We are glad to announce the release of: barbican 4.0.0: OpenStack Secure Key Management This release is part of the ocata release series. Download the package from: https://tarballs.openstack.org/barbican/ For more details, please see below. 4.0.0 ^^^^^ This release adds http_proxy_to_wsgi middleware to the pipeline. New Features ************ * The 'http_proxy_to_wsgi' middleware can be used to help barbican respond with the correct URL refs when it's put behind a TLS proxy (such as HAProxy). This middleware is disabled by default, but can be enabled via a configuration option in the oslo_middleware group. Upgrade Notes ************* * The barbican-api-paste.ini configuration file for the paste pipeline was updated to add the http_proxy_to_wsgi middleware. Changes in barbican 3.0.0..4.0.0 -------------------------------- c3c1d28 Add CryptoPluginUnsupportedOperation 7d1a8e4 Deprecate Dogtag subca tests 02506eb Fix error message formatting for Dogtag plugin exceptions 9efb9cf Update previous and next Consumer URLS in filtering 773feea Fix Consumer API Reference Docs 02a72f9 Move dogtag plugin dependencies to one yum call bd90710 Add Dogtag plugin dependencies to bindep.txt cca1a28 Split serial and parallel functional test runs 7c71e97 Make error message clear when no supported secret store found 9a934e5 Revert "Add ID property to all entities" 00ee202 Add Unit Tests for Consumers API Controller a1ac176 Add .ropeproject to .gitignore f06ba48 Add ID property to all entities 4ff005a Clean imports in code 8b93051 Updated from global requirements a936b28 Fix typos a99c8c6 using utcnow instead of now in barbican unit tests 3be5999 Fix error in api-guide 61aa385 Correct configuration of db connection 0c18936 Replace str(uuid.uuid4()) with utils.generate_uuid() 6c12b36 Remove pycadf useless requirement 17f60c0 Removes unnecessary utf-8 encoding 83a6128 DOC Remove a couple of repeated words fc16d1f [devstack] enable logging to stderr 7448bd3 Updated from global requirements 918cd8c Configure authtoken middleware in barbican.conf 7e7a52d Add build dir to flake8 exclude list 9abd3d0 Correct the file path for deploying Barbican API under mod_wsgi a27d201 Update the KMIPSecretStore tests to not test PyKMIP internals 52bb83e Updated from global requirements 25421dc Updated from global requirements dea8754 Introduce hacking check to Barbican 8706feb Enable installation of barbican_tempest_plugin ed25e3a Show team and repo badges on README 2dd4793 Make rabbitmq configuration much simpler 949c8b9 [Devstack] Fix devstack plugin compatibility b483bba Add Apache 2.0 license header to the alembic_migrations/script.py.mako fba4607 Pass secret_type to repository query 9ef8efb Fix hacking check error b22acbf Files with no code must be left completely empty ed124cb Fix crypto plugin documentation f4f9b7f Using assertIsNotNone() instead of assertNotEqual(None) 314d788 Fix typo in file name 98602af Add bindep environment to tox 6d1fe84 Remove unused pylintrc df178ab Updated from global requirements 65478e0 Updated from global requirements 140a818 Deprecate Cetificate Resources d035e75 Remove translations for debug level log d85be13 Updated from global requirements 392182c Fix some minor error e4b743f Add "keystone_authtoken" section in barbican.conf 1878ccf Fix warning when running tox -e docs 8859ffb Fix bindep so that translated jobs work 63c5680 Updated from global requirements 06fc1cd Replaced assertion with more specific 690cc51 Enable translations 88ba85a Remove redundant 'the' in doc d70c88e Updated from global requirements 70bf61c Fix incorrect endpoint in install-guide a2f9d41 Enforce application/json content type on quota set 56a33b6 Imported Translations from Zanata c7e824e Use http_proxy_to_wsgi middleware 1d7f758 Updated from global requirements c7bf059 Fix coverage test failure 3b95ff8 Add dogtag-pki and python-nss as extra requirement ab0e991 Update .coveragerc after the removal of respective directory 6cea690 Updated from global requirements b8bbd32 Fix error in installation guide of Ubuntu. 282ad4b Rename crypto.py to base.py 7239625 Improve devstack configuration 3f92aa5 Don't include openstack/common in flake8 exclude list 08c3bf9 Fix postgres error during container list 8388a5c Add summary to metadata in setup.cfg file f0de9fe Enable release notes translation 47ca6af Updated from global requirements 7ef9250 Updated from global requirements 403e440 Fix order of arguments in assertEqual 3410ac9 Fix typo 70d26ae Updated from global requirements 56fff40 Checking barbican resource id in URI is a valid uuid 39331ca Use Domains with Keystone v3 in functional tests 608bfd3 Fix routing for adding a secret to a container 66c88d0 Updated from global requirements b99ae8e TrivialFix: Remove default=None when set value in Config fc7c578 Fix typos in alembic.ini & kmip_secret_store.py 59d2f1a Fix some typos in simple_crypto.py a661e14 Trivial fix in secretstore module 5d19048 Imported Translations from Zanata f691572 Fixes error when deleting consumers baf5edf Update reno for stable/newton 49cd835 delete python bytecode including pyo before every test run a33fcd7 Active a unit test in comon/test_validators 6dc2e98 TrivialFix: Remove cfg import unused eeb29c4 TrivialFix: Remove logging import unused 41e652e changed typo from similiar to similar 7972660 Adds true functional tests for db_manage script 4e4a263 modify the home-page info with the developer documentation 9ab6387 Remove white space between print and () 497db2c Default to Keystone authentication Diffstat (except docs and test files) ------------------------------------- .coveragerc | 4 +- .gitignore | 3 + .testr.conf | 2 +- HACKING.rst | 92 +++++ README.md | 7 + api-guide/source/certificates.rst | 5 + api-guide/source/conf.py | 2 - api-guide/source/consumers.rst | 4 +- api-guide/source/orders.rst | 5 + api-guide/source/secrets.rst | 2 +- barbican/__init__.py | 18 - barbican/api/controllers/cas.py | 16 +- barbican/api/controllers/consumers.py | 27 +- barbican/api/controllers/containers.py | 11 +- barbican/api/controllers/orders.py | 14 +- barbican/api/controllers/quotas.py | 1 + barbican/api/controllers/secretmeta.py | 18 +- barbican/api/controllers/secrets.py | 16 +- barbican/api/controllers/secretstores.py | 20 +- barbican/api/controllers/transportkeys.py | 13 +- barbican/api/controllers/versions.py | 4 - barbican/api/middleware/context.py | 10 +- barbican/api/middleware/simple.py | 5 +- barbican/cmd/__init__.py | 18 - barbican/cmd/db_manage.py | 2 +- barbican/cmd/retry_scheduler.py | 3 +- barbican/cmd/worker.py | 3 +- barbican/common/__init__.py | 18 - barbican/common/config.py | 20 +- barbican/common/exception.py | 6 +- barbican/common/hrefs.py | 2 +- barbican/common/resources.py | 3 +- barbican/common/utils.py | 16 + barbican/hacking/__init__.py | 0 barbican/hacking/checks.py | 379 ++++++++++++++++++ .../locale/de/LC_MESSAGES/barbican-log-warning.po | 37 ++ barbican/locale/zh_CN/LC_MESSAGES/barbican.po | 50 ++- barbican/model/__init__.py | 18 - barbican/model/clean.py | 18 +- barbican/model/migration/alembic.ini | 2 +- .../migration/alembic_migrations/script.py.mako | 15 + ...20ccbe7fa_remove_transport_keys_column_from_.py | 14 +- ...9933643_add_project_column_to_consumer_table.py | 17 +- ...687_fill_project_id_to_secrets_where_missing.py | 17 +- .../versions/1a0c2cdafb38_initial_version.py | 13 + ...f79559e3_new_secret_and_container_acl_tables.py | 13 + .../1bc885808c76_add_project_id_to_secrets.py | 13 + .../1bece815014f_remove_projectsecret_table.py | 15 +- ...f328bfce0_fixing_composite_primary_keys_and_.py | 93 +++-- ...8af2dd_add_new_columns_type_meta_containerid.py | 23 +- ...5565185_removing_redundant_fields_from_order.py | 14 +- ...e0c5f_change_keystone_id_for_external_id_in_.py | 13 + .../2843d6469f25_add_sub_status_info_for_orders.py | 21 +- ...3f5371bde_dsa_in_container_type_modelbase_to.py | 31 +- .../2d21598e7e70_added_ca_related_tables.py | 22 +- ...95d7_remove_size_limits_on_meta_table_values.py | 13 + .../30dba269cc64_update_order_retry_tasks_table.py | 13 + .../39a96e67e990_add_missing_constraints.py | 17 +- ...f2e645cba_model_for_multiple_backend_support.py | 13 + ...040bfe_add_owning_project_and_creator_to_cas.py | 19 +- ...36a26b88af_add_order_barbican_metadata_table.py | 13 + ...6f6972_add_orders_plugin_metadata_table_and_.py | 13 + ...f4a69ac_added_secret_type_column_to_secrets_.py | 13 + .../46b98cde536_add_project_quotas_table.py | 13 + ...9e523451_made_plugin_names_in_kek_datum_non_.py | 13 + ...3a72a_add_cas_column_to_project_quotas_table.py | 13 + ...457517a3_rename_acl_creator_only_to_project_.py | 16 +- .../795737bb3c3_change_tenants_to_projects.py | 14 + .../versions/aa2cf96a1d5_add_orderretrytask.py | 13 + .../cd4106a1a0_add_cert_to_container_type.py | 13 + .../versions/d2780d5aa510_change_url_length.py | 13 + barbican/model/models.py | 5 +- barbican/model/repositories.py | 14 +- barbican/plugin/crypto/base.py | 370 ++++++++++++++++++ barbican/plugin/crypto/crypto.py | 360 ----------------- barbican/plugin/crypto/manager.py | 20 +- barbican/plugin/crypto/p11_crypto.py | 4 +- barbican/plugin/crypto/simple_crypto.py | 6 +- barbican/plugin/dogtag.py | 8 +- barbican/plugin/interface/secret_store.py | 29 +- barbican/plugin/kmip_secret_store.py | 52 +-- barbican/plugin/snakeoil_ca.py | 6 +- barbican/plugin/store_crypto.py | 38 +- barbican/plugin/util/multiple_backends.py | 2 - barbican/queue/__init__.py | 3 - barbican/queue/keystone_listener.py | 9 +- barbican/queue/server.py | 3 - barbican/tasks/__init__.py | 18 - barbican/tasks/certificate_resources.py | 3 +- barbican/tasks/keystone_consumer.py | 2 +- barbican/tasks/resources.py | 18 +- .../repositories/test_repositores_secret_stores.py | 426 --------------------- .../test_repositories_secret_stores.py | 426 +++++++++++++++++++++ bindep.txt | 12 + devstack/lib/barbican | 54 ++- devstack/plugin.sh | 34 ++ devstack/settings | 4 + etc/barbican/barbican-api-paste.ini | 15 +- etc/barbican/barbican-functional.conf | 8 +- etc/barbican/barbican.conf | 160 ++++++++ .../api/v1/behaviors/secret_behaviors.py | 25 +- .../api/v1/functional/test_certificate_orders.py | 10 +- .../api/v1/functional/test_consumers.py | 12 +- .../api/v1/functional/test_containers.py | 40 +- .../api/v1/functional/test_quotas_enforce.py | 2 +- .../api/v1/functional/test_secretmeta.py | 44 +-- .../api/v1/functional/test_secretstores.py | 2 +- install-guide/source/common_configure.rst | 18 +- install-guide/source/common_prerequisites.rst | 6 +- install-guide/source/install-rdo.rst | 13 +- install-guide/source/install-ubuntu.rst | 2 +- pylintrc | 27 -- ..._proxy_to_wsgi-middleware-98dc4fe03eb362d3.yaml | 12 + releasenotes/source/conf.py | 4 +- releasenotes/source/index.rst | 1 + releasenotes/source/newton.rst | 6 + requirements.txt | 25 +- setup.cfg | 5 + test-requirements.txt | 18 +- tox.ini | 34 +- 173 files changed, 4314 insertions(+), 2084 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index d35188b..4450073 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4 +4 @@ -alembic>=0.8.4 # MIT +alembic>=0.8.10 # MIT @@ -10 +10 @@ jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT -oslo.config>=3.14.0 # Apache-2.0 +oslo.config!=3.18.0,>=3.14.0 # Apache-2.0 @@ -13 +13 @@ oslo.i18n>=2.1.0 # Apache-2.0 -oslo.messaging>=5.2.0 # Apache-2.0 +oslo.messaging>=5.14.0 # Apache-2.0 @@ -15,2 +15,2 @@ oslo.middleware>=3.0.0 # Apache-2.0 -oslo.log>=1.14.0 # Apache-2.0 -oslo.policy>=1.9.0 # Apache-2.0 +oslo.log>=3.11.0 # Apache-2.0 +oslo.policy>=1.17.0 # Apache-2.0 @@ -19 +19 @@ oslo.service>=1.10.0 # Apache-2.0 -oslo.utils>=3.16.0 # Apache-2.0 +oslo.utils>=3.18.0 # Apache-2.0 @@ -22,3 +22,2 @@ PasteDeploy>=1.5.0 # MIT -pbr>=1.6 # Apache-2.0 -pecan!=1.0.2,!=1.0.3,!=1.0.4,>=1.0.0 # BSD -pycadf!=2.0.0,>=1.1.0 # Apache-2.0 +pbr>=1.8 # Apache-2.0 +pecan!=1.0.2,!=1.0.3,!=1.0.4,!=1.2,>=1.0.0 # BSD @@ -27,2 +26,2 @@ pyOpenSSL>=0.14 # Apache-2.0 -ldap3>=0.9.8.2 # LGPLv3 -keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0 # Apache-2.0 +ldap3>=1.0.2 # LGPLv3 +keystonemiddleware>=4.12.0 # Apache-2.0 @@ -31,2 +30,2 @@ SQLAlchemy<1.1.0,>=1.0.10 # MIT -stevedore>=1.16.0 # Apache-2.0 -WebOb>=1.2.3 # MIT +stevedore>=1.17.1 # Apache-2.0 +WebOb>=1.6.0 # MIT diff --git a/test-requirements.txt b/test-requirements.txt index 960782d..da1a60d 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4,2 +4,6 @@ -coverage>=3.6 # Apache-2.0 -hacking<0.11,>=0.10.0 + +# hacking should appear first in case something else depends on pep8 +hacking<0.13,>=0.12.0 # Apache-2.0 + +coverage>=4.0 # Apache-2.0 +ddt>=1.0.1 # MIT @@ -12 +16 @@ fixtures>=3.0.0 # Apache-2.0/BSD -requests>=2.10.0 # Apache-2.0 +requests!=2.12.2,>=2.10.0 # Apache-2.0 @@ -14 +18 @@ WebTest>=2.0 # MIT -python-keystoneclient!=2.1.0,>=2.0.0 # Apache-2.0 +python-keystoneclient>=3.8.0 # Apache-2.0 @@ -22,3 +26,3 @@ bandit>=1.1.0 # Apache-2.0 -sphinx!=1.3b1,<1.3,>=1.2.1 # BSD -oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 -reno>=1.8.0 # Apache2 +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0 +reno>=1.8.0 # Apache-2.0