ef79698632
This commit squash the multiple changes: Changes 1: Keep new RBAC disable by default oslo.policy has enabled the new RBAC config options enforce_scope and enforce_new_defaults by default[1][2]. Tacker implemented the new RBAC in previous cycle with new RBAC disable by default. To give more time to operator, let's continue the same setting in this release also. Also, there are many test modification is needed for the new RBAC (using the new RBAC default role in tests) Unit tests log a lot of policy warnings, suppressing those[3] -https://fa3204066787dd37fd86-ea893277118f144d3b928cfbb4823c04.ssl.cf1.rackcdn.com/926089/1/check/openstack-tox-py311/9df6631/testr_results.html As oslo.policy enable them by default, we override the setting for the Tacker. NOTE: there is no change in behaviour, tacker continue with the old RBAC as default. ref: https://review.opendev.org/c/openstack/requirements/+/925464 [1] https://review.opendev.org/c/openstack/oslo.policy/+/924283 [2] https://review.opendev.org/c/openstack/releases/+/925032 Change 2: Co-Authored-By: Ayumu Ueha <ueha.ayumu@fujitsu.com> This fixes the issues when "Set GLOBAL_VENV=true". 1: When running python in the subprocess on venv, the library import may fail to execute properly. This patch changes the command passed to subprocess from "python" to "sys.executable" [4]. 2: Remove compute node from nodeset for kubernetes jobs because it is not used in kubernetes jobs and to save the resources. Also left "GLOBAL_VENV=false" on the jobs related kubernetes to avoid the issue of setup on kuryr-kubernetes. [4] https://docs.python.org/3/library/sys.html#sys.executable [3] ----------- File "/home/zuul/src/opendev.org/openstack/tacker/tacker/policy.py", line 209, in authorize result = _ENFORCER.authorize(action, target, credentials, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/zuul/src/opendev.org/openstack/tacker/.tox/py311/lib/python3.11/site-packages/oslo_policy/policy.py", line 1189, in authorize return self.enforce( ^^^^^^^^^^^^^ File "/home/zuul/src/opendev.org/openstack/tacker/.tox/py311/lib/python3.11/site-packages/oslo_policy/policy.py", line 1093, in enforce raise exc(*args, **kwargs) tacker.common.exceptions.PolicyNotAuthorized: Policy doesn't allow os_nfv_orchestration_api:vnf_instances:cancel to be performed. ----------- Change-Id: I4f736660e3b1079883a7434847222f6a6589377f
63 lines
2.2 KiB
Plaintext
63 lines
2.2 KiB
Plaintext
# Requirements lower bounds listed here are our best effort to keep them up to
|
|
# date but we do not test them so no guarantee of having them all correct. If
|
|
# you find any incorrect lower bounds, let us know or propose a fix.
|
|
# The order of packages is significant, because pip processes them in the order
|
|
# of appearance. Changing the order has an impact on the overall integration
|
|
# process, which may cause wedges in the gate later.
|
|
pbr>=5.5.0 # Apache-2.0
|
|
|
|
Paste>=2.0.2 # MIT
|
|
PasteDeploy>=1.5.0 # MIT
|
|
Routes>=2.3.1 # MIT
|
|
amqp>=2.4.0
|
|
eventlet>=0.30.1 # MIT
|
|
requests>=2.25.1 # Apache-2.0
|
|
jsonschema>=3.2.0 # MIT
|
|
keystonemiddleware>=4.17.0 # Apache-2.0
|
|
kombu>=4.3.0 # BSD
|
|
netaddr>=0.7.18 # BSD
|
|
SQLAlchemy>=1.3.11 # MIT
|
|
WebOb>=1.7.1 # MIT
|
|
alembic>=0.9.6 # MIT
|
|
stevedore>=3.3.0 # Apache-2.0
|
|
oslo.concurrency>=3.26.0 # Apache-2.0
|
|
oslo.config>=6.8.0 # Apache-2.0
|
|
oslo.context>=2.22.0 # Apache-2.0
|
|
oslo.db>=5.0.0 # Apache-2.0
|
|
oslo.log>=3.36.0 # Apache-2.0
|
|
oslo.messaging>=14.2.0 # Apache-2.0
|
|
oslo.middleware>=3.31.0 # Apache-2.0
|
|
oslo.policy>=3.11.0 # Apache-2.0
|
|
oslo.privsep>=2.4.0 # Apache-2.0
|
|
oslo.reports>=1.18.0 # Apache-2.0
|
|
oslo.rootwrap>=5.8.0 # Apache-2.0
|
|
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
|
oslo.service>=2.5.0 # Apache-2.0
|
|
oslo.upgradecheck>=1.3.0 # Apache-2.0
|
|
oslo.utils>=4.8.0 # Apache-2.0
|
|
oslo.versionedobjects>=1.33.3 # Apache-2.0
|
|
openstacksdk>=0.44.0 # Apache-2.0
|
|
python-barbicanclient>=4.5.2 # Apache-2.0
|
|
python-heatclient>=1.10.0 # Apache-2.0
|
|
python-keystoneclient>=3.8.0 # Apache-2.0
|
|
python-neutronclient>=6.7.0 # Apache-2.0
|
|
python-novaclient>=9.1.0 # Apache-2.0
|
|
python-tackerclient>=1.11.0 # Apache-2.0
|
|
rfc3986>=1.2.0 # Apache-2.0
|
|
cryptography>=2.7 # BSD/Apache-2.0
|
|
paramiko>=2.7.1 # LGPLv2.1+
|
|
pyroute2>=0.4.21;sys_platform!='win32' # Apache-2.0 (+ dual licensed GPL2)
|
|
castellan>=0.16.0 # Apache-2.0
|
|
kubernetes>=18.20.0 # Apache-2.0
|
|
setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,!=34.3.2,!=36.2.0,>=21.0.0 # PSF/ZPL
|
|
tooz>=1.58.0 # Apache-2.0
|
|
PyYAML>=5.4.1 # MIT
|
|
PyMySQL>=0.10.1 # MIT
|
|
PyJWT>=2.4.0 # MIT
|
|
|
|
# Glance Store
|
|
glance-store>=2.4.0 # Apache-2.0
|
|
|
|
heat-translator>=2.3.0 # Apache-2.0
|
|
tosca-parser>=2.3.0 # Apache-2.0
|