summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Do not iterate action.choices if it is none"0.11.1Jenkins2014-09-232-0/+8
|\
| * Do not iterate action.choices if it is noneChristian Berendt2014-09-212-0/+8
| | | | | | | | | | | | | | | | | | Do not iterate action.choices in the method add_arguments in the class OpenStackHelpFormatter if action.choices is not iterable because it is none. Change-Id: Ie7110adb798326e5856fddfb6a7365c663b84998 Closes-Bug: #1372152
* | Fix auth_token for old oslo.configBrant Knudson2014-09-221-1/+1
|/ | | | | | | | | | | | | | | | | | | When running with a havana-level of oslo.config (<1.3.0), applications with any config options in their api-paste.ini will fail to start with an error like 'StrOpt' object has no attribute 'type' This is because the config options didn't have a type attribute until 1.3.0. During the grenade test, the havana level of oslo.config is used, while the master level of keystoneclient is used, and also in the havana tests the services are still using the keystoneclient auth_token middleware. Change-Id: I745c3e04f18941a2d41e191d43f61b926522bb9d Closes-Bug: #1372422
* Merge "Fix the condition expression for ssl_insecure"0.11.0Jenkins2014-09-212-1/+48
|\
| * Fix the condition expression for ssl_insecureQin Zhao2014-09-172-1/+48
| | | | | | | | | | | | | | | | | | | | | | In the existing code, self.ssl_insecure is a string. If insecure option is set in nova api-paste.ini, whatever it is 'true' or 'false', kwargs['verify'] will become False. This commit corrects the condition expression. This patch is backported from https://review.openstack.org/#/c/113191/ Change-Id: I91db8e1cb39c017167a4160079846ac7c0663b03 Closes-Bug: 1353315
* | Merge "SAML2 federated authentication for ADFS."Jenkins2014-09-215-52/+917
|\ \
| * | SAML2 federated authentication for ADFS.Marek Denis2014-09-175-52/+917
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Authentication workflow for the Active Directory Federated Services (ADFS) by Microsoft is different from 'standard' ECP based one. This plugin allows for authentication and fetching security token with SAML2 assertion inside, sending to the Service Provide and retrieving an unscoped token. Change-Id: I588de1967a7fb92c5928686d092895847553923a Implements: blueprint add-saml2-cli-authentication
* | | Merge "Fix a doc_string error"Jenkins2014-09-201-1/+1
|\ \ \
| * | | Fix a doc_string errorjun xie2014-09-181-1/+1
| | | | | | | | | | | | | | | | Change-Id: Ib2ab829ed777a4f2fb13ec7426dffef99a4118ab
* | | | Merge "fix EC2 Signature Version 4 calculation, in the case of POST"Jenkins2014-09-202-2/+19
|\ \ \ \
| * | | | fix EC2 Signature Version 4 calculation, in the case of POSTYukinori Sagara2014-09-012-2/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When calculating the AWS Signature Version 4, in the case of POST, We need to set the CanonicalQueryString to an empty string. this follows the implementation of the AWS and boto clients. Change-Id: Iad4e392119067e246c7b77009da3fef48d251382 Closes-Bug: 1360892
* | | | | Updated from global requirementsOpenStack Proposal Bot2014-09-192-5/+5
| | | | | | | | | | | | | | | | | | | | Change-Id: I67a599e362685f7990175fb5668e6909d670a225
* | | | | Add support for endpoint policy.Henry Nash2014-09-184-12/+418
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | This adds the client library class for the endpoint policy extension. Implements: bp endpoint-policy Change-Id: I7153d7a093f4299d7f912b0b4a9a02ffacdb9e69
* | | | Merge "Handle federated tokens"Jenkins2014-09-185-2/+89
|\ \ \ \
| * | | | Handle federated tokensMarek Denis2014-09-175-2/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Federated tokens don't include domains in the user object. Keystoneclient should be able to estimate whether the token is a federated one and, if so, don't expect user domain information. In case of the federated token keystoneclient returns None in response to user_domain_name and user_domain_id calls. Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com> Closes-Bug: #1346820 Change-Id: I3453275fa1b0a41b1c015b0c3a92895a77d69a41
* | | | | Merge "Allow retrying some failed requests"Jenkins2014-09-173-18/+99
|\ \ \ \ \
| * | | | | Allow retrying some failed requestsJamie Lennox2014-09-163-18/+99
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Connection Errors can be transient and there are many clients (including auth_token middleware) that allow retrying requests that fail. We should support this in the session, disabled by default, rather than have multiple implementations for it. For the moment I have purposefully not added it as an option to Session.__init__ though I can see arguments for it. This can be added later if there becomes a particular need. I have also purposefully distinguished between Connection Errors (and connect_retries) and HTTP errors. I don't know a good way to generalize retrying on HTTP errors and they can be added later if required. Blueprint: session-retries Change-Id: Ia219636663980433ddb9c00c6df7c8477df4ef99
* | | | | Versioned Endpoint hack for SessionsJamie Lennox2014-09-165-1/+198
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To maintain compatibility we must allow people to specify a versioned URL in the service catalog but allow the plugins to return a different URL to users. We need this to be a general approach as other services will likely have a similar problem with their catalog. The expectation here is that a client will register the catalog hack at import time rather than for every request. Closes-Bug: #1335726 Change-Id: I244f0ec3acca39fd1b2a2c5883abc06ec10eddc7
* | | | Merge "Sync with latest oslo-incubator"Jenkins2014-09-148-111/+135
|\ \ \ \
| * | | | Sync with latest oslo-incubatorAaron Rosen2014-09-098-111/+135
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Last commit: 32e7f0b56f527427544050f251999f3de588ac93 This patch syncs the python-keystoneclient with olso-incubator as I need this patch 4ef01931 which fixes a bug that's I am hitting in another client which uses the keystoneclient. Closes-bug: 1277565 Change-Id: I22f10f4fe27be16a6808b75c154ee342fea2bdda
* | | | Merge "Pass kwargs to auth plugins"Jenkins2014-09-131-2/+6
|\ \ \ \
| * | | | Pass kwargs to auth pluginsJose Castro Leon2014-09-111-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Auth plugins must sometimes affect the Headers and other portions of the network setup. Examples: Kerberos needs to set the negotiate header. X509 to provide the client certificate. This change makes that capability available to the Auth plugins. Those plugins will live in separate repositories. There are no dependent patches for it in this repository. This was split out by Adam Young from the Kerberos Client patch written by Jose Castro Leon Change-Id: Iab7287888e4b3f199b9035c1a24ac43639b5027b
* | | | | Merge "Expose auth methods on the adapter"Jenkins2014-09-122-22/+82
|\ \ \ \ \ | |_|_|/ / |/| | | |
| * | | | Expose auth methods on the adapterJamie Lennox2014-09-012-22/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provide access to get_token, get_endpoint and invalidate to the adapter. The adapter is essentially created per individual client and it can be useful to know things like the endpoint that requests will be sent to based on the parameters that are included in the endpoint_filter. This essentially allows us to emulate the management_url and auth_token properties of the existing clients. Change-Id: Ic01bc52bb38e8fb72e7a6d93bfd2944b11d0b070
* | | | | Merge "fix typos"Jenkins2014-09-113-4/+4
|\ \ \ \ \
| * | | | | fix typosDolph Mathews2014-09-083-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Ia850e62fe4c888365f5031cc8b7c7ad526600222
* | | | | | Merge "Version independent plugins"Jenkins2014-09-119-5/+528
|\ \ \ \ \ \
| * | | | | | Version independent pluginsJamie Lennox2014-09-039-5/+528
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A Framework for creating plugins that work across identity versions. Upon creating a generic plugin the plugin will go and discover what versions are available on the server and then attemp to construct a suitable plugin. Blueprint: version-independant-plugins Change-Id: If7fed94aaf4636e80a9c3a834cf6c5430f20e489
* | | | | | Merge "Allow passing None for username in v2.Password"Jenkins2014-09-112-3/+15
|\ \ \ \ \ \
| * | | | | | Allow passing None for username in v2.PasswordJamie Lennox2014-08-262-3/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | None must be an acceptable parameter for username in password due to tests in other libraries, however we should still raise an error if neither username or user_id is passed. Use and check a sentinel value instead of None. Change-Id: Id61cfd1423afa8f9dd964fda278f4fab40887512 Closes-Bug: #1361444
* | | | | | | Merge "Distinguish between name not provided and incorrect"Jenkins2014-09-102-7/+4
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | |
| * | | | | | Distinguish between name not provided and incorrectJamie Lennox2014-08-212-7/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When loading from config we need a way to determine if a plugin name was specified incorrectly or was not specified at all. We need this to determine if we need to load a fallback plugin. This is much more in line with how CLI loading works and how it should have worked initially. Change-Id: I5547b6e169abc4f1850ff205a8f054a617785c2c Closes-Bug: #1359618
* | | | | | | Merge "Add version parameter to adapter."Jenkins2014-09-092-2/+10
|\ \ \ \ \ \ \ | | |_|_|_|/ / | |/| | | | |
| * | | | | | Add version parameter to adapter.Jamie Lennox2014-09-012-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The version parameter was left out of adapter previously because setting a version number triggers discovery and I felt that it was not ready for the other services. However if it isn't set then it won't be used and we may as well implement it here once rather than have the individual services that do support it override it themselves. Change-Id: I707380a01175dc19b59de32cbb8fd2bb123d7335
* | | | | | | Merge "Handle invalidate in identity plugins correctly"Jenkins2014-09-092-2/+17
|\ \ \ \ \ \ \
| * | | | | | | Handle invalidate in identity plugins correctlyJamie Lennox2014-08-072-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Returning a True from the invalidate() call means that something has changed within the plugin and the session should reissue the request and expect the plugin to authenticate itself. This means we should only return True if something actually changed, because re-issuing the request if there was no auth_ref will not change the outcome. Change-Id: I012dacc93b1fcaee31d31a49e95db5a38044f211
* | | | | | | | Merge "Allow providing an endpoint_override to requests"Jenkins2014-09-093-7/+80
|\ \ \ \ \ \ \ \ | | |/ / / / / / | |/| | | | / / | |_|_|_|_|/ / |/| | | | | |
| * | | | | | Allow providing an endpoint_override to requestsJamie Lennox2014-09-013-7/+80
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As much as I'd prefer not to need this functionality there are plenty of existing clients that we want to have use the adapter that can accept a bypass argument such that it ignores the service catalog and uses that URL for all requests. We therefore need to be able to support similar functionality in our adapter. Change-Id: I206705241ff9b84967d0d9c089b4795bcc26b65e
* | | | | | Merge "Work toward Python 3.4 support and testing"Jenkins2014-09-081-1/+1
|\ \ \ \ \ \
| * | | | | | Work toward Python 3.4 support and testingJeremy Stanley2014-09-031-1/+1
| |/ / / / / | | | | | | | | | | | | | | | | | | Change-Id: I4cdd32676de74c2628754a5df6d251605a25e1fb
* | | | | | warn against sorting requirementsDolph Mathews2014-09-032-0/+8
|/ / / / / | | | | | | | | | | | | | | | | | | | | Change-Id: I64ae9191863564e278a35d42ec9cd743a233028e Closes-Bug: 1365061
* | | | | Fix test mistake with requests-mockJamie Lennox2014-08-312-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | body= parameters are supposed to be io objects. This is obviously during the conversion from HTTPretty. Change-Id: Ia8ec9294e054e2231aa4a5e2633e2b7d5d15066a Closes-Bug: #1363632
* | | | | Merge "Standardize AccessInfo token setting"Jenkins2014-08-283-17/+75
|\ \ \ \ \
| * | | | | Standardize AccessInfo token settingJamie Lennox2014-08-133-17/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When settings tokens via the factory v2 and v3 work completely differently. This is somewhat expected due to tokens working differently but it makes it hard to work with. For example, if i have a v3 token but not the requests.Response that created it there is no way for me to set the token data on the AccessInfo object via factory. Also in the case of V2 CMS tokens the value at ['token']['id'] is a fake so that the signing process will work. Allow overriding the token value from the factory and force setting the token id on the AccessInfo in a standard way. Change-Id: I856096dc5fae2ab0d1bedbac3294dc4976c3f3ad
* | | | | | Merge "Allow providing a default value to CLI loading"Jenkins2014-08-262-8/+55
|\ \ \ \ \ \
| * | | | | | Allow providing a default value to CLI loadingJamie Lennox2014-08-212-8/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to specify a default value to loading auth plugins from the CLI so that you can fallback to some default behaviour if the user doesn't specify a plugin. Change-Id: I44eb838f7ccc3b377dd1ba53dbb941e973e4a22e
* | | | | | | Merge "Move fake session to HTTPClient"Jenkins2014-08-262-17/+19
|\ \ \ \ \ \ \
| * | | | | | | Move fake session to HTTPClientJamie Lennox2014-08-212-17/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fake session object is to prevent a cyclical dependency between HTTPClient and the session from leaving hanging session objects around. This is still necessary if you construct a client the old way however if you are using the session properly then there is no cyclical dependency and so we shouldn't prevent people using the connection pooling advantages of the session. Related-Bug: #1282089 Change-Id: Ifca2c7ddd95a81af01ee43246ecc8e74abf95602
* | | | | | | | Merge "Hash for PKIZ"Jenkins2014-08-262-6/+19
|\ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / |/| | | | | | |
| * | | | | | | Hash for PKIZAdam Young2014-08-212-6/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only PKI (asn1) based tokens were checked for format and hashed Closes-Bug: 1355125 SecurityImpact Change-Id: Iefedde7f168e2ff1870905041fa95301934452e5
View Lorry Controller Status