delta/openstack/python-keystoneclient.git/keystoneclient/contrib, branch 1.7.4 opendev.org: openstack/python-keystoneclient.git Mark password/secret options as secret 2016-01-18T23:28:18+00:00 Brant Knudson bknudson@us.ibm.com 2016-01-14T22:22:04+00:00 1da2c545c3c9099eedf81ebc8b95ab08b311a8c0 Password, token, and secret options should be marked as secret=True so that when the value is logged the logger knows to obfuscate the value. Change-Id: I6ebdfa3bf6faf37bc11640a5826b3b55bb920fc4 Closes-Bug: 1534299 (cherry picked from commit 04f9f33b4b6079d39c3feea0b1ec1211a1de6a04) 
Password, token, and secret options should be marked as secret=True
so that when the value is logged the logger knows to obfuscate the
value.

Change-Id: I6ebdfa3bf6faf37bc11640a5826b3b55bb920fc4
Closes-Bug: 1534299
(cherry picked from commit 04f9f33b4b6079d39c3feea0b1ec1211a1de6a04)
Swap the order of username deprecation 2016-01-18T23:27:32+00:00 Monty Taylor mordred@inaugust.com 2015-11-19T15:22:31+00:00 f15c176ba30efdcc15886e8f7203f32deb60c2a2 The attempt at a move to user-name is an exercise in churn, and is filling everyone's logs with admonitions to change the name of their variables - which does not work if they do. Swap this, effectively reverting the attempt at a move. user-name will continue to work on the off chance anyone started consuming that path, which is unlikely because none of the consuming programs expose that as an actual option. Closes-Bug: 1498247 Change-Id: I62d991fda1df63c9cbabfde2f6836bc031f5147c (cherry picked from commit 13bb2f74b0d65c1fef30f77d710d56e51e5f7841) 
The attempt at a move to user-name is an exercise in churn, and is
filling everyone's logs with admonitions to change the name of their
variables - which does not work if they do. Swap this, effectively
reverting the attempt at a move. user-name will continue to work on
the off chance anyone started consuming that path, which is unlikely
because none of the consuming programs expose that as an actual option.

Closes-Bug: 1498247

Change-Id: I62d991fda1df63c9cbabfde2f6836bc031f5147c
(cherry picked from commit 13bb2f74b0d65c1fef30f77d710d56e51e5f7841)
Redirect on 303 in SAML plugin 2015-10-02T22:23:06+00:00 Jamie Lennox jamielennox@redhat.com 2015-10-01T21:17:21+00:00 90c5838074fcb5d64fa3aaadf4a61eed606cd9d3 The SAML plugin handles redirects in a custom manner but currently only checks for the 302 redirect code. This doesn't cover the mod_auth_mellon case which responds with a 303. Also handle the 303 redirect case. Change-Id: Idab5f381fcbfb8c561184845d3aa5c8aab142ecd Closes-Bug: #1501918 (cherry picked from commit 9cd71c064c77a22a0a58084a2abab77b023017b5) 
The SAML plugin handles redirects in a custom manner but currently only
checks for the 302 redirect code. This doesn't cover the mod_auth_mellon
case which responds with a 303.

Also handle the 303 redirect case.

Change-Id: Idab5f381fcbfb8c561184845d3aa5c8aab142ecd
Closes-Bug: #1501918
(cherry picked from commit 9cd71c064c77a22a0a58084a2abab77b023017b5)
Fix Accept header in SAML2 requests 2015-08-26T06:24:27+00:00 Jamie Lennox jamielennox@redhat.com 2015-08-26T02:25:31+00:00 e0276c65364bcb8a4a3fe1ad1c91899b1325836c The ; separator allows providing parameters to a type not separating type options. This means that in strict type checks like those performed by mod_auth_mellon the check for accept type fails. Change-Id: Ieeaa74b304921daef68497fec77cc6629ab2f0a2 Closes-Bug: #1488722 
The ; separator allows providing parameters to a type not separating
type options. This means that in strict type checks like those performed
by mod_auth_mellon the check for accept type fails.

Change-Id: Ieeaa74b304921daef68497fec77cc6629ab2f0a2
Closes-Bug: #1488722
Proper deprecation for BaseIdentityPlugin username, password, token_id properties 2015-07-26T11:54:22+00:00 Brant Knudson bknudson@us.ibm.com 2015-07-24T18:16:00+00:00 799e1faa505ac0c62d6db76ad68cdbb2d7148888 BaseIdentityPlugin's username, password, and token_id properties weren't properly deprecated since all they had was a comment in the code. Proper deprecation requires use of warnings and documentation. Where the plugins already provide their own properties, the properties need to be un-deprecated. bp deprecations Change-Id: Ic9fce89b8544d8c01f16e8f9c2f9dd2659d03c18 
BaseIdentityPlugin's username, password, and token_id properties
weren't properly deprecated since all they had was a comment in
the code. Proper deprecation requires use of warnings and
documentation.

Where the plugins already provide their own properties, the
properties need to be un-deprecated.

bp deprecations

Change-Id: Ic9fce89b8544d8c01f16e8f9c2f9dd2659d03c18
Switch from deprecated isotime 2015-06-30T17:58:55+00:00 Brant Knudson bknudson@us.ibm.com 2015-06-07T16:20:44+00:00 97c2c690d8983fd1d929a4eae3b0d62bbcb2cf6a oslo_utils.timeutils.isotime() is deprecated as of 1.6 so we need to stop using it. The deprecation message says to use datetime.datetime.isoformat() instead, but the format of the string generated by isoformat isn't the same as the format of the string generated by isotime. The string is used in tokens and other public APIs and we can't change it without potentially breaking clients. So the workaround is to copy the current implementation from oslo_utils.timeutils.isotime() to keystone.common.utils.isotime(). Change-Id: I34b12b96de3ea21beaf935ed8a9f6bae2fe0d0bc Closes-Bug: 1461251 
oslo_utils.timeutils.isotime() is deprecated as of 1.6 so we need
to stop using it.

The deprecation message says to use datetime.datetime.isoformat()
instead, but the format of the string generated by isoformat isn't
the same as the format of the string generated by isotime. The string
is used in tokens and other public APIs and we can't change it
without potentially breaking clients.

So the workaround is to copy the current implementation from
oslo_utils.timeutils.isotime() to keystone.common.utils.isotime().

Change-Id: I34b12b96de3ea21beaf935ed8a9f6bae2fe0d0bc
Closes-Bug: 1461251
Add openid connect client support 2015-06-17T15:15:03+00:00 Steve Martinelli stevemar@ca.ibm.com 2014-11-15T10:47:32+00:00 02f07cfb493b2b81ab4e64d3d674a0ea6af7500b This patch allows a federated user to obtain an unscoped token by providing login credentials for a keystone identity provider. The current implementation should work with any properly configured openid connect provider. partially implements bp openid-connect Change-Id: Iade52b5c1432d64582cbaa8bac41ac6366c210f9 
This patch allows a federated user to obtain an unscoped token by
providing login credentials for a keystone identity provider.

The current implementation should work with any properly configured
openid connect provider.

partially implements bp openid-connect

Change-Id: Iade52b5c1432d64582cbaa8bac41ac6366c210f9
Merge "Change oslo.config to oslo_config" 2015-02-10T02:14:56+00:00 Jenkins jenkins@review.openstack.org 2015-02-10T02:14:56+00:00 a333c56ac9a6b48b8e5d16e654251fb7d15bd89f 






Merge "Switch from oslo.utils to oslo_utils"
2015-02-10T02:11:19+00:00

Jenkins
jenkins@review.openstack.org

2015-02-10T02:11:19+00:00

d697ea29a6481b39cc8e05be2c386cf5fa2575c4












Change oslo.config to oslo_config
2015-01-31T14:03:37+00:00

Brant Knudson
bknudson@us.ibm.com

2015-01-06T15:44:31+00:00

d34cffa65fbc151af6dfd489d9d324547df1d1af

The oslo.config libraries are moving away from oslo-namespaced
packages.

Note that his requires oslo.config>=1.6.0

bp drop-namespace-packages

Change-Id: Ic0d4053875da0628f2359c109f2779d12aadc3eb





The oslo.config libraries are moving away from oslo-namespaced
packages.

Note that his requires oslo.config>=1.6.0

bp drop-namespace-packages

Change-Id: Ic0d4053875da0628f2359c109f2779d12aadc3eb