diff -Nru python-neutron-lib-2.9.1/ChangeLog python-neutron-lib-2.10.1/ChangeLog --- python-neutron-lib-2.9.1/ChangeLog 2021-03-03 22:00:41.000000000 +0000 +++ python-neutron-lib-2.10.1/ChangeLog 2021-03-18 08:52:51.000000000 +0000 @@ -1,6 +1,17 @@ CHANGES ======= +2.10.1 +------ + +* Update model\_query\_scope\_is\_project to work properly with new policies + +2.10.0 +------ + +* Make neutron-lib aware about system scope tokens +* Populate full VLAN range in "parse\_network\_vlan\_ranges" + 2.9.1 ----- diff -Nru python-neutron-lib-2.9.1/debian/changelog python-neutron-lib-2.10.1/debian/changelog --- python-neutron-lib-2.9.1/debian/changelog 2021-03-18 14:39:21.000000000 +0000 +++ python-neutron-lib-2.10.1/debian/changelog 2021-04-07 08:44:31.000000000 +0000 @@ -1,3 +1,10 @@ +python-neutron-lib (2.10.1-0ubuntu1) hirsute; urgency=medium + + * New upstream release for OpenStack Wallaby. + * d/control: Align (Build-)Depends with upstream. + + -- Chris MacNaughton Wed, 07 Apr 2021 08:44:31 +0000 + python-neutron-lib (2.9.1-0ubuntu1) hirsute; urgency=medium * New upstream release for OpenStack Wallaby. diff -Nru python-neutron-lib-2.9.1/debian/control python-neutron-lib-2.10.1/debian/control --- python-neutron-lib-2.9.1/debian/control 2021-03-18 14:39:21.000000000 +0000 +++ python-neutron-lib-2.10.1/debian/control 2021-04-07 08:44:31.000000000 +0000 @@ -10,14 +10,14 @@ dh-python, openstack-pkg-tools, python3-all, - python3-pbr (>= 2.0.0), + python3-pbr (>= 4.0.0), python3-setuptools, python3-sphinx (>= 2.0.0), Build-Depends-Indep: python3-coverage (>= 4.0), python3-fixtures (>= 3.0.0), python3-hacking (>= 1.1.0), - python3-keystoneauth1 (>= 3.4.0), + python3-keystoneauth1 (>= 3.14.0), python3-mock , python3-netaddr (>= 0.7.18), python3-openstackdocstheme (>= 2.2.1) , @@ -25,16 +25,16 @@ python3-os-ken (>= 0.3.0), python3-os-traits (>= 0.9.0), python3-oslo.concurrency (>= 3.26.0), - python3-oslo.config (>= 1:5.2.0), - python3-oslo.context (>= 1:2.19.2), + python3-oslo.config (>= 1:8.0.0), + python3-oslo.context (>= 1:2.22.0), python3-oslo.db (>= 4.44.0), - python3-oslo.i18n (>= 3.15.3), - python3-oslo.log (>= 3.36.0), + python3-oslo.i18n (>= 3.20.0), + python3-oslo.log (>= 4.3.0), python3-oslo.messaging (>= 7.0.0), - python3-oslo.policy (>= 1.30.0), - python3-oslo.serialization (>= 2.18.0), + python3-oslo.policy (>= 3.6.2), + python3-oslo.serialization (>= 2.25.0), python3-oslo.service (>= 1.24.0), - python3-oslo.utils (>= 3.33.0), + python3-oslo.utils (>= 4.5.0), python3-oslo.versionedobjects (>= 1.31.2), python3-oslotest (>= 1:3.2.0), python3-osprofiler (>= 1.4.0), @@ -76,24 +76,24 @@ Package: python3-neutron-lib Architecture: all Depends: - python3-keystoneauth1 (>= 3.4.0), + python3-keystoneauth1 (>= 3.14.0), python3-netaddr (>= 0.7.18), python3-os-ken (>= 0.3.0), python3-os-traits (>= 0.9.0), python3-oslo.concurrency (>= 3.26.0), - python3-oslo.config (>= 1:5.2.0), - python3-oslo.context (>= 1:2.19.2), + python3-oslo.config (>= 1:8.0.0), + python3-oslo.context (>= 1:2.22.0), python3-oslo.db (>= 4.44.0), - python3-oslo.i18n (>= 3.15.3), - python3-oslo.log (>= 3.36.0), + python3-oslo.i18n (>= 3.20.0), + python3-oslo.log (>= 4.3.0), python3-oslo.messaging (>= 7.0.0), - python3-oslo.policy (>= 1.30.0), - python3-oslo.serialization (>= 2.18.0), + python3-oslo.policy (>= 3.6.2), + python3-oslo.serialization (>= 2.25.0), python3-oslo.service (>= 1.24.0), - python3-oslo.utils (>= 3.33.0), + python3-oslo.utils (>= 4.5.0), python3-oslo.versionedobjects (>= 1.31.2), python3-osprofiler (>= 1.4.0), - python3-pbr (>= 2.0.0), + python3-pbr (>= 4.0.0), python3-pecan (>= 1.0.0), python3-setproctitle (>= 1.1.10), python3-sqlalchemy (>= 1.2.0), diff -Nru python-neutron-lib-2.9.1/lower-constraints.txt python-neutron-lib-2.10.1/lower-constraints.txt --- python-neutron-lib-2.9.1/lower-constraints.txt 2021-03-03 22:00:07.000000000 +0000 +++ python-neutron-lib-2.10.1/lower-constraints.txt 2021-03-18 08:52:22.000000000 +0000 @@ -27,7 +27,7 @@ iso8601==0.1.11 isort==4.3.21 Jinja2==2.10 -keystoneauth1==3.4.0 +keystoneauth1==3.14.0 kombu==4.6.1 linecache2==1.0.0 Mako==0.4.0 @@ -42,23 +42,23 @@ os-ken==0.3.0 os-traits==0.9.0 oslo.concurrency==3.26.0 -oslo.config==5.2.0 -oslo.context==2.19.2 +oslo.config==8.0.0 +oslo.context==2.22.0 oslo.db==4.44.0 -oslo.i18n==3.15.3 -oslo.log==3.36.0 +oslo.i18n==3.20.0 +oslo.log==4.3.0 oslo.messaging==7.0.0 oslo.middleware==3.31.0 -oslo.policy==1.30.0 -oslo.serialization==2.18.0 +oslo.policy==3.6.2 +oslo.serialization==2.25.0 oslo.service==1.24.0 -oslo.utils==3.33.0 +oslo.utils==4.5.0 oslo.versionedobjects===1.31.2 oslotest==3.2.0 osprofiler===1.4.0 Paste==2.0.2 PasteDeploy==1.5.0 -pbr==2.0.0 +pbr==4.0.0 pecan===1.0.0 pika==0.10.0 pika-pool==0.1.3 @@ -67,7 +67,7 @@ pyinotify==0.9.6 pylint==2.2.0 pyparsing==2.1.0 -python-dateutil==2.5.3 +python-dateutil==2.7.0 python-editor==1.0.3 python-mimeparse==1.6.0 python-subunit==1.0.0 @@ -75,9 +75,9 @@ PyYAML==5.3.1 reno==3.1.0 repoze.lru==0.7 -requests==2.14.2 +requests==2.18.0 requestsexceptions==1.2.0 -rfc3986==0.3.1 +rfc3986==1.2.0 Routes==2.3.1 setproctitle==1.1.10 snowballstemmer==1.2.1 diff -Nru python-neutron-lib-2.9.1/neutron_lib/constants.py python-neutron-lib-2.10.1/neutron_lib/constants.py --- python-neutron-lib-2.9.1/neutron_lib/constants.py 2021-03-03 22:00:07.000000000 +0000 +++ python-neutron-lib-2.10.1/neutron_lib/constants.py 2021-03-18 08:52:22.000000000 +0000 @@ -324,6 +324,7 @@ # For VLAN Network MIN_VLAN_TAG = 1 MAX_VLAN_TAG = 4094 +VLAN_VALID_RANGE = (MIN_VLAN_TAG, MAX_VLAN_TAG) # For Geneve Tunnel MIN_GENEVE_VNI = 1 diff -Nru python-neutron-lib-2.9.1/neutron_lib/db/utils.py python-neutron-lib-2.10.1/neutron_lib/db/utils.py --- python-neutron-lib-2.9.1/neutron_lib/db/utils.py 2021-03-03 22:00:07.000000000 +0000 +++ python-neutron-lib-2.10.1/neutron_lib/db/utils.py 2021-03-18 08:52:22.000000000 +0000 @@ -12,6 +12,7 @@ import functools +from oslo_config import cfg from oslo_db import exception as db_exc from oslo_utils import excutils import sqlalchemy @@ -166,10 +167,25 @@ :returns: True if the context is not admin and not advsvc and the model has a project_id. False otherwise. """ - # Unless a context has 'admin' or 'advanced-service' rights the - # query will be scoped to a single project_id - return ((not context.is_admin and hasattr(model, 'project_id')) and - (not context.is_advsvc and hasattr(model, 'project_id'))) + if not hasattr(model, 'project_id'): + # If model don't have project_id, there is no need to scope query to + # just one project + return False + if context.is_advsvc: + # For context which has 'advanced-service' rights the + # query will not be scoped to a single project_id + return False + # TODO(slaweq): Remove that old is_admin check and always check scopes + # when old, deprecated rules will be removed and only rules with new + # personas will be supported + if cfg.CONF.oslo_policy.enforce_new_defaults: + # Unless a context is a system_scope token, query should be scoped to a + # single project_id + return context.system_scope != 'all' + else: + # Unless context has 'admin' rights the + # query will be scoped to a single project_id + return not context.is_admin def model_query(context, model): diff -Nru python-neutron-lib-2.9.1/neutron_lib/plugins/utils.py python-neutron-lib-2.10.1/neutron_lib/plugins/utils.py --- python-neutron-lib-2.9.1/neutron_lib/plugins/utils.py 2021-03-03 22:00:07.000000000 +0000 +++ python-neutron-lib-2.10.1/neutron_lib/plugins/utils.py 2021-03-18 08:52:22.000000000 +0000 @@ -199,9 +199,11 @@ for entry in network_vlan_ranges_cfg_entries: network, vlan_range = parse_network_vlan_range(entry) if vlan_range: + if networks.get(network) == [constants.VLAN_VALID_RANGE]: + continue networks.setdefault(network, []).append(vlan_range) else: - networks.setdefault(network, []) + networks[network] = [constants.VLAN_VALID_RANGE] return networks diff -Nru python-neutron-lib-2.9.1/neutron_lib/tests/unit/db/test_utils.py python-neutron-lib-2.10.1/neutron_lib/tests/unit/db/test_utils.py --- python-neutron-lib-2.9.1/neutron_lib/tests/unit/db/test_utils.py 2021-03-03 22:00:07.000000000 +0000 +++ python-neutron-lib-2.10.1/neutron_lib/tests/unit/db/test_utils.py 2021-03-18 08:52:22.000000000 +0000 @@ -12,12 +12,14 @@ from unittest import mock +from oslo_config import cfg from oslo_db.sqlalchemy import models import sqlalchemy as sa from sqlalchemy.ext import declarative from sqlalchemy import orm from neutron_lib.api import attributes +from neutron_lib import context from neutron_lib.db import utils from neutron_lib import exceptions as n_exc @@ -87,3 +89,134 @@ } utils.resource_fields(r, ['name']) mock_populate.assert_called_once_with({'name': 'n'}) + + def test_model_query_scope_is_project_admin_old_defaults(self): + cfg.CONF.set_override( + 'enforce_new_defaults', False, group='oslo_policy') + ctx = context.Context( + project_id='some project', + is_admin=True, + is_advsvc=False) + model = mock.Mock(project_id='project') + + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + # Ensure that project_id isn't mocked + del model.project_id + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + def test_model_query_scope_is_project_advsvc_old_defaults(self): + cfg.CONF.set_override( + 'enforce_new_defaults', False, group='oslo_policy') + ctx = context.Context( + project_id='some project', + is_admin=False, + is_advsvc=True) + model = mock.Mock(project_id='project') + + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + # Ensure that project_id isn't mocked + del model.project_id + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + def test_model_query_scope_is_project_regular_user_old_defaults(self): + cfg.CONF.set_override( + 'enforce_new_defaults', False, group='oslo_policy') + ctx = context.Context( + project_id='some project', + is_admin=False, + is_advsvc=False) + model = mock.Mock(project_id='project') + + self.assertTrue( + utils.model_query_scope_is_project(ctx, model)) + + # Ensure that project_id isn't mocked + del model.project_id + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + def test_model_query_scope_is_project_system_scope_old_defaults(self): + cfg.CONF.set_override( + 'enforce_new_defaults', False, group='oslo_policy') + ctx = context.Context(system_scope='all') + model = mock.Mock(project_id='project') + + self.assertTrue( + utils.model_query_scope_is_project(ctx, model)) + + # Ensure that project_id isn't mocked + del model.project_id + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + def test_model_query_scope_is_project_admin_new_defaults(self): + cfg.CONF.set_override( + 'enforce_new_defaults', True, group='oslo_policy') + ctx = context.Context( + project_id='some project', + is_admin=True, + is_advsvc=False) + model = mock.Mock(project_id='project') + + self.assertTrue( + utils.model_query_scope_is_project(ctx, model)) + + # Ensure that project_id isn't mocked + del model.project_id + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + def test_model_query_scope_is_project_advsvc_new_defaults(self): + cfg.CONF.set_override( + 'enforce_new_defaults', True, group='oslo_policy') + ctx = context.Context( + project_id='some project', + is_admin=False, + is_advsvc=True) + model = mock.Mock(project_id='project') + + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + # Ensure that project_id isn't mocked + del model.project_id + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + def test_model_query_scope_is_project_regular_user_new_defaults(self): + cfg.CONF.set_override( + 'enforce_new_defaults', True, group='oslo_policy') + ctx = context.Context( + project_id='some project', + is_admin=False, + is_advsvc=False) + model = mock.Mock(project_id='project') + + self.assertTrue( + utils.model_query_scope_is_project(ctx, model)) + + # Ensure that project_id isn't mocked + del model.project_id + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + def test_model_query_scope_is_project_system_scope_new_defaults(self): + cfg.CONF.set_override( + 'enforce_new_defaults', True, group='oslo_policy') + ctx = context.Context( + system_scope='all') + model = mock.Mock(project_id='project') + + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) + + # Ensure that project_id isn't mocked + del model.project_id + self.assertFalse( + utils.model_query_scope_is_project(ctx, model)) diff -Nru python-neutron-lib-2.9.1/neutron_lib/tests/unit/plugins/test_utils.py python-neutron-lib-2.10.1/neutron_lib/tests/unit/plugins/test_utils.py --- python-neutron-lib-2.9.1/neutron_lib/tests/unit/plugins/test_utils.py 2021-03-03 22:00:07.000000000 +0000 +++ python-neutron-lib-2.10.1/neutron_lib/tests/unit/plugins/test_utils.py 2021-03-18 08:52:22.000000000 +0000 @@ -83,8 +83,9 @@ 'n1:a:4') def test_parse_network_vlan_ranges(self): - ranges = utils.parse_network_vlan_ranges(['n1:1:3', 'n2:2:4']) - self.assertEqual(2, len(ranges.keys())) + ranges = utils.parse_network_vlan_ranges( + ['n1:1:3', 'n2:2:4', 'n3', 'n4', 'n4:10:12']) + self.assertEqual(4, len(ranges.keys())) self.assertIn('n1', ranges.keys()) self.assertIn('n2', ranges.keys()) self.assertEqual(2, len(ranges['n1'][0])) @@ -93,6 +94,8 @@ self.assertEqual(2, len(ranges['n2'][0])) self.assertEqual(2, ranges['n2'][0][0]) self.assertEqual(4, ranges['n2'][0][1]) + self.assertEqual([constants.VLAN_VALID_RANGE], ranges['n3']) + self.assertEqual([constants.VLAN_VALID_RANGE], ranges['n4']) def test_is_valid_gre_id(self): for v in [constants.MIN_GRE_ID, constants.MIN_GRE_ID + 2, diff -Nru python-neutron-lib-2.9.1/neutron_lib.egg-info/pbr.json python-neutron-lib-2.10.1/neutron_lib.egg-info/pbr.json --- python-neutron-lib-2.9.1/neutron_lib.egg-info/pbr.json 2021-03-03 22:00:42.000000000 +0000 +++ python-neutron-lib-2.10.1/neutron_lib.egg-info/pbr.json 2021-03-18 08:52:51.000000000 +0000 @@ -1 +1 @@ -{"git_version": "698e4c8", "is_release": true} \ No newline at end of file +{"git_version": "d73449d", "is_release": true} \ No newline at end of file diff -Nru python-neutron-lib-2.9.1/neutron_lib.egg-info/PKG-INFO python-neutron-lib-2.10.1/neutron_lib.egg-info/PKG-INFO --- python-neutron-lib-2.9.1/neutron_lib.egg-info/PKG-INFO 2021-03-03 22:00:42.000000000 +0000 +++ python-neutron-lib-2.10.1/neutron_lib.egg-info/PKG-INFO 2021-03-18 08:52:51.000000000 +0000 @@ -1,6 +1,6 @@ Metadata-Version: 1.2 Name: neutron-lib -Version: 2.9.1 +Version: 2.10.1 Summary: Neutron shared routines and utilities Home-page: https://docs.openstack.org/neutron-lib/latest/ Author: OpenStack diff -Nru python-neutron-lib-2.9.1/neutron_lib.egg-info/requires.txt python-neutron-lib-2.10.1/neutron_lib.egg-info/requires.txt --- python-neutron-lib-2.9.1/neutron_lib.egg-info/requires.txt 2021-03-03 22:00:42.000000000 +0000 +++ python-neutron-lib-2.10.1/neutron_lib.egg-info/requires.txt 2021-03-18 08:52:51.000000000 +0000 @@ -1,23 +1,23 @@ SQLAlchemy>=1.2.0 WebOb>=1.7.1 -keystoneauth1>=3.4.0 +keystoneauth1>=3.14.0 netaddr>=0.7.18 os-ken>=0.3.0 os-traits>=0.9.0 oslo.concurrency>=3.26.0 -oslo.config>=5.2.0 -oslo.context>=2.19.2 +oslo.config>=8.0.0 +oslo.context>=2.22.0 oslo.db>=4.44.0 -oslo.i18n>=3.15.3 -oslo.log>=3.36.0 +oslo.i18n>=3.20.0 +oslo.log>=4.3.0 oslo.messaging>=7.0.0 -oslo.policy>=1.30.0 -oslo.serialization!=2.19.1,>=2.18.0 +oslo.policy>=3.6.2 +oslo.serialization>=2.25.0 oslo.service!=1.28.1,>=1.24.0 -oslo.utils>=3.33.0 +oslo.utils>=4.5.0 oslo.versionedobjects>=1.31.2 osprofiler>=1.4.0 -pbr!=2.1.0,>=2.0.0 +pbr>=4.0.0 pecan!=1.0.2,!=1.0.3,!=1.0.4,!=1.2,>=1.0.0 setproctitle>=1.1.10 stevedore>=1.20.0 diff -Nru python-neutron-lib-2.9.1/PKG-INFO python-neutron-lib-2.10.1/PKG-INFO --- python-neutron-lib-2.9.1/PKG-INFO 2021-03-03 22:00:42.597023200 +0000 +++ python-neutron-lib-2.10.1/PKG-INFO 2021-03-18 08:52:52.360762600 +0000 @@ -1,6 +1,6 @@ Metadata-Version: 1.2 Name: neutron-lib -Version: 2.9.1 +Version: 2.10.1 Summary: Neutron shared routines and utilities Home-page: https://docs.openstack.org/neutron-lib/latest/ Author: OpenStack diff -Nru python-neutron-lib-2.9.1/requirements.txt python-neutron-lib-2.10.1/requirements.txt --- python-neutron-lib-2.9.1/requirements.txt 2021-03-03 22:00:07.000000000 +0000 +++ python-neutron-lib-2.10.1/requirements.txt 2021-03-18 08:52:22.000000000 +0000 @@ -2,25 +2,25 @@ # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -pbr!=2.1.0,>=2.0.0 # Apache-2.0 +pbr>=4.0.0 # Apache-2.0 SQLAlchemy>=1.2.0 # MIT pecan!=1.0.2,!=1.0.3,!=1.0.4,!=1.2,>=1.0.0 # BSD -keystoneauth1>=3.4.0 # Apache-2.0 +keystoneauth1>=3.14.0 # Apache-2.0 netaddr>=0.7.18 # BSD stevedore>=1.20.0 # Apache-2.0 os-ken >= 0.3.0 # Apache-2.0 oslo.concurrency>=3.26.0 # Apache-2.0 -oslo.config>=5.2.0 # Apache-2.0 -oslo.context>=2.19.2 # Apache-2.0 +oslo.config>=8.0.0 # Apache-2.0 +oslo.context>=2.22.0 # Apache-2.0 oslo.db>=4.44.0 # Apache-2.0 -oslo.i18n>=3.15.3 # Apache-2.0 -oslo.log>=3.36.0 # Apache-2.0 +oslo.i18n>=3.20.0 # Apache-2.0 +oslo.log>=4.3.0 # Apache-2.0 oslo.messaging>=7.0.0 # Apache-2.0 -oslo.policy>=1.30.0 # Apache-2.0 -oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 +oslo.policy>=3.6.2 # Apache-2.0 +oslo.serialization>=2.25.0 # Apache-2.0 oslo.service!=1.28.1,>=1.24.0 # Apache-2.0 -oslo.utils>=3.33.0 # Apache-2.0 +oslo.utils>=4.5.0 # Apache-2.0 oslo.versionedobjects>=1.31.2 # Apache-2.0 osprofiler>=1.4.0 # Apache-2.0 setproctitle>=1.1.10 # BSD