In support of the OSC migration, we need
to bump the lower-constraint for the
openstacksdk to allow for feature parity.
Change-Id: Ide69f84a76f06814cf74b73b57729f23dea1062b
The six library was introduced to bridge the gap
between Python2 and 3. This is no longer necessary
on branches where we are not supporting Python2.
Change-Id: I7736373d03c23884158e4a1d41defafb4e2b8a4c
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.
Also replace policy.json to policy.yaml ref from doc and code.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I1aa12bcd2638390f25d57ce8abeeec248121dc02
We received huge amount of warnings during service start.
Most about stop using `deprecated_reason` and `deprecated_since` by
`policy.DocumentedRuleDefault` directly. And should use them under
`policy.DeprecatedRule instead.
This patch apply for above suggestion.
Also bump oslo.policy lower-constraints and requirements to `3.7.0` to alias
policy behavior.
Story: 2008707
Task: 42041
Change-Id: Iefcfc30a051fe25ccc5121c7ddb817e8c271fcb6
This commit updates default policies to account for system scope
and default roles. This is part of a broader change to provide a
consistent and secure authorization experience across OpenStack
projects.
- Introduces basic/reusable check strings in base.py
- Implements secure RBAC for build info API
- Implements secure RBAC for the action API
- Implements secure RBAC for cloud formations
- Implements secure RBAC for events
- Implements secure RBAC for the resource API
- Implements secure RBAC for the service API
- Implements secure RBAC for software configs
- Implements secure RBAC for software deployments
- Implements secure RBAC for stacks
- Adds unit tests for legacy and new secure-rbac policies.
Change-Id: Iff1e39481ea3b1f00bd89dba4a00aed30334ecec
The broader OpenStack community is working towards implementing secure
RBAC, which is a common set of personas (role and scope permutations)
that deliver the most common asks for custom policies. It also addresses
long-standing issues with tenancy and enforce scope checking.
This commit updates the requirements for oslo.log, oslo.context,
oslo.i18n, oslo.policy, oslo.serialization and keystonemiddleware, which
are necessary for implementing this work. Subsequent patches will go
through and update the default policies.
Change-Id: Ib28f1b333f032b8c9f960a2510e4d23487541631
New pip version is quite strict and does not allow conflicting
minimum version deps in lower-constraints.
Change-Id: Ie524c54e3b982bc6b0786c875d34d177444ec6fc
This patch changes the lower-constraint requirements to make them
py3.8 compatible. See https://bugs.launchpad.net/nova/+bug/1886298
Markupsafe==1.1.1
PyMySQL==0.8.0
PyYAML==3.13
cffi==1.14.0
greenlet==0.4.15
kombu==5.0.1
lxml==4.5.0
oslo.db==6.0.0
paramiko==2.7.1
psycopg2==2.8
sqlalchemy-migrate==0.13.0
tenacity==6.1.0
Also update the test-setup.sh to work with recent version of mysql.
Change-Id: Ibe60d1e536f0e887eceea32b7cb4eec6318e96af
Partial-Bug: #1886298
The type of the entry point objects returned in stevedore has
been changed from`pkg_resources.EntryPoint` to
`importlib.metadata.EntryPoint`[1] and it does not have module_name
attribute.
It also bumps requirements/lower-constraints as stevedore==3.1.0 is
not backward compatible.
[1] https://review.opendev.org/#/c/740515/
Task: 40355
Change-Id: Icd68f6eab73e44406f2ff5073636dcdd111e00ea
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.
Change-Id: Ie0e43904d375e542ca00cd43b3c84c7afb31ee85
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Update local hacking checks for new flake8.
Ignore new warnings, they will be fixed in followup.
Remove hacking and friends from lower-constraints, they are not needed
to be installed at run-time.
Add Pygments to lower-constraints to pass requirements-check.
Change-Id: I20da1309e4d65707130fe517f013d3ed625bf94c
I hope I remembered all the discussion points we had about how to design
this plugin, so:
* Instead of changing OS::Neutron::ExtraRoute we introduce
OS::Neutron::ExtraRouteSet so we can take advantage of Neutron API's
ability to add/remove multiple extra routes at once.
* Addition and removal of extra routes is supposed to be atomic with
Neutron extension 'extraroute-atomic'. An update involves a removal
and an addition, therefore an update is not atomic operation. However
unless the responsibility for an extra route is moved from one stack
to another that should not be a problem.
* Sharing the responsibility for an extra route between stacks (that is
multiple stacks defining the same extra route) is not supported due
to the Neutron API not allowing this.
Let me know what did I forget.
Example template:
resources:
extrarouteset0:
type: OS::Neutron::ExtraRouteSet
properties:
router: { get_resource: router0 }
routes:
- destination: 10.0.0.0/24
nexthop: 10.0.0.10
- destination: 10.0.1.0/24
nexthop: 10.0.0.11
...
Change-Id: Ic1fe593d9821d844fd124b0212d444f6e3a0015e
Depends-On: https://review.opendev.org/675900
Story: #2005522
Task: #36264
- Bumps some of the lower constraints
- Fixes common/endpoint_utils.py to fallback to use auth_uri.
Change-Id: Ief0868d5feef3ee6b0689c6be27649ff009fbbcc
Add a OS::Blazar::Lease resource plugin to support Blazar which is a
resource reservation services in OpenStack.
Co-author: Asmita Singh <Asmita.Singh@nttdata.com>
Change-Id: I7683599d9e9443372d1f585985cee7c10fd08581
Task: 22882
Story: 2002085
This adds basic framework for heat-status upgrade
check commands. For now it has only "check_placeholder"
check implemented.
Real checks can be added to this tool in the future.
Change-Id: I83629184b49a6cf91928df702db23156433d99f6
Story: 2003657
Task: 26131
remove os-testr and testrepository in favor of stestr,
and remove qpid-python (does not seem to be imported anywhere).
Also adjust docs to describe running tests with stestr instead of
testrepository.
Change-Id: I12088ea2bf2475963db58d6e8e83fd6abe6f9b3f
This patch adds doc8 check for .rst files to pep8.
Files that fail doc8 check are also fixed.
Ignore D001 of doc8 check. This requires lot of changes and
should be done in a separated patch.
Change-Id: I7732abc55ec27026efbf56663ba02ff27e8ec847
Currently the constraints do not reject an ipaddress for ipv4 which have
fewer than 3 dots such as 'a' or 'a.b' or 'a.b.c'.
This enhancement provides an extra check that an ipv4 address has syntax:
'a.b.c.d'
This also applies to CIDR
Change-Id: Ia7ec8bf107abd169b6b6a91d0b8bb913fc3cc7b9
Story: 2002552
Task: 22114
The old way of renaming is duplicated [1]. This patch uses the
new way to rename a container. In addition, this patch also
bump the version of python-zunclient to 2.0.0
[1] https://review.openstack.org/#/c/557595/
Change-Id: I4ef36a3c4a805b3e041fcb9456c297e59865485c
Add a Blazar client plugin which will be used by a couple of Balazar
resources under development.
Change-Id: I0f68fc0525db3ba299d77019a102f24b9d3cea87
Task: 19754
Story: 2002085
In the course of switching over to lower-constraints, the lower
constraints got out of sync with the requirements. This change fixes the
constraints using the script mentioned in
http://lists.openstack.org/pipermail/openstack-dev/2018-April/129056.html
Change-Id: Iae317fa745862ebde4115ca8e77a26c6c9be20ac
Create a tox environment for running the unit tests against the lower
bounds of the dependencies.
Create a lower-constraints.txt to be used to enforce the lower bounds
in those tests.
Add openstack-tox-lower-constraints job to the zuul configuration.
See http://lists.openstack.org/pipermail/openstack-dev/2018-March/128352.html
for more details.
Change-Id: I72fd5f8c87133713cd272de210b7e957880f48f9
Depends-On: https://review.openstack.org/555034
Signed-off-by: Doug Hellmann <doug@doughellmann.com>