This goal is to implement the process set out in the 2018-10-24 Python
Update Process TC resolution[1], for the Train cycle to ensure unit
testing is in place for all of the Tested Runtimes for Train[2].
In practice, this generally means adding unit tests for Python 3.7 and dropping
unit tests for Python 3.5. Using the Zuul template for Train will ensure that
all projects that support Python3 will be tested against the agreed runtime
versions, and make it easier to update them in future.
[1]https://governance.openstack.org/tc/resolutions/20181024-python-update-process.html
[2]https://governance.openstack.org/tc/reference/runtimes/train.html
Change-Id: I62abb218bb314345dd7da1cbf9133d10db9696ff
Depends-On: https://review.opendev.org/#/c/641878/
those are automated users that are created by Heat and the should
not be subject to restrictions possibly configured in Keystone
for security compliance, as those may break automated nature of things.
Create domain users with several available user options that will
make Keystone ignore:
- password expiry
- requirement to change the password on first use
- lockout after failed auth attempts
There are more things that must be done to properly secure those users
from becoming non-working, but this will be proposed in the followup
patches.
Story: 2005210
Task: 29988
Change-Id: I3152ddb82426cf66f2bd8ed69f53c77c653142bf
Our cgit instance will be going away and opendev.org is the new
preferred URL for browsing our git repos. Redirects will exist for the
foreseeable future, but it's more efficient to just go directly to the
new locations.
Change-Id: Ic5fa1a8436f57836ad37b752a0cca1cd4f3a21a7
With the setup.cfg entry it can be called directly from
oslo.policy.
$oslopolicy-policy-generator --namespace heat
This will get the effective policy that’s being executed.
Change-Id: Iad2e71819f4847f47dd17d3cd4afa78e6b3f52a7
Story: #2005055
Task: 29573
- Bumps some of the lower constraints
- Fixes common/endpoint_utils.py to fallback to use auth_uri.
Change-Id: Ief0868d5feef3ee6b0689c6be27649ff009fbbcc
In convergence we were loading resources from the database using the
current environment. This is incorrect when a previous update has
failed, meaning the resources in the database were created with a
non-current template and environment. If an attempt was made to change
the type of a resource but that resource was never updated, this will
result in us loading a resource with the wrong type. If the type has
been removed then it can result in errors just trying to show the stack.
Note that the Resource.load() method used during a convergence traversal
already does the Right Thing - it only uses the new type if it is a
valid substitution for the old type, and UpdateReplace is later raised
in Resource.update_convergence() if the type does not match in that
specified in the new environment. So we don't see any problems with
stack updates, just with API calls.
Since we cannot change the signature of Resource.__new__() without also
modifying the signature of __init__() in every resource plugin that has
implemented it (many of which are out of tree), instead substitute the
stack definition for the duration of creating the Resource object. This
will result in stack.env returning the environment the resource was last
updated with.
Change-Id: I3fbd14324fc4681b26747ee7505000b8fc9439f1
Story: #2005090
Task: 29688
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: I84db79fd691b726fcf298b682be63b232127ede4
Add file to the reno documentation build to show release notes for
stable/stein.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.
Change-Id: I51c12c8cbd90c913e928711bfb31e77ad636d8c7
Sem-Ver: feature
Allow the user to set the CA cert for SSL option for contacting the
remote Heat in the properties of an OS::Heat::Stack resource.
Story: #1702645
Task: #17270
Change-Id: I37528bb2b881a196216a7e6e23af871ab0f313d6
Allow OS::Heat::Stack to access remote stack from another OpenStack
provider. Also enable functional tests for multi-cloud.
Implement multi-cloud support as an extension to the existing multi-region
support. Allow operate a remote stack (from another OpenStack cloud) as a
resource in stack from local OpenStack cloud.
I propose we add multi cloud support into ``OS::Heat::Stack`` and change the
property schema for ``context``. Within context, we should adding
following properties:
* credential_secret_id: ID of Barbican Secret. Which stores authN
information for remote cloud.
Service will use auth information from Barbican Secret to access
Orchestration service in another OpenStack.
Must make sure you're able toget that secret from Barbican service when
provide `credential_secret_id` property.
Story: #2002126
Task: #26907
Depends-On: https://review.openstack.org/579750
Change-Id: I2f3de3e7c29cf7debb1474228c8a9a81725a72ed
Provide tools to grep credential from payload
context in Barbican secret.
Change-Id: Ib638cfe25c35ef002088d52c729238f2aba737e6
Story: #2002126
Task: #26906
This patch deprecate personality property for `OS::Nova::Server`.
Since that property is deprecated by nova since version 2.57,
we should plan to Hidden that property soon.
please use ``user_data`` or ``metadata`` instead. If that
property really required, use config ``max_nova_api_microversion``
to set the maximum nova API microversion <2.57 for nova client
plugin to support personality property.
Add config option ``max_nova_api_microversion`` to set the maximum
nova API microversion for nova client plugin.
Story: #2004188
Task: #29979
Change-Id: I1852739e818ec67ac5a821e436e243eaa72f0938
When we specify a sd on delete action, os-collect-config will not
get authentication because we didn't load access_allowed_handlers
after stack enter stack delete phrase. This patch will make sure
we load necessary access_allowed_handlers even if in stack delete
phrase.
Change-Id: I43c1a865f507f7cb7757e26ae5c503ce484ee280
Story: #2004661
Task: #28628
With directly provide auth string(with contain a json formate
with auth_type and auth info), we can release context to specific
auth_type and give user the ability to provide other Keystone
(or their own) authentication method (like using
`v3applicationcredential` or others).
The format for `auth` and `auth_type` follows exactly Keystone
plugins like in clouds.yaml file [1].
[1] https://docs.openstack.org/keystoneauth/latest/
plugin-options.html#additional-loaders
Change-Id: Ic4dc2292a82860b9bb54ecb9e3b1a4dc806dab2c
Story: #2002126
Task: #26904
We cannot run this test in the gate because the volume backup feature is
enabled. However, with a change to the Heat tempest plugin to allow this
feature to be automatically skipped based on the tempest config, we no
longer need this test to be explicitly included in the skip list.
Change-Id: Iaefa5c272c4322498330307ea9bd6843d276ef1b
Depends-On: https://review.openstack.org/632989
ZhongShengping
Zuul
Pavlo Shchelokovskyy
Rabi Mishra
ricolin
OpenDev Sysadmins
Ghanshyam Mann
Zane Bitter
Volodymyr Litovka
Zuul
Ian Wienand
Lingxian Kong
OpenStack Release Bot
Ethan Lynn