| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Deprecate auth plugins in favour of those from keystoneauth.
Change-Id: I8963ded9b68569717d7a6e30623ee78301b59a4a
Implements: bp deprecate-to-ksa
|
| |
|
|
|
|
|
|
| |
Deprecate the keystoneclient Session object in favour of keystoneauth's
Session.
Change-Id: I26e000d626a466f63d10d2a961adc698f8de0636
Implements: bp deprecate-to-ksa
|
| |
|
|
|
|
|
|
| |
The TestResponse object doesn't do the right thing with regards to
content vs text. Just reuse the one from requests_mock rather that try
and fix it.
Change-Id: Ia8bcae126babb0e616329928c57f875a50a957d6
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow the client to take advantage of the include_names with
list role assignments.
Change-Id: I4aa77c08660a0cbd021502155938a46121ca76ef
Depends-On: I0a1cc986b8a35aeafe567e5e7fee6eeb848ae113
Closes-Bug: #1479569
Implements: blueprint list-assignment-with-names
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneclient. This
also modifies our tox.ini so that we no longer ignore H405 violations.
Change-Id: I2af152e5425a0e9c82314039fdbb90d661c22680
Closes-Bug: 1482773
|
| | |\ |
|
| | |\ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
All of the other Openstack services have a 'public' default endpoint
type. Keystone has 'admin' default endpoint type. Why not make
Keystone compliant and change the default for Keystone v3 from 'admin'
to 'public'. Keystone v2 will remain the same with an 'admin' default.
Closes-Bug: #1457702
Change-Id: I515438477dba72c2a0c4595603000690511b5700
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit c28d40814962b3a8ccb81e5e7d7f832c8f0a3c9a.
This is causing stable keystone to fail. keystone has tests
that verify that the returned value of the list
operation == [], which fails since the return value is now
an object and not a list.
Change-Id: Ieb143574271b991d3e19e864497073fbedf46bcb
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wrap a list of objects into custom class with additional attributes.
This is wanted by Horizon, that wants to know that the list returned
from keystone is not full and that more strict filters need to be
applied.
Change-Id: Icfabfd055aed1648dc4130b03ec3dbf9bad4e45a
Closes-Bug: 1520244
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The managers have a bad habit of reaching back into the client and
making assumptions about the values that are saved there. These
assumptions are not always correct when we use the session object.
Test all the versioned managers against a client that was constructed
with the old method and with a keystoneclient session object and a
keystoneauth1 session object.
Change-Id: I93a26db7ae7e4d887aa815108be71c72b4a1f2bb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Client tests are broadly seperated into v2 and v3. These folders don't
distinguish between the tests that are on v2/v3 auth and those that are
CRUD related. This means that the base v2 and v3 test class always
create a client object for the tests to use, even if they don't need it.
Whilst this isn't a big deal now, we want to be able to seperate only
those tests that require a client so we can test them with multiple
different styles of client.
Add a new ClientTestCase class that will construct a client object for
the tests that need it.
Change-Id: I61f463ac5e878107c1889672f4d4cf5874821363
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is needed for Domain Admin to list role assignments.
Related-Bug: 1437407
Depends-On: I3495c7cab3b40811b2722ac7d70ddda30410b62b
Closes-Bug: #1462694
Change-Id: I63849d5f39d090fec3ef6b9182f339e198e0c551
|
| |/
|
|
|
|
|
|
|
|
|
| |
User password update hardcoded the endpoint_filter to always use the public
endpoint. This will break deployments where services behind the firewall have
no access to the public endpoint. Endpoint selection should be allowed
by the end user (i.e. openstack --os-interface internal user password set).
Closes-Bug: 1503459
Change-Id: Ib11d60cd8e81b99aedb27f1cbbf6b79218045cf0
|
| |
|
|
|
|
|
| |
We are removing Python 2.6 support from the Keystone libraries.
Change-Id: I1c7a79edd41a73946c9d77bfb8cd2075e2500760
Closes-Bug: 1519449
|
| |
|
|
|
|
|
|
|
|
|
| |
The SAML plugin handles redirects in a custom manner but currently only
checks for the 302 redirect code. This doesn't cover the mod_auth_mellon
case which responds with a 303.
Also handle the 303 redirect case.
Change-Id: Idab5f381fcbfb8c561184845d3aa5c8aab142ecd
Closes-Bug: #1501918
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Creating an HTTPClient without a session is deprecated and
the ServiceCatalog's region_name parameter is also deprecated.
This follows suite with the following commits to update tests
to handle deprecation warnings:
803eb235d50daad27074198effc98ca536f1550f
42bd016e1f0e011ba745dba243e62401298e324c
Change-Id: I1c5a3dc2c8448873696262ca951c58666c692a61
Closes-Bug: #1499790
|
| |
|
|
|
|
|
|
| |
The old region filter didn't work, it was not available
in Keystone.
Change-Id: Ic4d60a046df1f231d02a45998c8a0ef7c5b7b107
Closes-bug: #1482772
|
| |
|
|
|
|
|
|
|
|
| |
UserManager's project argument wasn't properly deprecated since the
deprecation was logged. Proper deprecation requires use of
warnings/debtcollector and documentation.
bp deprecations
Change-Id: Idebce2e9781f6f92be402e9441f2116b63b4f832
|
| |
|
|
|
|
|
|
|
|
|
| |
CredentialManager's data argument wasn't properly deprecated since
the deprecation was only mentioned in the docstring. Proper
deprecation requires use of warnings/debtcollector and
documentation.
bp deprecations
Change-Id: Ibdb4bda622119eec963ce5b57673dc01ff279b0e
|
| |
|
|
|
|
|
|
|
| |
There was a comment to deprecate creating a v3 Client
without a session.
bp deprecations
Change-Id: Ifc3fa9ffef12554646ca80f04527de757df3aa95
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Session.get_token() wasn't properly deprecated since the deprecation
was only mentioned in the docstring. Proper deprecation requires use
of warnings/debtcollector and documentation.
Also, changed a test to use the non-deprecated function instead where
the test wasn't checking that the deprecated function worked.
bp deprecations
Change-Id: I3d421b35554d58476281e037f90ab9b48e82730a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a FIXME to deprecate ServiceCatalog's region_name
parameter and property. This is now deprecated.
Note that debtcollector isn't used here since the deprecation
happens on ServiceCatalog's __init__() to catch use in
subclasses of ServiceCatalog. ServiceCatalog also has a
factory function that constructs the correct instance and
the factory function always passes region_name, so it's
always using the deprecated kwarg even when region_name
isn't passed to the factory. It's not worth figuring out
how to do this with debtcollector.
bp deprecations
Change-Id: I0e64712474ca2767f3c0ade919359132450f6776
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows the user to perform the Inherited roles from projects API calls
through python-keystoneclient.
Assign role to user on projects in a subtree
PUT /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
List user's inherited project roles on project
GET /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/inherited_to_projects
Check if user has an inherited project role on project
HEAD /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revoke an inherited project role from user on project
DELETE /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
These same operations regarding groups instead of users are also
available.
Change-Id: I8396d80f031726bbd23f2cc2bb302a7691f98cba
Closes-bug: 1446702
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The fixtures will automatically stub UUID values for required token
fields, so we can check for those returned values rather than specify
fixed string values.
Change-Id: I8a6cc675c6c8ee14772a38d8fc38475885ebc605
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
HTTPClient.request and related methods weren't properly
deprecated since they were only mentioned in the docstrings.
Proper deprecation requires use of warnings/debtcollector and
documentation.
Also, fixed places where the deprecated request method was called.
bp deprecations
Change-Id: I0a16933252937ca046793bb6eb2e5cc5da03c9ae
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
HTTPClient() tenant_id and tenant_name parameters weren't properly
deprecated since they were only mentioned in the docstring. Proper
deprecation requires use of warnings/debtcollector and documentation.
Also fixed a bunch of places in the tests where tenant_id and
tenant_name were still being used despite being deprecated.
bp deprecations
Change-Id: I9c4f596b8ff10aede6c417886638a942cb18044c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The tests were creating httpclient.HTTPClient() using username,
token, and project, but if you pass a token then username and
project are going to be ignored since there's no need to auth.
Make the tests more understandable by removing the ignored and
useless parameters.
bp deprecations
Change-Id: Ide3f4be4dd00db89f551d014876625cff296f6a7
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This use case isn't covered by our current APIs:
GET /entities?id={entity_id}
Because we have a dedicated API for that:
GET /entities/{entity_id}
But our list() methods generally support **kwargs, which are passed as
query parameters to keystone. When an 'id' is passed to keystone as a
query parameter, keystone rightly ignores it and returns an unfiltered
collection.
This change raises a client-side TypeError (as you'd expect when you try
to pass a keyword argument that a function isn't expecting), and
includes a helpful suggestion to try calling get() instead.
Change-Id: I100b69bbf571ad6de49ccc5ad1099c20b877d13d
Closes-Bug: 1452298
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
AccessInfo's management_url parameter wasn't properly deprecated
since all it had was a comment in the code. Proper deprecation
requires use of warnings and documentation.
bp deprecations
Change-Id: I0ee07c5adc6a7c91f8b23b291eea76f4ae7b3b89
|
| | |/
|/|
| |
| |
| |
| |
| |
| | |
Properly deprecate accessing AccessInfo's auth_url parameter.
bp deprecations
Change-Id: I3824904f517434b507587cf73d4389b72f73f22b
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We already have the validate method that returns an AccessInfo object.
For auth_token middleware it would be simpler if the client returned
simply the token data so it presented the same way as other sources of
token data.
It would also help with the keystoneauth transition in auth_token as we
could bypass the keystoneclient.AccessInfo objects.
Closes-Bug: #1475041
Change-Id: Ifbe7a7004937d910739c325cc04ae7264a4498e0
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OAuth test verifies that access_token manager's methods make requests with
certain parameters. It is supposed to use values from mocked http handler
and compare them with referential values acquired from oauth client.
But instead of using values from mocked handler, it used the values from
oauth client and compared them with values from the client acquired using
attributes, basically testing oauthlib and not access_token manager's
methods.
Make the test compare correct values and remove check of timestamp,
which was useless because it is always mocked in tests and not provided in
actual requests.
As a consequence, use of get_oauth_params, which changed in oauthlib
1.0 and blocked the gate, was removed.
Closes-Bug: 1477177
Closes-Bug: 1477247
Change-Id: I5e049163f84fde5827104fd4a6441222eb08468f
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
The oslo_utils.timeutils.strtime function is deprecated as of
oslo_utils 1.7.
DeprecationWarning: Using function/method
'oslo_utils.timeutils.strtime()' is deprecated in version '1.6'
and will be removed in a future version: use either
datetime.datetime.isoformat() or datetime.datetime.strftime()
instead
Closes-Bug: 1469867
Change-Id: I97897728703547414a621b6687989cff07e01b3e
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The /auth routes are the preferred mechanism for listing the projects
and domains that the current token can be authenticated to as they
supports both federated and regular tokens.
Expose these routes via the client so that they can be consumed.
Change-Id: I9724a648ebd9d21edf8ffcc64f4cdb897a99101c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch allows a federated user to obtain an unscoped token by
providing login credentials for a keystone identity provider.
The current implementation should work with any properly configured
openid connect provider.
partially implements bp openid-connect
Change-Id: Iade52b5c1432d64582cbaa8bac41ac6366c210f9
|
| | |
| |
| |
| |
| |
| |
| | |
Tests should use a random string so that we don't mistakenly use
the wrong string and not test what we think we're testing.
Change-Id: Ied0672db78a1e1cf2d390020cc5a49d0203683be
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The keystone V3 API ships with EC2 in the pipeline by default. The CRUD
manager is available for the V2 API and we should also make it available
for v3.
Change-Id: I635a12b1647d5187ded7d0aea9c0277dfbb15eff
Closes-Bug: #1236326
|
| | |
| |
| |
| |
| | |
Change-Id: I7abf8413b949f38fd53e806dc90365986a31d921
Closes-Bug: 1453865
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The actual attribute returned in object references of the /protocols API
is 'id', as in all other keystone APIs that return objects. The
implementation of new_ref() here doesn't actually include an 'id'
reference though, and goes out of it's way to test the wrong thing. This
patch fix that, eliminates the workarounds, and does a touch of
refactoring to bring these tests in line with tests of other client
managers.
Change-Id: I9a272b3ef91934e780106d89b5091b4bfb87ad29
Closes-Bug: 1453847
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The docstring for Adapter says that the version is a tuple like
(3,0), but the HttpClient was passing a string like "v3".
Closes-Bug: 1450272
Change-Id: I74b009d68f5601bda3ae92b3c8de1ecef00d8316
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch allows the user to perform the
following API calls through the
python-keystoneclient:
Assign role to user on projects owned by a domain:
PUT /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
List user's inherited project roles on a domain:
GET /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
Check if user has an inherited project role on domain:
HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revoke an inherited project role from user on domain:
DELETE /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
These same operations regarding groups instead of users are also available.
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Co-Authored-By: Samuel Medeiros <samuel@lsd.ufcg.edu.br>
Change-Id: I877168e3922cdd19868d508ef9fc34d0c7e7abcb
Closes-bug: 1367866
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The tests didn't pass with requests<2.3 because of the cookies
monkey-patching.
To test this, make sure the requests library in your tox venv is
the right level:
$ .tox/py27/bin/pip install -U "requests<2.3"
Then run the tests.
Closes-Bug: 1442919
Change-Id: Ie93906ba2370dada2386a50ae2137337ccf98f10
|
