There is a bug [1] where installing requests via pip breaks the rpm
installation. So we remove it manually to address the dogtag gate
breakage.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1352554
Change-Id: I9cab4c579e6aab381394dc5ce1246906e0ac2a54
Added configuration flag to enable or disable iv generation as part of
pkcs11 plugin logic.
In setup where HSM do not have FIPS enabled, in that case pkcs11 plugin
is expected to provide iv (initialization vector) for encrypt call. In
setup where HSM with FIPS enabled, HSM is going to generate iv and do
not need it from plugin side. So logic is updated to generate iv and
read returned data accordignly.
By default, flag is kept false to match existing behavior.
Closes-Bug: #1684997
Change-Id: Ic18d86861a3e51a4370f14c8f7eb39b3f30db2dc
Devstack moved to using systemd instead of screen by default[1],
but the barbican devstack plugin starts uwsgi without a full path.
This patch fixes that.
[1] https://review.openstack.org/#/c/460062/
Change-Id: Ib12cc9ac5b7f2acbb94ccca1baf4200c47fc275f
pycrypto is no longer maintained [1]. This patch rewrites functions
using pycrypto and replaces them with the cryptography equivalent for
the simple_crypto plugin
[1] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113568
Change-Id: I72b7148d9d863468dc71353c50f854557b6c87e4
oslo.messaging allow dispatcher to restrict endpoint methods
since 5.11.0 in d3a8f280ebd6fd12865fd20c4d772774e39aefa2, set with
DefaultRPCAccessPolicy to fix FutureWarning like:
FutureWarning: The access_policy argument is changing its default
value to <class 'oslo_messaging.rpc.dispatcher.DefaultRPCAccessPolicy'>
in version '?', please update the code to explicitly set None as the
value: access_policy defaults to LegacyRPCAccessPolicy which exposes
private methods. Explicitly set access_policy to DefaultRPCAccessPolicy
or ExplicitRPCAccessPolicy.
Change-Id: I194187ec697ac0e0ecbc9fa98a1f8c0a6229a8ee
Fixing the standard things when making code py27/p35 compatible.
Also, removing the logging of the passed value of an HTTP
header. If the value could not be encoded to log, then there
are Tracebacks that showed up with Python 3.5. Since the value
can be passed by a user, it should either be scrubbed before logging
or not logged, to prevent possible content injection in the log
stream.
Change-Id: I8df1553acb6c7e5f75a1b50f024dc032ca982a93
We were relying on the dogtag configuration from the default
barbican.conf file. However, we have now moved away from using that. So
these configurations were lost. This enables them again setting them up
in the devstack script, like we should have done initially.
Change-Id: I0b91fac237af567f3afe87b6010680a3382236cb
If ListingSecretsTestCase's parent class is SecretsTestCase, all
of the tests in SecretsTestCase are also run again, which is not
the intended behavior.
Also cleans up an unused method in SecretsTestCase.
Change-Id: Ia936577f6ef5485a45db0755ebe9dfd2bdabfdfe
pycrypto is no longer maintained [1]. This patch rewrites functions
using pycrypto and replaces them with the cryptography equivalent for
the test_cert_resources.py file
[1] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113568
Change-Id: I345c411abd2cf405cfc0a9163b4b60daca8d66c5
SUSE tests their OpenStack packages on openSUSE Leap 42.2 and SLES 12
SP2, so this patch updates the install guide to address those newer
releases.
Change-Id: I9b823900a1562485b8d0fd96c4c1a8c0b248f13f
A recent patch in devstack [1] forces the use of path access instead
of port for Keystone authentication, leading to connection error when
launching the devstack.
[1] https://review.openstack.org/#/c/456344/
Change-Id: I47b8035782bf27ee47227063381bc7dc041944b3
Ubuntu and CentOS throw different exception messages for
SQL contraint checking. The test cases can only assume
assertion messages created by Barbican.
Change-Id: Ic1ef76acbe178cfd5c6f2d3ab9ff97c652a3e604
Closes-bug: #1681988
etc/barbican/barbican.conf is generated when running tests with tox,
it's better to let repo ignore it.
Change-Id: I1f86cfd0bb20c678db62256203c48229a6380a6c
tl;dr : without this Ocata and Pike have the same version causing
packaging issues.
https://docs.openstack.org/developer/pbr/#version
Because projects don't push a tag before milestone 1 (pike-1 here),
downstream packages are still building packages by using the version
from Ocata and it causes problems to distros because they can't test
the upgrades from Ocata to Pike.
Bumping the semver will allow us to test packages upgrades.
Note: When your version is X.Y.Z, api-break will bump X, and feature
will bump Y. In this patch, we bump X because this is the way you
bump tags over releases.
Change-Id: Ica0e12b5e508875db038a3ede772138d42e1b73b
Sem-Ver: api-break
Currently etc/barbican/barbican.conf is maintained by hand and can not
be regenerated based on the config settings defined in the code.
A common pattern for OpenStack projects is to use oslo-config-generator
for that task.
Co-Authored-By: Randall Burt <randall.burt@rackspace.com>
Depends-On: I90870dcb49cd96f6bf0fe353fa6e779ffd87a5af
Closes-Bug: #1584789
Change-Id: I5f3dcd2fc982f1178ef7dd662c24d3166f91b266
