- removing sitepackages in tox.ini to avoid test env pollution
- skip_missing_interpreters in tox.ini set to False to avoid false
positives by skipping missing interpreters.

Change-Id: I61f1ab26748ad9c2f008fb0d8f003fc2aa28d841

The bundle disco-stein was in the dev_bundles because
a bug with the Python 3.7 syntax prevented the success of
the deployment of HA clusters. This bug is fixed, we can
reintegrate disco-stein in the gate_bundles.

Other minor adds:
- Changing naming convention for vip: 'Amulet' is deprecated.
- Passing OS env vars

LP Related-Bug: #1823719
Change-Id: I787248ad2983858c6db2e5a838270a128dae717a

Ensure that EOL releases are removed from metadata
and tests, and that the current dev release is enabled
in metadata.  Dev release tests are enabled separately
because of chickens and eggs.

Change-Id: I8ab5b1fac042a5ea5a8dcd3db7c9912ad58b67ee

Change-Id: Idc0ec69b237e487092237fa638fb4f40fb36e55c

During series upgrade, the keystone packages get re-installed as the
underlying Linux has been upgraded and new package sets are updated and
then pulled in.  For trusty->xenial this means that keystone.service
gets enabled which then breaks haproxy.  On install, on xenial+, the
keystone.service is disabled in the install hook.  This just replicates
this in the series-upgrade hook.

Change-Id: Ic5ed6cf354d5545b9e554e205a048955a381e0f5
Closed-Bug: #1839021

This is a mechanically generated patch to ensure unit testing is in place
for all of the Tested Runtimes for Train.

See the Train python3-updates goal document for details:
https://governance.openstack.org/tc/goals/train/python3-updates.html

Note that python35-charm-jobs is retained since this charm is supported
on Xenial.

Change-Id: Ia7f98b1ab89d0983b5ed0334c3796977387cc460
Story: #2005924
Task: #34228

Change-Id: If79038bb9b4e8de9bf073fb061568bc07cfa4082

Change-Id: Iad76ecbb4850941bc9b184f4d0327f1a18b3770a

Change-Id: I0b38a0c194b28d0fa4792375aa5bb689a2588adf

When the certificates endpoint has completed TLS configuration
via Vault, ensure that any federated identity backends are
updated for the switch to TLS, other the generated SP data
incorrectly used http:// instead of https://

Closes-Bug: 1834442

Change-Id: Ie160095789f5c34bc3509ffce4a7c5c0ec430632

Change-Id: I19a0e239f1857bc713df95c3070f06e71e31f6a7

This change is required as Zaza underwent a split of the openstack
tests from the Zaza project, so we had to track the working branch
until that change landed. As it has landed, it is now time to use
Zaza from master again

Change-Id: I74a7ba7bb75312d2c55eea0434bd7f68007972c4

Rather than use hard coded auth methods, use the protocal named passed
over the keystone-fid-service-provider relation.

Also, when using federation do not allow the "external" method as they
are mutually exclusive.

Change-Id: I08f0632630d7f0e8d2d7ddb057e02f9febf9ad6f
Closes-Bug: #1828015
Closes-Bug: #1828018

If the certificates that Apache is using change then Apache needs to
be restarted. This change adds the SSL directory to the restart map
to ensure any certificate changes trigger a restart.

Change-Id: I1fd46865350e6a9cb35f4209fcf8dd201e6f1441
Closes-Bug: 1828530

This change adds in zaza.openstack, as well as changing the
branch target of zaza to a branch with zaza.openstack
removed, allowing us to validate the new library

Change-Id: Ie6deb30bc01afdc9bddfb91c975d031bfa4b0060

Change-Id: I19c98b17087b6d1ff86aa749654a13a14e61c951

Change-Id: Ibb7df0c2b97801abb15af2d97534535af24205a1
Closes-Bug: #1827061

Enables a client to use application credentials for authentication.

Change-Id: If6ff4bcabec2f976b79d87d57f4a763e8828c302
Closes-Bug: #1827058

When running an upgrade of the keystone charm in a large environment,
the upgrade process can take more than 30 minutes.

Prior to this change, the user would only see 'Installing apt packages'
during most of the process.

This change adds status_set and log messages to the upgrade charm hook
so that end users can see what is the status of the upgrade.

Change-Id: I1eade73fad551310ceec0bb8dcbccb777737faeb
Closes-Bug: #1782004

Change-Id: I2d037c9e60d2c7ed9ce48fe7d17b3bd453de528e

This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.

This patch works around a bug during upgrades where (it is believed)
that the manager.py script can hold a 'stale' connection to the apache2
hosted keystone, which then returns a 500 HTTP error when next used.

Change-Id: Id9c9b967742467f30270f52c2a8b6634f6480324
Related-Bug: #1823743

Change-Id: I88230ec382ddaf567367bf09cb448c377afb354f

    The README was overall clean and clear, however there were some
    areas of improvement, as well as some typos which could lead to
    confusion. Most are trivial changes.

    - Terminate sentence with period to match rest of list
    - Add commas to introductory phrases to match rest of readme
    - Change duplicate 'os-internal-hostname' to 'os-admin-hostname'
    - Change 'https' to 'HTTPS' to match header of section
    - Fix typo 'they secondary' to 'the secondary'
    - Remove comma from 'unit, and must' as is not a compound sentence
    - Change 'Note' to 'NOTE' to match rest of readme
    - Capitalized first word in NOTE section to match rest of readme

Change-Id: I38483df4340849cd268c74183b44eaf6bc02b238

This patch ensures that any running manager.py script is stopped if the
keystone service (either standalone, or run via apache2) is restarted.
The ManagerServer will automatically (re)start the manager.py script
when it is needed.

Change-Id: I4e3dff340cce73b2de7d697f3685d602defb5179
Related-Bug: #1823743

When ``certificates-relation-changed`` hook is called before the
certificate data is present on the relation do not attempt to
configure apache.

Change-Id: If915451d4b0846023355edcf3a49f643e12c7522
Closes-Bug: #1822952

Change-Id: Iaa7db0b453c7697ad10347721d1005d816562be6