openstack
/
charm-keystone-saml-mellon
Code Issues Proposed changes

Build separately for focal and jammy 

cryptography pinned to the last release without a rust dependency (<4.3)
does not support openssl v3 and thus Jammy, as a result the following
error occurs when deploying on Jammy-Yoga but not Focal-Yoga:
ImportError: /var/lib/juju/agents/unit-keystone-saml-mellon-4/.venv/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: undefined symbol: FIPS_mode

Update to the latest version of cryptography to resolve this and
backport various build changes to support this from 1167cc6133 (Add
Kinetic and Zed support):
- Unpin cryptography
- Install the required rust compiler at build time,
- Switch the charm to build binary wheels
- Build separate binary releases for Focal (20.04) and Jammy (22.04).
- Switch to charmcraft_channel 2.0/stable for 22.04 support
- Move interface/layer env vars to charmcraft.yaml
- Pin tox to < 4.0.0
- Re-generate a new build.lock with latest versions

Closes-Bug: #1975491
Change-Id: I4666c4a079ba34f9c3e310c3f4ead3ae8476c007
This commit is contained in:
Trent Lloyd 2024-02-26 05:36:28 +00:00
parent 65e1c5499e
commit b32e9c46fa
11 changed files with 219 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
charmcraft.yaml
View File

@ -10,28 +10,90 @@ parts:
- libssl-dev
- libxml2-dev
- libxslt1-dev
- rustc
- cargo
- pkg-config
build-environment:
- CHARM_INTERFACES_DIR: /root/project/interfaces/
- CHARM_LAYERS_DIR: /root/project/layers/
override-build: |
apt-get install ca-certificates -y
tox -e build-reactive
override-stage: |
echo "Copying charm to staging area: $CHARMCRAFT_STAGE"
NAME=$(ls $CHARMCRAFT_PART_BUILD/build/builds)
cp -r $CHARMCRAFT_PART_BUILD/build/builds/$NAME/* $CHARMCRAFT_STAGE/
echo "Copying charm to staging area: $CRAFT_STAGE"
NAME=$(ls $CRAFT_PART_BUILD/build/builds)
cp -r $CRAFT_PART_BUILD/build/builds/$NAME/* $CRAFT_STAGE/
override-prime: |
# For some reason, the normal priming chokes on the fact that there's a
# hooks directory.
cp -r $CHARMCRAFT_STAGE/* .
cp -r $CRAFT_STAGE/* .
# Charmcraft looks for this specific entry point.
mkdir -p src
touch src/charm.py
chmod +x src/charm.py
bases:
- build-on:
- name: ubuntu
channel: "20.04"
architectures:
- amd64
architectures: [amd64]
run-on:
- name: ubuntu
channel: "20.04"
architectures: [amd64, s390x, ppc64el, arm64]
architectures: [amd64]
- build-on:
- name: ubuntu
channel: "20.04"
architectures: [s390x]
run-on:
- name: ubuntu
channel: "20.04"
architectures: [s390x]
- build-on:
- name: ubuntu
channel: "20.04"
architectures: [ppc64el]
run-on:
- name: ubuntu
channel: "20.04"
architectures: [ppc64el]
- build-on:
- name: ubuntu
channel: "20.04"
architectures: [arm64]
run-on:
- name: ubuntu
channel: "20.04"
architectures: [arm64]
- build-on:
- name: ubuntu
channel: "22.04"
architectures: [amd64, s390x, ppc64el, arm64]
architectures: [amd64]
run-on:
- name: ubuntu
channel: "22.04"
architectures: [amd64]
- build-on:
- name: ubuntu
channel: "22.04"
architectures: [s390x]
run-on:
- name: ubuntu
channel: "22.04"
architectures: [s390x]
- build-on:
- name: ubuntu
channel: "22.04"
architectures: [ppc64el]
run-on:
- name: ubuntu
channel: "22.04"
architectures: [ppc64el]
- build-on:
- name: ubuntu
channel: "22.04"
architectures: [arm64]
run-on:
- name: ubuntu
channel: "22.04"
architectures: [arm64]

1
osci.yaml
View File

@ -8,3 +8,4 @@
needs_charm_build: true
charm_build_name: keystone-saml-mellon
build_type: charmcraft
charmcraft_channel: 2.0/stable

23
requirements.txt
View File

@ -3,28 +3,7 @@
# choices of *requirements.txt files for OpenStack Charms:
# https://github.com/openstack-charmers/release-tools
#
# NOTE(lourot): This might look like a duplication of test-requirements.txt but
# some tox targets use only test-requirements.txt whereas charm-build uses only
# requirements.txt
setuptools<50.0.0 # https://github.com/pypa/setuptools/commit/04e3df22df840c6bb244e9b27bc56750c44b7c85
# NOTE: newer versions of cryptography require a Rust compiler to build,
# see
# * https://github.com/openstack-charmers/zaza/issues/421
# * https://mail.python.org/pipermail/cryptography-dev/2021-January/001003.html
#
cryptography<3.4
# Build requirements
cffi==1.14.6; python_version < '3.6' # cffi 1.15.0 drops support for py35.
git+https://github.com/juju/charm-tools#egg=charm-tools
charm-tools<3.1
simplejson
# Newer versions use keywords that didn't exist in python 3.5 yet (e.g.
# "ModuleNotFoundError")
# NOTE(lourot): This might look like a duplication of test-requirements.txt but
# some tox targets use only test-requirements.txt whereas charm-build uses only
# requirements.txt
importlib-metadata<3.0.0; python_version < '3.6'
importlib-resources<3.0.0; python_version < '3.6'

216
src/build.lock
View File

@ -5,7 +5,7 @@
"item": "layer:options",
"url": "https://github.com/juju-solutions/layer-options.git",
"vcs": null,
"branch": "refs/heads/master",
"branch": "fcdcea4e5de3e1556c24e6704607862d0ba00a56",
"commit": "fcdcea4e5de3e1556c24e6704607862d0ba00a56"
},
{
@ -13,23 +13,23 @@
"item": "layer:basic",
"url": "https://github.com/juju-solutions/layer-basic.git",
"vcs": null,
"branch": "refs/heads/master",
"commit": "fb767dcf0786d1d5364199bb3b40bdc86518b45b"
"branch": "23e978fe2872c30511f34ad30a284e34f800e20f",
"commit": "23e978fe2872c30511f34ad30a284e34f800e20f"
},
{
"type": "layer",
"item": "layer:openstack",
"url": "https://github.com/openstack/charm-layer-openstack",
"vcs": null,
"branch": "refs/heads/master",
"commit": "e0f700eacb026235e1a04e7cbc28dfbe9d4e4520"
"branch": "7c671b0696977f455616565d956895b2f890464b",
"commit": "7c671b0696977f455616565d956895b2f890464b"
},
{
"type": "layer",
"item": "layer:leadership",
"url": "https://git.launchpad.net/layer-leadership",
"vcs": null,
"branch": "refs/heads/master",
"branch": "cc5bd3f49b2fa5e6c3ab2336763c313ec8bf083f",
"commit": "cc5bd3f49b2fa5e6c3ab2336763c313ec8bf083f"
},
{
@ -37,23 +37,23 @@
"item": "keystone-saml-mellon",
"url": null,
"vcs": null,
"branch": "refs/heads/stable/yoga\nrefs/heads/yoga-updates",
"commit": "refs/heads/stable/yoga\nrefs/heads/yoga-updates"
"branch": null,
"commit": ""
},
{
"type": "layer",
"item": "interface:tls-certificates",
"url": "https://github.com/juju-solutions/interface-tls-certificates",
"vcs": null,
"branch": "refs/heads/master",
"commit": "d9850016d930a6d507b9fd45e2598d327922b140"
"branch": "da891c403864482688ec767a964218e5857f0e49",
"commit": "da891c403864482688ec767a964218e5857f0e49"
},
{
"type": "layer",
"item": "interface:keystone-fid-service-provider",
"url": "https://github.com/openstack/charm-interface-keystone-fid-service-provider",
"vcs": null,
"branch": "refs/heads/master",
"branch": "be0926efafaa9ffe1df84f2fbd6b8a5d3d58b270",
"commit": "be0926efafaa9ffe1df84f2fbd6b8a5d3d58b270"
},
{
@ -61,7 +61,7 @@
"item": "interface:websso-fid-service-provider",
"url": "https://github.com/openstack/charm-interface-websso-fid-service-provider",
"vcs": null,
"branch": "refs/heads/master",
"branch": "b7c066abf22edec30af17c3da4612cd398b1306a",
"commit": "b7c066abf22edec30af17c3da4612cd398b1306a"
},
{
@ -69,9 +69,17 @@
"item": "interface:juju-info",
"url": "https://github.com/juju-solutions/interface-juju-info.git",
"vcs": null,
"branch": "refs/heads/master",
"branch": "4e2f90052b3c02031d09f10900c9e9cb22565dee",
"commit": "4e2f90052b3c02031d09f10900c9e9cb22565dee"
},
{
"type": "python_module",
"package": "charms.openstack",
"url": "git+https://github.com/openstack/charms.openstack.git",
"branch": "stable/yoga",
"version": "fae7fb232bcab9434685fc40c71a99ef57e7f330",
"vcs": "git"
},
{
"type": "python_module",
"package": "netifaces",
@ -80,15 +88,9 @@
},
{
"type": "python_module",
"package": "packaging",
"package": "tomli",
"vcs": null,
"version": "21.3"
},
{
"type": "python_module",
"package": "netaddr",
"vcs": null,
"version": "0.7.19"
"version": "2.0.1"
},
{
"type": "python_module",
@ -98,39 +100,33 @@
},
{
"type": "python_module",
"package": "Tempita",
"package": "pathspec",
"vcs": null,
"version": "0.4"
"version": "0.12.1"
},
{
"type": "python_module",
"package": "cffi",
"package": "pycparser",
"vcs": null,
"version": "1.15.0"
"version": "2.21"
},
{
"type": "python_module",
"package": "flit_core",
"package": "wheel",
"vcs": null,
"version": "3.7.1"
"version": "0.42.0"
},
{
"type": "python_module",
"package": "setuptools_scm",
"package": "calver",
"vcs": null,
"version": "6.4.2"
"version": "2022.6.26"
},
{
"type": "python_module",
"package": "lxml",
"package": "hatchling",
"vcs": null,
"version": "4.8.0"
},
{
"type": "python_module",
"package": "charms.reactive",
"vcs": null,
"version": "1.5.0"
"version": "1.21.1"
},
{
"type": "python_module",
@ -140,33 +136,39 @@
},
{
"type": "python_module",
"package": "pyparsing",
"package": "Jinja2",
"vcs": null,
"version": "3.0.8"
"version": "3.1.3"
},
{
"type": "python_module",
"package": "wheel",
"package": "netaddr",
"vcs": null,
"version": "0.37.1"
"version": "0.7.19"
},
{
"type": "python_module",
"package": "tomli",
"package": "MarkupSafe",
"vcs": null,
"version": "2.0.1"
"version": "2.1.5"
},
{
"type": "python_module",
"package": "pbr",
"package": "sniffio",
"vcs": null,
"version": "5.8.1"
"version": "1.3.1"
},
{
"type": "python_module",
"package": "six",
"package": "setuptools_scm",
"vcs": null,
"version": "1.16.0"
"version": "6.4.2"
},
{
"type": "python_module",
"package": "flit_scm",
"vcs": null,
"version": "1.7.0"
},
{
"type": "python_module",
@ -176,61 +178,107 @@
},
{
"type": "python_module",
"package": "dnspython",
"package": "packaging",
"vcs": null,
"version": "23.2"
},
{
"type": "python_module",
"package": "cffi",
"vcs": null,
"version": "1.16.0"
},
{
"type": "python_module",
"package": "cryptography",
"vcs": null,
"version": "3.3.2"
},
{
"type": "python_module",
"package": "PyYAML",
"vcs": null,
"version": "5.3.1"
"version": "6.0.1"
},
{
"type": "python_module",
"package": "psutil",
"vcs": null,
"version": "5.9.0"
"version": "5.9.8"
},
{
"type": "python_module",
"package": "idna",
"vcs": null,
"version": "3.6"
},
{
"type": "python_module",
"package": "editables",
"vcs": null,
"version": "0.5"
},
{
"type": "python_module",
"package": "Cython",
"vcs": null,
"version": "0.29.37"
},
{
"type": "python_module",
"package": "anyio",
"vcs": null,
"version": "3.6.2"
},
{
"type": "python_module",
"package": "dnspython",
"vcs": null,
"version": "2.6.1"
},
{
"type": "python_module",
"package": "pbr",
"vcs": null,
"version": "6.0.0"
},
{
"type": "python_module",
"package": "charms.reactive",
"vcs": null,
"version": "1.5.2"
},
{
"type": "python_module",
"package": "trove-classifiers",
"vcs": null,
"version": "2024.2.23"
},
{
"type": "python_module",
"package": "pluggy",
"vcs": null,
"version": "1.4.0"
},
{
"type": "python_module",
"package": "flit_core",
"vcs": null,
"version": "3.9.0"
},
{
"type": "python_module",
"package": "lxml",
"vcs": null,
"version": "5.1.0"
},
{
"type": "python_module",
"package": "cryptography",
"vcs": null,
"version": "42.0.5"
},
{
"type": "python_module",
"package": "charmhelpers",
"url": "git+https://github.com/juju/charm-helpers.git",
"branch": "refs/heads/stable/yoga",
"version": "971ac5117c96bd1cb4a6a520787e4509564da582",
"branch": "stable/yoga",
"version": "b1830f0592f274e08429d2984fc867b8179a1c56",
"vcs": "git"
},
{
"type": "python_module",
"package": "charms.openstack",
"url": "git+https://github.com/openstack/charms.openstack.git",
"branch": "refs/heads/stable/yoga",
"version": "13ef220ce3529fa7b8e11c6e4c5b352d05b6f148",
"vcs": "git"
},
{
"type": "python_module",
"package": "MarkupSafe",
"vcs": null,
"version": "2.1.1"
},
{
"type": "python_module",
"package": "Jinja2",
"vcs": null,
"version": "3.1.1"
},
{
"type": "python_module",
"package": "pycparser",
"vcs": null,
"version": "2.21"
}
]
}

2
src/test-requirements.txt
View File

@ -5,7 +5,7 @@
#
# Need tox to be available from tox... inception yes, but its a workaround for now
tox
tox < 4
# Functional Test Requirements (let Zaza's dependencies solve all dependencies here!)
git+https://github.com/openstack-charmers/zaza.git@stable/yoga#egg=zaza

4
src/tests/bundles/focal-xena.yaml
View File

@ -194,7 +194,7 @@ applications:
keystone-saml-mellon1:
series: focal
charm: ../../../keystone-saml-mellon.charm
charm: ../../../keystone-saml-mellon_ubuntu-20.04-amd64.charm
num_units: 0
options:
idp-name: 'test-saml-idp1'
@ -214,7 +214,7 @@ applications:
keystone-saml-mellon2:
series: focal
charm: ../../../keystone-saml-mellon.charm
charm: ../../../keystone-saml-mellon_ubuntu-20.04-amd64.charm
num_units: 0
options:
idp-name: 'test-saml-idp2'

4
src/tests/bundles/focal-yoga.yaml
View File

@ -194,7 +194,7 @@ applications:
keystone-saml-mellon1:
series: focal
charm: ../../../keystone-saml-mellon.charm
charm: ../../../keystone-saml-mellon_ubuntu-20.04-amd64.charm
num_units: 0
options:
idp-name: 'test-saml-idp1'
@ -214,7 +214,7 @@ applications:
keystone-saml-mellon2:
series: focal
charm: ../../../keystone-saml-mellon.charm
charm: ../../../keystone-saml-mellon_ubuntu-20.04-amd64.charm
num_units: 0
options:
idp-name: 'test-saml-idp2'

6
src/tests/bundles/jammy-yoga.yaml
View File

@ -194,8 +194,7 @@ applications:
channel: yoga/edge
keystone-saml-mellon1:
series: groovy
charm: ../../../keystone-saml-mellon.charm
charm: ../../../keystone-saml-mellon_ubuntu-22.04-amd64.charm
num_units: 0
options:
idp-name: 'test-saml-idp1'
@ -215,8 +214,7 @@ applications:
auth-user-password: 'userpass1'
keystone-saml-mellon2:
series: groovy
charm: ../../../keystone-saml-mellon.charm
charm: ../../../keystone-saml-mellon_ubuntu-22.04-amd64.charm
num_units: 0
options:
idp-name: 'test-saml-idp2'

6
src/wheelhouse.txt
View File

@ -1,8 +1,4 @@
# NOTE(lourot): newer versions of cryptography require a Rust compiler to build,
# see
# * https://github.com/openstack-charmers/zaza/issues/421
# * https://mail.python.org/pipermail/cryptography-dev/2021-January/001003.html
cryptography<3.4
cryptography
lxml
psutil

25
test-requirements.txt
View File

@ -4,7 +4,6 @@
# https://github.com/openstack-charmers/release-tools
#
pyparsing<3.0.0 # aodhclient is pinned in zaza and needs pyparsing < 3.0.0, but cffi also needs it, so pin here.
cffi==1.14.6; python_version < '3.6' # cffi 1.15.0 drops support for py35.
setuptools<50.0.0 # https://github.com/pypa/setuptools/commit/04e3df22df840c6bb244e9b27bc56750c44b7c85
stestr>=2.2.0
@ -13,25 +12,10 @@ stestr>=2.2.0
# https://github.com/mtreinish/stestr/issues/145
cliff<3.0.0
# Dependencies of stestr. Newer versions use keywords that didn't exist in
# python 3.5 yet (e.g. "ModuleNotFoundError")
importlib-metadata<3.0.0; python_version < '3.6'
importlib-resources<3.0.0; python_version < '3.6'
# Some Zuul nodes sometimes pull newer versions of these dependencies which
# dropped support for python 3.5:
osprofiler<2.7.0;python_version<'3.6'
stevedore<1.31.0;python_version<'3.6'
debtcollector<1.22.0;python_version<'3.6'
oslo.utils<=3.41.0;python_version<'3.6'
requests>=2.18.4
charms.reactive
# Newer mock seems to have some syntax which is newer than python3.5 (e.g.
# f'{something}'
mock>=1.2,<4.0.0; python_version < '3.6'
mock>=1.2; python_version >= '3.6'
mock>=1.2
nose>=1.3.7
coverage>=3.6
@ -39,16 +23,11 @@ git+https://github.com/openstack/charms.openstack.git@stable/yoga#egg=charms.ope
#
# Revisit for removal / mock improvement:
#
# NOTE(lourot): newer versions of cryptography require a Rust compiler to build,
# see
# * https://github.com/openstack-charmers/zaza/issues/421
# * https://mail.python.org/pipermail/cryptography-dev/2021-January/001003.html
#
netifaces # vault
psycopg2-binary # vault
tenacity # vault
pbr==5.6.0 # vault
cryptography<3.4 # vault, keystone-saml-mellon
cryptography # vault, keystone-saml-mellon
lxml # keystone-saml-mellon
hvac # vault, barbican-vault
psutil # cinder-lvm

12
tox.ini
View File

@ -23,6 +23,7 @@ requires =
pip < 20.3
virtualenv < 20.0
setuptools<50.0.0
tox < 4.0.0
# NOTE: https://wiki.canonical.com/engineering/OpenStack/InstallLatestToxOnOsci
minversion = 3.18.0
@ -31,10 +32,8 @@ minversion = 3.18.0
setenv = VIRTUAL_ENV={envdir}
PYTHONHASHSEED=0
TERM=linux
LAYER_PATH={toxinidir}/layers
INTERFACE_PATH={toxinidir}/interfaces
JUJU_REPOSITORY={toxinidir}/build
passenv = http_proxy https_proxy INTERFACE_PATH LAYER_PATH JUJU_REPOSITORY
passenv = http_proxy https_proxy JUJU_REPOSITORY
install_command =
{toxinidir}/pip.sh install {opts} {packages}
allowlist_externals =
@ -50,13 +49,12 @@ basepython = python3
deps = -r{toxinidir}/build-requirements.txt
commands =
charmcraft clean
charmcraft -v build
{toxinidir}/rename.sh
charmcraft -v pack
[testenv:build-reactive]
basepython = python3
commands =
charm-build --log-level DEBUG --use-lock-file-branches -o {toxinidir}/build/builds src {posargs}
charm-build --log-level DEBUG --use-lock-file-branches --binary-wheels-from-source -o {toxinidir}/build/builds src {posargs}
[testenv:add-build-lock-file]
basepython = python3
@ -91,7 +89,7 @@ commands = stestr run --slowest {posargs}
[testenv:pep8]
basepython = python3
deps = flake8==3.9.2
charm-tools==2.8.3
git+https://github.com/juju/charm-tools.git
commands = flake8 {posargs} src unit_tests
[testenv:func-target]