| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
In heat, some unit tests still use mox3,
which will make the test speed more slower,
so I decide to remove it.
Change-Id: I68f016053de61ec274636dfe9f83ae57b1b9a84b
|
|
|
|
|
|
|
|
|
|
| |
- Fix authpassword middleware
- Pass user_domain/project_domain all through. user_domain
is required whenever authenticating a user with 'username'
and creating the 'password' auth_plugin.
Change-Id: I692639a16be42b755628695d89731aa23eb9221b
Closes-Bug: #1699418
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the final patch to switch from keystoneclient to
keystoneauth.
keystoneclient's auth session, plugins,and adapter code
has been deprecated. For more information:
[1] http://docs.openstack.org/developer/keystoneauth/migrating.html
Change-Id: If8449382aeccf51587d991f55a53c43742ad7a72
|
|
|
|
|
|
|
|
| |
This change removes use of version specific auth
plugins and instead uses generic plugins.
Change-Id: I19898d351c4a08f5f865f9debd60070d50aa5eff
Related-Bug: #1554533
|
|
|
|
|
|
|
|
| |
This moves the heat_keystoneclient wrapper to
heat.engine.clients package.
Change-Id: I39636abb946a7608014145d9edca5297d9f929d0
Related-Bug: #1554533
|
|
|
|
|
|
|
| |
keystoneclient.auth is deprecated, use keystoneauth1 instead.
Change-Id: Idf6daaccef8547755989140a91e4543cc94f9b58
Closes-Bug: #1554533
|
|
|
|
|
|
| |
Use available user_domain for password auth_plugin.
Change-Id: Ibb15367f7ac54a565319c6097e4d6f12b07ebd7e
|
|
|
|
|
|
|
|
| |
convert to bytes before assigning value to resp.body
partial blueprint heat-python34-support
Change-Id: I6929b96cb9742df26c037deb94bef194feb06903
|
|
|
|
|
|
|
|
|
|
| |
According decisions in:
https://etherpad.openstack.org/p/YVR-heat-liberty-deprecation
deprecated headers were deleted, also context class was switched on
using Project header instead of Tenant.
Change-Id: Ibe0b572dd7315a82774077a77579dd1380b59d6d
|
|
|
|
|
|
|
| |
See https://blueprints.launchpad.net/oslo-incubator/+spec/drop-namespace-packages
Closes-Bug: 1423174
Change-Id: I48680ce6e7ce91005c147ab4388203946171d433
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the first step in converting to using keystoneclient auth
plugins. It moves responsibility for controlling authentication away
from the keystoneclient and onto the equivalent functions provided by
the context. The existing functions are left for now with redirects to
the context.
Have the context create an authentication plugin for the user
credentials in the same way that keystoneclient used to. This involves
updating a number of tests as we need to stub authentication information
from the context and not the client.
Change-Id: Ifeb5c99387aec0eb5dce3f2744388c948d78a2bb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously auth_password.KeystonePasswordAuthProtocol directly created
a keystone v2 client, which means that heat-standalone wouldn't
work if heat-engine is using the default KeystoneClientV3 client.
This change creates a heat_keystoneclient.KeystoneClient and uses that to
fetch the data required to build the authenticated env to pass to the
request context. This means that the standalone middleware will now work
with the default v3 keystone backend, the contrib v2 backend, or any other
valid implementation of KeystoneClient. The type of KeystoneClient is
determined by the heat.conf keystone_backend value, which means that this
value is now read by heat-api when using the standalone middleware.
For v3 the service catalog is left empty, which means heat-engine will fetch
it again.
Change-Id: I46d4edbfffdb0e606e4f4c767610c137d03495f4
Closes-Bug: #1402472
|
|
|
|
| |
Change-Id: Ia7527c6704e61d854be8e847e2401f33fb48d4df
|
|
|
|
|
|
|
| |
Fix the HeatTestCase import issue as required by H302,
a following patch of https://review.openstack.org/#/c/129846/
Change-Id: Iab9a508682e9fe2932b7d00b191c8a4cdea4738b
|
|\ |
|
| |
| |
| |
| | |
Change-Id: I2e1a809cfca8e88693551d58d33e747f54ee5eb1
|
|/
|
|
|
|
|
|
|
| |
This patch is one in a series to re-enable H306 style check rule
(imports are in alphabetical order). It touches roughly half of tests
(up to and including test_m*).
Implements: blueprint reduce-flake8-ignored-rules (partial)
Change-Id: Id1e10f7a519ceeb4339488760b36950440461edb
|
|
|
|
|
| |
Change-Id: Ia6131f8fcac6902c80c80aa805c8cd7a2a41f280
Closes-Bug: #1229324
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactoring the auth_password middleware to move X-Auth-Url logic
into the auth_url middleware, so that all X-Auth-Url logic is
handled in one place.
This also adds the auth_url middleware in front of the auth_password
middleware, so that there should be no behavior change
Co-Authored-By: Richard Lee <rblee88@gmail.com>
Related-Bug: #1259364
Change-Id: I3819cbf1a4c4955752dc7c804b0add1bab2b962c
|
|
|
|
|
|
|
|
| |
The patch removes usage of StubOutClassWithMocks with keystone Client
class, which doesn't work anymore now that there is an ABC in the MRO.
Change-Id: I4e8ff2cde2723060faf9906ecf51b13911ac5f42
Closes-Bug: #1279907
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some tests used incorrect order assertEqual(observed, expected).
The correct order expected by testtools is
assertEqual(expected, observed).
This patch includes roughly half of the files touched by these changes
(up to and including test_m* sans contrib code) to ease the review.
Partial-Bug: #1259292
Change-Id: I44bff827c7c50726d48aa649b7685712a233ee62
|
|
|
|
|
|
|
| |
To make code simple and clean and enable unused local variables(F841)
check.
Change-Id: I420e4b3c8845efc616d447922122167af383dbc1
|
|
|
|
|
| |
Change-Id: Ia3489a1cff5070b000098e278c772cb823ae688c
Fixes-Bug: #1214176
|
|
|
|
|
|
|
|
|
|
|
|
| |
This means clear_override and clear_default do not
need to be called explicitly for each set_override and set_default
call.
This also fixes any potential test execution order issues
where an option has been set without being cleared at all.
Change-Id: Ic40c3be10b32eb3011bc0733cee9c1faaf8f1240
Fixes-Bug: #1221476
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original intention was to allow heat to orchestrate
on any requested cloud when allowed_auth_uris is configured
with an empty list.
This change makes all requests be validated against
allowed_auth_uris for the following reasons:
- there is a potential security issue with requests
being authorised by a fake keystone, allowing an exploit in
heat to be executed without any valid authentication factors
first being presented.
- ec2token middleware will also need to be made multi-cloud aware
however as a compatible API it is not possible to specify the desired
auth_uri with each request. Instead ec2token will need a list of
configured endpoints so that it can try each one until a request
is authenticated.
Change-Id: I3d6b7edf381a66b87b6e1fae07bc5dbe9db024bc
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a multi_cloud configuration parameter for auth_password that
tells a standalone Heat installation to look for its auth_url in
the request headers instead of the configuration file. Also adds
an allowed_auth_uris configuration option to specify which
auth_urls are allowed as targets.
bp heat-multicloud
Change-Id: Ic0929586ac3b57c7f9f3335e0dbd5e14e6b56067
|
|
|
|
|
|
|
|
|
| |
Fix a key error caused from the response of authing
in stand alone mode. The keystone docs indicate that
the schema for a response user name is ['user']['name']
rather than ['user']['username'].
Change-Id: I9ac94feeef8f9f2dedaa3842f64a3491e701e199
|
|
Add alternative authentication middleware to authenticate against Keystone using
username and password instead of validating existing auth token. The benefit
being that you no longer require admin/service token to authenticate users.
To use, update heat-api.conf:
[paste_deploy]
flavor = standalone
This should make it possible to try heat out against existing public
clouds.
Change-Id: Ia584bba78e8984581f0fb6882bbb17d5efa238db
|