| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
There was a comment to deprecate creating a v2_0 Client
without a session.
bp deprecations
Change-Id: I71ff64754c8f90d184615eeec558718c11a1794a
|
| |
|
|
|
|
|
|
| |
There was no API to fetch the PKI certificates using v2.0.
bp auth-token-use-client
Change-Id: I2b6f9af8b843d72271234fd4d26963b75a25a086
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apart from making keystoneclient follow the same patterns of using an
adapter that we are trying to push onto other clients this severs the
cyclical dependency between managers and the client object.
There are a few changes that have had to be rolled into one to make the
transition work. These can't be separated unfortunately as they are
interdependent.
* managers are now passed the adapter instead of the client. They
therefore don't have reference to the other managers on the client.
* The adapter has been subclassed to provide user_id as there are some
managers that require user_id be provided for changing passwords etc.
* client.auth_url has been replaced with a call to get_endpoint which is
supported by the adapter.
* management=True has been removed from all the managers and they now
correctly set the interface they want.
Change-Id: I49fbd50571f0c1484e1cbc3dcb2159d25b21b1bc
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The argument to the :raises: directive is the class name. If the
class name is a valid reference it's rendered as a link to the
class. This change cleans up the :raises: directives to use the
reference correctly and use a valid class reference.
Change-Id: I84188b60de0ab4c6b5b2fb5a203c43bfde094707
|
| |/
|
|
|
|
|
|
|
|
|
| |
Keystoneclient didn't provide translated messages. With this
change, the messages are marked for translation.
DocImpact
Implements: blueprint keystoneclient-i18n
Change-Id: I85263a71671a1dffed524185266e6bb7ae559630
|
| |
|
|
| |
Change-Id: Ib2ab829ed777a4f2fb13ec7426dffef99a4118ab
|
| |
|
|
|
|
|
|
|
|
|
| |
This is part of breaking a cyclical dependency where the client has a
reference to the manager but the manager has a reference to the client.
To be able to pass in an adapter to the managers we need to remove the
client specific usages of manager, including referring to other managers
via the client.
Change-Id: Ie238dda046ec8bbdaca749a691df3da63f5a9a63
|
| |
|
|
|
|
|
|
|
|
|
| |
This is part of breaking a cyclical dependency where the client has a
reference to the manager but the manager has a reference to the client.
To be able to pass in an adapter to the managers we need to remove the
client specific usages of manager, including referring to other managers
via the client.
Change-Id: I8fba7ece05e33d519eb31994a072275598ba76ea
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This was a simple factory that would give compatibility for the existing
client to load up the appropriate auth plugin. A more robust plugin
loading mechanism is coming for this and having it available encourages
other auth plugins that they should be using that where they shouldn't.
Just remove it from the auth plugin class. It shouldn't be used by
anyone else so lets keep it on the client objects.
Blueprint: plugin-params
Change-Id: I0618b646f302300d41c7dd7153a1c0bdc237a745
|
| |
|
|
|
|
|
| |
Add support to list extensions in the v2.0 API.
Change-Id: I4ddf888966e2ed51cf8cb1171aded8025440cfd4
Closes-Bug: #1313266
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the future clients will simply pass the service they expect to talk
to and the path. This will prevent every service trying to get their own
base urls from the service catalog individually.
This can later be extended to have the auth plugin actually contact the
URL from the service catalog which will let us have unversioned
endpoints in the catalog handled from a single location.
Change-Id: I80f0b5b1dbb45565fec09d1cb2c0552cfb9a72f5
blueprint: auth-plugin-endpoints
|
| |
|
|
|
|
|
|
| |
There were some parts that had invalid RST in their docstrings
which caused warnings and errors to be generated.
Related-Bug: #1278662
Change-Id: Ibb53e6f49b5fa100fa6ecfe47331f9a70729d03b
|
| |
|
|
|
|
|
|
|
|
| |
Privatize some of the automatic auth plugin construction work. At some
point we are going to need to have this pluggable and i'm not sure the
current methods will suffice. It's better to keep this private until we
are sure rather than be stuck with a public API.
Change-Id: I2a10a9b28bef6c094b1330a0524f1c516f5103fd
Closes-Bug: #1287488
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extract the authentication code from a v2 client and move it to a series
of auth plugins. Auth plugins each represent one method of
authenticating with a server and there is a factory method on the base
class to select the appropriate plugin from a group of arguments.
When a v2 client wants to do authentication it will create
a new v2 auth plugin, do the authentication and then take that result
for the client to use.
Change-Id: I4dd7474643ed5c2a3204ea2ec56029f926010c2c
blueprint: auth-plugins
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adjust import items and add missing blank lines acording
to http://docs.openstack.org/developer/hacking/#imports
{{stdlib imports in human alphabetical order}}
\n
{{third-party lib imports in human alphabetical order}}
\n
{{project imports in human alphabetical order}}
\n
\n
{{begin your code}}
hacking project also enforce some checks for import group.
Let make the change in keytoneclient
Change-Id: Ic83bd5ee426905588f4a2d555851a9a01fc69f02
|
| |
|
|
|
|
|
|
| |
Allow discovery of the API versions a server supports and create an
appropriate client based on this.
Implements: blueprint api-version-discovery
Change-Id: I63e6759889066a784dc47e35152c82e1ead7951d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It should be possible to authenticate against the v2 tokens
API with a trust_id, because it suports rescoping an existing
token to a trust, this patch adds client support for this.
Note with the current keystone code it's necessary to pass the
trustor tenant ID when rescoping with a trust where
impersonation==True, e.g:
c = client_v2.Client(username=TRUSTEE_USERNAME,
password=TRUSTEE_USERNAME,
tenant_name=TRUSTEE_TENANT_NAME,
auth_url=OS_AUTH_URL_V2)
c.authenticate(trust_id=trust_i.id, tenant_id=TRUSTOR_TENANT_ID)
Change-Id: I177c41af298b7437e2c6fb437aa9ce9a09773b9d
Closes-Bug: #1231483
|
| |
|
|
|
|
| |
Fixes bug #1212729
Change-Id: Icd55b77fcd58db182e5c0fe0c230e7fc9d8a57ff
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The discoverable entry point is to be client.Client however adding this
functionality to the current client.py is impossible as we end up with
circular dependencies.
This patch simply renames the current client.py to httpclient.py to make
future patches that will modify client.py more readable.
Required for: blueprint api-version-discovery
Change-Id: Ibcea03f6e1df0ae05329297166a8b8117fc3ce7b
|
| |
|
|
|
|
|
|
| |
Client V3 is a completely different implementation of the API, if we
want to intermix the V2 and V3 APIs then we don't need to version our
client at all.
Change-Id: I80579cd41df73ccfc6c8feb76843772829afac4e
|
| |
|
|
|
|
|
| |
Only a few occurrences of "multiline docstrings
should end on a new line."
Change-Id: I3fb4591259b1e7c8202365cbadc8967a1639254f
|
| |
|
|
|
|
| |
Docstring summaries need punctuation.
Change-Id: I1b740c13d5fedf9a625ca0807c908f651ee08406
|
| |
|
|
|
|
| |
Remove leading spaces from doc comments.
Change-Id: I75b055c0d64dda478c63839d44158e301900107f
|
| |
|
|
|
|
|
|
|
|
|
| |
Added support for domain scoping.
Enhancement on AccessInfo to support reading v2/v3 token information.
Enhancement on ServiceCatalog for reading/filtering v2/v3 service
catalog information.
Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
|
| |
|
|
|
|
|
| |
This tackles some TODO items left over.
Change-Id: Ib062744acbf56f05d09857d244b78b35c0ef4d39
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |
|
|
|
|
|
|
|
|
| |
- F401: imported but unused
- F999: syntax error in doctest
Fixing a couple of the F401's simply required fixing the doctests syntax
where the imports were actually in use.
Change-Id: If78abbb143daf8d005a71c5ab52836df29c5e0cd
|
| |
|
| |
This reverts commit 22228f526d6ea08b7006be1287afe959b93c23db which appears to be breaking the keystone gating
|
| |
|
|
|
|
|
|
| |
Instead of implementing token retrieval twice, let's use the code provided
by the TokenManger to get a token in raw format from Keystone.
Change-Id: I769be118ee137580cabd5cabcf7843e7afe1e456
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This implements handling of token expiration. Once the token is expired,
this will request automatically for a new one.
A special case is introduced if the user specified a token when the client
is initialized: this is the auth_token_from_user. In this case, we can't
know the expiration date, so we just assume it will never expire and don't
handle it ourself.
Change-Id: I3771ff5d669da015d4aa259de422c5d81aed3eb4
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| | |
Change-Id: I5925021c69883c4086e552389e987c7052ccb1cd
Signed-off-by: Julien Danjou <julien@danjou.info>
|
| |/
|
|
|
|
|
|
|
| |
Fixes bug 1103282
When creating a Client object with region_name specified, url_for
will return an endpoint url for that region.
Change-Id: Ia5c95503fe2ed5e53de93040d70ba08a9c09f286
|
| |
|
|
|
|
|
| |
An uncaught TypeError will be raised if auth_ref.management_url is None.
Change-Id: I054aac24299c051afbc4497d56c6e286f5fa8616
Fixes: bug #1089188
|
| |
|
|
|
|
|
| |
User can optionally turn off keyring by specifying the --no-cache option.
It can also be disabled with environment variable OS-NO-CACHE.
Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
|
| |
|
|
| |
Change-Id: I6c92e026c5f46ac29947d6e0e94f571ccd48f032
|
| |\ |
|
| | |
| |
| |
| | |
Change-Id: I13988e94d7e20a9179874ec5be072bdb8db3a95e
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
blueprint solidify-python-api
* extended and updated documentation strings
* updated README.rst with latest options
* made debug a pass-through value, optionally set on client (instead of
just being pulled from environment variable)
* adding AccessInfo object and associated tests
(access.AccessInfo meant to be a cacheable object external to client
and ultimately to replace service_catalog and it's existing functionality)
* extending authtoken to support lists of endpoints
* maintaining a single entity for client.management_url with first from
list of possible endpoints
* create project_name and project_id synonyms to match tenant_name and
tenant_id
* replacing authenticate call to a pure method, not overloading the
resource/manager path that confuses base URL concepts.
* throw AuthorizationFailure if client attempts to access keystone
resources before it has a management url
* special case listing tenant using auth_url for unscoped tokens authorized
through client
* special case listing tokens.authenticate for Dashboard to allow unscoped
tokens to hand back parity information to dashboard
Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| | |
Formally, OpenStack Keystone implements the OpenStack Identity API, and
this is a client to the API, not to Keystone itself.
Change-Id: If568866221a29ba041f0f2cd56dc81deeb9ebc00
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Fixes bug 1074784
https://bugs.launchpad.net/python-keystoneclient/+bug/1074784
RAX auth doesn't return a service catalog with an identity endpoint
that contains an auth URL. This causes swift client to log an
error of "Authorization Failure. Authorization Failed: Endpoint not
found."
Change-Id: I26174a664029617f097dc35c57ef30b34cd2fb61
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cleans up the code around exception handling and logging
when first authenticating (which often returns an unscoped token).
There's no need to be logging an exception on an expected empty
catalog and moreover the except block was a bare "except" which
could mask other errors.
Fixes bug 1070493
Change-Id: I5e791e95ce3f9ab77723a7f4698cb11b169dacfb
|
| |/
|
|
|
|
|
|
|
|
| |
The original IP is useful in cases where keystoneclient is used by a
different openstack component and we need to know who made the original
request. Otherwise it gets overwritten by e.g. Dashboard's host's IP.
bug 1046837
Change-Id: Ic22c565e92010afd89c8573c375919215b70d73d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves the json.loads(body) call in the
HTTP response handling to after the check for non-
200-300 return codes. This gets rid of the
ValueError exception raise when you hit, for instance,
a 400 or 404.
Also changes a number of logger.exception() calls to
logger.debug() calls, since some exceptions are expected
and should not be logged as exceptions per-se.
fixes LP bug#1067512
Change-Id: If66fb1846ddc19da5bc2f15c6e0dd09019a56932
|
| |
|
|
| |
Change-Id: I498e9b79e9739437b7e61997b37e84283b496561
|
| |
|
|
| |
Change-Id: I8bc3582bb3f35a3d841bb1e8c03b62ba61ff92d7
|
| |
|
|
|
|
|
|
|
|
|
| |
You used to have these in the token, why were they removed and then
subsequently grabbed at? The change that added these doesn't work against
keystone, btw, so I'm surprised it got in, these dict keys are not
required to be in the return from service_catalog.get_token() and
adding them as properties is only going to make matters worse as people
rarely think about having None attributes.
Change-Id: I695bbd6730d25d8db3a25cea81e3ffb0ef289bbb
|
