| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
A new method was introduced on AccessInfo class. The method role_names
returns a list of role names of a user associated to the authorization
request.
bp keystoneclient-auth-ref-get-roles
DocImpact
Change-Id: I0862aaaa27193119dc83ef38100c88b48a1d24a4
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Region name is taken as a parameter but is ignored in all communication
with the service catalog. Currently region can be stored in the token
data and then requests to url functions will return the appropriate
region. This is the wrong approach because there is nothing specific to
the token (or auth_data) that is region specific. Instead region
information should be held by the client.
Closes-Bug: 1147530
Closes-Bug: 1255992
Change-Id: I812aa89c8b4af28e294e63926a7f88e8246fffc5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It should be possible to authenticate against the v2 tokens
API with a trust_id, because it suports rescoping an existing
token to a trust, this patch adds client support for this.
Note with the current keystone code it's necessary to pass the
trustor tenant ID when rescoping with a trust where
impersonation==True, e.g:
c = client_v2.Client(username=TRUSTEE_USERNAME,
password=TRUSTEE_USERNAME,
tenant_name=TRUSTEE_TENANT_NAME,
auth_url=OS_AUTH_URL_V2)
c.authenticate(trust_id=trust_i.id, tenant_id=TRUSTOR_TENANT_ID)
Change-Id: I177c41af298b7437e2c6fb437aa9ce9a09773b9d
Closes-Bug: #1231483
|
| |
|
|
|
|
|
|
|
| |
Closes-Bug: #1217777
Method has_service_catalog is duplicate in AccessInfo, remove the
first one because this class is used as a base class.
Change-Id: Id5f6f0cfe223bd4f31b7c01a6bc1e750ad5a7cd8
|
| |
|
|
|
|
|
|
|
|
| |
user_domain_id and project_domain_id are already available, so simply
add an equivalent user_domain_name and project_domain_name if available.
The use of 'default' for v2 tokens is inspired from the default behaviour of
similar functions and what is used in auth_token middleware.
Change-Id: Ia9b345529072ab893d04c7a38fb7ba3acdc28227
|
| |
|
|
|
|
|
| |
Older token formats get decoded as a v2 token so we should support
reading project information from these tokens.
Change-Id: I31473a00b294bd0d7b535cfab8d2eaf09db97ff5
|
| |
|
|
|
|
|
|
|
| |
Implements client support for the basic trusts API operations,
note this does not include support for the roles subpath operations,
support for those can be added in a subsequent patch.
Change-Id: I0c6ba12bad5cc8f3f10697d2a3dcf4f3be8c7ece
blueprint: delegation-impersonation-support
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Fixes LP bug #1199281
Change-Id: Iba4b3fd8ad2e6fe054ed705d8990c13dc5a13430
|
| |/
|
|
|
|
| |
Docstring summaries need punctuation.
Change-Id: I1b740c13d5fedf9a625ca0807c908f651ee08406
|
| |
|
|
|
|
| |
Remove leading spaces from doc comments.
Change-Id: I75b055c0d64dda478c63839d44158e301900107f
|
| |
|
|
|
|
|
|
|
|
|
| |
Added support for domain scoping.
Enhancement on AccessInfo to support reading v2/v3 token information.
Enhancement on ServiceCatalog for reading/filtering v2/v3 service
catalog information.
Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
|
| |
|
|
|
|
|
| |
This tackles some TODO items left over.
Change-Id: Ib062744acbf56f05d09857d244b78b35c0ef4d39
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |
|
|
|
|
|
|
| |
- E125: continuation line does not distinguish itself from next logical
line
- E126: continuation line over-indented for hanging indent
Change-Id: I626a6d5d57db927e8b239f90569b5601c772f28b
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change-Id: I9856684d93d8b45310e599863553a020180aa509
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |\ \ |
|
| | |/
| |
| |
| |
| | |
Change-Id: Iaace7020696b238e7829dbcae60f0bc7c74a79e4
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |/
|
|
|
|
|
|
|
| |
- There's no need to call parent init function since that's the default
behaviour.
- The token attribute is nor used nor updated anywhere.
Change-Id: Ib0b2729a396a2d761931ce0e178c49c49814eb21
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |
|
|
|
|
|
| |
User can optionally turn off keyring by specifying the --no-cache option.
It can also be disabled with environment variable OS-NO-CACHE.
Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
|
|
|
blueprint solidify-python-api
* extended and updated documentation strings
* updated README.rst with latest options
* made debug a pass-through value, optionally set on client (instead of
just being pulled from environment variable)
* adding AccessInfo object and associated tests
(access.AccessInfo meant to be a cacheable object external to client
and ultimately to replace service_catalog and it's existing functionality)
* extending authtoken to support lists of endpoints
* maintaining a single entity for client.management_url with first from
list of possible endpoints
* create project_name and project_id synonyms to match tenant_name and
tenant_id
* replacing authenticate call to a pure method, not overloading the
resource/manager path that confuses base URL concepts.
* throw AuthorizationFailure if client attempts to access keystone
resources before it has a management url
* special case listing tenant using auth_url for unscoped tokens authorized
through client
* special case listing tokens.authenticate for Dashboard to allow unscoped
tokens to hand back parity information to dashboard
Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
|
