summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Dropping lower constraints testingstable/victoriaHervé Beraud2021-11-043-58/+0
| | | | | | | | | | | | | | | We facing errors related to the new pip resolver, this topic was discussed on the ML and QA team proposed to to test lower-constraints [1]. I propose to drop this test because the complexity and recurring pain needed to maintain that now exceeds the benefits provided by this mechanismes. [1] http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019390.html Change-Id: Ifcaf6993517d02bf54cd144efd247832947a009f (cherry picked from commit 7b649af0c1569ebb61ed4e34da4a476ccb1474b9) (cherry picked from commit 21df7f5a32b3eb0f7352eafd9f79c7ca28919938)
* Update TOX_CONSTRAINTS_FILE for stable/victoriaOpenStack Release Bot2020-09-111-1/+1
| | | | | | | | | | | | Update the URL to the upper-constraints file to point to the redirect rule on releases.openstack.org so that anyone working on this branch will switch to the correct upper-constraints list automatically when the requirements repository branches. Until the requirements repository has as stable/victoria branch, tests will continue to use the upper-constraints list on master. Change-Id: I9d614137b33558c717d000cb4238c912b9b1d8d9
* Update .gitreview for stable/victoriaOpenStack Release Bot2020-09-111-0/+1
| | | | Change-Id: Ic4434bdb15f145627b7136164a2b4617e3da106f
* [goal] Migrate testing to ubuntu focalvictoria-em3.5.0Ghanshyam Mann2020-09-112-3/+3
| | | | | | | | | | | | | | | | | | | | As per victoria cycle testing runtime and community goal[1] we need to migrate upstream CI/CD to Ubuntu Focal(20.04). Fixing: - bug#1886298 Bump the lower constraints for required deps which added python3.8 support in their later version. Story: #2007865 Task: #40207 Closes-Bug: #1886298 [1] https://governance.openstack.org/tc/goals/selected/victoria/migrate-ci-cd-jobs-to-ubuntu-focal.h> Change-Id: I97072055f880915cef6c5c2f0210730e7bbe5119
* sample-generator: Improve YAML outputAkihiro Motoki2020-09-042-29/+25
| | | | | | | | | | | | | | | | | | | | This commit makes the following minor improvements in YAML output of oslopolicy-sample-generator. * Add a blank line between policies. Previously when a deprecated rule exists there was no blank line between the deprecated rule and the next rule. It was not easy to identify the beginning of the next rule. * Drop unnecessary blank line comment. If a policy is defined by RuleDefault instead of DocumentedRuleDefault there is no description and unnecessary blank line comment was added in an output YAML file. * Honor newlines in deprecated_text. Previously newlines in deprecated_text were dropped by _format_help_text(). Main deprecation message and reason are processed separately and newlines are not dropped now. Change-Id: I75889a1b05344a47135419d0553525f54c1a51b8
* Log warning for redundant file rules3.4.0Ghanshyam Mann2020-08-272-1/+37
| | | | | | | | | | | | If any rules present in policy file is exactly same as defaults then operators do not need to keep these redundant rules in files. 'oslopolicy-list-redundant' tool is to detects such rule but we can log warnings also for such rule to communicate it to the deployer in strong way. Partial implement blueprint policy-json-to-yaml Change-Id: Ie31ea13e8ea62bc495ceb1c1694407539e2cab8d
* Deprecate the JSON support for policy_fileGhanshyam Mann2020-08-275-0/+77
| | | | | | | | | | | | | | | | | | JSON support for policy_file has been problematic since projects started policy-in-code. For example, generating a sample policy file in JSON results in all the policy-in-code rules being overridden because it is not possible to comment out the default rules in JSON. Asd part of migration of JSON format to YAML, this commit deprecates the: 1. Deprecate JSON support in oslo.policy. 2. Deprecate JSON output in policy CLI tools including '--format' option. Partial implement blueprint policy-json-to-yaml Change-Id: I5432a8cf80903620f48936cbbfb92ea6b6ff30fa
* Add oslopolicy-convert-json-to-yaml toolGhanshyam Mann2020-08-277-5/+348
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add ``oslopolicy-convert-json-to-yaml`` tool which can be used to convert the json formatted policy file to yaml format. It takes json formatted policy file as input and convert it to a yaml formatted policy file similar to 'oslopolicy-sample-generator' tool except keeping the overridden rule as uncommented. This tool does the following: * Comment out any rules that match the default from policy-in-code. * Keep rules uncommented if rule is overridden. * Does not auto add the deprecated rules in the file unless it not already present in the file. * Keep any extra rules or already exist deprecated rules uncommented but at the end of the file with a warning text. I did not add the new functionality in existing 'oslopolicy-policy-upgrade' tool because the above listed features of new tool end up creating a complete different code path instead of reusing it from existing tool so it better to have separate tool which can be removed in future once all deployments are migrated to YAML formatted file. This commits add doc and reno also for this tool Partial implement blueprint policy-json-to-yaml Change-Id: Icc245951b2992cc09a891516ffd14f3d4c009920
* Merge "Clarify what exactly an "access file" is"Zuul2020-08-061-3/+5
|\
| * Clarify what exactly an "access file" isLance Bragstad2020-07-201-3/+5
| | | | | | | | | | | | | | | | The definition of an "access" file is very vague, but oslopolicy-checker expects it to be a token response body from keystone. If you don't pass a token response explicitly, oslopolicy-checker will fail. Change-Id: I5362fabb0344b67996367382dbc173eeaf39b06b
* | Bump bandit versionMoisés Guimarães de Medeiros2020-07-252-4/+8
| | | | | | | | | | | | | | | | This patch bumps bandit allowed version to >=1.6.0,<1.7.0 in order to avoid the errors detailed here https://github.com/PyCQA/bandit/pull/393 Change-Id: I0570c916cffc08bcbaebb385a9cc4a4c7038b215 Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
* | Fix unit tests to work with stevedore > 2.0.13.3.2yatinkarel2020-07-221-2/+2
|/ | | | | | | | | | | | | | stevedore has switched to importlib_metadata[1] and this breaked unit test as the test relied on internal implementation of it. Instead we should switch to mock NamedExtensionManager that's what called by oslo_policy. [1] https://review.opendev.org/#/c/739306/ Closes-Bug: #1888208 Change-Id: I993d743c53fa3506ceda3d1f291c12f4635eb60a
* Merge "Include example of literal comparison policy rule"3.3.1Zuul2020-07-101-0/+17
|\
| * Include example of literal comparison policy ruleBen Nemec2020-07-081-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing a literal comparison in a rule, it is necessary to enclose the literal in single quotes. This is not apparent from the existing docs and is only mentioned in a private module[0] which does not appear in the published docs. This change adds an example that covers literal comparisons and briefly discusses how to determine what fields are available for comparison. The latter should be expanded upon at some point as it is important for anyone writing their own policy rules. Change-Id: I383f179ce274c1cf00f83d006a1dcddd40c52084 0: https://github.com/openstack/oslo.policy/blob/de857746867344c1a3f9f1dadf87b7ae046a1fc1/oslo_policy/_checks.py#L299
* | Don't deepcopy objects before mask_dict_passwordBen Nemec2020-07-091-6/+3
|/ | | | | | | | | | | | As far as I can tell, mask_dict_password does not modify the object passed in to it[0]. As such, this deepcopy only adds an unnecessary requirement on the policy objects that makes it possible for a call to fail in a different way when debug logging is enabled. Since this is pretty terrible, let's get rid of it. Change-Id: I34eace9806e6ed7c9c6206a34f55debc0c20bac6 Closes-Bug: 1886984 0: https://github.com/openstack/oslo.utils/blob/4fe75b7e1bd3144282f107ce7cb61880257c7c1e/oslo_utils/strutils.py#L349
* Merge "docs: Add separate man page for each CLI tool"3.3.0Zuul2020-07-0111-187/+413
|\
| * docs: Add separate man page for each CLI toolStephen Finucane2020-06-3011-187/+413
| | | | | | | | | | Change-Id: Ifcfc88a67b038528f03756d550e1ddf8726cb37a Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
* | Merge "Align contributing doc with oslo's policy"Zuul2020-06-301-0/+5
|\ \ | |/ |/|
| * Align contributing doc with oslo's policyHervé Beraud2020-05-041-0/+5
| | | | | | | | | | | | | | | | Related to: - https://review.opendev.org/#/c/723044/ - https://governance.openstack.org/tc/goals/selected/ussuri/project-ptl-and-contrib-docs.html Change-Id: If940c896107ed76ac5234569f5490672fad2caf5
* | Add oslopolicy-validator toolBen Nemec2020-06-265-1/+163
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As requested in the referenced RFE bug, this is a validator tool similar to the oslo.config validator tool that operators can use to look for basic errors in their policy files. It's very similar to the redundant rule tool, but I decided not to combine them because I feel like the target use cases are enough different to warrant separate tools. Specifically, the redundant rule tool is looking for perfectly valid rules that just happen to be unnecessary. The validator is looking for errors in the policy file. While it's unlikely someone looking for redundant rules wouldn't also want to know if there is something broken in their policy file, it's likely that someone just looking to sanity check their policy before deployment wouldn't want to see a bunch of messages about redundant rules that won't cause any problems. Change-Id: I799a754aceac080c11baffd7ff635b2a9cb825f7 Closes-Bug: 1853038
* | Merge "Fix pygments style"3.2.1Zuul2020-06-082-4/+2
|\ \
| * | Fix pygments stylemelissaml2020-06-042-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | New theme of docs respects pygments_style. more info: http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html Change-Id: I9c03ccdf5dd63f2f13b34f72ebbe8c77168287b6
* | | Reload files in policy_dirs on primary file changeDmitrii Shcherbakov2020-06-083-7/+85
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was determined that rules from policy files located in the directory specified in the policy_dirs option (/etc/<config_dir>/policy.d by default) are not re-applied after the rules from the primary policy file is re-applied due to a change. This change introduces additional behavior to make sure the rules from policy_dirs are reapplied if there is a change to the primary policy file. Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a Closes-Bug: #1880959 Related-Bug: #1880847
* | Merge "Add release notes links to doc index"3.2.0Zuul2020-06-031-1/+12
|\ \
| * | Add release notes links to doc indexHervé Beraud2020-04-161-1/+12
| | | | | | | | | | | | Change-Id: I066ea68633e0bd906fc5b45aaa823e6e07fbae3a
* | | Merge "Remove the unused coding style modules"Zuul2020-05-261-5/+0
|\ \ \
| * | | Remove the unused coding style modulesjacky062020-05-151-5/+0
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | Python modules related to coding style checks (listed in blacklist.txt in openstack/requirements repo) are dropped from lower-constraints.txt as they are not actually used in tests (other than pep8). more info: https://github.com/openstack/requirements/blob/master/blacklist.txt Change-Id: Ib503fa525533ac7e663dc5990520bf27743a7dce
* | | Merge "Mark sphinx extensions thread safe"Zuul2020-05-252-0/+8
|\ \ \
| * | | Mark sphinx extensions thread safeSean McGinnis2020-04-132-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the return of some metadata to our sphinx extension setup to indicate they are thread safe. This is needed to allow consuming projects to do multithreaded docs builds. In some cases, this can save a noticeable amount of time in job execution. Change-Id: I104271bc706fc33247548a147db0af05aa88737d Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
* | | | Merge "Remove translation sections from setup.cfg"Zuul2020-05-222-16/+0
|\ \ \ \
| * | | | Remove translation sections from setup.cfgmelissaml2020-05-152-16/+0
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | These translation sections are not needed anymore, Babel can generate translation files without them. Change-Id: I01d74cb5ff4701ca537dc3ec0f877b45cda7c895
* | | | Switch to newer openstackdocstheme and reno versionsAndreas Jaeger2020-05-184-14/+9
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch to openstackdocstheme 2.2.0 and reno 3.1.0 versions. Using these versions will allow especially: * Linking from HTML to PDF document * Allow parallel building of documents * Fix some rendering Update Sphinx version as well. Remove docs requirements from lower-constraints, they are not needed during install or test but only for docs building. openstackdocstheme renames some variables, so follow the renames before the next release removes them. A couple of variables are also not needed anymore, remove them. Depends-On: https://review.opendev.org/728938 Change-Id: I565a343d875cea144928da007a93f0b93a5d4274
* | | docs: Add description of 'oslopolicy-policy-generator'Stephen Finucane2020-04-281-2/+39
| | | | | | | | | | | | | | | Change-Id: I6c98efa7463fc71176f9635f6ffebb5c7050bd49 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
* | | Merge "Add py38 package metadata"Zuul2020-04-271-0/+1
|\ \ \
| * | | Add py38 package metadataSean McGinnis2020-04-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that we are running the Victoria tests that include a voting py38, we can now add the Python 3.8 metadata to the package information to reflect that support. Change-Id: I602d143c89792824a2f206cdb45667b2f97e2e67 Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
* | | | Bump default tox env from py37 to py38Sean McGinnis2020-04-241-1/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Python 3.8 is now our highest level supported python runtime. This updates the default tox target environments to swap out py37 for py38 to make sure local development testing is covering this version. This does not impact zuul jobs in any way, nor prevent local tests against py37. It just changes the default if none is explicitly provided. Change-Id: I2217d3d37fa9a2c1dacc8ce2247801bc7d27ae7c Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
* | | Merge "Remove the conversion according to the comment of jdennis"Zuul2020-04-201-14/+1
|\ \ \ | |_|/ |/| |
| * | Remove the conversion according to the comment of jdennisArthur Dayne2020-04-071-14/+1
| | | | | | | | | | | | | | | | | | | | | Because the bug #1804528 has been fixed, the conversion to dict can be removed. Change-Id: Ibec9ec21096977c2876b373e388647766c79b3a7
* | | Add Python3 victoria unit testsOpenStack Release Bot2020-04-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an automatically generated patch to ensure unit testing is in place for all the of the tested runtimes for victoria. See also the PTI in governance [1]. [1]: https://governance.openstack.org/tc/reference/project-testing-interface.html Change-Id: I36272b571c7157cb95f95ae47c1908bfd19f49d3
* | | Update master for stable/ussuriOpenStack Release Bot2020-04-142-0/+7
| |/ |/| | | | | | | | | | | | | | | | | | | | | Add file to the reno documentation build to show release notes for stable/ussuri. Use pbr instruction to increment the minor version number automatically so that master versions are higher than the versions on stable/ussuri. Change-Id: Id0e367af0c1721a83bec0df102c8e48cf52e1d86 Sem-Ver: feature
* | Merge "Fix doc comments for new enforce default flag"3.1.0Zuul2020-04-093-14/+14
|\ \
| * | Fix doc comments for new enforce default flagGhanshyam Mann2020-04-093-14/+14
| | | | | | | | | | | | | | | | | | | | | This commit fixes the review comments from patch - https://review.opendev.org/#/c/717943/ Change-Id: I00edbea503aefbce31cbb43a74929db752235bf0
* | | Merge "Add new config to enforce the new defaults"Zuul2020-04-094-1/+59
|\ \ \ | |/ /
| * | Add new config to enforce the new defaultsGhanshyam Mann2020-04-074-1/+59
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When policy change their default check_str and not override by operator then old defaults check_str are added with OrCheck to the new default check_str so that old defaults keep working. If operators want to enforce the new defaults with no old defaults then they have to overwrite the policy rule in poicy file with new default value. This is not expected and very painful for them especially when all policies are switching to new defaults. For example: - https://review.opendev.org/#/q/topic:bp/policy-defaults-refresh+(status:open+OR+status:merged) This commit adds a new config options to control the new defaults enforcement. If True then old defaults will not be supported and also no warning will be logged. New config option is default to False so no change in behaviour for old users. Change-Id: I3c2c889af25b723f1eedbe6167d614c6a4bc6cd2
* | Merge "Allow disabling the default check_str change warnings"Zuul2020-04-092-1/+31
|\ \
| * | Allow disabling the default check_str change warningsGhanshyam Mann2020-04-082-1/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When policy change their default check_str and not override by operator then warnings are being logged which is ok when few policy are changing their defaults but in case of adopting the new defaults provided by keystone, all policies has to change their defaults. Nova has lot of policies which are changing their defaults. All those warnings started filling the logs. n-api log was 256 MB. - https://6d82362f2cdc504b27f1-9f757b11a1d2b00e739d31e1ecad199a.ssl.cf5.rackcdn.com/717662/1/check/tempest-integrated-compute/b3260ce/controller/logs/screen-n-api.txt - http://paste.openstack.org/show/791678/ Nova added workaround by suppressing all the warning via flag used to disable for testing 'suppress_deprecation_warnings'. - https://review.opendev.org/#/c/717802/ This commit adds a new flag to control the warning for policies changing their defaults check_str only. There is no change for Policy changing their name or marked for removal. New flag is default to False to no change in behaviour for old users. Change-Id: If7a467a12d5d272180fa8061d12e5f2699c08282
* | | Merge "Cleanup warnings"Zuul2020-04-085-17/+46
|\ \ \ | |_|/ |/| |
| * | Cleanup warningsStephen Finucane2020-04-075-17/+46
| |/ | | | | | | | | | | | | | | | | Zuul has taken to including warnings in the locations that they're raised in. We have a few of these in recent jobs so go ahead and clean them up. Change-Id: Ifcce20159d872ffd1447ca10f126ae2f2162f956 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
* | Bump oslo.utils to 3.40.0Arthur Dayne2020-04-072-1/+2
|/ | | | | | | | | | Because the bug #1804528 has been fixed in oslo.utils, we need to add an explicit dependency on oslo.utils to support removing "the conversion to dict" code snippet in oslo.policy.For more details please refer to https://review.opendev.org/#/c/717191 Change-Id: I4eb614dcb194d4f2668ba2259e624f850e0f1dfd
* Use unittest.mock instead of third party mock3.0.3Sean McGinnis2020-03-318-8/+12
| | | | | | | | Now that we no longer support py27, we can use the standard library unittest.mock module instead of the third party mock lib. Change-Id: Ib1f840f0cb778219f7640a2ca307847a090de6aa Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
View Lorry Controller Status