barbican 12.0.0 (wallaby)

14 Apr 2021

We are stoked to announce the release of:

barbican 12.0.0: OpenStack Secure Key Management

This release is part of the wallaby release series.

The source is available from:

    https://opendev.org/openstack/barbican

Download the package from:

    https://tarballs.openstack.org/barbican/

Please report issues through:

    https://bugs.launchpad.net/barbican/+bugs

For more details, please see below.

Changes in barbican 11.0.0..12.0.0
----------------------------------

c8d3c580 Fix RBAC and ACL access for managing secret containers
ed8de959 Fix transport key policies
b211dec0 Add ACL default to allow project read
9c31e868 Update TOX_CONSTRAINTS_FILE for stable/wallaby
0e11b9c4 Update .gitreview for stable/wallaby
0d98c189 Fix RBAC for transportkeys resource
a0bc52c8 Implement secure RBAC for quota API
060ca2ee Implement secure RBAC for secretstore API
f2456aa2 Optimize conditional statements
3be848d0 Implement secure RBAC for ACLs API
9a16e911 Implement secure RBAC for transport key API
f02d81be Implement secure RBAC for secretmeta API
265908ec Implement secure RBAC for orders API
e2c8e537 Implement secure RBAC for consumers API
0faf2246 Implement secure RBAC for containers API
eade0cfc Implement secure RBAC for secrets API
1ca03610 Allow multiple token labels for PKCS#11 driver
fa7722bf Fix PKCS#11 reinitialization after failure
b5b350b4 Use system locks in pkcs11 library
d6c01bba [goal] Deprecate the JSON formatted policy file
089f748a Switch to collections.abc.MutableMapping
80c2a960 Imported Translations from Zanata
a1a21a7a Imported Translations from Zanata
7562dda2 [doc] Fix hmac/mkek generation commands
cb64ae82 remove unicode from code
0fcfe426 Imported Translations from Zanata
d9ec7dd6 Update doc8 version
75b19cad Update requirements for secure RBAC work
5734539d Imported Translations from Zanata
960c5ef5 [doc] Adjust documentation for Thales Luna
90cae5ae Imported Translations from Zanata
dbda8ecb Fix hacking min version to 3.0.1
66603447 Use barbican.conf in barbican-manage
c6d50003 Imported Translations from Zanata
69459a0e Use serial number or label for PKCS#11 tokens
e3bb9572 Python 3.9: use base64.{decode,encode}bytes
85b52526 corrects typo in cp command
9dbeefb5 Update hacking for Python3
49de1a9d Bump py37 to py38 in tox.ini
4d017c4c [doc] Add documentation for Vault plugin
a3acde74 Delete deprecated url of readme.rst ask.openstack.org is read-only and cannot raise a new question
b0ec7edf Fix admin can not delete other user's secrets
6be43dff Imported Translations from Zanata
f0bb09da Remove six.add_metaclass
0e041689 Add Python3 wallaby unit tests
30b07c2a Update master for stable/victoria
3fc072d9 Add a /healthcheck URL


Diffstat (except docs and test files)
-------------------------------------

.gitreview                                         |   1 +
.zuul.yaml                                         |   2 +-
README.rst                                         |   3 -
api-guide/source/conf.py                           |   1 -
barbican/api/controllers/__init__.py               |  22 ++-
barbican/api/controllers/containers.py             |   6 +
barbican/api/controllers/secrets.py                |   6 +
barbican/cmd/barbican_manage.py                    | 198 ++++++++++++---------
barbican/cmd/keystone_listener.py                  |   1 +
barbican/cmd/pkcs11_kek_rewrap.py                  |   1 +
barbican/cmd/pkcs11_migrate_kek_signatures.py      |   1 +
barbican/cmd/status.py                             |  10 +-
barbican/cmd/worker.py                             |   1 +
barbican/common/config.py                          |  20 +++
barbican/common/policies/acls.py                   |  47 +++--
barbican/common/policies/consumers.py              |  38 +++-
barbican/common/policies/containers.py             |  40 +++--
barbican/common/policies/orders.py                 |  21 +--
barbican/common/policies/quotas.py                 |  20 ++-
barbican/common/policies/secretmeta.py             |  17 +-
barbican/common/policies/secrets.py                |  40 +++--
barbican/common/policies/secretstores.py           |  22 +--
barbican/common/policies/transportkeys.py          |  18 +-
barbican/common/policy.py                          |   8 +
barbican/common/utils.py                           |   4 +-
barbican/common/validators.py                      |   3 +-
barbican/hacking/checks.py                         |  80 ++-------
barbican/locale/en_GB/LC_MESSAGES/barbican.po      |  24 ++-
barbican/locale/zh_CN/LC_MESSAGES/barbican.po      |   5 +-
barbican/model/clean.py                            |   4 +-
barbican/model/repositories.py                     |  26 +--
barbican/plugin/castellan_secret_store.py          |   3 +-
barbican/plugin/crypto/base.py                     |   5 +-
barbican/plugin/crypto/p11_crypto.py               |  85 +++++++--
barbican/plugin/crypto/pkcs11.py                   | 150 +++++++++++++++-
barbican/plugin/crypto/simple_crypto.py            |   3 +-
barbican/plugin/dogtag.py                          |   1 +
barbican/plugin/interface/certificate_manager.py   |   7 +-
barbican/plugin/interface/secret_store.py          |   4 +-
barbican/plugin/snakeoil_ca.py                     |   2 +-
barbican/tasks/resources.py                        |   5 +-
etc/barbican/barbican-api-paste.ini                |   6 +
.../api/v1/functional/test_containers.py           |   1 +
.../api/v1/functional/test_secretstores.py         |  15 +-
.../add-new-pkcs11-options-fc7bb625998e91fc.yaml   |  14 ++
.../add-os-locking-ok-option-d0cfc5883355632a.yaml |   6 +
...tiple-pkcs11-token-labels-61b63e34b7c8cc1a.yaml |  14 ++
...son-formatted-policy-file-b135aa7551e81066.yaml |  20 +++
.../notes/fix-story-2006978-aa5f2r9cqpfa0tm8.yaml  |   6 +
...einitialize-pkcs11-object-4c0dc51c83288c21.yaml |   5 +
.../secure-rbac-acl-policy-b534614ee7190108.yaml   |  15 ++
...cure-rbac-consumer-policy-5ff67280dc2a2c09.yaml |   9 +
...ure-rbac-container-policy-f7814e65dc2ab130.yaml |  13 ++
.../secure-rbac-order-policy-2068c64cb6830c6c.yaml |  15 ++
...secure-rbac-quotas-policy-f725a2752d1ba3f4.yaml |  11 ++
...re-rbac-secretmeta-policy-587cdad4e2ecee3a.yaml |  17 ++
...ecure-rbac-secrets-policy-61d49439a043f865.yaml |  13 ++
...e-rbac-secretstore-policy-ffa782850082add8.yaml |   9 +
...-rbac-transportkey-policy-3e904787694f8471.yaml |  10 ++
...n-conf-in-barbican-manage-52035c1cdbfc5a26.yaml |  10 ++
releasenotes/source/conf.py                        |  14 +-
releasenotes/source/index.rst                      |   1 +
.../locale/en_GB/LC_MESSAGES/releasenotes.po       |  84 ++++++++-
releasenotes/source/victoria.rst                   |   6 +
requirements.txt                                   |  10 +-
setup.cfg                                          |   2 +-
test-requirements.txt                              |   5 +-
tox.ini                                            |  29 ++-
80 files changed, 1306 insertions(+), 506 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index 031dbcc7..61a1ed72 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10 +10 @@ oslo.config>=6.4.0 # Apache-2.0
-oslo.context>=2.19.2 # Apache-2.0
+oslo.context>=2.22.0 # Apache-2.0
@@ -15,2 +15,2 @@ oslo.middleware>=3.31.0 # Apache-2.0
-oslo.log>=3.36.0 # Apache-2.0
-oslo.policy>=1.33.0 # Apache-2.0
+oslo.log>=4.3.0 # Apache-2.0
+oslo.policy>=3.6.0 # Apache-2.0
@@ -19 +19 @@ oslo.service!=1.28.1,>=1.24.0 # Apache-2.0
-oslo.upgradecheck>=0.1.1 # Apache-2.0
+oslo.upgradecheck>=1.3.0 # Apache-2.0
@@ -28 +28 @@ ldap3>=1.0.2 # LGPLv3
-keystonemiddleware>=4.17.0 # Apache-2.0
+keystonemiddleware>=5.1.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index 4a70342e..1a40c4f8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -6 +6 @@
-hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
+hacking>=3.0.1,<3.1.0 # Apache-2.0
@@ -10 +9,0 @@ coverage!=4.4,>=4.0 # Apache-2.0
-ddt>=1.0.1 # MIT
@@ -24 +23 @@ bandit!=1.6.0,>=1.1.0 # Apache-2.0
-doc8>=0.6.0 # Apache-2.0
+doc8>=0.8.1 # Apache-2.0

    

no-reply＠openstack.org

tags

participants (1)