Currenlty, some gates is being failed with logs like this
"""
b'Response: {"description": "Provided object does not match schema
\'Secret\': \'expiration\' is before current time.
Invalid property: \'expiration\'", "title": "Bad Request", "code": 400}'
"""
So it is necessary to update the time to create secrets successfully.
Change-Id: I59707cdf21f6843dbd7db30978e21cff72756e67
This patch set is to update the command to
start the barbican-svc service after upgrade.
Co-Authored-By: Nam Nguyen Hoai <namnh@vn.fujitsu.com>
Change-Id: I237ef2df09b9fd60bc8b6eeca9ee36ce79052530
Delete policy.json from repo since we can use policies registered
in code.
We can also change default policy rules through below steps:
- generate policy.yaml and copy to /etc/barbican
- configure `policy_file=policy.yaml` in `oslo_policy` section
- uncomment rules in policy.yaml and make changes as we desire
- restart barbican api service
- test whether new rules take effect on corresponding API
Change-Id: Ia64eac1eb4e30457b323c6ab99d26d3d40c28060
diff-cover compares HEAD with origin/master branch by default.
Zuul uses git operations to mirror the local prepared git repos
to the remote nodes. And all branch names are without 'origin',
so need to specify the branch name for coverage job.
Change-Id: Iaba21de10f6cf705e110cd60cb004502bb37515d
While this issue is being resolved, have the job become nonvoting
for now in order to not hold up any changes that may need to get
merged.
Change-Id: Ia4f3ed72fc4a8a2699be71e5ddd7f9eb55c97b67
As the pycrypto library is being replaced by the cryptography module,
the bandit library would like to warn the use of pycrypto in [0]. Currently,
barbican still use pycrypto and work is being done to update that in [1],
this patch set proposes to #nosec the outstanding pycrypto use for the
bandit patch to pass - the #nosec should be consequently removed in [1].
[0] https://review.openstack.org/#/c/530287/
[1] https://review.openstack.org/#/c/458196/
Change-Id: I0b1a90c3a47ad6d3b18597e5315e9f017854a146
Folks are using this for production, and in reality, even though the
plugin is not ideal, one can take measures to secure this backend enough
that it will be fine for most use-cases. Taking this into account, I'm
removing this warning that's putting users/deployers off.
Change-Id: I35ba3f78da6c77e2812fc7ec259cf149ab825caa
Zuul no longer requires the project-name for in-repo configuration.
Omitting it makes forking or renaming projects easier.
Change-Id: I4be5a907f06b8b0f4675f2c68149bae754d87c51
It is not necessary to create two new virtual environments
when run tox with genconfig and genpolicy. We can use pep8
virtual_environment for those tox., it will reduce time to
run tox.
Change-Id: Ia07d325ed9550c8a201039754d96341f051c63f0
Right now, the multiple secret store initialization code is run
whenever the db is initialized - whether it be running the clean
db script, starting the worker, starting the keystone listener
or manage db script. This periodically causes deadlocks when
the worker,listener and app are started soon after each other.
Its not altogether clear why the deadlock happens, but the only
table that is being written to is the secret_store table, which
has no foreign keys etc. In any case, though, it was never the
intention that anything other than the app itself initialize the
secret stores from its config file.
This patch makes sure that happens.
Change-Id: I711b91b19b9d65260a21b41d6f9e18b9e282138a
Closes-bug: 1738863
Removes Certificate Orders and CAs from the Barbican
API Controller. This patch also removes any tests associated
with those controllers.
Co-Authored-By: Nam Nguyen Hoai <namnh@vn.fujitsu.com>
Change-Id: Iead0336a19ce58b8b2bb1f9af5e6dd3688fe91fc
Dogtag doesn't actually need the mode parameter to be
stored in metadata. We remove it from the generation case
because passing back a None value for the metadata breaks
metadata validation.
Added a functional test for no value passed in for the mode
in the order request.
Change-Id: I216f887875b1306604dd370301ac463cccbb2fa9
Like before with legacy jobs, change the zuul v3 layout to run tripleo
scenario002 as non voting, that deploys Barbican.
Change-Id: I92f7d32218685e38ba2637b9a46f4843d9b5fe6d
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.
Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.
This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html
.
Change-Id: I7246147a649e836a7ce70518fee256bc20fe0d30
