| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously this call to the conf object couldn't parse cli args
because the oslo.policy tool was registering its cli opts on a
private conf object, so attempting to parse them on the global
object would fail. The dependency makes oslo.policy use the global
object instead so cli arg parsing works correctly.
This is important because ignoring cli args as this was previously
doing caused things like --config-file to be dropped, which meant
that running the tool with that option specified did not work as
expected.
Depends-On: https://review.opendev.org/690628
Change-Id: Id553743277a35660a40d6b3b02847d7a35abbfb9
Closes-Bug: 1849518
|
| |\ \ \ \
| |_|_|/
|/| | | |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This repo does not use Babel as requirement. See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-April/014227.html
Change I8636e7c86c6c5c608429fab88e181108ae615db9 added it temporarily,
it's time to remove it again.
Leave it in lower-constraints in case dependencies pull it in.
Change-Id: I66bfedcbe30c89a65355e5ab1db6996640d2bfcf
|
| |\ \ \ |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, we are overriding 'install_command' to use 'pip'. This is
considered poor behavior and 'python -m pip' should be used instead:
https://snarky.ca/why-you-should-use-python-m-pip/
It turns out that this is the the default value provided by tox:
https://tox.readthedocs.io/en/latest/config.html#conf-install_command
So we can remove the line and simply use the default value.
Change-Id: I2bf8b8509788fdc2f23c9ddf4211b19de7b3fb87
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Problem description
===================
Today we have a consistency problem when updating federated
users via OpenStack. When I update a ephemeral user via OpenStack,
a registry in the local_user table is created, making this user
having entries in user, local_user and federated_user tables in
the database.
Furthermore, if I try to do some operations using this user
(that has entries in all three tables), I get a "More than one
user exists with the name ..." error from the OpenStack
Keystone API. It happens because the user has an entry in both
local_user and federated_user tables.
I fix the persistence in the local_user table for ephemeral
users when doing updates.
Proposal
========
I fix the problem with creating an entry in the
local_user table while updating an ephemeral user
Closes-Bug: #1848342
Change-Id: I2ac6e90f24b94dc5c0d9c0758f008a388597036c
|
| |\ \ \ \
| |_|_|/
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Python2.7 support is removed from Ussuri Cycle. Thus
updating the rst files regarding the same.
Change-Id: I5a75eac3926ac01565019afbb223df8bf599a69f
|
| |\ \ \ \ |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make a few cleanups:
- Remove python 2.7 stanza from setup.py
- Add requires on python >= 3.6 to setup.cfg so that pypi and pip
know about the requirement
- Remove obsolete sections from setup.cfg
- Update classifiers
Change-Id: Id04f2ca5b879ee1f37cd349ff85ebec01389213a
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch adds functionality to allow an operator to pass in a
federated attribute when updating a user. When a user is updated
the federated objects in the federated attribute will be updated
and associated along with the user.
Co-Authored-By: Kristi Nikolla <knikolla@bu.edu>
Partial-Bug: 1816076
Change-Id: I8ee43b437b551858c198320204b768cdba311506
|
| |\ \ \ \ \
| |/ / / / |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch adds functionality to allow an operator to pass in a
federated attribute when creating a user. When a user is created
the federated objects in the federated attribute will be created
and associated along with the user.
Co-Authored-By: Kristi Nikolla <knikolla@bu.edu>
Partial-Bug: 1816076
Change-Id: I6db03af81099a7509635881f05adf5a7257466a7
|
| |\ \ \ \ \
| |/ / / / |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch adds functionality to get_user that allows it to pull all
associated federated objects and tack it on to be displayed to the
user.
Partial-Bug: 1816076
Change-Id: I8d69ef68153d6650652e1081e5e7b9e5e31a3ed1
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This patch extends the identity provider API to receive, return
and set the authorization_ttl on an identity provider.
Change-Id: I3c58da290d52149e307280042ed20447da4687f7
Partial-Bug: 1809116
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Also includes a release note.
Change-Id: I72a5d461488b50f20b59d1288016514a2b8f71e5
Closes-Bug: 1816076
|
| |\ \ \ \ \ \ |
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When a federated user authenticates, they are added to their
mapped groups during shadowing.
Closes-Bug: 1809116
Change-Id: I19dc400b2a7aa46709b242cdeef82beaca975ff3
|
| |\ \ \ \ \ \
| |/ / / / / |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Modify the base driver and SQL driver to support expiring group
memberships.
Additions to the SQL Driver to support listing expiring groups
for user.
Change-Id: I7d52cd2003f511483619a429de57201df4990209
Partial-Bug: 1809116
Depends-On: I4294a879071dde07e5eb1da4df133de8032e1059
|
| |\ \ \ \ \ \
| |/ / / / /
| | | / / /
| |_|/ / /
|/| | | | |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Creates the model and migration for the expiring user group
membership table.
Change-Id: I48093403539918f81e6a174bdfa7b6497dd307fb
Partial-Bug: 1809116
|
| |\ \ \ \ |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
after commit I8bbcedb7ad3f0bc2e06dfa13878a97411ee1dc6d switched usage
to unittest.mock everywhere we can now drop mock from test-requirements
which reduces extra package from being installed
Change-Id: Id9d87aa8449b46dd74b2acedcdd9239200d108fb
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Roles, projects, and domains can accept "immutable" as a resource
option. This change explains the option in the admin guide and updates
the API reference to mention it.
Change-Id: I95926927472f6418f97a08fea0ebd56da04ce7a5
Related-bug: #1823258
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
http://lists.openstack.org/pipermail/openstack-discuss/2020-February/012364.html
Change-Id: Ifc74072a5b7ae90910100093450e89f98d5dcb53
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This change moves the time mocking from using freezegun to
using oslo.utils TimeFixture for the unit test
test_with_passcode_in_previous_windows_extended, which was
occasionally failing with 401 errors due to
the totp creation time not properly be faked with
4 extended windows.
Closes-Bug: #1843464
Change-Id: I3aefd99907fbc2d03538c9814f7279b282715679
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, a keystone IdP does not provide the
groups to which user belong when generating SAML
assertions.This patch adds an additional attribute
called "openstack_groups" in the assertion.
Change-Id: I205e8bbf9a4579b16177f57e29e363f4205a2b48
Closes-Bug: #1641625
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
many years ago when eventlet support was dropped
the usage of osl_concurrency was also removed.
commit was here I963d94bbd188dbb6eba68623a42c5bc3f2289da4
dropping requirement on it since it is not used
Change-Id: I72f278b7da59096f71f0e59f0fb1f70f93265aa4
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ensure that Zuul publishes both the shibboleth config and the shibboleth
logs in the job artifacts so that we can debug issues with the SAML SP.
Change-Id: I53f844fae775d9b30d9b7f867bac0ed873b86bc7
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The "options" is not "optional" in user api responses.
This patch removes the 'optional' from the same and also updates
string with the format to be used while creating api-ref in
keystone.
Change-Id: I848f168215800b42480d14f1f1905d8843ed3faa
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch fixes wrong spelling in auth.py.
Change-Id: I98fa9c88aa0d126718fdba952fbe22a4fe62f6b5
|
| |\ \ \ \ \ |
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
SQLAlchemy 1.4 will be introducing a new warning
class called RemovedIn20Warning, which will indicate behaviors
and APIs that are planned on being changed for the
SQLAlchemy 2.0 release [1]. As SQLAlchemy 2.0 is planned on
being a more major API break, applications will normally need
to wait until they are fully on SQLAlchemy 1.4 only as well as
Python 3 only in order to begin using new APIs that will allow
migration to 2.0.
For now, Keystone and others don't have a need to be raising
for this warning as there are not yet clear upgrade paths
established.
[1] https://docs.sqlalchemy.org/en/14/changelog/migration_20.html#sqlalchemy-1-x-to-2-0-transition
Change-Id: Icb005b2e7b9d851f5a3e8677599b32a6e3edddc2
|
| |\ \ \ \ \ |
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This implements TODOs added in [1], as promised in [2].
The first TODO is realised only partially because most ldap code
actually relies on having two connections obtained from the pool.
This optimizes mixin code by removing extra ldap calls.
There is no change in the observed behaviour of integration.
This also removes some duplication and refactors names to avoid
some confusion related to dn/object_id.
Backport to: Train, Stein (with [1]&[3]), Rocky (with [1]&[3]),
Queens (with [1]&[3])
[1] c7fae97d873f72068ca65538ec5b5919c0ac7d5a
[2] https://review.opendev.org/683303
[3] 19d4831daa3991bed48fb364fa05927740c96445
Change-Id: I22f3bce647182996dfc06084ee6d4989449e3d2d
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Remove unused git_cmd from api-ref.
Remove html_last_updated_fmt and latex_engine setting,
these are done by openstackdocstheme nowadays.
Change-Id: I1c63f83b3fa074f9fa136e0b89bba0586756bc56
|
| | |/ / / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The mock library is a third party lib that attempted to bridge the gap
between Python 2 and Python 3 mocking. Now that we have moved to py3
only, there is no need to use a third party lib and we can use the
standard built-in mocking support.
Change-Id: I8bbcedb7ad3f0bc2e06dfa13878a97411ee1dc6d
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
