| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Change-Id: Iac9b528727fda29f8e350c3db06fe5c0a2a971bd
|
| |
|
|
|
|
|
|
|
| |
With V3 of the identity API, we no longer need to have a dedicated admin
endpoint, so stop requesting one by default, allowing deployments to
actually work without one.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I96cc9c14008bcc59992d06c89f8f50895390f11e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenStack is dropping the py2.7 support in ussuri cycle.
python-keystoneclient is ready with python 3 and ok to drop the
python 2.7 support.
Complete discussion & schedule can be found in
- http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010142.html
- https://etherpad.openstack.org/p/drop-python2-support
Ussuri Communtiy-wide goal:
https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html
Change-Id: Ib6b6f7ca394dfa78cd5c8aeac0941dd625efef3b
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change adds access_rules as a parameter for creating application
credentials, and also adds the ability to list access rules and to
retrieve and delete individual rules. Directly creating an access rule
or updating one is not supported.
bp whitelist-extension-for-app-creds
Depends-On: https://review.opendev.org/671374
Change-Id: I490f1e6b421d4f36f588f83a511ce39b9b4204e2
|
| |/
|
|
|
|
|
|
|
|
| |
This patch introduces the interface into listing project, to
specify parent_id to filter projects which has the given project
as their parent[1].
[1] https://docs.openstack.org/api-ref/identity/v3/?expanded=list-projects-detail#list-projects
Change-Id: If78030425468d4f99cba708540142871a2bf9190
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added return-request-id-to-caller function to resources and resource
managers in the following files.
* keystoneclient/v3/projects.py
* keystoneclient/v3/registered_limits.py
* keystoneclient/v3/roles.py
* keystoneclient/v3/limits.py
* keystoneclient/v3/contrib/federation/saml.py
Also made changes in base.py for _put() method so that if
include_metadata is True, the response data should include request_id
instead of returning None as response.
Change-Id: Ifc0ec9a9d666cccfee3b08ac61596a3692307f23
Implements: blueprint return-request-id-to-caller
|
| |
|
|
|
|
| |
Change-Id: I6a9b5ec4f2a82c87f9819f5195f72540a13573b8
Co-authored-by: Ankit Agrawal <ankit11.agrawal@nttdata.com>
Implements: blueprint return-request-id-to-caller
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We don't check for "enabled" in the region
anywhere thus deprecating it from the create()
and update calls of the v3/region.py. We dont
use it in schema [1] as well as [2].
[1] https://github.com/openstack/keystone/blob/master/keystone/catalog/schema.py#L34
[2] https://github.com/openstack/keystone/blob/master/keystone/catalog/backends/sql.py#L33-L49
Change-Id: I0257d5d42916e3b4d008e592d54eeeebec591633
Partial-Bug: #1615076
|
| |
|
|
|
|
|
|
| |
Thsi commit adds client support for managing limits in keystone.
bp unified-limits
Change-Id: I33251dbd4d3bfaf178ca86a2f5d564ac94879dd2
|
| |
|
|
|
|
|
|
|
|
|
| |
This change add client support for creating, reading, updating, and
deleting registered limits.
A subsequent patch will do the same for project-specific limits.
bp unified-limits
Depends-On: https://review.openstack.org/#/c/569741/
Change-Id: I6b5d106d08af53c2ad41ed3f799e9e71d370c6dd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for creating, reading, and deleting application credentials.
Application credentials do not support updating.
Keystoneclient does not handle authentication with application
credentials. This is done in keystoneauth. Additional work will be
needed in python-openstackclient to support both CRUD and auth for
application credentials.
bp application credentials
Change-Id: I21214238deac2c45f2f2d666287c2ae106955ab1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the client functionality for the following project tag calls:
- Create a project tag on a project
- Check if a project tag exists on a project
- List project tags on a project
- Modify project tags on a project
- Delete a specific project tag on a project
- Delete all project tags on a project
Co-Authored-By: Jess Egler <jess.egler@gmail.com>
Co-Authored-By: Rohan Arora <ra271w@att.com>
Co-Authored-By: Tin Lam <tin@irrational.io>
Partially Implements: bp project-tags
Change-Id: I486b2969ae0aa2638842d842fb8b0955cc086d25
|
| |
|
|
| |
Change-Id: Ie0a8594f2dd0554a07111207899e6134affc998e
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The following API calls are made available:
- GET /OS-EP-FILTER/projects/{project_id}/endpoint_groups
- GET /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects
- PUT /OS-EP-FILTER/endpoint_groups/{endpoint_group}/projects/{project_id}
- HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group}/projects/{project_id}
- DELETE /OS-EP-FILTER/endpoint_groups/{endpoint_group}/projects/{project_id}
Co-Authored-By: Samuel de Medeiros Queiroz <samueldmq@gmail.com>
Closes-Bug: #1641674
Change-Id: Idf938267479b5b8c50c9aa141c3c2770c2d69839
|
| |/
|
|
|
|
|
| |
Release note was accidentally added to keystoneclient/releasenotes
instead of releasenotes
Change-Id: Id8ec0b895fa8f42d60572077bd5fe49d9478ee10
|
| |
|
|
|
|
|
| |
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: Ia6cdaf7fabd1c355df002aa07b0695610dde9cd1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before, the way filters were passed in would not allow filtering
on the same key.
For example:
keystone.users.list(name__contains='test', name__contains='user')
This fails because of how kwargs handles key/value pairs.
This patch allows using multiple values for the same filter.
Example:
keystone.users.list(name__contains=['test', 'user'])
Specifying the only one filter value is still functional as expected.
Co-Authored-By: Jeffrey Augustine <ja224e@att.com>
Partially-Implements: bp pci-dss-query-password-expired-users
Change-Id: I89cecf7e18974e7860ba0925840d6264168eabcb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When whitelisting content types to debug print from session we chose
application/json and application/text. application/text is not a real
mime type, text is typically text/plain.
Rather than guess at mime types only print application/json to start
with, but make it easy for additional types to be added later.
Adapted from keystoneauth: Ica5fee076cdab8b1d5167161d28af7313fad9477
Related-Bug: 1616105
Change-Id: Ieaa8fb3ea8d25e09b89498f23b70b18c0f6153f1
|
| |
|
|
|
|
|
|
|
|
| |
Currently, logs display the hash values of X-Auth-Token,
Authorization, and X-Subject-Token, but not the value of
the X-Service-Token. This patch set adds the X-Service-Token
to the list of header fields to be hashed for logging purposes.
Change-Id: Iaa3a27f4b6c3baf964fa0c71328ffe9df43b2c0a
Closes-Bug: #1654847
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Response bodies are loaded into memory prior to
being logged.
Loading huge response bodies may result in a
MemoryError.
This patch proposes that only JSON and TEXT
responses be logged, i.e when the Content-Type
header is application/json or application/text.
Responses that do not include or have a different
Content-Type header will have their body omitted.
This is a sort of backport of the fix for
keystoneauth sessions, see
I93b6fff73368c4f58bdebf8566c4948b50980cee
Co-Authored-By: Samuel de Medeiros Queiroz <samueldmq@gmail.com>
Closes-bug: 1616105
Change-Id: I8f43eee3a0b35041c6cf672e476f8151cf2f8d14
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow passing the allow_expired flag to v3 token validation to support
extended service to service communication.
Implements bp: allow-expired
Change-Id: Ia1763fedc1838ad3c58c7f8f98f00b7eaad55a5c
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Provide support for the domain-specific configuration storage available
via the REST API.
Domain configs are JSON blobs and we have fine grained control on them
via the Identity API. This fine grained control is not defined yet in the
client, though - for now, we can manage everything like Python dictionaries
and use operations like "update" whenever we want to delete a specific group
or option. This approach is similar to what is done in the federation mapping
API to handle mapping rules.
Functional tests are also included, this is useful to check if the new
feature works in an integration environment.
Co-Auhtored-By: Henry Nash <henryn@linux.vnet.ibm.com>
Co-Authored-By: Rodrigo Duarte <rduartes@redhat.com>
Closes-Bug: 1433306
Partially Implements: blueprint domain-config-ext
Change-Id: Ie6795b8633fed38c58b79250c11c9a045b7f95a4
|
| |/
|
|
|
|
|
|
|
|
| |
The 'data' argument was deprecated in the 1.7.0 release
and should have been removed in the 2.0.0 release. It has
been replaced by the 'blob' argument.
Related-Bug: 1259461
Change-Id: I762f46f605a65abe73547ad6e522c54b1cc3aac6
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The exceptions from oslo-incubator's apiclient has been deprecated
since v0.7.1, We can use keystone keystoneclient.exceptions instead.
We can also remove the rest of the apiclient from oslo-incubator
since we do not depend on it internally, and has been deprecated
for just as long.
Change-Id: Ieffdc0da7d8a877be5cfe04a1ef9967cc24487c5
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the CLI has been deprecated for a long time, and many docs and
install guides recommend using OSC instead of `keystone`.
- removes CLI
- removes man page from docs
- removes CLI tests
- removes `bootstrap` from contrib
- removes entrypoint from setup.cfg
implements bp: remove-cli
Change-Id: Icbe15814bc4faf33f513f9654440068795eae807
|
| |
|
|
|
|
|
|
|
|
|
| |
While the entity for an inference rule should be thought of as a
resource, the rules are essentially relationships between roles.
The `implied_role` API is linked with the role API, and thus the
client functions are part of v3/role.py. However, it does not
map completely cleanly to the Crud baseclass, and requires
some custom URL generation.
Change-Id: I80a40e88b571fe9b0eca3af8b705ea79f28eb904
|
| |
|
|
| |
Change-Id: I95ff3940b35d09fd747c49baff69dc7a12451309
|
| |
|
|
|
|
|
|
|
|
| |
Allow the client to take advantage of the include_names with
list role assignments.
Change-Id: I4aa77c08660a0cbd021502155938a46121ca76ef
Depends-On: I0a1cc986b8a35aeafe567e5e7fee6eeb848ae113
Closes-Bug: #1479569
Implements: blueprint list-assignment-with-names
|
| |
|
|
|
|
|
| |
in anticipation of a new release, create release notes for bugs
and fixes that should have included notes.
Change-Id: Icc4be3b42a59e44586020946649c0aeda93feb10
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
This note had several typos and words out of order.
Change-Id: I1ffafb56b665d2fed23c85bc251d120e63c3790f
|
| |/
|
|
|
|
|
|
| |
these have been deprecated in favor of keystoneclient.exceptions
for a very long time. let's finally remove them.
Change-Id: I0fc06a12647a0faac5ba98ed83118269efc304a6
Closes-Bug: 1526651
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code has been moved to the new keystonemiddleware project and
keystone.middleware was deprecated since Juno. It's time to drop it in
Mitaka.
Remove the directory keystoneclient/middleware/.
Remove test_auth_token_middleware.py, test_memcache_crypt.py and
test_s3_token_middleware.py in keystoneclient/tests/unit/.
Remove the create_middleware_cert shell function from
examples/pki/gen_pki.sh. And remove the call from
examples/pki/run_all.sh.
Remove netaddr, pycrypto and WebOb test dependencies, only needed to
test the removed middleware.
Closes-Bug: #1449066
Change-Id: Iedd6887dcde62177d37e1e1988ed72bcb59c05f6
|
|
|
as mentioned in the mailing list, we need to include release notes
for libraries, note that we do not include changes for liberty.
Change-Id: I6497aac36720e2bea3f25316a426ea9fedb96c79
|
