[openstack-announce] [new][barbican] barbican 3.0.0 release (newton)
no-reply at openstack.org
no-reply at openstack.org
Thu Oct 6 13:20:25 UTC 2016
We are eager to announce the release of:
barbican 3.0.0: UNKNOWN
This release is part of the newton release series.
For more details, please see below.
3.0.0
^^^^^
Now within a single deployment, multiple secret store plugin backends
can be configured and used. With this change, a project adminstrator
can pre-define a preferred plugin backend for storing their secrets.
New APIs are added to manage this project level secret store
preference.
New Features
************
* New feature to support multiple secret store plugin backends. This
feature is not enabled by default. To use this feature, the relevant
feature flag needs to be enabled and supporting configuration needs
to be added in the service configuration. Once enabled, a project
adminstrator will be able to specify one of the available secret
store backends as a preferred secret store for their project
secrets. This secret store preference applies only to new secrets
(key material) created or stored within that project. Existing
secrets are not impacted. See http://docs.openstack.org/developer/b
arbican/setup/plugin_backends.html for instructions on how to setup
Barbican multiple backends, and the API documentation for further
details.
Changes in barbican 2.0.0.0rc1..3.0.0
-------------------------------------
88db8ce Adding reno release notes for multiple backend feature
845b3d0 Adding functional tests for multiple backend changes (Part 5)
6535e55 Adding rest API for secret-stores resource (Part 4)
b05c4b6 Central logic to sync secret store data with conf data (Part 3)
f414186 Changes for multiple backend conf and friendly plugin names (Part 2)
6c814fe Don't inspect oslo.context
25a702c typo fix
db01c21 standardize release note page ordering
29edae6 Adding multiple backend db model and repository support (Part 1)
669a995 Adding API docs for multiple backend support changes.
c98980a Imported Translations from Zanata
38ecf5b Remove consumer check for project_id to match containers
a8d8981 Assigning unwrapped kek handle to new variable to avoid overwrite
20ffc77 Add Barbican Verification to Install Guide
f44879a Fix typo in barbican/tests/keys.py
75dcd99 Updated from global requirements
9868241 Use more specific asserts in tests
78b0a41 Some minor code optimization in post_test_hook.sh
6f46088 Fix some typos in database_migrations.rst
043e8e2 Remove white space between print and ()
7a80895 Support upper-constratints.txt in tox environments
edb2c18 Add install guide
14df741 Fix test suite cleanup
b6f2257 Clean imports in code
b84434b Make 'url' references uppercase for consistency
d529f3b Fix some typos
7fb709c Change LOG.warn to LOG.warning
20b790b Use international logging message
876e603 Remove "KEYSTONE_" URI settings for devsatck
80067d5 Updated from global requirements
bfeb2b0 Imported Translations from Zanata
bf19558 Add Python 3.5 classifier and venv
4b09adc Generate IV on HSM device for encrypt operations
8480f4e Add documentation for date-filters
fb086bd Add seed random feature to seed HSM RNG
180ea7c Fix the typo
7af28c8 Fix jenkins failing on coverage report
d1e39e0 modify the home-page info with the developer documentation
ce6336f User with creator role can delete his/her own secret and container
8f76242 Fixed typo in ACL section of API Guide
2323fcf Marking database connection config property as secret.
ea2dd06 Fix the typo in the files
5591238 Implement Date Filters for Secrets
1d99f27 dogtag: Only call initialize() if crypto is not None
55e2cea delete unused LOG
5ffbe25 Updated from global requirements
d89e93b Imported Translations from Zanata
45032b2 Move rabbit configurations to oslo_messaging_rabbit section
22b22dc Insecure default PROTOCOL_TLSv1 version in KMIP plugin
26fb788 Correct reraising of exception
9df6e5b Barbican tests fail because of incomplete test dependencies
50b4a1a pkcs11-key-generation: convert mkek length to int
592cf2e Add support for modifying Generic Containers
2088caf Updated from global requirements
cf0ffe7 Remove unnecessary executable permissions
427706d Updated from global requirements
c5012af Port last test (test_secrets) to Python 3
b113f63 Port test_quotas to Python 3
7a9c13f Port 3 more unit tests to Python 3
c634203 Setup memory DB in test_cmd
8bef6b4 Change SecretAcceptNotSupportedException from exception.BarbicanException to exception.BarbicanHTTPException
0f7fbfc Correct a typo in apiary.apib
700d16f Don't supply auth_token information by default in paste
3d7600d Fixed typo in crypto plugin docs
ea77fdc Remove unused oslo.concurrency requirement
4ccae1e Updated from global requirements
49becaf Do not count expired secrets toward quota
261b504 Updated from global requirements
88aac6e Add retry for recoverable PKCS11 errors
09ba305 Port API test_resources to Python 3
a0ca5c0 Port test_validators to Python 3
fbe084d Port snakeoil_ca to Python 3
0326a26 Updated from global requirements
6cba20e Python 3: replace the whitelist with a blacklist
4cd609f Port translations to Python 3
3169ac4 Fix doc warnings
8abb2c6 Use keystone auth plugin
813818b Fixed test suite cleanup
b562b17 Updated from global requirements
ab9d3f5 Updated from global requirements
79da750 Return 4xx error for invalid KMIP key spec.
97e3e22 Fix keystone_listener.py
66418ec Fix creation of notification server
5ef6c3e Added KMIP Secret Store to Devstack
03dcad3 Checking for input secret_ref to start with input request hostname
c695dca Updated from global requirements
6ed906c Cleanup py34 tox tests
abe30d7 [Trivial] Remove executable privilege of doc/source/conf.py
c6fbe7f Replace tempest-lib with tempest.lib
d8d1785 Code cleanup
57a36dd Issue warning for deployers trying to use simple_crypto
a88e95a Python 3: fix barbican.tests.plugin.test_store_crypto
ea8c4bb Python3: fix barbican.tests.plugin.test_kmip
c0f68fa Python3: add tests that are already working
64e3fe4 Python3: fix barbican.tests.plugin.crypto.test_crypto
0c02b9c Python 3: use a string rather than bytes for "kek"
eaf542c Python3: fix barbican.tests.api.controllers.test_cas
47d8775 Python3: HTTPServerError no longer has a "message" argument in its constructo
a9d9055 Python3: base64.b64encode expects bytes.
7156131 Python3: exceptions no longer have a 'message' attribute.
d69b793 Updated from global requirements
e9b4cf9 Imported Translations from Zanata
6a079b9 use thread safe fnmatch
82a60ac migrate keystone_data to openstackclient
e01141b Use set Literals for better performance
a5f4fcf Updated from global requirements
4c6704e Fix circular dependency of certificate_manager module
19f69cc Adding support for barbican host href to be derived from wsgi request
5e9856f Barbican server logs Secret Payload contents
950c610 Fix skip message for dogtag plugins
56c82ce Handling json-home header for /v1 call
d590380 Add skips for KMIP functional tests
6d1ea0a Updated from global requirements
6c85d2f Allow plugins to retrieve secrets
6c32622 Barbican server discloses password and X-auth
1668c32 Updated from global requirements
fdf79c9 Add code coverage results for functional tests
e84a810 Fix URL length for alembic migrations
a6927f6 Updated from global requirements
d9b5ac8 Return 404 when a secret does not have a payload
acbdb03 Change Table name to correct name
0577340 Update project quota paging tests to run with existing project quotas
99397de Uses alembic migration when deploying devstack
1bd74d5 Fix typos in Barbican files
8142eb4 Remove outdated line in KMIP docstring
2ecc676 Change Table name to correct name
d6412aa Removes redundants
c68acb2 Add a configurable setting in barbican-functional.conf for SSL
3b0322f Update reno for stable/mitaka
a261c7e Update .gitreview for stable/mitaka
295dba1 Add cleanup capability for secrets and containers
f47ae83 Fix correct foreign key constraints
55298c4 Remove deprecated option 'DEFAULT/verbose'
Diffstat (except docs and test files)
-------------------------------------
api-guide/source/acls.rst | 2 +-
api-guide/source/cas.rst | 4 +-
api-guide/source/consumers.rst | 2 +-
apiary.apib | 12 +-
barbican/api/controllers/__init__.py | 13 +-
barbican/api/controllers/cas.py | 8 +-
barbican/api/controllers/consumers.py | 54 +-
barbican/api/controllers/containers.py | 107 ++
barbican/api/controllers/orders.py | 10 +-
barbican/api/controllers/secretmeta.py | 18 +-
barbican/api/controllers/secrets.py | 105 +-
barbican/api/controllers/secretstores.py | 214 +++
barbican/api/controllers/transportkeys.py | 6 +-
barbican/api/controllers/versions.py | 7 +-
barbican/api/hooks.py | 2 +-
barbican/api/middleware/context.py | 2 -
barbican/api/middleware/simple.py | 3 +-
barbican/cmd/barbican_manage.py | 18 +-
barbican/cmd/db_manage.py | 10 +-
barbican/cmd/keystone_listener.py | 17 +-
barbican/cmd/pkcs11_kek_rewrap.py | 10 +-
barbican/cmd/pkcs11_key_generation.py | 13 +-
barbican/cmd/pkcs11_migrate_kek_signatures.py | 0
barbican/cmd/retry_scheduler.py | 3 +-
barbican/cmd/worker.py | 3 +-
barbican/common/config.py | 19 +-
barbican/common/exception.py | 81 +-
barbican/common/hrefs.py | 9 +-
barbican/common/resources.py | 3 +-
barbican/common/utils.py | 36 +-
barbican/common/validators.py | 43 +-
barbican/context.py | 14 +-
barbican/locale/barbican-log-error.pot | 148 --
barbican/locale/barbican-log-info.pot | 264 ----
barbican/locale/barbican-log-warning.pot | 35 -
barbican/locale/barbican.pot | 1644 --------------------
.../locale/zh_CN/LC_MESSAGES/barbican-log-error.po | 36 +-
.../locale/zh_CN/LC_MESSAGES/barbican-log-info.po | 231 +++
.../zh_CN/LC_MESSAGES/barbican-log-warning.po | 46 +
barbican/locale/zh_CN/LC_MESSAGES/barbican.po | 1365 ++++++++++++++++
barbican/model/clean.py | 58 +-
.../alembic_migrations/container_init_ops.py | 2 +-
...f2e645cba_model_for_multiple_backend_support.py | 62 +
.../795737bb3c3_change_tenants_to_projects.py | 5 +-
.../versions/d2780d5aa510_change_url_length.py | 2 +-
barbican/model/migration/commands.py | 7 +-
barbican/model/models.py | 122 +-
barbican/model/repositories.py | 291 +++-
barbican/plugin/crypto/crypto.py | 15 +-
barbican/plugin/crypto/manager.py | 35 +-
barbican/plugin/crypto/p11_crypto.py | 129 +-
barbican/plugin/crypto/pkcs11.py | 79 +-
barbican/plugin/crypto/simple_crypto.py | 17 +-
barbican/plugin/dogtag.py | 16 +-
barbican/plugin/interface/certificate_manager.py | 24 +-
barbican/plugin/interface/secret_store.py | 81 +-
barbican/plugin/kmip_secret_store.py | 95 +-
barbican/plugin/resources.py | 17 +-
barbican/plugin/snakeoil_ca.py | 34 +-
barbican/plugin/store_crypto.py | 11 +-
barbican/plugin/util/multiple_backends.py | 294 ++++
barbican/plugin/util/translations.py | 18 +-
barbican/queue/__init__.py | 12 +-
barbican/queue/client.py | 8 +-
barbican/queue/keystone_listener.py | 9 +-
barbican/queue/retry_scheduler.py | 4 +-
barbican/tasks/certificate_resources.py | 5 +-
barbican/tasks/keystone_consumer.py | 6 +-
barbican/tasks/resources.py | 26 +-
.../repositories/test_repositores_secret_stores.py | 426 +++++
.../repositories/test_repositories_secrets.py | 134 +-
.../plugin/interface/test_certificate_manager.py | 2 +-
bin/demo_requests.py | 4 +-
bin/keystone_data.sh | 239 ++-
devstack/lib/barbican | 92 +-
devstack/plugin.sh | 12 +
devstack/settings | 4 +
etc/barbican/barbican-api-paste.ini | 19 +-
etc/barbican/barbican-functional.conf | 13 +
etc/barbican/barbican.conf | 29 +-
etc/barbican/policy.json | 22 +-
.../api/v1/behaviors/container_behaviors.py | 23 +-
.../api/v1/behaviors/secret_behaviors.py | 20 +-
.../api/v1/behaviors/secretstores_behaviors.py | 101 ++
.../api/v1/functional/test_acls_rbac.py | 12 +-
.../api/v1/functional/test_certificate_orders.py | 3 +
.../api/v1/functional/test_consumers.py | 1 +
.../api/v1/functional/test_containers.py | 59 +-
.../api/v1/functional/test_containers_rbac.py | 7 +-
.../api/v1/functional/test_secrets_rbac.py | 7 +-
.../api/v1/functional/test_secretstores.py | 213 +++
install-guide/source/barbican-backend.rst | 174 +++
install-guide/source/common_configure.rst | 92 ++
install-guide/source/common_prerequisites.rst | 87 ++
install-guide/source/conf.py | 302 ++++
install-guide/source/get_started.rst | 10 +
install-guide/source/index.rst | 18 +
install-guide/source/install-obs.rst | 34 +
install-guide/source/install-rdo.rst | 62 +
install-guide/source/install-ubuntu.rst | 31 +
install-guide/source/install.rst | 25 +
install-guide/source/next-steps.rst | 10 +
install-guide/source/verify.rst | 73 +
.../notes/multiple-backends-75f5b85c63b930b7.yaml | 17 +
releasenotes/source/index.rst | 3 +-
.../locale/zh_CN/LC_MESSAGES/releasenotes.po | 133 ++
releasenotes/source/mitaka.rst | 6 +
requirements.txt | 25 +-
setup.cfg | 3 +-
test-requirements.txt | 21 +-
tox.ini | 47 +-
188 files changed, 9950 insertions(+), 3197 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index 81e59fb..d35188b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,2 +4,2 @@
-alembic>=0.8.0 # MIT
-Babel>=1.3 # BSD
+alembic>=0.8.4 # MIT
+Babel>=2.3.4 # BSD
@@ -7 +7 @@ cffi # MIT
-cryptography>=1.0 # BSD/Apache-2.0
+cryptography!=1.3.0,>=1.0 # BSD/Apache-2.0
@@ -10,3 +10,2 @@ jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
-oslo.concurrency>=3.5.0 # Apache-2.0
-oslo.config>=3.7.0 # Apache-2.0
-oslo.context>=0.2.0 # Apache-2.0
+oslo.config>=3.14.0 # Apache-2.0
+oslo.context>=2.9.0 # Apache-2.0
@@ -14 +13 @@ oslo.i18n>=2.1.0 # Apache-2.0
-oslo.messaging>=4.0.0 # Apache-2.0
+oslo.messaging>=5.2.0 # Apache-2.0
@@ -17 +16 @@ oslo.log>=1.14.0 # Apache-2.0
-oslo.policy>=0.5.0 # Apache-2.0
+oslo.policy>=1.9.0 # Apache-2.0
@@ -19,2 +18,2 @@ oslo.serialization>=1.10.0 # Apache-2.0
-oslo.service>=1.0.0 # Apache-2.0
-oslo.utils>=3.5.0 # Apache-2.0
+oslo.service>=1.10.0 # Apache-2.0
+oslo.utils>=3.16.0 # Apache-2.0
@@ -24 +23 @@ pbr>=1.6 # Apache-2.0
-pecan>=1.0.0 # BSD
+pecan!=1.0.2,!=1.0.3,!=1.0.4,>=1.0.0 # BSD
@@ -29 +28 @@ ldap3>=0.9.8.2 # LGPLv3
-keystonemiddleware!=4.1.0,>=4.0.0 # Apache-2.0
+keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0 # Apache-2.0
@@ -32 +31 @@ SQLAlchemy<1.1.0,>=1.0.10 # MIT
-stevedore>=1.5.0 # Apache-2.0
+stevedore>=1.16.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index 4270b94..960782d 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -6 +6 @@ hacking<0.11,>=0.10.0
-mock>=1.2 # BSD
+mock>=2.0 # BSD
@@ -8 +8 @@ oslotest>=1.10.0 # Apache-2.0
-pykmip>=0.4.0 # Apache 2.0 License
+pykmip>=0.5.0 # Apache 2.0 License
@@ -11,4 +11,5 @@ testtools>=1.4.0 # MIT
-fixtures>=1.3.1 # Apache-2.0/BSD
-requests!=2.9.0,>=2.8.1 # Apache-2.0
-python-keystoneclient!=1.8.0,!=2.1.0,>=1.6.0 # Apache-2.0
-tempest-lib>=0.14.0 # Apache-2.0
+fixtures>=3.0.0 # Apache-2.0/BSD
+requests>=2.10.0 # Apache-2.0
+WebTest>=2.0 # MIT
+python-keystoneclient!=2.1.0,>=2.0.0 # Apache-2.0
+tempest>=12.1.0 # Apache-2.0
@@ -18 +19 @@ python-subunit>=0.0.18 # Apache-2.0/BSD
-bandit>=0.17.3 # Apache-2.0
+bandit>=1.1.0 # Apache-2.0
@@ -21 +22 @@ bandit>=0.17.3 # Apache-2.0
-sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 # BSD
+sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
@@ -23,2 +24,2 @@ oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
-reno>=0.1.1 # Apache2
-openstackdocstheme>=1.0.3 # Apache-2.0
+reno>=1.8.0 # Apache2
+openstackdocstheme>=1.5.0 # Apache-2.0
More information about the OpenStack-announce
mailing list