| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keysonte is changing the nature of tokens, timeouts, and long
running tasks. In addition, horizon can also cause issues where
a user starts a long running tasks, logs out, and then the token
fails authenticaion. Just removing this problematic logic.
https://blueprints.launchpad.net/keystone/+spec/session-extendable-tokens
Closes-Bug: #1637460
Change-Id: I5eda08e95d8df72ba601181f02a72de37c5393fd
(cherry picked from commit 5810f9c6d92f8e1febbb25f5486778dbf416991c)
|
|\
| |
| |
| | |
stable/newton
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reverting before release. See
http://eavesdrop.openstack.org/irclogs/%23openstack-release/%23openstack-release.2016-09-27.log.html#t2016-09-27T12:25:00
from 12:25 to 14:15.
This reverts commit 03a6db3074e605b901ba68d210bc58f3769a9560.
Change-Id: I4e50dc38f8b41d5730d8f613dd24d7384ca455e5
|
|/
|
|
|
|
|
| |
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: I44a4f93d917659f7009df34e10d71c7ae85c2b75
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See
https://docs.djangoproject.com/en/1.10/releases/1.10/#using-user-is-authenticated-and-user-is-anonymous-as-methods
is_anonymous() and is_authenticated() functions are now properties, and
throw critical security warnings when using python manage.py check in
django 1.10
The duplication is just to make it explicit which code paths are being
followed. They could be refactored to remove it, but in a few months
when we move to the next LTS we would just end up removing the refactors
since there would once again be a single path.
We also removed the `margin` parameter, since it is never used anywhere.
This will be documented in a Horizon release note.
Change-Id: I7a92089ae62a9017274002648f26f13bc34709d9
(cherry picked from commit 00346889c99c26f1bbdaf3c392bac6dfefb509c7)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The variable should be an array but we used string, so it
lead to incorrect warning in the httpd log.
Change-Id: I7a233338306e51ba11f2d80acfc758700f6bddd2
Closes-Bug: 1621137
(cherry picked from commit cec7a021707972b1434bc1be656c5ff1d1315b55)
|
|\ \ |
|
| |/
| |
| |
| | |
Change-Id: Ie187cb6eb5011521338d8c28611bb2a578795e95
|
|\ \ |
|
| |/
| |
| |
| | |
Change-Id: Icbbf653f91912bd1f0326b41fff0daeae06f8447
|
|/
|
|
|
|
|
| |
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: Ic3f70cd1860601de0861edeca295863e31e2b2a6
|
|
|
|
|
|
|
|
|
|
| |
There's a pretty awful hack currently in place to add the reason
attribute to the TestResponse class. This code correctly initializes
the class, including the reason attribute.
Change-Id: I73384db1f89add051547f4d5db36ab1e647e84ef
Closes-Bug: 1613740
(cherry picked from commit 2c859f1d6d620725ddd99c21d75abfec6eec1552)
|
|
|
|
|
|
|
| |
I got carried away and capped the dj110 tox end at <2.0. It should
be capped at <1.11.
Change-Id: I40064b90dc2a340304b6da40f80a6b4e0ffa8a9c
|
|
|
|
| |
Change-Id: Ib7ceb8f89b95bc56a78dfa122c2ddb08e98fffc7
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add TOKEN_DELETE_DISABLED to the settings so when can customize
the revocation of tokens on user logout or switch. This solves an
issue when a user launches a long running operation and then logs off
resulting in an error if the operation tries to validate the token
Change-Id: Ic693c563e028081d87b6447b95ac94608da2dafb
Closes-Bug: 1599870
|
| |
| |
| |
| | |
Change-Id: I8a9feb476eafdff481af73366407a1af08ad89f5
|
|\ \ |
|
| | |
| | |
| | |
| | | |
Change-Id: I2c2ad60839fbe5f931544f076c90feda9dac997a
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In Django 1.10, one *must* define TEMPLATES, and set the BACKEND
APP_DIRS to True. If this isn't done, the package cannot find
its html templates.
Change-Id: Ic4d238ad42931d71da00b468c5f9fd205fa9d4e6
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In mitaka, keystone supports is_admin_project attribute.
https://blueprints.launchpad.net/keystone/+spec/is-admin-project
This patch will support this attribute.
Change-Id: I1531019d55eaa752f1560092a376bc19be6f3db2
Closes-Bug: #1602528
|
|\ \ \
| |/ /
|/| | |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The policy engine already automatically sets the target project_id
some policy files use tenant_id instead. See recent neutron policy
file. Also adding tenant_id to the credential list that is
populated.
Why this matters is that batch actions don't have data associated
with them when the policy checks are made so policy files that
use tenant_id instead of project_id will fail.
Closes-Bug: #1598242
Change-Id: I1b7c5c545852e76cbd46ece003ee9bbb0c19fdec
|
|/
|
|
| |
Change-Id: I9185061eea86d5f7b1889e2e4a39be0bceaa7245
|
|
|
|
|
|
| |
This will be used for a non-voting test run by infra.
Change-Id: Ic9ddd926e13c5d701bbc4df740c6d51f1d7ba30f
|
|
|
|
| |
Change-Id: I5988872b1e9ac1bcce8824fc038e22e7aed04fd3
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes sense because usually only the caller of
fix_auth_url_version() has enough context to decide what warning
message should be emitted (where did the wrong url come from? service
catalog or openstack_dashboard/settings.py?). This also will help to
reduce the number of redundant warnings, emitting them only when user
logs in or a value from service catalog was fixed.
The necessity of this change became obvious after discussion in
https://review.openstack.org/#/c/323786 comments.
Also a small refactoring was made to fix_auth_url_version() (which
previously was edited in haste) - to reuse existing helper functions,
this makes the code a bit cleaner.
Needed-By: I6c6a35b1c460e22dadf39634fce1bdfa257b8c63
Change-Id: I3a04d838a707465c8c6e81e0e6e2fcf918b7b059
|
| |
| |
| |
| | |
Change-Id: Ib957e272451142805aa2e9bb6b62986c764c48f8
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: If8aef5f3684e66489e57cf9c54fa9310e9c82d70
|
|/ /
| |
| |
| | |
Change-Id: Ie90b3a25698ab5e866bf75d5864f7139029526fc
|
|/
|
|
|
|
|
| |
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: If1aaddf180571f551dc8e8c56f1d4fe6b2782daa
|
|
|
|
| |
Change-Id: I96337c7e0cf8e5a3aba23f9503b3e1fbd0f7b4de
|
|
|
|
| |
Change-Id: I0fe2840c5367b78d81e2e91d4fe29681470f568d
|
|
|
|
|
|
|
|
|
| |
Since the function emitting the warning now can be used both for
processing of Keystone URL from Horizon settings and for fixing
URLs from service catalog, the old warning messages becomes confusing.
The patch makes things clear again.
Change-Id: Id70b50e01fc9c3d59d5e41684759b5c8bd8abee9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a false assumption within utils.fix_auth_url_version()
routine that everything that goes after hostname:port part of Keystone
auth_url is could be only version suffix. Once '/identity' webpath was
enabled in Keystone Apache configuration in Devstack by default, the
falsehood was exposed and broken all integration tests. This is fixed.
While debugging fix_auth_url_version() I noticed another side-effect
of the fix: Horizon no longer needs to specify version suffix inside
OPENSTACK_KEYSTONE_URL setting, the fixed function works perfectly
without it. This will be mentioned in release notes for the dependent
Horizon patch.
Partial-Bug: #1585682
Needed-By: Icebfc291ec2b06ed84934c75cfd8c9d91cb2a895
Change-Id: Iea9b8e8378e6c5fb4c60df0073968d8caf7fbc5e
|
|
|
|
|
|
|
|
|
|
|
| |
The endpoint defined in request.user.endpoint may differ from the
endpoint selected from Horizon's AVAILABLE_REGIONS. If so, this will
result in the region appearing as 'None' in Horizon.
This will use the login endpoint as the key for setting the region.
Change-Id: I02d8069d2c8dcb5c24950279b1e40469072bf3bd
Closes-Bug: 1494287
|
|
|
|
| |
Change-Id: I0f4cfcab2f8131cc843591175504d70876dad2b3
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This calculation uses the 'token_life' var which is a
datetime.timedelta object. timedelta.seconds gets us just the
'seconds' component of the object, truncating away any days, hours,
or weeks that might be included in the object.
What we want here is the total time in seconds, which is
total_seconds().
Closes-Bug: #1562452
Change-Id: I6a947abb891e1d34e1cf3aea53b345e0a804bacf
|
| |
| |
| |
| |
| |
| |
| | |
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: If3d980e8acb07e03b97d2489664141443b363bc3
|
| |
| |
| |
| | |
Change-Id: Iee9585745e30465b8d4fd56d575ce3418eedd982
|
| |
| |
| |
| | |
Change-Id: Ibfdef3167b156596be9d8f20c22e1d1b6792b072
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| | |
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: I68ece7340f7c15a7dff2fd52fbf2fa21e809075c
|
|/
|
|
| |
Change-Id: If724c6def15041e55af76872a9027fe9f7c3db69
|