| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
The tenant argument of RequestContext is longer available since
oslo.context 4.0.0. This change removes usage of the deprecated
argument in unit tests to prepare for version bump.
Change-Id: I0493b5fbe09d183e57a207c1dda0b2ee7a4e1b34
|
|
|
|
|
|
|
|
|
| |
Unreadable logs from oslo.context warnings.
"Using the 'project_domain' argument is deprecated in version
'2.18' and will be removed in version '3.0'"
Change-Id: Icfe18a5d299da4b6b4024374791be53f2b3e41f2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.
Also replace policy.json to policy.yaml ref from doc and code.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I1aa12bcd2638390f25d57ce8abeeec248121dc02
|
|
|
|
|
|
|
|
| |
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I8f764e9ba46a4e2055be61eb0fe97d155ab1c70e
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|
|
|
|
|
|
| |
- Bumps some of the lower constraints
- Fixes common/endpoint_utils.py to fallback to use auth_uri.
Change-Id: Ief0868d5feef3ee6b0689c6be27649ff009fbbcc
|
|\ |
|
| |
| |
| |
| |
| |
| | |
These old names are deprecated.
Change-Id: I26466e8ec228f1d742f68ac67332426d08a10869
|
|/
|
|
|
|
|
|
|
|
|
| |
The [keystone_authtoken]/auth_uri setting was deprecated in
favour of [keystone_authtoken]/www_authenticate_uri. This
commit uses the new setting as the fallback if
[clients_keystone]/auth_uri has not been set.
Change-Id: I4b6e254b1344865e3775948a8bbf1e9aac196e4f
Story: #2004434
Task: #28097
|
|
|
|
|
|
|
|
|
| |
When using non-unicode old style user id such as Gāo
Unicode error popup on py2.7 environment
Fixing it on common/context.py
Change-Id: I95e49f359410049ff5b254cd1b8ee16402c8719d
Closes-Bug: #1761629
|
|
|
|
|
|
|
|
|
|
| |
- Fix authpassword middleware
- Pass user_domain/project_domain all through. user_domain
is required whenever authenticating a user with 'username'
and creating the 'password' auth_plugin.
Change-Id: I692639a16be42b755628695d89731aa23eb9221b
Closes-Bug: #1699418
|
|
|
|
|
| |
Change-Id: I87a39f7977d0f68c5ecc7680b18b29f54d963051
Closes-Bug: #1695104
|
|
|
|
|
|
|
|
|
|
|
|
| |
Oslo.config deprecated parameter enforce_type and change its default
value to True in Ifa552de0a994e40388cbc9f7dbaa55700ca276b0. Remove
the usage of it to avoid DeprecationWarning: "Using the 'enforce_type'
argument is deprecated in version '4.0' and will be removed in version
'5.0': The argument enforce_type has changed its default value to True
and then will be removed completely."
Change-Id: I91b0f0a52b5ce8654702510eed76d5dea8cc8fe4
Related--Bug: #1517839
|
|
|
|
|
|
|
|
| |
We've a fallback mechanism to use configuration from
keystone_authtoken section for trust plugin. It's been
deprecated for sometime and does not seem to work.
Change-Id: Ie435b3df8cb1551cee90e6a349913aabd5f4557f
|
|
|
|
| |
Change-Id: I404f3c85ed97462f5628da3bdeb2bad0ae930012
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The oslo.context from_environ method is designed to pick up the
environment variables set by auth_token middleware and other common oslo
middleware and correctly set those values on the context object.
By using from_environ context and policy picks up values from the
request without heat having to directly handle them.
The malformed_role tests here are removed. The roles header is provided
by auth_token middleware and now handled by oslo.context and do error
handling their own way. We shouldn't need to test this handling in heat.
Change-Id: I2707bda09a01bf79e75f36b98a48a02adcde5908
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Heat makes a lot of variations to the basic oslo.context which are going
to make it very hard to reuse with features added to the base
oslo.context.
There are a number of changes here that will make the heat context
options more like those from oslo.context.
*) context.user and context.tenant are IDs, not names. This will be
important for policy credentials.
*) kwargs should be passed through to base context so it can be extended
in the base class.
Change-Id: Ib0d60c6af196ba5c00459110b7a6190cff916d6f
|
|
|
|
|
|
|
|
| |
This change removes use of version specific auth
plugins and instead uses generic plugins.
Change-Id: I19898d351c4a08f5f865f9debd60070d50aa5eff
Related-Bug: #1554533
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
keystoneclient.auth is deprecated, use keystoneauth1 instead.
Change-Id: Idf6daaccef8547755989140a91e4543cc94f9b58
Closes-Bug: #1554533
|
|/
|
|
|
|
|
|
| |
This will allow heat.object implementations to create a single object
per context to manage its particular context caching needs.
Change-Id: I9b626efee45164617a73b790bfad4808172d2c12
Related-Bug: #1578854
|
|
|
|
|
|
|
|
| |
This makes sure that type checking is done by oslo.config
on the test override values.
Change-Id: Ia8c1cb55fe98e9d06b9b9ff13e5c2d25aa67bff3
Closes-bug: #1517839
|
|
|
|
|
|
|
|
|
|
|
|
| |
With Ibd0566f11df62da031afb128c9687c5e8c7b27ae, we are changing
the oslo.config internals a bit. The code in Heat test suite
unnecesssarily depends on oslo.config internals. Just using
the oslo.config fixture is good enough for these tests. This
will avoid CI failures next week when we make a new release
for oslo.config.
Closes-Bug: #1547612
Change-Id: Ibf784d08fbad099189507ff4f665788aee7a3a97
|
|
|
|
|
|
|
|
|
|
| |
This patch will attempt to get
cfg.CONF.keystone_authtoken.user_domain_id
as 'user_domain_id' when create trust auth plugin,
and only if the conf is not set switch to 'default' domain.
Change-Id: Icce69dcbdf917fab6644f48f71c4eeb6926d9d6e
Closes-Bug: #1533928
|
|
|
|
|
|
|
| |
Set user/project domain id/name from req.headers while
init local request context. Then we can use them if needed.
Change-Id: I95e937e226e308517485641189c667502529b85e
|
|
|
|
|
|
| |
Implements bp docstring-improvements
Change-Id: I2fd82d698f42aca3b34822875cf4d706fedbf5f2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If tenant_name or user_name has chinese characters,
an 'UnicodeEncodeError' exception raised when making
credentials from request context.
There are two solutions to fix this problem:
1. Call encodeutils.safe_encode to encode the tenant_name
with utf-8 before using.
2. Modify to use tenant_id/user_id instead
of name as other OpenStack projects(Nova, Cinder, Neutron...)
did.
This patch select the option2 to fix the problem.
Change-Id: I2510405b7b2cc9125828a19a151a56bcd44c2222
Closes-Bug: #1488754
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The auth_uri argument in the keystone_authtoken section of the
configuration can, depending on the authentication plugin in use,
specify the URL with or without a version. When a version is given,
it may be v2.0 or v3. And for some plugins this setting may not even be
used. To help reduce the coupling between heat and keystonemiddleware's
configuration, this change adds a new "auth_uri" setting in the
[clients_keystone] section of the configuration that can be used to define
the unversioned keystone endpoint that heat should use. The keystone
discovery service is used to obtain the v3 URL from this endpoint. If this
new configuration item isn't set, then the legacy behavior that derives
the v3 endpoint from the middleware's setting is used.
UpgradeImpact: heat.conf [clients_keystone] auth_uri should be set
to the unversioned keystone endpoint for wait conditions
and wait handles to continue working.
Change-Id: I57d9749bea0b5797a9fc786e8fe991bbc63301ef
Partial-Bug: #1446918
|
|
|
|
|
|
|
|
|
|
| |
According decisions in:
https://etherpad.openstack.org/p/YVR-heat-liberty-deprecation
deprecated headers were deleted, also context class was switched on
using Project header instead of Tenant.
Change-Id: Ibe0b572dd7315a82774077a77579dd1380b59d6d
|
|
|
|
|
|
|
| |
Switch to the first official release of oslo.policy.
Change-Id: Ibf3bf061d41a6c3d050d4a5d562039bff734bda9
Closes-Bug: #1421863
|
|
|
|
|
|
|
|
|
| |
For consistency with the installation guide and other OpenStack
components.
http://lists.openstack.org/pipermail/openstack-dev/2015-April/062702.html
Change-Id: I0df8565b5cb16aa555a4b19b3518e7208ca294d3
|
|
|
|
|
|
|
|
|
|
| |
This makes heat logging format more consistent with other
services as oslo.log uses this in the Context formatter:
https://github.com/openstack/oslo.log/blob/master/oslo_log/formatters.py#L214
Change-Id: If85fca19d1e37decc35f965b92e6430e46d9842a
Closes-bug: #1437144
|
|
|
|
|
|
|
| |
See https://blueprints.launchpad.net/oslo-incubator/+spec/drop-namespace-packages
Closes-Bug: 1423174
Change-Id: I48680ce6e7ce91005c147ab4388203946171d433
|
|
|
|
|
|
| |
Correct grouping and ordering of imports
Change-Id: I47ea0d53f80d7f0aeb01c1c6afd63713be87ddf4
|
|
|
|
|
| |
Change-Id: I592da43b4d942876d381f3203bfef00a7d86c5b9
Closes-Bug: #1410002
|
|
|
|
|
|
|
| |
Synchronize oslo modules, removing unsed gettextutils and fixing tests
for policy module change.
Change-Id: I2fbb3668522eabea9a6408ccd2f3c3d76645e2ee
|
|
|
|
|
|
|
|
|
| |
For standalone heat operation, middleware will need to set the region
from the X-Region-Name header. Then the keystoneclient will use this
region_name instead of the heat_region_name config option.
Closes-Bug: 1223068
Change-Id: Ia859e67cf8c6e0d1ed9d9e7f5eab2d138c6421ef
|
|
|
|
|
|
|
|
|
|
|
|
| |
The oslo-incubator request_id module has been deprecated and
removed for kilo, replaced by the request_id from oslo.middleware.
Note that we need to leave the oslo-incubator request_id shim in place
until after Kilo ships, so operators get fair warning about the
backwards-incompatible paste.ini change.
Change-Id: Iedbfede6d57312f565cf4b1ccb71a8418fad8620
Partial-Bug: #1380629
|
|
|
|
|
|
|
| |
Fix the HeatTestCase import issue as required by H302,
a following patch of https://review.openstack.org/#/c/129846/
Change-Id: Iab9a508682e9fe2932b7d00b191c8a4cdea4738b
|
|
|
|
|
|
|
|
|
|
|
| |
This patch aims to support "x-openstack-request-id" for Heat.
Nova, Cinder and Neutron have realized "x-openstack-request-id" functionality
by using oslo-incubator.middleware. This functionality will enable effective
log tracing between Heat and Heat caller.
Change-Id: Ida2f3d33b02557c2117aade27ccac7d9351886c9
Closes-bug: #1324065
|
|
|
|
|
|
|
|
|
|
| |
The auth_token (and other) middleware adds a keystone.token_info value
to the request environment after validating the token. We can pass this
value via the request context which allow us to avoid always re-requesting
another token in the keystoneclient instance in heat-engine.
Change-Id: Icac0e73fbddd5011fb41bd644036ba489189c405
Partial-Bug: #1317293
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change allows stack user credentials to be used to call
describe_stack_resource (heat resource-metadata)
It makes the following changes:
* _authorize_stack_user first attempts authorize with
stack.access_allowed using the context user_id before falling back
to looking for ec2 credentials
* context middleware sets the user_id on the context even when the
username is not specified
This change also adds missing test coverage to ContextMiddleware
Change-Id: Idb655e403ba11a3144dacf34eba0feb59ab8d911
Closes-Bug: #1299982
|
|
|
|
|
| |
Change-Id: Ia6131f8fcac6902c80c80aa805c8cd7a2a41f280
Closes-Bug: #1229324
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need the user_id within notifications sent by Heat to be able to
handle it in Ceilometer, currently only the username is provided which
can be non-uniq per tenant and could confuse the integrity of data.
The easiest way to do that is to populate the Context within the user_id
retrieved from Headers.
No need to store the user_id in Heat backend.
Related-Blueprint: send-notification
Change-Id: I88bd5612556d2000d72427308d17643f14d35306
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some tests used incorrect order assertEqual(observed, expected).
The correct order expected by testtools is
assertEqual(expected, observed).
This patch includes roughly half of the files touched by these changes
(up to and including test_m* sans contrib code) to ease the review.
Partial-Bug: #1259292
Change-Id: I44bff827c7c50726d48aa649b7685712a233ee62
|
|
|
|
|
|
|
|
|
|
| |
get_admin_context takes a read_deleted argument which is ignored,
and we don't include the read_deleted value in to_dict output.
Fixing this means we can respect this flag in the DB API, which
currently we do not.
Change-Id: Id0906983b93cd2526580942390f7992fb2cb5504
blueprint: request-scoping-policy
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a rule in the policy.json to correctly derive a user's admin-ness
based on their roles, when it is not explicitly specified in the
RequestContext constructor.
Keystone auth_token tests X-Roles based on the user role membership
for the tenant the token is scoped to, so this will allow us to define
per-tenant admins (the admin everywhere issue described in keystone
bug #968696 won't apply here, that is specific to keystone).
Remove the admin_role config option, which doensn't do anything, and
now this should be specified via policy.json.
Change-Id: I1921a2b515ecc8ca5d37205e3cdb6b7b8695b1ac
bluprint: request-scoping-policy
|
|
The username value should be returned, not the self.user value,
otherwise you unexpectedly get inconsistent results if you ever
override the username after creating the object. Some tests
added, one of which illustrates the problem.
Change-Id: I95e416e3046607d8b0406812705949e8ff464f86
Closes-Bug: #1237459
|