We are pleased to announce the release of: ironic-inspector 10.6.0: Hardware introspection for OpenStack Bare Metal This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/ironic-inspector Download the package from: https://tarballs.openstack.org/ironic-inspector/ Please report issues through: https://storyboard.openstack.org/#!/project/944 For more details, please see below. 10.6.0 ^^^^^^ New Features ************ * The default policy will been replaced with one which aligns with the Secure-RBAC scopes and roles. Since ironic-inspector is a tool used only by system-level admins, only the "system" scope is supported, and the only roles in the policy rules are "admin" and "reader". Upgrade Notes ************* * "[DEFAULT]/ipmi_address_fields" now has "ibmc_address" in the default configuration, allowing introspection to try and match the BMC address if no ports are defined when using the *ibmc* driver. * The default value of "[oslo_policy] policy_file" config option has been changed from "policy.json" to "policy.yaml". Operators who are utilizing customized policy files or previously generated static policy files (which are not needed by default), should generate new policy files and modify them to meet their needs in the event of any new policies or rules have been added. Please consult the oslopolicy-convert-json-to-yaml (https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy- convert-json-to-yaml.html) tool to convert a JSON to YAML formatted policy file in backward compatible way. * The new policy is only enforced when "[oslo_policy]" config is changed to "enforce_new_defaults=True" and "enforce_scope=True", otherwise the existing deprecated policy is used. User accounts which rely on having the "baremetal_admin" or "baremetal_observer" roles will need to have system-scoped "admin" or "reader" roles to use the API when the new policy is enforced. Deprecation Notes ***************** * Use of legacy policy files was deprecated by the "oslo.policy" library during the Victoria development cycle. As a result, this deprecation is being noted in the Wallaby with an anticipated future removal of support by "oslo.policy". As such operators will need to convert to YAML policy files. Please see the upgrade notes for details on migration of any custom policy files. * The previous policy is still enforced by default, but is now deprecated and will be removed in a future release. Changes in ironic-inspector 10.5.0..10.6.0 ------------------------------------------ f5e3a66 Use port.id instead of port.uuid 565c82b Increase memory of ironic vm in grenade 9609614 Add ibmc_address to ipmi_address_fields 22853a7 Fix port id vs uuid in ValidateInterfacesHook 223cfbd Enable tempurls for Swift in grenade c9e312f Implement secure RBAC 5c79d75 Fix node id vs uuid in processing_logger_prefix f47fbd6 Add release version to release notes 86b974b Fix memcached host address. e670c24 Update minversion of tox fb5955b Update version of doc8 901c816 Add upgrade check, and json2yaml policy handling 379b892 Imported Translations from Zanata c6fdf25 Remove lower-constraints job 8d52a77 Avoid a full install in tox environments that do not need it 8b8266b Imported Translations from Zanata Diffstat (except docs and test files) ------------------------------------- devstack/plugin.sh | 5 +- ironic_inspector/cmd/status.py | 58 +++ ironic_inspector/conf/default.py | 2 +- ironic_inspector/plugins/base_physnet.py | 2 +- ironic_inspector/plugins/local_link_connection.py | 2 +- ironic_inspector/plugins/standard.py | 2 +- ironic_inspector/policy.py | 191 ++++++--- ironic_inspector/test/unit/policy_fixture.py | 6 +- ironic_inspector/test/unit/test_acl.py | 438 +++++++++++++++++++++ .../unit/test_plugins_local_link_connection.py | 2 +- .../test/unit/test_plugins_physnet_cidr_map.py | 4 +- .../test/unit/test_plugins_standard.py | 2 +- ironic_inspector/test/unit/test_utils.py | 8 +- ironic_inspector/utils.py | 2 +- lower-constraints.txt | 143 ------- releasenotes/notes/add-ibmc-43de3a7af7b5b18d.yaml | 6 + ...efault-policy-file-change-a1d0a4aa19dcb37d.yaml | 20 + .../notes/secure-rbac-0d4fcbc865d45858.yaml | 19 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 16 +- releasenotes/source/victoria.rst | 6 +- requirements.txt | 9 +- setup.cfg | 1 + test-requirements.txt | 10 - tox.ini | 23 +- zuul.d/ironic-inspector-jobs.yaml | 5 +- zuul.d/project.yaml | 1 - 31 files changed, 854 insertions(+), 238 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index bbf3a80..47989fd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7 +7 @@ construct>=2.9.39 # MIT -eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT +eventlet>=0.26.0 # MIT @@ -21 +21 @@ oslo.concurrency>=3.26.0 # Apache-2.0 -oslo.config>=5.2.0 # Apache-2.0 +oslo.config>=6.8.0 # Apache-2.0 @@ -28 +28 @@ oslo.middleware>=3.31.0 # Apache-2.0 -oslo.policy>=1.30.0 # Apache-2.0 +oslo.policy>=3.6.0 # Apache-2.0 @@ -32 +32,2 @@ oslo.service!=1.28.1,>=1.24.0 # Apache-2.0 -oslo.utils>=3.33.0 # Apache-2.0 +oslo.upgradecheck>=1.2.0 # Apache-2.0 +oslo.utils>=4.5.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index 8022307..99c5fd3 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7 +6,0 @@ coverage!=4.4,>=4.0 # Apache-2.0 -os-api-ref>=1.4.0 # Apache-2.0 @@ -12,9 +10,0 @@ oslotest>=3.2.0 # Apache-2.0 - -# DOC test requirements -doc8>=0.6.0 # Apache-2.0 -reno>=3.1.0 # Apache-2.0 -sphinx>=2.0.0,!=2.1.0 # BSD -sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD -sphinxcontrib-apidoc>=0.2.0 # BSD -openstackdocstheme>=2.2.0 # Apache-2.0 -