no endpoints when parsing service catalogGuang Yee2018-10-263-0/+29
| |/ | | | | | | | | | | | | | | | | When parsing the service catalog to find the source, audit middleware should skip over the services which have no endpoints instead of assuming they will have at least one endpoint. Change-Id: I287873e99338d95baaf20d52ecb3a43763a401fc Closes-Bug: #1800017
View Lorry Controller Status