We are satisfied to announce the release of: barbican 7.0.0: OpenStack Secure Key Management This release is part of the rocky release series. Download the package from: https://tarballs.openstack.org/barbican/ For more details, please see below. Changes in barbican 6.0.0..7.0.0 -------------------------------- dba5ead Imported Translations from Zanata df8c62a Refactor PKCS#11 to allow configurable mechanisms e8a4ec7 Imported Translations from Zanata 1705cbd Switch to fedora-latest for testing abd65a1 Adding support for 512-Bit-Secret-Creation when using xts-mode 727ffb1 Add doc8 to pep8 check for project 809ae5c Skip some tests for vault plugin 51ad514 Fix getting secret for vault plugin 39714bb Fix response status for invalid routes 0886ebf Update http to https and fix link in doc reference adf96a0 Enable vault devstack functional test by default 2af41b7 Remove unused policy enforcer attributes e5470d8 Make barbican-kmip-devstack-functional job non-voting 1f8a317 Switch to stestr d6bc460 Initial the unit-tests of OVO for Barbican 74da6f0 Implement the "check_exc" parameter for OVO f281627 Implement OVO for Barbican [5] 0a25617 Ensure orders policy-in-code matches controller fdd3d15 Update pypi url to new url 66036b2 Implement OVO for Barbican [4] 1598d1e Implement OVO for Barbican [3] d32e82e As of April 28th 2018, Barbican has been migrated to storyboard. The documentation should be adjusted. a5ef2a9 Update the periodic_task link for retry_scheduler 755fee7 Update two Barbican services to Docs 62a65ec Activate html_static_path config option 5dea5ce add release notes to README.rst 0477799 fix tox python3 overrides baec7f5 Follow the new PTI for document build e5c559f Implement OVO for Barbican [2] 369d65c Remove unused policy rules 4cc4641 Implement OVO for Barbican [1] ef9a6f3 Initial OVO for Barbican 7fa7c8d Remove CA API policy file ecfb1cd Imported Translations from Zanata fda4948 Fix broken gate due to breaking dependency changes 44b2f5e Commit DB changes on API startup 03d9417 TrivialFix: Update block code to be more beautiful ee204e0 Update the version of Ubuntu c0d95d4 Add devstack gate for vault 54a11c6 Remove pycrypto dependency 89cdc72 Fix docs build in tox.ini 89cb777 Castellan based secret store 0e728ee update some documents about the keystone "API v2.0" 05c9392 Update http links for doc migration b881503 Imported Translations from Zanata c5cd22f Stop using legacy-fedora-27 452d827 Remove pycrypto from dogtag plugin aafeb7a Enforce usage of oslo.context's project_id 0a71c46 Imported Translations from Zanata d36aeb4 fix lower constraints aff00f0 Configure control_exchange to match keystone 7061d65 Initialize db for Barbican Keystone listener bbc0c6b Update auth_uri option to www_authenticate_uri 4051160 Add os-testr as test dependency a20315a Apply pep8 check to app.wsgi ac22e24 Remove unused broker configuration in devstack 55f803d Take context from environment instead of parsing headers 9ad1f18 Imported Translations from Zanata a0dc790 Enable mutable config in Barbican 0657894 Do not copy policy.json when installing barbican 70aa729 Remove use of unsupported TEMPEST_SERVICES variable f9b9d7b Imported Translations from Zanata 835a48d Updated from global requirements d2ce595 Add retries for Dogtag plugin 199381e add lower-constraints job b5b6694 Update to fedora-27 for testing 29d51fc Indicating the location tests directory in oslo_debug_helper 474abaf Change restart the services command bc51804 Fix incomplete barbican configuration path in doc 2d58f23 Updated from global requirements a3bcbc8 Update reno for stable/queens af4637b Updating time for functional tests 2fefb2d Update to use new stevedore backend option 4303622 Set debug mode according to ENABLE_DEBUG_LOG_LEVEL 520eef2 Make grenade-devstack-barbican job voting a29f282 Fix the grenade-devstack-barbican gate 0a6a25b Imported Translations from Zanata 4a6f3e9 Handle URL reconstruction in PEP333 compatible fashion 985fb8e Zuul: Remove project name 7178aac Update the link in database_migrations.rst c3717f8 Use assertRegex instead of assertRegexpMatches 5d162eb Add default configuration files to data_files Diffstat (except docs and test files) ------------------------------------- .gitignore | 3 +- .stestr.conf | 4 + .testr.conf | 9 - .zuul.yaml | 46 ++-- HACKING.rst | 2 +- README.md | 9 +- api-guide/source/quotas.rst | 2 +- barbican/api/app.py | 15 +- barbican/api/controllers/__init__.py | 15 +- barbican/api/controllers/orders.py | 2 +- barbican/api/controllers/secrets.py | 10 +- barbican/api/middleware/context.py | 31 +-- barbican/cmd/barbican_manage.py | 31 ++- barbican/cmd/keystone_listener.py | 3 +- barbican/cmd/retry_scheduler.py | 3 +- barbican/cmd/worker.py | 3 +- barbican/common/accept.py | 31 +++ barbican/common/config.py | 2 +- barbican/common/hrefs.py | 21 ++ barbican/common/policies/__init__.py | 2 - barbican/common/policies/base.py | 4 - barbican/common/policies/cas.py | 51 ----- barbican/common/policies/orders.py | 4 +- barbican/common/policy.py | 23 -- barbican/common/utils.py | 11 +- barbican/context.py | 11 +- barbican/locale/en_GB/LC_MESSAGES/barbican.po | 24 ++- barbican/locale/zh_CN/LC_MESSAGES/barbican.po | 6 +- barbican/model/models.py | 119 ++++++----- barbican/model/repositories.py | 78 +++++++ barbican/objects/__init__.py | 80 +++++++ barbican/objects/base.py | 205 ++++++++++++++++++ barbican/objects/container.py | 130 +++++++++++ barbican/objects/container_acl.py | 174 +++++++++++++++ barbican/objects/container_acl_user.py | 46 ++++ barbican/objects/container_consumer_meta.py | 125 +++++++++++ barbican/objects/container_secret.py | 40 ++++ barbican/objects/encrypted_datum.py | 39 ++++ barbican/objects/fields.py | 98 +++++++++ barbican/objects/kekdatum.py | 46 ++++ barbican/objects/order.py | 95 ++++++++ barbican/objects/order_barbican_metadatum.py | 35 +++ barbican/objects/order_plugin_metadatum.py | 34 +++ barbican/objects/order_retry_task.py | 48 +++++ barbican/objects/project.py | 38 ++++ barbican/objects/project_quotas.py | 91 ++++++++ barbican/objects/project_secret_store.py | 61 ++++++ barbican/objects/secret.py | 80 +++++++ barbican/objects/secret_acl.py | 169 +++++++++++++++ barbican/objects/secret_acl_user.py | 46 ++++ barbican/objects/secret_store_metadatum.py | 59 +++++ barbican/objects/secret_stores.py | 41 ++++ barbican/objects/secret_user_metadatum.py | 49 +++++ barbican/objects/transport_key.py | 61 ++++++ barbican/plugin/castellan_secret_store.py | 167 +++++++++++++++ barbican/plugin/crypto/p11_crypto.py | 66 +++--- barbican/plugin/crypto/pkcs11.py | 172 ++++++++++++--- barbican/plugin/crypto/simple_crypto.py | 23 +- barbican/plugin/dogtag.py | 154 +++++++------ barbican/plugin/dogtag_config_opts.py | 3 + barbican/plugin/interface/secret_store.py | 14 ++ barbican/plugin/kmip_secret_store.py | 2 +- barbican/plugin/vault_secret_store.py | 82 +++++++ barbican/queue/keystone_listener.py | 2 + barbican/queue/retry_scheduler.py | 2 +- bin/barbican.sh | 2 +- bin/keystone_data.sh | 4 +- devstack/barbican-vagrant/Vagrantfile | 2 +- devstack/lib/barbican | 73 ++++++- devstack/plugin.sh | 10 +- devstack/settings | 3 - devstack/upgrade/upgrade.sh | 2 +- .../api/v1/functional/test_consumers.py | 2 +- .../api/v1/functional/test_containers.py | 4 +- lower-constraints.txt | 137 ++++++++++++ .../barbican-devstack-functional-base/post.yaml | 2 +- ...gurable-mechanism-options-2e5c57099b4c91b1.yaml | 12 ++ ...itlength-in-simple-crypto-95936a2d830035cc.yaml | 9 + ..._default_control_exchange-c47abc3e3f08aa31.yaml | 4 + ...valid-route-response-code-15a681d07222a4f7.yaml | 6 + ...olicy-to-match-controller-1673ec7c88235227.yaml | 10 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 78 ++++++- .../locale/zh_CN/LC_MESSAGES/releasenotes.po | 8 +- releasenotes/source/queens.rst | 6 + requirements.txt | 11 +- setup.cfg | 13 +- test-requirements.txt | 9 +- tox.ini | 81 +++++-- 134 files changed, 3982 insertions(+), 573 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index d34665d..86ded33 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,2 +7,2 @@ cffi>=1.7.0 # MIT -cryptography!=2.0,>=1.9 # BSD/Apache-2.0 -eventlet!=0.18.3,!=0.20.1,<0.21.0,>=0.18.2 # MIT +cryptography>=2.1 # BSD/Apache-2.0 +eventlet>=0.18.2,!=0.18.3,!=0.20.1 # MIT @@ -10 +10 @@ jsonschema<3.0.0,>=2.6.0 # MIT -oslo.config>=5.1.0 # Apache-2.0 +oslo.config>=5.2.0 # Apache-2.0 @@ -20,0 +21 @@ oslo.utils>=3.33.0 # Apache-2.0 +oslo.versionedobjects>=1.31.2 # Apache-2.0 @@ -25,2 +26 @@ pecan!=1.0.2,!=1.0.3,!=1.0.4,!=1.2,>=1.0.0 # BSD -pycrypto>=2.6 # Public Domain -pyOpenSSL>=16.2.0 # Apache-2.0 +pyOpenSSL>=17.1.0 # Apache-2.0 @@ -32,0 +33 @@ WebOb>=1.7.1 # MIT +castellan >= 0.17 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index 389550e..c98bcb3 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -13 +13 @@ pykmip>=0.7.0 # Apache 2.0 License -testrepository>=0.0.18 # Apache-2.0/BSD +stestr>=2.0.0 # Apache-2.0 @@ -24,5 +24,2 @@ bandit>=1.1.0 # Apache-2.0 -# Documentation build requirements -sphinx!=1.6.6,>=1.6.2 # BSD -os-api-ref>=1.4.0 # Apache-2.0 -reno>=2.5.0 # Apache-2.0 -openstackdocstheme>=1.18.1 # Apache-2.0 +doc8>=0.6.0 # Apache-2.0 +Pygments>=2.2.0 # BSD license