| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Related to:
- https://review.opendev.org/#/c/723044/
- https://governance.openstack.org/tc/goals/selected/ussuri/project-ptl-and-contrib-docs.html
Change-Id: If940c896107ed76ac5234569f5490672fad2caf5
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As requested in the referenced RFE bug, this is a validator tool
similar to the oslo.config validator tool that operators can use to
look for basic errors in their policy files.
It's very similar to the redundant rule tool, but I decided not to
combine them because I feel like the target use cases are enough
different to warrant separate tools. Specifically, the redundant
rule tool is looking for perfectly valid rules that just happen to
be unnecessary. The validator is looking for errors in the policy
file. While it's unlikely someone looking for redundant rules wouldn't
also want to know if there is something broken in their policy file,
it's likely that someone just looking to sanity check their policy
before deployment wouldn't want to see a bunch of messages about
redundant rules that won't cause any problems.
Change-Id: I799a754aceac080c11baffd7ff635b2a9cb825f7
Closes-Bug: 1853038
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
New theme of docs respects pygments_style.
more info: http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I9c03ccdf5dd63f2f13b34f72ebbe8c77168287b6
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It was determined that rules from policy files located in the directory
specified in the policy_dirs option (/etc/<config_dir>/policy.d by
default) are not re-applied after the rules from the primary policy file
is re-applied due to a change.
This change introduces additional behavior to make sure the rules from
policy_dirs are reapplied if there is a change to the primary policy
file.
Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a
Closes-Bug: #1880959
Related-Bug: #1880847
|
|\ \ |
|
| | |
| | |
| | |
| | | |
Change-Id: I066ea68633e0bd906fc5b45aaa823e6e07fbae3a
|
|\ \ \ |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Python modules related to coding style checks (listed in blacklist.txt in
openstack/requirements repo) are dropped from lower-constraints.txt
as they are not actually used in tests (other than pep8).
more info: https://github.com/openstack/requirements/blob/master/blacklist.txt
Change-Id: Ib503fa525533ac7e663dc5990520bf27743a7dce
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds the return of some metadata to our sphinx extension setup to
indicate they are thread safe. This is needed to allow consuming
projects to do multithreaded docs builds. In some cases, this can save a
noticeable amount of time in job execution.
Change-Id: I104271bc706fc33247548a147db0af05aa88737d
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|\ \ \ \ |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
These translation sections are not needed anymore, Babel can
generate translation files without them.
Change-Id: I01d74cb5ff4701ca537dc3ec0f877b45cda7c895
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Switch to openstackdocstheme 2.2.0 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering
Update Sphinx version as well.
Remove docs requirements from lower-constraints, they are not needed
during install or test but only for docs building.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
Depends-On: https://review.opendev.org/728938
Change-Id: I565a343d875cea144928da007a93f0b93a5d4274
|
| | |
| | |
| | |
| | |
| | | |
Change-Id: I6c98efa7463fc71176f9635f6ffebb5c7050bd49
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Now that we are running the Victoria tests that include a
voting py38, we can now add the Python 3.8 metadata to the
package information to reflect that support.
Change-Id: I602d143c89792824a2f206cdb45667b2f97e2e67
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Python 3.8 is now our highest level supported python runtime.
This updates the default tox target environments to swap out
py37 for py38 to make sure local development testing is
covering this version.
This does not impact zuul jobs in any way, nor prevent local
tests against py37. It just changes the default if none is
explicitly provided.
Change-Id: I2217d3d37fa9a2c1dacc8ce2247801bc7d27ae7c
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|\ \ \
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Because the bug #1804528 has been fixed, the conversion
to dict can be removed.
Change-Id: Ibec9ec21096977c2876b373e388647766c79b3a7
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for victoria.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: I36272b571c7157cb95f95ae47c1908bfd19f49d3
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: Id0e367af0c1721a83bec0df102c8e48cf52e1d86
Sem-Ver: feature
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit fixes the review comments from
patch - https://review.opendev.org/#/c/717943/
Change-Id: I00edbea503aefbce31cbb43a74929db752235bf0
|
|\ \ \
| |/ / |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When policy change their default check_str and not override by
operator then old defaults check_str are added with OrCheck to the
new default check_str so that old defaults keep working.
If operators want to enforce the new defaults with no old defaults then
they have to overwrite the policy rule in poicy file with new default
value. This is not expected and very painful for them especially when
all policies are switching to new defaults. For example:
- https://review.opendev.org/#/q/topic:bp/policy-defaults-refresh+(status:open+OR+status:merged)
This commit adds a new config options to control the new defaults enforcement.
If True then old defaults will not be supported and also no warning will
be logged.
New config option is default to False so no change in behaviour for old users.
Change-Id: I3c2c889af25b723f1eedbe6167d614c6a4bc6cd2
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When policy change their default check_str and not override by
operator then warnings are being logged which is ok when few
policy are changing their defaults but in case of adopting the
new defaults provided by keystone, all policies has to change
their defaults.
Nova has lot of policies which are changing their defaults. All
those warnings started filling the logs. n-api log was 256 MB.
- https://6d82362f2cdc504b27f1-9f757b11a1d2b00e739d31e1ecad199a.ssl.cf5.rackcdn.com/717662/1/check/tempest-integrated-compute/b3260ce/controller/logs/screen-n-api.txt
- http://paste.openstack.org/show/791678/
Nova added workaround by suppressing all the warning via flag used
to disable for testing 'suppress_deprecation_warnings'.
- https://review.opendev.org/#/c/717802/
This commit adds a new flag to control the warning for policies changing
their defaults check_str only. There is no change for Policy changing their
name or marked for removal.
New flag is default to False to no change in behaviour for old users.
Change-Id: If7a467a12d5d272180fa8061d12e5f2699c08282
|
|\ \ \
| |_|/
|/| | |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Zuul has taken to including warnings in the locations that they're
raised in. We have a few of these in recent jobs so go ahead and clean
them up.
Change-Id: Ifcce20159d872ffd1447ca10f126ae2f2162f956
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
Because the bug #1804528 has been fixed in oslo.utils,
we need to add an explicit dependency on oslo.utils to
support removing "the conversion to dict" code snippet in
oslo.policy.For more details please refer to
https://review.opendev.org/#/c/717191
Change-Id: I4eb614dcb194d4f2668ba2259e624f850e0f1dfd
|
|
|
|
|
|
|
|
| |
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Ib1f840f0cb778219f7640a2ca307847a090de6aa
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Blacklist:
W503 line break before binary operator
W504 line break after binary operator
Fix:
E123 closing bracket does not match indentation of opening bracket's line
E126 continuation line over-indented for hanging indent
Change-Id: I39003496a3f4be5a4cb05cdbae53a9c097e34e14
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sphinxpolicygen is calling the generate_sample cli entrypoint when
we aren't actually the command being run. This can cause problems
if the consuming project has cli args that get registered on import
of their modules because we may have parsed args before those modules
get imported. This results in an exception because oslo.config won't
allow cli args to be registered after they've been parsed once.
This change makes use of the existing parameter to generate_sample
that allows us to pass in a local config object on which to register
the cli args. This way we can parse them without affecting the
global config object.
This was the only place I could find that we were doing something
like this so I believe it should eliminate the problem.
Change-Id: I8e9f28b0a15d1ed092d72b983be74fe281708fbe
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to fix the referenced bug, we need to register cli args on
the global config object. Unfortunately, that causes issues because
our consumers are re-calling the conf object in their enforcers due
to the way we used to handle cli args. Specifically, the conf call
in the consumer fails because the namespace arg from oslo.policy is
registered as required, but they don't pass it to the conf call.
Long-term we want to stop having consumers call the conf object at
all, but in the meantime we need to provide a migration path that
doesn't break them. This change registers the namespace arg as
optional on the conf object and temporarily moves the required check
to oslo.policy. This will allow us to maintain the existing behavior
for our cli tools while not breaking consumers who haven't migrated
to the new cli arg behavior.
Note that we do have unit test coverage of this behavior[0], so we
can be reasonably confident the explicit check is maintaining
compatibility.
Change-Id: I34ce1dd15c464bec319e51d3e217e26554f1a944
Closes-Bug: 1863637
Related-Bug: 1849518
0: https://github.com/openstack/oslo.policy/blob/6e2fe3857367eb2b3e2d2e92121a408e1ff89ea4/oslo_policy/tests/test_generator.py#L500
|
|
|
|
| |
Change-Id: I085654bfac96462538f44621222ff97faa637ccf
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenStack is dropping the py2.7 support in Ussuri cycle.
Complete discussion & schedule can be found in
-
http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010142.html
- https://etherpad.openstack.org/p/drop-python2-support
Ussuri Communtiy-wide goal:
https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html
Change-Id: If6a07eee86a2aaf65bdf9fbb338809ad47e02a46
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, passing --config-file to a tool like oslopolicy-list-redundant
is ineffective because the projects pass an empty cli arg list to the
conf object when they initialize it. By registering our cli args on the
global conf object, the projects can safely parse cli args in their
call to the conf object so things like --config-file won't be ignored.
This didn't work before because oslo.policy recognizes cli args like
--namespace that aren't recognized by the consuming projects.
This will require followup changes in each project to stop passing an
empty cli arg list to the conf object initialization. In the meantime,
everything should continue to work as it did before.
Change-Id: Iacd257fc6c351582de45476768e3fd1775317d3c
Closes-Bug: 1849518
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The oslo.policy docs on writing custom policy checks use things like
the admin role without explaining where it comes from. This change
adds a link to the Keystone docs that explain which roles are created
by default and what they provide access to.
Change-Id: I70c01ad88344edd2db384da8b24ba0238764a8ec
|
| |
| |
| |
| |
| |
| |
| |
| | |
It was confusing that this was titled "Writing custom check rules"
when it only discussed HTTP check rules. This makes it more clear
what the document deals with.
Change-Id: If23d817ab1392b97f1e2d8cfc3ddef2be9d9619c
|
| |
| |
| |
| |
| |
| | |
https://docs.openstack.org/pbr/latest/user/features.html#test
Change-Id: Ie5f7cf0d8eefed2ee756114ef5a145fe151b11b2
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move 'basepython' to the top-level 'testenv'.
Use the default 'install_command'
https://tox.readthedocs.io/en/latest/config.html#conf-install_command
Change-Id: Ie53c073d62d0adf3627b165f1ad11c02b1927904
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For compliance with the Project Testing Interface as described in:
https://governance.openstack.org/tc/reference/project-testing-interface.html
For more detials information, please refer to:
http://lists.openstack.org/pipermail/openstack-dev/2017-December/125710.html
Change-Id: I1c10b87297a23e010613e951f65913bb54baf6b9
Co-Authored-By: Stephen Finucane <sfinucan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Constructing a policy string by sticking ' or ' between the new and
deprecated check_str values is error-prone. Construct the policy
programmatically instead by parsing the check_str values separately and
combining them into an OrCheck.
Change-Id: Ia2ee05aa08326c6daa214a7b1156baa6efe43dc0
Closes-Bug: #1856207
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some options are now automatically configured by the version 1.20:
- project
- html_last_updated_fmt
- latex_engine
- latex_elements
- version
- release.
Change-Id: I2c9f7b72a52edde7b18dc66bcc8c655630b3bbc2
|
|\ \ \
| |/ /
|/| | |
|
| |/
| |
| |
| | |
Change-Id: Ide0ce0642f30d3f5f6880d43cd5937ca63129065
|