3690 Commits

Author SHA1 Message Date
Zuul
55c758eb7c Merge "Remove unused versionbuild script" 2024-12-23 11:43:35 +00:00
Zuul
40b5c4a206 Merge "reno: Update master for unmaintained/2023.1" 2024-12-23 11:07:26 +00:00
Zuul
0589f7fb34 Merge "Update gate jobs as per the 2025.1 cycle testing runtime" 2024-11-30 20:11:41 +00:00
16ff9bc2fe reno: Update master for unmaintained/2023.1
Update the 2023.1 release notes configuration to build from
unmaintained/2023.1.

Change-Id: I1bf73116466cdcf5618d7c58d0e4b3c2a125d8b0
2024-11-29 08:23:04 +00:00
Zuul
49c7ac543f Merge "Replace deprecated datetime.utcnow()" 2024-11-21 04:12:36 +00:00
Zuul
a6bbc02f6a Merge "Remove default override for config options policy_file" 2024-11-21 04:01:40 +00:00
Douglas Mendizabal
bae6737cb3 Increase unit testing coverage for PKCS#11
This patch adds a few tests to increase the test coverage for the
PKCS#11 backend.

Related-Bug: #2036506
Change-Id: I3a95d3c1bedb42f8874be8ef622f0b9b7ae27bd7
2024-11-19 14:45:18 -05:00
Ghanshyam Mann
ccaa10394d Update gate jobs as per the 2025.1 cycle testing runtime
As per 2025.1 testing runtime[1], we need to test on Ubuntu
Noble (which will be taken care by depends-on tempest and devstack
patches to move base jobs to Noble) and at least single job to run on
Ubuntu Jammy (for smooth upgrade from previous releases).

This commit adds a new job to run on Jammy which can be removed
in future cycle when testing runtime test next version of Ubuntu
as default.

Currently doc job running on Noble fail with the below error
which is fixed by installing libjpeg-dev package
 - ERROR: ERROR: Failed to build installable wheels for some pyproject.toml based projects (Pillow)

Closes-Bug: #2088355

Depends-On: https://review.opendev.org/c/openstack/barbican-tempest-plugin/+/932946

[1] https://governance.openstack.org/tc/reference/runtimes/2025.1.html

Change-Id: I1b6332763c02b08cf2d1e0be9f1ed46e73b963f0
2024-11-17 02:56:01 +00:00
Douglas Mendizabal
7b36764cd1 Fix typo in wrap_key function
This patch fixes a typo in one of the mechanisms in the
PKCS11.wrap_key() function in the pkcs11 module.

Closes-Bug: #2036506
Change-Id: I0b4b43cc64a2c18b8e99ab85bbcad05c46611d8d
2024-11-14 15:41:05 -05:00
Douglas Mendizábal
0d4101fa5d Configure mechanism for wrapping pKEKs
The PKCS#11 backend key-wraps (encrypts) the project-specific Key
Encryption Keys (pKEKs) using the master encryption key (MKEK).

The mechanism for wrapping/unwrapping the keys was hard-coded to use
CKM_AES_CBC_PAD.  This patch refactors the pkcs11 module to make this
mechanism configurable.

This is necessary to fix Bug #2036506 because some PKCS#11 devices and
software implementations no longer allow CKM_AES_CBC_PAD to be used for
key wrapping.

Supported key wrap mechanisms now include:

* CKM_AES_CBC_PAD
* CKM_AES_KEY_WRAP_PAD
* CKM_AES_KEY_WRAP_KWP

Closes-Bug: #2036506
Change-Id: Ic2009a2a55622bb707e884d6a960c044b2248f52
2024-11-13 15:42:30 -05:00
Takashi Natsume
b365afcd9c Replace deprecated datetime.utcnow()
The datetime.utcnow() is deprecated in Python 3.12.
Replace datetime.utcnow() with oslo_utils.timeutils.utcnow().
This bumps oslo.utils to 7.0.0.

Change-Id: Ic4e33df4fc9e858a9de139066feaaaec71bfc6fe
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
2024-11-13 15:49:59 +00:00
Ghanshyam Mann
4110cd8adc Remove default override for config options policy_file
olso.policy 4.5.0[1] changed the config options policy_file
default value to 'policy.yaml', which means it is changed
for all the OpenStack services and they do not need to
override the default anymore.

NOTE: There is no change in behaviour here, oslo.policy provides
the same configuration that services have overridden till now.

[1] https://review.opendev.org/c/openstack/releases/+/934012
[2] https://review.opendev.org/c/openstack/requirements/+/934295

Change-Id: I3b9c52d66733806adde19337b43f6e2b2c223359
2024-11-10 21:38:13 -08:00
Zuul
2ec8724585 Merge "Remove Python 3.8 support" 2024-10-30 15:49:38 +00:00
Takashi Kajinami
52f4d5ca17 Add note about requirements lower bounds
Since lower constraints job was removed the bounds are not actually
tested. Add a note to explain the bounds are maintained on best effort
basis.

Change-Id: I12f38ce31a876f780a53fc727c4b1d32e7ce8de2
2024-10-26 18:30:18 +00:00
Takashi Kajinami
72b2d693f6 Remove Python 3.8 support
Python 3.8 was removed from the tested runtimes for 2024.2[1] and has
not been tested since then.

Also add Python 3.12 which is part of the tested runtimes for 2025.1.
Now unit tests job with Python 3.12 is voting.

[1] https://governance.openstack.org/tc/reference/runtimes/2024.2.html

Change-Id: Ic7a7b70c5d7491c6fc095c859c21fb9dd56bfc39
2024-10-24 18:08:12 +09:00
OpenStack Proposal Bot
e1f7b30e93 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I0668c03ee516fed6d971ea9cd7e4007aa17cfad1
2024-10-08 03:38:47 +00:00
Zuul
97ce039f26 Merge "Drop SQLALCHEMY_WARN_20" 2024-10-07 12:13:40 +00:00
Zuul
9bfe39312d Merge "Update master for stable/2024.2" 2024-10-07 11:45:03 +00:00
Takashi Kajinami
45b01d35f2 Drop SQLALCHEMY_WARN_20
This environment was used by SQLAlchemy 1.4 and is no longer necessary
since SQLAlchemy was bumped to 2.0 .

Change-Id: Iaae6f0e94082d2ee98fd4f759a5c639081ec7d56
2024-09-16 06:24:16 +00:00
1321a2abba Update master for stable/2024.2
Add file to the reno documentation build to show release notes for
stable/2024.2.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.2.

Sem-Ver: feature
Change-Id: I08d68490df82ee27f385e15652dcc66cf63bd649
2024-09-12 13:11:38 +00:00
OpenStack Proposal Bot
1046886f37 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Idf4a009d64ca886af4c41d0168efe8eb9dde25c8
2024-09-05 04:02:23 +00:00
Takashi Kajinami
3d961ae1e6 Remove unused versionbuild script
This was initially added to manage release version[1] but now we
switched to use release tags only long long ago[2].

[1] 21420f6c730fb7e4063cddd28de3e7580c6efb36
[2] https://lists.openstack.org/pipermail/openstack-dev/2015-November/080692.html

Change-Id: I234bb721db2cbd50d7c1deb966cb7b33d0aef498
2024-09-01 22:12:45 +09:00
Ghanshyam Mann
9d641cef18 Keep new RBAC disable by default
oslo.policy has enabled the new RBAC config options
enforce_scope and enforce_new_defaults by default[1][2].

Barbican new RBAC was disable by default. To give more time
to operator, let's continue the same setting in this release
also.

Also, there are many test modification is needed for the new
RBAC (using the new RBAC default role in tests)
- https://ce83b06baa590a9f8123-eae5def07f653ed6fc0c0045180a6a87.ssl.cf2.rackcdn.com/925464/3/check/cross-barbican-py311/86af837/testr_results.html

As oslo.policy enable them by default, we override the setting
for the Barbican.

NOTE: there is no change in behaviour, Barbican continue with the
old RBAC as default.

ref: https://review.opendev.org/c/openstack/requirements/+/925464

[1] https://review.opendev.org/c/openstack/oslo.policy/+/924283
[2] https://review.opendev.org/c/openstack/releases/+/925032

Change-Id: I8514969e12851d03f3dbee93b040d6c8763ebc5c
19.0.0.0rc1 19.0.0
2024-08-20 18:09:43 -07:00
Zuul
f3f104079a Merge "reno: Update master for unmaintained/zed" 2024-07-24 13:36:05 +00:00
Zuul
f4cb339cf6 Merge "Remove SQLAlchemy tips jobs" 2024-07-24 13:36:03 +00:00
Zuul
474db4be29 Merge "Imported Translations from Zanata" 2024-07-24 13:04:18 +00:00
Zuul
1961bbb06d Merge "reno: Update master for unmaintained/xena" 2024-07-24 13:03:32 +00:00
OpenStack Proposal Bot
7826ea9c15 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I8cc22a972a6e2ea69c200afadc14edbf75b96851
2024-07-10 02:48:10 +00:00
Zuul
3d11d9ffac Merge "Replace pyOpenSSL by cryptography" 2024-06-17 15:26:29 +00:00
Zuul
7cf02f3ece Merge "Bump SQLAlchemy requirement" 2024-06-14 13:33:46 +00:00
Zuul
3810725bc4 Merge "vault: Hide values used for authentication" 2024-06-12 15:53:51 +00:00
Zuul
e2e56281d5 Merge "Imported Translations from Zanata" 2024-06-12 14:56:37 +00:00
Zuul
7e971c941f Merge "Use oslo.db to generate db engine" 2024-06-12 14:56:36 +00:00
Zuul
82ef49b53b Merge "func tests: Use cryptography to manage certificates and keys" 2024-06-12 14:41:33 +00:00
Pierre Riteau
a02af0f2b0 Bump SQLAlchemy requirement
This is primarily to fix the requirements-check job, which is failing
following the removal of excluded versions [1]:

    ERROR: Requirement for package SQLAlchemy excludes a version not excluded in the global list.
      Local settings : {'!=1.1.6', '!=1.1.7', '!=1.1.5', '!=1.1.8'}
      Global settings: set()
      Unexpected     : {'!=1.1.6', '!=1.1.7', '!=1.1.5', '!=1.1.8'}

[1] https://review.opendev.org/c/openstack/requirements/+/879743

Change-Id: I3f719c9b31a3ae61a3bc06b1646f915ddc4b341e
2024-05-30 21:27:50 +02:00
OpenStack Proposal Bot
d482716c54 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I6c82c013d16e1c47aac22d240a702a2427dc423a
2024-05-18 04:22:20 +00:00
Zuul
184c2db308 Merge "Remove unused test utils" 2024-05-17 16:34:12 +00:00
Zuul
5ff667bf58 Merge "Restore disabled tests" 2024-05-17 16:34:06 +00:00
Zuul
d1eb4be159 Merge "kmip: Fix missing extra requirement" 2024-05-17 16:34:05 +00:00
Zuul
361c65adfc Merge "tox: Drop envdir" 2024-05-17 15:56:11 +00:00
Zuul
ae695f6833 Merge "Update master for stable/2024.1" 2024-05-17 15:33:53 +00:00
Zuul
9cccd1f0b6 Merge "reno: Update master for unmaintained/wallaby" 2024-05-08 16:22:43 +00:00
Zuul
a42b66bf3a Merge "reno: Update master for unmaintained/victoria" 2024-05-08 16:11:16 +00:00
Takashi Kajinami
936234ae8c Restore disabled tests
These tests were disabled in the past because of some problems but
it seems the problems have be already resolved somehow. Restore
the test coverage to detect further regressions.

Story: 2002122
Task: 19825
Change-Id: I4267092b014c91b2b87f0740b162f24dffee3243
2024-05-03 00:07:44 +09:00
413939cd99 reno: Update master for unmaintained/zed
Update the zed release notes configuration to build from
unmaintained/zed.

Change-Id: I980e11e5a00e52da20835d73b6f9a2dc8f347057
2024-05-02 14:37:19 +00:00
Zuul
91e44b667f Merge "Fix wrong plugin name" 2024-04-23 15:43:36 +00:00
Takashi Kajinami
e7f6443751 Fix wrong plugin name
The kmip_crypto secret plugin does not exist.

Change-Id: I2cd280e054cce30fd2cb76a2158d3d5bfb3e0c04
2024-04-22 20:41:01 +09:00
Takashi Kajinami
7d1d8147f3 kmip: Fix missing extra requirement
The kmip plugin requires the pykmip library but it hasn't been listed
in requirements or extra requirements.

Change-Id: I362c4a7f6d7bad331acd9007d46d890306d4bf88
2024-04-22 20:39:32 +09:00
Stephen Finucane
6a31eac467 Remove SQLAlchemy tips jobs
The most recent SQLAlchemy and Alembic versions are now in
upper-constraints. As a result, this job has served its purpose and can
be removed. For more information, see [1].

[1] https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/RBHXHTO3GUOOXVSZXD4C2O3TKDOH2QSC/

Change-Id: I652d8b435f400698b1a0950a7f81c8bc1813d388
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/requirements/+/879743
2024-04-12 11:45:48 +01:00
Takashi Kajinami
2d405a8bfd Use oslo.db to generate db engine
Berbican has been historically using own implementation with sqlalchemy
to connect to database but this causes some feature gaps with the other
services using oslo.db to generate database engine.

This replaces the own implementation by oslo.db's one so that barbican
can also leverage the features implemented in the shared library.

With this change the deprecated database options are removed, because
the deprecated options were already removed from oslo.db.

Change-Id: I10fe4ab04996885e8aff7fab8ace78a6fe7eb6e7
2024-04-12 13:19:40 +09:00