We eagerly announce the release of: barbican 6.0.0: OpenStack Secure Key Management This release is part of the queens release series. Download the package from: https://tarballs.openstack.org/barbican/ For more details, please see below. Changes in barbican 5.0.0..6.0.0 -------------------------------- bb9da32 Imported Translations from Zanata 7342013 Use default policy in code 3d86d32 Update doc to match our in-repo configuration file ed0bb3f Add sample config and policy to documentation 198a08d Correct link address in doc c93fc17 Fix coverage job 70b6269 [DOC] Install client package before verification 48f50a0 Make grenade-devstack-barbican job nonvoting 09caab6 Adding #nosec for pycrypto use 1a312ba Modify simple_crypto init message b4c06c9 Remove Simple Crypto plugin production warning 33283a9 Add secret store sync functionality to barbican-manage d6b25ae Update virtual_environment for genconfig and genpolicy ab90a1e Updated from global requirements d594751 Authorites spelling error 2630503 Update link address 10ef7ad Updated from global requirements 0539a28 Ensure only api app initializes secret store 8561bc3 Remove Certificate Orders and CAs from API 6647eb9 Updated from global requirements 21deca8 Remove redundancy code 0861657 Fix Dogtag mode on key generation 93141ca Add defaults for Dogtag backend plugin 5617d60 zuul: run tripleo-scenario002 job 6011b8c Remove setting of version/release from releasenotes f00254c Updated from global requirements c45ca6d Imported Translations from Zanata 3538f51 Updated from global requirements 66ed951 Use assertRegex instead of assertRegexpMatches cabf864 Zuul: add file extension to playbook path a61105b Migrate to Zuul v3 f060da5 writing convention: do not use “-y” for package install 35e5043 Imported Translations from Zanata 3bea711 Database session need to rollback after duplication 94693c7 Updated from global requirements 13d1c13 Imported Translations from Zanata 7182966 Fix Race Condition in get_or_create_project() 4ae0e4c Imported Translations from Zanata 2a58454 Update the documentation link for doc migration 11391d4 Cleanup test-requirements 80f17e8 Updated from global requirements b8d2ee3 Dynamically determine SSL version in unit tests 622df49 Delete python bytecode including pyo cc5858c Use Castellan's backend option instead of api_class 4b3f665 Updated from global requirements 73dc46c Updated from global requirements 4ad06c1 Add flag to allow devstack to run on f26 in gate f3bec31 Updated from global requirements 5745f4a Use PortOpt for KMIP port 4211114 Add extra time in functional test that fails intermittently 2a4732a Updated from global requirements de7478d Use PortOpt for port options a84670b Pick up general URI when constructing barbican endpoint e86d57a Put base policy rules at first bc9581c Fix some reST field lists in docstrings bed85c6 Revert "Revert "Use devstack functions for deploying barbican-svc"" 9eb9c80 [TrivialFix] Change container_id to right value. 6c422cd Remove unused policy check acec046 Fix to use "." to source script files b833108 Replace http with https for doc links fcab230 [Trivialfix]Fix typos 43d3899 writing convention: do not use “-y” for package install 5c615d1 Updated from global requirements f4be17d Ensure module is initialized before being used 94bf667 Put "rm" command to whitelist_externals to avoid warning d14cf4b Imported Translations from Zanata 912a6b5 Update reno for stable/pike 0eb5f38 allow redirects in .htaccess files on the static web servers 657d47b Removed unnecessary setUp() calls in tests 854087d Stop using deprecated 'message' attribute in Exception Diffstat (except docs and test files) ------------------------------------- .gitignore | 3 + .zuul.yaml | 192 +++ HACKING.rst | 2 +- README.md | 4 +- api-guide/source/acls.rst | 24 +- api-guide/source/consumers.rst | 2 +- api-guide/source/containers.rst | 2 +- api-guide/source/dogtag_setup.rst | 2 +- api-guide/source/orders.rst | 10 +- api-guide/source/quotas.rst | 12 +- api-guide/source/secret_metadata.rst | 2 +- api-guide/source/secrets.rst | 16 +- barbican/api/__init__.py | 3 +- barbican/api/app.py | 4 +- barbican/api/controllers/cas.py | 499 ------- barbican/api/controllers/orders.py | 52 - barbican/api/controllers/versions.py | 4 +- barbican/cmd/barbican_manage.py | 23 + barbican/cmd/pkcs11_migrate_kek_signatures.py | 5 +- barbican/common/policies/__init__.py | 4 +- barbican/common/policies/versions.py | 23 - barbican/common/policy.py | 71 + barbican/common/resources.py | 10 +- barbican/common/utils.py | 12 +- barbican/context.py | 11 +- .../locale/de/LC_MESSAGES/barbican-log-warning.po | 37 - barbican/locale/en_GB/LC_MESSAGES/barbican.po | 1455 ++++++++++++++++++++ .../locale/zh_CN/LC_MESSAGES/barbican-log-error.po | 125 -- .../locale/zh_CN/LC_MESSAGES/barbican-log-info.po | 231 ---- .../zh_CN/LC_MESSAGES/barbican-log-warning.po | 46 - barbican/locale/zh_CN/LC_MESSAGES/barbican.po | 295 +--- barbican/model/repositories.py | 7 +- barbican/model/sync.py | 65 + barbican/plugin/crypto/simple_crypto.py | 5 +- barbican/plugin/dogtag.py | 8 +- barbican/plugin/dogtag_config_opts.py | 10 +- barbican/plugin/kmip_secret_store.py | 8 +- barbican/plugin/store_crypto.py | 1 - barbican/queue/client.py | 9 - barbican/queue/server.py | 13 - .../repositories/test_repositories_consumers.py | 3 +- .../test_repositories_secret_stores.py | 5 +- devstack/README.md | 2 +- devstack/gate_hook.sh | 2 +- devstack/lib/barbican | 12 +- devstack/plugin.sh | 6 +- devstack/settings | 6 +- etc/barbican/policy.json | 90 -- .../api/v1/behaviors/secret_behaviors.py | 2 +- .../api/v1/functional/test_certificate_orders.py | 767 ----------- .../api/v1/functional/test_containers.py | 8 +- .../api/v1/functional/test_quotas_enforce.py | 73 - .../api/v1/functional/test_secretmeta.py | 4 +- playbooks/legacy/barbican-devstack-base/post.yaml | 15 + playbooks/legacy/barbican-devstack-base/run.yaml | 65 + .../barbican-devstack-functional-base/post.yaml | 15 + .../barbican-devstack-functional-base/run.yaml | 74 + .../barbican-devstack-tempest-base/post.yaml | 15 + .../legacy/barbican-devstack-tempest-base/run.yaml | 72 + .../legacy/grenade-devstack-barbican/post.yaml | 15 + .../legacy/grenade-devstack-barbican/run.yaml | 60 + .../notes/multiple-backends-75f5b85c63b930b7.yaml | 4 +- ...ng-cas-certificate-orders-96fc47a7acaea273.yaml | 38 + releasenotes/source/conf.py | 10 +- releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 316 +++++ .../locale/zh_CN/LC_MESSAGES/releasenotes.po | 13 +- releasenotes/source/pike.rst | 6 + requirements.txt | 36 +- setup.cfg | 5 +- test-requirements.txt | 21 +- tox.ini | 7 +- 125 files changed, 2964 insertions(+), 4532 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 9bcfec8..d34665d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,2 +6,2 @@ Babel!=2.4.0,>=2.3.4 # BSD -cffi # MIT -cryptography!=2.0,>=1.6 # BSD/Apache-2.0 +cffi>=1.7.0 # MIT +cryptography!=2.0,>=1.9 # BSD/Apache-2.0 @@ -9,13 +9,13 @@ eventlet!=0.18.3,!=0.20.1,<0.21.0,>=0.18.2 # MIT -jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT -oslo.config!=4.3.0,!=4.4.0,>=4.0.0 # Apache-2.0 -oslo.context>=2.14.0 # Apache-2.0 -oslo.db>=4.24.0 # Apache-2.0 -oslo.i18n!=3.15.2,>=2.1.0 # Apache-2.0 -oslo.messaging!=5.25.0,>=5.24.2 # Apache-2.0 -oslo.middleware>=3.27.0 # Apache-2.0 -oslo.log>=3.22.0 # Apache-2.0 -oslo.policy>=1.23.0 # Apache-2.0 -oslo.serialization!=2.19.1,>=1.10.0 # Apache-2.0 -oslo.service>=1.10.0 # Apache-2.0 -oslo.utils>=3.20.0 # Apache-2.0 -Paste # MIT +jsonschema<3.0.0,>=2.6.0 # MIT +oslo.config>=5.1.0 # Apache-2.0 +oslo.context>=2.19.2 # Apache-2.0 +oslo.db>=4.27.0 # Apache-2.0 +oslo.i18n>=3.15.3 # Apache-2.0 +oslo.messaging>=5.29.0 # Apache-2.0 +oslo.middleware>=3.31.0 # Apache-2.0 +oslo.log>=3.36.0 # Apache-2.0 +oslo.policy>=1.30.0 # Apache-2.0 +oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 +oslo.service!=1.28.1,>=1.24.0 # Apache-2.0 +oslo.utils>=3.33.0 # Apache-2.0 +Paste>=2.0.2 # MIT @@ -26 +26 @@ pycrypto>=2.6 # Public Domain -pyOpenSSL>=0.14 # Apache-2.0 +pyOpenSSL>=16.2.0 # Apache-2.0 @@ -28,2 +28,2 @@ ldap3>=1.0.2 # LGPLv3 -keystonemiddleware>=4.12.0 # Apache-2.0 -six>=1.9.0 # MIT +keystonemiddleware>=4.17.0 # Apache-2.0 +six>=1.10.0 # MIT diff --git a/test-requirements.txt b/test-requirements.txt index fab8066..389550e 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -10,3 +10,3 @@ ddt>=1.0.1 # MIT -mock>=2.0 # BSD -oslotest>=1.10.0 # Apache-2.0 -pykmip>=0.5.0 # Apache 2.0 License +mock>=2.0.0 # BSD +oslotest>=3.2.0 # Apache-2.0 +pykmip>=0.7.0 # Apache 2.0 License @@ -14 +14 @@ testrepository>=0.0.18 # Apache-2.0/BSD -testtools>=1.4.0 # MIT +testtools>=2.2.0 # MIT @@ -17 +17 @@ requests>=2.14.2 # Apache-2.0 -WebTest>=2.0 # MIT +WebTest>=2.0.27 # MIT @@ -19,2 +19 @@ python-keystoneclient>=3.8.0 # Apache-2.0 -tempest>=16.1.0 # Apache-2.0 -python-subunit>=0.0.18 # Apache-2.0/BSD +tempest>=17.1.0 # Apache-2.0 @@ -26,4 +25,4 @@ bandit>=1.1.0 # Apache-2.0 -sphinx>=1.6.2 # BSD -os-api-ref>=1.0.0 # Apache-2.0 -reno!=2.3.1,>=1.8.0 # Apache-2.0 -openstackdocstheme>=1.16.0 # Apache-2.0 +sphinx!=1.6.6,>=1.6.2 # BSD +os-api-ref>=1.4.0 # Apache-2.0 +reno>=2.5.0 # Apache-2.0 +openstackdocstheme>=1.18.1 # Apache-2.0