| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Bandit emits errors for request methods without the timeout parameter.
It's better to follow the instruction to avoid hanging.
Added timeout parameters and config options to set timeout.
[1] https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html
Change-Id: I0c022c3cc57f30530ebdef6e434753ece2bdf912
|
|
|
|
|
|
|
|
|
|
|
|
| |
The oauth2_mtls_token filter has been added for accepting or denying
incoming requests containing OAuth 2.0 certificate-bound access
tokens that are obtained from keystone identity server by users
through their OAuth 2.0 credentials and Mutual-TLS certificates.
Co-Authored-By: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp>
Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614
Change-Id: I49127d845954ad6eab39e6e6305948ef0e4ed7b5
Implements: blueprint support-oauth2-mtls
|
|
|
|
|
|
| |
This updates the test-requirements to fix No module error in oslo_config.sphinxconfiggen when executing tox with doc env.
Change-Id: I4bfe30b3517f4a6c5c536afa150c66ef8522a2d0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This can create a race condition for long running services that reuse
their token (eg. Kubernetes Cinder CSI plugin) in this case for
example:
1 [user] Asks nova to attach a volume to a server
2 ...the user's token expires
3 [user] Asks cinder if the volume has been attached
4 [nova] Asks cinder to attach the volume
In step 3 the token is marked as invalid in the cache and step 4 fails
even if allow_expired is true
Closes-Bug: #1987355
Change-Id: Ice8e34440a5fe1baa370646ed70b5e085c4af70e
|
|
|
|
|
|
|
|
| |
This updates the test-requirements to more recent flake8-docstrings
and pep8 versions. I also added some more ignores that would take
significant work to update and fixed some minor linting issues.
Change-Id: Ia416658b8a4bfb8f43f8df170053abb3ae958d44
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since tox 3.18.0, the whitelist_externals option has been deprecated in
favor of the new allow_list_externals option[1].
This change bumps the minversion of tox so that we can replace
the deprecated option.
[1] https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23
Change-Id: Ib19bf79da06d656831cdb117e390d4583262f862
|
| |
| |
| |
| |
| |
| |
| | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I402897d72b841518308321832e5e00312598d74f
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The oauth2_token filter has been added for accepting or denying
incoming requests containing OAuth2.0 client credentials access tokens
that are obtained from keystone identity server by users through their
application credentials.
Change-Id: I15e438681749ed2c2666804a9efd8d4712a7b01c
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For unknown reasons, the `create_notifier()` in
`test_api_request_no_messaging()` used `oslo_messaging.Notifier`
instead of the `_LogNotifier` that should be originally used,
causing unit test to fail.
This patch fixes this issue by changing `use_oslo_messaging` config to
False for this test.
Change-Id: I32f9dc596525e912e37984764f68564e26ecfd3b
|
|/
|
|
|
|
|
| |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I071933cb8a392b14a36940133880d5e777301d1f
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since setuptools v54.1.0[1], the parmeters with dash have been
deprecated in favor of the new parameters with underscore.
This change updates the parameters accordingly to avoid the warnings
like the example below.
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: Id43f253899b5af1f40a41d7fff1f78c316b31367
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Add release notes and update the python
classifier for the same.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Co-Authored-By: Ghanshyam Mann <gmann@ghanshyammann.com>
Change-Id: I0b6a6b22ce7e9e2de4cf7eadd87699d7b26cdda6
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These translation sections are not needed anymore, Babel can
generate translation files without them.
Change-Id: I50b3b5feef4b5e78e9f920bc20bbaf75db70b787
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
We support Python 3.6 as a minimum now, making these checks no-ops.
Change-Id: Iff6abdc56c5627505e774f40af339e1b5790c4d5
|
|\ \ \ \
| | |_|/
| |/| | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We should use the template corresponding to the release.
Change-Id: I659fb6cd3eb5be92c1c5568ee417f1ee32e7124f
|
|\ \ \ \ |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
... so that each service using the audit middleware can include these
parameters in .conf file generated by oslo-config-generator by adding
that entrypoint to the command.
Closes-Bug: #1939632
Change-Id: Ied954c633570c51af9504514ffed18e12de8caac
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Python 2 support was removed during Ussuri cycle. This change adds
the classifier to clearly state that only Python 3 is supported.
Change-Id: I4bfe0bd6eaed2c5edeef00de4c5f9830ceaee71b
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As discussed in TC PTG[1] and TC resolution[2], we are
dropping the lower-constraints.txt file and its testing.
We will keep lower bounds in the requirements.txt file but
with a note that these are not tested lower bounds and we
try our best to keep them updated.
[1] https://etherpad.opendev.org/p/tc-zed-ptg#L326
[2] https://governance.openstack.org/tc/resolutions/20220414-drop-lower-constraints.html#proposal
Change-Id: Ifb9dc54424256d5cffe557894b2d26b2401ebf92
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add file to the reno documentation build to show release notes for
stable/yoga.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.
Sem-Ver: feature
Change-Id: If921b464cca97f9f99a45594ab37aed00e91fe77
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add file to the reno documentation build to show release notes for
stable/xena.
Change-Id: Ib64b3684d3fdaa3b9edb28a9c5d0f8487dffd912
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add file to the reno documentation build to show release notes for
stable/wallaby.
Co-authored-by: Kristi Nikolla <knikolla@bu.edu>
Change-Id: Ifa326381f0c901e712367d4d51218aef18eb26f2
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add file to the reno documentation build to show release notes for
stable/victoria.
Change-Id: Id05ff8460cfa4f1762f2d0096088bc341e95c1da
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: Iaa7fbc7f8c6fdb33755d0d212dd4c710f40981c3
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In past days there were discussions about various issues
with memcached connections [1][2][3].
After investigation it looks like common root cause for above
problems is keystonemiddleware. More precisely said the way
how keystonemiddleware is caching tokens.
Currently it's using some home-made CachePool with direct
usage of memcached library, moreover it looks like its
approach is not eventlet-safe.
Discussion can be mainly found in [4].
Fortunately keystonemiddleware can use "advanced cache pool",
which is oslo.cache's implementation and was added long time ago [5],
but it is turned on only if memcache_use_advanced_pool=True.
This patch is switching to more elaborated oslo.cache CachePool
and adding deprecation warning about eventlet-unsafe variant
of keystonemiddleware's memcache pool.
How to reproduce ?
with memcache_use_advanced_pool=False
1. Build clean ENV of openstack
2. Deploy core projects (keystone,glance,nova,placement...)
3. Run while true; do COMMAND FOR SERVICE; done
- several bashes, in parallel (5-7)
COMMAND FOR SERVICE:
- openstack network list
- openstack volume list
- openstack server list
- openstack image list
4. Check memcached connections (which will grow up):
- ss | grep 11211 | wc -l every second
How to fix and test it ?
Repeat above, to fix:
- with memcache_use_advanced_pool=True
OR
- apply this patch
Compare measurements in graph.
[1] https://bugs.launchpad.net/keystonemiddleware/+bug/1892852
[2] https://bugs.launchpad.net/oslo.cache/+bug/1888394
[3] https://bugs.launchpad.net/keystonemiddleware/+bug/1883659
[4] https://review.opendev.org/c/openstack/oslo.cache/+/742193
[5] https://review.opendev.org/c/openstack/keystonemiddleware/+/268664
Closes-Bug: #1883659
Closes-Bug: #1892852
Closes-Bug: #1888394
Change-Id: I0e96334b65a0bf369ebf1d88651d13feb8d2ecac
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is an ongoing discussion in ML to drop the
lower-constraints job [1].
Moving it to Non-voting until any decision is being
made in TC meeting.
[1]: http://lists.openstack.org/pipermail/openstack-discuss/2021-January/019672.html
Change-Id: I405d6790360563526d13c0b3e8ae0576d98a67d8
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As per victoria cycle testing runtime and community goal[1]
we need to migrate upstream CI/CD to Ubuntu Focal(20.04).
Fixing:
- bug#1886298
Bump the lower constraints for required deps which added python3.8 support
in their later version.
Story: #2007865
Task: #40190
Closes-Bug: #1886298
[1] https://governance.openstack.org/tc/goals/selected/victoria/migrate-ci-cd-jobs-to-ubuntu-focal
Change-Id: I602c3ce7c94a039e3fd550cbb47a8e8f095aacea
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Idc319f3f8a3ddd57cba91e4cefc66dbb18d5cc22
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In [0] the ``interface``option was added in order to allow the Identity
endpoint that is being used when validating tokens to be
configured by the deployer. Change the default to using the internal
endpoint, as that should be what most deployments will end up using.
[0] https://review.opendev.org/651790
Depends-On: https://review.opendev.org/651492
Closes-Bug: 1830002
Change-Id: I0ce8b6d8cd408c7fac8107972e7be70839e337fb
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I03d472ad957308f098363b3377a8794e9e3d437a
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* parallelizing building of documents
Update Sphinx version as well.
Remove the doc requirements from lower-constraints, they are not
needed during installation.
openstackdocstheme renames some variables, so follow the renames. A
couple of variables are also not needed anymore, remove them.
Set openstackdocs_pdf_link to link to PDF file.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Ic7c901ff19aa073b6e003ccb95aaf77886f20152
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: Iedcc2750dc0bdfdabb9d03a0b153aeeae6c0b58e
Sem-Ver: feature
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Blacklist:
W504 line break after binary operator
W503 line break before binary operator
Fix other problems found
Change-Id: I2fb257a4f42b499df3702f3e8f3c99ecb28557d6
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We literally say in (the rendered version of) the same doc:
# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
#auth_type = <None>
Looks like auth_plugin has been deprecated for quite some time:
https://opendev.org/openstack/keystoneauth/commit/a56ed4218
Change-Id: I2dafa0cb28f017667497e0a6585d96a8cd090d5f
|
| |
| |
| |
| |
| |
| |
| | |
Now that we've dropped py2 support we shouldn't be setting this
anymore.
Change-Id: I6c5f0a87ac7551674ce09f5fde5fdbce103e2a47
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenStack is dropping the py2.7 support in ussuri cycle.
keystonemiddleware is ready with python 3 and ok to drop the
python 2.7 support.
Complete discussion & schedule can be found in
- http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010142.html
- https://etherpad.openstack.org/p/drop-python2-support
Ussuri Communtiy-wide goal:
https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html
Change-Id: Ia6f0e14efd19b0b98227258e7264b4850a197f4f
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | | |
For more detail, see http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006478.html
Change-Id: I89648da5b9e8579d3ef40b840fb81c76596a785a
|