We are tickled pink to announce the release of: barbican 8.0.0: OpenStack Secure Key Management This release is part of the stein release series. The source is available from: https://git.openstack.org/cgit/openstack/barbican Download the package from: https://tarballs.openstack.org/barbican/ Please report issues through: https://bugs.launchpad.net/barbican/+bugs For more details, please see below. Changes in barbican 7.0.0..8.0.0 -------------------------------- b7da1f77 Made HMAC Key Wrap mechanism configurable 1984fb41 Update json module to jsonutils 1aa573bc Remove unused code ec465b2e Fixes for rewrap b4fe4549 Set Tempest's service_availability setting for Barbican 31bc8d05 Add venv support to the devstack plugin 4e1d8ae5 Enable KV mountpoint configuration for Vault 77d94ff6 Enable AppRole authentication support for Vault fe2fbb5b Use the Octavia Barbican integration check gate 13b77e0f add python 3.7 unit test job 34faa765 Run functional tests serially f725e6d9 Fix multiple backend test 8eeff8d0 Fix secret-stores functional tests 6dc52590 Remove hardcoded 'localhost' references 5fb7bfec Documented ATOS and Thales config for PKCS#11 plugin 6061e88f Address race condition in KEKDatum 4d9c3125 Remove tripleo newton and ocata jobs 5a294dd9 functionaltests: Add response headers to logging info be4f35dc PY3: Ensure normalize_before_encryption encodes b64payload d3280f18 Add barbican-status upgrade check command framework fdfeb736 Fix Safenet HSM regression in PKCS#11 5ca3ca02 Workaround for failing gates 150f5601 Imported Translations from Zanata 3d9c092e Replace tripleo-scenario002-multinode with scenario002-standalone 9b27c024 Change openstack-dev to openstack-discuss fcd5f1f3 Update Octavia co-gate for python3 first 296ef6b8 Imported Translations from Zanata 62b91dcd Fix Chinese quotes fd4f81fb Remove unused validator related to CA IDs a63406d8 Clean up some config docs formatting ed3b233e Imported Translations from Zanata 1872ea54 Add 'barbican-manage hsm check_[mkek|hmac]. 647f214c Imported Translations from Zanata d8acdbaa Add python 3.6 unit test job 1aaf326e Use authorize instead of enforce for policy 31958905 Imported Translations from Zanata 0e54c008 Fix tox -e releasenotes ff55d170 Fix duplicate paths in secret hrefs daf8db11 Use context instead of manually setting the credentials for policy 4d58ac8d Port RuleDefaults to DocumentedRuleDefaults b8dc7004 tox: Stop building *all* docs in 'docs' 749003ff Increment versioning with pbr instruction 81a16b54 Imported Translations from Zanata 1a583ba2 Update .zuul.yaml: Make barbican-vault-devstack-functional voting 2543342a Don't quote {posargs} in tox.ini 31d8cd9b Imported Translations from Zanata 947aa6e1 Fix tempest_roles for devstack plugin fd1d2fc6 Imported Translations from Zanata bfa7db14 Imported Translations from Zanata 4b3da8c5 Fixed incorrect release note ee69a333 Import octavia-v2-dsvm-py35-scenario 121013be add python 3.6 unit test job de60bf94 switch documentation job to new PTI 8da06c74 import zuul job settings from project-config e4d09f58 Fix CKM_AES_GCM encryption c7693762 Remove non-voting job from gate queue dffba064 Imported Translations from Zanata 9298413a Revise diretory server install commands 530164a2 Add missing mechanism for GENERIC_SECRETS 371a9655 Remove -u root as mysql is executed with root user 960371a8 Use absolute path for vault root token file in devstack 1dc6a206 Update reno for stable/rocky Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 31 ++-- HACKING.rst | 4 +- barbican/api/controllers/__init__.py | 11 +- barbican/api/hooks.py | 4 +- barbican/cmd/barbican_manage.py | 80 ++++++++- barbican/cmd/pkcs11_kek_rewrap.py | 34 +++- barbican/cmd/pkcs11_migrate_kek_signatures.py | 3 +- barbican/cmd/status.py | 49 ++++++ barbican/common/policies/acls.py | 107 +++++++++-- barbican/common/policies/base.py | 127 ++++++++------ barbican/common/policies/consumers.py | 85 ++++++--- barbican/common/policies/containers.py | 92 ++++++++-- barbican/common/policies/orders.py | 70 ++++++-- barbican/common/policies/quotas.py | 62 ++++++- barbican/common/policies/secretmeta.py | 68 ++++++- barbican/common/policies/secrets.py | 97 +++++++--- barbican/common/policies/secretstores.py | 88 ++++++++-- barbican/common/policies/transportkeys.py | 57 +++++- barbican/common/utils.py | 9 +- barbican/common/validators.py | 30 ---- barbican/locale/en_GB/LC_MESSAGES/barbican.po | 31 ++-- barbican/locale/zh_CN/LC_MESSAGES/barbican.po | 11 +- barbican/model/repositories.py | 34 +++- barbican/objects/fields.py | 2 +- barbican/plugin/crypto/p11_crypto.py | 50 ++---- barbican/plugin/crypto/pkcs11.py | 28 ++- barbican/plugin/util/translations.py | 5 +- barbican/plugin/vault_secret_store.py | 12 ++ bin/demo_requests.py | 3 +- devstack/lib/barbican | 35 ++-- devstack/plugin.sh | 11 +- devstack/settings | 10 +- .../api/v1/behaviors/secretmeta_behaviors.py | 3 +- .../api/v1/functional/test_secretmeta.py | 19 +- .../api/v1/functional/test_secretstores.py | 8 +- lower-constraints.txt | 1 + .../dogtag-post.yaml | 41 +++++ ...-manage-check-subcommands-38835078f5cc0ce2.yaml | 7 + ...s-upgrade-check-framework-9df56289b1d91ba4.yaml | 13 ++ .../notes/fix-story-2004734-977dbeda6b547f85.yaml | 7 + .../notes/fix-story-2004833-2b420688a82c3328.yaml | 9 + ...valid-route-response-code-15a681d07222a4f7.yaml | 2 +- ...to-documentedruledefaults-954fe88af9fe72ed.yaml | 5 + ...enamed-generate-iv-option-29770cfcff8e3b83.yaml | 6 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 60 ++++++- releasenotes/source/rocky.rst | 6 + requirements.txt | 1 + setup.cfg | 3 +- tox.ini | 36 ++-- 73 files changed, 1697 insertions(+), 597 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 86ded330..8aae045f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -19,0 +20 @@ oslo.service!=1.28.1,>=1.24.0 # Apache-2.0 +oslo.upgradecheck>=0.1.1 # Apache-2.0