Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-oslo.cache for
openSUSE:Factory checked in at 2024-05-03 19:45:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-oslo.cache (Old)
and /work/SRC/openSUSE:Factory/.python-oslo.cache.new.1880 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-oslo.cache"
Fri May 3 19:45:29 2024 rev:19 rq:1171462 version:3.7.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-oslo.cache/python-oslo.cache.changes
2024-01-05 21:43:05.677968662 +0100
+++
/work/SRC/openSUSE:Factory/.python-oslo.cache.new.1880/python-oslo.cache.changes
2024-05-03 19:45:46.191512769 +0200
@@ -1,0 +2,30 @@
+Thu May 2 22:07:19 UTC 2024 - [email protected]
+
+- update to version 3.7.0
+ - Update master for stable/2023.2
+ - reno: Update master for unmaintained/yoga
+ - Fix minor typos in parameter help texts
+ - Add native options for redis backend
+ - Automate TLS certificates settings for redis backend
+ - Do not mark hosts as alive when they are all dead
+ - Add a new option to enforce the OpenSSL FIPS mode
+ - memcache: Remove "default" username and password
+ - config: Document backends supporting specific options
+ - Fail if tls_enabled is True but backend does not support it
+ - pre-commit: Bump versions
+ - Bump hacking
+ - Fix wrong path in coveragerc
+ - [cache] memcache_password should be secret
+ - Prevent potential ReDoS attack
+ - Bump hacking (again)
+ - Clean-up memcache connection sockets
+ - Display coverage report
+ - Ensure requirements are capped by upper constraints
+ - Fix incomplete exception message
+ - Add support for Redis Sentinel backend
+ - Update python classifier in setup.cfg
+ - pre-commit: Integrate bandit
+ - Cleanup py27 support
+ - redis: Add functional tests
+
+-------------------------------------------------------------------
Old:
----
oslo.cache-3.5.0.tar.gz
New:
----
oslo.cache-3.7.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-oslo.cache.spec ++++++
--- /var/tmp/diff_new_pack.O54xRN/_old 2024-05-03 19:45:46.979541418 +0200
+++ /var/tmp/diff_new_pack.O54xRN/_new 2024-05-03 19:45:46.983541563 +0200
@@ -17,13 +17,13 @@
Name: python-oslo.cache
-Version: 3.5.0
+Version: 3.7.0
Release: 0
Summary: Cache storage for Openstack projects
License: Apache-2.0
Group: Development/Languages/Python
URL: https://docs.openstack.org/oslo.cache
-Source0:
https://files.pythonhosted.org/packages/source/o/oslo.cache/oslo.cache-3.5.0.tar.gz
+Source0:
https://files.pythonhosted.org/packages/source/o/oslo.cache/oslo.cache-3.7.0.tar.gz
BuildRequires: openstack-macros
BuildRequires: python3-dogpile.cache >= 1.1.5
BuildRequires: python3-oslo.config >= 8.1.0
@@ -70,7 +70,7 @@
Documentation for the OpenStack Oslo cache library.
%prep
-%autosetup -p1 -n oslo.cache-3.5.0
+%autosetup -p1 -n oslo.cache-3.7.0
%py_req_cleanup
%build
@@ -80,7 +80,7 @@
%{py3_install}
# generate html docs
-PBR_VERSION=3.5.0 %sphinx_build -b html doc/source doc/build/html
+PBR_VERSION=3.7.0 %sphinx_build -b html doc/source doc/build/html
# remove the sphinx-build leftovers
rm -rf doc/build/html/.{doctrees,buildinfo}
++++++ oslo.cache-3.5.0.tar.gz -> oslo.cache-3.7.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/.coveragerc
new/oslo.cache-3.7.0/.coveragerc
--- old/oslo.cache-3.5.0/.coveragerc 2023-08-28 14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/.coveragerc 2024-02-26 08:35:26.000000000 +0100
@@ -1,7 +1,7 @@
[run]
branch = True
-source = cache
-omit = cache/tests/*,cache/openstack/*
+source = oslo_cache
+omit = oslo_cache/tests/*
[report]
ignore_errors = True
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/.pre-commit-config.yaml
new/oslo.cache-3.7.0/.pre-commit-config.yaml
--- old/oslo.cache-3.5.0/.pre-commit-config.yaml 2023-08-28
14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/.pre-commit-config.yaml 2024-02-26
08:35:26.000000000 +0100
@@ -1,15 +1,6 @@
-# We from the Oslo project decided to pin repos based on the
-# commit hash instead of the version tag to prevend arbitrary
-# code from running in developer's machines. To update to a
-# newer version, run `pre-commit autoupdate` and then replace
-# the newer versions with their commit hash.
-
-default_language_version:
- python: python3
-
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: 9136088a246768144165fcc3ecc3d31bb686920a # v3.3.0
+ rev: v4.5.0
hooks:
- id: trailing-whitespace
# Replaces or checks mixed line ending
@@ -27,13 +18,13 @@
- id: debug-statements
- id: check-yaml
files: .*\.(yaml|yml)$
- - repo: local
+ - repo: https://opendev.org/openstack/hacking
+ rev: 6.1.0
hooks:
- - id: flake8
- name: flake8
- additional_dependencies:
- - hacking>=3.0.1,<3.1.0
- language: python
- entry: flake8
- files: '^.*\.py$'
- exclude: '^(doc|releasenotes|tools)/.*$'
+ - id: hacking
+ additional_dependencies: []
+ - repo: https://github.com/PyCQA/bandit
+ rev: 1.7.6
+ hooks:
+ - id: bandit
+ args: ['-x', 'tests']
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/.zuul.yaml
new/oslo.cache-3.7.0/.zuul.yaml
--- old/oslo.cache-3.5.0/.zuul.yaml 2023-08-28 14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/.zuul.yaml 2024-02-26 08:35:26.000000000 +0100
@@ -35,14 +35,14 @@
parent: oslo.cache-functional-memcached
vars:
tox_environment:
- OSLO_BACKEND: dogpile_cache_bmemcached
+ OSLO_BACKEND: dogpile_cache_bmemcached
- job:
name: oslo.cache-functional-dogpile.cache.pymemcache
parent: oslo.cache-functional-memcached
vars:
tox_environment:
- OSLO_BACKEND: dogpile_cache_pymemcache
+ OSLO_BACKEND: dogpile_cache_pymemcache
- job:
name: oslo.cache-functional-memcache_pool
@@ -51,6 +51,28 @@
tox_environment:
OSLO_BACKEND: memcache_pool
+- job:
+ name: oslo.cache-functional-redis
+ parent: oslo.cache-functional
+ vars:
+ tox_environment:
+ PIFPAF_DAEMON: redis
+
+- job:
+ name: oslo.cache-functional-dogpile.cache.redis
+ parent: oslo.cache-functional-redis
+ vars:
+ tox_environment:
+ OSLO_BACKEND: dogpile_cache_redis
+
+- job:
+ name: oslo.cache-functional-dogpile.cache.redis_sentinel
+ parent: oslo.cache-functional-redis
+ vars:
+ tox_environment:
+ OSLO_BACKEND: dogpile_cache_redis_sentinel
+ PIFPAF_OPTS: --sentinel
+
- project:
templates:
- check-requirements
@@ -65,3 +87,5 @@
- oslo.cache-functional-dogpile.cache.bmemcached
- oslo.cache-functional-dogpile.cache.pymemcache
- oslo.cache-functional-memcache_pool
+ - oslo.cache-functional-dogpile.cache.redis
+ - oslo.cache-functional-dogpile.cache.redis_sentinel
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/AUTHORS new/oslo.cache-3.7.0/AUTHORS
--- old/oslo.cache-3.5.0/AUTHORS 2023-08-28 14:51:01.000000000 +0200
+++ new/oslo.cache-3.7.0/AUTHORS 2024-02-26 08:35:56.000000000 +0100
@@ -12,6 +12,7 @@
Brant Knudson <[email protected]>
ChangBo Guo(gcb) <[email protected]>
Corey Bryant <[email protected]>
+Damian Dabrowski <[email protected]>
Daniel Bengtsson <[email protected]>
Davanum Srinivas <[email protected]>
Dave Chen <[email protected]>
@@ -66,7 +67,9 @@
Stephen Finucane <[email protected]>
Steve Martinelli <[email protected]>
Swapnil Kulkarni (coolsvap) <[email protected]>
+Takashi Kajinami <[email protected]>
Takashi Kajinami <[email protected]>
+Thomas Goirand <[email protected]>
Tony Breeds <[email protected]>
Tovin Seven <[email protected]>
Vieri <[email protected]>
@@ -86,6 +89,7 @@
root <root@newapps.(none)>
songwenping <[email protected]>
termie <[email protected]>
+tomas <[email protected]>
wangqi <[email protected]>
wangxiyuan <[email protected]>
yangyawei <[email protected]>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/ChangeLog
new/oslo.cache-3.7.0/ChangeLog
--- old/oslo.cache-3.5.0/ChangeLog 2023-08-28 14:51:01.000000000 +0200
+++ new/oslo.cache-3.7.0/ChangeLog 2024-02-26 08:35:56.000000000 +0100
@@ -1,6 +1,36 @@
CHANGES
=======
+3.7.0
+-----
+
+* Fix incomplete exception message
+* Prevent potential ReDoS attack
+* config: Document backends supporting specific options
+* Ensure requirements are capped by upper constraints
+* Display coverage report
+* reno: Update master for unmaintained/yoga
+* redis: Add functional tests
+* Add support for Redis Sentinel backend
+* Add native options for redis backend
+* memcache: Remove "default" username and password
+* Automate TLS certificates settings for redis backend
+* Fail if tls\_enabled is True but backend does not support it
+* Fix minor typos in parameter help texts
+* pre-commit: Integrate bandit
+* pre-commit: Bump versions
+* Bump hacking (again)
+* Add a new option to enforce the OpenSSL FIPS mode
+* Bump hacking
+* Update python classifier in setup.cfg
+
+3.6.0
+-----
+
+* Fix wrong path in coveragerc
+* Clean-up memcache connection sockets
+* Update master for stable/2023.2
+
3.5.0
-----
@@ -13,6 +43,8 @@
* Revert "Moves supported python runtimes from version 3.8 to 3.10"
* Moves supported python runtimes from version 3.8 to 3.10
+* [cache] memcache\_password should be secret
+* Do not mark hosts as alive when they are all dead
* Update master for stable/2023.1
* Allow bmemcached to be optional for memcache\_pool
* Imported Translations from Zanata
@@ -21,6 +53,7 @@
-----
* Fix issues related to tox4
+* Cleanup py27 support
3.3.0
-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/PKG-INFO
new/oslo.cache-3.7.0/PKG-INFO
--- old/oslo.cache-3.5.0/PKG-INFO 2023-08-28 14:51:01.575720000 +0200
+++ new/oslo.cache-3.7.0/PKG-INFO 2024-02-26 08:35:56.178395500 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: oslo.cache
-Version: 3.5.0
+Version: 3.7.0
Summary: Cache storage for OpenStack projects.
Home-page: https://docs.openstack.org/oslo.cache/latest
Author: OpenStack
@@ -54,6 +54,7 @@
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
Requires-Python: >=3.8
Provides-Extra: dogpile
Provides-Extra: etcd3gw
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/bindep.txt
new/oslo.cache-3.7.0/bindep.txt
--- old/oslo.cache-3.5.0/bindep.txt 2023-08-28 14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/bindep.txt 2024-02-26 08:35:26.000000000 +0100
@@ -3,3 +3,6 @@
etcd [tests-functional-etcd]
memcached [tests-functional-memcached]
+redis [platform:rpm tests-functional-redis]
+redis-server [platform:dpkg tests-functional-redis]
+redis-sentinel [platform:dpkg tests-functional-redis]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/oslo.cache.egg-info/PKG-INFO
new/oslo.cache-3.7.0/oslo.cache.egg-info/PKG-INFO
--- old/oslo.cache-3.5.0/oslo.cache.egg-info/PKG-INFO 2023-08-28
14:51:01.000000000 +0200
+++ new/oslo.cache-3.7.0/oslo.cache.egg-info/PKG-INFO 2024-02-26
08:35:56.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: oslo.cache
-Version: 3.5.0
+Version: 3.7.0
Summary: Cache storage for OpenStack projects.
Home-page: https://docs.openstack.org/oslo.cache/latest
Author: OpenStack
@@ -54,6 +54,7 @@
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
Requires-Python: >=3.8
Provides-Extra: dogpile
Provides-Extra: etcd3gw
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/oslo.cache.egg-info/SOURCES.txt
new/oslo.cache-3.7.0/oslo.cache.egg-info/SOURCES.txt
--- old/oslo.cache-3.5.0/oslo.cache.egg-info/SOURCES.txt 2023-08-28
14:51:01.000000000 +0200
+++ new/oslo.cache-3.7.0/oslo.cache.egg-info/SOURCES.txt 2024-02-26
08:35:56.000000000 +0100
@@ -66,6 +66,10 @@
oslo_cache/tests/functional/dogpile_cache_bmemcached/test_cache_backend.py
oslo_cache/tests/functional/dogpile_cache_pymemcache/__init__.py
oslo_cache/tests/functional/dogpile_cache_pymemcache/test_cache_backend.py
+oslo_cache/tests/functional/dogpile_cache_redis/__init__.py
+oslo_cache/tests/functional/dogpile_cache_redis/test_cache_backend.py
+oslo_cache/tests/functional/dogpile_cache_redis_sentinel/__init__.py
+oslo_cache/tests/functional/dogpile_cache_redis_sentinel/test_cache_backend.py
oslo_cache/tests/functional/etcd3gw/__init__.py
oslo_cache/tests/functional/etcd3gw/test_cache_backend.py
oslo_cache/tests/functional/memcache_pool/__init__.py
@@ -75,6 +79,8 @@
oslo_cache/tests/unit/test_cache_basics.py
oslo_cache/tests/unit/test_connection_pool.py
oslo_cache/tests/unit/test_dict_backend.py
+playbooks/tests/functional/Debian.yaml
+playbooks/tests/functional/RedHat.yaml
playbooks/tests/functional/pre.yml
releasenotes/notes/add-dogpile.cache.pymemcache-backend-627d31a76013f8e1.yaml
releasenotes/notes/add_reno-3b4ae0789e9c45b4.yaml
@@ -84,6 +90,7 @@
releasenotes/notes/bug-1991250-23bc3463273e5a91.yaml
releasenotes/notes/drop-python-2-7-73d3113c69d724d6.yaml
releasenotes/notes/enable-sasl-protocol-46d11530b87e7832.yaml
+releasenotes/notes/enforce_fips_mode-c3296a0cc1fb7ad9.yaml
releasenotes/notes/etcd3gw_driver-8ba4511ae9553a91.yaml
releasenotes/notes/fix-memcache-pool-backend-b9e6aaab08075d68.yaml
releasenotes/notes/lower_socket_timeout-ff5680a6be23bdb2.yaml
@@ -91,8 +98,12 @@
releasenotes/notes/pymemcache_hashclient_configure-f6f48c5ca38bce47.yaml
releasenotes/notes/pymemcache_retry_mecchanisms-fa969d1ac6f64096.yaml
releasenotes/notes/pymemcache_socket_keepalive-f91c69770961e2b6.yaml
+releasenotes/notes/redis-backend-opts-27915f2b672512c9.yaml
+releasenotes/notes/redis-sentinel-18ba4a0da83dabc7.yaml
+releasenotes/notes/redis-ssl-ca14b4b99c2e5a84.yaml
releasenotes/notes/switch-from-python-memcached-to-pymemcache-566e70b224f92b73.yaml
releasenotes/source/2023.1.rst
+releasenotes/source/2023.2.rst
releasenotes/source/conf.py
releasenotes/source/index.rst
releasenotes/source/newton.rst
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/oslo.cache.egg-info/pbr.json
new/oslo.cache-3.7.0/oslo.cache.egg-info/pbr.json
--- old/oslo.cache-3.5.0/oslo.cache.egg-info/pbr.json 2023-08-28
14:51:01.000000000 +0200
+++ new/oslo.cache-3.7.0/oslo.cache.egg-info/pbr.json 2024-02-26
08:35:56.000000000 +0100
@@ -1 +1 @@
-{"git_version": "06f76e5", "is_release": true}
\ No newline at end of file
+{"git_version": "e8de6c9", "is_release": true}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/oslo.cache.egg-info/requires.txt
new/oslo.cache-3.7.0/oslo.cache.egg-info/requires.txt
--- old/oslo.cache-3.5.0/oslo.cache.egg-info/requires.txt 2023-08-28
14:51:01.000000000 +0200
+++ new/oslo.cache-3.7.0/oslo.cache.egg-info/requires.txt 2024-02-26
08:35:56.000000000 +0100
@@ -8,6 +8,7 @@
pymemcache>=3.5.0
python-binary-memcached>=0.29.0
python-memcached>=1.56
+redis>=3.0.0
[etcd3gw]
etcd3gw>=0.2.0
@@ -16,14 +17,12 @@
pymongo!=3.1,>=3.0.2
[test]
-bandit<1.8.0,>=1.7.0
etcd3gw>=0.2.0
-hacking<3.1.0,>=3.0.1
oslotest>=3.2.0
pifpaf>=0.10.0
-pre-commit>=2.6.0
pymemcache>=3.5.0
pymongo!=3.1,>=3.0.2
python-binary-memcached>=0.29.0
python-memcached>=1.56
+redis>=3.0.0
stestr>=2.0.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/oslo_cache/_memcache_pool.py
new/oslo.cache-3.7.0/oslo_cache/_memcache_pool.py
--- old/oslo.cache-3.5.0/oslo_cache/_memcache_pool.py 2023-08-28
14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/oslo_cache/_memcache_pool.py 2024-02-26
08:35:26.000000000 +0100
@@ -93,6 +93,27 @@
self._connection_get_timeout = conn_get_timeout
self._acquired = 0
+ def __del__(self):
+ """Delete the connection pool.
+
+ Destory all connections left in the queue.
+ """
+ while True:
+ # As per https://docs.python.org/3/library/collections.html
+ # self.queue.pop() will raise IndexError when no elements are
+ # present, ending the while True: loop.
+ # The logic loops over all connections in the queue but it does
+ # not retry for a single one in case a connection closure fails
+ # then it leaves that one and process the next.
+ try:
+ conn = self.queue.pop().connection
+ self._destroy_connection(conn)
+ except IndexError:
+ break
+ except Exception as e:
+ self._do_log(
+ LOG.warning, "Unable to cleanup a connection: %s", e)
+
def _create_connection(self):
"""Returns a connection instance.
@@ -260,13 +281,6 @@
self.urls[i], host.deaduntil)
else:
self._hosts_deaduntil[i] = 0
- # If all hosts are dead we should forget that they're dead. This
- # way we won't get completely shut off until dead_retry seconds
- # pass, but will be checking servers as frequent as we can (over
- # way smaller socket_timeout)
- if all(deaduntil > now for deaduntil in self._hosts_deaduntil):
- self._debug_logger('All hosts are dead. Marking them as live.')
- self._hosts_deaduntil[:] = [0] * len(self._hosts_deaduntil)
finally:
# super() cannot be used here because Queue in stdlib is an
# old-style class
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/oslo_cache/_opts.py
new/oslo.cache-3.7.0/oslo_cache/_opts.py
--- old/oslo.cache-3.5.0/oslo_cache/_opts.py 2023-08-28 14:50:36.000000000
+0200
+++ new/oslo.cache-3.7.0/oslo_cache/_opts.py 2024-02-26 08:35:26.000000000
+0100
@@ -44,6 +44,7 @@
'dogpile.cache.bmemcached',
'dogpile.cache.dbm',
'dogpile.cache.redis',
+ 'dogpile.cache.redis_sentinel',
'dogpile.cache.memory',
'dogpile.cache.memory_pickle',
'dogpile.cache.null'],
@@ -80,7 +81,7 @@
'If ``dogpile.cache.memcached`` or '
'``oslo_cache.memcache_pool`` is used and a given '
'host refer to an IPv6 or a given domain refer to '
- 'IPv6 then you should prefix the given address with'
+ 'IPv6 then you should prefix the given address with '
'the address family (``inet6``) '
'(e.g ``inet6[::1]:11211``, '
'``inet6:[fd12:3456:789a:1::1]:11211``, '
@@ -122,15 +123,39 @@
help='Enable the SASL(Simple Authentication and Security'
'Layer) if the SASL_enable is true, else disable.'),
cfg.StrOpt('memcache_username',
- default='',
help='the user name for the memcached which SASL enabled'),
cfg.StrOpt('memcache_password',
- default='',
+ secret=True,
help='the password for the memcached which SASL enabled'),
+ cfg.StrOpt('redis_server',
+ default='localhost:6379',
+ help='Redis server in the format of "host:port"'),
+ cfg.StrOpt('redis_username',
+ help='the user name for redis'),
+ cfg.StrOpt('redis_password',
+ secret=True,
+ help='the password for redis'),
+ cfg.ListOpt('redis_sentinels',
+ default=['localhost:26379'],
+ help='Redis sentinel servers in the format of '
+ '"host:port"'),
+ cfg.FloatOpt('redis_socket_timeout',
+ default=1.0,
+ help='Timeout in seconds for every call to a server.'
+ ' (dogpile.cache.redis and dogpile.cache.redis_sentinel '
+ 'backends only).'),
+ cfg.StrOpt('redis_sentinel_service_name',
+ default='mymaster',
+ help='Service name of the redis sentinel cluster.'),
cfg.BoolOpt('tls_enabled',
default=False,
- help='Global toggle for TLS usage when comunicating with'
- ' the caching servers.'),
+ help='Global toggle for TLS usage when communicating with'
+ ' the caching servers. Currently supported by '
+ '``dogpile.cache.bmemcache``, '
+ '``dogpile.cache.pymemcache``, '
+ '``oslo_cache.memcache_pool``, '
+ '``dogpile.cache.redis`` and '
+ '``dogpile.cache.redis_sentinel``.'),
cfg.StrOpt('tls_cafile',
default=None,
help='Path to a file of concatenated CA certificates in PEM'
@@ -156,7 +181,10 @@
help='Set the available ciphers for sockets created with'
' the TLS context. It should be a string in the OpenSSL'
' cipher list format. If not specified, all OpenSSL enabled'
- ' ciphers will be available.'),
+ ' ciphers will be available. Currently supported by '
+ '``dogpile.cache.bmemcache``, '
+ '``dogpile.cache.pymemcache`` and '
+ '``oslo_cache.memcache_pool``.'),
cfg.BoolOpt(
'enable_socket_keepalive',
default=False,
@@ -216,6 +244,18 @@
default=60,
help='Time in seconds before attempting to add a node '
'back in the pool in the HashClient\'s internal mechanisms.'),
+ cfg.BoolOpt('enforce_fips_mode',
+ default=False,
+ help='Global toggle for enforcing the OpenSSL FIPS mode. '
+ 'This feature requires Python support. '
+ 'This is available in Python 3.9 in all '
+ 'environments and may have been backported to older '
+ 'Python versions on select environments. If the Python '
+ 'executable used does not support OpenSSL FIPS mode, '
+ 'an exception will be raised. Currently supported by '
+ '``dogpile.cache.bmemcache``, '
+ '``dogpile.cache.pymemcache`` and '
+ '``oslo_cache.memcache_pool``.'),
],
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/oslo_cache/backends/memcache_pool.py
new/oslo.cache-3.7.0/oslo_cache/backends/memcache_pool.py
--- old/oslo.cache-3.5.0/oslo_cache/backends/memcache_pool.py 2023-08-28
14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/oslo_cache/backends/memcache_pool.py 2024-02-26
08:35:26.000000000 +0100
@@ -27,6 +27,7 @@
else:
raise
from oslo_cache import _memcache_pool
+from oslo_cache import exception
# Helper to ease backend refactoring
@@ -63,6 +64,11 @@
def __init__(self, arguments):
super(PooledMemcachedBackend, self).__init__(arguments)
if arguments.get('sasl_enabled', False):
+ if (arguments.get('username') is None or
+ arguments.get('password') is None):
+ raise exception.ConfigurationError(
+ 'username and password should be configured to use SASL '
+ 'authentication.')
if not _bmemcache_pool:
raise ImportError("python-binary-memcached package is missing")
self.client_pool = _bmemcache_pool.BMemcacheClientPool(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/oslo_cache/core.py
new/oslo.cache-3.7.0/oslo_cache/core.py
--- old/oslo.cache-3.5.0/oslo_cache/core.py 2023-08-28 14:50:36.000000000
+0200
+++ new/oslo.cache-3.7.0/oslo_cache/core.py 2024-02-26 08:35:26.000000000
+0100
@@ -34,7 +34,9 @@
from oslo_cache import core
NO_VALUE = core.NO_VALUE
"""
+import re
import ssl
+import urllib.parse
import dogpile.cache
from dogpile.cache import api
@@ -100,6 +102,18 @@
self.proxied.delete_multi(keys)
+def _parse_sentinel(sentinel):
+ # IPv6 (eg. [::1]:6379 )
+ match = re.search(r'^\[(\S+)\]:(\d+)$', sentinel)
+ if match:
+ return (match[1], int(match[2]))
+ # IPv4 or hostname (eg. 127.0.0.1:6379 or localhost:6379)
+ match = re.search(r'^(\S+):(\d+)$', sentinel)
+ if match:
+ return (match[1], int(match[2]))
+ raise exception.ConfigurationError('Malformed sentinel server format')
+
+
def _build_cache_config(conf):
"""Build the cache region dictionary configuration.
@@ -136,58 +150,159 @@
conf_dict[arg_key] = argvalue
_LOG.debug('Oslo Cache Config: %s', conf_dict)
- # NOTE(yorik-sar): these arguments will be used for memcache-related
- # backends. Use setdefault for url to support old-style setting through
- # backend_argument=url:127.0.0.1:11211
- #
- # NOTE(morgan): If requested by config, 'flush_on_reconnect' will be set
- # for pooled connections. This can ensure that stale data is never
- # consumed from a server that pops in/out due to a network partition
- # or disconnect.
- #
- # See the help from python-memcached:
- #
- # param flush_on_reconnect: optional flag which prevents a
- # scenario that can cause stale data to be read: If there's more
- # than one memcached server and the connection to one is
- # interrupted, keys that mapped to that server will get
- # reassigned to another. If the first server comes back, those
- # keys will map to it again. If it still has its data, get()s
- # can read stale data that was overwritten on another
- # server. This flag is off by default for backwards
- # compatibility.
- #
- # The normal non-pooled clients connect explicitly on each use and
- # does not need the explicit flush_on_reconnect
- conf_dict.setdefault('%s.arguments.url' % prefix,
- conf.cache.memcache_servers)
- for arg in ('dead_retry', 'socket_timeout', 'pool_maxsize',
- 'pool_unused_timeout', 'pool_connection_get_timeout',
- 'pool_flush_on_reconnect', 'sasl_enabled', 'username',
- 'password'):
- value = getattr(conf.cache, 'memcache_' + arg)
- conf_dict['%s.arguments.%s' % (prefix, arg)] = value
- if conf.cache.tls_enabled:
- _LOG.debug('Oslo Cache TLS - CA: %s', conf.cache.tls_cafile)
- tls_context = ssl.create_default_context(cafile=conf.cache.tls_cafile)
+ if conf.cache.backend == 'dogpile.cache.redis':
+ if conf.cache.redis_password is None:
+ netloc = conf.cache.redis_server
+ else:
+ if conf.cache.redis_username:
+ netloc = '%s:%s@%s' % (conf.cache.redis_username,
+ conf.cache.redis_password,
+ conf.cache.redis_server)
+ else:
+ netloc = ':%s@%s' % (conf.cache.redis_password,
+ conf.cache.redis_server)
+
+ parts = urllib.parse.ParseResult(
+ scheme=('rediss' if conf.cache.tls_enabled else 'redis'),
+ netloc=netloc, path='', params='', query='', fragment='')
+
+ conf_dict.setdefault(
+ '%s.arguments.url' % prefix,
+ urllib.parse.urlunparse(parts)
+ )
+ for arg in ('socket_timeout',):
+ value = getattr(conf.cache, 'redis_' + arg)
+ conf_dict['%s.arguments.%s' % (prefix, arg)] = value
+ elif conf.cache.backend == 'dogpile.cache.redis_sentinel':
+ for arg in ('password', 'socket_timeout'):
+ value = getattr(conf.cache, 'redis_' + arg)
+ conf_dict['%s.arguments.%s' % (prefix, arg)] = value
+ if conf.cache.redis_username:
+ # TODO(tkajinam): Update dogpile.cache to add username argument,
+ # similarly to password.
+ conf_dict['%s.arguments.connection_kwargs' % prefix] = \
+ {'username': conf.cache.redis_username}
+ conf_dict['%s.arguments.sentinel_kwargs' % prefix] = \
+ {'username': conf.cache.redis_username}
+ conf_dict['%s.arguments.service_name' % prefix] = \
+ conf.cache.redis_sentinel_service_name
+ if conf.cache.redis_sentinels:
+ conf_dict['%s.arguments.sentinels' % prefix] = [
+ _parse_sentinel(s) for s in conf.cache.redis_sentinels]
+ else:
+ # NOTE(yorik-sar): these arguments will be used for memcache-related
+ # backends. Use setdefault for url to support old-style setting through
+ # backend_argument=url:127.0.0.1:11211
+ #
+ # NOTE(morgan): If requested by config, 'flush_on_reconnect' will be
+ # set for pooled connections. This can ensure that stale data is never
+ # consumed from a server that pops in/out due to a network partition
+ # or disconnect.
+ #
+ # See the help from python-memcached:
+ #
+ # param flush_on_reconnect: optional flag which prevents a
+ # scenario that can cause stale data to be read: If there's more
+ # than one memcached server and the connection to one is
+ # interrupted, keys that mapped to that server will get
+ # reassigned to another. If the first server comes back, those
+ # keys will map to it again. If it still has its data, get()s
+ # can read stale data that was overwritten on another
+ # server. This flag is off by default for backwards
+ # compatibility.
+ #
+ # The normal non-pooled clients connect explicitly on each use and
+ # does not need the explicit flush_on_reconnect
+ conf_dict.setdefault('%s.arguments.url' % prefix,
+ conf.cache.memcache_servers)
+
+ for arg in ('dead_retry', 'socket_timeout', 'pool_maxsize',
+ 'pool_unused_timeout', 'pool_connection_get_timeout',
+ 'pool_flush_on_reconnect', 'sasl_enabled', 'username',
+ 'password'):
+ value = getattr(conf.cache, 'memcache_' + arg)
+ conf_dict['%s.arguments.%s' % (prefix, arg)] = value
- if conf.cache.tls_certfile is not None:
- _LOG.debug('Oslo Cache TLS - cert: %s', conf.cache.tls_certfile)
- _LOG.debug('Oslo Cache TLS - key: %s', conf.cache.tls_keyfile)
- tls_context.load_cert_chain(
- conf.cache.tls_certfile,
- conf.cache.tls_keyfile,
- )
-
- if conf.cache.tls_allowed_ciphers is not None:
- _LOG.debug(
- 'Oslo Cache TLS - ciphers: %s',
- conf.cache.tls_allowed_ciphers,
+ if conf.cache.tls_enabled:
+ if conf.cache.backend in ('dogpile.cache.bmemcache',
+ 'dogpile.cache.pymemcache',
+ 'oslo_cache.memcache_pool'):
+ _LOG.debug('Oslo Cache TLS - CA: %s', conf.cache.tls_cafile)
+ tls_context = ssl.create_default_context(
+ cafile=conf.cache.tls_cafile)
+
+ if conf.cache.enforce_fips_mode:
+ if hasattr(ssl, 'FIPS_mode'):
+ _LOG.info("Enforcing the use of the OpenSSL FIPS mode")
+ ssl.FIPS_mode_set(1)
+ else:
+ raise exception.ConfigurationError(
+ "OpenSSL FIPS mode is not supported by your Python "
+ "version. You must either change the Python "
+ "executable used to a version with FIPS mode support "
+ "or disable FIPS mode by setting "
+ "the '[cache] enforce_fips_mode' configuration option "
+ "to 'False'.")
+
+ if conf.cache.tls_certfile is not None:
+ _LOG.debug('Oslo Cache TLS - cert: %s',
+ conf.cache.tls_certfile)
+ _LOG.debug('Oslo Cache TLS - key: %s', conf.cache.tls_keyfile)
+ tls_context.load_cert_chain(
+ conf.cache.tls_certfile,
+ conf.cache.tls_keyfile,
+ )
+
+ if conf.cache.tls_allowed_ciphers is not None:
+ _LOG.debug(
+ 'Oslo Cache TLS - ciphers: %s',
+ conf.cache.tls_allowed_ciphers,
+ )
+ tls_context.set_ciphers(conf.cache.tls_allowed_ciphers)
+
+ conf_dict['%s.arguments.tls_context' % prefix] = tls_context
+ elif conf.cache.backend in ('dogpile.cache.redis',
+ 'dogpile.cache.redis_sentinel'):
+ if conf.cache.tls_allowed_ciphers is not None:
+ raise exception.ConfigurationError(
+ "Limiting allowed ciphers is not supported by "
+ "the %s backend" % conf.cache.backend)
+ if conf.cache.enforce_fips_mode:
+ raise exception.ConfigurationError(
+ "FIPS mode is not supported by the %s backend" %
+ conf.cache.backend)
+
+ conn_kwargs = {}
+ if conf.cache.tls_cafile is not None:
+ _LOG.debug('Oslo Cache TLS - CA: %s', conf.cache.tls_cafile)
+ conn_kwargs['ssl_ca_certs'] = conf.cache.tls_cafile
+ if conf.cache.tls_certfile is not None:
+ _LOG.debug('Oslo Cache TLS - cert: %s',
+ conf.cache.tls_certfile)
+ _LOG.debug('Oslo Cache TLS - key: %s', conf.cache.tls_keyfile)
+ conn_kwargs.update({
+ 'ssl_certfile': conf.cache.tls_certfile,
+ 'ssl_keyfile': conf.cache.tls_keyfile
+ })
+ if conf.cache.backend == 'dogpile.cache.redis_sentinel':
+ conn_kwargs.update({'ssl': True})
+ conf_dict.setdefault(
+ '%s.arguments.connection_kwargs' % prefix,
+ {}).update(conn_kwargs)
+ conf_dict.setdefault(
+ '%s.arguments.sentinel_kwargs' % prefix,
+ {}).update(conn_kwargs)
+ else:
+ conf_dict.setdefault(
+ '%s.arguments.connection_kwargs' % prefix,
+ {}).update(conn_kwargs)
+ else:
+ raise exception.ConfigurationError(
+ "TLS setting via [cache] tls_enabled is not supported by the "
+ "%s backend. Set [cache] tls_enabled=False or use a different "
+ "backend." % conf.cache.backend
)
- tls_context.set_ciphers(conf.cache.tls_allowed_ciphers)
-
- conf_dict['%s.arguments.tls_context' % prefix] = tls_context
# NOTE(hberaud): Pymemcache support socket keepalive, If it is enable in
# our config then configure it to enable this feature.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/oslo_cache/tests/functional/dogpile_cache_redis/test_cache_backend.py
new/oslo.cache-3.7.0/oslo_cache/tests/functional/dogpile_cache_redis/test_cache_backend.py
---
old/oslo.cache-3.5.0/oslo_cache/tests/functional/dogpile_cache_redis/test_cache_backend.py
1970-01-01 01:00:00.000000000 +0100
+++
new/oslo.cache-3.7.0/oslo_cache/tests/functional/dogpile_cache_redis/test_cache_backend.py
2024-02-26 08:35:26.000000000 +0100
@@ -0,0 +1,29 @@
+# Copyright 2024 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_cache.tests.functional import test_base
+
+
+class TestRedisCacheBackend(test_base.BaseTestCaseCacheBackend):
+ def setUp(self):
+ self.config_fixture.config(
+ group='cache',
+ backend='dogpile.cache.redis',
+ redis_server='127.0.0.1:6379',
+ )
+
+ # NOTE(hberaud): super must be called after all to ensure that
+ # config fixture is properly initialized with value related to
+ # the current backend in use.
+ super().setUp()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/oslo_cache/tests/functional/dogpile_cache_redis_sentinel/test_cache_backend.py
new/oslo.cache-3.7.0/oslo_cache/tests/functional/dogpile_cache_redis_sentinel/test_cache_backend.py
---
old/oslo.cache-3.5.0/oslo_cache/tests/functional/dogpile_cache_redis_sentinel/test_cache_backend.py
1970-01-01 01:00:00.000000000 +0100
+++
new/oslo.cache-3.7.0/oslo_cache/tests/functional/dogpile_cache_redis_sentinel/test_cache_backend.py
2024-02-26 08:35:26.000000000 +0100
@@ -0,0 +1,30 @@
+# Copyright 2024 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_cache.tests.functional import test_base
+
+
+class TestRedisSentinelCacheBackend(test_base.BaseTestCaseCacheBackend):
+ def setUp(self):
+ self.config_fixture.config(
+ group='cache',
+ backend='dogpile.cache.redis_sentinel',
+ redis_sentinels=['127.0.0.1:6380'],
+ redis_sentinel_service_name='pifpaf'
+ )
+
+ # NOTE(hberaud): super must be called after all to ensure that
+ # config fixture is properly initialized with value related to
+ # the current backend in use.
+ super().setUp()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/oslo_cache/tests/unit/test_cache_basics.py
new/oslo.cache-3.7.0/oslo_cache/tests/unit/test_cache_basics.py
--- old/oslo.cache-3.5.0/oslo_cache/tests/unit/test_cache_basics.py
2023-08-28 14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/oslo_cache/tests/unit/test_cache_basics.py
2024-02-26 08:35:26.000000000 +0100
@@ -294,6 +294,43 @@
ssl.create_default_context.assert_not_called()
self.assertNotIn('test_prefix.arguments.tls_context', config_dict)
+ def test_cache_dictionary_config_builder_tls_disabled_redis(self):
+ """Validate the backend is reset to default if caching is disabled."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='dogpile.cache.redis',
+ tls_cafile='path_to_ca_file',
+ tls_keyfile='path_to_key_file',
+ tls_certfile='path_to_cert_file',
+ tls_allowed_ciphers='allowed_ciphers')
+
+ config_dict = cache._build_cache_config(self.config_fixture.conf)
+ self.assertEqual(
+ 'redis://localhost:6379',
+ config_dict['test_prefix.arguments.url'])
+ self.assertFalse(self.config_fixture.conf.cache.tls_enabled)
+ self.assertNotIn('test_prefix.arguments.connection_kwargs',
+ config_dict)
+
+ def test_cache_dictionary_config_builder_tls_disabled_redis_sentinel(self):
+ """Validate the backend is reset to default if caching is disabled."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='dogpile.cache.redis_sentinel',
+ tls_cafile='path_to_ca_file',
+ tls_keyfile='path_to_key_file',
+ tls_certfile='path_to_cert_file')
+
+ config_dict = cache._build_cache_config(self.config_fixture.conf)
+
+ self.assertFalse(self.config_fixture.conf.cache.tls_enabled)
+ self.assertNotIn('test_prefix.arguments.connection_kwargs',
+ config_dict)
+ self.assertNotIn('test_prefix.arguments.sentinel_kwargs',
+ config_dict)
+
def test_cache_dictionary_config_builder_tls_enabled(self):
"""Validate the backend is reset to default if caching is disabled."""
self.config_fixture.config(group='cache',
@@ -318,6 +355,135 @@
config_dict['test_prefix.arguments.tls_context'],
)
+ def test_cache_dictionary_config_builder_tls_enabled_redis(self):
+ """Validate the backend is reset to default if caching is disabled."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='dogpile.cache.redis',
+ tls_enabled=True,
+ tls_cafile='path_to_ca_file',
+ tls_keyfile='path_to_key_file',
+ tls_certfile='path_to_cert_file')
+
+ config_dict = cache._build_cache_config(self.config_fixture.conf)
+
+ self.assertTrue(self.config_fixture.conf.cache.tls_enabled)
+ self.assertIn('test_prefix.arguments.connection_kwargs',
+ config_dict)
+ self.assertEqual(
+ 'rediss://localhost:6379',
+ config_dict['test_prefix.arguments.url'])
+ self.assertEqual(
+ {
+ 'ssl_ca_certs': 'path_to_ca_file',
+ 'ssl_keyfile': 'path_to_key_file',
+ 'ssl_certfile': 'path_to_cert_file'
+ },
+ config_dict['test_prefix.arguments.connection_kwargs'])
+ self.assertNotIn('test_prefix.arguments.sentinel_kwargs', config_dict)
+
+ def test_cache_dictionary_config_builder_tls_enabled_redis_sentinel(self):
+ """Validate the backend is reset to default if caching is disabled."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='dogpile.cache.redis_sentinel',
+ tls_enabled=True,
+ tls_cafile='path_to_ca_file',
+ tls_keyfile='path_to_key_file',
+ tls_certfile='path_to_cert_file')
+
+ config_dict = cache._build_cache_config(self.config_fixture.conf)
+
+ self.assertTrue(self.config_fixture.conf.cache.tls_enabled)
+ self.assertIn('test_prefix.arguments.connection_kwargs',
+ config_dict)
+ self.assertEqual(
+ {
+ 'ssl': True,
+ 'ssl_ca_certs': 'path_to_ca_file',
+ 'ssl_keyfile': 'path_to_key_file',
+ 'ssl_certfile': 'path_to_cert_file'
+ },
+ config_dict['test_prefix.arguments.connection_kwargs'])
+ self.assertIn('test_prefix.arguments.sentinel_kwargs',
+ config_dict)
+ self.assertEqual(
+ {
+ 'ssl': True,
+ 'ssl_ca_certs': 'path_to_ca_file',
+ 'ssl_keyfile': 'path_to_key_file',
+ 'ssl_certfile': 'path_to_cert_file'
+ },
+ config_dict['test_prefix.arguments.sentinel_kwargs'])
+
+ @mock.patch('oslo_cache.core._LOG')
+ def test_cache_dictionary_config_builder_fips_mode_supported(self, log):
+ """Validate the FIPS mode is supported."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='dogpile.cache.pymemcache',
+ tls_enabled=True,
+ enforce_fips_mode=True)
+
+ # Ensure that we emulate FIPS_mode even if it doesn't exist
+ with mock.patch.object(ssl, 'FIPS_mode',
+ create=True, return_value=True):
+ # Ensure that we are able to set FIPS_mode
+ with mock.patch.object(ssl, 'FIPS_mode_set', create=True):
+
+ cache._build_cache_config(self.config_fixture.conf)
+ log.info.assert_called_once_with(
+ "Enforcing the use of the OpenSSL FIPS mode")
+
+ @mock.patch('oslo_cache.core._LOG')
+ def test_cache_dictionary_config_builder_fips_mode_unsupported(self, log):
+ """Validate the FIPS mode is not supported."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='dogpile.cache.pymemcache',
+ tls_enabled=True,
+ enforce_fips_mode=True)
+
+ with mock.patch.object(cache, 'ssl') as ssl_:
+ del ssl_.FIPS_mode
+
+ # We do this test only if FIPS mode is not supported to
+ # ensure that we hard fail.
+ self.assertRaises(exception.ConfigurationError,
+ cache._build_cache_config,
+ self.config_fixture.conf)
+
+ def test_cache_dictionary_config_builder_fips_mode_unsupported_redis(self):
+ """Validate the FIPS mode is not supported."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='dogpile.cache.redis',
+ tls_enabled=True,
+ enforce_fips_mode=True)
+
+ self.assertRaises(exception.ConfigurationError,
+ cache._build_cache_config,
+ self.config_fixture.conf)
+
+ def test_cache_dictionary_config_builder_tls_enabled_unsupported(self):
+ """Validate the tls_enabled opiton is not supported.."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='oslo_cache.dict',
+ tls_enabled=True)
+
+ with mock.patch.object(ssl, 'create_default_context'):
+ self.assertRaises(exception.ConfigurationError,
+ cache._build_cache_config,
+ self.config_fixture.conf)
+ ssl.create_default_context.assert_not_called()
+
def test_cache_dictionary_config_builder_tls_enabled_with_config(self):
"""Validate the backend is reset to default if caching is disabled."""
self.config_fixture.config(group='cache',
@@ -587,6 +753,92 @@
self.assertFalse(config_dict['test_prefix.arguments'
'.pool_flush_on_reconnect'])
+ def test_cache_dictionary_config_builder_redis(self):
+ """Validate the backend is reset to default if caching is disabled."""
+ self.config_fixture.config(group='cache',
+ config_prefix='test_prefix',
+ backend='dogpile.cache.redis',
+ redis_server='[::1]:6379',
+ redis_username='user',
+ redis_password='secrete')
+
+ config_dict = cache._build_cache_config(self.config_fixture.conf)
+ self.assertEqual(
+ 'redis://user:secrete@[::1]:6379',
+ config_dict['test_prefix.arguments.url'])
+ self.assertEqual(
+ 1.0, config_dict['test_prefix.arguments.socket_timeout'])
+
+ def test_cache_dictionary_config_builder_redis_with_auth(self):
+ """Validate the backend is reset to default if caching is disabled."""
+ self.config_fixture.config(group='cache',
+ config_prefix='test_prefix',
+ backend='dogpile.cache.redis',
+ redis_server='[::1]:6379',
+ redis_username='user',
+ redis_password='secrete')
+
+ config_dict = cache._build_cache_config(self.config_fixture.conf)
+ self.assertEqual(
+ 'redis://user:secrete@[::1]:6379',
+ config_dict['test_prefix.arguments.url'])
+
+ def test_cache_dictionary_config_builder_redis_sentinel(self):
+ """Validate the backend is reset to default if caching is disabled."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='dogpile.cache.redis_sentinel')
+
+ config_dict = cache._build_cache_config(self.config_fixture.conf)
+
+ self.assertFalse(self.config_fixture.conf.cache.tls_enabled)
+ self.assertEqual(
+ 'mymaster', config_dict['test_prefix.arguments.service_name'])
+ self.assertEqual([
+ ('localhost', 26379)
+ ], config_dict['test_prefix.arguments.sentinels'])
+ self.assertEqual(
+ 1.0, config_dict['test_prefix.arguments.socket_timeout'])
+ self.assertNotIn('test_prefix.arguments.connection_kwargs',
+ config_dict)
+ self.assertNotIn('test_prefix.arguments.sentinel_kwargs',
+ config_dict)
+
+ def test_cache_dictionary_config_builder_redis_sentinel_with_auth(self):
+ """Validate the backend is reset to default if caching is disabled."""
+ self.config_fixture.config(group='cache',
+ enabled=True,
+ config_prefix='test_prefix',
+ backend='dogpile.cache.redis_sentinel',
+ redis_username='user',
+ redis_password='secrete',
+ redis_sentinels=[
+ '127.0.0.1:26379',
+ '[::1]:26379',
+ 'localhost:26379'
+ ],
+ redis_sentinel_service_name='cluster')
+
+ config_dict = cache._build_cache_config(self.config_fixture.conf)
+
+ self.assertFalse(self.config_fixture.conf.cache.tls_enabled)
+ self.assertEqual(
+ 'cluster', config_dict['test_prefix.arguments.service_name'])
+ self.assertEqual([
+ ('127.0.0.1', 26379),
+ ('::1', 26379),
+ ('localhost', 26379),
+ ], config_dict['test_prefix.arguments.sentinels'])
+ self.assertEqual(
+ 'secrete', config_dict['test_prefix.arguments.password'])
+ self.assertEqual({
+ 'username': 'user'
+ }, config_dict['test_prefix.arguments.connection_kwargs'])
+ self.assertEqual({
+ 'username': 'user'
+ }, config_dict['test_prefix.arguments.sentinel_kwargs'])
+
def test_cache_debug_proxy(self):
single_value = 'Test Value'
single_key = 'testkey'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/playbooks/tests/functional/Debian.yaml
new/oslo.cache-3.7.0/playbooks/tests/functional/Debian.yaml
--- old/oslo.cache-3.5.0/playbooks/tests/functional/Debian.yaml 1970-01-01
01:00:00.000000000 +0100
+++ new/oslo.cache-3.7.0/playbooks/tests/functional/Debian.yaml 2024-02-26
08:35:26.000000000 +0100
@@ -0,0 +1,9 @@
+---
+backend_services_map:
+ redis:
+ - redis-server
+ - redis-sentinel
+ memcached:
+ - memcached
+ etcd:
+ - etcd
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/playbooks/tests/functional/RedHat.yaml
new/oslo.cache-3.7.0/playbooks/tests/functional/RedHat.yaml
--- old/oslo.cache-3.5.0/playbooks/tests/functional/RedHat.yaml 1970-01-01
01:00:00.000000000 +0100
+++ new/oslo.cache-3.7.0/playbooks/tests/functional/RedHat.yaml 2024-02-26
08:35:26.000000000 +0100
@@ -0,0 +1,9 @@
+---
+backend_services_map:
+ redis:
+ - redis
+ - redis-sentinel
+ memcached:
+ - memcached
+ etcd:
+ - etcd
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/playbooks/tests/functional/pre.yml
new/oslo.cache-3.7.0/playbooks/tests/functional/pre.yml
--- old/oslo.cache-3.5.0/playbooks/tests/functional/pre.yml 2023-08-28
14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/playbooks/tests/functional/pre.yml 2024-02-26
08:35:26.000000000 +0100
@@ -5,13 +5,16 @@
- role: bindep
bindep_profile: "tests-functional-{{ oslo_cache_backend_daemon }}"
tasks:
+ - name: Include OS-specific variables
+ include_vars: "{{ ansible_os_family }}.yaml"
# NOTE(yoctozepto): Debian and Ubuntu have this nasty policy of starting
# installed services for us. We don't rely on system-wide service and use
# pifpaf. Unfortunately, default port may conflict with system-wide
service.
# So, for sanity and resource conservation, let's stop it before tests run.
- - name: "Stop {{ oslo_cache_backend_daemon }}"
+ - name: "Stop backend services"
service:
- name: "{{ oslo_cache_backend_daemon }}"
+ name: "{{ item }}"
state: stopped
enabled: no
become: yes
+ loop: "{{ backend_services_map[oslo_cache_backend_daemon] }}"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/releasenotes/notes/enforce_fips_mode-c3296a0cc1fb7ad9.yaml
new/oslo.cache-3.7.0/releasenotes/notes/enforce_fips_mode-c3296a0cc1fb7ad9.yaml
---
old/oslo.cache-3.5.0/releasenotes/notes/enforce_fips_mode-c3296a0cc1fb7ad9.yaml
1970-01-01 01:00:00.000000000 +0100
+++
new/oslo.cache-3.7.0/releasenotes/notes/enforce_fips_mode-c3296a0cc1fb7ad9.yaml
2024-02-26 08:35:26.000000000 +0100
@@ -0,0 +1,9 @@
+---
+features:
+ - |
+ Adding a new option, ``[cache] enforce_fips_mode``, to the rabbitmq driver
+ to enforce the OpenSSL FIPS mode if supported by the version of Python.
+security:
+ - |
+ We are now able to enforce the OpenSSL FIPS mode by using
+ ``[cache] enforce_fips_mode``.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/releasenotes/notes/redis-backend-opts-27915f2b672512c9.yaml
new/oslo.cache-3.7.0/releasenotes/notes/redis-backend-opts-27915f2b672512c9.yaml
---
old/oslo.cache-3.5.0/releasenotes/notes/redis-backend-opts-27915f2b672512c9.yaml
1970-01-01 01:00:00.000000000 +0100
+++
new/oslo.cache-3.7.0/releasenotes/notes/redis-backend-opts-27915f2b672512c9.yaml
2024-02-26 08:35:26.000000000 +0100
@@ -0,0 +1,16 @@
+---
+features:
+ - |
+ The following new options are added. These options are used to customize
+ connections in the ``dogpile.cache.redis`` backend.
+
+ - ``redis_server``
+ - ``redis_username``
+ - ``redis_password``
+ - ``redis_socket_timeout``
+
+upgrade:
+ - |
+ The ``[cache] memcache_socket_timeout`` option no longer takes affect in
+ when the ``dogpile.cache.redis`` backend, which is the documented behavior.
+ Use the ``[cache] redis_socket_timeout`` option instead.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/releasenotes/notes/redis-sentinel-18ba4a0da83dabc7.yaml
new/oslo.cache-3.7.0/releasenotes/notes/redis-sentinel-18ba4a0da83dabc7.yaml
---
old/oslo.cache-3.5.0/releasenotes/notes/redis-sentinel-18ba4a0da83dabc7.yaml
1970-01-01 01:00:00.000000000 +0100
+++
new/oslo.cache-3.7.0/releasenotes/notes/redis-sentinel-18ba4a0da83dabc7.yaml
2024-02-26 08:35:26.000000000 +0100
@@ -0,0 +1,4 @@
+---
+features:
+ - |
+ Now Redis Sentinel is supported as a cache backend.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/oslo.cache-3.5.0/releasenotes/notes/redis-ssl-ca14b4b99c2e5a84.yaml
new/oslo.cache-3.7.0/releasenotes/notes/redis-ssl-ca14b4b99c2e5a84.yaml
--- old/oslo.cache-3.5.0/releasenotes/notes/redis-ssl-ca14b4b99c2e5a84.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/oslo.cache-3.7.0/releasenotes/notes/redis-ssl-ca14b4b99c2e5a84.yaml
2024-02-26 08:35:26.000000000 +0100
@@ -0,0 +1,11 @@
+---
+features:
+ - |
+ When the ``dogpile.cache.redis`` backend is used and
+ the ``[cache] tls_enable`` option is set to True, now the following
+ ``[cache]`` options set tls certificates and keys used for TLS
+ communication with Redis.
+
+ - ``tls_cafile``
+ - ``tls_certfile``
+ - ``tls_keyfile``
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/releasenotes/source/2023.2.rst
new/oslo.cache-3.7.0/releasenotes/source/2023.2.rst
--- old/oslo.cache-3.5.0/releasenotes/source/2023.2.rst 1970-01-01
01:00:00.000000000 +0100
+++ new/oslo.cache-3.7.0/releasenotes/source/2023.2.rst 2024-02-26
08:35:26.000000000 +0100
@@ -0,0 +1,6 @@
+===========================
+2023.2 Series Release Notes
+===========================
+
+.. release-notes::
+ :branch: stable/2023.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/releasenotes/source/index.rst
new/oslo.cache-3.7.0/releasenotes/source/index.rst
--- old/oslo.cache-3.5.0/releasenotes/source/index.rst 2023-08-28
14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/releasenotes/source/index.rst 2024-02-26
08:35:26.000000000 +0100
@@ -6,6 +6,7 @@
:maxdepth: 1
unreleased
+ 2023.2
2023.1
zed
yoga
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/releasenotes/source/yoga.rst
new/oslo.cache-3.7.0/releasenotes/source/yoga.rst
--- old/oslo.cache-3.5.0/releasenotes/source/yoga.rst 2023-08-28
14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/releasenotes/source/yoga.rst 2024-02-26
08:35:26.000000000 +0100
@@ -3,4 +3,4 @@
=========================
.. release-notes::
- :branch: stable/yoga
+ :branch: unmaintained/yoga
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/requirements.txt
new/oslo.cache-3.7.0/requirements.txt
--- old/oslo.cache-3.5.0/requirements.txt 2023-08-28 14:50:36.000000000
+0200
+++ new/oslo.cache-3.7.0/requirements.txt 2024-02-26 08:35:26.000000000
+0100
@@ -1,7 +1,3 @@
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
-
dogpile.cache>=1.1.5 # BSD
oslo.config>=8.1.0 # Apache-2.0
oslo.i18n>=5.0.0 # Apache-2.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/setup.cfg
new/oslo.cache-3.7.0/setup.cfg
--- old/oslo.cache-3.5.0/setup.cfg 2023-08-28 14:51:01.575720000 +0200
+++ new/oslo.cache-3.7.0/setup.cfg 2024-02-26 08:35:56.178395500 +0100
@@ -19,6 +19,7 @@
Programming Language :: Python :: 3.8
Programming Language :: Python :: 3.9
Programming Language :: Python :: 3.10
+ Programming Language :: Python :: 3.11
[files]
packages =
@@ -38,6 +39,7 @@
python-memcached>=1.56 # PSF
pymemcache>=3.5.0 # Apache-2.0
python-binary-memcached>=0.29.0 # MIT
+ redis>=3.0.0 # MIT
mongo =
pymongo!=3.1,>=3.0.2 # Apache-2.0
etcd3gw =
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/setup.py
new/oslo.cache-3.7.0/setup.py
--- old/oslo.cache-3.5.0/setup.py 2023-08-28 14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/setup.py 2024-02-26 08:35:26.000000000 +0100
@@ -15,14 +15,6 @@
import setuptools
-# In python < 2.7.4, a lazy loading of package `pbr` will break
-# setuptools if some other modules registered functions in `atexit`.
-# solution from: http://bugs.python.org/issue15881#msg170215
-try:
- import multiprocessing # noqa
-except ImportError:
- pass
-
setuptools.setup(
setup_requires=['pbr>=2.0.0'],
pbr=True)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/test-requirements.txt
new/oslo.cache-3.7.0/test-requirements.txt
--- old/oslo.cache-3.5.0/test-requirements.txt 2023-08-28 14:50:36.000000000
+0200
+++ new/oslo.cache-3.7.0/test-requirements.txt 2024-02-26 08:35:26.000000000
+0100
@@ -1,15 +1,9 @@
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
-hacking>=3.0.1,<3.1.0 # Apache-2.0
oslotest>=3.2.0 # Apache-2.0
pifpaf>=0.10.0 # Apache-2.0
-# Bandit security code scanner
-bandit>=1.7.0,<1.8.0 # Apache-2.0
stestr>=2.0.0 # Apache-2.0
-pre-commit>=2.6.0 # MIT
pymemcache>=3.5.0 # Apache-2.0
python-binary-memcached>=0.29.0 # MIT
python-memcached>=1.56 # PSF
pymongo!=3.1,>=3.0.2 # Apache-2.0
etcd3gw>=0.2.0 # Apache-2.0
+redis>=3.0.0 # MIT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/oslo.cache-3.5.0/tox.ini new/oslo.cache-3.7.0/tox.ini
--- old/oslo.cache-3.5.0/tox.ini 2023-08-28 14:50:36.000000000 +0200
+++ new/oslo.cache-3.7.0/tox.ini 2024-02-26 08:35:26.000000000 +0100
@@ -7,6 +7,7 @@
find
deps =
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
+ -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
commands =
find . -type f -name "*.pyc" -delete
@@ -17,14 +18,13 @@
STESTR_TEST_PATH=./oslo_cache/tests/functional/{env:OSLO_BACKEND}
commands =
find . -type f -name "*.pyc" -delete
- pifpaf -e OSLO_CACHE_TEST run {env:PIFPAF_DAEMON} -- stestr run --slowest
+ pifpaf -e OSLO_CACHE_TEST run {env:PIFPAF_DAEMON} {env:PIFPAF_OPTS} --
stestr run --slowest
[testenv:pep8]
-deps = {[testenv]deps}
+deps =
+ pre-commit
commands =
pre-commit run -a
- # Run security linter
- bandit -r oslo_cache -x tests -n5
[testenv:venv]
commands = {posargs}
@@ -42,10 +42,12 @@
setenv =
PYTHON=coverage run --source oslo_cache --parallel-mode
commands =
+ coverage erase
stestr run {posargs}
coverage combine
coverage html -d cover
coverage xml -o cover/coverage.xml
+ coverage report --show-missing
[flake8]
show-source = True
