| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Change-Id: Ifc80f889f82e9853132b8f91e63cc53cfc476ac6
|
| |
|
|
|
|
|
|
|
| |
Currently tox ignores D202 and D203.
D202: No blank lines allowed after function docstring.
D203: 1 blank required before class docstring.
This change removes D202 and D203 ignores in tox and fix violations.
Change-Id: I97ef88c9cfd56774e47f789cbbcf8ccfe85d7737
|
| |
|
|
|
|
|
|
| |
Currently tox ignores D400.
D400: First line should end with a period.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: I29ecb4c58bb03c0b9a3be0b7a74d18fb06a350f2
|
| |
|
|
|
|
|
|
| |
Currently tox ignores D401.
401: First line should be in imperative mood.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: If34ff12d18390b357342cf29f2d116dd3c86a44d
|
| |
|
|
|
|
|
|
|
|
|
| |
Removing old configuration options for build-in defaults of latest
bandit functionality. Also, marking flagged items with _# nosec_
with a descriptive comment on why the code is acceptable as is.
Co-Authored-By: Christopher J Schaefer <cjschaef@us.ibm.com>
Co-Authored-By: Tom Cocozzello <tjcocozz@us.ibm.com>
Change-Id: I138ebd46a8be195177361a9c3306bb70423b639d
|
| |
|
|
|
|
|
|
|
| |
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneclient. This
also modifies our tox.ini so that we no longer ignore H405 violations.
Change-Id: I2af152e5425a0e9c82314039fdbb90d661c22680
Closes-Bug: 1482773
|
| |
|
|
|
|
|
|
|
|
| |
AccessInfo's management_url parameter wasn't properly deprecated
since all it had was a comment in the code. Proper deprecation
requires use of warnings and documentation.
bp deprecations
Change-Id: I0ee07c5adc6a7c91f8b23b291eea76f4ae7b3b89
|
| |
|
|
|
|
|
|
| |
Properly deprecate accessing AccessInfo's auth_url parameter.
bp deprecations
Change-Id: I3824904f517434b507587cf73d4389b72f73f22b
|
| |
|
|
|
|
|
|
| |
Properly deprecate constructing AccessInfo's scoped parameter.
bp deprecations
Change-Id: I8f81c75eb8e758feb9d4c62ce7f041957562e766
|
| |
|
|
|
|
|
|
|
| |
Properly deprecate constructing AccessInfo with region_name
parameter.
bp deprecations
Change-Id: Ic5f48a4f5354beb8be68c2fd788bf0a974501917
|
| |
|
|
|
|
|
|
| |
The audit_id is now a standard part of the v2 and v3 tokens. Expose it
via AccessInfo so that it is usable for services and middleware.
Change-Id: I14ddcfee5434084ad9da73c384e6f456602fdd2b
Closes-Bug: #1437129
|
| |
|
|
|
|
|
|
| |
oslo_utils moved out of the oslo namespace.
bp drop-namespace-packages
Change-Id: I72e67dc1f649ba137dd06f5ab7133858c6abd67d
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
The :returns: directive doesn't take an argument. To specify the
return type, use the :rtype: directive.
Change-Id: I3aaab824792333b3f75a10af92f5b712cc9b4ff6
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Keystoneclient didn't provide translated messages. With this
change, the messages are marked for translation.
DocImpact
Implements: blueprint keystoneclient-i18n
Change-Id: I85263a71671a1dffed524185266e6bb7ae559630
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| | |
Left timeutils and strutils in openstack/common since they are used in
openstack/common/apiclient and memorycache.
Change-Id: Idb5f09c159d907dfba84cd1f7501f650318af7d9
|
| |/
|
|
|
|
|
| |
Some of the docstrings have ``:return:`` instead of ``:returns:``
keyword. This patch fixes that and make it consistent.
Change-Id: I4321a63798ab9e2abdf0bbd716bf2b995be22ba3
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Federated tokens don't include domains in the user object.
Keystoneclient should be able to estimate whether the token is a
federated one and, if so, don't expect user domain information.
In case of the federated token keystoneclient returns None in response
to user_domain_name and user_domain_id calls.
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Closes-Bug: #1346820
Change-Id: I3453275fa1b0a41b1c015b0c3a92895a77d69a41
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When settings tokens via the factory v2 and v3 work completely
differently. This is somewhat expected due to tokens working differently
but it makes it hard to work with.
For example, if i have a v3 token but not the requests.Response that
created it there is no way for me to set the token data on the
AccessInfo object via factory.
Also in the case of V2 CMS tokens the value at ['token']['id'] is a fake
so that the signing process will work.
Allow overriding the token value from the factory and force setting the
token id on the AccessInfo in a standard way.
Change-Id: I856096dc5fae2ab0d1bedbac3294dc4976c3f3ad
|
| |
|
|
|
|
|
| |
A trust should always contain a trustee_user_id and a trustor_user_id.
Expose these values via AccessInfo if available.
Change-Id: Ic46a44300e6bf8aa694f1543d470c16fcac643fc
|
| |
|
|
|
|
|
|
|
| |
Allow access to the access_token_id and the consumer_id that are set as
part of the Oauth authentication process.
This only makes sense for V3 tokens, as Oauth cannot be used with v2.
Change-Id: I9ac76f92acdfd6446a13f535b24e0a99f02f2eef
|
| |
|
|
|
|
|
|
| |
issued_at is a standard part of V2 and V3 tokens so add it to
AccessInfo in a similar way to expiry. Also it should be included when
generating tokens so include it in fixtures.
Change-Id: I0d62d8ce6472466886751e10e98046b8e398e079
|
| |
|
|
|
|
| |
Role Names are already there, add ids as well.
Change-Id: Ie6f14a60b182ec2f4ab97c6ced564e63a2f5169a
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All the clients are currently storing samples of keystone tokens so that
they can use them in testing. This is bad as they are often out of date
or contain data that they shouldn't.
Create a V2 Token generator and make use of that for generating tokens
within our tests.
Change-Id: I72928692142c967d13391752ba57b3bdf7c1feab
blueprint: share-tokens
|
| |
|
|
|
|
|
| |
This was probably initially written against an incorrect test token.
Change-Id: I3e1eb0cb207864dbadb01a477b180058902bb0cd
Closes-Bug: #1282410
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A new method was introduced on AccessInfo class. The method role_names
returns a list of role names of a user associated to the authorization
request.
bp keystoneclient-auth-ref-get-roles
DocImpact
Change-Id: I0862aaaa27193119dc83ef38100c88b48a1d24a4
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Region name is taken as a parameter but is ignored in all communication
with the service catalog. Currently region can be stored in the token
data and then requests to url functions will return the appropriate
region. This is the wrong approach because there is nothing specific to
the token (or auth_data) that is region specific. Instead region
information should be held by the client.
Closes-Bug: 1147530
Closes-Bug: 1255992
Change-Id: I812aa89c8b4af28e294e63926a7f88e8246fffc5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It should be possible to authenticate against the v2 tokens
API with a trust_id, because it suports rescoping an existing
token to a trust, this patch adds client support for this.
Note with the current keystone code it's necessary to pass the
trustor tenant ID when rescoping with a trust where
impersonation==True, e.g:
c = client_v2.Client(username=TRUSTEE_USERNAME,
password=TRUSTEE_USERNAME,
tenant_name=TRUSTEE_TENANT_NAME,
auth_url=OS_AUTH_URL_V2)
c.authenticate(trust_id=trust_i.id, tenant_id=TRUSTOR_TENANT_ID)
Change-Id: I177c41af298b7437e2c6fb437aa9ce9a09773b9d
Closes-Bug: #1231483
|
| |
|
|
|
|
|
|
|
| |
Closes-Bug: #1217777
Method has_service_catalog is duplicate in AccessInfo, remove the
first one because this class is used as a base class.
Change-Id: Id5f6f0cfe223bd4f31b7c01a6bc1e750ad5a7cd8
|
| |
|
|
|
|
|
|
|
|
| |
user_domain_id and project_domain_id are already available, so simply
add an equivalent user_domain_name and project_domain_name if available.
The use of 'default' for v2 tokens is inspired from the default behaviour of
similar functions and what is used in auth_token middleware.
Change-Id: Ia9b345529072ab893d04c7a38fb7ba3acdc28227
|
| |
|
|
|
|
|
| |
Older token formats get decoded as a v2 token so we should support
reading project information from these tokens.
Change-Id: I31473a00b294bd0d7b535cfab8d2eaf09db97ff5
|
| |
|
|
|
|
|
|
|
| |
Implements client support for the basic trusts API operations,
note this does not include support for the roles subpath operations,
support for those can be added in a subsequent patch.
Change-Id: I0c6ba12bad5cc8f3f10697d2a3dcf4f3be8c7ece
blueprint: delegation-impersonation-support
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Fixes LP bug #1199281
Change-Id: Iba4b3fd8ad2e6fe054ed705d8990c13dc5a13430
|
| |/
|
|
|
|
| |
Docstring summaries need punctuation.
Change-Id: I1b740c13d5fedf9a625ca0807c908f651ee08406
|
| |
|
|
|
|
| |
Remove leading spaces from doc comments.
Change-Id: I75b055c0d64dda478c63839d44158e301900107f
|
| |
|
|
|
|
|
|
|
|
|
| |
Added support for domain scoping.
Enhancement on AccessInfo to support reading v2/v3 token information.
Enhancement on ServiceCatalog for reading/filtering v2/v3 service
catalog information.
Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
|
| |
|
|
|
|
|
| |
This tackles some TODO items left over.
Change-Id: Ib062744acbf56f05d09857d244b78b35c0ef4d39
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |
|
|
|
|
|
|
| |
- E125: continuation line does not distinguish itself from next logical
line
- E126: continuation line over-indented for hanging indent
Change-Id: I626a6d5d57db927e8b239f90569b5601c772f28b
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change-Id: I9856684d93d8b45310e599863553a020180aa509
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |\ \ |
|
| | |/
| |
| |
| |
| | |
Change-Id: Iaace7020696b238e7829dbcae60f0bc7c74a79e4
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |/
|
|
|
|
|
|
|
| |
- There's no need to call parent init function since that's the default
behaviour.
- The token attribute is nor used nor updated anywhere.
Change-Id: Ib0b2729a396a2d761931ce0e178c49c49814eb21
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |
|
|
|
|
|
| |
User can optionally turn off keyring by specifying the --no-cache option.
It can also be disabled with environment variable OS-NO-CACHE.
Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
|
|
|
blueprint solidify-python-api
* extended and updated documentation strings
* updated README.rst with latest options
* made debug a pass-through value, optionally set on client (instead of
just being pulled from environment variable)
* adding AccessInfo object and associated tests
(access.AccessInfo meant to be a cacheable object external to client
and ultimately to replace service_catalog and it's existing functionality)
* extending authtoken to support lists of endpoints
* maintaining a single entity for client.management_url with first from
list of possible endpoints
* create project_name and project_id synonyms to match tenant_name and
tenant_id
* replacing authenticate call to a pure method, not overloading the
resource/manager path that confuses base URL concepts.
* throw AuthorizationFailure if client attempts to access keystone
resources before it has a management url
* special case listing tenant using auth_url for unscoped tokens authorized
through client
* special case listing tokens.authenticate for Dashboard to allow unscoped
tokens to hand back parity information to dashboard
Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
|
