summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add timeout for requestsHEAD10.3.0masterHiromu Asahina2023-03-182-4/+17
| | | | | | | | | | | Bandit emits errors for request methods without the timeout parameter. It's better to follow the instruction to avoid hanging. Added timeout parameters and config options to set timeout. [1] https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html Change-Id: I0c022c3cc57f30530ebdef6e434753ece2bdf912
* OAuth 2.0 Mutual-TLS Supportsunyonggen2023-03-035-0/+647
| | | | | | | | | | | | The oauth2_mtls_token filter has been added for accepting or denying incoming requests containing OAuth 2.0 certificate-bound access tokens that are obtained from keystone identity server by users through their OAuth 2.0 credentials and Mutual-TLS certificates. Co-Authored-By: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp> Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614 Change-Id: I49127d845954ad6eab39e6e6305948ef0e4ed7b5 Implements: blueprint support-oauth2-mtls
* Add missing doc requirementsHiromu Asahina2023-02-101-0/+4
| | | | | | This updates the test-requirements to fix No module error in oslo_config.sphinxconfiggen when executing tox with doc env. Change-Id: I4bfe30b3517f4a6c5c536afa150c66ef8522a2d0
* Remove cache invalidation when using expired token10.2.0stable/2023.1Jorge Merlino2022-12-122-25/+0
| | | | | | | | | | | | | | | | | This can create a race condition for long running services that reuse their token (eg. Kubernetes Cinder CSI plugin) in this case for example: 1 [user] Asks nova to attach a volume to a server 2 ...the user's token expires 3 [user] Asks cinder if the volume has been attached 4 [nova] Asks cinder to attach the volume In step 3 the token is marked as invalid in the cache and step 4 fails even if allow_expired is true Closes-Bug: #1987355 Change-Id: Ice8e34440a5fe1baa370646ed70b5e085c4af70e
* Fix pep8 gateDave Wilde2022-12-093-8/+8
| | | | | | | | This updates the test-requirements to more recent flake8-docstrings and pep8 versions. I also added some more ignores that would take significant work to update and fixed some minor linting issues. Change-Id: Ia416658b8a4bfb8f43f8df170053abb3ae958d44
* Merge "Bump tox minversion to 3.18.0"Zuul2022-09-161-2/+2
|\
| * Bump tox minversion to 3.18.0Takashi Kajinami2022-07-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Since tox 3.18.0, the whitelist_externals option has been deprecated in favor of the new allow_list_externals option[1]. This change bumps the minversion of tox so that we can replace the deprecated option. [1] https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23 Change-Id: Ib19bf79da06d656831cdb117e390d4583262f862
* | Imported Translations from ZanataOpenStack Proposal Bot2022-09-061-2/+28
| | | | | | | | | | | | | | For more information about this automatic import see: https://docs.openstack.org/i18n/latest/reviewing-translation-import.html Change-Id: I402897d72b841518308321832e5e00312598d74f
* | OAuth2.0 Client Credentials Grant Flow Support10.1.0Yi Feng2022-08-234-0/+412
| | | | | | | | | | | | | | | | | | The oauth2_token filter has been added for accepting or denying incoming requests containing OAuth2.0 client credentials access tokens that are obtained from keystone identity server by users through their application credentials. Change-Id: I15e438681749ed2c2666804a9efd8d4712a7b01c
* | Fix logging notifier unit test10.0.1Ayumu Ueha2022-08-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | For unknown reasons, the `create_notifier()` in `test_api_request_no_messaging()` used `oslo_messaging.Notifier` instead of the `_LogNotifier` that should be originally used, causing unit test to fail. This patch fixes this issue by changing `use_oslo_messaging` config to False for this test. Change-Id: I32f9dc596525e912e37984764f68564e26ecfd3b
* | Imported Translations from ZanataOpenStack Proposal Bot2022-06-211-2/+82
|/ | | | | | | For more information about this automatic import see: https://docs.openstack.org/i18n/latest/reviewing-translation-import.html Change-Id: I071933cb8a392b14a36940133880d5e777301d1f
* Merge "setup.cfg: Replace dashes by underscores"10.0.0Zuul2022-06-071-4/+4
|\
| * setup.cfg: Replace dashes by underscoresTakashi Kajinami2022-06-011-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since setuptools v54.1.0[1], the parmeters with dash have been deprecated in favor of the new parameters with underscore. This change updates the parameters accordingly to avoid the warnings like the example below. UserWarning: Usage of dash-separated 'description-file' will not be supported in future versions. Please use the underscore name 'description_file' instead [1] https://github.com/pypa/setuptools/commit/a2e9ae4cb Change-Id: Id43f253899b5af1f40a41d7fff1f78c316b31367
* | Merge "Update python testing as per zed cycle teting runtime"Zuul2022-06-072-2/+9
|\ \ | |/
| * Update python testing as per zed cycle teting runtimeTakashi Kajinami2022-05-272-2/+9
| | | | | | | | | | | | | | | | | | | | | | In Zed cycle, we have dropped the python 3.6/3.7[1] testing and its support. Add release notes and update the python classifier for the same. [1] https://governance.openstack.org/tc/reference/runtimes/zed.html Co-Authored-By: Ghanshyam Mann <gmann@ghanshyammann.com> Change-Id: I0b6a6b22ce7e9e2de4cf7eadd87699d7b26cdda6
* | Merge "Remove translation sections from setup.cfg"Zuul2022-06-032-18/+0
|\ \
| * | Remove translation sections from setup.cfgmelissaml2020-05-142-18/+0
| | | | | | | | | | | | | | | | | | | | | These translation sections are not needed anymore, Babel can generate translation files without them. Change-Id: I50b3b5feef4b5e78e9f920bc20bbaf75db70b787
* | | Merge "Remove references to 'sys.version_info'"Zuul2022-05-301-18/+0
|\ \ \
| * | | Remove references to 'sys.version_info'dengzhaosen2021-04-271-18/+0
| | | | | | | | | | | | | | | | | | | | We support Python 3.6 as a minimum now, making these checks no-ops. Change-Id: Iff6abdc56c5627505e774f40af339e1b5790c4d5
* | | | Merge "Update Python 3 job template"Zuul2022-05-271-1/+1
|\ \ \ \ | | |_|/ | |/| |
| * | | Update Python 3 job templateTakashi Kajinami2022-05-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | We should use the template corresponding to the release. Change-Id: I659fb6cd3eb5be92c1c5568ee417f1ee32e7124f
* | | | Merge "Add oslo.config.opts entrypoint for audit middleware options"9.5.0Zuul2022-05-062-2/+3
|\ \ \ \
| * | | | Add oslo.config.opts entrypoint for audit middleware optionsTakashi Kajinami2021-08-122-2/+3
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... so that each service using the audit middleware can include these parameters in .conf file generated by oslo-config-generator by adding that entrypoint to the command. Closes-Bug: #1939632 Change-Id: Ied954c633570c51af9504514ffed18e12de8caac
* | | | Merge "Add Python 3 only classifier"Zuul2022-05-061-0/+1
|\ \ \ \
| * | | | Add Python 3 only classifierTakashi Kajinami2022-02-081-0/+1
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | Python 2 support was removed during Ussuri cycle. This change adds the classifier to clearly state that only Python 3 is supported. Change-Id: I4bfe0bd6eaed2c5edeef00de4c5f9830ceaee71b
* | | | Drop lower-constraints.txt and its testingGhanshyam Mann2022-04-304-94/+4
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As discussed in TC PTG[1] and TC resolution[2], we are dropping the lower-constraints.txt file and its testing. We will keep lower bounds in the requirements.txt file but with a note that these are not tested lower bounds and we try our best to keep them updated. [1] https://etherpad.opendev.org/p/tc-zed-ptg#L326 [2] https://governance.openstack.org/tc/resolutions/20220414-drop-lower-constraints.html#proposal Change-Id: Ifb9dc54424256d5cffe557894b2d26b2401ebf92
* | | Update master for stable/yogaOpenStack Release Bot2022-03-042-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add file to the reno documentation build to show release notes for stable/yoga. Use pbr instruction to increment the minor version number automatically so that master versions are higher than the versions on stable/yoga. Sem-Ver: feature Change-Id: If921b464cca97f9f99a45594ab37aed00e91fe77
* | | Update master for stable/xena9.4.0OpenStack Release Bot2022-02-082-0/+7
| | | | | | | | | | | | | | | | | | | | | Add file to the reno documentation build to show release notes for stable/xena. Change-Id: Ib64b3684d3fdaa3b9edb28a9c5d0f8487dffd912
* | | Update master for stable/wallabyOpenStack Release Bot2022-02-072-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add file to the reno documentation build to show release notes for stable/wallaby. Co-authored-by: Kristi Nikolla <knikolla@bu.edu> Change-Id: Ifa326381f0c901e712367d4d51218aef18eb26f2
* | | Merge "Update master for stable/victoria"Zuul2022-02-072-0/+7
|\ \ \ | |/ / |/| |
| * | Update master for stable/victoriaOpenStack Release Bot2022-02-072-0/+7
| | | | | | | | | | | | | | | | | | | | | Add file to the reno documentation build to show release notes for stable/victoria. Change-Id: Id05ff8460cfa4f1762f2d0096088bc341e95c1da
* | | Imported Translations from Zanataxena-em9.3.0OpenStack Proposal Bot2021-03-031-2/+5
| | | | | | | | | | | | | | | | | | | | | For more information about this automatic import see: https://docs.openstack.org/i18n/latest/reviewing-translation-import.html Change-Id: Iaa7fbc7f8c6fdb33755d0d212dd4c710f40981c3
* | | Switch to eventlet-safe oslo.cache's MemcacheClientPoolMichal Arbet2021-02-113-4/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In past days there were discussions about various issues with memcached connections [1][2][3]. After investigation it looks like common root cause for above problems is keystonemiddleware. More precisely said the way how keystonemiddleware is caching tokens. Currently it's using some home-made CachePool with direct usage of memcached library, moreover it looks like its approach is not eventlet-safe. Discussion can be mainly found in [4]. Fortunately keystonemiddleware can use "advanced cache pool", which is oslo.cache's implementation and was added long time ago [5], but it is turned on only if memcache_use_advanced_pool=True. This patch is switching to more elaborated oslo.cache CachePool and adding deprecation warning about eventlet-unsafe variant of keystonemiddleware's memcache pool. How to reproduce ? with memcache_use_advanced_pool=False 1. Build clean ENV of openstack 2. Deploy core projects (keystone,glance,nova,placement...) 3. Run while true; do COMMAND FOR SERVICE; done - several bashes, in parallel (5-7) COMMAND FOR SERVICE: - openstack network list - openstack volume list - openstack server list - openstack image list 4. Check memcached connections (which will grow up): - ss | grep 11211 | wc -l every second How to fix and test it ? Repeat above, to fix: - with memcache_use_advanced_pool=True OR - apply this patch Compare measurements in graph. [1] https://bugs.launchpad.net/keystonemiddleware/+bug/1892852 [2] https://bugs.launchpad.net/oslo.cache/+bug/1888394 [3] https://bugs.launchpad.net/keystonemiddleware/+bug/1883659 [4] https://review.opendev.org/c/openstack/oslo.cache/+/742193 [5] https://review.opendev.org/c/openstack/keystonemiddleware/+/268664 Closes-Bug: #1883659 Closes-Bug: #1892852 Closes-Bug: #1888394 Change-Id: I0e96334b65a0bf369ebf1d88651d13feb8d2ecac
* | | Updating lower-constraints job as non votingMichal Arbet2021-02-031-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is an ongoing discussion in ML to drop the lower-constraints job [1]. Moving it to Non-voting until any decision is being made in TC meeting. [1]: http://lists.openstack.org/pipermail/openstack-discuss/2021-January/019672.html Change-Id: I405d6790360563526d13c0b3e8ae0576d98a67d8
* | | Merge "[goal] Migrate testing to ubuntu focal"wallaby-em9.2.0Zuul2020-09-102-4/+4
|\ \ \ | |/ / |/| |
| * | [goal] Migrate testing to ubuntu focalGhanshyam Mann2020-09-092-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As per victoria cycle testing runtime and community goal[1] we need to migrate upstream CI/CD to Ubuntu Focal(20.04). Fixing: - bug#1886298 Bump the lower constraints for required deps which added python3.8 support in their later version. Story: #2007865 Task: #40190 Closes-Bug: #1886298 [1] https://governance.openstack.org/tc/goals/selected/victoria/migrate-ci-cd-jobs-to-ubuntu-focal Change-Id: I602c3ce7c94a039e3fd550cbb47a8e8f095aacea
* | | Merge "Use unittest.mock instead of third party mock"Zuul2020-08-2412-12/+13
|\ \ \ | |/ / |/| |
| * | Use unittest.mock instead of third party mockSean McGinnis2020-04-1812-12/+13
| | | | | | | | | | | | | | | | | | | | | | | | Now that we no longer support py27, we can use the standard library unittest.mock module instead of the third party mock lib. Change-Id: Idc319f3f8a3ddd57cba91e4cefc66dbb18d5cc22 Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
* | | Merge "Change the default Identity endpoint to internal"victoria-em9.1.0stable/victoriaZuul2020-07-063-5/+16
|\ \ \
| * | | Change the default Identity endpoint to internalJens Harbott2020-06-143-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In [0] the ``interface``option was added in order to allow the Identity endpoint that is being used when validating tokens to be configured by the deployer. Change the default to using the internal endpoint, as that should be what most deployments will end up using. [0] https://review.opendev.org/651790 Depends-On: https://review.opendev.org/651492 Closes-Bug: 1830002 Change-Id: I0ce8b6d8cd408c7fac8107972e7be70839e337fb
* | | | Imported Translations from ZanataOpenStack Proposal Bot2020-06-161-4/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For more information about this automatic import see: https://docs.openstack.org/i18n/latest/reviewing-translation-import.html Change-Id: I03d472ad957308f098363b3377a8794e9e3d437a
* | | | Switch to newer openstackdocstheme and reno versionsAndreas Jaeger2020-05-214-12/+12
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using these versions will allow especially: * Linking from HTML to PDF document * parallelizing building of documents Update Sphinx version as well. Remove the doc requirements from lower-constraints, they are not needed during installation. openstackdocstheme renames some variables, so follow the renames. A couple of variables are also not needed anymore, remove them. Set openstackdocs_pdf_link to link to PDF file. Change pygments_style to 'native' since old theme version always used 'native' and the theme now respects the setting and using 'sphinx' can lead to some strange rendering. See also http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html Change-Id: Ic7c901ff19aa073b6e003ccb95aaf77886f20152
* | | Update master for stable/ussuriOpenStack Release Bot2020-04-022-0/+7
| |/ |/| | | | | | | | | | | | | | | | | | | | | Add file to the reno documentation build to show release notes for stable/ussuri. Use pbr instruction to increment the minor version number automatically so that master versions are higher than the versions on stable/ussuri. Change-Id: Iedcc2750dc0bdfdabb9d03a0b153aeeae6c0b58e Sem-Ver: feature
* | Merge "Update hacking for Python3"ussuri-em9.0.0Zuul2020-03-304-4/+6
|\ \
| * | Update hacking for Python3Andreas Jaeger2020-03-304-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The repo is Python 3 now, so update hacking to version 3.0 which supports Python 3. Blacklist: W504 line break after binary operator W503 line break before binary operator Fix other problems found Change-Id: I2fb257a4f42b499df3702f3e8f3c99ecb28557d6
* | | Have middlewarearchitecture doc reference auth_type optionTim Burke2020-03-201-5/+5
|/ / | | | | | | | | | | | | | | | | | | | | | | | | We literally say in (the rendered version of) the same doc: # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = <None> Looks like auth_plugin has been deprecated for quite some time: https://opendev.org/openstack/keystoneauth/commit/a56ed4218 Change-Id: I2dafa0cb28f017667497e0a6585d96a8cd090d5f
* | Remove universal wheel configurationBen Nemec2020-02-061-2/+0
| | | | | | | | | | | | | | Now that we've dropped py2 support we shouldn't be setting this anymore. Change-Id: I6c5f0a87ac7551674ce09f5fde5fdbce103e2a47
* | [ussuri][goal] Drop python 2.7 support and testingVishakha Agarwal2020-01-075-16/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenStack is dropping the py2.7 support in ussuri cycle. keystonemiddleware is ready with python 3 and ok to drop the python 2.7 support. Complete discussion & schedule can be found in - http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010142.html - https://etherpad.openstack.org/p/drop-python2-support Ussuri Communtiy-wide goal: https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html Change-Id: Ia6f0e14efd19b0b98227258e7264b4850a197f4f
* | Merge "Update the constraints url"Zuul2020-01-021-1/+1
|\ \
| * | Update the constraints urlpengyuesheng2019-09-201-1/+1
| | | | | | | | | | | | | | | | | | For more detail, see http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006478.html Change-Id: I89648da5b9e8579d3ef40b840fb81c76596a785a
View Lorry Controller Status