Fixing the standard things when making code py27/p35 compatible.
Also, removing the logging of the passed value of an HTTP
header. If the value could not be encoded to log, then there
are Tracebacks that showed up with Python 3.5. Since the value
can be passed by a user, it should either be scrubbed before logging
or not logged, to prevent possible content injection in the log
stream.
Change-Id: I8df1553acb6c7e5f75a1b50f024dc032ca982a93
Currently etc/barbican/barbican.conf is maintained by hand and can not
be regenerated based on the config settings defined in the code.
A common pattern for OpenStack projects is to use oslo-config-generator
for that task.
Co-Authored-By: Randall Burt <randall.burt@rackspace.com>
Depends-On: I90870dcb49cd96f6bf0fe353fa6e779ffd87a5af
Closes-Bug: #1584789
Change-Id: I5f3dcd2fc982f1178ef7dd662c24d3166f91b266
The "coverage combine --append" command was failing and it does
not seem to be required here. The coverage gate works correctly
when this command is removed.
Change-Id: I62da8c5b2013aaa21a1b7819bc1ae73fe412fe32
The gating on python 3.4 is restricted to <= Mitaka. This is due to
the change from Ubuntu Trusty to Xenial, where only python3.5 is
available. There is no need to continue to keep these settings.
Change-Id: I4373f5ee1a7addfe981818ef059c73a57594d624
The `build` directory is generated from command `python setup.py install`,
we need to add that to flake8 exclude list in case pep8 test fails.
Change-Id: I3906ac973a9c1f73d1917c0bd0bc3bd81199a31f
Add hacking check to ensure we use proper rules and follow
community guideline [1].
[1] http://docs.openstack.org/developer/hacking/
Change-Id: I61e366969385aa044aea9d9678fbc91d32325497
This patch can generate the new alembic_migrations/versions files that
include Apache 2.0 license header. All alembic version files are python
syntax, should be checked by flake8.
Change-Id: I7f00312dcad78e6ef80b260ccc31d0a193071c11
This is helpful for listing any missing system requirements [1].
And also add skipsdist/usedevelop to tox to ensure that barbican
is installed into virtualenv using 'python setup.py develop' instead
of creating a sdist everytime, the latter may lead to performance issue.
[1] http://docs.openstack.org/infra/manual/drivers.html#package-requirements
Change-Id: I7570ac7ec4686e347d0e11294e94fc6404a71169
WARNING:test command found but not installed in testenv
cmd: /bin/rm
env: /openstack/barbican/.tox/docs
Maybe you forgot to specify a dependency? See also the
whitelist_externals envconfig setting.
Change-Id: Ic4e1ed0bbca4fc6e10473a0f4fd55aa82d9234da
Depends-On: I1e303a87493ecc4874ca43e96433d311aa7fe0e0
The directory openstack/common was used to keep codes from
oslo-incubator, we have retired oslo-incubator,so don't use
this directory any more.
Change-Id: I0750b2f3aa25b079ca9ab95d28353dfdce7a3428
Install Guides are maintained within the project and are linked
to the official docs.
This commit adds the framework and some initial content.
Change-Id: Iff18f0e866d95ff4b8b490511c2acf3209690b69
As the db manage script will be run primarily in
production enviroments as a means to cleanup old
data. True functional tests are needed to verify
that it does not falsely delete valid information
and that it properly removes the needed informaion
This is the start of any functional tests that are
needed for our cmd support scripts.
Change-Id: Ib6c9309c4ee95d10e124869a31590cfe983e13ec
Now that there is a passing gate job, we can claim support for
Python 3.5 in the classifier. This patch also adds the convenience
py35 venv.
Review that added the gate jobs:
https://review.openstack.org/#/c/336272/
Change-Id: I97ef7eef2d6adaec6bd1cd978b7e357c8560eba0
Coverage combine deletes reports and thus jenkins failed
saying `no data to report`, this change fixes it.
Change-Id: Ideab0ed3b3aaa8deef46b09770237055ec7f9ec4
* normalize_before_encryption(): on Python 3, unencrypted is already a Unicode
string (no need to decode).
* test_secrets: don't pass bytes string but native string (py2: bytes,
py3: Unicode) as payload
* test_secrets: Decode HTTP bytes from UTF-8 for comparison
* test_get_secret_is_decoded_for_binary(): expect a binary string,
not a Unicode string
* test_secrets: replace map() with a reglar loop (for) to execute
child.delete() on Python 3. On Python 3, map() is now lazy and only
execute the expression when the map is consumed.
* Remove tests-py3-blacklist.txt and the testenv:py34 section from
tox.ini since all unit tests now pass on Python 3.4
Partially implements: blueprint barbican-py3
Change-Id: Ief8531c3b7201f884d5d4ca7a47a381d0bb9cb2c
tox.ini: run Python 3 tests using ostestr rather than testtools.run
to ensure that all tests can be at least imported on Python 3.
Replace also the whitelist of tests with a blacklist to see more
easily which tests must be ported.
Partially implements: blueprint barbican-py3
Change-Id: Ibf42d57de3a41d2e32d47c0931a91e64104ebe86
Added code to devstack libraries to allow KMIP secret store to be
enabled. This edits barbican.conf to enable the KMIP secret store.
The Barbican PyKMIP client can be configured to connect to an existing
KMIP device or use PyKMIP's server. If the client configuration is all
that is needed then enable the 'barbican-pykmip' service in the
devstack configuration and set the appropriate key, certificate, and
CA path variables. This will allow the Barbican KMIP secret store to
connect to an existing KMIP server.
If a KMIP server is requested then also enable the 'pykmip-server'
service in the devstack configuration. This will install, configure,
and start the KMIP server. This option requires the 'barbican-pykmip'
service be configured as well.
Added passenv command to tox to allow the KMIP_PLUGIN_ENABLED
environment variable to be passed to the underlying command. Without
this the environment variable will not be seen by the tox command.
Change-Id: Ib804fa97545f14ed866bfd73bb251e85923a2e4e
Depends-On: Ifda13a84607bb199b794dc24f5dbba0ee8108dbf
This was just a matter of fixing a few bytes vs str issues.
Partially implements: blueprint barbican-py3
Change-Id: Ia41d2579f24d3ea738dad0af35f11529b84b9528
- do not use the 'cmp' function, which no longer exists in Python 3;
- pass bytes to base64.b64encode;
Partially implements: blueprint barbican-py3
Change-Id: I9e179d96c6c95567063f0ca3a1ca4417a9a03991
These two tests were forgotten in the list of working tests.
Partially implements: blueprint barbican-py3
Change-Id: I3fba9993beb45c3eed464367bcd03d1fb1a52395
SimpleCryptoPlugin.encrypt complained because of a string vs bytes issue, that
could be easily fixed.
Partially implements: blueprint barbican-py3
Change-Id: Ief442a643229119cae0b0ae934655b75d1fa5dbb
This is perfectly OK, and prevents a failure.
This patch fixes:
- barbican.tests.api.controllers.test_acls
- barbican.tests.api.controllers.test_secretmeta
- barbican.tests.tasks.test_keystone_consumer
Partially implements: blueprint barbican-py3
Change-Id: I7bf1fa79e5c54f79b517e5bb42c825d194e88a4d
The api-guide needs to generate html in api-guide/build/html so that the
infra scripts can publish it. Fix tox.ini for this.
Change-Id: Ie47fb9788fe918a5a8aad7e5e8743fe890cbf0d7
Moving files from doc/source/api/userguide/*.rst
to api-guide/source/*.rst,
also add api-guide/source/conf.py for building api-guide,
add a new tox target named api-guide
Taking a reference from this patch which was used for the
similar migration of Nova api guide:
https://review.openstack.org/#/c/230186
Change-Id: I725e7939f9a88185de6ef32b311159b0924b7183
Partial-Bug: #1540665
Needed-By: I7b7c623e6299c803930e41d72510f1a67d909fa3
The bandit.yaml in use by Barbican was very old. This patch removes
it and just uses the default provided by Bandit itself. Some issues
needed to be fixed or ignored as a result.
Change-Id: If35c5d8173b9d86617647028a30b0548bb03d3c0
Run security linter bandit as part of pep8. Pep8 is the usual linter
target and thus let's use it there instead of starting another node for
this short-running job.
The job is running stable and thus this can be made voting.
A followup change will remove the non-voting bandit job.
Change-Id: I6f2cf3902a4e786a5d31a06bf66d19bc33a60b55
SQLAlchemy requires '==' to compare to None, but using '== None'
comparisons triggers the pep8 error E711. Another way to do '=='
comparisons for SQLAlchemy is using its is_() method.
This patch replaces all '== None' comparisons with 'is_(None)', which
does not trigger the pep8 error. Because there are no more E711
vialotions left, this patch also removes E711 from the pep8 ignore list
in tox.ini.
Change-Id: I96bd835688176c87d3f8079421c3394c1d431d43
