This patch adds a few tests to increase the test coverage for the
PKCS#11 backend.
Related-Bug: #2036506
Change-Id: I3a95d3c1bedb42f8874be8ef622f0b9b7ae27bd7
As per 2025.1 testing runtime[1], we need to test on Ubuntu
Noble (which will be taken care by depends-on tempest and devstack
patches to move base jobs to Noble) and at least single job to run on
Ubuntu Jammy (for smooth upgrade from previous releases).
This commit adds a new job to run on Jammy which can be removed
in future cycle when testing runtime test next version of Ubuntu
as default.
Currently doc job running on Noble fail with the below error
which is fixed by installing libjpeg-dev package
- ERROR: ERROR: Failed to build installable wheels for some pyproject.toml based projects (Pillow)
Closes-Bug: #2088355
Depends-On: https://review.opendev.org/c/openstack/barbican-tempest-plugin/+/932946
[1] https://governance.openstack.org/tc/reference/runtimes/2025.1.html
Change-Id: I1b6332763c02b08cf2d1e0be9f1ed46e73b963f0
This patch fixes a typo in one of the mechanisms in the
PKCS11.wrap_key() function in the pkcs11 module.
Closes-Bug: #2036506
Change-Id: I0b4b43cc64a2c18b8e99ab85bbcad05c46611d8d
The PKCS#11 backend key-wraps (encrypts) the project-specific Key
Encryption Keys (pKEKs) using the master encryption key (MKEK).
The mechanism for wrapping/unwrapping the keys was hard-coded to use
CKM_AES_CBC_PAD. This patch refactors the pkcs11 module to make this
mechanism configurable.
This is necessary to fix Bug #2036506 because some PKCS#11 devices and
software implementations no longer allow CKM_AES_CBC_PAD to be used for
key wrapping.
Supported key wrap mechanisms now include:
* CKM_AES_CBC_PAD
* CKM_AES_KEY_WRAP_PAD
* CKM_AES_KEY_WRAP_KWP
Closes-Bug: #2036506
Change-Id: Ic2009a2a55622bb707e884d6a960c044b2248f52
The datetime.utcnow() is deprecated in Python 3.12.
Replace datetime.utcnow() with oslo_utils.timeutils.utcnow().
This bumps oslo.utils to 7.0.0.
Change-Id: Ic4e33df4fc9e858a9de139066feaaaec71bfc6fe
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
olso.policy 4.5.0[1] changed the config options policy_file
default value to 'policy.yaml', which means it is changed
for all the OpenStack services and they do not need to
override the default anymore.
NOTE: There is no change in behaviour here, oslo.policy provides
the same configuration that services have overridden till now.
[1] https://review.opendev.org/c/openstack/releases/+/934012
[2] https://review.opendev.org/c/openstack/requirements/+/934295
Change-Id: I3b9c52d66733806adde19337b43f6e2b2c223359
Since lower constraints job was removed the bounds are not actually
tested. Add a note to explain the bounds are maintained on best effort
basis.
Change-Id: I12f38ce31a876f780a53fc727c4b1d32e7ce8de2
Python 3.8 was removed from the tested runtimes for 2024.2[1] and has
not been tested since then.
Also add Python 3.12 which is part of the tested runtimes for 2025.1.
Now unit tests job with Python 3.12 is voting.
[1] https://governance.openstack.org/tc/reference/runtimes/2024.2.html
Change-Id: Ic7a7b70c5d7491c6fc095c859c21fb9dd56bfc39
This environment was used by SQLAlchemy 1.4 and is no longer necessary
since SQLAlchemy was bumped to 2.0 .
Change-Id: Iaae6f0e94082d2ee98fd4f759a5c639081ec7d56
Add file to the reno documentation build to show release notes for
stable/2024.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.2.
Sem-Ver: feature
Change-Id: I08d68490df82ee27f385e15652dcc66cf63bd649
This is primarily to fix the requirements-check job, which is failing
following the removal of excluded versions [1]:
ERROR: Requirement for package SQLAlchemy excludes a version not excluded in the global list.
Local settings : {'!=1.1.6', '!=1.1.7', '!=1.1.5', '!=1.1.8'}
Global settings: set()
Unexpected : {'!=1.1.6', '!=1.1.7', '!=1.1.5', '!=1.1.8'}
[1] https://review.opendev.org/c/openstack/requirements/+/879743
Change-Id: I3f719c9b31a3ae61a3bc06b1646f915ddc4b341e
These tests were disabled in the past because of some problems but
it seems the problems have be already resolved somehow. Restore
the test coverage to detect further regressions.
Story: 2002122
Task: 19825
Change-Id: I4267092b014c91b2b87f0740b162f24dffee3243
The kmip plugin requires the pykmip library but it hasn't been listed
in requirements or extra requirements.
Change-Id: I362c4a7f6d7bad331acd9007d46d890306d4bf88
Berbican has been historically using own implementation with sqlalchemy
to connect to database but this causes some feature gaps with the other
services using oslo.db to generate database engine.
This replaces the own implementation by oslo.db's one so that barbican
can also leverage the features implemented in the shared library.
With this change the deprecated database options are removed, because
the deprecated options were already removed from oslo.db.
Change-Id: I10fe4ab04996885e8aff7fab8ace78a6fe7eb6e7