Hello community, here is the log from the commit of package python-oslo.policy for openSUSE:Factory checked in at 2020-06-05 20:14:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-oslo.policy (Old) and /work/SRC/openSUSE:Factory/.python-oslo.policy.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-oslo.policy" Fri Jun 5 20:14:48 2020 rev:13 rq:803595 version:3.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-oslo.policy/python-oslo.policy.changes 2020-03-29 14:25:45.578099477 +0200 +++ /work/SRC/openSUSE:Factory/.python-oslo.policy.new.3606/python-oslo.policy.changes 2020-06-05 20:17:37.779274428 +0200 @@ -1,0 +2,31 @@ +Tue May 12 09:54:56 UTC 2020 - [email protected] + +- update to version 3.1.0 + - Fix reference cycle caused by deprecated sample override + - Bump the openstackdocstheme extension to 1.20 + - tox: Trivial cleanup + - Fix doc comments for new enforce default flag + - [ussuri][goal] Drop python 2.7 support and testing + - Use unittest.mock instead of third party mock + - Update hacking for Python3 + - Add new config to enforce the new defaults + - Allow disabling the default check_str change warnings + - Initialize global config object in cli tools + - Bump oslo.utils to 3.40.0 + - Temporarily make namespace arg optional + - Link to the Keystone role documentation + - Follow the new PTI for document build + - Don't use string processing to combine deprecated rules + - Modernize policy checker + - Don't parse cli args on the global object in sphinxpolicygen + - Make HTTP check doc heading more specific + - Cleanup warnings + - Update master for stable/train + - Suppress deprecation warnings in oslopolicy-list-redundant + - tox: Keeping going with docs + - remove outdated header + - Update the constraints url + - Switch to Ussuri jobs + - Move away from python setup.py test who is deprecated in pbr + +------------------------------------------------------------------- Old: ---- oslo.policy-2.3.3.tar.gz New: ---- oslo.policy-3.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-oslo.policy.spec ++++++ --- /var/tmp/diff_new_pack.DlimFW/_old 2020-06-05 20:17:46.507314228 +0200 +++ /var/tmp/diff_new_pack.DlimFW/_new 2020-06-05 20:17:46.511314246 +0200 @@ -17,19 +17,20 @@ Name: python-oslo.policy -Version: 2.3.3 +Version: 3.1.0 Release: 0 Summary: OpenStack Oslo Policy library License: Apache-2.0 Group: Development/Languages/Python URL: https://launchpad.net/oslo.policy -Source0: https://files.pythonhosted.org/packages/source/o/oslo.policy/oslo.policy-2.3.3.tar.gz +Source0: https://files.pythonhosted.org/packages/source/o/oslo.policy/oslo.policy-3.1.0.tar.gz BuildRequires: openstack-macros BuildRequires: python3-PyYAML >= 3.12 BuildRequires: python3-oslo.config >= 5.2.0 BuildRequires: python3-oslo.context >= 2.22.0 BuildRequires: python3-oslo.i18n >= 3.15.3 BuildRequires: python3-oslo.serialization >= 2.18.0 +BuildRequires: python3-oslo.utils >= 3.40.0 BuildRequires: python3-oslotest BuildRequires: python3-pbr BuildRequires: python3-requests >= 2.14.2 @@ -49,6 +50,7 @@ Requires: python3-oslo.context >= 2.22.0 Requires: python3-oslo.i18n >= 3.15.3 Requires: python3-oslo.serialization >= 2.18.0 +Requires: python3-oslo.utils >= 3.40.0 Requires: python3-requests >= 2.14.2 Requires: python3-six >= 1.10.0 Requires: python3-stevedore >= 1.20.0 @@ -73,7 +75,7 @@ Documentation for the Oslo Policy library. %prep -%autosetup -p1 -n oslo.policy-2.3.3 +%autosetup -p1 -n oslo.policy-3.1.0 %py_req_cleanup %build ++++++ _service ++++++ --- /var/tmp/diff_new_pack.DlimFW/_old 2020-06-05 20:17:46.559314465 +0200 +++ /var/tmp/diff_new_pack.DlimFW/_new 2020-06-05 20:17:46.559314465 +0200 @@ -1,8 +1,8 @@ <services> <service mode="disabled" name="renderspec"> - <param name="input-template">https://raw.githubusercontent.com/openstack/rpm-packaging/stable/train/openstack/oslo.policy/oslo.policy.spec.j2</param> + <param name="input-template">https://opendev.org/openstack/rpm-packaging/raw/branch/stable/ussuri/openstack/oslo.policy/oslo.policy.spec.j2</param> <param name="output-name">python-oslo.policy.spec</param> - <param name="requirements">https://raw.githubusercontent.com/openstack/oslo.policy/stable/train/requirements.txt</param> + <param name="requirements">https://opendev.org/openstack/oslo.policy/raw/branch/stable/ussuri/requirements.txt</param> <param name="changelog-email">[email protected]</param> <param name="changelog-provider">gh,openstack,oslo.policy</param> </service> ++++++ oslo.policy-2.3.3.tar.gz -> oslo.policy-3.1.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/.zuul.yaml new/oslo.policy-3.1.0/.zuul.yaml --- old/oslo.policy-2.3.3/.zuul.yaml 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/.zuul.yaml 2020-04-13 18:14:18.000000000 +0200 @@ -1,11 +1,9 @@ - project: templates: - check-requirements - - lib-forward-testing - lib-forward-testing-python3 - openstack-lower-constraints-jobs - - openstack-python-jobs - - openstack-python3-train-jobs + - openstack-python3-ussuri-jobs - periodic-stable-jobs - publish-openstack-docs-pti - release-notes-jobs-python3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/AUTHORS new/oslo.policy-3.1.0/AUTHORS --- old/oslo.policy-2.3.3/AUTHORS 2020-01-09 19:16:23.000000000 +0100 +++ new/oslo.policy-3.1.0/AUTHORS 2020-04-13 18:15:16.000000000 +0200 @@ -11,6 +11,7 @@ Anthony Washington <[email protected]> Anusha Unnam <[email protected]> Arata Notsu <[email protected]> +Arthur Dayne <[email protected]> Arvind Tiwari <[email protected]> Ben Nemec <[email protected]> Brant Knudson <[email protected]> @@ -96,6 +97,7 @@ Vishvananda Ishaya <[email protected]> Wei Li <[email protected]> Xu Ao <[email protected]> +Zane Bitter <[email protected]> Zhi Yan Liu <[email protected]> ZhijunWei <[email protected]> ZhongShengping <[email protected]> @@ -110,6 +112,7 @@ jessegler <[email protected]> loooosy <[email protected]> melissaml <[email protected]> +pengyuesheng <[email protected]> ricolin <[email protected]> sonu.kumar <[email protected]> vponomaryov <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/ChangeLog new/oslo.policy-3.1.0/ChangeLog --- old/oslo.policy-2.3.3/ChangeLog 2020-01-09 19:16:23.000000000 +0100 +++ new/oslo.policy-3.1.0/ChangeLog 2020-04-13 18:15:16.000000000 +0200 @@ -1,14 +1,59 @@ CHANGES ======= -2.3.3 +3.1.0 ----- +* Fix doc comments for new enforce default flag +* Allow disabling the default check\_str change warnings +* Add new config to enforce the new defaults +* Cleanup warnings +* Bump oslo.utils to 3.40.0 + +3.0.3 +----- + +* Use unittest.mock instead of third party mock +* Update hacking for Python3 + +3.0.2 +----- + +* Don't parse cli args on the global object in sphinxpolicygen + +3.0.1 +----- + +* Temporarily make namespace arg optional + +3.0.0 +----- + +* remove outdated header +* [ussuri][goal] Drop python 2.7 support and testing +* Link to the Keystone role documentation +* Make HTTP check doc heading more specific +* Initialize global config object in cli tools +* Move away from python setup.py test who is deprecated in pbr +* tox: Trivial cleanup +* Follow the new PTI for document build + +2.4.1 +----- + +* Don't use string processing to combine deprecated rules +* Bump the openstackdocstheme extension to 1.20 + +2.4.0 +----- + +* tox: Keeping going with docs +* Switch to Ussuri jobs * Modernize policy checker +* Update the constraints url +* Update master for stable/train * Suppress deprecation warnings in oslopolicy-list-redundant * Fix reference cycle caused by deprecated sample override -* Update TOX/UPPER\_CONSTRAINTS\_FILE for stable/train -* Update .gitreview for stable/train 2.3.2 ----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/PKG-INFO new/oslo.policy-3.1.0/PKG-INFO --- old/oslo.policy-2.3.3/PKG-INFO 2020-01-09 19:16:23.000000000 +0100 +++ new/oslo.policy-3.1.0/PKG-INFO 2020-04-13 18:15:16.000000000 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.2 Name: oslo.policy -Version: 2.3.3 +Version: 3.1.0 Summary: Oslo Policy library Home-page: https://docs.openstack.org/oslo.policy/latest/ Author: OpenStack @@ -41,8 +41,9 @@ Classifier: License :: OSI Approved :: Apache Software License Classifier: Operating System :: POSIX :: Linux Classifier: Programming Language :: Python -Classifier: Programming Language :: Python :: 2 -Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: 3 :: Only +Classifier: Programming Language :: Python :: Implementation :: CPython +Requires-Python: >=3.6 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/doc/requirements.txt new/oslo.policy-3.1.0/doc/requirements.txt --- old/oslo.policy-2.3.3/doc/requirements.txt 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/doc/requirements.txt 2020-04-13 18:14:18.000000000 +0200 @@ -2,9 +2,8 @@ # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -openstackdocstheme>=1.18.1 # Apache-2.0 -sphinx!=1.6.6,!=1.6.7,>=1.6.5,<2.0.0;python_version=='2.7' # BSD -sphinx!=1.6.6,!=1.6.7,>=1.6.5;python_version>='3.4' # BSD +openstackdocstheme>=1.20.0 # Apache-2.0 +sphinx>=1.8.0,!=2.1.0 # BSD sphinxcontrib-apidoc>=0.2.0 # BSD reno>=2.5.0 # Apache-2.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/doc/source/admin/policy-json-file.rst new/oslo.policy-3.1.0/doc/source/admin/policy-json-file.rst --- old/oslo.policy-2.3.3/doc/source/admin/policy-json-file.rst 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/doc/source/admin/policy-json-file.rst 2020-04-13 18:14:18.000000000 +0200 @@ -76,6 +76,10 @@ "identity:create_user" : "role:admin" +.. note:: ``admin`` is a built-in default role in Keystone. For more + details and other roles that may be available, see the + `Keystone documentation on default roles. <https://docs.openstack.org/keystone/latest/admin/service-api-protection.html>`_ + You can limit APIs to any role. For example, the Orchestration service defines a role named ``heat_stack_user``. Whoever has this role is not allowed to create stacks: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/doc/source/admin/policy-yaml-file.rst new/oslo.policy-3.1.0/doc/source/admin/policy-yaml-file.rst --- old/oslo.policy-2.3.3/doc/source/admin/policy-yaml-file.rst 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/doc/source/admin/policy-yaml-file.rst 2020-04-13 18:14:18.000000000 +0200 @@ -71,6 +71,10 @@ "identity:create_user" : "role:admin" +.. note:: ``admin`` is a built-in default role in Keystone. For more + details and other roles that may be available, see the + `Keystone documentation on default roles. <https://docs.openstack.org/keystone/latest/admin/service-api-protection.html>`_ + You can limit APIs to any role. For example, the Orchestration service defines a role named ``heat_stack_user``. Whoever has this role is not allowed to create stacks: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/doc/source/conf.py new/oslo.policy-3.1.0/doc/source/conf.py --- old/oslo.policy-2.3.3/doc/source/conf.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/doc/source/conf.py 2020-04-13 18:14:18.000000000 +0200 @@ -12,11 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -import os -import sys - -sys.path.insert(0, os.path.abspath('../..')) -# -- General configuration ---------------------------------------------------- +# -- General configuration --------------------------------------------------- # Add any Sphinx extension module names here, as strings. They can be # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones. @@ -24,7 +20,6 @@ 'sphinx.ext.autodoc', 'sphinx.ext.extlinks', 'sphinxcontrib.apidoc', - #'sphinx.ext.intersphinx', 'openstackdocstheme', 'oslo_config.sphinxext', ] @@ -33,7 +28,6 @@ repository_name = 'openstack/oslo.policy' bug_project = 'oslo.policy' bug_tag = '' -html_last_updated_fmt = '%Y-%m-%d %H:%M' # autodoc generation is a bit aggressive and a nuisance when doing heavy # text edit cycles. @@ -45,10 +39,6 @@ # The master toctree document. master_doc = 'index' -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -exclude_patterns = ['api/oslo_policy.tests.*', 'api/setup.rst'] - # General information about the project. project = u'oslo.policy' copyright = u'2014, OpenStack Foundation' @@ -67,36 +57,24 @@ # A list of ignored prefixes for module index sorting. modindex_common_prefix = ['oslo_policy.'] -# -- Options for HTML output -------------------------------------------------- + +# -- Options for HTML output ------------------------------------------------- # The theme to use for HTML and HTML Help pages. Major themes that come with # Sphinx are currently 'default' and 'sphinxdoc'. -# html_theme_path = ["."] -# html_theme = '_theme' -# html_static_path = ['static'] html_theme = 'openstackdocs' -# Output file base name for HTML help builder. -htmlhelp_basename = '%sdoc' % project -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, author, documentclass -# [howto/manual]). -latex_documents = [ - ('index', - '%s.tex' % project, - u'%s Documentation' % project, - u'OpenStack Foundation', 'manual'), -] +# -- sphinx.ext.extlinks configuration --------------------------------------- -# Shortened external links. extlinks = { 'example': (source_tree + '/oslo_policy/%s', ''), } -# Example configuration for intersphinx: refer to the Python standard library. -#intersphinx_mapping = {'http://docs.python.org/': None} - # -- sphinxcontrib.apidoc configuration -------------------------------------- + apidoc_module_dir = '../../oslo_policy' apidoc_output_dir = 'reference/api' +apidoc_excluded_paths = [ + 'tests', +] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/doc/source/reference/index.rst new/oslo.policy-3.1.0/doc/source/reference/index.rst --- old/oslo.policy-2.3.3/doc/source/reference/index.rst 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/doc/source/reference/index.rst 2020-04-13 18:14:18.000000000 +0200 @@ -5,4 +5,3 @@ .. toctree:: api/modules - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/doc/source/user/plugins.rst new/oslo.policy-3.1.0/doc/source/user/plugins.rst --- old/oslo.policy-2.3.3/doc/source/user/plugins.rst 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/doc/source/user/plugins.rst 2020-04-13 18:14:18.000000000 +0200 @@ -1,6 +1,6 @@ -========================== -Writing custom check rules -========================== +======================== +Writing HTTP check rules +======================== oslo.policy has supported the following syntax for a while:: @@ -48,4 +48,4 @@ .. literalinclude:: ../../../oslo_policy/_external.py :language: python :linenos: - :lines: 28-64 \ No newline at end of file + :lines: 28-64 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/lower-constraints.txt new/oslo.policy-3.1.0/lower-constraints.txt --- old/oslo.policy-2.3.3/lower-constraints.txt 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/lower-constraints.txt 2020-04-13 18:14:18.000000000 +0200 @@ -19,19 +19,17 @@ linecache2==1.0.0 MarkupSafe==1.0 mccabe==0.2.1 -mock==2.0.0 -monotonic==0.6 mox3==0.20.0 msgpack-python==0.4.0 netaddr==0.7.18 netifaces==0.10.4 -openstackdocstheme==1.18.1 +openstackdocstheme==1.20.0 os-client-config==1.28.0 oslo.config==5.2.0 oslo.context==2.22.0 oslo.i18n==3.15.3 oslo.serialization==2.18.0 -oslo.utils==3.33.0 +oslo.utils==3.40.0 oslotest==3.2.0 pbr==2.0.0 pep8==1.5.7 @@ -51,7 +49,7 @@ stestr==2.0.0 smmap==0.9.0 snowballstemmer==1.2.1 -Sphinx==1.6.5 +Sphinx==1.8.0 sphinxcontrib-websupport==1.0.1 stevedore==1.20.0 testrepository==0.0.18 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo.policy.egg-info/PKG-INFO new/oslo.policy-3.1.0/oslo.policy.egg-info/PKG-INFO --- old/oslo.policy-2.3.3/oslo.policy.egg-info/PKG-INFO 2020-01-09 19:16:23.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo.policy.egg-info/PKG-INFO 2020-04-13 18:15:16.000000000 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.2 Name: oslo.policy -Version: 2.3.3 +Version: 3.1.0 Summary: Oslo Policy library Home-page: https://docs.openstack.org/oslo.policy/latest/ Author: OpenStack @@ -41,8 +41,9 @@ Classifier: License :: OSI Approved :: Apache Software License Classifier: Operating System :: POSIX :: Linux Classifier: Programming Language :: Python -Classifier: Programming Language :: Python :: 2 -Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: 3 :: Only +Classifier: Programming Language :: Python :: Implementation :: CPython +Requires-Python: >=3.6 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo.policy.egg-info/SOURCES.txt new/oslo.policy-3.1.0/oslo.policy.egg-info/SOURCES.txt --- old/oslo.policy-2.3.3/oslo.policy.egg-info/SOURCES.txt 2020-01-09 19:16:23.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo.policy.egg-info/SOURCES.txt 2020-04-13 18:15:16.000000000 +0200 @@ -74,6 +74,8 @@ releasenotes/notes/add_custom_rule_check_plugins-3c15c2c7ca5e.yaml releasenotes/notes/add_reno-3b4ae0789e9c45b4.yaml releasenotes/notes/bug-1779172-c1323c0f647bc44c.yaml +releasenotes/notes/drop-python27-support-9aa06224812cc352.yaml +releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml releasenotes/notes/enforce_scope_types-1e92f6a34e4173ef.yaml releasenotes/notes/expand-cli-docs-02c2f13adbe251c0.yaml releasenotes/notes/fix-rendering-for-deprecated-rules-d465292e4155f483.yaml @@ -88,6 +90,7 @@ releasenotes/source/queens.rst releasenotes/source/rocky.rst releasenotes/source/stein.rst +releasenotes/source/train.rst releasenotes/source/unreleased.rst releasenotes/source/_static/.placeholder releasenotes/source/_templates/.placeholder diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo.policy.egg-info/pbr.json new/oslo.policy-3.1.0/oslo.policy.egg-info/pbr.json --- old/oslo.policy-2.3.3/oslo.policy.egg-info/pbr.json 2020-01-09 19:16:23.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo.policy.egg-info/pbr.json 2020-04-13 18:15:16.000000000 +0200 @@ -1 +1 @@ -{"git_version": "b7b9930", "is_release": true} \ No newline at end of file +{"git_version": "0ed3df2", "is_release": true} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo.policy.egg-info/requires.txt new/oslo.policy-3.1.0/oslo.policy.egg-info/requires.txt --- old/oslo.policy-2.3.3/oslo.policy.egg-info/requires.txt 2020-01-09 19:16:23.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo.policy.egg-info/requires.txt 2020-04-13 18:15:16.000000000 +0200 @@ -6,3 +6,4 @@ PyYAML>=3.12 six>=1.10.0 stevedore>=1.20.0 +oslo.utils>=3.40.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/generator.py new/oslo.policy-3.1.0/oslo_policy/generator.py --- old/oslo.policy-2.3.3/oslo_policy/generator.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/generator.py 2020-04-13 18:14:18.000000000 +0200 @@ -31,7 +31,6 @@ RULE_OPTS = [ cfg.MultiStrOpt('namespace', - required=True, help='Option namespace(s) under "oslo.policy.policies" in ' 'which to query for options.'), cfg.StrOpt('format', @@ -42,7 +41,6 @@ ENFORCER_OPTS = [ cfg.StrOpt('namespace', - required=True, help='Option namespace under "oslo.policy.enforcer" in ' 'which to look for a policy.Enforcer.'), ] @@ -279,6 +277,9 @@ ',\n '.join(sections_text), '\n}\n')) + if output_file != sys.stdout: + output_file.close() + def _generate_policy(namespace, output_file=None): """Generate a policy file showing what will be used. @@ -306,6 +307,9 @@ for section in _sort_and_format_by_section(policies, include_help=False): output_file.write(section) + if output_file != sys.stdout: + output_file.close() + def _list_redundant(namespace): """Generate a list of configured policies which match defaults. @@ -334,21 +338,36 @@ raise -def generate_sample(args=None): +def _check_for_namespace_opt(conf): + # NOTE(bnemec): This opt is required, but due to lp#1849518 we need to + # make it optional while our consumers migrate to the new method of + # parsing cli args. Making the arg itself optional and explicitly checking + # for it in the tools will allow us to migrate projects without breaking + # anything. Once everyone has migrated, we can make the arg required again + # and remove this check. + if conf.namespace is None: + raise cfg.RequiredOptError('namespace', 'DEFAULT') + + +def generate_sample(args=None, conf=None): logging.basicConfig(level=logging.WARN) - conf = cfg.ConfigOpts() + # Allow the caller to pass in a local conf object for unit testing + if conf is None: + conf = cfg.CONF conf.register_cli_opts(GENERATOR_OPTS + RULE_OPTS) conf.register_opts(GENERATOR_OPTS + RULE_OPTS) conf(args) + _check_for_namespace_opt(conf) _generate_sample(conf.namespace, conf.output_file, conf.format) def generate_policy(args=None): logging.basicConfig(level=logging.WARN) - conf = cfg.ConfigOpts() + conf = cfg.CONF conf.register_cli_opts(GENERATOR_OPTS + ENFORCER_OPTS) conf.register_opts(GENERATOR_OPTS + ENFORCER_OPTS) conf(args) + _check_for_namespace_opt(conf) _generate_policy(conf.namespace, conf.output_file) @@ -367,12 +386,15 @@ 'new_name': rule_default.name}) -def upgrade_policy(args=None): +def upgrade_policy(args=None, conf=None): logging.basicConfig(level=logging.WARN) - conf = cfg.ConfigOpts() + # Allow the caller to pass in a local conf object for unit testing + if conf is None: + conf = cfg.CONF conf.register_cli_opts(GENERATOR_OPTS + RULE_OPTS + UPGRADE_OPTS) conf.register_opts(GENERATOR_OPTS + RULE_OPTS + UPGRADE_OPTS) conf(args) + _check_for_namespace_opt(conf) with open(conf.policy, 'r') as input_data: policies = policy.parse_file_contents(input_data.read()) default_policies = get_policies_dict(conf.namespace) @@ -380,12 +402,11 @@ _upgrade_policies(policies, default_policies) if conf.output_file: - if conf.format == 'yaml': - yaml.safe_dump(policies, open(conf.output_file, 'w'), - default_flow_style=False) - elif conf.format == 'json': - jsonutils.dump(policies, open(conf.output_file, 'w'), - indent=4) + with open(conf.output_file, 'w') as fh: + if conf.format == 'yaml': + yaml.safe_dump(policies, fh, default_flow_style=False) + elif conf.format == 'json': + jsonutils.dump(policies, fh, indent=4) else: if conf.format == 'yaml': sys.stdout.write(yaml.safe_dump(policies, @@ -396,8 +417,9 @@ def list_redundant(args=None): logging.basicConfig(level=logging.WARN) - conf = cfg.ConfigOpts() + conf = cfg.CONF conf.register_cli_opts(ENFORCER_OPTS) conf.register_opts(ENFORCER_OPTS) conf(args) + _check_for_namespace_opt(conf) _list_redundant(conf.namespace) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/opts.py new/oslo.policy-3.1.0/oslo_policy/opts.py --- old/oslo.policy-2.3.3/oslo_policy/opts.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/opts.py 2020-04-13 18:14:18.000000000 +0200 @@ -34,6 +34,17 @@ 'will be raised. If ``False``, a message will be ' 'logged informing operators that policies are being ' 'invoked with mismatching scope.')), + cfg.BoolOpt('enforce_new_defaults', + default=False, + help=_('This option controls whether or not to use old ' + 'deprecated defaults when evaluating policies. If ' + '``True``, the old deprecated defaults are not going ' + 'to be evaluated. This means if any existing token is ' + 'allowed for old defaults but is disallowed for new ' + 'defaults, it will be disallowed. It is encouraged to ' + 'enable this flag along with the ``enforce_scope`` ' + 'flag so that you can get the benefits of new defaults ' + 'and ``scope_type`` together')), cfg.StrOpt('policy_file', default='policy.json', help=_('The relative or absolute path of a file that maps ' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/policy.py new/oslo.policy-3.1.0/oslo_policy/policy.py --- old/oslo.policy-2.3.3/oslo_policy/policy.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/policy.py 2020-04-13 18:14:18.000000000 +0200 @@ -503,6 +503,12 @@ self._policy_dir_mtimes = {} self._file_cache = {} self._informed_no_policy_file = False + # NOTE(gmann): This flag will suppress the warning for + # policies changing their default check_str that have + # not been overridden by operators. This does not affect the + # warning for policy changed their name or deprecated + # for removal. + self.suppress_default_change_warnings = False # FOR TESTING ONLY self.suppress_deprecation_warnings = False @@ -540,6 +546,7 @@ self.registered_rules = {} self.file_rules = {} self._informed_no_policy_file = False + self.suppress_default_change_warnings = False self.suppress_deprecation_warnings = False def load_rules(self, force_reload=False): @@ -696,14 +703,17 @@ # messages telling them stuff is going to change if they don't maintain # the policy manually or add infrastructure to their deployment to # support the new policy. - if (deprecated_rule.check_str != default.check_str + # If the enforce_new_defaults flag is True, do not add OrCheck to the + # old check_str and enforce only the new defaults. + if (not self.conf.oslo_policy.enforce_new_defaults + and deprecated_rule.check_str != default.check_str and default.name not in self.file_rules): - default.check = _parser.parse_rule( - default.check_str + ' or ' + - deprecated_rule.check_str - ) - if not self.suppress_deprecation_warnings: + default.check = OrCheck([_parser.parse_rule(cs) for cs in + [default.check_str, + deprecated_rule.check_str]]) + if not (self.suppress_deprecation_warnings + or self.suppress_default_change_warnings): warnings.warn(deprecated_msg) def _undefined_check(self, check): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/sphinxpolicygen.py new/oslo.policy-3.1.0/oslo_policy/sphinxpolicygen.py --- old/oslo.policy-2.3.3/oslo_policy/sphinxpolicygen.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/sphinxpolicygen.py 2020-04-13 18:14:18.000000000 +0200 @@ -17,6 +17,7 @@ import os +from oslo_config import cfg from sphinx.util import logging from oslo_policy import generator @@ -77,8 +78,14 @@ out_file = os.path.join(app.srcdir, file_name) info('writing sample policy to %s' % out_file) + # NOTE(bnemec): We don't want to do cli parsing on the global object here + # because that can break consumers who do cli arg registration on import + # in their documented modules. It's not allowed to register a cli arg after + # the args have been parsed once. + conf = cfg.ConfigOpts() generator.generate_sample(args=['--config-file', config_path, - '--output-file', out_file]) + '--output-file', out_file], + conf=conf) def setup(app): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/tests/test_checks.py new/oslo.policy-3.1.0/oslo_policy/tests/test_checks.py --- old/oslo.policy-2.3.3/oslo_policy/tests/test_checks.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/tests/test_checks.py 2020-04-13 18:14:18.000000000 +0200 @@ -13,7 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. -import mock +from unittest import mock + from oslotest import base as test_base from oslo_policy import _checks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/tests/test_external.py new/oslo.policy-3.1.0/oslo_policy/tests/test_external.py --- old/oslo.policy-2.3.3/oslo_policy/tests/test_external.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/tests/test_external.py 2020-04-13 18:14:18.000000000 +0200 @@ -14,7 +14,8 @@ # under the License. import json -import mock +from unittest import mock + from oslo_serialization import jsonutils from requests_mock.contrib import fixture as rm_fixture import six.moves.urllib.parse as urlparse diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/tests/test_generator.py new/oslo.policy-3.1.0/oslo_policy/tests/test_generator.py --- old/oslo.policy-2.3.3/oslo_policy/tests/test_generator.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/tests/test_generator.py 2020-04-13 18:14:18.000000000 +0200 @@ -10,9 +10,9 @@ # under the License. import operator +from unittest import mock import warnings -import mock from oslo_config import cfg import stevedore import testtools @@ -500,8 +500,9 @@ def test_generator_call_with_no_arguments_raises_error(self): testargs = ['oslopolicy-sample-generator'] with mock.patch('sys.argv', testargs): + local_conf = cfg.ConfigOpts() self.assertRaises(cfg.RequiredOptError, generator.generate_sample, - []) + [], local_conf) class GeneratePolicyTestCase(base.PolicyBaseTestCase): @@ -594,7 +595,7 @@ deprecated_rule=deprecated_rule, deprecated_reason='reason', deprecated_since='T') - ) + ) # Mock out stevedore to return the configured enforcer ext = stevedore.extension.Extension(name='testing', entry_point=None, @@ -655,6 +656,8 @@ plugin=None, obj=[self.new_policy]) self.extensions.append(ext) + # Just used for cli opt parsing + self.local_conf = cfg.ConfigOpts() def test_upgrade_policy_json_file(self): test_mgr = stevedore.named.NamedExtensionManager.make_test_instance( @@ -669,9 +672,10 @@ self.get_config_file_fullname('new_policy.json'), '--format', 'json'] with mock.patch('sys.argv', testargs): - generator.upgrade_policy() + generator.upgrade_policy(conf=self.local_conf) new_file = self.get_config_file_fullname('new_policy.json') - new_policy = jsonutils.loads(open(new_file, 'r').read()) + with open(new_file, 'r') as fh: + new_policy = jsonutils.loads(fh.read()) self.assertIsNotNone(new_policy.get('new_policy_name')) self.assertIsNone(new_policy.get('deprecated_name')) @@ -688,9 +692,10 @@ self.get_config_file_fullname('new_policy.yaml'), '--format', 'yaml'] with mock.patch('sys.argv', testargs): - generator.upgrade_policy() + generator.upgrade_policy(conf=self.local_conf) new_file = self.get_config_file_fullname('new_policy.yaml') - new_policy = yaml.safe_load(open(new_file, 'r')) + with open(new_file, 'r') as fh: + new_policy = yaml.safe_load(fh) self.assertIsNotNone(new_policy.get('new_policy_name')) self.assertIsNone(new_policy.get('deprecated_name')) @@ -706,7 +711,7 @@ '--namespace', 'test_upgrade', '--format', 'json'] with mock.patch('sys.argv', testargs): - generator.upgrade_policy() + generator.upgrade_policy(conf=self.local_conf) expected = '''{ "new_policy_name": "rule:admin" }''' @@ -724,7 +729,7 @@ '--namespace', 'test_upgrade', '--format', 'yaml'] with mock.patch('sys.argv', testargs): - generator.upgrade_policy() + generator.upgrade_policy(conf=self.local_conf) expected = '''new_policy_name: rule:admin ''' self.assertEqual(expected, stdout.getvalue()) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/tests/test_parser.py new/oslo.policy-3.1.0/oslo_policy/tests/test_parser.py --- old/oslo.policy-2.3.3/oslo_policy/tests/test_parser.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/tests/test_parser.py 2020-04-13 18:14:18.000000000 +0200 @@ -13,7 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. -import mock +from unittest import mock + from oslotest import base as test_base import six @@ -33,16 +34,20 @@ self.assertIsInstance(result, _checks.TrueCheck) - def test_bad_rule(self): + @mock.patch.object(_parser, 'LOG') + def test_bad_rule(self, mock_log): result = _parser._parse_check('foobar') self.assertIsInstance(result, _checks.FalseCheck) + mock_log.exception.assert_called_once() @mock.patch.object(_checks, 'registered_checks', {}) - def test_no_handler(self): + @mock.patch.object(_parser, 'LOG') + def test_no_handler(self, mock_log): result = _parser._parse_check('no:handler') self.assertIsInstance(result, _checks.FalseCheck) + mock_log.error.assert_called() @mock.patch.object(_checks, 'registered_checks', { 'spam': mock.Mock(return_value='spam_check'), @@ -374,6 +379,7 @@ mock_shift.assert_has_calls( [mock.call('tok1', 'val1'), mock.call('tok2', 'val2')]) + @mock.patch.object(_parser, 'LOG', new=mock.Mock()) @mock.patch.object(_parser, '_parse_tokenize', return_value=[]) def test_fail(self, mock_parse_tokenize): result = _parser._parse_text_rule('test rule') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/tests/test_policy.py new/oslo.policy-3.1.0/oslo_policy/tests/test_policy.py --- old/oslo.policy-2.3.3/oslo_policy/tests/test_policy.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/tests/test_policy.py 2020-04-13 18:14:18.000000000 +0200 @@ -16,8 +16,8 @@ """Test of Policy Engine""" import os +from unittest import mock -import mock from oslo_config import cfg from oslo_context import context from oslo_serialization import jsonutils @@ -797,6 +797,7 @@ for k, v in expected_creds.items(): self.assertEqual(expected_creds[k], creds[k]) + @mock.patch('warnings.warn', new=mock.Mock()) def test_map_context_attributes_populated_system(self): request_context = context.RequestContext(system_scope='all') expected_creds = request_context.to_policy_values() @@ -1161,6 +1162,7 @@ class DocumentedRuleDefaultDeprecationTestCase(base.PolicyBaseTestCase): + @mock.patch('warnings.warn', new=mock.Mock()) def test_deprecate_a_policy_check_string(self): deprecated_rule = policy.DeprecatedRule( name='foo:create_bar', @@ -1190,6 +1192,72 @@ enforcer.load_rules() mock_warn.assert_called_once_with(expected_msg) + self.assertTrue( + enforcer.enforce('foo:create_bar', {}, {'roles': ['bang']}) + ) + self.assertTrue( + enforcer.enforce('foo:create_bar', {}, {'roles': ['fizz']}) + ) + self.assertFalse( + enforcer.enforce('foo:create_bar', {}, {'roles': ['baz']}) + ) + + @mock.patch('warnings.warn', new=mock.Mock()) + def test_deprecate_an_empty_policy_check_string(self): + deprecated_rule = policy.DeprecatedRule( + name='foo:create_bar', + check_str='' + ) + + rule_list = [policy.DocumentedRuleDefault( + name='foo:create_bar', + check_str='role:bang', + description='Create a bar.', + operations=[{'path': '/v1/bars', 'method': 'POST'}], + deprecated_rule=deprecated_rule, + deprecated_reason='because of reasons', + deprecated_since='N' + )] + enforcer = policy.Enforcer(self.conf) + enforcer.register_defaults(rule_list) + + with mock.patch('warnings.warn') as mock_warn: + enforcer.load_rules() + mock_warn.assert_called_once() + + enforcer.enforce('foo:create_bar', {}, {'roles': ['bang']}, + do_raise=True) + enforcer.enforce('foo:create_bar', {}, {'roles': ['fizz']}, + do_raise=True) + + @mock.patch('warnings.warn', new=mock.Mock()) + def test_deprecate_replace_with_empty_policy_check_string(self): + deprecated_rule = policy.DeprecatedRule( + name='foo:create_bar', + check_str='role:fizz' + ) + + rule_list = [policy.DocumentedRuleDefault( + name='foo:create_bar', + check_str='', + description='Create a bar.', + operations=[{'path': '/v1/bars', 'method': 'POST'}], + deprecated_rule=deprecated_rule, + deprecated_reason='because of reasons', + deprecated_since='N' + )] + enforcer = policy.Enforcer(self.conf) + enforcer.register_defaults(rule_list) + + with mock.patch('warnings.warn') as mock_warn: + enforcer.load_rules() + mock_warn.assert_called_once() + + enforcer.enforce('foo:create_bar', {}, {'roles': ['fizz']}, + do_raise=True) + enforcer.enforce('foo:create_bar', {}, {'roles': ['bang']}, + do_raise=True) + def test_deprecate_a_policy_name(self): deprecated_rule = policy.DeprecatedRule( name='foo:bar', @@ -1351,6 +1419,28 @@ enforcer.load_rules() mock_warn.assert_not_called() + def test_suppress_default_change_warnings_flag_not_log_warning(self): + deprecated_rule = policy.DeprecatedRule( + name='foo:create_bar', + check_str='role:fizz' + ) + + rule_list = [policy.DocumentedRuleDefault( + name='foo:create_bar', + check_str='role:bang', + description='Create a bar.', + operations=[{'path': '/v1/bars', 'method': 'POST'}], + deprecated_rule=deprecated_rule, + deprecated_reason='"role:bang" is a better default', + deprecated_since='N' + )] + enforcer = policy.Enforcer(self.conf) + enforcer.suppress_default_change_warnings = True + enforcer.register_defaults(rule_list) + with mock.patch('warnings.warn') as mock_warn: + enforcer.load_rules() + mock_warn.assert_not_called() + def test_deprecated_policy_for_removal_must_include_deprecated_since(self): self.assertRaises( ValueError, @@ -1404,6 +1494,7 @@ deprecated_since='N' ) + @mock.patch('warnings.warn', new=mock.Mock()) def test_override_deprecated_policy_with_old_name(self): # Simulate an operator overriding a policy rules = jsonutils.dumps({'foo:bar': 'role:bazz'}) @@ -1472,6 +1563,7 @@ self.enforcer.enforce('foo:create_bar', {}, {'roles': ['bazz']}) ) + @mock.patch('warnings.warn', new=mock.Mock()) def test_override_both_new_and_old_policy(self): # Simulate an operator overriding a policy using both the the new and # old policy names. The following doesn't make a whole lot of sense @@ -1522,6 +1614,7 @@ self.enforcer.enforce('foo:create_bar', {}, {'roles': ['bazz']}) ) + @mock.patch('warnings.warn', new=mock.Mock()) def test_override_deprecated_policy_with_new_rule(self): # Simulate an operator overriding a deprecated policy with a reference # to the new policy, as done by the sample policy generator. @@ -1555,6 +1648,39 @@ # Verify that we didn't overwrite the new rule. self.assertEqual('bang', self.enforcer.rules['new_rule'].match) + def test_enforce_new_defaults_no_old_check_string(self): + self.conf.set_override('enforce_new_defaults', True, + group='oslo_policy') + deprecated_rule = policy.DeprecatedRule( + name='foo:create_bar', + check_str='role:fizz' + ) + + rule_list = [policy.DocumentedRuleDefault( + name='foo:create_bar', + check_str='role:bang', + description='Create a bar.', + operations=[{'path': '/v1/bars', 'method': 'POST'}], + deprecated_rule=deprecated_rule, + deprecated_reason='"role:bang" is a better default', + deprecated_since='N' + )] + enforcer = policy.Enforcer(self.conf) + enforcer.register_defaults(rule_list) + + with mock.patch('warnings.warn') as mock_warn: + enforcer.load_rules() + mock_warn.assert_not_called() + self.assertTrue( + enforcer.enforce('foo:create_bar', {}, {'roles': ['bang']}) + ) + self.assertFalse( + enforcer.enforce('foo:create_bar', {}, {'roles': ['fizz']}) + ) + self.assertFalse( + enforcer.enforce('foo:create_bar', {}, {'roles': ['baz']}) + ) + class DocumentedRuleDefaultTestCase(base.PolicyBaseTestCase): @@ -1648,37 +1774,46 @@ self.enforcer.load_rules(True) self.assertTrue(self.enforcer.check_rules(raise_on_violation=True)) - def test_undefined_rule(self): + @mock.patch.object(policy, 'LOG') + def test_undefined_rule(self, mock_log): rules = jsonutils.dumps({'foo': 'rule:bar'}) self.create_config_file('policy.json', rules) self.enforcer.load_rules(True) self.assertFalse(self.enforcer.check_rules()) + mock_log.warning.assert_called() - def test_undefined_rule_raises(self): + @mock.patch.object(policy, 'LOG') + def test_undefined_rule_raises(self, mock_log): rules = jsonutils.dumps({'foo': 'rule:bar'}) self.create_config_file('policy.json', rules) self.enforcer.load_rules(True) self.assertRaises(policy.InvalidDefinitionError, self.enforcer.check_rules, raise_on_violation=True) + mock_log.warning.assert_called() - def test_cyclical_rules(self): + @mock.patch.object(policy, 'LOG') + def test_cyclical_rules(self, mock_log): rules = jsonutils.dumps({'foo': 'rule:bar', 'bar': 'rule:foo'}) self.create_config_file('policy.json', rules) self.enforcer.load_rules(True) self.assertFalse(self.enforcer.check_rules()) + mock_log.warning.assert_called() - def test_cyclical_rules_raises(self): + @mock.patch.object(policy, 'LOG') + def test_cyclical_rules_raises(self, mock_log): rules = jsonutils.dumps({'foo': 'rule:bar', 'bar': 'rule:foo'}) self.create_config_file('policy.json', rules) self.enforcer.load_rules(True) self.assertRaises(policy.InvalidDefinitionError, self.enforcer.check_rules, raise_on_violation=True) + mock_log.warning.assert_called() - def test_complex_cyclical_rules_false(self): + @mock.patch.object(policy, 'LOG') + def test_complex_cyclical_rules_false(self, mock_log): rules = jsonutils.dumps({'foo': 'rule:bar', 'bar': 'rule:baz and role:admin', 'baz': 'rule:foo or role:user'}) @@ -1686,6 +1821,7 @@ self.enforcer.load_rules(True) self.assertFalse(self.enforcer.check_rules()) + mock_log.warning.assert_called() def test_complex_cyclical_rules_true(self): rules = jsonutils.dumps({'foo': 'rule:bar or rule:baz', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/tests/test_shell.py new/oslo.policy-3.1.0/oslo_policy/tests/test_shell.py --- old/oslo.policy-2.3.3/oslo_policy/tests/test_shell.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/tests/test_shell.py 2020-04-13 18:14:18.000000000 +0200 @@ -14,7 +14,8 @@ # under the License. import copy -import mock +from unittest import mock + from oslo_serialization import jsonutils from oslo_policy import shell @@ -228,7 +229,7 @@ self.create_config_file( "target.json", jsonutils.dumps(target)) - target_file = open(self.get_config_file_fullname('target.json'), 'r') - target_from_file = target_file.read() + with open(self.get_config_file_fullname('target.json'), 'r') as fh: + target_from_file = fh.read() result = shell.flatten(jsonutils.loads(target_from_file)) self.assertEqual(result, {"target.secret.project_id": "1234"}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/oslo_policy/tests/test_sphinxpolicygen.py new/oslo.policy-3.1.0/oslo_policy/tests/test_sphinxpolicygen.py --- old/oslo.policy-2.3.3/oslo_policy/tests/test_sphinxpolicygen.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/oslo_policy/tests/test_sphinxpolicygen.py 2020-04-13 18:14:18.000000000 +0200 @@ -10,7 +10,8 @@ # License for the specific language governing permissions and limitations # under the License. -import mock +from unittest import mock + from oslotest import base from oslo_policy import sphinxpolicygen @@ -32,7 +33,8 @@ sample.assert_called_once_with(args=[ '--config-file', '/opt/nova/nova.conf', - '--output-file', '/opt/nova/nova.policy.yaml.sample']) + '--output-file', '/opt/nova/nova.policy.yaml.sample'], + conf=mock.ANY) @mock.patch('os.path.isdir') @mock.patch('os.path.isfile') @@ -49,7 +51,8 @@ sample.assert_called_once_with(args=[ '--config-file', '/opt/nova/nova.conf', - '--output-file', '/opt/nova/sample.policy.yaml']) + '--output-file', '/opt/nova/sample.policy.yaml'], + conf=mock.ANY) @mock.patch('os.path.isdir') @mock.patch('os.path.isfile') @@ -70,7 +73,9 @@ sample.assert_has_calls([ mock.call(args=[ '--config-file', '/opt/nova/nova.conf', - '--output-file', '/opt/nova/nova.policy.yaml.sample']), + '--output-file', '/opt/nova/nova.policy.yaml.sample'], + conf=mock.ANY), mock.call(args=[ '--config-file', '/opt/nova/placement.conf', - '--output-file', '/opt/nova/placement.policy.yaml.sample'])]) + '--output-file', '/opt/nova/placement.policy.yaml.sample'], + conf=mock.ANY)]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/releasenotes/notes/drop-python27-support-9aa06224812cc352.yaml new/oslo.policy-3.1.0/releasenotes/notes/drop-python27-support-9aa06224812cc352.yaml --- old/oslo.policy-2.3.3/releasenotes/notes/drop-python27-support-9aa06224812cc352.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/oslo.policy-3.1.0/releasenotes/notes/drop-python27-support-9aa06224812cc352.yaml 2020-04-13 18:14:18.000000000 +0200 @@ -0,0 +1,5 @@ +--- +upgrade: + - | + Support for Python 2.7 has been dropped. The minimum version of Python now + supported is Python 3.6. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml new/oslo.policy-3.1.0/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml --- old/oslo.policy-2.3.3/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/oslo.policy-3.1.0/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml 2020-04-13 18:14:18.000000000 +0200 @@ -0,0 +1,11 @@ +features: + - | + A new configuration option ``enforce_new_defaults`` has been + added to the ``[oslo_policy]`` group to control whether or not to + use the old deprecated defaults. If ``True``, the old deprecated + defaults are not going to be evaluated which means if any existing + token is allowed for old defaults but disallowed for new defaults + it will be disallowed. It is encouraged to enable this flag along + with the ``enforce_scope`` flag so that you can get the benefits of + new defaults and ``scope_type`` together. This way operators can switch + to new defaults without overwriting the rules in the policy file. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/releasenotes/source/conf.py new/oslo.policy-3.1.0/releasenotes/source/conf.py --- old/oslo.policy-2.3.3/releasenotes/source/conf.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/releasenotes/source/conf.py 2020-04-13 18:14:18.000000000 +0200 @@ -43,7 +43,6 @@ repository_name = 'openstack/oslo.policy' bug_project = 'oslo.policy' bug_tag = '' -html_last_updated_fmt = '%Y-%m-%d %H:%M' # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] @@ -58,7 +57,6 @@ master_doc = 'index' # General information about the project. -project = u'oslo.policy Release Notes' copyright = u'2016, oslo.policy Developers' # Release notes do not need a version in the title, they span @@ -194,17 +192,6 @@ # -- Options for LaTeX output --------------------------------------------- -latex_elements = { - # The paper size ('letterpaper' or 'a4paper'). - # 'papersize': 'letterpaper', - - # The font size ('10pt', '11pt' or '12pt'). - # 'pointsize': '10pt', - - # Additional stuff for the LaTeX preamble. - # 'preamble': '', -} - # Grouping the document tree into LaTeX files. List of tuples # (source start file, target name, title, # author, documentclass [howto, manual, or own class]). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/releasenotes/source/index.rst new/oslo.policy-3.1.0/releasenotes/source/index.rst --- old/oslo.policy-2.3.3/releasenotes/source/index.rst 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/releasenotes/source/index.rst 2020-04-13 18:14:18.000000000 +0200 @@ -6,6 +6,7 @@ :maxdepth: 1 unreleased + train stein rocky queens diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/releasenotes/source/train.rst new/oslo.policy-3.1.0/releasenotes/source/train.rst --- old/oslo.policy-2.3.3/releasenotes/source/train.rst 1970-01-01 01:00:00.000000000 +0100 +++ new/oslo.policy-3.1.0/releasenotes/source/train.rst 2020-04-13 18:14:18.000000000 +0200 @@ -0,0 +1,6 @@ +========================== +Train Series Release Notes +========================== + +.. release-notes:: + :branch: stable/train diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/requirements.txt new/oslo.policy-3.1.0/requirements.txt --- old/oslo.policy-2.3.3/requirements.txt 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/requirements.txt 2020-04-13 18:14:18.000000000 +0200 @@ -10,3 +10,4 @@ PyYAML>=3.12 # MIT six>=1.10.0 # MIT stevedore>=1.20.0 # Apache-2.0 +oslo.utils>=3.40.0 # Apache-2.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/setup.cfg new/oslo.policy-3.1.0/setup.cfg --- old/oslo.policy-2.3.3/setup.cfg 2020-01-09 19:16:23.000000000 +0100 +++ new/oslo.policy-3.1.0/setup.cfg 2020-04-13 18:15:16.000000000 +0200 @@ -6,6 +6,7 @@ author = OpenStack author-email = [email protected] home-page = https://docs.openstack.org/oslo.policy/latest/ +python-requires = >=3.6 classifier = Environment :: OpenStack Intended Audience :: Information Technology @@ -13,23 +14,16 @@ License :: OSI Approved :: Apache Software License Operating System :: POSIX :: Linux Programming Language :: Python - Programming Language :: Python :: 2 - Programming Language :: Python :: 2.7 Programming Language :: Python :: 3 Programming Language :: Python :: 3.6 Programming Language :: Python :: 3.7 + Programming Language :: Python :: 3 :: Only + Programming Language :: Python :: Implementation :: CPython [files] packages = oslo_policy -[pbr] -autodoc_index_modules = True -api_doc_dir = reference/api -autodoc_exclude_modules = - oslo_policy.tests.* - oslo_policy._* - [entry_points] oslo.config.opts = oslo.policy = oslo_policy.opts:list_opts @@ -43,15 +37,6 @@ http = oslo_policy._external:HttpCheck https = oslo_policy._external:HttpsCheck -[build_sphinx] -all-files = 1 -warning-is-error = 1 -source-dir = doc/source -build-dir = doc/build - -[upload_sphinx] -upload-dir = doc/build/html - [compile_catalog] directory = oslo_policy/locale domain = oslo_policy @@ -66,9 +51,6 @@ mapping_file = babel.cfg output_file = oslo_policy/locale/oslo_policy.pot -[wheel] -universal = true - [egg_info] tag_build = tag_date = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/setup.py new/oslo.policy-3.1.0/setup.py --- old/oslo.policy-2.3.3/setup.py 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/setup.py 2020-04-13 18:14:18.000000000 +0200 @@ -13,17 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT import setuptools -# In python < 2.7.4, a lazy loading of package `pbr` will break -# setuptools if some other modules registered functions in `atexit`. -# solution from: http://bugs.python.org/issue15881#msg170215 -try: - import multiprocessing # noqa -except ImportError: - pass - setuptools.setup( setup_requires=['pbr>=2.0.0'], pbr=True) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/test-requirements.txt new/oslo.policy-3.1.0/test-requirements.txt --- old/oslo.policy-2.3.3/test-requirements.txt 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/test-requirements.txt 2020-04-13 18:14:18.000000000 +0200 @@ -1,7 +1,7 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -hacking>=1.1.0,<1.2.0 # Apache-2.0 +hacking>=3.0,<3.1.0 # Apache-2.0 oslotest>=3.2.0 # Apache-2.0 requests-mock>=1.2.0 # Apache-2.0 stestr>=2.0.0 # Apache-2.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/oslo.policy-2.3.3/tox.ini new/oslo.policy-3.1.0/tox.ini --- old/oslo.policy-2.3.3/tox.ini 2020-01-09 19:15:24.000000000 +0100 +++ new/oslo.policy-3.1.0/tox.ini 2020-04-13 18:14:18.000000000 +0200 @@ -1,21 +1,18 @@ [tox] -minversion = 2.0 -envlist = py27,py37,pep8,docs +minversion = 3.1 +envlist = py37,pep8,docs +ignore_basepython_conflict = true [testenv] -install_command = pip install {opts} {packages} +basepython = python3 deps = - -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/train} + -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} -r{toxinidir}/test-requirements.txt -r{toxinidir}/requirements.txt -r{toxinidir}/doc/requirements.txt commands = stestr run --slowest {posargs} -[testenv:py27] -basepython = python2.7 - [testenv:pep8] -basepython = python3 deps = -r{toxinidir}/test-requirements.txt commands = @@ -24,28 +21,32 @@ bandit -r oslo_policy tests -n5 [testenv:venv] -basepython = python3 commands = {posargs} [testenv:docs] -basepython = python3 whitelist_externals = rm deps = {[testenv]deps} -r{toxinidir}/doc/requirements.txt commands = - rm -rf doc/build - sphinx-build -W -b html doc/source doc/build/html + rm -rf doc/build doc/source/reference/api + sphinx-build -W --keep-going -b html doc/source doc/build/html [testenv:cover] -basepython = python3 -commands = python setup.py test --coverage --coverage-package-name=oslo_policy --testr-args='{posargs}' +setenv = + PYTHON=coverage run --source oslo_policy --parallel-mode +commands = + stestr run --slowest {posargs} + coverage combine + coverage html -d cover + coverage report [flake8] - show-source = True -ignore = +# W503 line break before binary operator +# W504 line break after binary operator +ignore = W503,W504 builtins = _ exclude=.venv,.git,.tox,dist,doc,*lib/python*,*egg,build @@ -53,11 +54,14 @@ import_exceptions = oslo_policy._i18n [testenv:releasenotes] -basepython = python3 -commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html +deps = -r{toxinidir}/doc/requirements.txt +whitelist_externals = + rm +commands = + rm -rf releasenotes/build + sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html [testenv:lower-constraints] -basepython = python3 deps = -c{toxinidir}/lower-constraints.txt -r{toxinidir}/test-requirements.txt
