| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Change-Id: Ic161a8f88c28d88898863e5b9d9380016fbb0d08
|
| |
|
|
|
|
|
|
|
|
| |
oslo project provide jsonutils, and keystoneclient use it in many place[1],
this PS to update the remained json module to oslo jsonutils for
consistency.
[1]: https://github.com/openstack/python-keystoneclient/search?utf8=%E2%9C%93&q=jsonutils&type=
Change-Id: Id5275b5e6b5bf8f6d54406dac7ab95a30828cf58
|
| |
|
|
|
|
|
|
|
| |
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keystoneclient's dependance
on the positional decorator.
Change-Id: I9e691cc8b0c04992f4a8dabd67e1b413d3220d23
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Log messages are no longer being translated. This removes all use of
the _LE, _LI, and _LW translation markers to simplify logging and to
avoid confusion with new contributions.
See:
http://lists.openstack.org/pipermail/openstack-i18n/2016-November/002574.html
http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html
Change-Id: Ia77819cbb133903d20e821bff0c45766b11ef07b
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While building keystoneclient docs, there are currently 12 warnings
emitted that specify either:
WARNING: more than one target found for cross-reference u'list'
WARNING: more than one target found for cross-reference u'Auth'
This change specifies the correct object for the docstring with
"List" since there are many instances of "list" within
keystoneclient and specifies the proper "Auth" object. With these
changes, the warnings no longer appear.
Change-Id: I4515429df38760700552d48fc570c03abf116f83
|
| |
|
|
|
| |
TrivialFix:"dependant" should be "dependent"
Change-Id: I276876e5909ac5958c9e0e911b45e813b8104702
|
| |
|
|
| |
Change-Id: Icbb7e07d3b11d002a1b1bb143a0de82500abd52f
|
| |
|
|
|
|
| |
This is to remove unused LOG to keep code clean.
Change-Id: Ic123f89a341d6cf57c4f26568b626a49c6745045
|
| |
|
|
|
|
|
|
|
| |
Currently tox ignores D202 and D203.
D202: No blank lines allowed after function docstring.
D203: 1 blank required before class docstring.
This change removes D202 and D203 ignores in tox and fix violations.
Change-Id: I97ef88c9cfd56774e47f789cbbcf8ccfe85d7737
|
| |
|
|
|
|
|
|
| |
Currently tox ignores D400.
D400: First line should end with a period.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: I29ecb4c58bb03c0b9a3be0b7a74d18fb06a350f2
|
| |
|
|
|
|
|
|
| |
Currently tox ignores D401.
401: First line should be in imperative mood.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: If34ff12d18390b357342cf29f2d116dd3c86a44d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In many situations it can be useful to see the full token response.
Print v3 token response when in debug mode. This will allow the
reponse to be seen when '--debug' is specified with the openstack CLI:
{
"token": {
"methods": [
"password"
],
"roles": [
{
"id": "93bff41cabda4def87cc9d83aaaa7479"
"name": "Member"
},
.
.
.
Change-Id: I9ec39ceed122a79bbaaef429750e1d2e8401297d
Closes-bug: 1556977
|
| |
|
|
|
|
|
| |
Deprecate auth plugins in favour of those from keystoneauth.
Change-Id: I8963ded9b68569717d7a6e30623ee78301b59a4a
Implements: bp deprecate-to-ksa
|
| |
|
|
|
|
| |
swap instances of utils.positional with the positional library.
Change-Id: Id8a9961e68d287a802f25512fc970829e9feb5c2
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneclient. This
also modifies our tox.ini so that we no longer ignore H405 violations.
Change-Id: I2af152e5425a0e9c82314039fdbb90d661c22680
Closes-Bug: 1482773
|
| |/
|
|
|
|
|
|
|
| |
Password, token, and secret options should be marked as secret=True
so that when the value is logged the logger knows to obfuscate the
value.
Change-Id: I6ebdfa3bf6faf37bc11640a5826b3b55bb920fc4
Closes-Bug: 1534299
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The attempt at a move to user-name is an exercise in churn, and is
filling everyone's logs with admonitions to change the name of their
variables - which does not work if they do. Swap this, effectively
reverting the attempt at a move. user-name will continue to work on
the off chance anyone started consuming that path, which is unlikely
because none of the consuming programs expose that as an actual option.
Closes-Bug: 1498247
Change-Id: I62d991fda1df63c9cbabfde2f6836bc031f5147c
|
| |
|
|
|
|
|
|
|
| |
If the user passes a Session in, we can pull the endpoint to use for
discovery from the Session itself, rather than erroring.
Closes-Bug: #1513839
Co-Authored-By: Dolph Mathews <dolph.mathews@gmail.com>
Change-Id: I82a41c67f80d2494f04739d82b112b7ff1dc4682
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
abstractmethod bodies aren't going to be called by unit tests, so
there's no way to get coverage. The code in an abstractmethod body
should be marked with "# pragma: no cover" so that they don't show
up as missed in the coverage report.
Change-Id: I88a7481ab22f2ce1abfd62badc5f5048acc6929f
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| | |
These are all object methods, not independent functions.
Change-Id: I3c232d922e61a94c7dc2c2b9a8d3768fd42be1a7
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although a bare docstring is entirely valid grammar, those new to Python find
that pattern baffling, *especially* when other similar methods contain pass
statements. So, for consistency, add a pass statement to otherwise bare
@abc.abstractmethods.
Note that the implementation of an @abc.abstractmethod (in the abstract
base class) can still be called by concrete children, so suddenly
raising a NotImplementedError() instead might be "surprising" to
implementors. A no-op such as "pass" or "return None" is preferable.
Change-Id: I79969ad1a3429516ea785c649a165ead54944225
|
| |
|
|
|
|
|
|
|
| |
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are
immutable.
Change-Id: Ib3ab93224ba240040b08ece481ef5ba620c3f658
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A common case is for Nova (or other service) to create a service
authentication plugin from a configuration file and then have many
greenlet threads that want to reuse that authentication. If a token
expires then many threads all try and fetch a new token to use and can
step over each other.
I was hoping for a way to put a lock in so that all plugins were thread
safe however fixing it for identity plugins solves almost all real world
situations and anyone doing non-identity plugins will have to manage
threads themselves.
Change-Id: Ib6487de7de638abc69660c851bd048a8ec177109
Closes-Bug: #1493835
|
| |
|
|
|
|
|
|
| |
Iterating over a dict results in the keys.
Using the 'in' operator on a dict checks if it's a key.
Change-Id: I6affbfa1a79a9e8c0b5b304078a7a8e4e792eecd
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BaseIdentityPlugin's trust_id property wasn't properly deprecated
since all it had was a comment in the code. Proper deprecation
requires use of warnings and documentation.
Where the plugins already provide their own trust_id, the
property needs to be un-deprecated.
bp deprecations
Change-Id: I15d4e019bfc5542990120ba39be65ad83cf040d5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
properties
BaseIdentityPlugin's username, password, and token_id properties
weren't properly deprecated since all they had was a comment in
the code. Proper deprecation requires use of warnings and
documentation.
Where the plugins already provide their own properties, the
properties need to be un-deprecated.
bp deprecations
Change-Id: Ic9fce89b8544d8c01f16e8f9c2f9dd2659d03c18
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
To allow authentication plugins such as using client certificates or
doing kerberos authentication with every request we need a way for the
plugins to manipulate the send parameters.
Change-Id: Ib9e81773ab988ea05869bc27097d2b25e963e59c
Blueprint: generic-plugins
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Python 3 deprecated the logger.warn method in favor of warning.
DeprecationWarning: The 'warn' method is deprecated, use 'warning'
instead
Change-Id: Idbd4de3c7c631fb2c235701c9b300c37a90d9538
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
A plugin that can be used by default by any CLI application. This would
allow us to convert the other service CLIs to a consistent set of
options.
Closes-Bug: #1459478
Change-Id: I9ce6c439d530040e9375f7fd26a9ec2e0ba8b2a4
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Particular for use in writing error messages and help text it can be
useful to get a list of all the plugins that are installed on the
system. Provide a version that returns the classes as well so that you
don't have to reload the modules if the user is picking one.
Closes-Bug: #1423711
Change-Id: I021249eac8156c2d3ccbbacb7503184b6eb6e784
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Parameter ``protocol`` was missing docstrings in the __init__.
Also, config help is very poor.
This patch fixes both issues.
Change-Id: Ia2cfee9ba6aa5f4ca036c008bcfe03ff9113c7a3
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to allow get_endpoint(interface=auth.AUTH_INTERFACE, version=X)
to support the same version negotiation that the service catalog goes
through. This is required to support generic plugins where you often
provide an unversioned auth_url to the plugin but need a versioned URL
to query for available projects.
Change-Id: Id423a538c169264a81c5714e6a9eff9b33912a55
Closes-Bug: #1438013
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
load_from_argparse_arguments is very specifically for use with argparse.
We can therefore safely prompt for a password from the user if none is
provided and it won't affect config options or other loading mechanisms.
Change-Id: Ib76743b768c5f0eef756184f1da49613423298f0
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The openstack client output for the help of --os-user-id states
"longin" instead of "login". The openstack client gets it's help
output from the keystoneclient.
Change-Id: I7c92a82cd60b2835d98101200cf641b46dd145b4
Closes-Bug: #1455673
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
MIN_TOKEN_LIFE_SECONDS is the number of seconds that the token provided
must be valid for to be used when making authentication requests. 1
second has always been a dumb number and was not based on any existing
value.
Because a user token may be reused by a service to make requests on
behalf of a user if the token is valid when sent it may not be valid for
the life of the request.
2 minutes is also an arbitrary value, but it should allow plenty of time
for service requests to complete before being rejected.
Closes-Bug: #1441910
Change-Id: I395a0770e72d1ec7904e656ca382a5270f793a8b
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For keystonemiddleware, shade and other projects that do more
complicated option loading than simply CLI or CONF file provide a means
to load an auth plugin where options are discovered by a provided
function.
This plugin is designed to work with the options as provided by
get_options rather than either the argparse or CONF registration
functions.
Use these as the default loading mechanism for the existing argparse and
CONF functions as it standardizes the mechanism between the two sources.
Change-Id: I15634ac30581c7aea14e709f12fb202570190f46
Closes-Bug: #1428900
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The keystone server understands that specifying unscoped in the scope
section of an auth request means that it should ignore the
default_project_id of a user and return an unscoped token.
This is the client side change to allow requesting these tokens via an
auth plugin.
Change-Id: Iba5ebcea0bf0d8e5a31d552977276fc03e536c67
Implements: bp explicit-unscoped
|
| |/ /
| |
| |
| |
| |
| |
| | |
With the out of tree federation plugins going on extract the basic
federation workflow and required information that can be reused.
Change-Id: I6fdb3a5c6d9f3e1d6fa3425fd05809155effed1f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The basic Auth plugin for v3 tokens makes the assumption that you need
to pass in some AuthMethod objects. This works well for most auth types
where you want the plugin to construct the auth request for you.
In the case of federation though we want to be able to have a rescoping
plugin that will return an auth_ref and not take any auth_methods as
arguments.
Extract the most basic part of the Auth plugin into BaseAuth class that
Auth and federation plugins can both inherit from.
Change-Id: Ia8c8c614b8eb51170346ff5b1e20a1e7ebbb47de
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The V3 authentication plugins file contained the existing plugins as
well as the base class. As we look to add new plugins it is simpler if
we break this file up.
Change-Id: I42b222a2012ea10491450d6b91c2008178dc7671
|
