| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current scheme of having auth plugins only able to specify the
X-Auth-Token header via the get_token function is too limited for all
plugins. We need to allow both the case where the plugin wants to
control additional headers, or doesn't set the X-Auth-Token header at
all.
This deprecates the get_token interface in favour of the get_headers
interface. Whilst we should promote using get_headers it is likely that
plugins that only require setting the X-Auth-Token header will continue
to only support the get_token interface.
Change-Id: Ibd750d72acc3ba4fd8a880cad69173248ec4092f
blueprint: generic-plugins
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Generally we want people to use the existing plugins to manage their
authentication, however there are a number of existing services that
know how to work with an AccessInfo object directly and either cache it
or manipulate it manually.
Provide a simple Identity plugin that just takes an existing AccessInfo
and allows it to be used as an authentication plugin.
Change-Id: I388283c03a0a8a3d1afe43138eebbe5e66ca9102
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you want to handle a NoMatchingPlugin exception rather than simply
exit then the name of the missing plugin is generally more useful than
the message.
The exception is specific enough that you can know what went wrong, but
you cannot determine the name of the missing plugin if you want to do
your own logging - only use the message that is generated.
We should keep the message but expose the plugin name as well.
Closes-Bug: #1410391
Change-Id: Ic93ec6583b8d7797529d36d63995ef0d8db754f1
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These parameters were always available and documented however the way
the documentation is generated it is not clear from the superclass what
parameters are available from inheritance.
Copy the documentation for parameters from the subclass.
Change-Id: I43db89505a03d7a4fbd51fadc0e1042a83f2f72a
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The identity server supports adding ?nocatalog to auth requests and
there are situations where we need to be able to exploit that from the
client. Allow passing include_catalog=False to v3 plugins to fetch a
plugin without a catalog.
Change-Id: I4b2afbfffb71490faed4b7ef0de4d00ee208733a
Closes-Bug: #1228317
|
| |\ \ \
| |_|/
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Correct the type signature of some API documentation. Add inter-sphinx
mapping to documentation to provide links to external docs. Correct some
phrases and errors.
Change-Id: Id4a71a9901e5adc695afed656e3bc84e4e54e67a
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This would ideally not be required however when building certain URLs
the current user_id is needed. And when communicating with certain
services we need to have access to the current project id. It seems
better to allow plugins to give up the information if they have it than
do various hacks to try and get it from them.
Change-Id: Ib61b0628702806268be623a9987a922a60b04165
Closes-Bug: #1364724
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The way the argparse options were being structured, if there was a
default value set on the option it would use this value as the default
and not check the environment variables.
This is wrong, we expect the environment variables to be used and the
default value to be the final fallback.
Change-Id: Ifbd68c9de329c2e0c70824ba873caa579e8e86d0
Closes-Bug: #1388076
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The functions to match a version or convert a string version number into
a tuple have shown to be useful in at least auth_token middleware. I
think this is also better as _discover should really only be a shadow
for the discover file because of the circular dependency problems.
_discover shouldn't really need to be used even within client.
Closes-Bug: #1400998
Change-Id: Icf700c30d01e0700e437437a23e63a7f100ce4d3
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The user_id field is available when constructing the plugin from python
however the option is not listed in the get_options list.
Change-Id: I036c4a49f58e4412c6cfb477b56b31b7b965c2fb
|
| |\ \ \ \
| |/ / /
| | | /
| |_|/
|/| | |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
The free function get_options() should only return the options that
the object itself needs.
Change-Id: Id54f353d8b125807a8fc33b4bca8854605e3febb
Closes-Bug: #1388954
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the docs are rendered to HTML, any docs on __init__ are not
displayed. The parameters to the constructor have to be documented on
the class rather than on the __init__ method.
Also, corrected other minor issues in the same areas.
Change-Id: Ic56da33f6b99fe5efb636c289e3c4e1569f0c84c
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Token/Endpoint options specify an instance method where the
expectation is a classmethod. This prevents the class being loaded from
config file or CLI.
The cfg module was not imported so loading plugins would raise an
AttributeError.
Change-Id: I33b4a8c181210d74d4779438afc1f918e06df85b
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| | |
The :returns: directive doesn't take an argument. To specify the
return type, use the :rtype: directive.
Change-Id: I3aaab824792333b3f75a10af92f5b712cc9b4ff6
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
The argument to the :raises: directive is the class name. If the
class name is a valid reference it's rendered as a link to the
class. This change cleans up the :raises: directives to use the
reference correctly and use a valid class reference.
Change-Id: I84188b60de0ab4c6b5b2fb5a203c43bfde094707
|
| |/
|
|
|
|
|
|
|
|
|
| |
Keystoneclient didn't provide translated messages. With this
change, the messages are marked for translation.
DocImpact
Implements: blueprint keystoneclient-i18n
Change-Id: I85263a71671a1dffed524185266e6bb7ae559630
|
| |
|
|
|
|
|
| |
Some of the docstrings have ``:return:`` instead of ``:returns:``
keyword. This patch fixes that and make it consistent.
Change-Id: I4321a63798ab9e2abdf0bbd716bf2b995be22ba3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To maintain compatibility we must allow people to specify a versioned
URL in the service catalog but allow the plugins to return a different
URL to users.
We need this to be a general approach as other services will likely have
a similar problem with their catalog.
The expectation here is that a client will register the catalog hack at
import time rather than for every request.
Closes-Bug: #1335726
Change-Id: I244f0ec3acca39fd1b2a2c5883abc06ec10eddc7
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Auth plugins must sometimes affect the Headers and other portions
of the network setup. Examples: Kerberos needs to set the
negotiate header. X509 to provide the client certificate.
This change makes that capability available to the Auth plugins.
Those plugins will live in separate repositories. There are no
dependent patches for it in this repository.
This was split out by Adam Young from the Kerberos Client patch
written by Jose Castro Leon
Change-Id: Iab7287888e4b3f199b9035c1a24ac43639b5027b
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
Change-Id: Ia850e62fe4c888365f5031cc8b7c7ad526600222
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A Framework for creating plugins that work across identity versions.
Upon creating a generic plugin the plugin will go and discover what
versions are available on the server and then attemp to construct a
suitable plugin.
Blueprint: version-independant-plugins
Change-Id: If7fed94aaf4636e80a9c3a834cf6c5430f20e489
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
None must be an acceptable parameter for username in password due to
tests in other libraries, however we should still raise an error if
neither username or user_id is passed. Use and check a sentinel value
instead of None.
Change-Id: Id61cfd1423afa8f9dd964fda278f4fab40887512
Closes-Bug: #1361444
|
| |\ \ \ \
| |_|_|/
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When loading from config we need a way to determine if a plugin name was
specified incorrectly or was not specified at all. We need this to
determine if we need to load a fallback plugin.
This is much more in line with how CLI loading works and how it should
have worked initially.
Change-Id: I5547b6e169abc4f1850ff205a8f054a617785c2c
Closes-Bug: #1359618
|
| |\ \ \ \
| |_|_|/
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Returning a True from the invalidate() call means that something has
changed within the plugin and the session should reissue the request and
expect the plugin to authenticate itself.
This means we should only return True if something actually changed,
because re-issuing the request if there was no auth_ref will not change
the outcome.
Change-Id: I012dacc93b1fcaee31d31a49e95db5a38044f211
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow users to specify a default value to loading auth plugins from the
CLI so that you can fallback to some default behaviour if the user
doesn't specify a plugin.
Change-Id: I44eb838f7ccc3b377dd1ba53dbb941e973e4a22e
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The default state for session requests is that if there is an auth
plugin available then it should include a token in any requests. This is
a problem for cases where it is the authentication plugin itself trying
to do discovery (like in the case of version independent plugins)
because you end up in an infinite loop.
Allow controlling the authenticated parameter on discovery requests.
Closes-Bug: #1359457
Change-Id: Ib5ab0a3a30fe79139b7b5dcaae698438281b6d36
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Deprecated opts are supposed to be accessible via the CLI in a similar
way as they are available via CONF. Currently these values are ignored.
Add CLI flags for all the deprecated opts as well.
Change-Id: If5f23c7b30a0cacda893a5e3150bc6bdb95f3693
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Whilst this is undocumented it is supported by keystone and relied upon
by other services.
Change-Id: Idf8be75e2e0b275d9c9840082079100dd13a70ff
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the auth plugin saves into the normal namespace like .user_id and
user_id is an argument of the command then the two argument collide with
each other.
This is fairly common, particularly in keystoneclient's shell.
There is a little bit of a compatibility concern in that the variables
on the returned namespace have changed, however the usage of this
function should be if you use register_argparse_arguments you should
also use load_from_argparse_arguments and that is not changed.
Change-Id: Id1cb0983a1e78661492acd78ad9aa67ff8d49250
|
| |\ \ |
|
