diff options
129 files changed, 1056 insertions, 4746 deletions
diff --git a/doc/source/conf.py b/doc/source/conf.py index ce4bbd480..fe46f3262 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -158,7 +158,7 @@ man_pages = [ # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['images'] +#html_static_path = ['images'] # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, # using the given strftime format. diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index ea70ed7df..b4f6e55df 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -98,7 +98,6 @@ following sections: * ``[saml]`` - SAML configuration options * ``[signing]`` - Cryptographic signatures for PKI based tokens * ``[ssl]`` - SSL configuration -* ``[stats]`` - Stats system driver configuration * ``[token]`` - Token driver & token provider configuration * ``[trust]`` - Trust extension configuration @@ -704,47 +703,6 @@ choosing the output levels and formats. .. _Paste: http://pythonpaste.org/ .. _`Python logging module`: http://docs.python.org/library/logging.html -Monitoring ----------- - -Keystone provides some basic request/response monitoring statistics out of the -box. - -Enable data collection by defining a ``stats_monitoring`` filter and including -it at the beginning of any desired WSGI pipelines: - -.. code-block:: ini - - [filter:stats_monitoring] - paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory - - [pipeline:public_api] - pipeline = stats_monitoring [...] public_service - -Enable the reporting of collected data by defining a ``stats_reporting`` filter -and including it near the end of your ``admin_api`` WSGI pipeline (After -``*_body`` middleware and before ``*_extension`` filters is recommended): - -.. code-block:: ini - - [filter:stats_reporting] - paste.filter_factory = keystone.contrib.stats:StatsExtension.factory - - [pipeline:admin_api] - pipeline = [...] json_body stats_reporting ec2_extension [...] admin_service - -Query the admin API for statistics using: - -.. code-block:: bash - - $ curl -H 'X-Auth-Token: ADMIN' http://localhost:35357/v2.0/OS-STATS/stats - -Reset collected data using: - -.. code-block:: bash - - $ curl -H 'X-Auth-Token: ADMIN' -X DELETE http://localhost:35357/v2.0/OS-STATS/stats - SSL --- @@ -834,7 +792,7 @@ and before the ``public_service`` app in the public_api WSGI pipeline in paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory [pipeline:public_api] - pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service + pipeline = url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service Each user can then change their own password with a HTTP PATCH : diff --git a/doc/source/configure_federation.rst b/doc/source/configure_federation.rst index b3d8c14e7..4903b5b71 100644 --- a/doc/source/configure_federation.rst +++ b/doc/source/configure_federation.rst @@ -295,6 +295,11 @@ Example cURL Keystone as an Identity Provider (IdP) -------------------------------------- +.. WARNING:: + + This feature is experimental and unsupported in Juno (with several known + issues that will not be fixed). Feedback welcome for Kilo! + Configuration Options --------------------- diff --git a/doc/source/configuringservices.rst b/doc/source/configuringservices.rst index 7509af148..d14d05823 100644 --- a/doc/source/configuringservices.rst +++ b/doc/source/configuringservices.rst @@ -32,7 +32,7 @@ In general: * The Keystone middleware will look for and validate that token, taking the appropriate action. * It will also retrieve additional information from the token such as user - name, id, tenant name, id, roles, etc... + name, user id, project name, project id, roles, etc... The middleware will pass those data down to the service as headers. More details on the architecture of that setup is described in @@ -57,10 +57,10 @@ represent a user, and carries no explicit authorization. To disable in production (highly recommended), remove AdminTokenAuthMiddleware from your paste application pipelines (for example, in keystone-paste.ini) -Setting up tenants, users, and roles ------------------------------------- +Setting up projects, users, and roles +------------------------------------- -You need to minimally define a tenant, user, and role to link the tenant and +You need to minimally define a project, user, and role to link the project and user as the most basic set of details to get other services authenticating and authorizing with Keystone. @@ -69,7 +69,7 @@ be able to use to authenticate users against Keystone. The ``auth_token`` middleware supports using either the shared secret described above as `admin_token` or users for each service. -See :doc:`configuration` for a walk through on how to create tenants, users, +See :doc:`configuration` for a walk through on how to create projects, users, and roles. Setting up services @@ -79,53 +79,44 @@ Creating Service Users ---------------------- To configure the OpenStack services with service users, we need to create -a tenant for all the services, and then users for each of the services. We -then assign those service users an Admin role on the service tenant. This -allows them to validate tokens - and authenticate and authorize other user +a project for all the services, and then users for each of the services. We +then assign those service users an ``admin`` role on the service project. This +allows them to validate tokens - and to authenticate and authorize other user requests. -Create a tenant for the services, typically named 'service' (however, the +Create a project for the services, typically named ``service`` (however, the name can be whatever you choose): .. code-block:: bash - $ keystone tenant-create --name=service + $ openstack project create service -This returns a UUID of the tenant - keep that, you'll need it when creating -the users and specifying the roles. - -Create service users for nova, glance, swift, and neutron (or whatever -subset is relevant to your deployment): +Create service users for ``nova``, ``glance``, ``swift``, and ``neutron`` +(or whatever subset is relevant to your deployment): .. code-block:: bash - $ keystone user-create --name=nova \ - --pass=Sekr3tPass \ - --tenant_id=[the uuid of the tenant] \ - --email=nova@nothing.com + $ openstack user create nova --password Sekr3tPass --project service -Repeat this for each service you want to enable. Email is a required field -in Keystone right now, but not used in relation to the service accounts. Each -of these commands will also return a UUID of the user. Keep those to assign -the Admin role. +Repeat this for each service you want to enable. -For adding the Admin role to the service accounts, you'll need to know the UUID -of the role you want to add. If you don't have them handy, you can look it +Create an administrative role for the service accounts, typically named +``admin`` (however the name can be whatever you choose). For adding the +administrative role to the service accounts, you'll need to know the +name of the role you want to add. If you don't have it handy, you can look it up quickly with: .. code-block:: bash - $ keystone role-list + $ openstack role list -Once you have it, assign the service users to the Admin role. This is all -assuming that you've already created the basic roles and settings as described -in :doc:`configuration`: +Once you have it, grant the administrative role to the service users. This is +all assuming that you've already created the basic roles and settings as +described in :doc:`configuration`: .. code-block:: bash - $ keystone user-role-add --tenant_id=[uuid of the service tenant] \ - --user=[uuid of the service account] \ - --role=[uuid of the Admin role] + $ openstack role add admin --project service --user nova Defining Services ----------------- @@ -147,21 +138,16 @@ Keystone is online, you need to add the services to the catalog: .. code-block:: bash - $ keystone service-create --name=nova \ - --type=compute \ - --description="Nova Compute Service" - $ keystone service-create --name=ec2 \ - --type=ec2 \ - --description="EC2 Compatibility Layer" - $ keystone service-create --name=glance \ - --type=image \ - --description="Glance Image Service" - $ keystone service-create --name=keystone \ - --type=identity \ - --description="Keystone Identity Service" - $ keystone service-create --name=swift \ - --type=object-store \ - --description="Swift Service" + $ openstack service create nova --type compute \ + --description "Nova Compute Service" + $ openstack service create ec2 --type ec2 \ + --description "EC2 Compatibility Layer" + $ openstack service create glance --type image \ + --description "Glance Image Service" + $ openstack service create keystone --type identity \ + --description "Keystone Identity Service" + $ openstack service create swift --type object-store \ + --description "Swift Service" Setting Up Middleware @@ -209,9 +195,9 @@ Here is an example paste config filter that makes use of the 'admin_user' and admin_user = admin admin_password = keystone123 -It should be noted that when using this option an admin tenant/role -relationship is required. The admin user is granted access to the 'Admin' -role to the 'admin' tenant. +It should be noted that when using this option an admin project/role +relationship is required. The admin user is granted access to the 'admin' +role to the 'admin' project. The auth_token middleware can also be configured in nova.conf [keystone_authtoken] section to keep paste config clean of site-specific diff --git a/doc/source/extensions/shibboleth.rst b/doc/source/extensions/shibboleth.rst index 1f3a80139..97999d258 100644 --- a/doc/source/extensions/shibboleth.rst +++ b/doc/source/extensions/shibboleth.rst @@ -45,7 +45,9 @@ file. You are advised to examine `Shibboleth Service Provider Configuration docu An example of your ``/etc/shibboleth/shibboleth2.xml`` may look like (The example shown below is for reference only, not to be used in a production -environment):: +environment): + +.. code-block:: xml <!-- File configuration courtesy of http://testshib.org diff --git a/doc/source/external-auth.rst b/doc/source/external-auth.rst index 3a2412383..89ffca421 100644 --- a/doc/source/external-auth.rst +++ b/doc/source/external-auth.rst @@ -147,9 +147,9 @@ authentication. For example, if the original pipeline looks like this:: [pipeline:public_api] - pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service + pipeline = url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service Your modified pipeline might then look like this:: [pipeline:public_api] - pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body my_auth debug ec2_extension user_crud_extension public_service + pipeline = url_normalize token_auth admin_token_auth xml_body json_body my_auth debug ec2_extension user_crud_extension public_service diff --git a/doc/source/images/authComp.png b/doc/source/images/authComp.png Binary files differdeleted file mode 100644 index b8ada45cc..000000000 --- a/doc/source/images/authComp.png +++ /dev/null diff --git a/doc/source/images/authComp.svg b/doc/source/images/authComp.svg deleted file mode 100644 index d344b8710..000000000 --- a/doc/source/images/authComp.svg +++ /dev/null @@ -1,174 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" standalone="no"?> -<!-- Created with Inkscape (http://www.inkscape.org/) --> - -<svg - xmlns:dc="http://purl.org/dc/elements/1.1/" - xmlns:cc="http://creativecommons.org/ns#" - xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" - xmlns:svg="http://www.w3.org/2000/svg" - xmlns="http://www.w3.org/2000/svg" - xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" - xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" - width="131.44359" - height="154.62857" - id="svg2" - version="1.1" - inkscape:version="0.48.0 r9654" - sodipodi:docname="New document 1"> - <defs - id="defs4" /> - <sodipodi:namedview - id="base" - pagecolor="#ffffff" - bordercolor="#666666" - borderopacity="1.0" - inkscape:pageopacity="0.0" - inkscape:pageshadow="2" - inkscape:zoom="0.98901497" - inkscape:cx="111.31439" - inkscape:cy="-34.431283" - inkscape:document-units="px" - inkscape:current-layer="layer1" - showgrid="false" - fit-margin-top="0" - fit-margin-left="0" - fit-margin-right="0" - fit-margin-bottom="0" - inkscape:window-width="912" - inkscape:window-height="842" - inkscape:window-x="66" - inkscape:window-y="87" - inkscape:window-maximized="0" /> - <metadata - id="metadata7"> - <rdf:RDF> - <cc:Work - rdf:about=""> - <dc:format>image/svg+xml</dc:format> - <dc:type - rdf:resource="http://purl.org/dc/dcmitype/StillImage" /> - <dc:title></dc:title> - </cc:Work> - </rdf:RDF> - </metadata> - <g - inkscape:label="Layer 1" - inkscape:groupmode="layer" - id="layer1" - transform="translate(-263.68561,-343.30233)"> - <g - id="1" - transform="translate(262.49833,342.08712)"> - <path - d="m 1.85,49.6 0,28.8 67.2,0 0,-28.8 -67.2,0 z" - style="fill:#fdefe3;fill-opacity:1;fill-rule:evenodd;stroke:none" - id="2" - inkscape:connector-curvature="0" /> - <path - d="m 1.85,78.4 67.2,0 0,-28.8 -67.2,0 0,28.8 z" - style="fill:none;stroke:#c00000;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none" - id="3" - inkscape:connector-curvature="0" /> - <text - style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial" - y="60.799999" - x="24.799999" - xml:space="preserve" - id="4">Auth</text> - <text - style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial" - y="72.800003" - x="8.8000002" - xml:space="preserve" - id="5">Component</text> - <path - d="m 1.85,126.4 0,28.8 67.2,0 0,-28.8 -67.2,0 z" - style="fill:#d1ebf1;fill-opacity:1;fill-rule:evenodd;stroke:none" - id="6" - inkscape:connector-curvature="0" /> - <path - d="m 1.85,155.2 67.2,0 0,-28.8 -67.2,0 0,28.8 z" - style="fill:none;stroke:#1f477d;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none" - id="7" - inkscape:connector-curvature="0" /> - <text - style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial" - y="137.60001" - x="10.4" - xml:space="preserve" - id="8">OpenStack</text> - <text - style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial" - y="149.60001" - x="18.4" - xml:space="preserve" - id="9">Service</text> - <path - d="m 35.45,78.4 0,38.5" - style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none" - id="10" - inkscape:connector-curvature="0" /> - <path - d="M 38.9,116.05 35.45,126.4 32,116.05 l 6.9,0 z" - style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none" - id="11" - inkscape:connector-curvature="0" /> - <path - d="m 16.25,1.6 15.7,39.2" - style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none" - id="12" - inkscape:connector-curvature="0" /> - <path - d="M 34.8,38.7 35.45,49.6 28.4,41.25 34.8,38.7 z" - style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none" - id="13" - inkscape:connector-curvature="0" /> - <path - d="M 41.05,49.6 56.75,10.45" - style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none" - id="14" - inkscape:connector-curvature="0" /> - <path - d="M 53.2,9.95 60.25,1.6 59.6,12.5 53.2,9.95 z" - style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none" - id="15" - inkscape:connector-curvature="0" /> - <text - style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial" - y="18.4" - x="69.599998" - xml:space="preserve" - id="16">Reject</text> - <text - style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial" - y="28.799999" - x="69.599998" - xml:space="preserve" - id="17">unauthenticated</text> - <text - style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial" - y="39.200001" - x="69.599998" - xml:space="preserve" - id="18">requests</text> - <text - style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial" - y="95.199997" - x="52" - xml:space="preserve" - id="19">Forward</text> - <text - style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial" - y="105.6" - x="52" - xml:space="preserve" - id="20">authenticated</text> - <text - style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial" - y="116" - x="52" - xml:space="preserve" - id="21">requests</text> - </g> - </g> -</svg> diff --git a/doc/source/images/graphs_authComp.png b/doc/source/images/graphs_authComp.png Binary files differdeleted file mode 100644 index 59f5ab0bb..000000000 --- a/doc/source/images/graphs_authComp.png +++ /dev/null diff --git a/doc/source/images/graphs_authComp.svg b/doc/source/images/graphs_authComp.svg deleted file mode 100644 index 6be629c12..000000000 --- a/doc/source/images/graphs_authComp.svg +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" standalone="no"?> -<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" - "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> -<!-- Generated by graphviz version 2.27.20101213.0545 (20101213.0545) - --> -<!-- Title: AuthComp Pages: 1 --> -<svg width="510pt" height="118pt" - viewBox="0.00 0.00 510.00 118.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> -<g id="graph1" class="graph" transform="scale(1 1) rotate(0) translate(4 114)"> -<title>AuthComp</title> -<polygon fill="white" stroke="white" points="-4,5 -4,-114 507,-114 507,5 -4,5"/> -<!-- AuthComp --> -<g id="node2" class="node"><title>AuthComp</title> -<polygon fill="#fdefe3" stroke="#c00000" points="292,-65 194,-65 194,-25 292,-25 292,-65"/> -<text text-anchor="middle" x="243" y="-48.4" font-family="Helvetica,sans-Serif" font-size="14.00">Auth</text> -<text text-anchor="middle" x="243" y="-32.4" font-family="Helvetica,sans-Serif" font-size="14.00">Component</text> -</g> -<!-- Reject --> -<!-- AuthComp->Reject --> -<g id="edge3" class="edge"><title>AuthComp->Reject</title> -<path fill="none" stroke="black" d="M193.933,-51.2787C157.514,-55.939 108.38,-62.2263 73.8172,-66.649"/> -<polygon fill="black" stroke="black" points="73.0637,-63.2168 63.5888,-67.9578 73.9522,-70.1602 73.0637,-63.2168"/> -<text text-anchor="middle" x="129" y="-97.4" font-family="Times,serif" font-size="14.00">Reject</text> -<text text-anchor="middle" x="129" y="-82.4" font-family="Times,serif" font-size="14.00">Unauthenticated</text> -<text text-anchor="middle" x="129" y="-67.4" font-family="Times,serif" font-size="14.00">Requests</text> -</g> -<!-- Service --> -<g id="node6" class="node"><title>Service</title> -<polygon fill="#d1ebf1" stroke="#1f477d" points="502,-65 408,-65 408,-25 502,-25 502,-65"/> -<text text-anchor="middle" x="455" y="-48.4" font-family="Helvetica,sans-Serif" font-size="14.00">OpenStack</text> -<text text-anchor="middle" x="455" y="-32.4" font-family="Helvetica,sans-Serif" font-size="14.00">Service</text> -</g> -<!-- AuthComp->Service --> -<g id="edge5" class="edge"><title>AuthComp->Service</title> -<path fill="none" stroke="black" d="M292.17,-45C323.626,-45 364.563,-45 397.52,-45"/> -<polygon fill="black" stroke="black" points="397.917,-48.5001 407.917,-45 397.917,-41.5001 397.917,-48.5001"/> -<text text-anchor="middle" x="350" y="-77.4" font-family="Times,serif" font-size="14.00">Forward</text> -<text text-anchor="middle" x="350" y="-62.4" font-family="Times,serif" font-size="14.00">Authenticated</text> -<text text-anchor="middle" x="350" y="-47.4" font-family="Times,serif" font-size="14.00">Requests</text> -</g> -<!-- Start --> -<!-- Start->AuthComp --> -<g id="edge7" class="edge"><title>Start->AuthComp</title> -<path fill="none" stroke="black" d="M59.1526,-21.4745C90.4482,-25.4792 142.816,-32.1802 183.673,-37.4084"/> -<polygon fill="black" stroke="black" points="183.43,-40.9057 193.793,-38.7034 184.318,-33.9623 183.43,-40.9057"/> -</g> -</g> -</svg> diff --git a/doc/source/images/graphs_authCompDelegate.png b/doc/source/images/graphs_authCompDelegate.png Binary files differdeleted file mode 100644 index 7e6150ce7..000000000 --- a/doc/source/images/graphs_authCompDelegate.png +++ /dev/null diff --git a/doc/source/images/graphs_authCompDelegate.svg b/doc/source/images/graphs_authCompDelegate.svg deleted file mode 100644 index 4788829a4..000000000 --- a/doc/source/images/graphs_authCompDelegate.svg +++ /dev/null @@ -1,53 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" standalone="no"?> -<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" - "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> -<!-- Generated by graphviz version 2.27.20101213.0545 (20101213.0545) - --> -<!-- Title: AuthCompDelegate Pages: 1 --> -<svg width="588pt" height="104pt" - viewBox="0.00 0.00 588.00 104.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> -<g id="graph1" class="graph" transform="scale(1 1) rotate(0) translate(4 100)"> -<title>AuthCompDelegate</title> -<polygon fill="white" stroke="white" points="-4,5 -4,-100 585,-100 585,5 -4,5"/> -<!-- AuthComp --> -<g id="node2" class="node"><title>AuthComp</title> -<polygon fill="#fdefe3" stroke="#c00000" points="338,-65 240,-65 240,-25 338,-25 338,-65"/> -<text text-anchor="middle" x="289" y="-48.4" font-family="Helvetica,sans-Serif" font-size="14.00">Auth</text> -<text text-anchor="middle" x="289" y="-32.4" font-family="Helvetica,sans-Serif" font-size="14.00">Component</text> -</g> -<!-- Reject --> -<!-- AuthComp->Reject --> -<g id="edge3" class="edge"><title>AuthComp->Reject</title> -<path fill="none" stroke="black" d="M239.6,-50.1899C191.406,-55.2531 118.917,-62.8686 73.5875,-67.6309"/> -<polygon fill="black" stroke="black" points="73.0928,-64.1635 63.5132,-68.6893 73.8242,-71.1252 73.0928,-64.1635"/> -<text text-anchor="middle" x="152" y="-83.4" font-family="Times,serif" font-size="14.00">Reject Requests</text> -<text text-anchor="middle" x="152" y="-68.4" font-family="Times,serif" font-size="14.00">Indicated by the Service</text> -</g> -<!-- Service --> -<g id="node6" class="node"><title>Service</title> -<polygon fill="#d1ebf1" stroke="#1f477d" points="580,-65 486,-65 486,-25 580,-25 580,-65"/> -<text text-anchor="middle" x="533" y="-48.4" font-family="Helvetica,sans-Serif" font-size="14.00">OpenStack</text> -<text text-anchor="middle" x="533" y="-32.4" font-family="Helvetica,sans-Serif" font-size="14.00">Service</text> -</g> -<!-- AuthComp->Service --> -<g id="edge5" class="edge"><title>AuthComp->Service</title> -<path fill="none" stroke="black" d="M338.009,-49.0804C344.065,-49.4598 350.172,-49.7828 356,-50 405.743,-51.8535 418.259,-51.9103 468,-50 470.523,-49.9031 473.101,-49.7851 475.704,-49.6504"/> -<polygon fill="black" stroke="black" points="476.03,-53.1374 485.807,-49.0576 475.62,-46.1494 476.03,-53.1374"/> -<text text-anchor="middle" x="412" y="-68.4" font-family="Times,serif" font-size="14.00">Forward Requests</text> -<text text-anchor="middle" x="412" y="-53.4" font-family="Times,serif" font-size="14.00">with Identiy Status</text> -</g> -<!-- Service->AuthComp --> -<g id="edge7" class="edge"><title>Service->AuthComp</title> -<path fill="none" stroke="black" d="M495.062,-24.9037C486.397,-21.2187 477.064,-17.9304 468,-16 419.314,-5.63183 404.743,-5.9037 356,-16 349.891,-17.2653 343.655,-19.116 337.566,-21.2803"/> -<polygon fill="black" stroke="black" points="336.234,-18.0426 328.158,-24.9003 338.748,-24.5757 336.234,-18.0426"/> -<text text-anchor="middle" x="412" y="-33.4" font-family="Times,serif" font-size="14.00">Send Response OR</text> -<text text-anchor="middle" x="412" y="-18.4" font-family="Times,serif" font-size="14.00">Reject Message</text> -</g> -<!-- Start --> -<!-- Start->AuthComp --> -<g id="edge9" class="edge"><title>Start->AuthComp</title> -<path fill="none" stroke="black" d="M59.0178,-20.8384C99.2135,-25.0613 175.782,-33.1055 229.492,-38.7482"/> -<polygon fill="black" stroke="black" points="229.265,-42.2435 239.576,-39.8076 229.997,-35.2818 229.265,-42.2435"/> -</g> -</g> -</svg> diff --git a/etc/keystone-paste.ini b/etc/keystone-paste.ini index 46f994c31..9af50fe1b 100644 --- a/etc/keystone-paste.ini +++ b/etc/keystone-paste.ini @@ -63,12 +63,6 @@ paste.filter_factory = keystone.middleware:NormalizingFilter.factory [filter:sizelimit] paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory -[filter:stats_monitoring] -paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory - -[filter:stats_reporting] -paste.filter_factory = keystone.contrib.stats:StatsExtension.factory - [filter:access_log] paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample index c058a030c..bf0d444ef 100644 --- a/etc/keystone.conf.sample +++ b/etc/keystone.conf.sample @@ -81,17 +81,16 @@ # token values. (integer value) #max_token_size=8192 -# During a SQL upgrade member_role_id will be used to create a -# new role that will replace records in the assignment table -# with explicit role grants. After migration, the -# member_role_id will be used in the API add_user_to_project. -# (string value) +# Similar to the member_role_name option, this represents the +# default role ID used to associate users with their default +# projects in the v2 API. This will be used as the explicit +# role where one is not specified by the v2 API. (string +# value) #member_role_id=9fe2ff9ee4384b1894a90878d3e92bab -# During a SQL upgrade member_role_name will be used to create -# a new role that will replace records in the assignment table -# with explicit role grants. After migration, member_role_name -# will be ignored. (string value) +# This is the role name used in combination with the +# member_role_id option; see that option for more detail. +# (string value) #member_role_name=_member_ # The value passed as the keyword "rounds" to passlib's @@ -1501,16 +1500,6 @@ #cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost -[stats] - -# -# Options defined in keystone -# - -# Stats backend driver. (string value) -#driver=keystone.contrib.stats.backends.kvs.Stats - - [token] # diff --git a/keystone/assignment/backends/kvs.py b/keystone/assignment/backends/kvs.py deleted file mode 100644 index 4a9cbbdc0..000000000 --- a/keystone/assignment/backends/kvs.py +++ /dev/null @@ -1,630 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone import assignment -from keystone import clean -from keystone.common import kvs -from keystone import config -from keystone import exception -from keystone.i18n import _ -from keystone.openstack.common import versionutils - - -CONF = config.CONF - - -class Assignment(kvs.Base, assignment.Driver): - """KVS Assignment backend. - - This backend uses the following mappings to store data: - - * Domains: - - * domain_list -> [domain_id, ...] - * domain-{id} -> domain_ref - * domain_name-{name} -> domain_ref - - * Projects: - - * tenant-{id} -> project_ref - * tenant_name-{name} -> project_ref - - * Roles: - - * role_list -> [role_id, ...] - * role-{id} -> role_ref - - * Role assignments: - - * metadata_user-{target}-{user_id} -> - {'roles': [{'id': role-id, ...}, ...]} - * metadata_group-{target}-{group_id} -> - {'roles': [{'id': role-id, ...}, ...]} - - """ - - @versionutils.deprecated(versionutils.deprecated.JUNO, - in_favor_of='keystone.assignment.backends.sql', - remove_in=+1, - what='keystone.assignment.backends.kvs') - def __init__(self): - super(Assignment, self).__init__() - - # Public interface - - def get_project(self, tenant_id): - try: - return self.db.get('tenant-%s' % tenant_id) - except exception.NotFound: - raise exception.ProjectNotFound(project_id=tenant_id) - - def _build_project_refs(self): - project_keys = (k for k in self.db.keys() if k.startswith('tenant-')) - return [self.db.get(key) for key in project_keys] - - def list_projects(self, hints): - return self._build_project_refs() - - def list_projects_in_domain(self, domain_id): - project_refs = self._build_project_refs() - self.get_domain(domain_id) - return [ref for ref in project_refs if domain_id == ref['domain_id']] - - def get_project_by_name(self, tenant_name, domain_id): - try: - return self.db.get('tenant_name-%s' % tenant_name) - except exception.NotFound: - raise exception.ProjectNotFound(project_id=tenant_name) - - def list_user_ids_for_project(self, tenant_id): - self.get_project(tenant_id) - - user_ids = set() - - metadata_keys = (k for k in self.db.keys() - if k.startswith('metadata_user-')) - for key in metadata_keys: - i, meta_project_or_domain_id, meta_user_id = key.split('-') - - if meta_project_or_domain_id != tenant_id: - # target is not the project, so on to next metadata. - continue - - user_ids.add(meta_user_id) - - return list(user_ids) - - def _get_metadata(self, user_id=None, tenant_id=None, - domain_id=None, group_id=None): - try: - if user_id: - if tenant_id: - return self.db.get('metadata_user-%s-%s' % (tenant_id, - user_id)) - else: - return self.db.get('metadata_user-%s-%s' % (domain_id, - user_id)) - else: - if tenant_id: - return self.db.get('metadata_group-%s-%s' % (tenant_id, - group_id)) - else: - return self.db.get('metadata_group-%s-%s' % (domain_id, - group_id)) - except exception.NotFound: - raise exception.MetadataNotFound() - - def get_role(self, role_id): - try: - return self.db.get('role-%s' % role_id) - except exception.NotFound: - raise exception.RoleNotFound(role_id=role_id) - - def get_group_project_roles(self, groups, project_id, project_domain_id): - role_list = [] - for group_id in groups: - try: - metadata_ref = self._get_metadata( - group_id=group_id, tenant_id=project_id) - role_list += self._roles_from_role_dicts( - metadata_ref.get('roles', {}), False) - except exception.MetadataNotFound: - # no group assignment, skip - pass - - if CONF.os_inherit.enabled: - # Now get any inherited group roles for the owning domain - try: - metadata_ref = self._get_metadata( - group_id=group_id, - domain_id=project_domain_id) - role_list += self._roles_from_role_dicts( - metadata_ref.get('roles', {}), True) - except exception.MetadataNotFound: - pass - - return role_list - - def list_roles(self, hints): - return self._list_roles() - - def _list_roles(self): - role_ids = self.db.get('role_list', []) - return [self.get_role(x) for x in role_ids] - - def list_projects_for_user(self, user_id, group_ids, hints): - project_ids = set() - all_projects = self.list_projects(hints=None) - - metadata_keys = (k for k in self.db.keys() - if (k.startswith('metadata_user-') or - k.startswith('metadata_group-'))) - for key in metadata_keys: - i, meta_project_or_domain_id, meta_entity_id = key.split('-') - - if meta_entity_id != user_id and meta_entity_id not in group_ids: - # Not the user not one of the groups, so on to next metadata. - continue - - try: - self.get_project(meta_project_or_domain_id) - except exception.NotFound: - # target is not a project, could it be a domain - if not CONF.os_inherit.enabled: - # Inheritance is disabled, skip domain handling - continue - try: - self.get_domain(meta_project_or_domain_id) - except exception.NotFound: - # Not a domain, move on - continue - - data = self.db.get(key) - for role in data.get('roles', []): - if role['inherited_to'] == 'projects': - # Role is inherited - for project in all_projects: - # add all projects for the domain to the list - # of ids - if (project['domain_id'] == - meta_project_or_domain_id): - project_ids.add(project['id']) - break - continue - - project_id = meta_project_or_domain_id - project_ids.add(project_id) - - project_refs = [] - - for project_id in project_ids: - project_refs.append(self.get_project(project_id)) - - return project_refs - - def list_domains_for_user(self, user_id, group_ids, hints): - raise exception.NotImplemented() - - def get_roles_for_groups(self, group_ids, project_id=None, domain_id=None): - raise exception.NotImplemented() - - def list_projects_for_groups(self, group_ids): - raise exception.NotImplemented() - - def list_domains_for_groups(self, group_ids): - raise exception.NotImplemented() - - def add_role_to_user_and_project(self, user_id, tenant_id, role_id): - self.get_project(tenant_id) - self.get_role(role_id) - try: - metadata_ref = self._get_metadata(user_id, tenant_id) - except exception.MetadataNotFound: - metadata_ref = {} - - try: - metadata_ref['roles'] = self._add_role_to_role_dicts( - role_id, False, metadata_ref.get('roles', []), - allow_existing=False) - except KeyError: - msg = ('User %s already has role %s in tenant %s' - % (user_id, role_id, tenant_id)) - raise exception.Conflict(type='role grant', details=msg) - - self._update_metadata(user_id, tenant_id, metadata_ref) - - def remove_role_from_user_and_project(self, user_id, tenant_id, role_id): - try: - metadata_ref = self._get_metadata(user_id, tenant_id) - except exception.MetadataNotFound: - metadata_ref = {} - - try: - metadata_ref['roles'] = self._remove_role_from_role_dicts( - role_id, False, metadata_ref.get('roles', [])) - except KeyError: - raise exception.RoleNotFound(message=_( - 'Cannot remove role that has not been granted, %s') % - role_id) - - if metadata_ref['roles']: - self._update_metadata(user_id, tenant_id, metadata_ref) - else: - self.db.delete('metadata_user-%s-%s' % (tenant_id, user_id)) - - def list_role_assignments(self): - """List the role assignments. - - We enumerate the metadata entries and extract the targets, actors, and - roles. - - """ - assignment_list = [] - metadata_keys = (k for k in self.db.keys() - if k.startswith('metadata_user-')) - for key in metadata_keys: - template = {} - i, meta_project_or_domain_id, template['user_id'] = key.split('-') - try: - self.get_project(meta_project_or_domain_id) - template['project_id'] = meta_project_or_domain_id - except exception.NotFound: - template['domain_id'] = meta_project_or_domain_id - - entry = self.db.get(key) - inherited = False - for r in self._roles_from_role_dicts(entry.get('roles', {}), - inherited): - role_assignment = template.copy() - role_assignment['role_id'] = r - assignment_list.append(role_assignment) - - metadata_keys = (k for k in self.db.keys() - if k.startswith('metadata_group-')) - for key in metadata_keys: - template = {} - i, meta_project_or_domain_id, template['group_id'] = key.split('-') - try: - self.get_project(meta_project_or_domain_id) - template['project_id'] = meta_project_or_domain_id - except exception.NotFound: - template['domain_id'] = meta_project_or_domain_id - - entry = self.db.get(key) - inherited = False - for r in self._roles_from_role_dicts(entry.get('roles', {}), - inherited): - role_assignment = template.copy() - role_assignment['role_id'] = r - assignment_list.append(role_assignment) - - return assignment_list - - # CRUD - def create_project(self, tenant_id, tenant): - tenant['name'] = clean.project_name(tenant['name']) - try: - self.get_project(tenant_id) - except exception.ProjectNotFound: - pass - else: - msg = 'Duplicate ID, %s.' % tenant_id - raise exception.Conflict(type='tenant', details=msg) - - try: - self.get_project_by_name(tenant['name'], tenant['domain_id']) - except exception.ProjectNotFound: - pass - else: - msg = 'Duplicate name, %s.' % tenant['name'] - raise exception.Conflict(type='tenant', details=msg) - - self.db.set('tenant-%s' % tenant_id, tenant) - self.db.set('tenant_name-%s' % tenant['name'], tenant) - return tenant - - def update_project(self, tenant_id, tenant): - if 'name' in tenant: - tenant['name'] = clean.project_name(tenant['name']) - try: - existing = self.db.get('tenant_name-%s' % tenant['name']) - if existing and tenant_id != existing['id']: - msg = 'Duplicate name, %s.' % tenant['name'] - raise exception.Conflict(type='tenant', details=msg) - except exception.NotFound: - pass - # get the old name and delete it too - try: - old_project = self.db.get('tenant-%s' % tenant_id) - except exception.NotFound: - raise exception.ProjectNotFound(project_id=tenant_id) - new_project = old_project.copy() - new_project.update(tenant) - new_project['id'] = tenant_id - self.db.delete('tenant_name-%s' % old_project['name']) - self.db.set('tenant-%s' % tenant_id, new_project) - self.db.set('tenant_name-%s' % new_project['name'], new_project) - return new_project - - def delete_project(self, tenant_id): - try: - old_project = self.db.get('tenant-%s' % tenant_id) - except exception.NotFound: - raise exception.ProjectNotFound(project_id=tenant_id) - self.db.delete('tenant_name-%s' % old_project['name']) - self.db.delete('tenant-%s' % tenant_id) - - def _create_metadata(self, user_id, tenant_id, metadata, - domain_id=None, group_id=None): - - return self._update_metadata(user_id, tenant_id, metadata, - domain_id, group_id) - - def _update_metadata(self, user_id, tenant_id, metadata, - domain_id=None, group_id=None): - if user_id: - if tenant_id: - self.db.set('metadata_user-%s-%s' % (tenant_id, user_id), - metadata) - else: - self.db.set('metadata_user-%s-%s' % (domain_id, user_id), - metadata) - else: - if tenant_id: - self.db.set('metadata_group-%s-%s' % (tenant_id, group_id), - metadata) - else: - self.db.set('metadata_group-%s-%s' % (domain_id, group_id), - metadata) - return metadata - - def create_role(self, role_id, role): - try: - self.get_role(role_id) - except exception.RoleNotFound: - pass - else: - msg = 'Duplicate ID, %s.' % role_id - raise exception.Conflict(type='role', details=msg) - - for role_ref in self._list_roles(): - if role['name'] == role_ref['name']: - msg = 'Duplicate name, %s.' % role['name'] - raise exception.Conflict(type='role', details=msg) - self.db.set('role-%s' % role_id, role) - role_list = set(self.db.get('role_list', [])) - role_list.add(role_id) - self.db.set('role_list', list(role_list)) - return role - - def update_role(self, role_id, role): - old_role_ref = None - for role_ref in self._list_roles(): - if role['name'] == role_ref['name'] and role_id != role_ref['id']: - msg = 'Duplicate name, %s.' % role['name'] - raise exception.Conflict(type='role', details=msg) - if role_id == role_ref['id']: - old_role_ref = role_ref - if old_role_ref is None: - raise exception.RoleNotFound(role_id=role_id) - new_role = old_role_ref.copy() - new_role.update(role) - new_role['id'] = role_id - self.db.set('role-%s' % role_id, new_role) - return role - - def delete_role(self, role_id): - self.get_role(role_id) - - metadata_keys = (k for k in self.db.keys() - if k.startswith('metadata_user-')) - for key in metadata_keys: - i, meta_project_or_domain_id, meta_user_id = key.split('-') - try: - self.delete_grant(role_id, - project_id=meta_project_or_domain_id, - user_id=meta_user_id) - except exception.NotFound: - pass - try: - self.delete_grant(role_id, domain_id=meta_project_or_domain_id, - user_id=meta_user_id) - except exception.NotFound: - pass - - metadata_keys = (k for k in self.db.keys() - if k.startswith('metadata_group-')) - for key in metadata_keys: - i, meta_project_or_domain_id, meta_group_id = key.split('-') - try: - self.delete_grant(role_id, - project_id=meta_project_or_domain_id, - group_id=meta_group_id) - except exception.NotFound: - pass - try: - self.delete_grant(role_id, domain_id=meta_project_or_domain_id, - group_id=meta_group_id) - except exception.NotFound: - pass - - self.db.delete('role-%s' % role_id) - role_list = set(self.db.get('role_list', [])) - role_list.remove(role_id) - self.db.set('role_list', list(role_list)) - - def create_grant(self, role_id, user_id=None, group_id=None, - domain_id=None, project_id=None, - inherited_to_projects=False): - - self.get_role(role_id) - if domain_id: - self.get_domain(domain_id) - if project_id: - self.get_project(project_id) - - try: - metadata_ref = self._get_metadata(user_id, project_id, - domain_id, group_id) - except exception.MetadataNotFound: - metadata_ref = {} - - metadata_ref['roles'] = self._add_role_to_role_dicts( - role_id, inherited_to_projects, metadata_ref.get('roles', [])) - - self._update_metadata(user_id, project_id, metadata_ref, - domain_id, group_id) - - def list_grants(self, user_id=None, group_id=None, - domain_id=None, project_id=None, - inherited_to_projects=False): - if domain_id: - self.get_domain(domain_id) - if project_id: - self.get_project(project_id) - - try: - metadata_ref = self._get_metadata(user_id, project_id, - domain_id, group_id) - except exception.MetadataNotFound: - metadata_ref = {} - - return [self.get_role(x) for x in - self._roles_from_role_dicts(metadata_ref.get('roles', []), - inherited_to_projects)] - - def get_grant(self, role_id, user_id=None, group_id=None, - domain_id=None, project_id=None, - inherited_to_projects=False): - self.get_role(role_id) - if group_id: - self.get_group(group_id) - if domain_id: - self.get_domain(domain_id) - if project_id: - self.get_project(project_id) - - try: - metadata_ref = self._get_metadata(user_id, project_id, - domain_id, group_id) - except exception.MetadataNotFound: - metadata_ref = {} - - role_ids = set(self._roles_from_role_dicts( - metadata_ref.get('roles', []), inherited_to_projects)) - - if role_id not in role_ids: - raise exception.RoleNotFound(role_id=role_id) - return self.get_role(role_id) - - def delete_grant(self, role_id, user_id=None, group_id=None, - domain_id=None, project_id=None, - inherited_to_projects=False): - self.get_role(role_id) - if domain_id: - self.get_domain(domain_id) - if project_id: - self.get_project(project_id) - - try: - metadata_ref = self._get_metadata(user_id, project_id, - domain_id, group_id) - except exception.MetadataNotFound: - metadata_ref = {} - - try: - metadata_ref['roles'] = self._remove_role_from_role_dicts( - role_id, inherited_to_projects, metadata_ref.get('roles', [])) - except KeyError: - raise exception.RoleNotFound(role_id=role_id) - - self._update_metadata(user_id, project_id, metadata_ref, - domain_id, group_id) - - # domain crud - - def create_domain(self, domain_id, domain): - try: - self.get_domain(domain_id) - except exception.DomainNotFound: - pass - else: - msg = 'Duplicate ID, %s.' % domain_id - raise exception.Conflict(type='domain', details=msg) - - try: - self.get_domain_by_name(domain['name']) - except exception.DomainNotFound: - pass - else: - msg = 'Duplicate name, %s.' % domain['name'] - raise exception.Conflict(type='domain', details=msg) - - self.db.set('domain-%s' % domain_id, domain) - self.db.set('domain_name-%s' % domain['name'], domain) - domain_list = set(self.db.get('domain_list', [])) - domain_list.add(domain_id) - self.db.set('domain_list', list(domain_list)) - return domain - - def list_domains(self, hints): - domain_ids = self.db.get('domain_list', []) - return [self.get_domain(x) for x in domain_ids] - - def get_domain(self, domain_id): - try: - return self.db.get('domain-%s' % domain_id) - except exception.NotFound: - raise exception.DomainNotFound(domain_id=domain_id) - - def get_domain_by_name(self, domain_name): - try: - return self.db.get('domain_name-%s' % domain_name) - except exception.NotFound: - raise exception.DomainNotFound(domain_id=domain_name) - - def update_domain(self, domain_id, domain): - orig_domain = self.get_domain(domain_id) - domain['id'] = domain_id - self.db.set('domain-%s' % domain_id, domain) - self.db.set('domain_name-%s' % domain['name'], domain) - if domain['name'] != orig_domain['name']: - self.db.delete('domain_name-%s' % orig_domain['name']) - return domain - - def delete_domain(self, domain_id): - domain = self.get_domain(domain_id) - self.db.delete('domain-%s' % domain_id) - self.db.delete('domain_name-%s' % domain['name']) - domain_list = set(self.db.get('domain_list', [])) - domain_list.remove(domain_id) - self.db.set('domain_list', list(domain_list)) - - def delete_user(self, user_id): - """Deletes all assignments for a user. - - :raises: keystone.exception.RoleNotFound - - """ - # KVS doesn't bother cleaning up role assignments for the user. I - # guess it's too difficult to implement or something. - - def delete_group(self, group_id): - """Deletes all assignments for a group. - - :raises: keystone.exception.RoleNotFound - - """ - # KVS doesn't bother cleaning up role assignments for the group. I - # guess it's too difficult to implement or something. diff --git a/keystone/assignment/backends/ldap.py b/keystone/assignment/backends/ldap.py index 0adffa712..b4b3a3fe1 100644 --- a/keystone/assignment/backends/ldap.py +++ b/keystone/assignment/backends/ldap.py @@ -595,6 +595,7 @@ class RoleApi(common_ldap.BaseLdap): # element is the first segment. # For a role assignment, this contains the role ID, # The remainder is the DN of the tenant. + # role_dn is already utf8 encoded since it came from LDAP. tenant = ldap.dn.str2dn(role_dn) tenant.pop(0) tenant_dn = ldap.dn.dn2str(tenant) @@ -627,6 +628,7 @@ class RoleApi(common_ldap.BaseLdap): # element is the first RDN. # For a role assignment, this contains the role ID, # the remainder is the DN of the project. + # role_dn is already utf8 encoded since it came from LDAP. project = ldap.dn.str2dn(role_dn) project.pop(0) project_dn = ldap.dn.dn2str(project) @@ -663,6 +665,7 @@ class RoleApi(common_ldap.BaseLdap): roles = [] res = [] for role_dn, role in roles: + # role_dn is already utf8 encoded since it came from LDAP. tenant = ldap.dn.str2dn(role_dn) tenant.pop(0) # It obtains the tenant DN to construct the UserRoleAssociation diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py index 314163d30..a16aafcf4 100644 --- a/keystone/assignment/core.py +++ b/keystone/assignment/core.py @@ -1090,9 +1090,9 @@ class Driver(object): """ raise exception.NotImplemented() # pragma: no cover - # domain management functions for backends that only allow a single - # domain. currently, this is only LDAP, but might be used by PAM or other - # backends as well. This is used by both identity and assignment drivers. + # Domain management functions for backends that only allow a single + # domain. Currently, this is only LDAP, but might be used by other + # backends in the future. def _set_default_domain(self, ref): """If the domain ID has not been set, set it to the default.""" if isinstance(ref, dict): diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py index 21e4c9bbd..3943c1f6a 100644 --- a/keystone/auth/controllers.py +++ b/keystone/auth/controllers.py @@ -15,6 +15,8 @@ import sys from keystoneclient.common import cms +from oslo.serialization import jsonutils +from oslo.utils import importutils from oslo.utils import timeutils import six @@ -27,8 +29,6 @@ from keystone import config from keystone.contrib import federation from keystone import exception from keystone.i18n import _, _LI -from keystone.openstack.common import importutils -from keystone.openstack.common import jsonutils from keystone.openstack.common import log diff --git a/keystone/auth/plugins/mapped.py b/keystone/auth/plugins/mapped.py index 80aa664df..91cd2d068 100644 --- a/keystone/auth/plugins/mapped.py +++ b/keystone/auth/plugins/mapped.py @@ -12,6 +12,7 @@ import functools +from oslo.serialization import jsonutils from pycadf import cadftaxonomy as taxonomy from six.moves.urllib import parse @@ -21,7 +22,6 @@ from keystone.contrib import federation from keystone.contrib.federation import utils from keystone.models import token_model from keystone import notifications -from keystone.openstack.common import jsonutils @dependency.requires('federation_api', 'identity_api', 'token_provider_api') @@ -58,7 +58,7 @@ class Mapped(auth.AuthMethodHandler): token_audit_id = token_ref.audit_id identity_provider = token_ref.federation_idp_id protocol = token_ref.federation_protocol_id - user_id = token_ref['user']['id'] + user_id = token_ref.user_id group_ids = token_ref.federation_group_ids send_notification = functools.partial( notifications.send_saml_audit_notification, 'authenticate', @@ -92,8 +92,8 @@ class Mapped(auth.AuthMethodHandler): identity_provider = auth_payload['identity_provider'] protocol = auth_payload['protocol'] group_ids = None - # NOTE(topol): Since the user is coming in from an IdP with a SAML doc - # instead of from a token we set token_id to None + # NOTE(topol): The user is coming in from an IdP with a SAML assertion + # instead of from a token, so we set token_id to None token_id = None try: diff --git a/keystone/catalog/backends/templated.py b/keystone/catalog/backends/templated.py index 1794414b6..68c1c0f86 100644 --- a/keystone/catalog/backends/templated.py +++ b/keystone/catalog/backends/templated.py @@ -22,7 +22,6 @@ from keystone import config from keystone import exception from keystone.i18n import _LC from keystone.openstack.common import log -from keystone.openstack.common import versionutils LOG = log.getLogger(__name__) @@ -123,11 +122,3 @@ class Catalog(kvs.Catalog): catalog[region][service] = service_data return catalog - - -@versionutils.deprecated( - versionutils.deprecated.ICEHOUSE, - in_favor_of='keystone.catalog.backends.templated.Catalog', - remove_in=+2) -class TemplatedCatalog(Catalog): - pass diff --git a/keystone/cli.py b/keystone/cli.py index 4cc20eb3a..38ba428a7 100644 --- a/keystone/cli.py +++ b/keystone/cli.py @@ -103,6 +103,9 @@ class BaseCertificateSetup(BaseApp): running_as_root = (os.geteuid() == 0) parser.add_argument('--keystone-user', required=running_as_root) parser.add_argument('--keystone-group', required=running_as_root) + parser.add_argument('--rebuild', default=False, action='store_true', + help=('Rebuild certificate files: erase previous ' + 'files and regenerate them.')) return parser @staticmethod @@ -142,7 +145,8 @@ class PKISetup(BaseCertificateSetup): 'use.') LOG.warn(msg) keystone_user_id, keystone_group_id = cls.get_user_group() - conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id) + conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id, + rebuild=CONF.command.rebuild) conf_pki.run() @@ -161,7 +165,8 @@ class SSLSetup(BaseCertificateSetup): 'use.') LOG.warn(msg) keystone_user_id, keystone_group_id = cls.get_user_group() - conf_ssl = openssl.ConfigureSSL(keystone_user_id, keystone_group_id) + conf_ssl = openssl.ConfigureSSL(keystone_user_id, keystone_group_id, + rebuild=CONF.command.rebuild) conf_ssl.run() diff --git a/keystone/common/base64utils.py b/keystone/common/base64utils.py index 03235591f..247214436 100644 --- a/keystone/common/base64utils.py +++ b/keystone/common/base64utils.py @@ -19,7 +19,7 @@ limited to encoding and decoding base64 and it's variants. It is often useful to be able to perform other operations on base64 text. This module is meant to be used in conjunction with the core base64 module. -Standarized base64 is defined in +Standardized base64 is defined in RFC-4648 "The Base16, Base32, and Base64 Data Encodings". This module provides the following base64 utility functionality: @@ -120,7 +120,7 @@ def filter_formatting(text): def base64_to_base64url(text): """Convert base64 text to base64url text. - base64url text is designed to be safe for use in filenames and + base64url text is designed to be safe for use in file names and URL's. It is defined in RFC-4648 Section 5. base64url differs from base64 in the last two alphabet characters diff --git a/keystone/common/cache/backends/mongo.py b/keystone/common/cache/backends/mongo.py index 0a30ea0bc..c9d25d1aa 100644 --- a/keystone/common/cache/backends/mongo.py +++ b/keystone/common/cache/backends/mongo.py @@ -17,12 +17,12 @@ import datetime from dogpile.cache import api from dogpile.cache import util as dp_util +from oslo.utils import importutils from oslo.utils import timeutils import six from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import importutils from keystone.openstack.common import log diff --git a/keystone/common/cache/core.py b/keystone/common/cache/core.py index 3ba528747..46edb531d 100644 --- a/keystone/common/cache/core.py +++ b/keystone/common/cache/core.py @@ -17,11 +17,11 @@ import dogpile.cache from dogpile.cache import proxy from dogpile.cache import util +from oslo.utils import importutils from keystone import config from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import importutils from keystone.openstack.common import log diff --git a/keystone/common/config.py b/keystone/common/config.py index d7f9dd811..2b41b0052 100644 --- a/keystone/common/config.py +++ b/keystone/common/config.py @@ -97,16 +97,15 @@ FILE_OPTIONS = { 'exception for token values.'), cfg.StrOpt('member_role_id', default='9fe2ff9ee4384b1894a90878d3e92bab', - help='During a SQL upgrade member_role_id will be used ' - 'to create a new role that will replace records in ' - 'the assignment table with explicit role grants. ' - 'After migration, the member_role_id will be used in ' - 'the API add_user_to_project.'), + help='Similar to the member_role_name option, this ' + 'represents the default role ID used to associate ' + 'users with their default projects in the v2 API. ' + 'This will be used as the explicit role where one is ' + 'not specified by the v2 API.'), cfg.StrOpt('member_role_name', default='_member_', - help='During a SQL upgrade member_role_name will be used ' - 'to create a new role that will replace records in ' - 'the assignment table with explicit role grants. ' - 'After migration, member_role_name will be ignored.'), + help='This is the role name used in combination with the ' + 'member_role_id option; see that option for more ' + 'detail.'), cfg.IntOpt('crypt_strength', default=40000, help='The value passed as the keyword "rounds" to ' 'passlib\'s encrypt method.'), @@ -493,12 +492,6 @@ FILE_OPTIONS = { '.sql.EndpointPolicy', help='Endpoint policy backend driver'), ], - 'stats': [ - cfg.StrOpt('driver', - default=('keystone.contrib.stats.backends' - '.kvs.Stats'), - help='Stats backend driver.'), - ], 'ldap': [ cfg.StrOpt('url', default='ldap://localhost', help='URL for connecting to the LDAP server.'), diff --git a/keystone/common/dependency.py b/keystone/common/dependency.py index c29f727dd..d8808c20b 100644 --- a/keystone/common/dependency.py +++ b/keystone/common/dependency.py @@ -14,14 +14,15 @@ """This module provides support for dependency injection. -Providers are registered via the 'provider' decorator, and dependencies on them -are registered with 'requires' or 'optional'. Providers are available to their -consumers via an attribute. See the documentation for the individual functions -for more detail. +Providers are registered via the ``@provider()`` decorator, and dependencies on +them are registered with ``@requires()`` or ``@optional()``. Providers are +available to their consumers via an attribute. See the documentation for the +individual functions for more detail. See also: https://en.wikipedia.org/wiki/Dependency_injection + """ import six @@ -38,8 +39,10 @@ _factories = {} class UnresolvableDependencyException(Exception): - """An UnresolvableDependencyException is raised when a required dependency - is not resolvable; see 'resolve_future_dependencies'. + """Raised when a required dependency is not resolvable. + + See ``resolve_future_dependencies()`` for more details. + """ def __init__(self, name): msg = 'Unregistered dependency: %s' % name @@ -47,11 +50,11 @@ class UnresolvableDependencyException(Exception): def provider(name): - """'provider' is a class decorator used to register providers. + """A class decorator used to register providers. - When 'provider' is used to decorate a class, members of that class will - register themselves as providers for the named dependency. As an example, - In the code fragment:: + When ``@provider()`` is used to decorate a class, members of that class + will register themselves as providers for the named dependency. As an + example, In the code fragment:: @dependency.provider('foo_api') class Foo: @@ -62,10 +65,11 @@ def provider(name): foo = Foo() - The object 'foo' will be registered as a provider for 'foo_api'. No more - than one such instance should be created; additional instances will replace - the previous ones, possibly resulting in different instances being used by - different consumers. + The object ``foo`` will be registered as a provider for ``foo_api``. No + more than one such instance should be created; additional instances will + replace the previous ones, possibly resulting in different instances being + used by different consumers. + """ def wrapper(cls): def wrapped(init): @@ -107,7 +111,7 @@ def provider(name): REGISTRY[name] = self register_event_callbacks(self) - resolve_future_dependencies(name) + resolve_future_dependencies(__provider_name=name) return __wrapped_init__ @@ -136,11 +140,11 @@ def _process_dependencies(obj): def requires(*dependencies): - """'requires' is a class decorator used to inject providers into consumers. + """A class decorator used to inject providers into consumers. The required providers will be made available to instances of the decorated - class via an attribute with the same name as the provider. For example, - in the code fragment:: + class via an attribute with the same name as the provider. For example, in + the code fragment:: @dependency.requires('foo_api', 'bar_api') class FooBarClient: @@ -151,15 +155,17 @@ def requires(*dependencies): client = FooBarClient() - The object 'client' will have attributes named 'foo_api' and 'bar_api', - which are instances of the named providers. + The object ``client`` will have attributes named ``foo_api`` and + ``bar_api``, which are instances of the named providers. Objects must not rely on the existence of these attributes until after - 'resolve_future_dependencies' has been called; they may not exist + ``resolve_future_dependencies()`` has been called; they may not exist beforehand. - Dependencies registered via 'required' must have providers - if not, an - exception will be raised when 'resolve_future_dependencies' is called. + Dependencies registered via ``@required()`` must have providers; if not, + an ``UnresolvableDependencyException`` will be raised when + ``resolve_future_dependencies()`` is called. + """ def wrapper(self, *args, **kwargs): """Inject each dependency from the registry.""" @@ -171,6 +177,7 @@ def requires(*dependencies): The dependencies of the parent class are combined with that of the child class to create a new set of dependencies. + """ existing_dependencies = getattr(cls, '_dependencies', set()) cls._dependencies = existing_dependencies.union(dependencies) @@ -183,8 +190,10 @@ def requires(*dependencies): def optional(*dependencies): - """'optional' is the same as 'requires', except that the dependencies are - optional - if no provider is available, the attributes will be set to None. + """Similar to ``@requires()``, except that the dependencies are optional. + + If no provider is available, the attributes will be set to ``None``. + """ def wrapper(self, *args, **kwargs): """Inject each dependency from the registry.""" @@ -196,8 +205,8 @@ def optional(*dependencies): The dependencies of the parent class are combined with that of the child class to create a new set of dependencies. - """ + """ existing_optionals = getattr(cls, '_optionals', set()) cls._optionals = existing_optionals.union(dependencies) if not hasattr(cls, '__wrapped_init__'): @@ -208,8 +217,8 @@ def optional(*dependencies): return wrapped -def resolve_future_dependencies(provider_name=None): - """'resolve_future_dependencies' forces injection of all dependencies. +def resolve_future_dependencies(__provider_name=None): + """Forces injection of all dependencies. Before this function is called, circular dependencies may not have been injected. This function should be called only once, after all global @@ -217,21 +226,22 @@ def resolve_future_dependencies(provider_name=None): call, it must not have circular dependencies. If any required dependencies are unresolvable, this function will raise an - UnresolvableDependencyException. + ``UnresolvableDependencyException``. Outside of this module, this function should be called with no arguments; - the optional argument is used internally, and should be treated as an - implementation detail. + the optional argument, ``__provider_name`` is used internally, and should + be treated as an implementation detail. + """ new_providers = dict() - if provider_name: + if __provider_name: # A provider was registered, so take care of any objects depending on # it. - targets = _future_dependencies.pop(provider_name, []) - targets.extend(_future_optionals.pop(provider_name, [])) + targets = _future_dependencies.pop(__provider_name, []) + targets.extend(_future_optionals.pop(__provider_name, [])) for target in targets: - setattr(target, provider_name, REGISTRY[provider_name]) + setattr(target, __provider_name, REGISTRY[__provider_name]) return diff --git a/keystone/common/kvs/core.py b/keystone/common/kvs/core.py index ea476cb8c..624dbfd88 100644 --- a/keystone/common/kvs/core.py +++ b/keystone/common/kvs/core.py @@ -22,6 +22,7 @@ from dogpile.cache import proxy from dogpile.cache import region from dogpile.cache import util as dogpile_util from dogpile.core import nameregistry +from oslo.utils import importutils import six from keystone.common import config @@ -29,7 +30,6 @@ from keystone import exception from keystone.i18n import _ from keystone.i18n import _LI from keystone.i18n import _LW -from keystone.openstack.common import importutils from keystone.openstack.common import log diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py index bdba79883..3267502dc 100644 --- a/keystone/common/ldap/core.py +++ b/keystone/common/ldap/core.py @@ -159,7 +159,7 @@ def convert_ldap_result(ldap_result): try: ldap_attrs[kind] = [ldap2py(x) for x in values] except UnicodeDecodeError: - LOG.debug('Unable to decode value for attribute %s ', kind) + LOG.debug('Unable to decode value for attribute %s', kind) py_result.append((utf8_decode(dn), ldap_attrs)) if at_least_one_referral: @@ -287,9 +287,9 @@ def is_dn_equal(dn1, dn2): """ if not isinstance(dn1, list): - dn1 = ldap.dn.str2dn(dn1) + dn1 = ldap.dn.str2dn(utf8_encode(dn1)) if not isinstance(dn2, list): - dn2 = ldap.dn.str2dn(dn2) + dn2 = ldap.dn.str2dn(utf8_encode(dn2)) if len(dn1) != len(dn2): return False @@ -309,9 +309,9 @@ def dn_startswith(descendant_dn, dn): """ if not isinstance(descendant_dn, list): - descendant_dn = ldap.dn.str2dn(descendant_dn) + descendant_dn = ldap.dn.str2dn(utf8_encode(descendant_dn)) if not isinstance(dn, list): - dn = ldap.dn.str2dn(dn) + dn = ldap.dn.str2dn(utf8_encode(dn)) if len(descendant_dn) <= len(dn): return False @@ -1670,10 +1670,10 @@ class EnabledEmuMixIn(BaseLdap): naming_attr = (naming_attr_name, [naming_attr_value]) else: # Extract the attribute name and value from the configured DN. - naming_dn = utf8_decode( - ldap.dn.str2dn(utf8_encode(self.enabled_emulation_dn))) + naming_dn = ldap.dn.str2dn(utf8_encode(self.enabled_emulation_dn)) naming_rdn = naming_dn[0][0] - naming_attr = (naming_rdn[0], [naming_rdn[1]]) + naming_attr = (utf8_decode(naming_rdn[0]), + utf8_decode(naming_rdn[1])) self.enabled_emulation_naming_attr = naming_attr def _get_enabled(self, object_id): diff --git a/keystone/common/manager.py b/keystone/common/manager.py index c85a25f1d..02ec853d7 100644 --- a/keystone/common/manager.py +++ b/keystone/common/manager.py @@ -14,7 +14,7 @@ import functools -from keystone.openstack.common import importutils +from oslo.utils import importutils def response_truncated(f): diff --git a/keystone/common/openssl.py b/keystone/common/openssl.py index a7fde1e64..5a3fa8d04 100644 --- a/keystone/common/openssl.py +++ b/keystone/common/openssl.py @@ -41,10 +41,12 @@ class BaseCertificateConfigure(object): """ - def __init__(self, conf_obj, keystone_user, keystone_group, **kwargs): + def __init__(self, conf_obj, keystone_user, keystone_group, + rebuild, **kwargs): self.conf_dir = os.path.dirname(conf_obj.ca_certs) self.use_keystone_user = keystone_user self.use_keystone_group = keystone_group + self.rebuild = rebuild self.ssl_config_file_name = os.path.join(self.conf_dir, "openssl.conf") self.request_file_name = os.path.join(self.conf_dir, "req.pem") self.ssl_dictionary = {'conf_dir': self.conf_dir, @@ -98,6 +100,33 @@ class BaseCertificateConfigure(object): e.output = output raise e + def clean_up_existing_files(self): + files_to_clean = [self.ssl_dictionary['ca_private_key'], + self.ssl_dictionary['ca_cert'], + self.ssl_dictionary['signing_key'], + self.ssl_dictionary['signing_cert'], + ] + + existing_files = [] + + for file_path in files_to_clean: + if file_exists(file_path): + if self.rebuild: + # The file exists but the user wants to rebuild it, so blow + # it away + try: + os.remove(file_path) + except OSError as exc: + LOG.error(_LE('Failed to remove file %(file_path)r: ' + '%(error)s'), + {'file_path': file_path, + 'error': exc.strerror}) + raise + else: + existing_files.append(file_path) + + return existing_files + def build_ssl_config_file(self): utils.make_dirs(os.path.dirname(self.ssl_config_file_name), mode=PUBLIC_DIR_PERMS, @@ -201,6 +230,18 @@ class BaseCertificateConfigure(object): '-infiles', '%(request_file)s']) def run(self): + try: + existing_files = self.clean_up_existing_files() + except OSError: + print('An error occurred when rebuilding cert files.') + return + if existing_files: + print('The following cert files already exist, use --rebuild to ' + 'remove the existing files before regenerating:') + for f in existing_files: + print('%s already exists' % f) + return + self.build_ssl_config_file() self.build_ca_cert() self.build_private_key() @@ -216,9 +257,10 @@ class ConfigurePKI(BaseCertificateConfigure): """ - def __init__(self, keystone_user, keystone_group): + def __init__(self, keystone_user, keystone_group, rebuild=False): super(ConfigurePKI, self).__init__(CONF.signing, - keystone_user, keystone_group) + keystone_user, keystone_group, + rebuild=rebuild) class ConfigureSSL(BaseCertificateConfigure): @@ -228,9 +270,10 @@ class ConfigureSSL(BaseCertificateConfigure): one will be generated using provided arguments. """ - def __init__(self, keystone_user, keystone_group): + def __init__(self, keystone_user, keystone_group, rebuild=False): super(ConfigureSSL, self).__init__(CONF.ssl, - keystone_user, keystone_group) + keystone_user, keystone_group, + rebuild=rebuild) BaseCertificateConfigure.sslconfig = """ diff --git a/keystone/common/sql/core.py b/keystone/common/sql/core.py index 872b701a8..6956c537b 100644 --- a/keystone/common/sql/core.py +++ b/keystone/common/sql/core.py @@ -26,6 +26,7 @@ from oslo.db import exception as db_exception from oslo.db import options as db_options from oslo.db.sqlalchemy import models from oslo.db.sqlalchemy import session as db_session +from oslo.serialization import jsonutils import six import sqlalchemy as sql from sqlalchemy.ext import declarative @@ -35,7 +36,6 @@ from sqlalchemy import types as sql_types from keystone.common import utils from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import jsonutils from keystone.openstack.common import log diff --git a/keystone/common/sql/migrate_repo/versions/039_grant_to_assignment.py b/keystone/common/sql/migrate_repo/versions/039_grant_to_assignment.py index 9b43331bd..a23851af9 100644 --- a/keystone/common/sql/migrate_repo/versions/039_grant_to_assignment.py +++ b/keystone/common/sql/migrate_repo/versions/039_grant_to_assignment.py @@ -29,7 +29,7 @@ GRANT_TABLES = [USER_PROJECT_TABLE, USER_DOMAIN_TABLE, GROUP_PROJECT_TABLE, GROUP_DOMAIN_TABLE] -def migrate_grant_table(meta, migrate_engine, session, table_name): +def migrate_grant_table(meta, session, table_name): def extract_actor_and_target(table_name, composite_grant): if table_name == USER_PROJECT_TABLE: @@ -79,10 +79,12 @@ def migrate_grant_table(meta, migrate_engine, session, table_name): target_id=grant_role['target_id'], role_id=grant_role['role_id'], inherited=grant_role['inherited']) - migrate_engine.execute(new_entry) + session.execute(new_entry) + session.commit() # Delete all the rows - migrate_engine.execute(upgrade_table.delete()) + session.execute(upgrade_table.delete()) + session.commit() def downgrade_assignment_table(meta, migrate_engine): @@ -204,11 +206,11 @@ def downgrade_assignment_table(meta, migrate_engine): for assignment in session.query(downgrade_table).all(): update = build_update(meta, session, assignment) if update is not None: - migrate_engine.execute(update) + session.execute(update) session.commit() # Delete all the rows - migrate_engine.execute(downgrade_table.delete()) + session.execute(downgrade_table.delete()) session.commit() session.close() @@ -220,8 +222,7 @@ def upgrade(migrate_engine): session = sql.orm.sessionmaker(bind=migrate_engine)() for table_name in GRANT_TABLES: - migrate_grant_table(meta, migrate_engine, session, table_name) - session.commit() + migrate_grant_table(meta, session, table_name) session.close() diff --git a/keystone/common/sql/migrate_repo/versions/042_endpoint_enabled.py b/keystone/common/sql/migrate_repo/versions/042_endpoint_enabled.py index 158bca65a..ca080d7cc 100644 --- a/keystone/common/sql/migrate_repo/versions/042_endpoint_enabled.py +++ b/keystone/common/sql/migrate_repo/versions/042_endpoint_enabled.py @@ -28,12 +28,11 @@ column. """ +from oslo.serialization import jsonutils from oslo.utils import strutils import sqlalchemy as sql from sqlalchemy.orm import Session -from keystone.openstack.common import jsonutils - def _migrate_enabled_from_extra(migrate_engine, endpoint_table): """Remove `enabled` from `extra`, put it in the `enabled` column.""" diff --git a/keystone/common/sql/migrate_repo/versions/044_service_enabled.py b/keystone/common/sql/migrate_repo/versions/044_service_enabled.py index fcb04c73e..1c63f562e 100644 --- a/keystone/common/sql/migrate_repo/versions/044_service_enabled.py +++ b/keystone/common/sql/migrate_repo/versions/044_service_enabled.py @@ -28,12 +28,11 @@ column. """ +from oslo.serialization import jsonutils from oslo.utils import strutils import sqlalchemy as sql from sqlalchemy.orm import sessionmaker -from keystone.openstack.common import jsonutils - def _migrate_enabled_from_extra(migrate_engine, service_table): """Remove `enabled` from `extra`, put it in the `enabled` column.""" diff --git a/keystone/common/sql/migrate_repo/versions/056_placeholder.py b/keystone/common/sql/migrate_repo/versions/056_placeholder.py new file mode 100644 index 000000000..5f82254f4 --- /dev/null +++ b/keystone/common/sql/migrate_repo/versions/056_placeholder.py @@ -0,0 +1,22 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This is a placeholder for Juno backports. Do not use this number for new +# Kilo work. New Kilo work starts after all the placeholders. + + +def upgrade(migrate_engine): + pass + + +def downgrade(migration_engine): + pass diff --git a/keystone/common/sql/migrate_repo/versions/057_placeholder.py b/keystone/common/sql/migrate_repo/versions/057_placeholder.py new file mode 100644 index 000000000..5f82254f4 --- /dev/null +++ b/keystone/common/sql/migrate_repo/versions/057_placeholder.py @@ -0,0 +1,22 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This is a placeholder for Juno backports. Do not use this number for new +# Kilo work. New Kilo work starts after all the placeholders. + + +def upgrade(migrate_engine): + pass + + +def downgrade(migration_engine): + pass diff --git a/keystone/common/sql/migrate_repo/versions/058_placeholder.py b/keystone/common/sql/migrate_repo/versions/058_placeholder.py new file mode 100644 index 000000000..5f82254f4 --- /dev/null +++ b/keystone/common/sql/migrate_repo/versions/058_placeholder.py @@ -0,0 +1,22 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This is a placeholder for Juno backports. Do not use this number for new +# Kilo work. New Kilo work starts after all the placeholders. + + +def upgrade(migrate_engine): + pass + + +def downgrade(migration_engine): + pass diff --git a/keystone/common/sql/migrate_repo/versions/059_placeholder.py b/keystone/common/sql/migrate_repo/versions/059_placeholder.py new file mode 100644 index 000000000..5f82254f4 --- /dev/null +++ b/keystone/common/sql/migrate_repo/versions/059_placeholder.py @@ -0,0 +1,22 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This is a placeholder for Juno backports. Do not use this number for new +# Kilo work. New Kilo work starts after all the placeholders. + + +def upgrade(migrate_engine): + pass + + +def downgrade(migration_engine): + pass diff --git a/keystone/common/sql/migrate_repo/versions/060_placeholder.py b/keystone/common/sql/migrate_repo/versions/060_placeholder.py new file mode 100644 index 000000000..5f82254f4 --- /dev/null +++ b/keystone/common/sql/migrate_repo/versions/060_placeholder.py @@ -0,0 +1,22 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This is a placeholder for Juno backports. Do not use this number for new +# Kilo work. New Kilo work starts after all the placeholders. + + +def upgrade(migrate_engine): + pass + + +def downgrade(migration_engine): + pass diff --git a/keystone/common/sql/migration_helpers.py b/keystone/common/sql/migration_helpers.py index ff9e7d2ce..10698d2a2 100644 --- a/keystone/common/sql/migration_helpers.py +++ b/keystone/common/sql/migration_helpers.py @@ -20,6 +20,8 @@ import sys import migrate from migrate import exceptions from oslo.db.sqlalchemy import migration +from oslo.serialization import jsonutils +from oslo.utils import importutils import six import sqlalchemy @@ -29,8 +31,6 @@ from keystone import config from keystone import contrib from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import importutils -from keystone.openstack.common import jsonutils CONF = config.CONF diff --git a/keystone/common/utils.py b/keystone/common/utils.py index 08f9d8b21..11144e248 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -23,6 +23,7 @@ import hashlib import os import pwd +from oslo.serialization import jsonutils from oslo.utils import strutils import passlib.hash import six @@ -32,7 +33,6 @@ from keystone.common import config from keystone.common import environment from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import jsonutils from keystone.openstack.common import log diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py index 693b5bef1..9b678864a 100644 --- a/keystone/common/wsgi.py +++ b/keystone/common/wsgi.py @@ -21,6 +21,8 @@ import copy from oslo import i18n +from oslo.serialization import jsonutils +from oslo.utils import importutils import routes.middleware import six import webob.dec @@ -34,8 +36,6 @@ from keystone.i18n import _ from keystone.i18n import _LI from keystone.i18n import _LW from keystone.models import token_model -from keystone.openstack.common import importutils -from keystone.openstack.common import jsonutils from keystone.openstack.common import log @@ -640,27 +640,35 @@ class RoutersBase(object): delete_action=None, get_post_action=None, path_vars=None): if get_head_action: + getattr(controller, get_head_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=get_head_action, conditions=dict(method=['GET', 'HEAD'])) if get_action: + getattr(controller, get_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=get_action, conditions=dict(method=['GET'])) if head_action: + getattr(controller, head_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=head_action, conditions=dict(method=['HEAD'])) if put_action: + getattr(controller, put_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=put_action, conditions=dict(method=['PUT'])) if post_action: + getattr(controller, post_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=post_action, conditions=dict(method=['POST'])) if patch_action: + getattr(controller, patch_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=patch_action, conditions=dict(method=['PATCH'])) if delete_action: + getattr(controller, delete_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=delete_action, conditions=dict(method=['DELETE'])) if get_post_action: + getattr(controller, get_post_action) # ensure the attribute exists mapper.connect(path, controller=controller, action=get_post_action, conditions=dict(method=['GET', 'POST'])) diff --git a/keystone/contrib/ec2/controllers.py b/keystone/contrib/ec2/controllers.py index eb3fd76d6..c8625a863 100644 --- a/keystone/contrib/ec2/controllers.py +++ b/keystone/contrib/ec2/controllers.py @@ -37,6 +37,7 @@ import sys import uuid from keystoneclient.contrib.ec2 import utils as ec2_utils +from oslo.serialization import jsonutils import six from keystone.common import controller @@ -46,7 +47,6 @@ from keystone.common import wsgi from keystone import exception from keystone.i18n import _ from keystone.models import token_model -from keystone.openstack.common import jsonutils @dependency.requires('assignment_api', 'catalog_api', 'credential_api', diff --git a/keystone/contrib/endpoint_filter/controllers.py b/keystone/contrib/endpoint_filter/controllers.py index 29225a2c2..ad11467e3 100644 --- a/keystone/contrib/endpoint_filter/controllers.py +++ b/keystone/contrib/endpoint_filter/controllers.py @@ -205,15 +205,6 @@ class EndpointGroupV3Controller(_ControllerBase): context, self._get_endpoint_groups_for_project(project_id)) @controller.protected() - def remove_endpoint_group_from_project(self, context, endpoint_group_id, - project_id): - """Remove the endpoint group from associated project.""" - self.assignment_api.get_project(project_id) - self.endpoint_filter_api.get_endpoint_group(endpoint_group_id) - self.endpoint_filter_api.remove_endpoint_group_from_project( - endpoint_group_id, project_id) - - @controller.protected() def list_projects_associated_with_endpoint_group(self, context, endpoint_group_id): @@ -278,6 +269,15 @@ class ProjectEndpointGroupV3Controller(_ControllerBase): self.endpoint_filter_api.add_endpoint_group_to_project( endpoint_group_id, project_id) + @controller.protected() + def remove_endpoint_group_from_project(self, context, endpoint_group_id, + project_id): + """Remove the endpoint group from associated project.""" + self.assignment_api.get_project(project_id) + self.endpoint_filter_api.get_endpoint_group(endpoint_group_id) + self.endpoint_filter_api.remove_endpoint_group_from_project( + endpoint_group_id, project_id) + @classmethod def _add_self_referential_link(cls, context, ref): url = ('/OS-EP-FILTER/endpoint_groups/%(endpoint_group_id)s' diff --git a/keystone/contrib/federation/backends/sql.py b/keystone/contrib/federation/backends/sql.py index 9a8d9655e..63afe0105 100644 --- a/keystone/contrib/federation/backends/sql.py +++ b/keystone/contrib/federation/backends/sql.py @@ -12,10 +12,11 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo.serialization import jsonutils + from keystone.common import sql from keystone.contrib.federation import core from keystone import exception -from keystone.openstack.common import jsonutils class FederationProtocolModel(sql.ModelBase, sql.DictBase): diff --git a/keystone/contrib/federation/controllers.py b/keystone/contrib/federation/controllers.py index 9cc1491af..3523bab0a 100644 --- a/keystone/contrib/federation/controllers.py +++ b/keystone/contrib/federation/controllers.py @@ -262,8 +262,7 @@ class Auth(auth_controllers.Auth): :returns: SAML Assertion based on properties from the token """ - issuer = wsgi.Application.base_url(context, 'public') - + issuer = CONF.saml.idp_entity_id region_id = auth['scope']['region']['id'] region = self.catalog_api.get_region(region_id) recipient = region['url'] diff --git a/keystone/contrib/federation/idp.py b/keystone/contrib/federation/idp.py index 4118ce6cd..896129f01 100644 --- a/keystone/contrib/federation/idp.py +++ b/keystone/contrib/federation/idp.py @@ -15,6 +15,7 @@ import os import subprocess import uuid +from oslo.utils import timeutils import saml2 from saml2 import md from saml2 import saml @@ -27,7 +28,6 @@ from keystone import exception from keystone.i18n import _, _LE from keystone.openstack.common import fileutils from keystone.openstack.common import log -from keystone.openstack.common import timeutils LOG = log.getLogger(__name__) @@ -262,6 +262,7 @@ class SAMLGenerator(object): assertion = saml.Assertion() assertion.id = self.assertion_id assertion.issue_instant = timeutils.isotime() + assertion.version = '2.0' assertion.issuer = issuer assertion.signature = signature assertion.subject = subject diff --git a/keystone/contrib/federation/migrate_repo/versions/001_add_identity_provider_table.py b/keystone/contrib/federation/migrate_repo/versions/001_add_identity_provider_table.py index 1a522c206..8e05c9764 100644 --- a/keystone/contrib/federation/migrate_repo/versions/001_add_identity_provider_table.py +++ b/keystone/contrib/federation/migrate_repo/versions/001_add_identity_provider_table.py @@ -41,7 +41,7 @@ def upgrade(migrate_engine): def downgrade(migrate_engine): meta = sql.MetaData() meta.bind = migrate_engine - tables = ['identity_provider', 'federation_protocol'] + tables = ['federation_protocol', 'identity_provider'] for table_name in tables: table = sql.Table(table_name, meta, autoload=True) table.drop() diff --git a/keystone/contrib/oauth1/backends/sql.py b/keystone/contrib/oauth1/backends/sql.py index 9ad6cd4d6..0da772864 100644 --- a/keystone/contrib/oauth1/backends/sql.py +++ b/keystone/contrib/oauth1/backends/sql.py @@ -16,6 +16,7 @@ import datetime import random import uuid +from oslo.serialization import jsonutils from oslo.utils import timeutils import six @@ -23,7 +24,6 @@ from keystone.common import sql from keystone.contrib.oauth1 import core from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import jsonutils class Consumer(sql.ModelBase, sql.DictBase): diff --git a/keystone/contrib/oauth1/controllers.py b/keystone/contrib/oauth1/controllers.py index 837e5fd25..9316466f1 100644 --- a/keystone/contrib/oauth1/controllers.py +++ b/keystone/contrib/oauth1/controllers.py @@ -14,6 +14,7 @@ """Extensions supporting OAuth1.""" +from oslo.serialization import jsonutils from oslo.utils import timeutils from keystone.common import controller @@ -26,7 +27,6 @@ from keystone import exception from keystone.i18n import _ from keystone.models import token_model from keystone import notifications -from keystone.openstack.common import jsonutils CONF = config.CONF diff --git a/keystone/contrib/stats/__init__.py b/keystone/contrib/stats/__init__.py deleted file mode 100644 index f748cce9b..000000000 --- a/keystone/contrib/stats/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.contrib.stats.core import * # noqa diff --git a/keystone/contrib/stats/backends/__init__.py b/keystone/contrib/stats/backends/__init__.py deleted file mode 100644 index e69de29bb..000000000 --- a/keystone/contrib/stats/backends/__init__.py +++ /dev/null diff --git a/keystone/contrib/stats/backends/kvs.py b/keystone/contrib/stats/backends/kvs.py deleted file mode 100644 index 0cc9fb554..000000000 --- a/keystone/contrib/stats/backends/kvs.py +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.common import kvs -from keystone.contrib import stats - - -class Stats(kvs.Base, stats.Driver): - def get_stats(self, api): - return self.db.get('stats-%s' % api, {}) - - def set_stats(self, api, stats_ref): - self.db.set('stats-%s' % api, stats_ref) - - def increment_stat(self, api, category, value): - """Increment a statistic counter, or create it if it doesn't exist.""" - stats = self.get_stats(api) - stats.setdefault(category, dict()) - counter = stats[category].setdefault(value, 0) - stats[category][value] = counter + 1 - self.set_stats(api, stats) diff --git a/keystone/contrib/stats/core.py b/keystone/contrib/stats/core.py deleted file mode 100644 index 36d6ab4b0..000000000 --- a/keystone/contrib/stats/core.py +++ /dev/null @@ -1,160 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.common import extension -from keystone.common import manager -from keystone.common import wsgi -from keystone import config -from keystone import exception -from keystone.openstack.common import log -from keystone.openstack.common import versionutils - - -CONF = config.CONF -LOG = log.getLogger(__name__) - -extension_data = { - 'name': 'OpenStack Keystone Stats API', - 'namespace': 'http://docs.openstack.org/identity/api/ext/' - 'OS-STATS/v1.0', - 'alias': 'OS-STATS', - 'updated': '2013-07-07T12:00:0-00:00', - 'description': 'OpenStack Keystone Stats API.', - 'links': [ - { - 'rel': 'describedby', - # TODO(ayoung): needs a description - 'type': 'text/html', - 'href': 'https://github.com/openstack/identity-api', - } - ]} -extension.register_admin_extension(extension_data['alias'], extension_data) - - -class Manager(manager.Manager): - """Default pivot point for the Stats backend. - - See :mod:`keystone.common.manager.Manager` for more details on how this - dynamically calls the backend. - - """ - - def __init__(self): - super(Manager, self).__init__(CONF.stats.driver) - - -class Driver(object): - """Interface description for a Stats driver.""" - - def get_stats(self, api): - """Retrieve all previously-captured statistics for an interface.""" - raise exception.NotImplemented() - - def set_stats(self, api, stats_ref): - """Update statistics for an interface.""" - raise exception.NotImplemented() - - def increment_stat(self, api, category, value): - """Increment the counter for an individual statistic.""" - raise exception.NotImplemented() - - -class StatsExtension(wsgi.ExtensionRouter): - """Reports on previously-collected request/response statistics.""" - - def add_routes(self, mapper): - stats_controller = StatsController() - - mapper.connect( - '/OS-STATS/stats', - controller=stats_controller, - action='get_stats', - conditions=dict(method=['GET'])) - mapper.connect( - '/OS-STATS/stats', - controller=stats_controller, - action='reset_stats', - conditions=dict(method=['DELETE'])) - - -class StatsController(wsgi.Application): - def __init__(self): - self.stats_api = Manager() - super(StatsController, self).__init__() - - def get_stats(self, context): - self.assert_admin(context) - return { - 'OS-STATS:stats': [ - { - 'type': 'identity', - 'api': 'admin', - 'extra': self.stats_api.get_stats('admin'), - }, - { - 'type': 'identity', - 'api': 'public', - 'extra': self.stats_api.get_stats('public'), - }, - ] - } - - def reset_stats(self, context): - self.assert_admin(context) - self.stats_api.set_stats('public', dict()) - self.stats_api.set_stats('admin', dict()) - - -class StatsMiddleware(wsgi.Middleware): - """Monitors various request/response attribute statistics.""" - - request_attributes = ['application_url', - 'method', - 'path', - 'path_qs', - 'remote_addr'] - - response_attributes = ['status_int'] - - @versionutils.deprecated( - what='keystone.contrib.stats.core.StatsMiddleware', - as_of=versionutils.deprecated.ICEHOUSE, - in_favor_of='external tooling', - remove_in=+2) - def __init__(self, *args, **kwargs): - self.stats_api = Manager() - return super(StatsMiddleware, self).__init__(*args, **kwargs) - - def _resolve_api(self, host): - if host.endswith(':%s' % (CONF.admin_port)): - return 'admin' - elif host.endswith(':%s' % (CONF.public_port)): - return 'public' - else: - return host - - def capture_stats(self, host, obj, attributes): - """Collect each attribute from the given object.""" - for attribute in attributes: - self.stats_api.increment_stat( - self._resolve_api(host), attribute, getattr(obj, attribute)) - - def process_request(self, request): - """Monitor incoming request attributes.""" - self.capture_stats(request.host, request, self.request_attributes) - - def process_response(self, request, response): - """Monitor outgoing response attributes.""" - self.capture_stats(request.host, response, self.response_attributes) - return response diff --git a/keystone/controllers.py b/keystone/controllers.py index 52514af18..7bf469127 100644 --- a/keystone/controllers.py +++ b/keystone/controllers.py @@ -12,13 +12,13 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo.serialization import jsonutils import webob from keystone.common import extension from keystone.common import json_home from keystone.common import wsgi from keystone import exception -from keystone.openstack.common import jsonutils from keystone.openstack.common import log diff --git a/keystone/credential/controllers.py b/keystone/credential/controllers.py index 03626a955..5c171e5a3 100644 --- a/keystone/credential/controllers.py +++ b/keystone/credential/controllers.py @@ -14,13 +14,14 @@ import hashlib +from oslo.serialization import jsonutils + from keystone.common import controller from keystone.common import dependency from keystone.common import validation from keystone.credential import schema from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import jsonutils @dependency.requires('credential_api') diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py deleted file mode 100644 index 888c2306b..000000000 --- a/keystone/identity/backends/kvs.py +++ /dev/null @@ -1,294 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.common import kvs -from keystone.common import utils -from keystone import exception -from keystone.i18n import _ -from keystone import identity -from keystone.openstack.common import versionutils - - -class _UserIdToDomainId(object): - """User ID to domain ID mapping. - - Stores the user ID to domain ID mapping so that the domain for a user can - be looked up quickly. - - """ - - def __init__(self, db): - self.db = db - - def _calc_key(self, user_id): - """Calculate the key name for the "user ID to domain ID" field.""" - return ('user_domain-%s' % (user_id)) - - def notify_user_created(self, user_id, domain_id): - """Indicates that a user was created.""" - self.db.set(self._calc_key(user_id), domain_id) - - def notify_user_deleted(self, user_id): - """Indicates that a user was deleted. - - This needs to be called when a user is deleted to keep the database - clean. - - """ - self.db.delete(self._calc_key(user_id)) - - def get(self, user_id): - """Return the domain ID for a user.""" - return self.db.get(self._calc_key(user_id)) - - -class Identity(kvs.Base, identity.Driver): - - @versionutils.deprecated(versionutils.deprecated.JUNO, - in_favor_of='keystone.identity.backends.sql', - remove_in=+1, - what='keystone.identity.backends.kvs') - def __init__(self): - super(Identity, self).__init__() - self._user_id_to_domain_id = _UserIdToDomainId(self.db) - - def default_assignment_driver(self): - return "keystone.assignment.backends.kvs.Assignment" - - # Public interface - def authenticate(self, user_id, password): - user_ref = None - try: - user_ref = self._get_user(user_id) - except exception.UserNotFound: - raise AssertionError(_('Invalid user / password')) - if not utils.check_password(password, user_ref.get('password')): - raise AssertionError(_('Invalid user / password')) - return identity.filter_user(user_ref) - - def _get_user(self, user_id): - try: - return self.db.get('user-%s' % user_id) - except exception.NotFound: - raise exception.UserNotFound(user_id=user_id) - - def _calc_user_name_key(self, name, domain_id): - """Calculate the name of the "user name" key. - - Calculates the name of the key used to store the mapping of user name - and domain to user ID. This allows quick lookup of the user ID given - a user name and domain ID. - - """ - return ('user_name-%s-%s' % (domain_id, name)) - - def _get_user_by_name(self, user_name, domain_id): - try: - return self.db.get(self._calc_user_name_key(user_name, domain_id)) - except exception.NotFound: - raise exception.UserNotFound(user_id=user_name) - - def get_user(self, user_id): - return identity.filter_user(self._get_user(user_id)) - - def get_user_by_name(self, user_name, domain_id): - return identity.filter_user( - self._get_user_by_name(user_name, domain_id)) - - def list_users(self, hints): - user_ids = self.db.get('user_list', []) - return [self.get_user(x) for x in user_ids] - - # CRUD - def create_user(self, user_id, user): - try: - self.get_user(user_id) - except exception.UserNotFound: - pass - else: - msg = _('Duplicate ID, %s.') % user_id - raise exception.Conflict(type='user', details=msg) - - try: - self.get_user_by_name(user['name'], user['domain_id']) - except exception.UserNotFound: - pass - else: - msg = _('Duplicate name, %s.') % user['name'] - raise exception.Conflict(type='user', details=msg) - - user = utils.hash_user_password(user) - new_user = user.copy() - - new_user.setdefault('groups', []) - - self.db.set('user-%s' % user_id, new_user) - domain_id = user['domain_id'] - user_name_key = self._calc_user_name_key(new_user['name'], domain_id) - self.db.set(user_name_key, new_user) - self._user_id_to_domain_id.notify_user_created(user_id, domain_id) - user_list = set(self.db.get('user_list', [])) - user_list.add(user_id) - self.db.set('user_list', list(user_list)) - return identity.filter_user(new_user) - - def update_user(self, user_id, user): - try: - domain_id = self._user_id_to_domain_id.get(user_id) - except exception.NotFound: - raise exception.UserNotFound(user_id=user_id) - if 'name' in user: - user_key = self._calc_user_name_key(user['name'], domain_id) - existing = self.db.get(user_key, False) - if existing and user_id != existing['id']: - msg = _('Duplicate name, %s.') % user['name'] - raise exception.Conflict(type='user', details=msg) - # get the old name and delete it too - old_user = self.db.get('user-%s' % user_id) - new_user = old_user.copy() - user = utils.hash_user_password(user) - new_user.update(user) - self.db.delete(self._calc_user_name_key(old_user['name'], domain_id)) - self.db.set('user-%s' % user_id, new_user) - user_name_key = self._calc_user_name_key(new_user['name'], domain_id) - self.db.set(user_name_key, new_user) - return identity.filter_user(new_user) - - def add_user_to_group(self, user_id, group_id): - self.get_group(group_id) - user_ref = self._get_user(user_id) - groups = set(user_ref.get('groups', [])) - groups.add(group_id) - self.update_user(user_id, {'groups': list(groups)}) - - def check_user_in_group(self, user_id, group_id): - self.get_group(group_id) - user_ref = self._get_user(user_id) - if group_id not in set(user_ref.get('groups', [])): - raise exception.NotFound(_('User not found in group')) - - def remove_user_from_group(self, user_id, group_id): - self.get_group(group_id) - user_ref = self._get_user(user_id) - groups = set(user_ref.get('groups', [])) - try: - groups.remove(group_id) - except KeyError: - raise exception.NotFound(_('User not found in group')) - self.update_user(user_id, {'groups': list(groups)}) - - def list_users_in_group(self, group_id, hints): - self.get_group(group_id) - user_keys = (k for k in self.db.keys() if k.startswith('user-')) - user_refs = (self.db.get(key) for key in user_keys) - user_refs_for_group = (ref for ref in user_refs - if group_id in ref['groups']) - return [identity.filter_user(x) for x in user_refs_for_group] - - def list_groups_for_user(self, user_id, hints): - user_ref = self._get_user(user_id) - group_ids = user_ref.get('groups', []) - return [self.get_group(x) for x in group_ids] - - def delete_user(self, user_id): - try: - old_user = self.db.get('user-%s' % user_id) - except exception.NotFound: - raise exception.UserNotFound(user_id=user_id) - domain_id = self._user_id_to_domain_id.get(user_id) - self.db.delete(self._calc_user_name_key(old_user['name'], domain_id)) - self.db.delete('user-%s' % user_id) - self._user_id_to_domain_id.notify_user_deleted(user_id) - user_list = set(self.db.get('user_list', [])) - user_list.remove(user_id) - self.db.set('user_list', list(user_list)) - - # group crud - - def create_group(self, group_id, group): - try: - return self.db.get('group-%s' % group_id) - except exception.NotFound: - pass - else: - msg = _('Duplicate ID, %s.') % group_id - raise exception.Conflict(type='group', details=msg) - try: - self.db.get('group_name-%s' % group['name']) - except exception.NotFound: - pass - else: - msg = _('Duplicate name, %s.') % group['name'] - raise exception.Conflict(type='group', details=msg) - - self.db.set('group-%s' % group_id, group) - self.db.set('group_name-%s' % group['name'], group) - group_list = set(self.db.get('group_list', [])) - group_list.add(group_id) - self.db.set('group_list', list(group_list)) - return group - - def list_groups(self, hints): - group_ids = self.db.get('group_list', []) - return [self.get_group(x) for x in group_ids] - - def get_group(self, group_id): - try: - return self.db.get('group-%s' % group_id) - except exception.NotFound: - raise exception.GroupNotFound(group_id=group_id) - - def update_group(self, group_id, group): - # First, make sure we are not trying to change the - # name to one that is already in use - try: - self.db.get('group_name-%s' % group['name']) - except exception.NotFound: - pass - else: - msg = _('Duplicate name, %s.') % group['name'] - raise exception.Conflict(type='group', details=msg) - - # Now, get the old name and delete it - try: - old_group = self.db.get('group-%s' % group_id) - except exception.NotFound: - raise exception.GroupNotFound(group_id=group_id) - self.db.delete('group_name-%s' % old_group['name']) - - # Finally, actually do the update - self.db.set('group-%s' % group_id, group) - self.db.set('group_name-%s' % group['name'], group) - return group - - def delete_group(self, group_id): - try: - group = self.db.get('group-%s' % group_id) - except exception.NotFound: - raise exception.GroupNotFound(group_id=group_id) - # Delete any entries in the group lists of all users - user_keys = (k for k in self.db.keys() if k.startswith('user-')) - user_refs = (self.db.get(key) for key in user_keys) - for user_ref in user_refs: - groups = set(user_ref.get('groups', [])) - if group_id in groups: - groups.remove(group_id) - self.update_user(user_ref['id'], {'groups': list(groups)}) - - # Now delete the group itself - self.db.delete('group-%s' % group_id) - self.db.delete('group_name-%s' % group['name']) - group_list = set(self.db.get('group_list', [])) - group_list.remove(group_id) - self.db.set('group_list', list(group_list)) diff --git a/keystone/identity/backends/ldap.py b/keystone/identity/backends/ldap.py index aeabb7bb3..97bd6eb15 100644 --- a/keystone/identity/backends/ldap.py +++ b/keystone/identity/backends/ldap.py @@ -217,7 +217,14 @@ class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap): obj['enabled'] = ((enabled & self.enabled_mask) != self.enabled_mask) elif self.enabled_invert and not self.enabled_emulation: + # This could be a bool or a string. If it's a string, + # we need to convert it so we can invert it properly. enabled = obj.get('enabled', self.enabled_default) + if type(enabled) is str: + if enabled.lower == 'true': + enabled = True + else: + enabled = False obj['enabled'] = not enabled obj['dn'] = res[0] diff --git a/keystone/identity/core.py b/keystone/identity/core.py index b363c47c2..ef0b36f6f 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -20,6 +20,7 @@ import os import uuid from oslo.config import cfg +from oslo.utils import importutils import six from keystone import clean @@ -31,7 +32,6 @@ from keystone import exception from keystone.i18n import _ from keystone.identity.mapping_backends import mapping from keystone import notifications -from keystone.openstack.common import importutils from keystone.openstack.common import log diff --git a/keystone/locale/de/LC_MESSAGES/keystone-log-error.po b/keystone/locale/de/LC_MESSAGES/keystone-log-error.po index 74a782648..9615bcc22 100644 --- a/keystone/locale/de/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/de/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-07-16 14:42+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: German (http://www.transifex.com/projects/p/keystone/language/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/de/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/de/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index 890dbcdb7..000000000 --- a/keystone/locale/de/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,97 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: German (http://www.transifex.com/projects/p/keystone/language/" -"de/)\n" -"Language: de\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "PID %d nicht in Liste untergeordneter Elemente" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/locale/en_AU/LC_MESSAGES/keystone-log-error.po b/keystone/locale/en_AU/LC_MESSAGES/keystone-log-error.po index 40bdd6212..dc4d92a47 100644 --- a/keystone/locale/en_AU/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/en_AU/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-06-20 20:11+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: English (Australia) (http://www.transifex.com/projects/p/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/en_AU/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/en_AU/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index 0707bfc74..000000000 --- a/keystone/locale/en_AU/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,97 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: English (Australia) (http://www.transifex.com/projects/p/" -"keystone/language/en_AU/)\n" -"Language: en_AU\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "pid %d not in child list" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/locale/en_AU/LC_MESSAGES/keystone.po b/keystone/locale/en_AU/LC_MESSAGES/keystone.po index 5081a6451..06cf8356f 100644 --- a/keystone/locale/en_AU/LC_MESSAGES/keystone.po +++ b/keystone/locale/en_AU/LC_MESSAGES/keystone.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-24 06:01+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-04-19 01:30+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: English (Australia) " @@ -39,23 +39,23 @@ msgstr "%(property_name)s should not be greater than %(max_length)s characters." msgid "%(property_name)s is not a %(display_expected_type)s" msgstr "%(property_name)s is not a %(display_expected_type)s" -#: keystone/cli.py:141 +#: keystone/cli.py:144 msgid "keystone-manage pki_setup is not recommended for production use." msgstr "" -#: keystone/cli.py:160 +#: keystone/cli.py:164 msgid "keystone-manage ssl_setup is not recommended for production use." msgstr "" -#: keystone/cli.py:218 +#: keystone/cli.py:223 msgid "At least one option must be provided" msgstr "" -#: keystone/cli.py:225 +#: keystone/cli.py:230 msgid "--all option cannot be mixed with other options" msgstr "" -#: keystone/cli.py:234 +#: keystone/cli.py:239 #, python-format msgid "Unknown domain '%(name)s' specified by --domain-name" msgstr "" @@ -431,8 +431,8 @@ msgstr "" "Group %(group)s not found for role-assignment - %(target)s with Role: " "%(role)s" -#: keystone/assignment/core.py:103 keystone/token/core.py:72 -#: keystone/token/core.py:88 +#: keystone/assignment/core.py:103 keystone/token/core.py:66 +#: keystone/token/core.py:82 #, python-format msgid "Domain is disabled: %s" msgstr "Domain is disabled: %s" @@ -454,48 +454,38 @@ msgstr "" msgid "cannot delete a domain that is enabled, please disable it first." msgstr "" -#: keystone/assignment/core.py:617 +#: keystone/assignment/core.py:616 #, python-format msgid "Project (%s)" msgstr "Project (%s)" -#: keystone/assignment/core.py:619 +#: keystone/assignment/core.py:618 #, python-format msgid "Domain (%s)" msgstr "Domain (%s)" -#: keystone/assignment/core.py:621 +#: keystone/assignment/core.py:620 msgid "Unknown Target" msgstr "Unknown Target" -#: keystone/assignment/core.py:1107 keystone/common/controller.py:286 +#: keystone/assignment/core.py:1106 keystone/common/controller.py:286 #: keystone/identity/core.py:330 #, python-format msgid "Expected dict or list: %s" msgstr "Expected dict or list: %s" -#: keystone/assignment/backends/kvs.py:257 -#: keystone/assignment/backends/ldap.py:551 -#: keystone/assignment/backends/sql.py:405 -#, python-format -msgid "Cannot remove role that has not been granted, %s" -msgstr "Cannot remove role that has not been granted, %s" - #: keystone/assignment/backends/ldap.py:119 msgid "Domain metadata not supported by LDAP" msgstr "" #: keystone/assignment/backends/ldap.py:215 #: keystone/assignment/backends/ldap.py:259 keystone/catalog/core.py:100 -#: keystone/common/ldap/core.py:1378 keystone/identity/backends/kvs.py:120 -#: keystone/identity/backends/kvs.py:225 +#: keystone/common/ldap/core.py:1378 #, python-format msgid "Duplicate ID, %s." msgstr "Duplicate ID, %s." #: keystone/assignment/backends/ldap.py:223 keystone/common/ldap/core.py:1368 -#: keystone/identity/backends/kvs.py:128 keystone/identity/backends/kvs.py:155 -#: keystone/identity/backends/kvs.py:232 keystone/identity/backends/kvs.py:260 #, python-format msgid "Duplicate name, %s." msgstr "Duplicate name, %s." @@ -521,7 +511,13 @@ msgstr "" msgid "Role %s not found" msgstr "Role %s not found" -#: keystone/assignment/backends/ldap.py:645 +#: keystone/assignment/backends/ldap.py:551 +#: keystone/assignment/backends/sql.py:405 +#, python-format +msgid "Cannot remove role that has not been granted, %s" +msgstr "Cannot remove role that has not been granted, %s" + +#: keystone/assignment/backends/ldap.py:647 #, python-format msgid "Cannot duplicate name %s" msgstr "" @@ -712,11 +708,11 @@ msgstr "" msgid "A domain-scoped token must be used" msgstr "" -#: keystone/common/dependency.py:83 +#: keystone/common/dependency.py:87 msgid "event_callbacks must be a dict" msgstr "" -#: keystone/common/dependency.py:88 +#: keystone/common/dependency.py:92 #, python-format msgid "event_callbacks[%s] must be a dict" msgstr "" @@ -1039,24 +1035,24 @@ msgid "" "%(resource_type)s, operation %(operation)s payload %(payload)s" msgstr "" -#: keystone/contrib/federation/controllers.py:280 +#: keystone/contrib/federation/controllers.py:279 msgid "Use a project scoped token when attempting tocreate a SAML assertion" msgstr "" -#: keystone/contrib/federation/idp.py:448 +#: keystone/contrib/federation/idp.py:449 #, python-format msgid "Cannot open certificate %(cert_file)s. Reason: %(reason)s" msgstr "" -#: keystone/contrib/federation/idp.py:515 +#: keystone/contrib/federation/idp.py:516 msgid "Ensure configuration option idp_entity_id is set." msgstr "" -#: keystone/contrib/federation/idp.py:518 +#: keystone/contrib/federation/idp.py:519 msgid "Ensure configuration option idp_sso_endpoint is set." msgstr "" -#: keystone/contrib/federation/idp.py:538 +#: keystone/contrib/federation/idp.py:539 msgid "" "idp_contact_type must be one of: [technical, other, support, " "administrative or billing." @@ -1190,15 +1186,14 @@ msgstr "Invalid domain name (%s) found in config file name" msgid "Unable to locate domain config directory: %s" msgstr "Unable to locate domain config directory: %s" -#: keystone/identity/core.py:220 keystone/identity/backends/kvs.py:75 -#: keystone/identity/backends/kvs.py:77 keystone/identity/backends/ldap.py:59 +#: keystone/identity/core.py:220 keystone/identity/backends/ldap.py:59 #: keystone/identity/backends/ldap.py:61 keystone/identity/backends/ldap.py:67 #: keystone/identity/backends/ldap.py:69 keystone/identity/backends/sql.py:112 #: keystone/identity/backends/sql.py:114 msgid "Invalid user / password" msgstr "" -#: keystone/identity/core.py:594 keystone/token/core.py:64 +#: keystone/identity/core.py:594 keystone/token/core.py:58 #, python-format msgid "User is disabled: %s" msgstr "User is disabled: %s" @@ -1207,10 +1202,6 @@ msgstr "User is disabled: %s" msgid "Cannot change user ID" msgstr "" -#: keystone/identity/backends/kvs.py:179 keystone/identity/backends/kvs.py:188 -msgid "User not found in group" -msgstr "User not found in group" - #: keystone/identity/backends/ldap.py:99 msgid "Cannot change user name" msgstr "" @@ -1221,7 +1212,7 @@ msgstr "" msgid "User '%(user_id)s' not found in group '%(group_id)s'" msgstr "" -#: keystone/identity/backends/ldap.py:330 +#: keystone/identity/backends/ldap.py:337 #, python-format msgid "User %(user_id)s is already a member of group %(group_id)s" msgstr "User %(user_id)s is already a member of group %(group_id)s" @@ -1373,16 +1364,16 @@ msgstr "" msgid "Failed to checkout %s" msgstr "Failed to checkout %s" -#: keystone/token/controllers.py:391 +#: keystone/token/controllers.py:389 #, python-format msgid "User %(u_id)s is unauthorized for tenant %(t_id)s" msgstr "User %(u_id)s is unauthorized for tenant %(t_id)s" -#: keystone/token/controllers.py:410 keystone/token/controllers.py:413 +#: keystone/token/controllers.py:408 keystone/token/controllers.py:411 msgid "Token does not belong to specified tenant." msgstr "Token does not belong to specified tenant." -#: keystone/token/core.py:79 +#: keystone/token/core.py:73 #, python-format msgid "Tenant is disabled: %s" msgstr "Tenant is disabled: %s" diff --git a/keystone/locale/en_GB/LC_MESSAGES/keystone-log-error.po b/keystone/locale/en_GB/LC_MESSAGES/keystone-log-error.po index 849d0be08..077a4027e 100644 --- a/keystone/locale/en_GB/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/en_GB/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-06-20 20:11+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: English (United Kingdom) (http://www.transifex.com/projects/p/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/en_GB/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/en_GB/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index b74a585e7..000000000 --- a/keystone/locale/en_GB/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,98 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -# Andi Chandler <andi@gowling.com>, 2014 -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-07-25 15:11+0000\n" -"Last-Translator: Andi Chandler <andi@gowling.com>\n" -"Language-Team: English (United Kingdom) (http://www.transifex.com/projects/p/" -"keystone/language/en_GB/)\n" -"Language: en_GB\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "task %(func_name)s run outlasted interval by %(delay).2f sec" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "pid %d not in child list" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/locale/en_US/LC_MESSAGES/keystone.po b/keystone/locale/en_US/LC_MESSAGES/keystone.po deleted file mode 100644 index d3ceeb9f2..000000000 --- a/keystone/locale/en_US/LC_MESSAGES/keystone.po +++ /dev/null @@ -1,1470 +0,0 @@ -# English (United States) translations for keystone. -# Copyright (C) 2013 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-24 06:01+0000\n" -"PO-Revision-Date: 2013-07-29 22:01+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: English (United States) " -"(http://www.transifex.com/projects/p/openstack/language/en_US/)\n" -"Plural-Forms: nplurals=2; plural=(n != 1)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" - -#: keystone/clean.py:24 -#, python-format -msgid "%s cannot be empty." -msgstr "" - -#: keystone/clean.py:26 -#, python-format -msgid "%(property_name)s cannot be less than %(min_length)s characters." -msgstr "" - -#: keystone/clean.py:31 -#, python-format -msgid "%(property_name)s should not be greater than %(max_length)s characters." -msgstr "" - -#: keystone/clean.py:40 -#, python-format -msgid "%(property_name)s is not a %(display_expected_type)s" -msgstr "" - -#: keystone/cli.py:141 -msgid "keystone-manage pki_setup is not recommended for production use." -msgstr "" - -#: keystone/cli.py:160 -msgid "keystone-manage ssl_setup is not recommended for production use." -msgstr "" - -#: keystone/cli.py:218 -msgid "At least one option must be provided" -msgstr "" - -#: keystone/cli.py:225 -msgid "--all option cannot be mixed with other options" -msgstr "" - -#: keystone/cli.py:234 -#, python-format -msgid "Unknown domain '%(name)s' specified by --domain-name" -msgstr "" - -#: keystone/exception.py:49 -msgid "missing exception kwargs (programmer error)" -msgstr "" - -#: keystone/exception.py:79 -#, python-format -msgid "" -"Expecting to find %(attribute)s in %(target)s - the server could not " -"comply with the request since it is either malformed or otherwise " -"incorrect. The client is assumed to be in error." -msgstr "" - -#: keystone/exception.py:90 -#, python-format -msgid "%(detail)s" -msgstr "" - -#: keystone/exception.py:94 -msgid "" -"Timestamp not in expected format. The server could not comply with the " -"request since it is either malformed or otherwise incorrect. The client " -"is assumed to be in error." -msgstr "" - -#: keystone/exception.py:103 -#, python-format -msgid "" -"String length exceeded.The length of string '%(string)s' exceeded the " -"limit of column %(type)s(CHAR(%(length)d))." -msgstr "" - -#: keystone/exception.py:109 -#, python-format -msgid "" -"Request attribute %(attribute)s must be less than or equal to %(size)i. " -"The server could not comply with the request because the attribute size " -"is invalid (too large). The client is assumed to be in error." -msgstr "" - -#: keystone/exception.py:119 -#, python-format -msgid "" -"The password length must be less than or equal to %(size)i. The server " -"could not comply with the request because the password is invalid." -msgstr "" - -#: keystone/exception.py:127 -#, python-format -msgid "" -"Unable to delete region %(region_id)s because it or its child regions " -"have associated endpoints." -msgstr "" - -#: keystone/exception.py:134 -msgid "" -"The certificates you requested are not available. It is likely that this " -"server does not use PKI tokens otherwise this is the result of " -"misconfiguration." -msgstr "" - -#: keystone/exception.py:143 -msgid "(Disable debug mode to suppress these details.)" -msgstr "" - -#: keystone/exception.py:148 -#, python-format -msgid "%(message)s %(amendment)s" -msgstr "" - -#: keystone/exception.py:156 -msgid "The request you have made requires authentication." -msgstr "" - -#: keystone/exception.py:162 -msgid "Authentication plugin error." -msgstr "" - -#: keystone/exception.py:170 -#, python-format -msgid "Unable to find valid groups while using mapping %(mapping_id)s" -msgstr "" - -#: keystone/exception.py:175 -msgid "Attempted to authenticate with an unsupported method." -msgstr "" - -#: keystone/exception.py:183 -msgid "Additional authentications steps required." -msgstr "" - -#: keystone/exception.py:191 -msgid "You are not authorized to perform the requested action." -msgstr "" - -#: keystone/exception.py:198 -#, python-format -msgid "You are not authorized to perform the requested action: %(action)s" -msgstr "" - -#: keystone/exception.py:203 -#, python-format -msgid "" -"Could not change immutable attribute(s) '%(attributes)s' in target " -"%(target)s" -msgstr "" - -#: keystone/exception.py:208 -#, python-format -msgid "" -"Group membership across backend boundaries is not allowed, group in " -"question is %(group_id)s, user is %(user_id)s" -msgstr "" - -#: keystone/exception.py:214 -#, python-format -msgid "" -"Invalid mix of entities for policy association - only Endpoint, Service " -"or Region+Service allowed. Request was - Endpoint: %(endpoint_id)s, " -"Service: %(service_id)s, Region: %(region_id)s" -msgstr "" - -#: keystone/exception.py:221 -#, python-format -msgid "Could not find: %(target)s" -msgstr "" - -#: keystone/exception.py:227 -#, python-format -msgid "Could not find endpoint: %(endpoint_id)s" -msgstr "" - -#: keystone/exception.py:234 -msgid "An unhandled exception has occurred: Could not find metadata." -msgstr "" - -#: keystone/exception.py:239 -#, python-format -msgid "Could not find policy: %(policy_id)s" -msgstr "" - -#: keystone/exception.py:243 -msgid "Could not find policy association" -msgstr "" - -#: keystone/exception.py:247 -#, python-format -msgid "Could not find role: %(role_id)s" -msgstr "" - -#: keystone/exception.py:251 -#, python-format -msgid "Could not find region: %(region_id)s" -msgstr "" - -#: keystone/exception.py:255 -#, python-format -msgid "Could not find service: %(service_id)s" -msgstr "" - -#: keystone/exception.py:259 -#, python-format -msgid "Could not find domain: %(domain_id)s" -msgstr "" - -#: keystone/exception.py:263 -#, python-format -msgid "Could not find project: %(project_id)s" -msgstr "" - -#: keystone/exception.py:267 -#, python-format -msgid "Could not find token: %(token_id)s" -msgstr "" - -#: keystone/exception.py:271 -#, python-format -msgid "Could not find user: %(user_id)s" -msgstr "" - -#: keystone/exception.py:275 -#, python-format -msgid "Could not find group: %(group_id)s" -msgstr "" - -#: keystone/exception.py:279 -#, python-format -msgid "Could not find mapping: %(mapping_id)s" -msgstr "" - -#: keystone/exception.py:283 -#, python-format -msgid "Could not find trust: %(trust_id)s" -msgstr "" - -#: keystone/exception.py:287 -#, python-format -msgid "No remaining uses for trust: %(trust_id)s" -msgstr "" - -#: keystone/exception.py:291 -#, python-format -msgid "Could not find credential: %(credential_id)s" -msgstr "" - -#: keystone/exception.py:295 -#, python-format -msgid "Could not find version: %(version)s" -msgstr "" - -#: keystone/exception.py:299 -#, python-format -msgid "Could not find Endpoint Group: %(endpoint_group_id)s" -msgstr "" - -#: keystone/exception.py:303 -#, python-format -msgid "Could not find Identity Provider: %(idp_id)s" -msgstr "" - -#: keystone/exception.py:307 -#, python-format -msgid "" -"Could not find federated protocol %(protocol_id)s for Identity Provider: " -"%(idp_id)s" -msgstr "" - -#: keystone/exception.py:318 -#, python-format -msgid "Conflict occurred attempting to store %(type)s - %(details)s" -msgstr "" - -#: keystone/exception.py:325 -msgid "Request is too large." -msgstr "" - -#: keystone/exception.py:332 -msgid "An unexpected error prevented the server from fulfilling your request." -msgstr "" - -#: keystone/exception.py:335 -#, python-format -msgid "" -"An unexpected error prevented the server from fulfilling your request: " -"%(exception)s" -msgstr "" - -#: keystone/exception.py:358 -#, python-format -msgid "Unable to consume trust %(trust_id)s, unable to acquire lock." -msgstr "" - -#: keystone/exception.py:363 -msgid "" -"Expected signing certificates are not available on the server. Please " -"check Keystone configuration." -msgstr "" - -#: keystone/exception.py:369 -#, python-format -msgid "Malformed endpoint URL (%(endpoint)s), see ERROR log for details." -msgstr "" - -#: keystone/exception.py:374 -#, python-format -msgid "" -"Group %(group_id)s returned by mapping %(mapping_id)s was not found in " -"the backend." -msgstr "" - -#: keystone/exception.py:379 -#, python-format -msgid "Error while reading metadata file, %(reason)s" -msgstr "" - -#: keystone/exception.py:383 -msgid "The action you have requested has not been implemented." -msgstr "" - -#: keystone/exception.py:390 -msgid "The service you have requested is no longer available on this server." -msgstr "" - -#: keystone/exception.py:397 -#, python-format -msgid "The Keystone configuration file %(config_file)s could not be found." -msgstr "" - -#: keystone/exception.py:402 -#, python-format -msgid "" -"The Keystone domain configuration file %(config_file)s defines an " -"additional SQL driver - only one is permitted." -msgstr "" - -#: keystone/exception.py:409 -#, python-format -msgid "" -"%(mod_name)s doesn't provide database migrations. The migration " -"repository path at %(path)s doesn't exist or isn't a directory." -msgstr "" - -#: keystone/exception.py:421 -#, python-format -msgid "" -"Unable to sign SAML assertion. It is likely that this server does not " -"have xmlsec1 installed, or this is the result of misconfiguration. Reason" -" %(reason)s" -msgstr "" - -#: keystone/notifications.py:167 -#, python-format -msgid "%(event)s is not a valid notification event, must be one of: %(actions)s" -msgstr "" - -#: keystone/notifications.py:223 -msgid "Failed to construct notifier" -msgstr "" - -#: keystone/notifications.py:267 -#, python-format -msgid "Failed to send %(res_id)s %(event_type)s notification" -msgstr "" - -#: keystone/notifications.py:455 -#, python-format -msgid "Failed to send %(action)s %(event_type)s notification" -msgstr "" - -#: keystone/assignment/controllers.py:77 -#, python-format -msgid "Authentication failed: %s" -msgstr "" - -#: keystone/assignment/controllers.py:110 -#: keystone/assignment/controllers.py:224 keystone/identity/controllers.py:67 -msgid "Name field is required and cannot be empty" -msgstr "" - -#: keystone/assignment/controllers.py:165 -msgid "Marker could not be found" -msgstr "" - -#: keystone/assignment/controllers.py:176 -msgid "Invalid limit value" -msgstr "" - -#: keystone/assignment/controllers.py:479 -msgid "Specify a domain or project, not both" -msgstr "" - -#: keystone/assignment/controllers.py:484 -msgid "Specify a user or group, not both" -msgstr "" - -#: keystone/assignment/controllers.py:712 -#, python-format -msgid "" -"Group %(group)s not found for role-assignment - %(target)s with Role: " -"%(role)s" -msgstr "" - -#: keystone/assignment/core.py:103 keystone/token/core.py:72 -#: keystone/token/core.py:88 -#, python-format -msgid "Domain is disabled: %s" -msgstr "" - -#: keystone/assignment/core.py:114 -#, python-format -msgid "Project is disabled: %s" -msgstr "" - -#: keystone/assignment/core.py:325 -msgid "Multiple domains are not supported" -msgstr "" - -#: keystone/assignment/core.py:385 -msgid "delete the default domain" -msgstr "" - -#: keystone/assignment/core.py:396 -msgid "cannot delete a domain that is enabled, please disable it first." -msgstr "" - -#: keystone/assignment/core.py:617 -#, python-format -msgid "Project (%s)" -msgstr "" - -#: keystone/assignment/core.py:619 -#, python-format -msgid "Domain (%s)" -msgstr "" - -#: keystone/assignment/core.py:621 -msgid "Unknown Target" -msgstr "" - -#: keystone/assignment/core.py:1107 keystone/common/controller.py:286 -#: keystone/identity/core.py:330 -#, python-format -msgid "Expected dict or list: %s" -msgstr "" - -#: keystone/assignment/backends/kvs.py:257 -#: keystone/assignment/backends/ldap.py:551 -#: keystone/assignment/backends/sql.py:405 -#, python-format -msgid "Cannot remove role that has not been granted, %s" -msgstr "" - -#: keystone/assignment/backends/ldap.py:119 -msgid "Domain metadata not supported by LDAP" -msgstr "" - -#: keystone/assignment/backends/ldap.py:215 -#: keystone/assignment/backends/ldap.py:259 keystone/catalog/core.py:100 -#: keystone/common/ldap/core.py:1378 keystone/identity/backends/kvs.py:120 -#: keystone/identity/backends/kvs.py:225 -#, python-format -msgid "Duplicate ID, %s." -msgstr "" - -#: keystone/assignment/backends/ldap.py:223 keystone/common/ldap/core.py:1368 -#: keystone/identity/backends/kvs.py:128 keystone/identity/backends/kvs.py:155 -#: keystone/identity/backends/kvs.py:232 keystone/identity/backends/kvs.py:260 -#, python-format -msgid "Duplicate name, %s." -msgstr "" - -#: keystone/assignment/backends/ldap.py:261 -#: keystone/assignment/backends/ldap.py:269 -#: keystone/assignment/backends/ldap.py:273 -msgid "Domains are read-only against LDAP" -msgstr "" - -#: keystone/assignment/backends/ldap.py:313 -#: keystone/assignment/backends/sql.py:145 -msgid "Inherited roles can only be assigned to domains" -msgstr "" - -#: keystone/assignment/backends/ldap.py:530 -#, python-format -msgid "User %(user_id)s already has role %(role_id)s in tenant %(tenant_id)s" -msgstr "" - -#: keystone/assignment/backends/ldap.py:536 -#, python-format -msgid "Role %s not found" -msgstr "" - -#: keystone/assignment/backends/ldap.py:645 -#, python-format -msgid "Cannot duplicate name %s" -msgstr "" - -#: keystone/assignment/backends/sql.py:132 -#, python-format -msgid "" -"Unexpected combination of grant attributes - User, Group, Project, " -"Domain: %s" -msgstr "" - -#: keystone/assignment/backends/sql.py:323 -msgid "Must specify either domain or project" -msgstr "" - -#: keystone/assignment/backends/sql.py:426 -#, python-format -msgid "Unexpected assignment type encountered, %s" -msgstr "" - -#: keystone/auth/controllers.py:60 -#, python-format -msgid "" -"Cannot load an auth-plugin by class-name without a \"method\" attribute " -"defined: %s" -msgstr "" - -#: keystone/auth/controllers.py:71 -#, python-format -msgid "" -"Auth plugin %(plugin)s is requesting previously registered method " -"%(method)s" -msgstr "" - -#: keystone/auth/controllers.py:115 -#, python-format -msgid "" -"Unable to reconcile identity attribute %(attribute)s as it has " -"conflicting values %(new)s and %(old)s" -msgstr "" - -#: keystone/auth/controllers.py:332 -msgid "Scoping to both domain and project is not allowed" -msgstr "" - -#: keystone/auth/controllers.py:335 -msgid "Scoping to both domain and trust is not allowed" -msgstr "" - -#: keystone/auth/controllers.py:338 -msgid "Scoping to both project and trust is not allowed" -msgstr "" - -#: keystone/auth/controllers.py:441 -#, python-format -msgid "" -"User %(user_id)s doesn't have access to default project %(project_id)s. " -"The token will be unscoped rather than scoped to the project." -msgstr "" - -#: keystone/auth/controllers.py:448 -#, python-format -msgid "" -"User %(user_id)s's default project %(project_id)s is disabled. The token " -"will be unscoped rather than scoped to the project." -msgstr "" - -#: keystone/auth/controllers.py:457 -#, python-format -msgid "" -"User %(user_id)s's default project %(project_id)s not found. The token " -"will be unscoped rather than scoped to the project." -msgstr "" - -#: keystone/auth/controllers.py:503 -msgid "User not found" -msgstr "" - -#: keystone/auth/controllers.py:613 -msgid "A project-scoped token is required to produce a service catalog." -msgstr "" - -#: keystone/auth/plugins/external.py:46 -msgid "No authenticated user" -msgstr "" - -#: keystone/auth/plugins/external.py:56 -#, python-format -msgid "Unable to lookup user %s" -msgstr "" - -#: keystone/auth/plugins/external.py:107 -msgid "auth_type is not Negotiate" -msgstr "" - -#: keystone/auth/plugins/oauth1.py:39 -#, python-format -msgid "%s not supported" -msgstr "" - -#: keystone/auth/plugins/oauth1.py:57 -msgid "Access token is expired" -msgstr "" - -#: keystone/auth/plugins/oauth1.py:71 -msgid "Could not validate the access token" -msgstr "" - -#: keystone/auth/plugins/password.py:134 -msgid "Invalid username or password" -msgstr "" - -#: keystone/catalog/controllers.py:165 -#, python-format -msgid "Conflicting region IDs specified: \"%(url_id)s\" != \"%(ref_id)s\"" -msgstr "" - -#: keystone/catalog/core.py:56 -#, python-format -msgid "Malformed endpoint - %(url)r is not a string" -msgstr "" - -#: keystone/common/authorization.py:46 keystone/common/wsgi.py:60 -#, python-format -msgid "token reference must be a KeystoneToken type, got: %s" -msgstr "" - -#: keystone/common/authorization.py:54 -msgid "RBAC: Invalid user data in token" -msgstr "" - -#: keystone/common/base64utils.py:205 keystone/common/base64utils.py:278 -#: keystone/common/base64utils.py:332 -msgid "pad must be single character" -msgstr "" - -#: keystone/common/base64utils.py:211 -#, python-format -msgid "text is multiple of 4, but pad \"%s\" occurs before 2nd to last char" -msgstr "" - -#: keystone/common/base64utils.py:215 -#, python-format -msgid "text is multiple of 4, but pad \"%s\" occurs before non-pad last char" -msgstr "" - -#: keystone/common/base64utils.py:221 -#, python-format -msgid "text is not a multiple of 4, but contains pad \"%s\"" -msgstr "" - -#: keystone/common/base64utils.py:240 keystone/common/base64utils.py:261 -msgid "padded base64url text must be multiple of 4 characters" -msgstr "" - -#: keystone/common/controller.py:77 keystone/middleware/core.py:265 -msgid "RBAC: Invalid token" -msgstr "" - -#: keystone/common/controller.py:102 keystone/common/controller.py:199 -#: keystone/common/controller.py:659 -msgid "RBAC: Bypassing authorization" -msgstr "" - -#: keystone/common/controller.py:556 -msgid "Cannot change Domain ID" -msgstr "" - -#: keystone/common/controller.py:585 -msgid "domain_id is required as part of entity" -msgstr "" - -#: keystone/common/controller.py:588 keystone/common/controller.py:623 -msgid "Invalid token found while getting domain ID for list request" -msgstr "" - -#: keystone/common/controller.py:596 -msgid "No domain information specified as part of list request" -msgstr "" - -#: keystone/common/controller.py:620 -msgid "A domain-scoped token must be used" -msgstr "" - -#: keystone/common/dependency.py:83 -msgid "event_callbacks must be a dict" -msgstr "" - -#: keystone/common/dependency.py:88 -#, python-format -msgid "event_callbacks[%s] must be a dict" -msgstr "" - -#: keystone/common/pemutils.py:223 -#, python-format -msgid "unknown pem_type \"%(pem_type)s\", valid types are: %(valid_pem_types)s" -msgstr "" - -#: keystone/common/pemutils.py:242 -#, python-format -msgid "" -"unknown pem header \"%(pem_header)s\", valid headers are: " -"%(valid_pem_headers)s" -msgstr "" - -#: keystone/common/pemutils.py:298 -#, python-format -msgid "failed to find end matching \"%s\"" -msgstr "" - -#: keystone/common/pemutils.py:302 -#, python-format -msgid "" -"beginning & end PEM headers do not match (%(begin_pem_header)s!= " -"%(end_pem_header)s)" -msgstr "" - -#: keystone/common/pemutils.py:377 -#, python-format -msgid "unknown pem_type: \"%s\"" -msgstr "" - -#: keystone/common/pemutils.py:389 -#, python-format -msgid "" -"failed to base64 decode %(pem_type)s PEM at position%(position)d: " -"%(err_msg)s" -msgstr "" - -#: keystone/common/serializer.py:50 -msgid "lxml is not installed." -msgstr "" - -#: keystone/common/serializer.py:224 -msgid "Multiple truncation attributes found" -msgstr "" - -#: keystone/common/utils.py:98 -#, python-format -msgid "Truncating user password to %d characters." -msgstr "" - -#: keystone/common/utils.py:196 keystone/credential/controllers.py:43 -msgid "Invalid blob in credential" -msgstr "" - -#: keystone/common/utils.py:275 -msgid "" -"Error setting up the debug environment. Verify that the option --debug-" -"url has the format <host>:<port> and that a debugger processes is " -"listening on that port." -msgstr "" - -#: keystone/common/wsgi.py:315 -#, python-format -msgid "%s field is required and cannot be empty" -msgstr "" - -#: keystone/common/wsgi.py:327 -#, python-format -msgid "%s field(s) cannot be empty" -msgstr "" - -#: keystone/common/wsgi.py:544 -msgid "The resource could not be found." -msgstr "" - -#: keystone/common/cache/_memcache_pool.py:100 -#, python-format -msgid "Unable to get a connection from pool id %(id)s after %(seconds)s seconds." -msgstr "" - -#: keystone/common/cache/core.py:101 -#, python-format -msgid "" -"Unable to build cache config-key. Expected format \"<argname>:<value>\". " -"Skipping unknown format: %s" -msgstr "" - -#: keystone/common/cache/core.py:133 -msgid "region not type dogpile.cache.CacheRegion" -msgstr "" - -#: keystone/common/cache/backends/mongo.py:231 -msgid "db_hosts value is required" -msgstr "" - -#: keystone/common/cache/backends/mongo.py:236 -msgid "database db_name is required" -msgstr "" - -#: keystone/common/cache/backends/mongo.py:241 -msgid "cache_collection name is required" -msgstr "" - -#: keystone/common/cache/backends/mongo.py:252 -msgid "integer value expected for w (write concern attribute)" -msgstr "" - -#: keystone/common/cache/backends/mongo.py:260 -msgid "replicaset_name required when use_replica is True" -msgstr "" - -#: keystone/common/cache/backends/mongo.py:275 -msgid "integer value expected for mongo_ttl_seconds" -msgstr "" - -#: keystone/common/cache/backends/mongo.py:301 -msgid "no ssl support available" -msgstr "" - -#: keystone/common/cache/backends/mongo.py:310 -#, python-format -msgid "" -"Invalid ssl_cert_reqs value of %s, must be one of \"NONE\", \"OPTIONAL\"," -" \"REQUIRED\"" -msgstr "" - -#: keystone/common/cache/backends/mongo.py:403 -#, python-format -msgid "" -"TTL index already exists on db collection <%(c_name)s>, remove index " -"<%(indx_name)s> first to make updated mongo_ttl_seconds value to be " -"effective" -msgstr "" - -#: keystone/common/environment/eventlet_server.py:187 -msgid "Server error" -msgstr "" - -#: keystone/common/kvs/core.py:71 -#, python-format -msgid "Lock Timeout occurred for key, %(target)s" -msgstr "" - -#: keystone/common/kvs/core.py:106 -#, python-format -msgid "KVS region %s is already configured. Cannot reconfigure." -msgstr "" - -#: keystone/common/kvs/core.py:145 -#, python-format -msgid "Key Value Store not configured: %s" -msgstr "" - -#: keystone/common/kvs/core.py:198 -msgid "`key_mangler` option must be a function reference" -msgstr "" - -#: keystone/common/kvs/core.py:352 -#, python-format -msgid "Lock key must match target key: %(lock)s != %(target)s" -msgstr "" - -#: keystone/common/kvs/core.py:356 -msgid "Must be called within an active lock context." -msgstr "" - -#: keystone/common/kvs/backends/memcached.py:73 -#, python-format -msgid "Maximum lock attempts on %s occurred." -msgstr "" - -#: keystone/common/kvs/backends/memcached.py:112 -#, python-format -msgid "" -"Backend `%(driver)s` is not a valid memcached backend. Valid drivers: " -"%(driver_list)s" -msgstr "" - -#: keystone/common/kvs/backends/memcached.py:183 -msgid "`key_mangler` functions must be callable." -msgstr "" - -#: keystone/common/ldap/core.py:186 -#, python-format -msgid "Invalid LDAP deref option: %(option)s. Choose one of: %(options)s" -msgstr "" - -#: keystone/common/ldap/core.py:196 -#, python-format -msgid "Invalid LDAP TLS certs option: %(option)s. Choose one of: %(options)s" -msgstr "" - -#: keystone/common/ldap/core.py:208 -#, python-format -msgid "Invalid LDAP scope: %(scope)s. Choose one of: %(options)s" -msgstr "" - -#: keystone/common/ldap/core.py:583 -msgid "Invalid TLS / LDAPS combination" -msgstr "" - -#: keystone/common/ldap/core.py:588 -#, python-format -msgid "Invalid LDAP TLS_AVAIL option: %s. TLS not available" -msgstr "" - -#: keystone/common/ldap/core.py:598 -#, python-format -msgid "tls_cacertfile %s not found or is not a file" -msgstr "" - -#: keystone/common/ldap/core.py:610 -#, python-format -msgid "tls_cacertdir %s not found or is not a directory" -msgstr "" - -#: keystone/common/ldap/core.py:1303 -#, python-format -msgid "ID attribute %(id_attr)s not found in LDAP object %(dn)s" -msgstr "" - -#: keystone/common/ldap/core.py:1347 -#, python-format -msgid "LDAP %s create" -msgstr "" - -#: keystone/common/ldap/core.py:1352 -#, python-format -msgid "LDAP %s update" -msgstr "" - -#: keystone/common/ldap/core.py:1357 -#, python-format -msgid "LDAP %s delete" -msgstr "" - -#: keystone/common/ldap/core.py:1499 -#, python-format -msgid "Cannot change %(option_name)s %(attr)s" -msgstr "" - -#: keystone/common/ldap/core.py:1586 -#, python-format -msgid "Member %(member)s is already a member of group %(group)s" -msgstr "" - -#: keystone/common/ldap/core.py:1635 -#, python-format -msgid "" -"When deleting entries for %(search_base)s, could not delete nonexistent " -"entries %(entries)s%(dots)s" -msgstr "" - -#: keystone/common/sql/core.py:219 -msgid "" -"Cannot truncate a driver call without hints list as first parameter after" -" self " -msgstr "" - -#: keystone/common/sql/core.py:401 -msgid "Duplicate Entry" -msgstr "" - -#: keystone/common/sql/core.py:417 -#, python-format -msgid "An unexpected error occurred when trying to store %s" -msgstr "" - -#: keystone/common/sql/migration_helpers.py:184 -#: keystone/common/sql/migration_helpers.py:223 -#, python-format -msgid "%s extension does not exist." -msgstr "" - -#: keystone/common/validation/validators.py:54 -#, python-format -msgid "Invalid input for field '%(path)s'. The value is '%(value)s'." -msgstr "" - -#: keystone/contrib/ec2/controllers.py:318 -msgid "Token belongs to another user" -msgstr "" - -#: keystone/contrib/ec2/controllers.py:346 -msgid "Credential belongs to another user" -msgstr "" - -#: keystone/contrib/endpoint_filter/backends/sql.py:69 -#, python-format -msgid "Endpoint %(endpoint_id)s not found in project %(project_id)s" -msgstr "" - -#: keystone/contrib/endpoint_filter/backends/sql.py:180 -msgid "Endpoint Group Project Association not found" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:258 -#, python-format -msgid "No policy is associated with endpoint %(endpoint_id)s." -msgstr "" - -#: keystone/contrib/example/core.py:64 keystone/contrib/example/core.py:73 -#, python-format -msgid "" -"Received the following notification: service %(service)s, resource_type: " -"%(resource_type)s, operation %(operation)s payload %(payload)s" -msgstr "" - -#: keystone/contrib/federation/controllers.py:280 -msgid "Use a project scoped token when attempting tocreate a SAML assertion" -msgstr "" - -#: keystone/contrib/federation/idp.py:448 -#, python-format -msgid "Cannot open certificate %(cert_file)s. Reason: %(reason)s" -msgstr "" - -#: keystone/contrib/federation/idp.py:515 -msgid "Ensure configuration option idp_entity_id is set." -msgstr "" - -#: keystone/contrib/federation/idp.py:518 -msgid "Ensure configuration option idp_sso_endpoint is set." -msgstr "" - -#: keystone/contrib/federation/idp.py:538 -msgid "" -"idp_contact_type must be one of: [technical, other, support, " -"administrative or billing." -msgstr "" - -#: keystone/contrib/federation/utils.py:122 -msgid "Federation token is expired" -msgstr "" - -#: keystone/contrib/federation/utils.py:225 -msgid "Could not map user" -msgstr "" - -#: keystone/contrib/federation/utils.py:254 -#, python-format -msgid "Ignoring user name %s" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:96 -msgid "Cannot change consumer secret" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:128 -msgid "Cannot list request tokens with a token issued via delegation." -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:188 -#: keystone/contrib/oauth1/backends/sql.py:267 -msgid "User IDs do not match" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:195 -msgid "Could not find role" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:238 -msgid "Invalid signature" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:287 -#: keystone/contrib/oauth1/controllers.py:363 -msgid "Request token is expired" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:301 -msgid "There should not be any non-oauth parameters" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:305 -msgid "provided consumer key does not match stored consumer key" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:309 -msgid "provided verifier does not match stored verifier" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:313 -msgid "provided request key does not match stored request key" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:317 -msgid "Request Token does not have an authorizing user id" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:352 -msgid "Cannot authorize a request token with a token issued via delegation." -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:382 -msgid "authorizing user does not have role required" -msgstr "" - -#: keystone/contrib/oauth1/controllers.py:395 -msgid "User is not a member of the requested project" -msgstr "" - -#: keystone/contrib/oauth1/backends/sql.py:88 -msgid "Consumer not found" -msgstr "" - -#: keystone/contrib/oauth1/backends/sql.py:183 -msgid "Request token not found" -msgstr "" - -#: keystone/contrib/oauth1/backends/sql.py:247 -msgid "Access token not found" -msgstr "" - -#: keystone/contrib/revoke/controllers.py:33 -#, python-format -msgid "invalid date format %s" -msgstr "" - -#: keystone/contrib/revoke/core.py:152 -msgid "" -"The revoke call must not have both domain_id and project_id. This is a " -"bug in the Keystone server. The current request is aborted." -msgstr "" - -#: keystone/contrib/revoke/core.py:221 keystone/token/provider.py:234 -#: keystone/token/provider.py:256 keystone/token/provider.py:354 -#: keystone/token/provider.py:361 keystone/token/providers/common.py:576 -msgid "Failed to validate token" -msgstr "" - -#: keystone/identity/controllers.py:70 -msgid "Enabled field must be a boolean" -msgstr "" - -#: keystone/identity/controllers.py:96 -msgid "Enabled field should be a boolean" -msgstr "" - -#: keystone/identity/controllers.py:137 -#, python-format -msgid "Unable to remove user %(user)s from %(tenant)s." -msgstr "" - -#: keystone/identity/controllers.py:156 -#, python-format -msgid "Unable to add user %(user)s to %(tenant)s." -msgstr "" - -#: keystone/identity/core.py:118 -#, python-format -msgid "Invalid domain name (%s) found in config file name" -msgstr "" - -#: keystone/identity/core.py:144 -#, python-format -msgid "Unable to locate domain config directory: %s" -msgstr "" - -#: keystone/identity/core.py:220 keystone/identity/backends/kvs.py:75 -#: keystone/identity/backends/kvs.py:77 keystone/identity/backends/ldap.py:59 -#: keystone/identity/backends/ldap.py:61 keystone/identity/backends/ldap.py:67 -#: keystone/identity/backends/ldap.py:69 keystone/identity/backends/sql.py:112 -#: keystone/identity/backends/sql.py:114 -msgid "Invalid user / password" -msgstr "" - -#: keystone/identity/core.py:594 keystone/token/core.py:64 -#, python-format -msgid "User is disabled: %s" -msgstr "" - -#: keystone/identity/core.py:636 -msgid "Cannot change user ID" -msgstr "" - -#: keystone/identity/backends/kvs.py:179 keystone/identity/backends/kvs.py:188 -msgid "User not found in group" -msgstr "" - -#: keystone/identity/backends/ldap.py:99 -msgid "Cannot change user name" -msgstr "" - -#: keystone/identity/backends/ldap.py:183 keystone/identity/backends/sql.py:196 -#: keystone/identity/backends/sql.py:214 -#, python-format -msgid "User '%(user_id)s' not found in group '%(group_id)s'" -msgstr "" - -#: keystone/identity/backends/ldap.py:330 -#, python-format -msgid "User %(user_id)s is already a member of group %(group_id)s" -msgstr "" - -#: keystone/middleware/core.py:275 -msgid "Auth context already exists in the request environment" -msgstr "" - -#: keystone/models/token_model.py:61 -msgid "Found invalid token: scoped to both project and domain." -msgstr "" - -#: keystone/openstack/common/gettextutils.py:301 -msgid "Message objects do not support addition." -msgstr "" - -#: keystone/openstack/common/gettextutils.py:311 -msgid "" -"Message objects do not support str() because they may contain non-ascii " -"characters. Please use unicode() or translate() instead." -msgstr "" - -#: keystone/openstack/common/log.py:290 -#, python-format -msgid "Deprecated: %s" -msgstr "" - -#: keystone/openstack/common/log.py:398 -#, python-format -msgid "Error loading logging config %(log_config)s: %(err_msg)s" -msgstr "" - -#: keystone/openstack/common/log.py:459 -#, python-format -msgid "syslog facility must be one of: %s" -msgstr "" - -#: keystone/openstack/common/log.py:710 -#, python-format -msgid "Fatal call to deprecated config: %(msg)s" -msgstr "" - -#: keystone/openstack/common/policy.py:96 -msgid "The JSON file that defines policies." -msgstr "" - -#: keystone/openstack/common/policy.py:99 -msgid "Default rule. Enforced when a requested rule is not found." -msgstr "" - -#: keystone/openstack/common/policy.py:114 -#, python-format -msgid "Policy doesn't allow %s to be performed." -msgstr "" - -#: keystone/openstack/common/policy.py:208 -#, python-format -msgid "Rules must be an instance of dict or Rules, got %s instead" -msgstr "" - -#: keystone/openstack/common/processutils.py:59 -msgid "Unexpected error while running command." -msgstr "" - -#: keystone/openstack/common/processutils.py:62 -#, python-format -msgid "" -"%(description)s\n" -"Command: %(cmd)s\n" -"Exit code: %(exit_code)s\n" -"Stdout: %(stdout)r\n" -"Stderr: %(stderr)r" -msgstr "" - -#: keystone/openstack/common/processutils.py:143 -#, python-format -msgid "Got unknown keyword args: %r" -msgstr "" - -#: keystone/openstack/common/processutils.py:148 -msgid "Command requested root, but did not specify a root helper." -msgstr "" - -#: keystone/openstack/common/processutils.py:158 -#, python-format -msgid "Running cmd (subprocess): %s" -msgstr "" - -#: keystone/openstack/common/processutils.py:206 -#, python-format -msgid "%r failed. Retrying." -msgstr "" - -#: keystone/openstack/common/processutils.py:248 -msgid "Environment not supported over SSH" -msgstr "" - -#: keystone/openstack/common/processutils.py:252 -msgid "process_input not supported over SSH" -msgstr "" - -#: keystone/openstack/common/strutils.py:114 -#, python-format -msgid "Unrecognized value '%(val)s', acceptable values are: %(acceptable)s" -msgstr "" - -#: keystone/openstack/common/strutils.py:219 -#, python-format -msgid "Invalid unit system: \"%s\"" -msgstr "" - -#: keystone/openstack/common/strutils.py:228 -#, python-format -msgid "Invalid string format: %s" -msgstr "" - -#: keystone/openstack/common/versionutils.py:90 -#, python-format -msgid "" -"%(what)s is deprecated as of %(as_of)s in favor of %(in_favor_of)s and " -"may be removed in %(remove_in)s." -msgstr "" - -#: keystone/openstack/common/versionutils.py:94 -#, python-format -msgid "" -"%(what)s is deprecated as of %(as_of)s and may be removed in " -"%(remove_in)s. It will not be superseded." -msgstr "" - -#: keystone/openstack/common/versionutils.py:98 -#, python-format -msgid "%(what)s is deprecated as of %(as_of)s in favor of %(in_favor_of)s." -msgstr "" - -#: keystone/openstack/common/versionutils.py:101 -#, python-format -msgid "%(what)s is deprecated as of %(as_of)s. It will not be superseded." -msgstr "" - -#: keystone/tests/core.py:146 -#, python-format -msgid "Failed to checkout %s" -msgstr "" - -#: keystone/token/controllers.py:391 -#, python-format -msgid "User %(u_id)s is unauthorized for tenant %(t_id)s" -msgstr "" - -#: keystone/token/controllers.py:410 keystone/token/controllers.py:413 -msgid "Token does not belong to specified tenant." -msgstr "" - -#: keystone/token/core.py:79 -#, python-format -msgid "Tenant is disabled: %s" -msgstr "" - -#: keystone/token/provider.py:134 -msgid "" -"[signing] token_format is deprecated. Please change to setting the " -"[token] provider configuration value instead" -msgstr "" - -#: keystone/token/provider.py:142 -msgid "" -"Unrecognized keystone.conf [signing] token_format: expected either 'UUID'" -" or 'PKI'" -msgstr "" - -#: keystone/token/provider.py:352 -#, python-format -msgid "Unexpected error or malformed token determining token expiry: %s" -msgstr "" - -#: keystone/token/persistence/backends/kvs.py:57 -msgid "" -"It is recommended to only use the base key-value-store implementation for" -" the token driver for testing purposes. Please use " -"keystone.token.backends.memcache.Token or " -"keystone.token.backends.sql.Token instead." -msgstr "" - -#: keystone/token/persistence/backends/kvs.py:132 -#, python-format -msgid "Unknown token version %s" -msgstr "" - -#: keystone/token/persistence/backends/kvs.py:205 -#, python-format -msgid "Token `%s` is expired, not adding to the revocation list." -msgstr "" - -#: keystone/token/persistence/backends/kvs.py:225 -#, python-format -msgid "" -"Reinitializing revocation list due to error in loading revocation list " -"from backend. Expected `list` type got `%(type)s`. Old revocation list " -"data: %(list)r" -msgstr "" - -#: keystone/token/persistence/backends/kvs.py:239 -#, python-format -msgid "" -"Removing `%s` from revocation list due to invalid expires data in " -"revocation list." -msgstr "" - -#: keystone/token/providers/common.py:195 -#: keystone/token/providers/common.py:300 -#, python-format -msgid "User %(user_id)s has no access to project %(project_id)s" -msgstr "" - -#: keystone/token/providers/common.py:200 -#: keystone/token/providers/common.py:305 -#, python-format -msgid "User %(user_id)s has no access to domain %(domain_id)s" -msgstr "" - -#: keystone/token/providers/common.py:227 -msgid "Trustor is disabled." -msgstr "" - -#: keystone/token/providers/common.py:291 -msgid "Trustee has no delegated roles." -msgstr "" - -#: keystone/token/providers/common.py:344 -#, python-format -msgid "Invalid audit info data type: %(data)s (%(type)s)" -msgstr "" - -#: keystone/token/providers/common.py:365 -msgid "User is not a trustee." -msgstr "" - -#: keystone/token/providers/common.py:442 -msgid "Oauth is disabled." -msgstr "" - -#: keystone/token/providers/common.py:499 -msgid "Non-default domain is not supported" -msgstr "" - -#: keystone/token/providers/common.py:507 -msgid "Domain scoped token is not supported" -msgstr "" - -#: keystone/token/providers/pki.py:45 -msgid "Unable to sign token" -msgstr "" - -#: keystone/token/providers/pki.py:46 keystone/token/providers/pkiz.py:29 -msgid "Unable to sign token." -msgstr "" - -#: keystone/trust/controllers.py:135 -msgid "Cannot create a trust with a token issued via delegation." -msgstr "" - -#: keystone/trust/controllers.py:162 -msgid "The authenticated user should match the trustor." -msgstr "" - -#: keystone/trust/controllers.py:167 -msgid "At least one role should be specified." -msgstr "" - -#: keystone/trust/core.py:58 -msgid "remaining_uses must be a positive integer or null." -msgstr "" - diff --git a/keystone/locale/es/LC_MESSAGES/keystone-log-error.po b/keystone/locale/es/LC_MESSAGES/keystone-log-error.po index 9fe51c60d..3c0a136d0 100644 --- a/keystone/locale/es/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/es/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-06-20 20:11+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: Spanish (http://www.transifex.com/projects/p/keystone/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/es/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/es/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index 94949ea27..000000000 --- a/keystone/locale/es/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,97 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: Spanish (http://www.transifex.com/projects/p/keystone/" -"language/es/)\n" -"Language: es\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "El pid %d no está en la lista de hijos" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/locale/fr/LC_MESSAGES/keystone-log-error.po b/keystone/locale/fr/LC_MESSAGES/keystone-log-error.po index 3359e3844..e095c4037 100644 --- a/keystone/locale/fr/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/fr/LC_MESSAGES/keystone-log-error.po @@ -8,9 +8,9 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-09-17 17:40+0000\n" -"Last-Translator: Bruno Cornec <bruno.cornec@hp.com>\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" +"PO-Revision-Date: 2014-09-29 19:12+0000\n" +"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: French (http://www.transifex.com/projects/p/keystone/language/" "fr/)\n" "Language: fr\n" @@ -47,11 +47,16 @@ msgstr "" "Noeud final incorrect '%s - Format incomplet (un type de notification manque-" "t-il ?)" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "La commande %(to_exec)s a retourné %(retcode)s- %(output)s" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -66,7 +71,7 @@ msgstr "" "Référence circulaire ou entrée dupliquée trouvée dans l'arbre de la région - " "%(region_id)s." -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "Erreur lors de la signature d'une assertion : %(reason)s" diff --git a/keystone/locale/fr/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/fr/LC_MESSAGES/keystone-log-warning.po index df7954fbe..2a2de5b84 100644 --- a/keystone/locale/fr/LC_MESSAGES/keystone-log-warning.po +++ b/keystone/locale/fr/LC_MESSAGES/keystone-log-warning.po @@ -3,13 +3,14 @@ # This file is distributed under the same license as the keystone project. # # Translators: +# Bruno Cornec <bruno.cornec@hp.com>, 2014 msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" +"POT-Creation-Date: 2014-09-27 06:17+0000\n" +"PO-Revision-Date: 2014-09-24 10:06+0000\n" +"Last-Translator: Bruno Cornec <bruno.cornec@hp.com>\n" "Language-Team: French (http://www.transifex.com/projects/p/keystone/language/" "fr/)\n" "Language: fr\n" @@ -22,41 +23,48 @@ msgstr "" #: keystone/common/wsgi.py:226 #, python-format msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" +msgstr "Echec d'autorisation. %(exception)s depuis %(remote_addr)s" #: keystone/common/wsgi.py:346 msgid "Invalid token in _get_trust_id_for_request" -msgstr "" +msgstr "Jeton invalide dans _get_trust_id_for_request" #: keystone/common/kvs/core.py:134 #, python-format msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" +msgstr "%s n'est pas un dogpile.proxy.ProxyBackend" #: keystone/common/kvs/core.py:401 #, python-format msgid "KVS lock released (timeout reached) for: %s" -msgstr "" +msgstr "Verrou KVS relaché (temps limite atteint) pour : %s" -#: keystone/common/ldap/core.py:1002 +#: keystone/common/ldap/core.py:1003 msgid "" "LDAP Server does not support paging. Disable paging in keystone.conf to " "avoid this message." msgstr "" +"Le serveur LDAP ne prend pas en charge la pagination. Désactivez la " +"pagination dans keystone.conf pour éviter de recevoir ce message." -#: keystone/common/ldap/core.py:1201 +#: keystone/common/ldap/core.py:1202 #, python-format msgid "" "Invalid additional attribute mapping: \"%s\". Format must be " "<ldap_attribute>:<keystone_attribute>" msgstr "" +"Mauvais mappage d'attribut additionnel: \"%s\". Le format doit être " +"<ldap_attribute>:<keystone_attribute>" -#: keystone/common/ldap/core.py:1312 +#: keystone/common/ldap/core.py:1313 #, python-format msgid "" "ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " "therefore cannot be used as an ID. Will get the ID from DN instead" msgstr "" +"L'attribut ID %(id_attr)s pour l'objet LDAP %(dn)s a de multiples valeurs et " +"par conséquent ne peut être utilisé comme un ID. Obtention de l'ID depuis le " +"DN à la place." #: keystone/contrib/endpoint_policy/core.py:91 #, python-format @@ -64,6 +72,8 @@ msgid "" "Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " "not found." msgstr "" +"Le point d'entrée %(endpoint_id)s référencé en association avec la politique " +"%(policy_id)s est introuvable." #: keystone/contrib/endpoint_policy/core.py:179 #, python-format @@ -83,13 +93,15 @@ msgstr "" #, python-format msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" msgstr "" +"L'exécution de la tâche %(func_name)s a dépassé intervalle de %(delay).2f " +"secondes " #: keystone/openstack/common/service.py:364 #, python-format msgid "pid %d not in child list" msgstr "PID %d absent de la liste d'enfants" -#: keystone/token/persistence/core.py:232 +#: keystone/token/persistence/core.py:240 #, python-format msgid "" "`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " diff --git a/keystone/locale/it/LC_MESSAGES/keystone-log-error.po b/keystone/locale/it/LC_MESSAGES/keystone-log-error.po index d2f8f6634..32e8089ba 100644 --- a/keystone/locale/it/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/it/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-07-06 03:50+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: Italian (http://www.transifex.com/projects/p/keystone/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/it/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/it/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index f170a8d9f..000000000 --- a/keystone/locale/it/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,97 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: Italian (http://www.transifex.com/projects/p/keystone/" -"language/it/)\n" -"Language: it\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "pid %d non incluso nell'elenco child" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/locale/ja/LC_MESSAGES/keystone-log-error.po b/keystone/locale/ja/LC_MESSAGES/keystone-log-error.po index e93c0de5d..4f8d69a28 100644 --- a/keystone/locale/ja/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/ja/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-06-20 20:11+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: Japanese (http://www.transifex.com/projects/p/keystone/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/ja/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/ja/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index fe4f788ab..000000000 --- a/keystone/locale/ja/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,97 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: Japanese (http://www.transifex.com/projects/p/keystone/" -"language/ja/)\n" -"Language: ja\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "pid %d は子リストにありません" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/locale/keystone-log-error.pot b/keystone/locale/keystone-log-error.pot index d2fd97817..a3676912f 100644 --- a/keystone/locale/keystone-log-error.pot +++ b/keystone/locale/keystone-log-error.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: keystone 2014.2.dev28.g7e410ae\n" +"Project-Id-Version: keystone 2015.1.dev30.g5a615fc\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -22,30 +22,35 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type " "notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "%(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/keystone.pot b/keystone/locale/keystone.pot index f233d199f..77b11805d 100644 --- a/keystone/locale/keystone.pot +++ b/keystone/locale/keystone.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: keystone 2014.2.dev154.g1af2428\n" +"Project-Id-Version: keystone 2015.1.dev30.g5a615fc\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-24 06:01+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -37,23 +37,23 @@ msgstr "" msgid "%(property_name)s is not a %(display_expected_type)s" msgstr "" -#: keystone/cli.py:141 +#: keystone/cli.py:144 msgid "keystone-manage pki_setup is not recommended for production use." msgstr "" -#: keystone/cli.py:160 +#: keystone/cli.py:164 msgid "keystone-manage ssl_setup is not recommended for production use." msgstr "" -#: keystone/cli.py:218 +#: keystone/cli.py:223 msgid "At least one option must be provided" msgstr "" -#: keystone/cli.py:225 +#: keystone/cli.py:230 msgid "--all option cannot be mixed with other options" msgstr "" -#: keystone/cli.py:234 +#: keystone/cli.py:239 #, python-format msgid "Unknown domain '%(name)s' specified by --domain-name" msgstr "" @@ -419,8 +419,8 @@ msgid "" "%(role)s" msgstr "" -#: keystone/assignment/core.py:103 keystone/token/core.py:72 -#: keystone/token/core.py:88 +#: keystone/assignment/core.py:103 keystone/token/core.py:66 +#: keystone/token/core.py:82 #, python-format msgid "Domain is disabled: %s" msgstr "" @@ -442,48 +442,38 @@ msgstr "" msgid "cannot delete a domain that is enabled, please disable it first." msgstr "" -#: keystone/assignment/core.py:617 +#: keystone/assignment/core.py:616 #, python-format msgid "Project (%s)" msgstr "" -#: keystone/assignment/core.py:619 +#: keystone/assignment/core.py:618 #, python-format msgid "Domain (%s)" msgstr "" -#: keystone/assignment/core.py:621 +#: keystone/assignment/core.py:620 msgid "Unknown Target" msgstr "" -#: keystone/assignment/core.py:1107 keystone/common/controller.py:286 +#: keystone/assignment/core.py:1106 keystone/common/controller.py:286 #: keystone/identity/core.py:330 #, python-format msgid "Expected dict or list: %s" msgstr "" -#: keystone/assignment/backends/kvs.py:257 -#: keystone/assignment/backends/ldap.py:551 -#: keystone/assignment/backends/sql.py:405 -#, python-format -msgid "Cannot remove role that has not been granted, %s" -msgstr "" - #: keystone/assignment/backends/ldap.py:119 msgid "Domain metadata not supported by LDAP" msgstr "" #: keystone/assignment/backends/ldap.py:215 #: keystone/assignment/backends/ldap.py:259 keystone/catalog/core.py:100 -#: keystone/common/ldap/core.py:1378 keystone/identity/backends/kvs.py:120 -#: keystone/identity/backends/kvs.py:225 +#: keystone/common/ldap/core.py:1378 #, python-format msgid "Duplicate ID, %s." msgstr "" #: keystone/assignment/backends/ldap.py:223 keystone/common/ldap/core.py:1368 -#: keystone/identity/backends/kvs.py:128 keystone/identity/backends/kvs.py:155 -#: keystone/identity/backends/kvs.py:232 keystone/identity/backends/kvs.py:260 #, python-format msgid "Duplicate name, %s." msgstr "" @@ -509,7 +499,13 @@ msgstr "" msgid "Role %s not found" msgstr "" -#: keystone/assignment/backends/ldap.py:645 +#: keystone/assignment/backends/ldap.py:551 +#: keystone/assignment/backends/sql.py:405 +#, python-format +msgid "Cannot remove role that has not been granted, %s" +msgstr "" + +#: keystone/assignment/backends/ldap.py:647 #, python-format msgid "Cannot duplicate name %s" msgstr "" @@ -694,11 +690,11 @@ msgstr "" msgid "A domain-scoped token must be used" msgstr "" -#: keystone/common/dependency.py:83 +#: keystone/common/dependency.py:87 msgid "event_callbacks must be a dict" msgstr "" -#: keystone/common/dependency.py:88 +#: keystone/common/dependency.py:92 #, python-format msgid "event_callbacks[%s] must be a dict" msgstr "" @@ -1010,24 +1006,24 @@ msgid "" "%(resource_type)s, operation %(operation)s payload %(payload)s" msgstr "" -#: keystone/contrib/federation/controllers.py:280 +#: keystone/contrib/federation/controllers.py:279 msgid "Use a project scoped token when attempting tocreate a SAML assertion" msgstr "" -#: keystone/contrib/federation/idp.py:448 +#: keystone/contrib/federation/idp.py:449 #, python-format msgid "Cannot open certificate %(cert_file)s. Reason: %(reason)s" msgstr "" -#: keystone/contrib/federation/idp.py:515 +#: keystone/contrib/federation/idp.py:516 msgid "Ensure configuration option idp_entity_id is set." msgstr "" -#: keystone/contrib/federation/idp.py:518 +#: keystone/contrib/federation/idp.py:519 msgid "Ensure configuration option idp_sso_endpoint is set." msgstr "" -#: keystone/contrib/federation/idp.py:538 +#: keystone/contrib/federation/idp.py:539 msgid "" "idp_contact_type must be one of: [technical, other, support, " "administrative or billing." @@ -1161,15 +1157,14 @@ msgstr "" msgid "Unable to locate domain config directory: %s" msgstr "" -#: keystone/identity/core.py:220 keystone/identity/backends/kvs.py:75 -#: keystone/identity/backends/kvs.py:77 keystone/identity/backends/ldap.py:59 +#: keystone/identity/core.py:220 keystone/identity/backends/ldap.py:59 #: keystone/identity/backends/ldap.py:61 keystone/identity/backends/ldap.py:67 #: keystone/identity/backends/ldap.py:69 keystone/identity/backends/sql.py:112 #: keystone/identity/backends/sql.py:114 msgid "Invalid user / password" msgstr "" -#: keystone/identity/core.py:594 keystone/token/core.py:64 +#: keystone/identity/core.py:594 keystone/token/core.py:58 #, python-format msgid "User is disabled: %s" msgstr "" @@ -1178,10 +1173,6 @@ msgstr "" msgid "Cannot change user ID" msgstr "" -#: keystone/identity/backends/kvs.py:179 keystone/identity/backends/kvs.py:188 -msgid "User not found in group" -msgstr "" - #: keystone/identity/backends/ldap.py:99 msgid "Cannot change user name" msgstr "" @@ -1192,7 +1183,7 @@ msgstr "" msgid "User '%(user_id)s' not found in group '%(group_id)s'" msgstr "" -#: keystone/identity/backends/ldap.py:330 +#: keystone/identity/backends/ldap.py:337 #, python-format msgid "User %(user_id)s is already a member of group %(group_id)s" msgstr "" @@ -1338,16 +1329,16 @@ msgstr "" msgid "Failed to checkout %s" msgstr "" -#: keystone/token/controllers.py:391 +#: keystone/token/controllers.py:389 #, python-format msgid "User %(u_id)s is unauthorized for tenant %(t_id)s" msgstr "" -#: keystone/token/controllers.py:410 keystone/token/controllers.py:413 +#: keystone/token/controllers.py:408 keystone/token/controllers.py:411 msgid "Token does not belong to specified tenant." msgstr "" -#: keystone/token/core.py:79 +#: keystone/token/core.py:73 #, python-format msgid "Tenant is disabled: %s" msgstr "" diff --git a/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-error.po b/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-error.po index 43aa1f743..c134e30b5 100644 --- a/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-06-20 20:11+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: Korean (Korea) (http://www.transifex.com/projects/p/keystone/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index 265e5b777..000000000 --- a/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,97 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: Korean (Korea) (http://www.transifex.com/projects/p/keystone/" -"language/ko_KR/)\n" -"Language: ko_KR\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "pid %d이(가) 하위 목록에 없음" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-error.po b/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-error.po index fd019a0c8..f603a9df0 100644 --- a/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-06-20 20:11+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index ea53a1659..000000000 --- a/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,97 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/" -"keystone/language/pt_BR/)\n" -"Language: pt_BR\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=2; plural=(n > 1);\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "pid %d fora da lista de filhos" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/locale/pt_BR/LC_MESSAGES/keystone.po b/keystone/locale/pt_BR/LC_MESSAGES/keystone.po index 83175509f..ebbb5bf12 100644 --- a/keystone/locale/pt_BR/LC_MESSAGES/keystone.po +++ b/keystone/locale/pt_BR/LC_MESSAGES/keystone.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-24 06:01+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-04-19 01:30+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: Portuguese (Brazil) " @@ -40,23 +40,23 @@ msgstr "%(property_name)s não deve ter mais de %(max_length)s caracteres." msgid "%(property_name)s is not a %(display_expected_type)s" msgstr "%(property_name)s não é um %(display_expected_type)s" -#: keystone/cli.py:141 +#: keystone/cli.py:144 msgid "keystone-manage pki_setup is not recommended for production use." msgstr "" -#: keystone/cli.py:160 +#: keystone/cli.py:164 msgid "keystone-manage ssl_setup is not recommended for production use." msgstr "" -#: keystone/cli.py:218 +#: keystone/cli.py:223 msgid "At least one option must be provided" msgstr "" -#: keystone/cli.py:225 +#: keystone/cli.py:230 msgid "--all option cannot be mixed with other options" msgstr "" -#: keystone/cli.py:234 +#: keystone/cli.py:239 #, python-format msgid "Unknown domain '%(name)s' specified by --domain-name" msgstr "" @@ -434,8 +434,8 @@ msgstr "" "Grupo %(group)s não encontrado para a atribuição de role - %(target)s com" " Role: %(role)s" -#: keystone/assignment/core.py:103 keystone/token/core.py:72 -#: keystone/token/core.py:88 +#: keystone/assignment/core.py:103 keystone/token/core.py:66 +#: keystone/token/core.py:82 #, python-format msgid "Domain is disabled: %s" msgstr "O domínio está desativado: %s" @@ -457,48 +457,38 @@ msgstr "" msgid "cannot delete a domain that is enabled, please disable it first." msgstr "" -#: keystone/assignment/core.py:617 +#: keystone/assignment/core.py:616 #, python-format msgid "Project (%s)" msgstr "Projeto (%s)" -#: keystone/assignment/core.py:619 +#: keystone/assignment/core.py:618 #, python-format msgid "Domain (%s)" msgstr "Domínio (%s)" -#: keystone/assignment/core.py:621 +#: keystone/assignment/core.py:620 msgid "Unknown Target" msgstr "Alvo Desconhecido" -#: keystone/assignment/core.py:1107 keystone/common/controller.py:286 +#: keystone/assignment/core.py:1106 keystone/common/controller.py:286 #: keystone/identity/core.py:330 #, python-format msgid "Expected dict or list: %s" msgstr "Esperado dict ou list: %s" -#: keystone/assignment/backends/kvs.py:257 -#: keystone/assignment/backends/ldap.py:551 -#: keystone/assignment/backends/sql.py:405 -#, python-format -msgid "Cannot remove role that has not been granted, %s" -msgstr "Não é possível remover role que não foi concedido, %s" - #: keystone/assignment/backends/ldap.py:119 msgid "Domain metadata not supported by LDAP" msgstr "" #: keystone/assignment/backends/ldap.py:215 #: keystone/assignment/backends/ldap.py:259 keystone/catalog/core.py:100 -#: keystone/common/ldap/core.py:1378 keystone/identity/backends/kvs.py:120 -#: keystone/identity/backends/kvs.py:225 +#: keystone/common/ldap/core.py:1378 #, python-format msgid "Duplicate ID, %s." msgstr "ID duplicado, %s." #: keystone/assignment/backends/ldap.py:223 keystone/common/ldap/core.py:1368 -#: keystone/identity/backends/kvs.py:128 keystone/identity/backends/kvs.py:155 -#: keystone/identity/backends/kvs.py:232 keystone/identity/backends/kvs.py:260 #, python-format msgid "Duplicate name, %s." msgstr "Nome duplicado, %s." @@ -524,7 +514,13 @@ msgstr "" msgid "Role %s not found" msgstr "Role %s não localizada" -#: keystone/assignment/backends/ldap.py:645 +#: keystone/assignment/backends/ldap.py:551 +#: keystone/assignment/backends/sql.py:405 +#, python-format +msgid "Cannot remove role that has not been granted, %s" +msgstr "Não é possível remover role que não foi concedido, %s" + +#: keystone/assignment/backends/ldap.py:647 #, python-format msgid "Cannot duplicate name %s" msgstr "" @@ -709,11 +705,11 @@ msgstr "" msgid "A domain-scoped token must be used" msgstr "" -#: keystone/common/dependency.py:83 +#: keystone/common/dependency.py:87 msgid "event_callbacks must be a dict" msgstr "" -#: keystone/common/dependency.py:88 +#: keystone/common/dependency.py:92 #, python-format msgid "event_callbacks[%s] must be a dict" msgstr "" @@ -1032,24 +1028,24 @@ msgid "" "%(resource_type)s, operation %(operation)s payload %(payload)s" msgstr "" -#: keystone/contrib/federation/controllers.py:280 +#: keystone/contrib/federation/controllers.py:279 msgid "Use a project scoped token when attempting tocreate a SAML assertion" msgstr "" -#: keystone/contrib/federation/idp.py:448 +#: keystone/contrib/federation/idp.py:449 #, python-format msgid "Cannot open certificate %(cert_file)s. Reason: %(reason)s" msgstr "" -#: keystone/contrib/federation/idp.py:515 +#: keystone/contrib/federation/idp.py:516 msgid "Ensure configuration option idp_entity_id is set." msgstr "" -#: keystone/contrib/federation/idp.py:518 +#: keystone/contrib/federation/idp.py:519 msgid "Ensure configuration option idp_sso_endpoint is set." msgstr "" -#: keystone/contrib/federation/idp.py:538 +#: keystone/contrib/federation/idp.py:539 msgid "" "idp_contact_type must be one of: [technical, other, support, " "administrative or billing." @@ -1189,15 +1185,14 @@ msgstr "" msgid "Unable to locate domain config directory: %s" msgstr "Não é possível localizar diretório de configuração de domínio: %s" -#: keystone/identity/core.py:220 keystone/identity/backends/kvs.py:75 -#: keystone/identity/backends/kvs.py:77 keystone/identity/backends/ldap.py:59 +#: keystone/identity/core.py:220 keystone/identity/backends/ldap.py:59 #: keystone/identity/backends/ldap.py:61 keystone/identity/backends/ldap.py:67 #: keystone/identity/backends/ldap.py:69 keystone/identity/backends/sql.py:112 #: keystone/identity/backends/sql.py:114 msgid "Invalid user / password" msgstr "" -#: keystone/identity/core.py:594 keystone/token/core.py:64 +#: keystone/identity/core.py:594 keystone/token/core.py:58 #, python-format msgid "User is disabled: %s" msgstr "O usuário está desativado: %s" @@ -1206,10 +1201,6 @@ msgstr "O usuário está desativado: %s" msgid "Cannot change user ID" msgstr "" -#: keystone/identity/backends/kvs.py:179 keystone/identity/backends/kvs.py:188 -msgid "User not found in group" -msgstr "Usuário não localizado no grupo" - #: keystone/identity/backends/ldap.py:99 msgid "Cannot change user name" msgstr "" @@ -1220,7 +1211,7 @@ msgstr "" msgid "User '%(user_id)s' not found in group '%(group_id)s'" msgstr "" -#: keystone/identity/backends/ldap.py:330 +#: keystone/identity/backends/ldap.py:337 #, python-format msgid "User %(user_id)s is already a member of group %(group_id)s" msgstr "Usuário %(user_id)s já é membro do grupo %(group_id)s" @@ -1370,16 +1361,16 @@ msgstr "" msgid "Failed to checkout %s" msgstr "Falha ao fazer check out %s" -#: keystone/token/controllers.py:391 +#: keystone/token/controllers.py:389 #, python-format msgid "User %(u_id)s is unauthorized for tenant %(t_id)s" msgstr "Usuário %(u_id)s não está autorizado para o tenant %(t_id)s" -#: keystone/token/controllers.py:410 keystone/token/controllers.py:413 +#: keystone/token/controllers.py:408 keystone/token/controllers.py:411 msgid "Token does not belong to specified tenant." msgstr "O token não pertence ao tenant especificado." -#: keystone/token/core.py:79 +#: keystone/token/core.py:73 #, python-format msgid "Tenant is disabled: %s" msgstr "" diff --git a/keystone/locale/vi_VN/LC_MESSAGES/keystone-log-error.po b/keystone/locale/vi_VN/LC_MESSAGES/keystone-log-error.po index b5d5e23d3..69156d98e 100644 --- a/keystone/locale/vi_VN/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/vi_VN/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-07-16 14:42+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: Vietnamese (Viet Nam) (http://www.transifex.com/projects/p/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-error.po b/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-error.po index c88e7a59f..bd5e88a30 100644 --- a/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-06-20 20:11+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/keystone/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index b24083b7b..000000000 --- a/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,97 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: Chinese (China) (http://www.transifex.com/projects/p/keystone/" -"language/zh_CN/)\n" -"Language: zh_CN\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "pid %d 没有在子代列表中" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-error.po b/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-error.po index d9b8a058a..0e694cb11 100644 --- a/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-error.po +++ b/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-error.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: Keystone\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-07 06:06+0000\n" +"POT-Creation-Date: 2014-10-07 06:05+0000\n" "PO-Revision-Date: 2014-06-20 20:11+0000\n" "Last-Translator: openstackjenkins <jenkins@openstack.org>\n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/" @@ -24,29 +24,34 @@ msgstr "" msgid "Method not callable: %s" msgstr "" -#: keystone/catalog/core.py:56 +#: keystone/catalog/core.py:60 #, python-format msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "" -#: keystone/catalog/core.py:61 +#: keystone/catalog/core.py:65 #, python-format msgid "" "Malformed endpoint '%(url)s'. The following type error occurred during " "string substitution: %(typeerror)s" msgstr "" -#: keystone/catalog/core.py:67 +#: keystone/catalog/core.py:71 #, python-format msgid "" "Malformed endpoint %s - incomplete format (are you missing a type notifier ?)" msgstr "" -#: keystone/common/openssl.py:90 +#: keystone/common/openssl.py:92 #, python-format msgid "Command %(to_exec)s exited with %(retcode)s- %(output)s" msgstr "" +#: keystone/common/openssl.py:120 +#, python-format +msgid "Failed to remove file %(file_path)r: %(error)s" +msgstr "" + #: keystone/common/environment/eventlet_server.py:100 #, python-format msgid "Could not bind to %(host)s:%(port)s" @@ -59,7 +64,7 @@ msgid "" "Circular reference or a repeated entry found in region tree - %(region_id)s." msgstr "" -#: keystone/contrib/federation/idp.py:404 +#: keystone/contrib/federation/idp.py:405 #, python-format msgid "Error when signing assertion, reason: %(reason)s" msgstr "" diff --git a/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-warning.po b/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-warning.po deleted file mode 100644 index 9df818d31..000000000 --- a/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-warning.po +++ /dev/null @@ -1,97 +0,0 @@ -# Translations template for keystone. -# Copyright (C) 2014 OpenStack Foundation -# This file is distributed under the same license as the keystone project. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: Keystone\n" -"Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2014-09-19 06:36+0000\n" -"PO-Revision-Date: 2014-06-20 20:10+0000\n" -"Last-Translator: openstackjenkins <jenkins@openstack.org>\n" -"Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/" -"keystone/language/zh_TW/)\n" -"Language: zh_TW\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 1.3\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: keystone/common/wsgi.py:226 -#, python-format -msgid "Authorization failed. %(exception)s from %(remote_addr)s" -msgstr "" - -#: keystone/common/wsgi.py:346 -msgid "Invalid token in _get_trust_id_for_request" -msgstr "" - -#: keystone/common/kvs/core.py:134 -#, python-format -msgid "%s is not a dogpile.proxy.ProxyBackend" -msgstr "" - -#: keystone/common/kvs/core.py:401 -#, python-format -msgid "KVS lock released (timeout reached) for: %s" -msgstr "" - -#: keystone/common/ldap/core.py:1002 -msgid "" -"LDAP Server does not support paging. Disable paging in keystone.conf to " -"avoid this message." -msgstr "" - -#: keystone/common/ldap/core.py:1201 -#, python-format -msgid "" -"Invalid additional attribute mapping: \"%s\". Format must be " -"<ldap_attribute>:<keystone_attribute>" -msgstr "" - -#: keystone/common/ldap/core.py:1312 -#, python-format -msgid "" -"ID attribute %(id_attr)s for LDAP object %(dn)s has multiple values and " -"therefore cannot be used as an ID. Will get the ID from DN instead" -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:91 -#, python-format -msgid "" -"Endpoint %(endpoint_id)s referenced in association for policy %(policy_id)s " -"not found." -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:179 -#, python-format -msgid "" -"Unsupported policy association found - Policy %(policy_id)s, Endpoint " -"%(endpoint_id)s, Service %(service_id)s, Region %(region_id)s, " -msgstr "" - -#: keystone/contrib/endpoint_policy/core.py:195 -#, python-format -msgid "" -"Policy %(policy_id)s referenced in association for endpoint %(endpoint_id)s " -"not found." -msgstr "" - -#: keystone/openstack/common/loopingcall.py:87 -#, python-format -msgid "task %(func_name)s run outlasted interval by %(delay).2f sec" -msgstr "" - -#: keystone/openstack/common/service.py:364 -#, python-format -msgid "pid %d not in child list" -msgstr "PID %d 不在子項清單中" - -#: keystone/token/persistence/core.py:232 -#, python-format -msgid "" -"`token_api.%s` is deprecated as of Juno in favor of utilizing methods on " -"`token_provider_api` and may be removed in Kilo." -msgstr "" diff --git a/keystone/middleware/core.py b/keystone/middleware/core.py index 3d831b13c..83cd593dd 100644 --- a/keystone/middleware/core.py +++ b/keystone/middleware/core.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo.serialization import jsonutils import six import webob.dec @@ -23,7 +24,6 @@ from keystone.common import wsgi from keystone import exception from keystone.i18n import _ from keystone.models import token_model -from keystone.openstack.common import jsonutils from keystone.openstack.common import log from keystone.openstack.common import versionutils diff --git a/keystone/tests/core.py b/keystone/tests/core.py index a22afdff3..9e69f970c 100644 --- a/keystone/tests/core.py +++ b/keystone/tests/core.py @@ -378,7 +378,7 @@ class TestCase(BaseTestCase): driver='keystone.token.persistence.backends.kvs.Token') self.config_fixture.config( group='trust', - driver='keystone.trust.backends.kvs.Trust') + driver='keystone.trust.backends.sql.Trust') self.config_fixture.config( group='saml', certfile=signing_certfile, keyfile=signing_keyfile) self.config_fixture.config( diff --git a/keystone/tests/fakeldap.py b/keystone/tests/fakeldap.py index b1100dbb1..9ef3e279f 100644 --- a/keystone/tests/fakeldap.py +++ b/keystone/tests/fakeldap.py @@ -327,18 +327,7 @@ class FakeLdap(core.LDAPHandler): def delete_s(self, dn): """Remove the ldap object at specified dn.""" - if server_fail: - raise ldap.SERVER_DOWN - - key = self.key(dn) - LOG.debug('delete item: dn=%s', core.utf8_decode(dn)) - try: - del self.db[key] - except KeyError: - LOG.debug('delete item failed: dn=%s not found.', - core.utf8_decode(dn)) - raise ldap.NO_SUCH_OBJECT - self.db.sync() + return self.delete_ext_s(dn, serverctrls=[]) def _getChildren(self, dn): return [k for k, v in six.iteritems(self.db) @@ -569,9 +558,6 @@ class FakeLdapNoSubtreeDelete(FakeLdap): an entry that has children. """ - def delete_s(self, dn): - self.delete_ext_s(dn, [], None) - def delete_ext_s(self, dn, serverctrls, clientctrls=None): """Remove the ldap object at specified dn.""" if server_fail: diff --git a/keystone/tests/ksfixtures/hacking.py b/keystone/tests/ksfixtures/hacking.py index d70feca7a..62c481358 100644 --- a/keystone/tests/ksfixtures/hacking.py +++ b/keystone/tests/ksfixtures/hacking.py @@ -96,7 +96,7 @@ class HackingCode(fixtures.Fixture): import logging import logging as stlib_logging from keystone.i18n import _ - from keystone.i18n import _ as oslog_i18n + from keystone.i18n import _ as oslo_i18n from keystone.openstack.common import log from keystone.openstack.common import log as oslo_logging @@ -105,7 +105,7 @@ class HackingCode(fixtures.Fixture): L0.debug(_('text')) class C: def __init__(self): - L0.debug(oslog_i18n('text', {})) + L0.debug(oslo_i18n('text', {})) # stdlib logging w/ alias and specifying a logger class C: @@ -118,7 +118,7 @@ class HackingCode(fixtures.Fixture): # oslo logging and specifying a logger L2 = log.getLogger(__name__) - L2.debug(oslog_i18n('text')) + L2.debug(oslo_i18n('text')) # oslo logging w/ alias class C: diff --git a/keystone/tests/rest.py b/keystone/tests/rest.py index f90220cd1..c483fc606 100644 --- a/keystone/tests/rest.py +++ b/keystone/tests/rest.py @@ -15,12 +15,12 @@ import io from lxml import etree +from oslo.serialization import jsonutils import six import webtest from keystone.auth import controllers as auth_controllers from keystone.common import serializer -from keystone.openstack.common import jsonutils from keystone import tests from keystone.tests import default_fixtures from keystone.tests.ksfixtures import database diff --git a/keystone/tests/saml2/signed_saml2_assertion.xml b/keystone/tests/saml2/signed_saml2_assertion.xml index a7fce8ab0..410f93888 100644 --- a/keystone/tests/saml2/signed_saml2_assertion.xml +++ b/keystone/tests/saml2/signed_saml2_assertion.xml @@ -1,4 +1,4 @@ -<ns0:Assertion xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="9a22528bfe194b2880edce5d60414d6a" IssueInstant="2014-08-19T10:53:57Z"> +<ns0:Assertion xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="9a22528bfe194b2880edce5d60414d6a" IssueInstant="2014-08-19T10:53:57Z" Version="2.0"> <ns0:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://acme.com/FIM/sps/openstack/saml20</ns0:Issuer> <ns1:Signature> <ns1:SignedInfo> diff --git a/keystone/tests/test_associate_project_endpoint_extension.py b/keystone/tests/test_associate_project_endpoint_extension.py index f4aee5bb1..e4cf33536 100644 --- a/keystone/tests/test_associate_project_endpoint_extension.py +++ b/keystone/tests/test_associate_project_endpoint_extension.py @@ -1015,6 +1015,20 @@ class EndpointGroupCRUDTestCase(TestExtensionCase): 'endpoint_group_id': endpoint_group_id}) self.get(url, expected_status=404) + def test_removing_an_endpoint_group_project(self): + # create an endpoint group + endpoint_group_id = self._create_valid_endpoint_group( + self.DEFAULT_ENDPOINT_GROUP_URL, self.DEFAULT_ENDPOINT_GROUP_BODY) + + # create an endpoint_group project + url = self._get_project_endpoint_group_url( + endpoint_group_id, self.default_domain_project_id) + self.put(url) + + # remove the endpoint group project + self.delete(url) + self.get(url, expected_status=404) + def _create_valid_endpoint_group(self, url, body): r = self.post(url, body=body) return r.result['endpoint_group']['id'] diff --git a/keystone/tests/test_auth.py b/keystone/tests/test_auth.py index 1b3fa21c8..528dc44bc 100644 --- a/keystone/tests/test_auth.py +++ b/keystone/tests/test_auth.py @@ -152,6 +152,14 @@ class AuthBadRequests(AuthTest): self.controller._authenticate_local, None, {}) + def test_empty_username_and_userid_in_auth(self): + """Verify that empty username and userID raises ValidationError.""" + self.assertRaises( + exception.ValidationError, + self.controller._authenticate_local, + None, {'passwordCredentials': {'password': 'abc', + 'userId': '', 'username': ''}}) + def test_authenticate_blank_request_body(self): """Verify sending empty json dict raises the right exception.""" self.assertRaises(exception.ValidationError, diff --git a/keystone/tests/test_backend_kvs.py b/keystone/tests/test_backend_kvs.py index f05ef5a6a..52b5003d9 100644 --- a/keystone/tests/test_backend_kvs.py +++ b/keystone/tests/test_backend_kvs.py @@ -16,126 +16,21 @@ import uuid from oslo.utils import timeutils import six -from testtools import matchers from keystone import config from keystone import exception from keystone import tests -from keystone.tests import default_fixtures -from keystone.tests.ksfixtures import database from keystone.tests import test_backend CONF = config.CONF -class KvsIdentity(tests.TestCase, test_backend.IdentityTests): - def setUp(self): - # NOTE(dstanek): setup the database for subsystems that only have a - # SQL backend (like credentials) - self.useFixture(database.Database()) - - super(KvsIdentity, self).setUp() - self.load_backends() - self.load_fixtures(default_fixtures) - - def config_overrides(self): - super(KvsIdentity, self).config_overrides() - self.config_fixture.config( - group='identity', - driver='keystone.identity.backends.kvs.Identity') - - def test_password_hashed(self): - driver = self.identity_api._select_identity_driver( - self.user_foo['domain_id']) - user_ref = driver._get_user(self.user_foo['id']) - self.assertNotEqual(user_ref['password'], self.user_foo['password']) - - def test_list_projects_for_user_with_grants(self): - self.skipTest('kvs backend is now deprecated') - - def test_create_duplicate_group_name_in_different_domains(self): - self.skipTest('Blocked by bug 1119770') - - def test_create_duplicate_user_name_in_different_domains(self): - self.skipTest('Blocked by bug 1119770') - - def test_create_duplicate_project_name_in_different_domains(self): - self.skipTest('Blocked by bug 1119770') - - def test_move_user_between_domains(self): - self.skipTest('Blocked by bug 1119770') - - def test_move_user_between_domains_with_clashing_names_fails(self): - self.skipTest('Blocked by bug 1119770') - - def test_move_group_between_domains(self): - self.skipTest('Blocked by bug 1119770') - - def test_move_group_between_domains_with_clashing_names_fails(self): - self.skipTest('Blocked by bug 1119770') - - def test_move_project_between_domains(self): - self.skipTest('Blocked by bug 1119770') - - def test_move_project_between_domains_with_clashing_names_fails(self): - self.skipTest('Blocked by bug 1119770') - - def test_delete_group_removes_role_assignments(self): - # When a group is deleted any role assignments for the group are - # supposed to be removed, but the KVS backend doesn't implement the - # funcationality so the assignments are left around. - - DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id - MEMBER_ROLE_ID = 'member' - - def get_member_assignments(): - assignments = self.assignment_api.list_role_assignments() - return filter(lambda x: x['role_id'] == MEMBER_ROLE_ID, - assignments) - - # Create a group. - new_group = { - 'domain_id': DEFAULT_DOMAIN_ID, - 'name': self.getUniqueString(prefix='tdgrra')} - new_group = self.identity_api.create_group(new_group) - - # Create a project. - new_project = { - 'id': uuid.uuid4().hex, - 'name': self.getUniqueString(prefix='tdgrra'), - 'domain_id': DEFAULT_DOMAIN_ID} - self.assignment_api.create_project(new_project['id'], new_project) - - # Assign a role to the group. - self.assignment_api.create_grant( - group_id=new_group['id'], project_id=new_project['id'], - role_id=MEMBER_ROLE_ID) - - new_role_assignments = get_member_assignments() - - # Delete the group. - self.identity_api.delete_group(new_group['id']) - - # Check that the role assignment for the group is still there since - # kvs doesn't implement cleanup. - member_assignments = get_member_assignments() - - self.assertThat(member_assignments, - matchers.Equals(new_role_assignments)) - - class KvsToken(tests.TestCase, test_backend.TokenTests): def setUp(self): super(KvsToken, self).setUp() self.load_backends() - def config_overrides(self): - super(KvsToken, self).config_overrides() - self.config_fixture.config( - group='identity', - driver='keystone.identity.backends.kvs.Identity') - def test_flush_expired_token(self): self.assertRaises( exception.NotImplemented, @@ -207,25 +102,6 @@ class KvsToken(tests.TestCase, test_backend.TokenTests): self.assertEqual(expected_user_token_list, user_token_list) -class KvsTrust(tests.TestCase, test_backend.TrustTests): - def setUp(self): - super(KvsTrust, self).setUp() - self.load_backends() - self.load_fixtures(default_fixtures) - - def config_overrides(self): - super(KvsTrust, self).config_overrides() - self.config_fixture.config( - group='identity', - driver='keystone.identity.backends.kvs.Identity') - self.config_fixture.config( - group='trust', - driver='keystone.trust.backends.kvs.Trust') - self.config_fixture.config( - group='catalog', - driver='keystone.catalog.backends.kvs.Catalog') - - class KvsCatalog(tests.TestCase, test_backend.CatalogTests): def setUp(self): super(KvsCatalog, self).setUp() @@ -235,12 +111,6 @@ class KvsCatalog(tests.TestCase, test_backend.CatalogTests): def config_overrides(self): super(KvsCatalog, self).config_overrides() self.config_fixture.config( - group='identity', - driver='keystone.identity.backends.kvs.Identity') - self.config_fixture.config( - group='trust', - driver='keystone.trust.backends.kvs.Trust') - self.config_fixture.config( group='catalog', driver='keystone.catalog.backends.kvs.Catalog') @@ -298,28 +168,5 @@ class KvsTokenCacheInvalidation(tests.TestCase, def config_overrides(self): super(KvsTokenCacheInvalidation, self).config_overrides() self.config_fixture.config( - group='identity', - driver='keystone.identity.backends.kvs.Identity') - self.config_fixture.config( group='token', driver='keystone.token.backends.kvs.Token') - - -class KvsInheritanceTests(tests.TestCase, test_backend.InheritanceTests): - def setUp(self): - # NOTE(dstanek): setup the database for subsystems that only have a - # SQL backend (like credentials) - self.useFixture(database.Database()) - - super(KvsInheritanceTests, self).setUp() - self.load_backends() - self.load_fixtures(default_fixtures) - - def config_overrides(self): - super(KvsInheritanceTests, self).config_overrides() - self.config_fixture.config( - group='identity', - driver='keystone.identity.backends.kvs.Identity') - self.config_fixture.config( - group='assignment', - driver='keystone.assignment.backends.kvs.Assignment') diff --git a/keystone/tests/test_backend_ldap.py b/keystone/tests/test_backend_ldap.py index aef7ca7c1..aeed35829 100644 --- a/keystone/tests/test_backend_ldap.py +++ b/keystone/tests/test_backend_ldap.py @@ -1201,6 +1201,27 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase): # from the resource default. self.assertIs(not CONF.ldap.user_enabled_default, user_ref['enabled']) + @mock.patch.object(common_ldap_core.BaseLdap, '_ldap_get') + def test_user_enabled_invert_default_str_value(self, mock_ldap_get): + self.config_fixture.config(group='ldap', user_enabled_invert=True, + user_enabled_default='False') + # Mock the search results to return an entry with + # no enabled value. + mock_ldap_get.return_value = ( + 'cn=junk,dc=example,dc=com', + { + 'sn': [uuid.uuid4().hex], + 'email': [uuid.uuid4().hex], + 'cn': ['junk'] + } + ) + + user_api = identity.backends.ldap.UserApi(CONF) + user_ref = user_api.get('junk') + # Ensure that the model enabled attribute is inverted + # from the resource default. + self.assertIs(True, user_ref['enabled']) + @mock.patch.object(common_ldap_core.KeystoneLDAPHandler, 'simple_bind_s') def test_user_api_get_connection_no_user_password(self, mocked_method): """Don't bind in case the user and password are blank.""" @@ -1836,6 +1857,15 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): self.identity_api.get_user, user['id']) + def test_user_auth_emulated(self): + self.config_fixture.config(group='ldap', + user_enabled_emulation_dn='cn=test,dc=test') + self.reload_backends(CONF.identity.default_domain_id) + self.identity_api.authenticate( + context={}, + user_id=self.user_foo['id'], + password=self.user_foo['password']) + def test_user_enable_attribute_mask(self): self.skipTest( "Enabled emulation conflicts with enabled mask") @@ -1897,6 +1927,10 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): self.skipTest( "N/A: Covered by test_user_enabled_invert") + def test_user_enabled_invert_default_str_value(self): + self.skipTest( + "N/A: Covered by test_user_enabled_invert") + class LdapIdentitySqlAssignment(BaseLDAPIdentity, tests.SQLDriverOverrides, tests.TestCase): diff --git a/keystone/tests/test_backend_ldap_pool.py b/keystone/tests/test_backend_ldap_pool.py index e0942170d..e0def853c 100644 --- a/keystone/tests/test_backend_ldap_pool.py +++ b/keystone/tests/test_backend_ldap_pool.py @@ -16,6 +16,7 @@ import ldappool import mock +from oslotest import mockpatch from keystone.common.ldap import core as ldap_core from keystone import config @@ -213,21 +214,9 @@ class LdapIdentitySqlAssignment(LdapPoolCommonTestMixin, sure it works without any error. ''' def setUp(self): - # NOTE(dstanek): We need to patch the Connector before the - # parent setUp is executed. The patch cleanup needs to happen - # after the parent setUp runs because olsotest will try to - # automagically stop all patches and that will cause an - # exception. We could just not cleanup after ourselves since - # oslotest will do it, but that seems wrong. Once bug #1365678 - # is fixed and released in oslotest we can start using - # oslotest.mockpatch.PatchObject instead. - patcher = mock.patch.object(ldap_core.PooledLDAPHandler, 'Connector', - fakeldap.FakeLdapPool) - patcher.start() - try: - super(LdapIdentitySqlAssignment, self).setUp() - finally: - self.addCleanup(patcher.stop) + self.useFixture(mockpatch.PatchObject( + ldap_core.PooledLDAPHandler, 'Connector', fakeldap.FakeLdapPool)) + super(LdapIdentitySqlAssignment, self).setUp() self.addCleanup(self.cleanup_pools) # storing to local variable to avoid long references diff --git a/keystone/tests/test_cert_setup.py b/keystone/tests/test_cert_setup.py index 465d7f7c0..57d47508a 100644 --- a/keystone/tests/test_cert_setup.py +++ b/keystone/tests/test_cert_setup.py @@ -91,22 +91,22 @@ class CertSetupTestCase(rest.RestfulTestCase): controller.authenticate, {}, body_dict) - def test_create_pki_certs(self): - pki = openssl.ConfigurePKI(None, None) + def test_create_pki_certs(self, rebuild=False): + pki = openssl.ConfigurePKI(None, None, rebuild=rebuild) pki.run() self.assertTrue(os.path.exists(CONF.signing.certfile)) self.assertTrue(os.path.exists(CONF.signing.ca_certs)) self.assertTrue(os.path.exists(CONF.signing.keyfile)) - def test_create_ssl_certs(self): - ssl = openssl.ConfigureSSL(None, None) + def test_create_ssl_certs(self, rebuild=False): + ssl = openssl.ConfigureSSL(None, None, rebuild=rebuild) ssl.run() self.assertTrue(os.path.exists(CONF.ssl.ca_certs)) self.assertTrue(os.path.exists(CONF.ssl.certfile)) self.assertTrue(os.path.exists(CONF.ssl.keyfile)) - def test_fetch_signing_cert(self): - pki = openssl.ConfigurePKI(None, None) + def test_fetch_signing_cert(self, rebuild=False): + pki = openssl.ConfigurePKI(None, None, rebuild=rebuild) pki.run() # NOTE(jamielennox): Use request directly because certificate @@ -138,11 +138,86 @@ class CertSetupTestCase(rest.RestfulTestCase): self.assertEqual('text/html', resp.content_type) + def test_fetch_signing_cert_when_rebuild(self): + pki = openssl.ConfigurePKI(None, None) + pki.run() + self.test_fetch_signing_cert(rebuild=True) + def test_failure(self): for path in ['/v2.0/certificates/signing', '/v2.0/certificates/ca']: self.request(self.public_app, path, method='GET', expected_status=500) + def test_pki_certs_rebuild(self): + self.test_create_pki_certs() + with open(CONF.signing.certfile) as f: + cert_file1 = f.read() + + self.test_create_pki_certs(rebuild=True) + with open(CONF.signing.certfile) as f: + cert_file2 = f.read() + + self.assertNotEqual(cert_file1, cert_file2) + + def test_ssl_certs_rebuild(self): + self.test_create_ssl_certs() + with open(CONF.ssl.certfile) as f: + cert_file1 = f.read() + + self.test_create_ssl_certs(rebuild=True) + with open(CONF.ssl.certfile) as f: + cert_file2 = f.read() + + self.assertNotEqual(cert_file1, cert_file2) + + @mock.patch.object(os, 'remove') + def test_rebuild_pki_certs_remove_error(self, mock_remove): + self.test_create_pki_certs() + with open(CONF.signing.certfile) as f: + cert_file1 = f.read() + + mock_remove.side_effect = OSError() + self.test_create_pki_certs(rebuild=True) + with open(CONF.signing.certfile) as f: + cert_file2 = f.read() + + self.assertEqual(cert_file1, cert_file2) + + @mock.patch.object(os, 'remove') + def test_rebuild_ssl_certs_remove_error(self, mock_remove): + self.test_create_ssl_certs() + with open(CONF.ssl.certfile) as f: + cert_file1 = f.read() + + mock_remove.side_effect = OSError() + self.test_create_ssl_certs(rebuild=True) + with open(CONF.ssl.certfile) as f: + cert_file2 = f.read() + + self.assertEqual(cert_file1, cert_file2) + + def test_create_pki_certs_twice_without_rebuild(self): + self.test_create_pki_certs() + with open(CONF.signing.certfile) as f: + cert_file1 = f.read() + + self.test_create_pki_certs() + with open(CONF.signing.certfile) as f: + cert_file2 = f.read() + + self.assertEqual(cert_file1, cert_file2) + + def test_create_ssl_certs_twice_without_rebuild(self): + self.test_create_ssl_certs() + with open(CONF.ssl.certfile) as f: + cert_file1 = f.read() + + self.test_create_ssl_certs() + with open(CONF.ssl.certfile) as f: + cert_file2 = f.read() + + self.assertEqual(cert_file1, cert_file2) + class TestExecCommand(tests.TestCase): diff --git a/keystone/tests/test_contrib_stats_core.py b/keystone/tests/test_contrib_stats_core.py deleted file mode 100644 index 7abfb1cc5..000000000 --- a/keystone/tests/test_contrib_stats_core.py +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone import config -from keystone.contrib import stats -from keystone import tests - - -CONF = config.CONF - - -class StatsContribCore(tests.TestCase): - def setUp(self): - super(StatsContribCore, self).setUp() - self.stats_middleware = stats.StatsMiddleware(None) - - def test_admin_request(self): - host_admin = "127.0.0.1:%s" % CONF.admin_port - self.assertEqual("admin", - self.stats_middleware._resolve_api(host_admin)) - - def test_public_request(self): - host_public = "127.0.0.1:%s" % CONF.public_port - self.assertEqual("public", - self.stats_middleware._resolve_api(host_public)) - - def test_other_request(self): - host_public = "127.0.0.1:%s" % CONF.public_port - host_other = host_public + "1" - self.assertEqual(host_other, - self.stats_middleware._resolve_api(host_other)) diff --git a/keystone/tests/test_exception.py b/keystone/tests/test_exception.py index 4bdcd7576..9b88b6685 100644 --- a/keystone/tests/test_exception.py +++ b/keystone/tests/test_exception.py @@ -14,11 +14,11 @@ import uuid +from oslo.serialization import jsonutils import six from keystone.common import wsgi from keystone import exception -from keystone.openstack.common import jsonutils from keystone import tests diff --git a/keystone/tests/test_keystoneclient.py b/keystone/tests/test_keystoneclient.py index 72991a146..237906f84 100644 --- a/keystone/tests/test_keystoneclient.py +++ b/keystone/tests/test_keystoneclient.py @@ -17,11 +17,11 @@ import os import uuid import mock +from oslo.serialization import jsonutils from oslo.utils import timeutils import webob from keystone import config -from keystone.openstack.common import jsonutils from keystone import tests from keystone.tests import default_fixtures from keystone.tests.ksfixtures import appserver diff --git a/keystone/tests/test_middleware.py b/keystone/tests/test_middleware.py index cf0298984..e0bf101f3 100644 --- a/keystone/tests/test_middleware.py +++ b/keystone/tests/test_middleware.py @@ -12,11 +12,11 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo.serialization import jsonutils import webob from keystone import config from keystone import middleware -from keystone.openstack.common import jsonutils from keystone import tests diff --git a/keystone/tests/test_singular_plural.py b/keystone/tests/test_singular_plural.py index 95733b64b..b07ea8d5e 100644 --- a/keystone/tests/test_singular_plural.py +++ b/keystone/tests/test_singular_plural.py @@ -16,7 +16,6 @@ import ast from keystone.contrib.admin_crud import core as admin_crud_core from keystone.contrib.s3 import core as s3_core -from keystone.contrib.stats import core as stats_core from keystone.contrib.user_crud import core as user_crud_core from keystone.identity import core as identity_core from keystone import service @@ -25,7 +24,7 @@ from keystone import service class TestSingularPlural(object): def test_keyword_arg_condition_or_methods(self): """Raise if we see a keyword arg called 'condition' or 'methods'.""" - modules = [admin_crud_core, s3_core, stats_core, + modules = [admin_crud_core, s3_core, user_crud_core, identity_core, service] for module in modules: filename = module.__file__ diff --git a/keystone/tests/test_sql_migrate_extensions.py b/keystone/tests/test_sql_migrate_extensions.py index aff58dacf..599d1917c 100644 --- a/keystone/tests/test_sql_migrate_extensions.py +++ b/keystone/tests/test_sql_migrate_extensions.py @@ -151,17 +151,43 @@ class EndpointFilterExtension(test_sql_upgrade.SqlMigrateBase): def repo_package(self): return endpoint_filter + def upgrade(self, version): + super(EndpointFilterExtension, self).upgrade( + version, repository=self.repo_path) + + def downgrade(self, version): + super(EndpointFilterExtension, self).downgrade( + version, repository=self.repo_path) + + def _assert_v1_tables(self): + self.assertTableColumns('project_endpoint', + ['endpoint_id', 'project_id']) + self.assertTableDoesNotExist('endpoint_group') + self.assertTableDoesNotExist('project_endpoint_group') + + def _assert_v2_tables(self): + self.assertTableColumns('project_endpoint', + ['endpoint_id', 'project_id']) + self.assertTableColumns('endpoint_group', + ['id', 'name', 'description', 'filters']) + self.assertTableColumns('project_endpoint_group', + ['endpoint_group_id', 'project_id']) + def test_upgrade(self): self.assertTableDoesNotExist('project_endpoint') - self.upgrade(1, repository=self.repo_path) + self.upgrade(1) + self._assert_v1_tables() self.assertTableColumns('project_endpoint', ['endpoint_id', 'project_id']) + self.upgrade(2) + self._assert_v2_tables() def test_downgrade(self): - self.upgrade(1, repository=self.repo_path) - self.assertTableColumns('project_endpoint', - ['endpoint_id', 'project_id']) - self.downgrade(0, repository=self.repo_path) + self.upgrade(2) + self._assert_v2_tables() + self.downgrade(1) + self._assert_v1_tables() + self.downgrade(0) self.assertTableDoesNotExist('project_endpoint') diff --git a/keystone/tests/test_sql_upgrade.py b/keystone/tests/test_sql_upgrade.py index 474895332..c8208b9e5 100644 --- a/keystone/tests/test_sql_upgrade.py +++ b/keystone/tests/test_sql_upgrade.py @@ -38,7 +38,9 @@ from oslo.db import exception as db_exception from oslo.db.sqlalchemy import migration from oslo.db.sqlalchemy import session as db_session import six +from sqlalchemy.engine import reflection import sqlalchemy.exc +from sqlalchemy import schema from keystone.assignment.backends import sql as assignment_sql from keystone.common import sql @@ -179,9 +181,30 @@ class SqlMigrateBase(tests.SQLDriverOverrides, tests.TestCase): meta = sqlalchemy.MetaData() meta.bind = self.engine meta.reflect(self.engine) - for table in list(meta.tables.keys()): - table = sqlalchemy.Table(table, meta, autoload=True) - table.drop(self.engine, checkfirst=True) + + with self.engine.begin() as conn: + inspector = reflection.Inspector.from_engine(self.engine) + metadata = schema.MetaData() + tbs = [] + all_fks = [] + + for table_name in inspector.get_table_names(): + fks = [] + for fk in inspector.get_foreign_keys(table_name): + if not fk['name']: + continue + fks.append( + schema.ForeignKeyConstraint((), (), name=fk['name'])) + table = schema.Table(table_name, metadata, *fks) + tbs.append(table) + all_fks.extend(fks) + + for fkc in all_fks: + conn.execute(schema.DropConstraint(fkc)) + + for table in tbs: + conn.execute(schema.DropTable(table)) + sql.cleanup() super(SqlMigrateBase, self).tearDown() @@ -237,7 +260,10 @@ class SqlMigrateBase(tests.SQLDriverOverrides, tests.TestCase): self.initialize_sql() table = self.select_table(table_name) actual_cols = [col.name for col in table.columns] - self.assertEqual(expected_cols, actual_cols, '%s table' % table_name) + # Check if the columns are equal, but allow for a different order, + # which might occur after an upgrade followed by a downgrade + self.assertEqual(expected_cols.sort(), actual_cols.sort(), + '%s table' % table_name) @property def initial_db_version(self): @@ -758,6 +784,7 @@ class SqlUpgradeTests(SqlMigrateBase): # we should have 3 trusts in base self.assertEqual(3, session.query(trust_table).count()) + session.close() self.downgrade(40) session = self.Session() trust_table = sqlalchemy.Table( @@ -795,8 +822,6 @@ class SqlUpgradeTests(SqlMigrateBase): def test_upgrade_service_enabled_data(self): """Migration 44 has to migrate data from `extra` to `enabled`.""" - session = self.Session() - def add_service(**extra_data): service_id = uuid.uuid4().hex @@ -811,6 +836,7 @@ class SqlUpgradeTests(SqlMigrateBase): return service_id self.upgrade(43) + session = self.Session() # Different services with expected enabled and extra values, and a # description. @@ -839,7 +865,9 @@ class SqlUpgradeTests(SqlMigrateBase): (False, random_attr), random_attr_enabled_false_str), ] + session.close() self.upgrade(44) + session = self.Session() # Verify that the services have the expected values. @@ -859,7 +887,7 @@ class SqlUpgradeTests(SqlMigrateBase): enabled, extra = fetch_service(service_id) - self.assertIs(exp_enabled, enabled, msg) + self.assertEqual(exp_enabled, enabled, msg) self.assertEqual(exp_extra, extra, msg) def test_downgrade_service_enabled_data(self): @@ -870,8 +898,6 @@ class SqlUpgradeTests(SqlMigrateBase): """ - session = self.Session() - def add_service(enabled=True, **extra_data): service_id = uuid.uuid4().hex @@ -887,6 +913,7 @@ class SqlUpgradeTests(SqlMigrateBase): return service_id self.upgrade(44) + session = self.Session() # Insert some services using the new format. @@ -912,7 +939,9 @@ class SqlUpgradeTests(SqlMigrateBase): "enabled=False, something='whatever'"), ] + session.close() self.downgrade(43) + session = self.Session() # Verify that the services have the expected values. @@ -959,8 +988,6 @@ class SqlUpgradeTests(SqlMigrateBase): def test_upgrade_endpoint_enabled_data(self): """Migration 42 has to migrate data from `extra` to `enabled`.""" - session = self.Session() - def add_service(): service_id = uuid.uuid4().hex @@ -988,6 +1015,7 @@ class SqlUpgradeTests(SqlMigrateBase): return endpoint_id self.upgrade(41) + session = self.Session() # Insert some endpoints using the old format where `enabled` is in # `extra` JSON. @@ -1024,7 +1052,9 @@ class SqlUpgradeTests(SqlMigrateBase): (False, random_attr), random_attr_enabled_false_str), ] + session.close() self.upgrade(42) + session = self.Session() # Verify that the endpoints have the expected values. @@ -1044,7 +1074,9 @@ class SqlUpgradeTests(SqlMigrateBase): enabled, extra = fetch_endpoint(endpoint_id) - self.assertIs(exp_enabled, enabled, msg) + # NOTE(henry-nash): Different databases may return enabled as a + # real boolean of 0/1 - so we use assertEqual not assertIs here. + self.assertEqual(exp_enabled, enabled, msg) self.assertEqual(exp_extra, extra, msg) def test_downgrade_endpoint_enabled_data(self): @@ -1055,8 +1087,6 @@ class SqlUpgradeTests(SqlMigrateBase): """ - session = self.Session() - def add_service(): service_id = uuid.uuid4().hex @@ -1085,6 +1115,7 @@ class SqlUpgradeTests(SqlMigrateBase): return endpoint_id self.upgrade(42) + session = self.Session() # Insert some endpoints using the new format. @@ -1109,7 +1140,9 @@ class SqlUpgradeTests(SqlMigrateBase): "enabled=False, something='whatever'"), ] + session.close() self.downgrade(41) + session = self.Session() # Verify that the endpoints have the expected values. @@ -1137,7 +1170,6 @@ class SqlUpgradeTests(SqlMigrateBase): Create two regions with the same description. """ - session = self.Session() def add_region(): region_uuid = uuid.uuid4().hex @@ -1151,6 +1183,7 @@ class SqlUpgradeTests(SqlMigrateBase): return region_uuid self.upgrade(43) + session = self.Session() # Write one region to the database add_region() # Write another region to the database with the same description @@ -1165,7 +1198,6 @@ class SqlUpgradeTests(SqlMigrateBase): Create two regions with the same description. """ - session = self.Session() def add_region(table): region_uuid = uuid.uuid4().hex @@ -1185,6 +1217,7 @@ class SqlUpgradeTests(SqlMigrateBase): # Migrate to version 42 self.upgrade(42) + session = self.Session() region_table = sqlalchemy.Table('region', get_metadata(), autoload=True) @@ -1205,16 +1238,23 @@ class SqlUpgradeTests(SqlMigrateBase): # into more specific exception objects, we should catch both of # sqlalchemy and oslo.db exceptions. If an old oslo.db version # is installed, IntegrityError is raised. If >=0.4.0 version of - # oslo.db is installed, DBDuplicateEntry is raised. + # oslo.db is installed, DBError is raised. # When the global requirements is updated with # the version fixes exceptions wrapping, IntegrityError must be # removed from the tuple. - (sqlalchemy.exc.IntegrityError, db_exception.DBDuplicateEntry), + + # NOTE(henry-nash): The above re-creation of the (now erased from + # history) unique constraint doesn't appear to work well with the + # Postgresql SQA driver, leading to it throwing a ValueError, so + # we also catch that here. + (sqlalchemy.exc.IntegrityError, db_exception.DBError, ValueError), add_region, table=region_unique_table) # migrate to 43, unique constraint should be dropped + session.close() self.upgrade(43) + session = self.Session() # reload the region table from the schema region_nonunique = sqlalchemy.Table('region', @@ -1267,7 +1307,9 @@ class SqlUpgradeTests(SqlMigrateBase): self.insert_dict(session, 'region', acme) region_table = sqlalchemy.Table('region', self.metadata, autoload=True) self.assertEqual(2, session.query(region_table).count()) + session.close() self.downgrade(51) + session = self.Session() self.metadata.clear() region_table = sqlalchemy.Table('region', self.metadata, autoload=True) self.assertEqual(2, session.query(region_table).count()) @@ -1344,7 +1386,9 @@ class SqlUpgradeTests(SqlMigrateBase): add_endpoint(_service_id_, region=None) # upgrade to 53 + session.close() self.upgrade(53) + session = self.Session() self.metadata.clear() region_table = sqlalchemy.Table('region', self.metadata, autoload=True) @@ -1367,7 +1411,9 @@ class SqlUpgradeTests(SqlMigrateBase): filter_by(region_id=_small_region_name).count()) # downgrade to 52 + session.close() self.downgrade(52) + session = self.Session() self.metadata.clear() region_table = sqlalchemy.Table('region', self.metadata, autoload=True) diff --git a/keystone/tests/test_v3.py b/keystone/tests/test_v3.py index f18bd10f1..8d1648307 100644 --- a/keystone/tests/test_v3.py +++ b/keystone/tests/test_v3.py @@ -16,6 +16,7 @@ import datetime import uuid from lxml import etree +from oslo.serialization import jsonutils from oslo.utils import timeutils import six from testtools import matchers @@ -27,7 +28,6 @@ from keystone.common import serializer from keystone import config from keystone import exception from keystone import middleware -from keystone.openstack.common import jsonutils from keystone.policy.backends import rules from keystone import tests from keystone.tests.ksfixtures import database diff --git a/keystone/tests/test_v3_auth.py b/keystone/tests/test_v3_auth.py index 2017caed3..7f4270513 100644 --- a/keystone/tests/test_v3_auth.py +++ b/keystone/tests/test_v3_auth.py @@ -14,6 +14,7 @@ import copy import datetime +import json import operator import uuid @@ -129,10 +130,8 @@ class TokenAPITests(object): def test_default_fixture_scope_token(self): self.assertIsNotNone(self.get_scoped_token()) - def sign_token(self, resp): - return cms.cms_sign_token(resp.body, - CONF.signing.certfile, - CONF.signing.keyfile) + def verify_token(self, *args, **kwargs): + return cms.verify_token(*args, **kwargs) def test_v3_token_id(self): auth_data = self.build_authentication_request( @@ -143,8 +142,13 @@ class TokenAPITests(object): token_id = resp.headers.get('X-Subject-Token') self.assertIn('expires_at', token_data['token']) - expected_token_id = self.sign_token(resp) - self.assertEqual(expected_token_id, token_id) + decoded_token = self.verify_token(token_id, CONF.signing.certfile, + CONF.signing.ca_certs) + decoded_token_dict = json.loads(decoded_token) + + token_resp_dict = json.loads(resp.body) + + self.assertEqual(decoded_token_dict, token_resp_dict) # should be able to validate hash PKI token as well hash_token_id = cms.cms_hash_token(token_id) headers = {'X-Subject-Token': hash_token_id} @@ -411,10 +415,8 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase, TokenAPITests): class TestPKIZTokenAPIs(test_v3.RestfulTestCase, TokenAPITests): - def sign_token(self, resp): - return cms.pkiz_sign(resp.body, - CONF.signing.certfile, - CONF.signing.keyfile) + def verify_token(self, *args, **kwargs): + return cms.pkiz_verify(*args, **kwargs) def config_overrides(self): super(TestPKIZTokenAPIs, self).config_overrides() diff --git a/keystone/tests/test_v3_federation.py b/keystone/tests/test_v3_federation.py index 21624f5f4..edcce0082 100644 --- a/keystone/tests/test_v3_federation.py +++ b/keystone/tests/test_v3_federation.py @@ -17,6 +17,7 @@ import uuid from lxml import etree import mock +from oslo.serialization import jsonutils from oslotest import mockpatch import saml2 from saml2 import saml @@ -32,7 +33,6 @@ from keystone.contrib.federation import idp as keystone_idp from keystone.contrib.federation import utils as mapping_utils from keystone import exception from keystone import notifications -from keystone.openstack.common import jsonutils from keystone.openstack.common import log from keystone.tests import federation_fixtures from keystone.tests import mapping_fixtures @@ -1665,6 +1665,7 @@ class SAMLGenerationTests(FederationTests): ROLES = ['admin', 'member'] PROJECT = 'development' SAML_GENERATION_ROUTE = '/auth/OS-FEDERATION/saml2' + ASSERTION_VERSION = "2.0" def setUp(self): super(SAMLGenerationTests, self).setUp() @@ -1704,6 +1705,22 @@ class SAMLGenerationTests(FederationTests): self.assertEqual(self.PROJECT, project_attribute.attribute_value[0].text) + def test_verify_assertion_object(self): + """Test if the Assertion object is build properly. + + The Assertion doesn't need to be signed in this test, so + _sign_assertion method is patched and doesn't alter the assertion. + + """ + with mock.patch.object(keystone_idp, '_sign_assertion', + side_effect=lambda x: x): + generator = keystone_idp.SAMLGenerator() + response = generator.samlize_token(self.ISSUER, self.RECIPIENT, + self.SUBJECT, self.ROLES, + self.PROJECT) + assertion = response.assertion + self.assertEqual(self.ASSERTION_VERSION, assertion.version) + def test_valid_saml_xml(self): """Test the generated SAML object can become valid XML. @@ -1810,15 +1827,11 @@ class SAMLGenerationTests(FederationTests): provide a valid SAML (XML) document back. """ - + CONF.saml.idp_entity_id = self.ISSUER region_id = self._create_region_with_url() token_id = self._fetch_valid_token() body = self._create_generate_saml_request(token_id, region_id) - # NOTE(stevemar): The issuer is the identity provider, in this - # case, the host running Keystone. - real_issuer = 'http://localhost' - with mock.patch.object(keystone_idp, '_sign_assertion', return_value=self.signed_assertion): http_response = self.post(self.SAML_GENERATION_ROUTE, body=body, @@ -1830,7 +1843,7 @@ class SAMLGenerationTests(FederationTests): assertion = response[2] self.assertEqual(self.RECIPIENT, response.get('Destination')) - self.assertEqual(real_issuer, issuer.text) + self.assertEqual(self.ISSUER, issuer.text) # NOTE(stevemar): We should test this against expected values, # but the self.xyz attribute names are uuids, and we mock out diff --git a/keystone/tests/test_v3_filters.py b/keystone/tests/test_v3_filters.py index c5421e6e9..c7c45b572 100644 --- a/keystone/tests/test_v3_filters.py +++ b/keystone/tests/test_v3_filters.py @@ -15,8 +15,9 @@ import uuid +from oslo.serialization import jsonutils + from keystone import config -from keystone.openstack.common import jsonutils from keystone.policy.backends import rules from keystone.tests import filtering from keystone.tests.ksfixtures import temporaryfile diff --git a/keystone/tests/test_v3_identity.py b/keystone/tests/test_v3_identity.py index 06e3aa7f4..908768a52 100644 --- a/keystone/tests/test_v3_identity.py +++ b/keystone/tests/test_v3_identity.py @@ -1630,6 +1630,129 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase): super(IdentityInheritanceTestCase, self).config_overrides() self.config_fixture.config(group='os_inherit', enabled=True) + def test_get_token_from_inherited_user_domain_role_grants(self): + # Create a new user to ensure that no grant is loaded from sample data + user = self.new_user_ref(domain_id=self.domain_id) + password = user['password'] + user = self.identity_api.create_user(user) + user['password'] = password + + # Define domain and project authentication data + domain_auth_data = self.build_authentication_request( + user_id=user['id'], + password=user['password'], + domain_id=self.domain_id) + project_auth_data = self.build_authentication_request( + user_id=user['id'], + password=user['password'], + project_id=self.project_id) + + # Check the user cannot get a domain nor a project token + self.v3_authenticate_token(domain_auth_data, expected_status=401) + self.v3_authenticate_token(project_auth_data, expected_status=401) + + # Grant non-inherited role for user on domain + non_inher_ud_url, non_inher_ud_entity = ( + _build_role_assignment_url_and_entity(domain_id=self.domain_id, + user_id=user['id'], + role_id=self.role_id)) + self.put(non_inher_ud_url) + + # Check the user can get only a domain token + self.v3_authenticate_token(domain_auth_data) + self.v3_authenticate_token(project_auth_data, expected_status=401) + + # Create inherited role + inherited_role = {'id': uuid.uuid4().hex, 'name': 'inherited'} + self.assignment_api.create_role(inherited_role['id'], inherited_role) + + # Grant inherited role for user on domain + inher_ud_url, inher_ud_entity = _build_role_assignment_url_and_entity( + domain_id=self.domain_id, user_id=user['id'], + role_id=inherited_role['id'], inherited_to_projects=True) + self.put(inher_ud_url) + + # Check the user can get both a domain and a project token + self.v3_authenticate_token(domain_auth_data) + self.v3_authenticate_token(project_auth_data) + + # Delete inherited grant + self.delete(inher_ud_url) + + # Check the user can only get a domain token + self.v3_authenticate_token(domain_auth_data) + self.v3_authenticate_token(project_auth_data, expected_status=401) + + # Delete non-inherited grant + self.delete(non_inher_ud_url) + + # Check the user cannot get a domain token anymore + self.v3_authenticate_token(domain_auth_data, expected_status=401) + + def test_get_token_from_inherited_group_domain_role_grants(self): + # Create a new group and put a new user in it to + # ensure that no grant is loaded from sample data + user = self.new_user_ref(domain_id=self.domain_id) + password = user['password'] + user = self.identity_api.create_user(user) + user['password'] = password + + group = self.new_group_ref(domain_id=self.domain['id']) + group = self.identity_api.create_group(group) + self.identity_api.add_user_to_group(user['id'], group['id']) + + # Define domain and project authentication data + domain_auth_data = self.build_authentication_request( + user_id=user['id'], + password=user['password'], + domain_id=self.domain_id) + project_auth_data = self.build_authentication_request( + user_id=user['id'], + password=user['password'], + project_id=self.project_id) + + # Check the user cannot get a domain nor a project token + self.v3_authenticate_token(domain_auth_data, expected_status=401) + self.v3_authenticate_token(project_auth_data, expected_status=401) + + # Grant non-inherited role for user on domain + non_inher_gd_url, non_inher_gd_entity = ( + _build_role_assignment_url_and_entity(domain_id=self.domain_id, + user_id=user['id'], + role_id=self.role_id)) + self.put(non_inher_gd_url) + + # Check the user can get only a domain token + self.v3_authenticate_token(domain_auth_data) + self.v3_authenticate_token(project_auth_data, expected_status=401) + + # Create inherited role + inherited_role = {'id': uuid.uuid4().hex, 'name': 'inherited'} + self.assignment_api.create_role(inherited_role['id'], inherited_role) + + # Grant inherited role for user on domain + inher_gd_url, inher_gd_entity = _build_role_assignment_url_and_entity( + domain_id=self.domain_id, user_id=user['id'], + role_id=inherited_role['id'], inherited_to_projects=True) + self.put(inher_gd_url) + + # Check the user can get both a domain and a project token + self.v3_authenticate_token(domain_auth_data) + self.v3_authenticate_token(project_auth_data) + + # Delete inherited grant + self.delete(inher_gd_url) + + # Check the user can only get a domain token + self.v3_authenticate_token(domain_auth_data) + self.v3_authenticate_token(project_auth_data, expected_status=401) + + # Delete non-inherited grant + self.delete(non_inher_gd_url) + + # Check the user cannot get a domain token anymore + self.v3_authenticate_token(domain_auth_data, expected_status=401) + def test_crud_user_inherited_domain_role_grants(self): role_list = [] for _ in range(2): diff --git a/keystone/tests/test_v3_oauth1.py b/keystone/tests/test_v3_oauth1.py index 64a43de25..597ce7720 100644 --- a/keystone/tests/test_v3_oauth1.py +++ b/keystone/tests/test_v3_oauth1.py @@ -15,6 +15,7 @@ import copy import uuid +from oslo.serialization import jsonutils from six.moves import urllib from keystone import config @@ -22,7 +23,6 @@ from keystone.contrib import oauth1 from keystone.contrib.oauth1 import controllers from keystone.contrib.oauth1 import core from keystone import exception -from keystone.openstack.common import jsonutils from keystone.tests.ksfixtures import temporaryfile from keystone.tests import test_v3 diff --git a/keystone/tests/test_v3_protection.py b/keystone/tests/test_v3_protection.py index f06ecffed..b425b2b1c 100644 --- a/keystone/tests/test_v3_protection.py +++ b/keystone/tests/test_v3_protection.py @@ -15,9 +15,10 @@ import uuid +from oslo.serialization import jsonutils + from keystone import config from keystone import exception -from keystone.openstack.common import jsonutils from keystone.policy.backends import rules from keystone import tests from keystone.tests.ksfixtures import temporaryfile diff --git a/keystone/tests/test_versions.py b/keystone/tests/test_versions.py index 6954da33b..582d50c4e 100644 --- a/keystone/tests/test_versions.py +++ b/keystone/tests/test_versions.py @@ -18,12 +18,12 @@ import functools import random import mock +from oslo.serialization import jsonutils from testtools import matchers as tt_matchers from keystone.common import json_home from keystone import config from keystone import controllers -from keystone.openstack.common import jsonutils from keystone import tests from keystone.tests import matchers diff --git a/keystone/tests/test_wsgi.py b/keystone/tests/test_wsgi.py index 11dfb133b..761e91e72 100644 --- a/keystone/tests/test_wsgi.py +++ b/keystone/tests/test_wsgi.py @@ -18,6 +18,7 @@ import uuid import mock from oslo import i18n +from oslo.serialization import jsonutils import six from testtools import matchers import webob @@ -25,7 +26,6 @@ import webob from keystone.common import environment from keystone.common import wsgi from keystone import exception -from keystone.openstack.common import jsonutils from keystone import tests diff --git a/keystone/tests/unit/common/test_ldap.py b/keystone/tests/unit/common/test_ldap.py index 8a50be050..61f2fd146 100644 --- a/keystone/tests/unit/common/test_ldap.py +++ b/keystone/tests/unit/common/test_ldap.py @@ -1,3 +1,4 @@ +# -*- coding: utf-8 -*- # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at @@ -125,6 +126,11 @@ class DnCompareTest(tests.BaseTestCase): dn = 'cn=Babs Jansen,ou=OpenStack' self.assertTrue(ks_ldap.is_dn_equal(dn, dn)) + def test_dn_equal_unicode(self): + # is_dn_equal can accept unicode + dn = u'cn=fäké,ou=OpenStack' + self.assertTrue(ks_ldap.is_dn_equal(dn, dn)) + def test_dn_diff_length(self): # is_dn_equal returns False if the DNs don't have the same number of # RDNs @@ -184,6 +190,12 @@ class DnCompareTest(tests.BaseTestCase): dn = ldap.dn.str2dn('ou=OpenStack') self.assertTrue(ks_ldap.dn_startswith(descendant, dn)) + def test_startswith_unicode(self): + # dn_startswith accepts unicode. + child = u'cn=cn=fäké,ou=OpenStäck' + parent = 'ou=OpenStäck' + self.assertTrue(ks_ldap.dn_startswith(child, parent)) + class LDAPDeleteTreeTest(tests.TestCase): diff --git a/keystone/token/backends/__init__.py b/keystone/token/backends/__init__.py index 606588765..927ecc97d 100644 --- a/keystone/token/backends/__init__.py +++ b/keystone/token/backends/__init__.py @@ -10,6 +10,6 @@ # License for the specific language governing permissions and limitations # under the License. -# NOTE(morganfainberg): This module is for transition from the old token -# backend package location to the new one. This module is slated for removal +# NOTE(morganfainberg): This package is for transition from the old token +# backend package location to the new one. This package is slated for removal # in the Kilo development cycle. diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py index 016392e09..16ced0ed9 100644 --- a/keystone/token/controllers.py +++ b/keystone/token/controllers.py @@ -16,6 +16,7 @@ import datetime import sys from keystoneclient.common import cms +from oslo.serialization import jsonutils from oslo.utils import timeutils import six @@ -26,7 +27,6 @@ from keystone import config from keystone import exception from keystone.i18n import _ from keystone.models import token_model -from keystone.openstack.common import jsonutils from keystone.openstack.common import log from keystone.token import provider @@ -104,8 +104,6 @@ class Auth(controller.V2Controller): try: self.identity_api.assert_user_enabled( user_id=user_ref['id'], user=user_ref) - self.assignment_api.assert_domain_enabled( - domain_id=user_ref['domain_id']) if tenant_ref: self.assignment_api.assert_project_enabled( project_id=tenant_ref['id'], project=tenant_ref) @@ -265,8 +263,8 @@ class Auth(controller.V2Controller): raise exception.ValidationSizeError( attribute='password', size=CONF.identity.max_password_length) - if ("userId" not in auth['passwordCredentials'] and - "username" not in auth['passwordCredentials']): + if (not auth['passwordCredentials'].get("userId") and + not auth['passwordCredentials'].get("username")): raise exception.ValidationError( attribute='username or userId', target='passwordCredentials') diff --git a/keystone/token/core.py b/keystone/token/core.py index 873195b44..ca2e7a6a8 100644 --- a/keystone/token/core.py +++ b/keystone/token/core.py @@ -14,7 +14,6 @@ """Main entry point into the Token service.""" -from keystone.common import cache from keystone import config from keystone import exception from keystone.i18n import _ @@ -26,11 +25,6 @@ from keystone.token import provider CONF = config.CONF LOG = log.getLogger(__name__) -SHOULD_CACHE = cache.should_cache_fn('token') - -# NOTE(blk-u): The config options are not available at import time. -EXPIRATION_TIME = lambda: CONF.token.cache_time -REVOCATION_CACHE_EXPIRATION_TIME = lambda: CONF.token.revocation_cache_time @versionutils.deprecated( diff --git a/keystone/token/providers/common.py b/keystone/token/providers/common.py index b313fc712..ddd7d69e6 100644 --- a/keystone/token/providers/common.py +++ b/keystone/token/providers/common.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo.serialization import jsonutils from oslo.utils import timeutils import six from six.moves.urllib import parse @@ -21,7 +22,6 @@ from keystone import config from keystone.contrib import federation from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import jsonutils from keystone.openstack.common import log from keystone import token from keystone.token import provider diff --git a/keystone/token/providers/pki.py b/keystone/token/providers/pki.py index 2156e43ad..8069886bb 100644 --- a/keystone/token/providers/pki.py +++ b/keystone/token/providers/pki.py @@ -15,12 +15,12 @@ """Keystone PKI Token Provider""" from keystoneclient.common import cms +from oslo.serialization import jsonutils from keystone.common import environment from keystone import config from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import jsonutils from keystone.openstack.common import log from keystone.token.providers import common diff --git a/keystone/token/providers/pkiz.py b/keystone/token/providers/pkiz.py index a343b7edd..0460e192a 100644 --- a/keystone/token/providers/pkiz.py +++ b/keystone/token/providers/pkiz.py @@ -13,12 +13,12 @@ """Keystone Compressed PKI Token Provider""" from keystoneclient.common import cms +from oslo.serialization import jsonutils from keystone.common import environment from keystone import config from keystone import exception from keystone.i18n import _ -from keystone.openstack.common import jsonutils from keystone.openstack.common import log from keystone.token.providers import common diff --git a/keystone/trust/backends/kvs.py b/keystone/trust/backends/kvs.py deleted file mode 100644 index e5b049fed..000000000 --- a/keystone/trust/backends/kvs.py +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -""" -An in memory implementation of the trusts API. -only to be used for testing purposes -""" -import copy - -from oslo.utils import timeutils - -from keystone.common import kvs -from keystone import exception -from keystone.openstack.common import versionutils -from keystone import trust as keystone_trust - - -def _filter_trust(ref, deleted=False): - if ref['deleted_at'] and not deleted: - return None - if (ref.get('expires_at') and timeutils.utcnow() > ref['expires_at'] and - not deleted): - return None - remaining_uses = ref.get('remaining_uses') - # Do not return trusts that can't be used anymore - if remaining_uses is not None and not deleted: - if remaining_uses <= 0: - return None - ref = copy.deepcopy(ref) - return ref - - -class Trust(kvs.Base, keystone_trust.Driver): - - @versionutils.deprecated(versionutils.deprecated.JUNO, - in_favor_of='keystone.trust.backends.sql', - remove_in=+1, - what='keystone.trust.backends.kvs') - def __init__(self): - super(Trust, self).__init__() - - def create_trust(self, trust_id, trust, roles): - trust_ref = copy.deepcopy(trust) - trust_ref['id'] = trust_id - trust_ref['deleted_at'] = None - trust_ref['roles'] = roles - if (trust_ref.get('expires_at') and - trust_ref['expires_at'].tzinfo is not None): - trust_ref['expires_at'] = (timeutils.normalize_time - (trust_ref['expires_at'])) - - self.db.set('trust-%s' % trust_id, trust_ref) - trustee_user_id = trust_ref['trustee_user_id'] - trustee_list = self.db.get('trustee-%s' % trustee_user_id, []) - trustee_list.append(trust_id) - self.db.set('trustee-%s' % trustee_user_id, trustee_list) - trustor_user_id = trust_ref['trustor_user_id'] - trustor_list = self.db.get('trustor-%s' % trustor_user_id, []) - trustor_list.append(trust_id) - self.db.set('trustor-%s' % trustor_user_id, trustor_list) - return trust_ref - - def consume_use(self, trust_id): - try: - orig_ref = self.db.get('trust-%s' % trust_id) - except exception.NotFound: - raise exception.TrustNotFound(trust_id=trust_id) - remaining_uses = orig_ref.get('remaining_uses') - if remaining_uses is None: - # unlimited uses, do nothing - return - elif remaining_uses > 0: - ref = copy.deepcopy(orig_ref) - ref['remaining_uses'] -= 1 - self.db.set('trust-%s' % trust_id, ref) - else: - raise exception.TrustUseLimitReached(trust_id=trust_id) - - def get_trust(self, trust_id, deleted=False): - try: - ref = self.db.get('trust-%s' % trust_id) - return _filter_trust(ref, deleted=deleted) - except exception.NotFound: - return None - - def delete_trust(self, trust_id): - try: - ref = self.db.get('trust-%s' % trust_id) - except exception.NotFound: - raise exception.TrustNotFound(trust_id=trust_id) - ref['deleted_at'] = timeutils.utcnow() - self.db.set('trust-%s' % trust_id, ref) - - def list_trusts(self): - trusts = [] - for key, value in self.db.items(): - if key.startswith("trust-") and not value['deleted_at']: - trusts.append(value) - return trusts - - def list_trusts_for_trustee(self, trustee_user_id): - trusts = [] - for trust in self.db.get('trustee-%s' % trustee_user_id, []): - trusts.append(self.get_trust(trust)) - return trusts - - def list_trusts_for_trustor(self, trustor_user_id): - trusts = [] - for trust in self.db.get('trustor-%s' % trustor_user_id, []): - trusts.append(self.get_trust(trust)) - return trusts diff --git a/openstack-common.conf b/openstack-common.conf index 15be48a62..a16499a70 100644 --- a/openstack-common.conf +++ b/openstack-common.conf @@ -2,8 +2,6 @@ module=config module=gettextutils -module=importutils -module=jsonutils module=log module=policy module=processutils diff --git a/requirements.txt b/requirements.txt index db8ef51c4..994acb39a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,6 +22,7 @@ oslo.config>=1.4.0 # Apache-2.0 oslo.messaging>=1.4.0 oslo.db>=1.0.0 # Apache-2.0 oslo.i18n>=1.0.0 # Apache-2.0 +oslo.serialization>=1.0.0 # Apache-2.0 oslo.utils>=1.0.0 # Apache-2.0 Babel>=1.3 oauthlib>=0.6 @@ -1,6 +1,6 @@ [metadata] name = keystone -version = 2014.2 +version = 2015.1 summary = OpenStack Identity description-file = README.rst diff --git a/test-requirements-py3.txt b/test-requirements-py3.txt index 6134ceda8..30fc13c07 100644 --- a/test-requirements-py3.txt +++ b/test-requirements-py3.txt @@ -51,13 +51,13 @@ testscenarios>=0.4 # keystoneclient <0.2.1 httplib2>=0.7.5 # replaces httplib2 in keystoneclient >=0.2.1 -requests>=1.2.1,!=2.4.0 +requests>=2.2.0,!=2.4.0 keyring>=2.1,!=3.3 # For documentation oslosphinx>=2.2.0 # Apache-2.0 # Used only by oslo -kombu>=2.4.8 +kombu>=2.5.0 lockfile>=0.8 stevedore>=1.0.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index 78b5c2007..9bc654297 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -52,13 +52,13 @@ testscenarios>=0.4 # keystoneclient <0.2.1 httplib2>=0.7.5 # replaces httplib2 in keystoneclient >=0.2.1 -requests>=1.2.1,!=2.4.0 +requests>=2.2.0,!=2.4.0 keyring>=2.1,!=3.3 # For documentation oslosphinx>=2.2.0 # Apache-2.0 # Used only by oslo -kombu>=2.4.8 +kombu>=2.5.0 lockfile>=0.8 stevedore>=1.0.0 # Apache-2.0 @@ -26,7 +26,6 @@ commands = keystone/tests/test_backend.py \ keystone/tests/test_backend_rules.py \ keystone/tests/test_cache_backend_mongo.py \ - keystone/tests/test_contrib_stats_core.py \ keystone/tests/test_driver_hints.py \ keystone/tests/test_hacking_checks.py \ keystone/tests/test_injection.py \ @@ -54,7 +53,6 @@ commands = keystone/tests/test_backend.py \ keystone/tests/test_backend_rules.py \ keystone/tests/test_cache_backend_mongo.py \ - keystone/tests/test_contrib_stats_core.py \ keystone/tests/test_driver_hints.py \ keystone/tests/test_hacking_checks.py \ keystone/tests/test_injection.py \ |
