We high-spiritedly announce the release of: barbican 18.0.0: OpenStack Secure Key Management This release is part of the caracal release series. The source is available from: https://opendev.org/openstack/barbican Download the package from: https://tarballs.openstack.org/barbican/ Please report issues through: https://bugs.launchpad.net/barbican/+bugs For more details, please see below. Changes in barbican 17.0.0..18.0.0 ---------------------------------- 8f92d6f5 Update devstack plugin for Secure RBAC 98337516 Drop all remaining logics for certificate resources 901cf2cc Prohibit certificate order resource 0dbc19b6 Fix releasenotes build of yoga moved to unmaintained d9b1b5ad Bump hacking ff2d1058 Simplify .coveragerc 897b88a1 Update python classifier in setup.cfg 73de2e8c Get rid of unused periodic_task 6acb4f8d Remove unused wsgi/ssl options from oslo.service 20b4b342 pkcs11: Remove deprecated token_label option 4fb8df1e Replace deprecated pyOpenSSL API 12aa8a93 Use consistent [database] options d3445bd6 Fix zuul config warning e385199f Add python 3.10 to setup.cfg metadata f1b68658 Deprecate Symantec certificate plugin ba70d144 Remove unnecessary comment lines from setup.cfg 2a7578fd Revert "Temporarily make sqlalchemy master job no-voting" 2e89feed Temporarily make sqlalchemy master job no-voting 90437d9a Fix python shebang 475e2370 Update master for stable/2023.2 cc14717f Fix expired links 6dcb00f8 Enable Secure RBAC by default 700571f7 Fix missing oslo.versionedobjects library option 2b95fbdd Enable SRBAC test 57d7ff37 Update secret:delete policy to allow admin to delete secret 100c8d07 Bump Hashicorp Vault version to 1.13.2 a54f18af Add tempest to devstack how-to c65e4288 Migrate back to Launchpad e7963e67 Logrotate all log files 1a6c038d Vault: enable RSA from ordered container functional test Diffstat (except docs and test files) ------------------------------------- .coveragerc | 9 +- .zuul.yaml | 15 +- README.rst | 4 +- api-guide/source/dogtag_setup.rst | 16 +- barbican/api/controllers/orders.py | 3 - barbican/cmd/barbican_manage.py | 14 +- barbican/cmd/db_manage.py | 5 +- barbican/cmd/keystone_listener.py | 2 +- barbican/cmd/pkcs11_kek_rewrap.py | 4 +- barbican/cmd/pkcs11_key_generation.py | 2 +- barbican/cmd/pkcs11_migrate_kek_signatures.py | 4 +- barbican/cmd/retry_scheduler.py | 2 +- barbican/cmd/worker.py | 2 +- barbican/common/config.py | 80 +- barbican/common/policies/secrets.py | 10 +- barbican/common/validators.py | 125 +-- barbican/hacking/checks.py | 9 +- barbican/model/clean.py | 4 +- barbican/model/migration/commands.py | 2 +- barbican/model/models.py | 1 - barbican/model/repositories.py | 21 +- barbican/model/sync.py | 4 +- barbican/plugin/crypto/p11_crypto.py | 13 +- barbican/plugin/crypto/simple_crypto.py | 2 +- barbican/plugin/dogtag.py | 744 ------------- barbican/plugin/dogtag_config_opts.py | 14 - barbican/plugin/interface/certificate_manager.py | 767 ------------- barbican/plugin/simple_certificate_manager.py | 160 --- barbican/plugin/snakeoil_ca.py | 479 --------- barbican/plugin/symantec.py | 292 ----- barbican/queue/client.py | 7 - barbican/queue/retry_scheduler.py | 10 +- barbican/queue/server.py | 18 +- barbican/tasks/certificate_resources.py | 594 ----------- barbican/tasks/common.py | 6 - barbican/tasks/resources.py | 112 -- .../plugin/interface/test_certificate_manager.py | 316 ------ .../plugin/test_simple_certificate_manager.py | 83 -- bin/barbican-api | 2 +- bin/demo_requests.py | 2 +- bin/versionbuild.py | 2 +- devstack/lib/barbican | 134 +-- devstack/lib/tempest | 16 + devstack/local.conf.example | 2 +- devstack/plugin.sh | 44 +- devstack/settings | 3 + etc/logrotate.d/barbican-api | 4 +- etc/oslo-config-generator/barbican.conf | 6 +- .../api/v1/functional/test_quotas_enforce.py | 7 - .../remove-certificate-order-df76100cfd1360ef.yaml | 5 + ...ove-certificate-resources-cdb4708332436144.yaml | 5 + ...remove-pkcs11-token-label-69d4368906b91b7e.yaml | 4 + .../notes/rename-db-opts-547a9114abde2e88.yaml | 15 + ...se-secure-rbac-by-default-bae44e5c36451928.yaml | 7 + releasenotes/source/2023.2.rst | 6 + releasenotes/source/index.rst | 1 + releasenotes/source/yoga.rst | 2 +- requirements.txt | 3 - setup.cfg | 27 +- test-requirements.txt | 7 +- 80 files changed, 356 insertions(+), 6979 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index fa6bced0..a4213186 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +0,0 @@ -# The order of packages is significant, because pip processes them in the order -# of appearance. Changing the order has an impact on the overall integration -# process, which may cause wedges in the gate later. diff --git a/test-requirements.txt b/test-requirements.txt index 1a40c4f8..4a33d712 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,6 +1 @@ -# The order of packages is significant, because pip processes them in the order -# of appearance. Changing the order has an impact on the overall integration -# process, which may cause wedges in the gate later. - -# hacking should appear first in case something else depends on pep8 -hacking>=3.0.1,<3.1.0 # Apache-2.0 +hacking>=6.1.0,<6.2.0 # Apache-2.0