The latest version of bandit has broken directory
exclusion, so multiple test files are getting
flagged. This change blocks version 1.6.0 while
this issue is fixed for 1.6.1.
This change also caps sphinx at <2.0.0 for python version 2.7.
Change-Id: Id4db764200be068df0dbe96306c2d53f79b49af7
Subclasses of keystoneauth1.adapter.Adapter, such as openstacksdk's
openstack.proxy.Proxy [1], would like to be able to obtain configuration
from oslo_config conf options.
This commit splits the conf processing logic out of
keystoneauth1.loading.adapter.Adapter.load_from_conf_options (aka
keystoneauth1.loading.load_adapter_from_conf_options) into a helper
method, keystoneauth1.loading.adapter.process_conf_options.
This is a straight refactor, so no test changes are necessary.
[1] 16f2dbe3b0/openstack/proxy.py (L113)
Change-Id: I250c431ccf3883901f7dce151bc5011ac305f829
Add file to the reno documentation build to show release notes for
stable/stein.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.
Change-Id: I7f3066154f30f3449e4bc54704ca01780ba10d6d
Sem-Ver: feature
When using keystoneclient sessions, the new parameter is not available
and breaks the keystoneclient unit tests[1]. Only use the semaphore
kwarg when using keystoneauth sessions.
[1] https://review.openstack.org/640953
Change-Id: I0cc7f2514e143ec532d8fb895618f7cf1fea9cc3
Python 3.5 was the target runtime for the Rocky release.
The current target py3 runtime for Stein is Python 3.6,
so there is no reason to keep testing against the older version. Also
correct setup.cfg and tox.ini to reflect the current supported Python
versions.
https://governance.openstack.org/tc/reference/runtimes/stein.html#python-runtime-for-stein
Change-Id: I9d1b57b981269fea3afe39cf524350f3c4a7d944
shade/openstacksdk has implemented client-side rate limiting on top of
keystoneauth for ages and uses it extensively in nodepool. As part of an
effort to refactor that code a new approach was devised which was much
simpler and therfore suitable for inclusion in keystoneauth directly.
The underlying goal is two-fold, but fundamentally is about allowing a
user to add some settings so that they can avoid slamming their cloud.
First, allow a user to express that they never want to exceed a given
rate. Second, allow a user to limit the number of concurrent requests
allowed to be in flight.
The settings and logic are added to Adapter and not Session so that the
settings can easily be per-service. There is no need to block requests
to nova on a neutron rate limit, after all.
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
Needed-By: https://review.openstack.org/604926
Change-Id: Ic831e03a37d804f45b7ee58c87f92fa0f4411ad8
To help enable testing authenticating with application credentials in
keystonemiddleware we need the keystoneauth token fixtures to support
application credentials. This change adds application credentials to the
fixtures along with mocking of the new access rules attribute. Additionally,
add support for the new attribute in the AccessInfoV3 object so that
it will fully represent the new structure.
bp whitelist-extension-for-app-creds
Change-Id: Ia6fece77390942ac012be1c80691ba86dc1e49b4
Since application credentials are used in some tokens it is important
to expose those attributes in the AccessInfoV3 object in the same way we
expose other token data.
Change-Id: I36a0b8dd275df8fcee556ed305c34c16a90384e8
Small cleanups:
* Use openstack-lower-constraints-jobs template, remove individual
jobs.
* Sort list of templates
Change-Id: Ib3faad6ed1a286376d5b60ce33f8cb757a9eda6b
Needed-By: https://review.openstack.org/623229
On a cloud that has inaccessible version discovery documents AND uses
integer project ids, the discovery fallback logic can fail because the
project id parses as a (very large) version.
Check to see that the url segment in the fallback code begins with a v,
so that we're only attempting to parse versions from actual candidate
segments.
Closes-Bug: #1806109
Change-Id: Id90b3b9e4852494a4678b0a9bb67362babdc971c
We already run python3.6 unit tests in CI. Add the py36 environment to
the tox file so that developers with python3.6 available locally can opt
into running that version too.
Change-Id: I499db960450b9628636d503a4d7f1cc163d38e3a
For (unclear) historical reasons the root single version endpoint also
contains "id" and "links" fields. This makes the current workaround
for old-style endpoints take priority over the correct algorithm.
This change reorders the code, so that if "version" is present, it
always take priority over the workaround.
The unit tests are updated to be closer to real output from ironic.
Change-Id: I743b954c6c5b2f986c213acb6ec6af7e08c9f5f8
Sphinx 1.6 deprecated using the application object to perform logging
and it will be removed in the upcoming 2.0 release. This updates our
extensions to use the recommended sphinx.util.logging instead.
Change-Id: I3abce4e3c147befd0235820cb8850fe18f6dee42
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Typing docstrings for the next patch was annoying. Reformat the
docstrings to wrap at the front rather than in visual blocks.
Change-Id: I08fc1e45e032197f3bb0b8311c032b471494ef80
The trailng slash on a pathless url is not meaningful, but we were
treating the url given to the discovery cache as if it were. In some
circumstances, such as an endpoint_override that didn't match the
found discovery document perfectly, a double-request could be made.
Normalize root urls in the caching code so that https://example.com and
https://example.com/ would be the same.
Change-Id: I70a5911cf0f213a7816fe8d58c6cca4702ff71bb
It's possible in get_api_major_version that the endpoint in question is
not found at all. In that case, we are documented to return None, but
what we do instead is throw an exception trying to get data off of the
None object.
Change-Id: I06ad497854f4e95a1a2a4a93241b244fc476b139
The ironic payload looks like:
{'id': 'v1',
'links': [{"href": "https://bare-metal.example.com/v1/",
"rel": "self"}]}
This does not have version info in it, nor min/max ranges for
microversion discovery. We can't really get any useful information from
this document, but we can at least not fail when trying to deal with it.
This should then be upwards-compatible with ironic adding version discovery
information to the document that is returned.
Change-Id: I47e0f9b295c24ef168f4a033faf573b953025d4c
This is a mechanically generated patch to add a functional test job
running under Python 3 as part of the python3-first goal.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I4af5c3a4abea74e371f8656535c80fc79e1e442c
Story: #2002586
Task: #24304
This is a mechanically generated patch to switch the documentation
jobs to use the new PTI versions of the jobs as part of the
python3-first goal.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I30f3bc0f5b68190f72b015ae5a14251c91eeee42
Story: #2002586
Task: #24304
This is a mechanically generated patch to complete step 1 of moving
the zuul job settings out of project-config and into each project
repository.
Because there will be a separate patch on each branch, the branch
specifiers for branch-specific jobs have been removed.
Because this patch is generated by a script, there may be some
cosmetic changes to the layout of the YAML file(s) as the contents are
normalized.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: Iab3d02dbf7b6df016bf44f7be7b27c01f498601e
Story: #2002586
Task: #24304
Since we removed the keystoneauth example in the main docs in favor of
an openstackclient example[1] add an example of using the
Keystone2Keystone auth plugin.
[1] https://review.openstack.org/591587
Change-Id: I5815fecbfe53d8a191a8a64912dac17e66ca928a
With the recent Bandit update[0], the usage of SHA1 is now being
tagged as an issue. This changes the hashing of logs to SHA256
instead of SHA1.
Change-Id: Icde62b8d5ff78b4155e9df8231d63be3ecc53520
caoyuan
OpenStack Release Bot