This change breaks several gates, including RDO's package promotion.
This reverts commit f06ba481956d406a1edf644f1c2c3ff55705d0f1.
Change-Id: I0524b7057016daa59ea0a506bdc50a71e9fc8f6a
This patch adds an "id" property to secrets, orders and containers
returned from the API. The value of the "id" property is the unique
UUID found at the end of the entity reference.
Change-Id: I65bab35807ed2cee6ed5d6aca1c99769678751be
Begins the deprecation process for Barbican CAs API,
and Barbican Certificate Orders Resource. This is
done through logging deprecation schedule on API,
as well as adding a warning to the documentation.
Change-Id: Idbe6307fa45527aa225e61b3b1ac9ca86e7660c5
Added tests to provide 100% coverage on API and policy logic.
Change-Id: Icb43049250be1d78bdd3db8fbad0dc0381cccaf7
Partially-Implements: blueprint multiple-secret-backend
There are a few places in our documentation where we use lowercase
'url'. This CR changes those to 'URL' for consistency.
Change-Id: I509fd82f1a44bfbc819866a45aaffafb0192bc36
Modified policy and tests to verify this change.
As per this change, user with 'creator' role can delete a secret or
a container as long as that user has initially created that secret
or container.
There is still a difference between 'admin' role and 'creator' role
behavior around delete operation. With this change, users with 'creator'
role cannot delete any other user's secret/container in same project
while user with 'admin' role can do that.
Updated role docs to reflect this behavior.
Change-Id: I53e5529ed34ac4acc76348ca0431cb3de7934b6d
This configures Barbican to use Keystone authentication by
default and updates documentation accordingly.
Change-Id: Ie0a1995b971371d18238138575629eeee1a36392
Closes-Bug: #1595428
This adds POST and DELETE support for a 'secrets' sub-resource on the
containers resource. This will allow a user to add or remove secret
references to an existing container. Only generic containers are
supported per the blueprint for this feature.
If a secret reference already exists in the container, an appropriate
error will be returned indicating that the secret already exists in
the container. I chose this approach over silently accepting the
update, as the name for the container secret could change, so a delete
and re-add seems to be the safer option if a user just wants to change
the name, which is not something that I see happening too often.
Additionally, the action is a POST and not a PUT, so it shouldn't
really update an existing resource.
APIImpact
Add support for POST and DELETE on container secrets sub-resources
DocImpact
Implements: blueprint api-containers-add-put
Change-Id: I6dfa6715385f421e4f173cf73c2b75b68da67051
When building the docs using `tox -e docs`, several warning messages
would print out. This change fixes the issues causing those warnings.
Change-Id: I57503c75f6c07c020bb3bfa34de6aa8f66983ff7
keystonemiddleware admin settings are deprecated
so we should stop using them in favor of a keystone
auth plugin. This patch updates the config file
to use keystone API v3 by default.
Change-Id: I9d10ac29ab33cbdd845573106960e5f181afdb69
Closes-Bug: 1579801
Moving files from doc/source/api/userguide/*.rst
to api-guide/source/*.rst,
also add api-guide/source/conf.py for building api-guide,
add a new tox target named api-guide
Taking a reference from this patch which was used for the
similar migration of Nova api guide:
https://review.openstack.org/#/c/230186
Change-Id: I725e7939f9a88185de6ef32b311159b0924b7183
Partial-Bug: #1540665
Needed-By: I7b7c623e6299c803930e41d72510f1a67d909fa3
Adds the following features to the command:
1) Be able to set minimum number of days to keep soft deletions
2) Clean unassociated projects
3) Soft delete secrets that are expired
4) Set verbose flag
5) Set the log file location
Documentation for running the command was also added.
This is the second CR for cleaning up the barbican database.
1) Simple soft deletion clean up for barbican-db-manage.
2) Make clean up configurable and add documentation.
Change-Id: I1b2360d967bf4b8378eda4766c7ef3113eedffad
Partially-implements: blueprint clean-db-soft-deletes
A new 'barbican-manage' utility command is introduced as Barbican
admin tool. This command interacts with Barbican service for
management operations which usually cannot be accomplished with
REST APIs. This can improve usability and extensibility in the
future.
The related blueprint is https://review.openstack.org/#/c/253719/
This CR includes
1) implementation of barbican_manage.py
2) unit test code
3) document of barbican-manage command
Co-Authored-By: Michael Perng <mperng@us.ibm.com>
Change-Id: I784b46df86742d00d1737e3f8964280514a7fa1b
According to OpenStack documentation all references
to project names should be lower case.
Change-Id: I265a0288f06be45a8fdd0a9977a538795570529e
Closes-bug:1551879
This patch simplifies the manual development environment setup
documentation by omiting setup for pyenv or virtualenvwrapper. They are
both very good environment management tools, but they don't play nice
with each other.
The updated instructions use the virtualenv package directly, and use
the more straight-forward barbican-api script instead of barbican.sh
Change-Id: Idf9717f18e3599839a5bf8b983b47b7802b9187c
Adds documentation for public secret types. Add two examples of storing
public secrets, one with a POST followed by PUT, and one with a single
POST. The second example is incomplete until bug 1441866 is fixed.
Change-Id: I5c892d1b09e6bc0cb155c5591b12f409d3c86419
In doc/source/contribute/architecture.rst, there's reference to
.gif files hosted at rackcdn.com. This is considered a privacy
breach in Debian. This patch uses local images rather than a
reference.
Change-Id: Ia192b78384a1e32918169f6ca73f24eeaba6a611
Closes-Bug: 1537346
Updating occurences of project name to lowercase as per project naming standards
Change-Id: I8eda73ceb194e2e918cc42227795b83b4759f974
Closes-Bug: 1542529