Dropping lower constraints testing (stable Xena)

This topic was discussed on the ML and QA team proposed to
to test lower-constraints [1].

As decided in Neutron meeting, stable branches will drop this
CI job [2].

[1]http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019390.html
[2]http://eavesdrop.openstack.org/meetings/networking/2021/networking.2021-01-12-14.00.log.html

To pass gates, this squashes the PEP8 fix from Change-Id
I8e58da2d88d727018c8d5af5949e34f8c0893c1f:

Skip B105 pep8 error: hardcoded passwords

Skip B105 pep8 error:
* https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html
* https://cwe.mitre.org/data/definitions/259.html

Trivial-Fix

(cherry picked from commit 28628e8f96)

Change-Id: Id2da075b367281bb5081333e37e472f1e8921e44

.gitreview

@@ -2,3 +2,4 @@
 host=review.opendev.org
 port=29418
 project=openstack/python-neutronclient.git
+defaultbranch=stable/xena

.zuul.yaml

@@ -1,8 +1,7 @@
 - project:
     templates:
       - openstack-cover-jobs
-      - openstack-lower-constraints-jobs
-      - openstack-python3-wallaby-jobs
+      - openstack-python3-xena-jobs
       - publish-openstack-docs-pti
       - check-requirements
       - lib-forward-testing-python3
@@ -38,9 +37,31 @@
         # NOTE: neutronclient.tests.functional.base.ClientTestBase does not
         # support HTTPS endpoints now, so tls-proxy needs to be disabled.
         tls-proxy: false
+        # Disable OVN services
+        br-ex-tcpdump: false
+        br-int-flows: false
+        ovn-controller: false
+        ovn-northd: false
+        ovs-vswitchd: false
+        ovsdb-server: false
+        q-ovn-metadata-agent: false
+        # Neutron services
+        q-agt: true
+        q-dhcp: true
+        q-l3: true
+        q-meta: true
+        neutron-network-segment-range: true
+        neutron-segments: true
+        q-metering: true
+        q-qos: true
+        neutron-tag-ports-during-bulk-creation: true
+        neutron-conntrack-helper: true
       devstack_localrc:
         USE_PYTHON3: true
         LIBS_FROM_GIT: python-neutronclient
+        Q_AGENT: openvswitch
+        Q_ML2_TENANT_NETWORK_TYPE: vxlan
+        Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
       devstack_plugins:
         neutron-vpnaas: https://opendev.org/openstack/neutron-vpnaas
 

doc/source/contributor/transition_to_osc.rst

@@ -91,17 +91,17 @@ Transition Steps
 
    * **Done** `Security Group Rule CRUD <https://bugs.launchpad.net/python-openstackclient/+bug/1519512>`_
 
-6. **In Progress:** OSC continues enhancing its networking support.
+6. **Done** OSC continues enhancing its networking support.
    At this point and when applicable, enhancements to the ``neutron``
    CLI must also be made to the ``openstack`` CLI and possibly the
    OpenStack Python SDK. Users of the neutron client's command extensions
    should start their transition to the OSC plugin system. See the
    developer guide section below for more information on this step.
 
-7. **In Progress:** Deprecate the ``neutron`` CLI. Running the CLI after
+7. **Done** Deprecate the ``neutron`` CLI. Running the CLI after
    it has been `deprecated <https://review.opendev.org/#/c/393903/>`_
    will issue a warning message:
-   ``neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.``
+   ``neutron CLI is deprecated and will be removed in the Z cycle. Use openstack CLI instead.``
    In addition, no new features will be added to the CLI, though fixes to
    the CLI will be assessed on a case by case basis.
 

lower-constraints.txt

@@ -14,18 +14,18 @@ debtcollector==1.2.0
 decorator==3.4.0
 deprecation==1.0
 docutils==0.11
-dogpile.cache==0.6.2
+dogpile.cache==0.6.5
 dulwich==0.15.0
 eventlet==0.18.2
 extras==1.0.0
 fasteners==0.7.0
 fixtures==3.0.0
 flake8-import-order==0.12
-flake8==2.5.5
+flake8==3.6.0
 future==0.16.0
 futurist==1.2.0
 greenlet==0.4.10
-hacking==1.1.0
+hacking==3.0.1
 idna==2.6
 imagesize==0.7.1
 iso8601==0.1.11
@@ -34,21 +34,21 @@ jmespath==0.9.0
 jsonpatch==1.16
 jsonpointer==1.13
 jsonschema==2.6.0
-keystoneauth1==3.4.0
+keystoneauth1==3.8.0
 kombu==4.0.0
 linecache2==1.0.0
 MarkupSafe==1.0
-mccabe==0.2.1
+mccabe==0.6.0
 monotonic==0.6
 msgpack-python==0.4.0
 munch==2.1.0
 netaddr==0.7.18
 netifaces==0.10.4
-openstacksdk==0.11.2
+openstacksdk==0.15.0
 os-client-config==1.28.0
 os-service-types==1.2.0
 osc-lib==1.12.0
-oslo.concurrency==3.25.0
+oslo.concurrency==3.26.0
 oslo.config==5.2.0
 oslo.context==2.19.2
 oslo.i18n==3.15.3
@@ -69,9 +69,9 @@ pika==0.10.0
 positional==1.2.1
 prettytable==0.7.2
 pyasn1==0.1.8
-pycodestyle==2.3.1
+pycodestyle==2.4.0
 pycparser==2.18
-pyflakes==0.8.1
+pyflakes==2.0.0
 Pygments==2.2.0
 pyinotify==0.9.6
 pyOpenSSL==17.1.0
@@ -86,7 +86,7 @@ python-novaclient==9.1.0
 python-openstackclient==3.12.0
 python-subunit==1.0.0
 pytz==2013.6
-PyYAML==3.13
+PyYAML==5.3.1
 repoze.lru==0.7
 requests-mock==1.2.0
 requests==2.14.2
@@ -97,7 +97,7 @@ simplejson==3.5.1
 snowballstemmer==1.2.1
 statsd==3.2.1
 stestr==2.0.0
-stevedore==1.20.0
+stevedore==2.0.1
 tempest==17.1.0
 tenacity==3.2.1
 testscenarios==0.4

neutronclient/client.py

@@ -61,9 +61,9 @@ class HTTPClient(object):
                  token=None, region_name=None, timeout=None,
                  endpoint_url=None, insecure=False,
                  endpoint_type='publicURL',
-                 auth_strategy='keystone', ca_cert=None, log_credentials=False,
-                 service_type='network', global_request_id=None,
-                 **kwargs):
+                 auth_strategy='keystone', ca_cert=None, cert=None,
+                 log_credentials=False, service_type='network',
+                 global_request_id=None, **kwargs):
 
         self.username = username
         self.user_id = user_id
@@ -82,6 +82,7 @@ class HTTPClient(object):
         self.auth_strategy = auth_strategy
         self.log_credentials = log_credentials
         self.global_request_id = global_request_id
+        self.cert = cert
         if insecure:
             self.verify_cert = False
         else:
@@ -167,6 +168,7 @@ class HTTPClient(object):
             data=body,
             headers=headers,
             verify=self.verify_cert,
+            cert=self.cert,
             timeout=self.timeout,
             **kwargs)
 
@@ -399,6 +401,7 @@ def construct_http_client(username=None,
                           log_credentials=None,
                           auth_strategy='keystone',
                           ca_cert=None,
+                          cert=None,
                           service_type='network',
                           session=None,
                           global_request_id=None,
@@ -430,6 +433,7 @@ def construct_http_client(username=None,
                           endpoint_type=endpoint_type,
                           service_type=service_type,
                           ca_cert=ca_cert,
+                          cert=cert,
                           log_credentials=log_credentials,
                           auth_strategy=auth_strategy,
                           global_request_id=global_request_id)

neutronclient/shell.py

@@ -637,7 +637,7 @@ class NeutronShell(app.App):
 def main(argv=sys.argv[1:]):
     try:
         print(_("neutron CLI is deprecated and will be removed "
-                "in the future. Use openstack CLI instead."), file=sys.stderr)
+                "in the Z cycle. Use openstack CLI instead."), file=sys.stderr)
         return NeutronShell(NEUTRON_API_VERSION).run(
             list(map(encodeutils.safe_decode, argv)))
     except KeyboardInterrupt:

neutronclient/tests/functional/core/test_cli_formatter.py

@@ -43,7 +43,7 @@ class TestCLIFormatter(base.ClientTestBase):
         result = self._create_net('yaml', ['name', 'admin_state_up'])
         self.assertDictEqual({'name': self.net_name,
                               'admin_state_up': True},
-                             yaml.load(result))
+                             yaml.safe_load(result))
 
     def test_net_create_with_value_formatter(self):
         # NOTE(amotoki): In 'value' formatter, there is no guarantee

neutronclient/tests/functional/core/test_readonly_neutron.py

@@ -64,9 +64,13 @@ class SimpleReadOnlyNeutronClientTest(base.ClientTestBase):
         self.neutron('floatingip-list')
 
     def test_neutron_meter_label_list(self):
+        if not self.is_extension_enabled('metering'):
+            self.skipTest('metering is not enabled')
         self.neutron('meter-label-list')
 
     def test_neutron_meter_label_rule_list(self):
+        if not self.is_extension_enabled('metering'):
+            self.skipTest('metering is not enabled')
         self.neutron('meter-label-rule-list')
 
     def test_neutron_net_external_list(self):

neutronclient/tests/unit/test_cli20.py

@@ -1159,7 +1159,7 @@ class CLITestV20OutputFormatter(CLITestV20Base):
 
     def test_create_resource_yaml(self):
         self._test_create_resource_with_formatter('yaml')
-        data = yaml.load(self.fake_stdout.make_string())
+        data = yaml.safe_load(self.fake_stdout.make_string())
         self.assertEqual('myname', data['name'])
         self.assertEqual('myid', data['id'])
 
@@ -1184,7 +1184,7 @@ class CLITestV20OutputFormatter(CLITestV20Base):
 
     def test_show_resource_yaml(self):
         self._test_show_resource_with_formatter('yaml')
-        data = yaml.load(''.join(self.fake_stdout.content))
+        data = yaml.safe_load(''.join(self.fake_stdout.content))
         self.assertEqual('myname', data['name'])
         self.assertEqual('myid', data['id'])
 
@@ -1211,5 +1211,5 @@ class CLITestV20OutputFormatter(CLITestV20Base):
 
     def test_list_resources_yaml(self):
         self._test_list_resources_with_formatter('yaml')
-        data = yaml.load(''.join(self.fake_stdout.content))
+        data = yaml.safe_load(''.join(self.fake_stdout.content))
         self.assertEqual(['myid1', 'myid2'], [d['id'] for d in data])

neutronclient/tests/unit/test_cli20_floatingips.py

@@ -1,4 +1,3 @@
-#!/usr/bin/env python
 # Copyright 2012 Red Hat
 # All Rights Reserved.
 #

neutronclient/tests/unit/test_cli20_securitygroup.py

@@ -1,4 +1,3 @@
-#!/usr/bin/env python
 # Copyright 2012 Red Hat
 # All Rights Reserved.
 #

neutronclient/tests/unit/test_client_extension.py

@@ -217,5 +217,5 @@ class CLITestV20ExtensionJSONChildResource(test_cli20.CLITestV20Base):
                    self.client.delete_parents_child,
                    self.client.create_parents_child)
         for method in methods:
-            argspec = inspect.getargspec(method)
+            argspec = inspect.getfullargspec(method)
             self.assertIn("parent_id", argspec.args)

neutronclient/tests/unit/test_command_meta.py

@@ -20,7 +20,6 @@
 import logging
 
 import testtools
-from testtools import helpers
 
 from neutronclient.neutron import v2_0 as neutronV20
 
@@ -30,7 +29,7 @@ class TestCommandMeta(testtools.TestCase):
         class FakeCommand(neutronV20.NeutronCommand):
             pass
 
-        self.assertTrue(helpers.safe_hasattr(FakeCommand, 'log'))
+        self.assertTrue(hasattr(FakeCommand, 'log'))
         self.assertIsInstance(FakeCommand.log, logging.getLoggerClass())
         self.assertEqual(__name__ + ".FakeCommand", FakeCommand.log.name)
 
@@ -38,5 +37,5 @@ class TestCommandMeta(testtools.TestCase):
         class FakeCommand(neutronV20.NeutronCommand):
             log = None
 
-        self.assertTrue(helpers.safe_hasattr(FakeCommand, 'log'))
+        self.assertTrue(hasattr(FakeCommand, 'log'))
         self.assertIsNone(FakeCommand.log)

neutronclient/tests/unit/test_quota.py

@@ -1,4 +1,3 @@
-#!/usr/bin/env python
 # Copyright (C) 2013 Yahoo! Inc.
 # All Rights Reserved.
 #

neutronclient/v2_0/client.py

@@ -216,6 +216,10 @@ class ClientBase(object):
     :param bool log_credentials: Allow for logging of passwords or not.
                                  Defaults to False. (optional)
     :param string ca_cert: SSL CA bundle file to use. (optional)
+    :param cert: A client certificate to pass to requests. These are of the
+                 same form as requests expects. Either a single filename
+                 containing both the certificate and key or a tuple containing
+                 the path to the certificate then a path to the key. (optional)
     :param integer retries: How many times idempotent (GET, PUT, DELETE)
                             requests to Neutron server should be retried if
                             they fail (default: 0).

releasenotes/notes/neutron-cli-deprecation-398823c87270a296.yaml

@@ -0,0 +1,10 @@
+---
+deprecations:
+  - |
+    ``neutron`` CLI will be removed in 'Z' release.
+    While it has been marked as deprecated for removal for long,
+    all features in ``neutron`` CLI have been supported in ``openstack`` CLI
+    (OpenStackClient) as of Xena release and the neutron team plans to
+    remove it in 'Z' release. Consider using ``openstack`` CLI and
+    `Mapping Guide <https://docs.openstack.org/python-openstackclient/latest/cli/decoder.html#neutron-cli>`__
+    in the OSC documentation would help you.

releasenotes/source/index.rst

@@ -6,6 +6,7 @@
    :maxdepth: 1
 
    unreleased
+   wallaby
    victoria
    ussuri
    train

releasenotes/source/wallaby.rst

@@ -0,0 +1,6 @@
+============================
+Wallaby Series Release Notes
+============================
+
+.. release-notes::
+   :branch: stable/wallaby

requirements.txt

@@ -12,7 +12,7 @@ oslo.log>=3.36.0 # Apache-2.0
 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
 oslo.utils>=3.33.0 # Apache-2.0
 os-client-config>=1.28.0 # Apache-2.0
-keystoneauth1>=3.4.0 # Apache-2.0
+keystoneauth1>=3.8.0 # Apache-2.0
 # keystoneclient is used only by neutronclient.osc.utils
 # TODO(amotoki): Drop this after osc.utils has no dependency on keystoneclient
 python-keystoneclient>=3.8.0 # Apache-2.0

setup.cfg

@@ -1,12 +1,12 @@
 [metadata]
 name = python-neutronclient
 summary = CLI and Client Library for OpenStack Networking
-description-file =
+description_file =
     README.rst
 author = OpenStack Networking Project
-author-email = openstack-discuss@lists.openstack.org
-home-page = https://docs.openstack.org/python-neutronclient/latest/
-python-requires = >=3.6
+author_email = openstack-discuss@lists.openstack.org
+home_page = https://docs.openstack.org/python-neutronclient/latest/
+python_requires = >=3.6
 classifier =
     Environment :: OpenStack
     Intended Audience :: Developers

tox.ini

@@ -1,6 +1,6 @@
 [tox]
 envlist = py38,pep8
-minversion = 2.3.2
+minversion = 3.18.0
 skipsdist = True
 ignore_basepython_conflict = True
 
@@ -13,7 +13,7 @@ setenv = VIRTUAL_ENV={envdir}
          PYTHONWARNINGS=default::DeprecationWarning
 usedevelop = True
 install_command = pip install {opts} {packages}
-deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
+deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/xena}
        -r{toxinidir}/requirements.txt
        -r{toxinidir}/test-requirements.txt
 # Delete bytecodes from normal directories before running tests.
@@ -23,7 +23,7 @@ commands = sh -c "find . -type d -name '.?*' -prune -o \
            \( -type d -name '__pycache__' -o -type f -name '*.py[co]' \) \
            -print0 | xargs -0 rm -rf"
            stestr run {posargs}
-whitelist_externals = sh
+allowlist_externals = sh
 
 [testenv:pep8]
 commands =
@@ -52,14 +52,14 @@ commands =
 
 [testenv:docs]
 deps =
-  -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
+  -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/xena}
   -r{toxinidir}/doc/requirements.txt
 commands = sphinx-build -W -b html doc/source doc/build/html
 
 [testenv:pdf-docs]
 envdir = {toxworkdir}/docs
 deps = {[testenv:docs]deps}
-whitelist_externals =
+allowlist_externals =
   make
 commands =
   sphinx-build -W -b latex doc/source doc/build/pdf
@@ -67,7 +67,7 @@ commands =
 
 [testenv:releasenotes]
 deps =
-  -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
+  -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/xena}
   -r{toxinidir}/doc/requirements.txt
 commands = sphinx-build -a -E -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
 
@@ -81,8 +81,11 @@ enable-extensions=H904
 
 [testenv:bandit]
 # B303: blacklist calls: md5, sha1
+# B105: The software contains a hard-coded password, which it uses for its own
+#       inbound authentication or for outbound communication to external
+#       components.
 deps = -r{toxinidir}/test-requirements.txt
-commands = bandit -r neutronclient -x tests -n5 -s B303
+commands = bandit -r neutronclient -x tests -n5 -s B303,B105
 
 [testenv:lower-constraints]
 deps =