[release-announce] [barbican] barbican 4.0.0 (ocata)
no-reply at openstack.org
no-reply at openstack.org
Wed Feb 22 13:43:31 UTC 2017
We are glad to announce the release of:
barbican 4.0.0: OpenStack Secure Key Management
This release is part of the ocata release series.
Download the package from:
https://tarballs.openstack.org/barbican/
For more details, please see below.
4.0.0
^^^^^
This release adds http_proxy_to_wsgi middleware to the pipeline.
New Features
************
* The 'http_proxy_to_wsgi' middleware can be used to help barbican
respond with the correct URL refs when it's put behind a TLS proxy
(such as HAProxy). This middleware is disabled by default, but can
be enabled via a configuration option in the oslo_middleware group.
Upgrade Notes
*************
* The barbican-api-paste.ini configuration file for the paste
pipeline was updated to add the http_proxy_to_wsgi middleware.
Changes in barbican 3.0.0..4.0.0
--------------------------------
c3c1d28 Add CryptoPluginUnsupportedOperation
7d1a8e4 Deprecate Dogtag subca tests
02506eb Fix error message formatting for Dogtag plugin exceptions
9efb9cf Update previous and next Consumer URLS in filtering
773feea Fix Consumer API Reference Docs
02a72f9 Move dogtag plugin dependencies to one yum call
bd90710 Add Dogtag plugin dependencies to bindep.txt
cca1a28 Split serial and parallel functional test runs
7c71e97 Make error message clear when no supported secret store found
9a934e5 Revert "Add ID property to all entities"
00ee202 Add Unit Tests for Consumers API Controller
a1ac176 Add .ropeproject to .gitignore
f06ba48 Add ID property to all entities
4ff005a Clean imports in code
8b93051 Updated from global requirements
a936b28 Fix typos
a99c8c6 using utcnow instead of now in barbican unit tests
3be5999 Fix error in api-guide
61aa385 Correct configuration of db connection
0c18936 Replace str(uuid.uuid4()) with utils.generate_uuid()
6c12b36 Remove pycadf useless requirement
17f60c0 Removes unnecessary utf-8 encoding
83a6128 DOC Remove a couple of repeated words
fc16d1f [devstack] enable logging to stderr
7448bd3 Updated from global requirements
918cd8c Configure authtoken middleware in barbican.conf
7e7a52d Add build dir to flake8 exclude list
9abd3d0 Correct the file path for deploying Barbican API under mod_wsgi
a27d201 Update the KMIPSecretStore tests to not test PyKMIP internals
52bb83e Updated from global requirements
25421dc Updated from global requirements
dea8754 Introduce hacking check to Barbican
8706feb Enable installation of barbican_tempest_plugin
ed25e3a Show team and repo badges on README
2dd4793 Make rabbitmq configuration much simpler
949c8b9 [Devstack] Fix devstack plugin compatibility
b483bba Add Apache 2.0 license header to the alembic_migrations/script.py.mako
fba4607 Pass secret_type to repository query
9ef8efb Fix hacking check error
b22acbf Files with no code must be left completely empty
ed124cb Fix crypto plugin documentation
f4f9b7f Using assertIsNotNone() instead of assertNotEqual(None)
314d788 Fix typo in file name
98602af Add bindep environment to tox
6d1fe84 Remove unused pylintrc
df178ab Updated from global requirements
65478e0 Updated from global requirements
140a818 Deprecate Cetificate Resources
d035e75 Remove translations for debug level log
d85be13 Updated from global requirements
392182c Fix some minor error
e4b743f Add "keystone_authtoken" section in barbican.conf
1878ccf Fix warning when running tox -e docs
8859ffb Fix bindep so that translated jobs work
63c5680 Updated from global requirements
06fc1cd Replaced assertion with more specific
690cc51 Enable translations
88ba85a Remove redundant 'the' in doc
d70c88e Updated from global requirements
70bf61c Fix incorrect endpoint in install-guide
a2f9d41 Enforce application/json content type on quota set
56a33b6 Imported Translations from Zanata
c7e824e Use http_proxy_to_wsgi middleware
1d7f758 Updated from global requirements
c7bf059 Fix coverage test failure
3b95ff8 Add dogtag-pki and python-nss as extra requirement
ab0e991 Update .coveragerc after the removal of respective directory
6cea690 Updated from global requirements
b8bbd32 Fix error in installation guide of Ubuntu.
282ad4b Rename crypto.py to base.py
7239625 Improve devstack configuration
3f92aa5 Don't include openstack/common in flake8 exclude list
08c3bf9 Fix postgres error during container list
8388a5c Add summary to metadata in setup.cfg file
f0de9fe Enable release notes translation
47ca6af Updated from global requirements
7ef9250 Updated from global requirements
403e440 Fix order of arguments in assertEqual
3410ac9 Fix typo
70d26ae Updated from global requirements
56fff40 Checking barbican resource id in URI is a valid uuid
39331ca Use Domains with Keystone v3 in functional tests
608bfd3 Fix routing for adding a secret to a container
66c88d0 Updated from global requirements
b99ae8e TrivialFix: Remove default=None when set value in Config
fc7c578 Fix typos in alembic.ini & kmip_secret_store.py
59d2f1a Fix some typos in simple_crypto.py
a661e14 Trivial fix in secretstore module
5d19048 Imported Translations from Zanata
f691572 Fixes error when deleting consumers
baf5edf Update reno for stable/newton
49cd835 delete python bytecode including pyo before every test run
a33fcd7 Active a unit test in comon/test_validators
6dc2e98 TrivialFix: Remove cfg import unused
eeb29c4 TrivialFix: Remove logging import unused
41e652e changed typo from similiar to similar
7972660 Adds true functional tests for db_manage script
4e4a263 modify the home-page info with the developer documentation
9ab6387 Remove white space between print and ()
497db2c Default to Keystone authentication
Diffstat (except docs and test files)
-------------------------------------
.coveragerc | 4 +-
.gitignore | 3 +
.testr.conf | 2 +-
HACKING.rst | 92 +++++
README.md | 7 +
api-guide/source/certificates.rst | 5 +
api-guide/source/conf.py | 2 -
api-guide/source/consumers.rst | 4 +-
api-guide/source/orders.rst | 5 +
api-guide/source/secrets.rst | 2 +-
barbican/__init__.py | 18 -
barbican/api/controllers/cas.py | 16 +-
barbican/api/controllers/consumers.py | 27 +-
barbican/api/controllers/containers.py | 11 +-
barbican/api/controllers/orders.py | 14 +-
barbican/api/controllers/quotas.py | 1 +
barbican/api/controllers/secretmeta.py | 18 +-
barbican/api/controllers/secrets.py | 16 +-
barbican/api/controllers/secretstores.py | 20 +-
barbican/api/controllers/transportkeys.py | 13 +-
barbican/api/controllers/versions.py | 4 -
barbican/api/middleware/context.py | 10 +-
barbican/api/middleware/simple.py | 5 +-
barbican/cmd/__init__.py | 18 -
barbican/cmd/db_manage.py | 2 +-
barbican/cmd/retry_scheduler.py | 3 +-
barbican/cmd/worker.py | 3 +-
barbican/common/__init__.py | 18 -
barbican/common/config.py | 20 +-
barbican/common/exception.py | 6 +-
barbican/common/hrefs.py | 2 +-
barbican/common/resources.py | 3 +-
barbican/common/utils.py | 16 +
barbican/hacking/__init__.py | 0
barbican/hacking/checks.py | 379 ++++++++++++++++++
.../locale/de/LC_MESSAGES/barbican-log-warning.po | 37 ++
barbican/locale/zh_CN/LC_MESSAGES/barbican.po | 50 ++-
barbican/model/__init__.py | 18 -
barbican/model/clean.py | 18 +-
barbican/model/migration/alembic.ini | 2 +-
.../migration/alembic_migrations/script.py.mako | 15 +
...20ccbe7fa_remove_transport_keys_column_from_.py | 14 +-
...9933643_add_project_column_to_consumer_table.py | 17 +-
...687_fill_project_id_to_secrets_where_missing.py | 17 +-
.../versions/1a0c2cdafb38_initial_version.py | 13 +
...f79559e3_new_secret_and_container_acl_tables.py | 13 +
.../1bc885808c76_add_project_id_to_secrets.py | 13 +
.../1bece815014f_remove_projectsecret_table.py | 15 +-
...f328bfce0_fixing_composite_primary_keys_and_.py | 93 +++--
...8af2dd_add_new_columns_type_meta_containerid.py | 23 +-
...5565185_removing_redundant_fields_from_order.py | 14 +-
...e0c5f_change_keystone_id_for_external_id_in_.py | 13 +
.../2843d6469f25_add_sub_status_info_for_orders.py | 21 +-
...3f5371bde_dsa_in_container_type_modelbase_to.py | 31 +-
.../2d21598e7e70_added_ca_related_tables.py | 22 +-
...95d7_remove_size_limits_on_meta_table_values.py | 13 +
.../30dba269cc64_update_order_retry_tasks_table.py | 13 +
.../39a96e67e990_add_missing_constraints.py | 17 +-
...f2e645cba_model_for_multiple_backend_support.py | 13 +
...040bfe_add_owning_project_and_creator_to_cas.py | 19 +-
...36a26b88af_add_order_barbican_metadata_table.py | 13 +
...6f6972_add_orders_plugin_metadata_table_and_.py | 13 +
...f4a69ac_added_secret_type_column_to_secrets_.py | 13 +
.../46b98cde536_add_project_quotas_table.py | 13 +
...9e523451_made_plugin_names_in_kek_datum_non_.py | 13 +
...3a72a_add_cas_column_to_project_quotas_table.py | 13 +
...457517a3_rename_acl_creator_only_to_project_.py | 16 +-
.../795737bb3c3_change_tenants_to_projects.py | 14 +
.../versions/aa2cf96a1d5_add_orderretrytask.py | 13 +
.../cd4106a1a0_add_cert_to_container_type.py | 13 +
.../versions/d2780d5aa510_change_url_length.py | 13 +
barbican/model/models.py | 5 +-
barbican/model/repositories.py | 14 +-
barbican/plugin/crypto/base.py | 370 ++++++++++++++++++
barbican/plugin/crypto/crypto.py | 360 -----------------
barbican/plugin/crypto/manager.py | 20 +-
barbican/plugin/crypto/p11_crypto.py | 4 +-
barbican/plugin/crypto/simple_crypto.py | 6 +-
barbican/plugin/dogtag.py | 8 +-
barbican/plugin/interface/secret_store.py | 29 +-
barbican/plugin/kmip_secret_store.py | 52 +--
barbican/plugin/snakeoil_ca.py | 6 +-
barbican/plugin/store_crypto.py | 38 +-
barbican/plugin/util/multiple_backends.py | 2 -
barbican/queue/__init__.py | 3 -
barbican/queue/keystone_listener.py | 9 +-
barbican/queue/server.py | 3 -
barbican/tasks/__init__.py | 18 -
barbican/tasks/certificate_resources.py | 3 +-
barbican/tasks/keystone_consumer.py | 2 +-
barbican/tasks/resources.py | 18 +-
.../repositories/test_repositores_secret_stores.py | 426 ---------------------
.../test_repositories_secret_stores.py | 426 +++++++++++++++++++++
bindep.txt | 12 +
devstack/lib/barbican | 54 ++-
devstack/plugin.sh | 34 ++
devstack/settings | 4 +
etc/barbican/barbican-api-paste.ini | 15 +-
etc/barbican/barbican-functional.conf | 8 +-
etc/barbican/barbican.conf | 160 ++++++++
.../api/v1/behaviors/secret_behaviors.py | 25 +-
.../api/v1/functional/test_certificate_orders.py | 10 +-
.../api/v1/functional/test_consumers.py | 12 +-
.../api/v1/functional/test_containers.py | 40 +-
.../api/v1/functional/test_quotas_enforce.py | 2 +-
.../api/v1/functional/test_secretmeta.py | 44 +--
.../api/v1/functional/test_secretstores.py | 2 +-
install-guide/source/common_configure.rst | 18 +-
install-guide/source/common_prerequisites.rst | 6 +-
install-guide/source/install-rdo.rst | 13 +-
install-guide/source/install-ubuntu.rst | 2 +-
pylintrc | 27 --
..._proxy_to_wsgi-middleware-98dc4fe03eb362d3.yaml | 12 +
releasenotes/source/conf.py | 4 +-
releasenotes/source/index.rst | 1 +
releasenotes/source/newton.rst | 6 +
requirements.txt | 25 +-
setup.cfg | 5 +
test-requirements.txt | 18 +-
tox.ini | 34 +-
173 files changed, 4314 insertions(+), 2084 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index d35188b..4450073 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4 +4 @@
-alembic>=0.8.4 # MIT
+alembic>=0.8.10 # MIT
@@ -10 +10 @@ jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
-oslo.config>=3.14.0 # Apache-2.0
+oslo.config!=3.18.0,>=3.14.0 # Apache-2.0
@@ -13 +13 @@ oslo.i18n>=2.1.0 # Apache-2.0
-oslo.messaging>=5.2.0 # Apache-2.0
+oslo.messaging>=5.14.0 # Apache-2.0
@@ -15,2 +15,2 @@ oslo.middleware>=3.0.0 # Apache-2.0
-oslo.log>=1.14.0 # Apache-2.0
-oslo.policy>=1.9.0 # Apache-2.0
+oslo.log>=3.11.0 # Apache-2.0
+oslo.policy>=1.17.0 # Apache-2.0
@@ -19 +19 @@ oslo.service>=1.10.0 # Apache-2.0
-oslo.utils>=3.16.0 # Apache-2.0
+oslo.utils>=3.18.0 # Apache-2.0
@@ -22,3 +22,2 @@ PasteDeploy>=1.5.0 # MIT
-pbr>=1.6 # Apache-2.0
-pecan!=1.0.2,!=1.0.3,!=1.0.4,>=1.0.0 # BSD
-pycadf!=2.0.0,>=1.1.0 # Apache-2.0
+pbr>=1.8 # Apache-2.0
+pecan!=1.0.2,!=1.0.3,!=1.0.4,!=1.2,>=1.0.0 # BSD
@@ -27,2 +26,2 @@ pyOpenSSL>=0.14 # Apache-2.0
-ldap3>=0.9.8.2 # LGPLv3
-keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0 # Apache-2.0
+ldap3>=1.0.2 # LGPLv3
+keystonemiddleware>=4.12.0 # Apache-2.0
@@ -31,2 +30,2 @@ SQLAlchemy<1.1.0,>=1.0.10 # MIT
-stevedore>=1.16.0 # Apache-2.0
-WebOb>=1.2.3 # MIT
+stevedore>=1.17.1 # Apache-2.0
+WebOb>=1.6.0 # MIT
diff --git a/test-requirements.txt b/test-requirements.txt
index 960782d..da1a60d 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4,2 +4,6 @@
-coverage>=3.6 # Apache-2.0
-hacking<0.11,>=0.10.0
+
+# hacking should appear first in case something else depends on pep8
+hacking<0.13,>=0.12.0 # Apache-2.0
+
+coverage>=4.0 # Apache-2.0
+ddt>=1.0.1 # MIT
@@ -12 +16 @@ fixtures>=3.0.0 # Apache-2.0/BSD
-requests>=2.10.0 # Apache-2.0
+requests!=2.12.2,>=2.10.0 # Apache-2.0
@@ -14 +18 @@ WebTest>=2.0 # MIT
-python-keystoneclient!=2.1.0,>=2.0.0 # Apache-2.0
+python-keystoneclient>=3.8.0 # Apache-2.0
@@ -22,3 +26,3 @@ bandit>=1.1.0 # Apache-2.0
-sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
-oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
-reno>=1.8.0 # Apache2
+sphinx!=1.3b1,<1.4,>=1.2.1 # BSD
+oslosphinx>=4.7.0 # Apache-2.0
+reno>=1.8.0 # Apache-2.0
More information about the Release-announce
mailing list