| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We facing errors related to the new pip resolver, this
topic was discussed on the ML and QA team proposed to
to test lower-constraints [1].
I propose to drop this test because the complexity and recurring pain needed
to maintain that now exceeds the benefits provided by this mechanismes.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019390.html
Change-Id: Ifcaf6993517d02bf54cd144efd247832947a009f
(cherry picked from commit 7b649af0c1569ebb61ed4e34da4a476ccb1474b9)
(cherry picked from commit 21df7f5a32b3eb0f7352eafd9f79c7ca28919938)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.
Until the requirements repository has as stable/victoria branch, tests will
continue to use the upper-constraints list on master.
Change-Id: I9d614137b33558c717d000cb4238c912b9b1d8d9
|
|
|
|
| |
Change-Id: Ic4434bdb15f145627b7136164a2b4617e3da106f
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per victoria cycle testing runtime and community goal[1]
we need to migrate upstream CI/CD to Ubuntu Focal(20.04).
Fixing:
- bug#1886298
Bump the lower constraints for required deps which added python3.8 support
in their later version.
Story: #2007865
Task: #40207
Closes-Bug: #1886298
[1] https://governance.openstack.org/tc/goals/selected/victoria/migrate-ci-cd-jobs-to-ubuntu-focal.h>
Change-Id: I97072055f880915cef6c5c2f0210730e7bbe5119
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit makes the following minor improvements
in YAML output of oslopolicy-sample-generator.
* Add a blank line between policies.
Previously when a deprecated rule exists there was no blank line
between the deprecated rule and the next rule.
It was not easy to identify the beginning of the next rule.
* Drop unnecessary blank line comment.
If a policy is defined by RuleDefault instead of DocumentedRuleDefault
there is no description and unnecessary blank line comment was added
in an output YAML file.
* Honor newlines in deprecated_text.
Previously newlines in deprecated_text were dropped by
_format_help_text(). Main deprecation message and reason are
processed separately and newlines are not dropped now.
Change-Id: I75889a1b05344a47135419d0553525f54c1a51b8
|
|
|
|
|
|
|
|
|
|
|
|
| |
If any rules present in policy file is exactly same as
defaults then operators do not need to keep these
redundant rules in files. 'oslopolicy-list-redundant' tool
is to detects such rule but we can log warnings also for
such rule to communicate it to the deployer in strong way.
Partial implement blueprint policy-json-to-yaml
Change-Id: Ie31ea13e8ea62bc495ceb1c1694407539e2cab8d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
JSON support for policy_file has been problematic
since projects started policy-in-code. For example,
generating a sample policy file in JSON results in
all the policy-in-code rules being overridden because
it is not possible to comment out the default rules in JSON.
Asd part of migration of JSON format to YAML, this commit
deprecates the:
1. Deprecate JSON support in oslo.policy.
2. Deprecate JSON output in policy CLI tools including '--format'
option.
Partial implement blueprint policy-json-to-yaml
Change-Id: I5432a8cf80903620f48936cbbfb92ea6b6ff30fa
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add ``oslopolicy-convert-json-to-yaml`` tool which can be
used to convert the json formatted policy file to yaml format.
It takes json formatted policy file as input and convert it to
a yaml formatted policy file similar to 'oslopolicy-sample-generator'
tool except keeping the overridden rule as uncommented.
This tool does the following:
* Comment out any rules that match the default from policy-in-code.
* Keep rules uncommented if rule is overridden.
* Does not auto add the deprecated rules in the file unless it not already
present in the file.
* Keep any extra rules or already exist deprecated rules uncommented
but at the end of the file with a warning text.
I did not add the new functionality in existing 'oslopolicy-policy-upgrade'
tool because the above listed features of new tool end up creating a
complete different code path instead of reusing it from existing tool so it
better to have separate tool which can be removed in future once all deployments
are migrated to YAML formatted file.
This commits add doc and reno also for this tool
Partial implement blueprint policy-json-to-yaml
Change-Id: Icc245951b2992cc09a891516ffd14f3d4c009920
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
The definition of an "access" file is very vague, but oslopolicy-checker
expects it to be a token response body from keystone. If you don't pass
a token response explicitly, oslopolicy-checker will fail.
Change-Id: I5362fabb0344b67996367382dbc173eeaf39b06b
|
| |
| |
| |
| |
| |
| |
| |
| | |
This patch bumps bandit allowed version to >=1.6.0,<1.7.0 in order to
avoid the errors detailed here https://github.com/PyCQA/bandit/pull/393
Change-Id: I0570c916cffc08bcbaebb385a9cc4a4c7038b215
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
stevedore has switched to importlib_metadata[1] and
this breaked unit test as the test relied on internal
implementation of it.
Instead we should switch to mock NamedExtensionManager
that's what called by oslo_policy.
[1] https://review.opendev.org/#/c/739306/
Closes-Bug: #1888208
Change-Id: I993d743c53fa3506ceda3d1f291c12f4635eb60a
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When doing a literal comparison in a rule, it is necessary to enclose
the literal in single quotes. This is not apparent from the existing
docs and is only mentioned in a private module[0] which does not
appear in the published docs. This change adds an example that covers
literal comparisons and briefly discusses how to determine what
fields are available for comparison. The latter should be expanded
upon at some point as it is important for anyone writing their own
policy rules.
Change-Id: I383f179ce274c1cf00f83d006a1dcddd40c52084
0: https://github.com/openstack/oslo.policy/blob/de857746867344c1a3f9f1dadf87b7ae046a1fc1/oslo_policy/_checks.py#L299
|
|/
|
|
|
|
|
|
|
|
|
|
| |
As far as I can tell, mask_dict_password does not modify the object
passed in to it[0]. As such, this deepcopy only adds an unnecessary
requirement on the policy objects that makes it possible for a call
to fail in a different way when debug logging is enabled. Since this
is pretty terrible, let's get rid of it.
Change-Id: I34eace9806e6ed7c9c6206a34f55debc0c20bac6
Closes-Bug: 1886984
0: https://github.com/openstack/oslo.utils/blob/4fe75b7e1bd3144282f107ce7cb61880257c7c1e/oslo_utils/strutils.py#L349
|
|\ |
|
| |
| |
| |
| |
| | |
Change-Id: Ifcfc88a67b038528f03756d550e1ddf8726cb37a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Related to:
- https://review.opendev.org/#/c/723044/
- https://governance.openstack.org/tc/goals/selected/ussuri/project-ptl-and-contrib-docs.html
Change-Id: If940c896107ed76ac5234569f5490672fad2caf5
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As requested in the referenced RFE bug, this is a validator tool
similar to the oslo.config validator tool that operators can use to
look for basic errors in their policy files.
It's very similar to the redundant rule tool, but I decided not to
combine them because I feel like the target use cases are enough
different to warrant separate tools. Specifically, the redundant
rule tool is looking for perfectly valid rules that just happen to
be unnecessary. The validator is looking for errors in the policy
file. While it's unlikely someone looking for redundant rules wouldn't
also want to know if there is something broken in their policy file,
it's likely that someone just looking to sanity check their policy
before deployment wouldn't want to see a bunch of messages about
redundant rules that won't cause any problems.
Change-Id: I799a754aceac080c11baffd7ff635b2a9cb825f7
Closes-Bug: 1853038
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
New theme of docs respects pygments_style.
more info: http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I9c03ccdf5dd63f2f13b34f72ebbe8c77168287b6
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It was determined that rules from policy files located in the directory
specified in the policy_dirs option (/etc/<config_dir>/policy.d by
default) are not re-applied after the rules from the primary policy file
is re-applied due to a change.
This change introduces additional behavior to make sure the rules from
policy_dirs are reapplied if there is a change to the primary policy
file.
Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a
Closes-Bug: #1880959
Related-Bug: #1880847
|
|\ \ |
|
| | |
| | |
| | |
| | | |
Change-Id: I066ea68633e0bd906fc5b45aaa823e6e07fbae3a
|
|\ \ \ |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Python modules related to coding style checks (listed in blacklist.txt in
openstack/requirements repo) are dropped from lower-constraints.txt
as they are not actually used in tests (other than pep8).
more info: https://github.com/openstack/requirements/blob/master/blacklist.txt
Change-Id: Ib503fa525533ac7e663dc5990520bf27743a7dce
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds the return of some metadata to our sphinx extension setup to
indicate they are thread safe. This is needed to allow consuming
projects to do multithreaded docs builds. In some cases, this can save a
noticeable amount of time in job execution.
Change-Id: I104271bc706fc33247548a147db0af05aa88737d
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|\ \ \ \ |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
These translation sections are not needed anymore, Babel can
generate translation files without them.
Change-Id: I01d74cb5ff4701ca537dc3ec0f877b45cda7c895
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Switch to openstackdocstheme 2.2.0 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering
Update Sphinx version as well.
Remove docs requirements from lower-constraints, they are not needed
during install or test but only for docs building.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
Depends-On: https://review.opendev.org/728938
Change-Id: I565a343d875cea144928da007a93f0b93a5d4274
|
| | |
| | |
| | |
| | |
| | | |
Change-Id: I6c98efa7463fc71176f9635f6ffebb5c7050bd49
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Now that we are running the Victoria tests that include a
voting py38, we can now add the Python 3.8 metadata to the
package information to reflect that support.
Change-Id: I602d143c89792824a2f206cdb45667b2f97e2e67
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Python 3.8 is now our highest level supported python runtime.
This updates the default tox target environments to swap out
py37 for py38 to make sure local development testing is
covering this version.
This does not impact zuul jobs in any way, nor prevent local
tests against py37. It just changes the default if none is
explicitly provided.
Change-Id: I2217d3d37fa9a2c1dacc8ce2247801bc7d27ae7c
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|\ \ \
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Because the bug #1804528 has been fixed, the conversion
to dict can be removed.
Change-Id: Ibec9ec21096977c2876b373e388647766c79b3a7
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for victoria.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: I36272b571c7157cb95f95ae47c1908bfd19f49d3
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: Id0e367af0c1721a83bec0df102c8e48cf52e1d86
Sem-Ver: feature
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit fixes the review comments from
patch - https://review.opendev.org/#/c/717943/
Change-Id: I00edbea503aefbce31cbb43a74929db752235bf0
|
|\ \ \
| |/ / |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When policy change their default check_str and not override by
operator then old defaults check_str are added with OrCheck to the
new default check_str so that old defaults keep working.
If operators want to enforce the new defaults with no old defaults then
they have to overwrite the policy rule in poicy file with new default
value. This is not expected and very painful for them especially when
all policies are switching to new defaults. For example:
- https://review.opendev.org/#/q/topic:bp/policy-defaults-refresh+(status:open+OR+status:merged)
This commit adds a new config options to control the new defaults enforcement.
If True then old defaults will not be supported and also no warning will
be logged.
New config option is default to False so no change in behaviour for old users.
Change-Id: I3c2c889af25b723f1eedbe6167d614c6a4bc6cd2
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When policy change their default check_str and not override by
operator then warnings are being logged which is ok when few
policy are changing their defaults but in case of adopting the
new defaults provided by keystone, all policies has to change
their defaults.
Nova has lot of policies which are changing their defaults. All
those warnings started filling the logs. n-api log was 256 MB.
- https://6d82362f2cdc504b27f1-9f757b11a1d2b00e739d31e1ecad199a.ssl.cf5.rackcdn.com/717662/1/check/tempest-integrated-compute/b3260ce/controller/logs/screen-n-api.txt
- http://paste.openstack.org/show/791678/
Nova added workaround by suppressing all the warning via flag used
to disable for testing 'suppress_deprecation_warnings'.
- https://review.opendev.org/#/c/717802/
This commit adds a new flag to control the warning for policies changing
their defaults check_str only. There is no change for Policy changing their
name or marked for removal.
New flag is default to False to no change in behaviour for old users.
Change-Id: If7a467a12d5d272180fa8061d12e5f2699c08282
|
|\ \ \
| |_|/
|/| | |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Zuul has taken to including warnings in the locations that they're
raised in. We have a few of these in recent jobs so go ahead and clean
them up.
Change-Id: Ifcce20159d872ffd1447ca10f126ae2f2162f956
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
Because the bug #1804528 has been fixed in oslo.utils,
we need to add an explicit dependency on oslo.utils to
support removing "the conversion to dict" code snippet in
oslo.policy.For more details please refer to
https://review.opendev.org/#/c/717191
Change-Id: I4eb614dcb194d4f2668ba2259e624f850e0f1dfd
|
|
|
|
|
|
|
|
| |
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Ib1f840f0cb778219f7640a2ca307847a090de6aa
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|