)]}' { "log": [ { "commit": "a4ff8995fa79ff8add84a45a46f8499b0e0aa0b8", "tree": "1da26b09c5be268c5b8338990b807e24cf0e21ea", "parents": [ "6008c8a3e2a1474a8b70694d26830ad7f4253416", "7085622dbad260c8c78c594f805f1ed342ac8d1d" ], "author": { "name": "Zuul", "email": "zuul@review.opendev.org", "time": "Wed Feb 26 19:37:48 2020 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Feb 26 19:37:48 2020 +0000" }, "message": "Merge \"Do not skip nova API extensions policy test for rocky\"" }, { "commit": "f8923d1ddfd2608a5f402c7014f9e95321c43caa", "tree": "f93b64231eb5cafce6a8b22f638e5d2b2f462735", "parents": [ "45f01b741754f91023f7038851fc018c8fbd538d" ], "author": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Thu Jan 02 17:25:30 2020 -0500" }, "committer": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Mon Jan 06 14:31:29 2020 -0500" }, "message": "fix: admin and member gates are broken\n\nThe patrole-admin and patrole-member gates are broken because they\nare trying to test a policy action (\u0027os_compute_api:os-services\u0027) that\nwas changed in the Ussuri release. This commit adds a new policy feature\nflag so that this policy test is backwards compatible.\n\nChange-Id: Ia80279ae8ffcc17f10bed05338c41d0c23eea063\n" }, { "commit": "7085622dbad260c8c78c594f805f1ed342ac8d1d", "tree": "dc47ad6734627cad24ec18b2a2afb8996247a934", "parents": [ "45f01b741754f91023f7038851fc018c8fbd538d" ], "author": { "name": "Ghanshyam Mann", "email": "gmann@ghanshyammann.com", "time": "Fri Jan 03 19:08:08 2020 +0000" }, "committer": { "name": "Ghanshyam Mann", "email": "gmann@ghanshyammann.com", "time": "Fri Jan 03 19:26:35 2020 +0000" }, "message": "Do not skip nova API extensions policy test for rocky\n\nNova API extensions policies were removed in stein but\nflag to skip the tests for those policies is not correctly\nset to False for Rocky.\n\nChange-Id: I80cff7328c47081f20abaf25396f340d1482ff20\n" }, { "commit": "97fffede9ed3037469be62961d45d5bfe474a4ac", "tree": "e145424ff58166055350f6b24fb1d1c71a317475", "parents": [ "fe4e5fd7b5ee9a511d95e88fd124b710dcc341ba" ], "author": { "name": "Rick Bartra", "email": "rick.bartra@att.com", "time": "Thu Sep 12 13:35:10 2019 -0400" }, "committer": { "name": "Rick Bartra", "email": "rick.bartra@att.com", "time": "Thu Sep 12 23:57:40 2019 -0400" }, "message": "fix: admin, member, and reader gates broken\n\nRecent changes in Keystone to move trust enforcement [0] to default\npolicies is currently breaking several voting gates in Patrole.\nThis commit updates the trusts_rbac tests to account for these changes.\n\nAdditionally, \u0027test_list_trusts\u0027 is updated so that it does indeed test\n\u0027identity:list_trusts\u0027. If a \u0027trustor_user_id\u0027 or \u0027trustee_user_id\u0027 is passed\ninto list_trusts() then a different policy action will be enforced. A future\ncommit will add tests for the actions added here [1].\n\nAdded new feature flag called ``keystone_policy_enforcement_train`` under\nthe configuration group ``[policy-feature-enabled]`` to make ``test_list_trusts``\ntest backwards compatible, test the current release, and test the correct policy\naction. The Keystone Trust API is enforced differently depending on passed arguments.\n\nThe new feature flag is needed so that all the voting gates pass, otherwise the\n\u0027test_list_trusts\u0027 is not backwards compatible and would not test the correct\npolicy action in the current release.\n\n[0] https://review.opendev.org/#/q/topic:trust-policies+(status:open+OR+status:merged)\n[1] https://review.opendev.org/#/c/675807/10/keystone/common/policies/trust.py\n\nChange-Id: Ia5661e12977b26e1c16f09a074d1a805263c6c22\n" }, { "commit": "6da06edd6242f4029db2d427224b64337ea2217d", "tree": "3d8b799824900b5d7e8299174c1e97c9dac2624e", "parents": [ "89d5d18234c4b6a7fa4c0ab9fe2d46351350cf7a" ], "author": { "name": "Luigi Toscano", "email": "ltoscano@redhat.com", "time": "Mon Jan 07 17:50:41 2019 +0100" }, "committer": { "name": "Luigi Toscano", "email": "ltoscano@redhat.com", "time": "Mon Jan 07 17:50:41 2019 +0100" }, "message": "Use the canonical URL for repositories (git.openstack.org)\n\n- When the URL refers to cloning or using git repositories, use the\n cloning URL (https://git.openstack.org/\u003cnamespace\u003e/\u003cproject\u003e)\n- When the URL refers to the browsable version of the repository, point to\n the cgit frontend (https://git.openstack.org/cgit/\u003cnamespace\u003e/\u003cproject\u003e)\n\nChange-Id: Iaeaa153a05aa85b9cf7451ae3c28aec56722222c\n" }, { "commit": "e0f35503c90bee01666ee252689738c7c2042ce8", "tree": "fc80d222332c6925886acec96e4192d30636569d", "parents": [ "c38aca7587f526dbea4b3337b0a4822ae837d4ea" ], "author": { "name": "Mykola Yakovliev", "email": "VegasQ@gmail.com", "time": "Wed Sep 26 18:26:57 2018 -0500" }, "committer": { "name": "Mykola Yakovliev", "email": "myakovliev@mirantis.com", "time": "Wed Oct 31 20:45:13 2018 +0000" }, "message": "Multi role RBAC validation\n\nThis patchset replaces ``CONF.patrole.rbac_test_role`` with\n``CONF.patrole.rbac_test_roles``, where instead of single role\nwe can specify list of roles to be assigned to test user.\n\nChange-Id: Ia68bcbdbb523dfe7c4abd6107fb4c426a566ae9d\n" }, { "commit": "c38aca7587f526dbea4b3337b0a4822ae837d4ea", "tree": "92f3b63fa25c57b238cc7d99f1da30f208f5eb9b", "parents": [ "f63a8345312c17d04218fe40f9abca9d99774741" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Oct 31 01:21:48 2018 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Oct 31 01:24:24 2018 -0400" }, "message": "Add feature flag for Keystone policies removed in Stein\n\nThis patch set adds a new feature flag called\n``removed_keystone_policies_stein`` under the configuration\ngroup ``[policy-feature-enabled]`` for skipping Keystone\ntests whose policies were removed in Stein. This feature flag\nis currently applied to credentials-related policies, e.g.:\nidentity:[create|update|get|delete]_credential\n\nMore info on removed Keystone policies:\n\nhttps://review.openstack.org/#/c/597187/16\n\nChange-Id: Ibd16e658d0e1367b46a2d6730f2b6970a95ae221\n" }, { "commit": "8c04bd87800ff8c428b58f0d8b990689916eff9e", "tree": "3eee77c1e29d35190b8229976864915ba874a523", "parents": [ "787fbd72542c233a66309c1700fad9645d01a394" ], "author": { "name": "Chi Lo", "email": "cl566n@att.com", "time": "Fri Jun 01 16:21:50 2018 -0500" }, "committer": { "name": "Chi Lo", "email": "cl566n@att.com", "time": "Sun Sep 16 06:31:39 2018 -0500" }, "message": "Add granularity for volume_extension:volume_type_encryption\n\nUse granular rules:\nvolume_extension:volume_type_encryption:create\nvolume_extension:volume_type_encryption:delete\nvolume_extension:volume_type_encryption:update\nvolume_extension:volume_type_encryption:get\n\nfor the corresponding create, delete, update, and\nget volume_type_encryption test cases.\n\nDepends-On: Iba58e785df934d1c4175c0877d266193ac0167b7\n\nChange-Id: Ie5159166505d9bee3e99ca0d51949f6391c569b9\n" }, { "commit": "194752f1b5304e90e0e2911324f93cbe0169a1f3", "tree": "93799978b43a147d6919661d9ff22716b1af4426", "parents": [ "a3c15da1cd0d74d17727056dd72103fc915ab86d" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Sep 10 11:43:38 2018 -0600" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Sep 10 13:47:30 2018 -0600" }, "message": "Remove deprecated patrole.enable_rbac configuration option\n\nThis patch set removes deprecated [patrole].enable_rbac\nconfiguration option. It is better to use an appropriate\ntest regex to skip Patrole tests.\n\nChange-Id: I639f3215f7aff8a85bc97dc55c1d97be3123e003\n" }, { "commit": "6bffc5c5c6d1a52793e1e2091f4e87b2edac8f31", "tree": "deb60b61fb01e112115f244effa1cd72fbe81f9a", "parents": [ "d063b409bb7a3d056ac9d55bb6200b1076e71422" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sun Aug 19 22:54:33 2018 +0100" }, "committer": { "name": "Ghanshyam Mann", "email": "gmann@ghanshyammann.com", "time": "Tue Aug 21 05:53:38 2018 +0000" }, "message": "Skip the deprecated API extensions policy tests\n\nA new policy feature flag called\n``[policy_feature_flag].removed_nova_policies_stein``\nhas been added to Patrole\u0027s config to handle Nova API\nextension policies removed in Stein [0].\n\nThe policy feature flag is applied to tests that validate\nresponse bodies for expected attributes previously returned\nfor the following policies that passed authorization:\n\n - os_compute_api:os-config-drive\n - os_compute_api:os-extended-availability-zone\n - os_compute_api:os-extended-status\n - os_compute_api:os-extended-volumes\n - os_compute_api:os-keypairs\n - os_compute_api:os-server-usage\n - os_compute_api:os-flavor-rxtx\n - os_compute_api:os-flavor-access (only from /flavors APIs)\n - os_compute_api:image-size\n\nNote that not all removed policies are included above because\ntest coverage is missing for them (like\nos_compute_api:os-security-groups).\n\nAlso fixes test flows associated with image_size tests:\n\n* endpoints are list images with details and show image (not\n list image)\n* both tests should check for OS-EXT-IMG-SIZE:size attribute\n\n[0] https://review.openstack.org/#/c/586872/8\n\nStory: 2003501\n\nChange-Id: Ia6f8d255a540f7063beedd80a3ca1833f3987490\n" }, { "commit": "f6ffb8b1e0b5d5c2a3010d1fc053c48ec2471bb4", "tree": "a7fcb34e4e551192b55161e86c2c8a883f2f7777", "parents": [ "e0c5c24e3bca25349894b8055589d88a16f4b894" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Jul 18 20:41:10 2018 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Jul 18 20:52:05 2018 +0100" }, "message": "Add README in the devstack folder\n\nThis adds a README.rst in the devstack folder with information\nabout DevStack and how to install Patrole plugin in Devstack.\n\nChange-Id: I31a92351211a2f37403c08406215bc10f3c3222e\n" }, { "commit": "2fc2929882c211682219c5ab71f06e5954fc7b53", "tree": "cbd212581aefb64e4f4b99a8769c03a784f6d29c", "parents": [ "ffc1ad8556b3aee842db5345ee4080d8cae7c303" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Jun 15 18:26:27 2018 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sat Jun 16 16:20:16 2018 -0400" }, "message": "Gate fix: Rename Member (legacy) to member role\n\nDue to a recent change [0], Member role is no longer\nbeing found, as it has been renamed to member. This is\ncausing all the member-based gates to fail. Because \"Member\"\nis legacy [1], this patchset uses \"member\" instead of \"Member\"\nduring the devstack Patrole plugin for master. For n-1\nand n-2 releases \"Member\" is still used.\n\nThis patchset also specifies which role was not found in\nthe system while trying to resolve roles CONF.identity.admin_role\nand CONF.patrole.rbac_test_role in order to make debugging\neasier.\n\n[0] https://review.openstack.org/#/c/572243/\n[1] http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/keystone#n355\n\nChange-Id: I7b59bab164041b26ed8a1a798546e493f22f6edd\n" }, { "commit": "739041fb9c0018326baa55098e6d1a381e08c87c", "tree": "04a63d0e9fb34277f977db98a3a209078ec20bd4", "parents": [ "58515edc32a704503155b18d5904c6d96261b3d0" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sun Mar 25 00:24:03 2018 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sat May 19 16:24:33 2018 +0100" }, "message": "feature flag: Policy feature enabled config group\n\nA new configuration group ``[policy_feature_enabled]`` has been added to\nPatrole which will be responsible for collecting the feature flags to be\nused for newly introduced policies or policies that were changed in a\nbackwards-incompatible way.\n\n * create_port_fixed_ips_ip_address_policy (Neutron)\n * update_port_fixed_ips_ip_address_policy (Neutron)\n * limits_extension_used_limits_policy (Cinder)\n * volume_extension_volume_actions_attach_policy (Cinder)\n * volume_extension_volume_actions_reserve_policy (Cinder)\n * volume_extension_volume_actions_unreserve_policy (Cinder)\n\nThese feature flags will be supported until Pike release cycle\nis EOL.\n\nThe motivation behind these feature flags is [0] which adds\nPike/Queens gating to Patrole. However, in Queens, Neutron\nand Cinder renamed or removed a few policies in a backwards-\nincompatible way. These policies can be reviewed here: [1].\n\nThis PS requires another PS [2] in devstack\u0027s lib/tempest\nbecause Patrole, being a branchless project and hosting the\nPatrole devstack plugin itself, must fall back to Tempest\u0027s\ndevstack script to list out the backwards-incompatible\npolicies in Pike.\n\nA documentation update will also come in a follow up with\ninformation on these feature flags.\n\n[0] I76c4a9b8737bf94f230ab141def652b054120f3b\n[1] e.g. http://logs.openstack.org/51/547851/4/check/patrole-member-pike/139c534/job-output.txt.gz#_2018-03-22_21_46_08_392229\n[2] I00bdeff9474c54d38b6d6844a041b305bec01ad8\n\nChange-Id: Ia0d9847908a8e723446c16465d68cd7f622c04cc\n" }, { "commit": "b58c1197e9cbedb0713ea2342e8710d9869a1362", "tree": "065b7cb38206f89237925f1056c2d6a65ef02c15", "parents": [ "feec999bde210930fe1e8b16bbc60c093927c608" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Nov 20 01:50:24 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Nov 27 04:58:28 2017 +0000" }, "message": "Remove deprecrated [rbac] config group\n\nThis PS removes the deprecated [rbac] config group. It was replaced\nlast release cycle with the [patrole] config group, which has\nthe exact same options. This is because [patrole] is more user-friendly\nand congruent with the project name.\n\nChange-Id: Id1a7af0445bd50f44ddcc4277f952391968726b8\n" }, { "commit": "f71def828a1598e3cee0a1a5c3702f6bfaa650e0", "tree": "710e2db8b5cf7afd4a34a1108a89b1f1b0f5564b", "parents": [ "e182300601d0b17c85f86315d1904525b1bc1977" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Nov 07 03:27:13 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Nov 21 23:34:19 2017 +0000" }, "message": "Deprecate strict_policy_enforce configuration option\n\nThe configuration option ``[patrole] strict_policy_check``\nis deprecated and will be removed in the Rocky release cycle.\n\nThe default value for ``[patrole] strict_policy_check`` has\nbeen changed to ``True`` because a Patrole test should always\nfail if the policy action is invalid, to avoid false positives.\n\nChange-Id: Idb902f23b1845bdbc9ac8fb490f3e74e262c1451\n" }, { "commit": "a44dddf13a6973d35f7bd81c6c3ad0a2550a72b9", "tree": "1a7b28defd231711f4bd8a4cbe09450359cc6dd2", "parents": [ "8290c9927ea1a7317c16686cc9cd7b8bd9880258" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri May 26 18:39:37 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed May 31 16:17:58 2017 +0000" }, "message": "Patrole devstack plugin\n\nAdds devstack plugin for Patrole in order to correctly deploy\nPatrole.\n\nThis commit:\n - Adds the plugin.sh for orchestrating Patrole installation\n via devstack\n - The settings file for declaring global variables; allow\n RBAC_TEST_ROLE to be overriden by global variable\n RBAC_TEST_ROLE (i.e. export RBAC_TEST_ROLE\u003dMember\n from shell will override the rbac role at run time)\n - Removes pre/post_test_hook since that logic is now\n handled by updated infra jobs [0] and by\n the devstack patrole plugin.\n\n[0] https://review.openstack.org/#/c/468939/3/jenkins/jobs/patrole.yaml\n\nChange-Id: I38c02cbcfea9334c9c0c10096e383efa9a9fc474\nImplements: blueprint patrole-devstack-plugin\n" } ] }