tacker/requirements.txt
Ghanshyam Mann ef79698632 Keep new RBAC disable by default & Gate fix for GLOBAL_VENV
This commit squash the multiple changes:

Changes 1:
Keep new RBAC disable by default

oslo.policy has enabled the new RBAC config options
enforce_scope and enforce_new_defaults by default[1][2].

Tacker implemented the new RBAC in previous cycle with new
RBAC disable by default. To give more time to operator, let's
continue the same setting in this release also.

Also, there are many test modification is needed for the new
RBAC (using the new RBAC default role in tests)

Unit tests log a lot of policy warnings, suppressing those[3]
-https://fa3204066787dd37fd86-ea893277118f144d3b928cfbb4823c04.ssl.cf1.rackcdn.com/926089/1/check/openstack-tox-py311/9df6631/testr_results.html

As oslo.policy enable them by default, we override the setting
for the Tacker.

NOTE: there is no change in behaviour, tacker continue with the
old RBAC as default.

ref: https://review.opendev.org/c/openstack/requirements/+/925464

[1] https://review.opendev.org/c/openstack/oslo.policy/+/924283
[2] https://review.opendev.org/c/openstack/releases/+/925032

Change 2:
Co-Authored-By: Ayumu Ueha <ueha.ayumu@fujitsu.com>

This fixes the issues when "Set GLOBAL_VENV=true".

1: When running python in the subprocess on venv, the library import
   may fail to execute properly.
   This patch changes the command passed to subprocess from "python"
   to "sys.executable" [4].

2: Remove compute node from nodeset for kubernetes jobs because it is
   not used in kubernetes jobs and to save the resources.
   Also left "GLOBAL_VENV=false" on the jobs related kubernetes to avoid
   the issue of setup on kuryr-kubernetes.

[4] https://docs.python.org/3/library/sys.html#sys.executable

[3]
-----------
  File "/home/zuul/src/opendev.org/openstack/tacker/tacker/policy.py", line 209, in authorize
    result = _ENFORCER.authorize(action, target, credentials,
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/zuul/src/opendev.org/openstack/tacker/.tox/py311/lib/python3.11/site-packages/oslo_policy/policy.py", line 1189, in authorize
    return self.enforce(
           ^^^^^^^^^^^^^
  File "/home/zuul/src/opendev.org/openstack/tacker/.tox/py311/lib/python3.11/site-packages/oslo_policy/policy.py", line 1093, in enforce
    raise exc(*args, **kwargs)
tacker.common.exceptions.PolicyNotAuthorized: Policy doesn't allow os_nfv_orchestration_api:vnf_instances:cancel to be performed.
-----------

Change-Id: I4f736660e3b1079883a7434847222f6a6589377f
2024-09-05 10:41:19 -07:00

63 lines
2.2 KiB
Plaintext

# Requirements lower bounds listed here are our best effort to keep them up to
# date but we do not test them so no guarantee of having them all correct. If
# you find any incorrect lower bounds, let us know or propose a fix.
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
pbr>=5.5.0 # Apache-2.0
Paste>=2.0.2 # MIT
PasteDeploy>=1.5.0 # MIT
Routes>=2.3.1 # MIT
amqp>=2.4.0
eventlet>=0.30.1 # MIT
requests>=2.25.1 # Apache-2.0
jsonschema>=3.2.0 # MIT
keystonemiddleware>=4.17.0 # Apache-2.0
kombu>=4.3.0 # BSD
netaddr>=0.7.18 # BSD
SQLAlchemy>=1.3.11 # MIT
WebOb>=1.7.1 # MIT
alembic>=0.9.6 # MIT
stevedore>=3.3.0 # Apache-2.0
oslo.concurrency>=3.26.0 # Apache-2.0
oslo.config>=6.8.0 # Apache-2.0
oslo.context>=2.22.0 # Apache-2.0
oslo.db>=5.0.0 # Apache-2.0
oslo.log>=3.36.0 # Apache-2.0
oslo.messaging>=14.2.0 # Apache-2.0
oslo.middleware>=3.31.0 # Apache-2.0
oslo.policy>=3.11.0 # Apache-2.0
oslo.privsep>=2.4.0 # Apache-2.0
oslo.reports>=1.18.0 # Apache-2.0
oslo.rootwrap>=5.8.0 # Apache-2.0
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
oslo.service>=2.5.0 # Apache-2.0
oslo.upgradecheck>=1.3.0 # Apache-2.0
oslo.utils>=4.8.0 # Apache-2.0
oslo.versionedobjects>=1.33.3 # Apache-2.0
openstacksdk>=0.44.0 # Apache-2.0
python-barbicanclient>=4.5.2 # Apache-2.0
python-heatclient>=1.10.0 # Apache-2.0
python-keystoneclient>=3.8.0 # Apache-2.0
python-neutronclient>=6.7.0 # Apache-2.0
python-novaclient>=9.1.0 # Apache-2.0
python-tackerclient>=1.11.0 # Apache-2.0
rfc3986>=1.2.0 # Apache-2.0
cryptography>=2.7 # BSD/Apache-2.0
paramiko>=2.7.1 # LGPLv2.1+
pyroute2>=0.4.21;sys_platform!='win32' # Apache-2.0 (+ dual licensed GPL2)
castellan>=0.16.0 # Apache-2.0
kubernetes>=18.20.0 # Apache-2.0
setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,!=34.3.2,!=36.2.0,>=21.0.0 # PSF/ZPL
tooz>=1.58.0 # Apache-2.0
PyYAML>=5.4.1 # MIT
PyMySQL>=0.10.1 # MIT
PyJWT>=2.4.0 # MIT
# Glance Store
glance-store>=2.4.0 # Apache-2.0
heat-translator>=2.3.0 # Apache-2.0
tosca-parser>=2.3.0 # Apache-2.0