| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this boils down to:
$ python setup.py extract_messages
$ python setup.py update_catalog --no-fuzzy-matching \
--ignore-obsolete=true
$ source \
../../openstack-infra/project-config/jenkins/scripts/common_translation_update.sh
$ setup_loglevel_vars
$ cleanup_po_files keystone
Change-Id: I2a03f3d7eebe0be0250d4834256dfa3c634dbb48
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It was possible to specify an invalid controller method in a router.
This will not cause an error until runtime. This change catches the
error much earlier in the application lifecycle. In fact with this
change errors should not be able to pass unit tests even if there is
no specific test for the behavior.
Related-bug: #1377304
Change-Id: Icc5646c143a234127a8b4ac8a74342ef3dca7e80
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Deleting a endpoint group project fails because the router specifies
a controller method that doesn't exist. This returns a 500 error to
the user for what should be a successful operation.
Change-Id: I3b91d8023d31555893fb944da73633a69d8e286f
Closes-bug: #1377304
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the issues that were preventing the running of
live sql upgrade tests (either by running test_sql_upgrade directly
or via test_sql_livetest), namely:
- Dropping the tables that were in existence before the current
scope of migration in an order that is FK friendly
- Fixing an issue where the tables were being dropped in the
wrong order in the downgrade of federation
- Ensuring we don't hold sessions open over upgrade/downgrade
steps in our test methods
Limitations:
- This patch has not been tested with DB2
Closes-Bug: 1363047
Closes-Bug: 1375937
Change-Id: Ied4741a9646b57bc6f2ddcdc8a380ea55b2a9634
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were tests that verified that the PKI token body could be
encrypted with CMS and compared to the token ID in the response.
This test isn't safe because the token body may be different than
the token encrypted with CMS since the order of items in the dict
can change.
The fix is to change the test to decode the PKI token ID and
compare that to the response body JSON instead.
Change-Id: Icc649b96071ff084d5c76f2ea2bcf3ecb08a0351
(cherry picked from commit 83394ba71ba06e9899aaa62f211919075f2a3d91)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The string passed to ldap.str2dn() needs to be UTF8 encoded, otherwise
we encounter UnicodeEncodeError exceptions.
This patch adds UTF8 encoding where it was missing for ldap.str2dn()
calls as well as some unit tests to cover the functions that were
lacking this encoding step.
Change-Id: I96e718f1d43f4aad272ca4990d3905a5adf1f07d
Closes-bug: #1375139
(cherry picked from commit 09d38008aa0e7f8c6802088c807dd0ad6ba80e10)
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If a non-default emulated enabled DN is specified in configuration,
the DN structure returned from python-ldap is incorrectly converted
to a string. This leads to an index error when we attempt to extract
the RDN attribute and value.
This patch removes the incorrect string conversion and instead does
the proper conversion on the RDN strings that we extract.
Change-Id: I8f0c4594cfa9a41e1875870c3eb63fae32c8c041
Resolves-bug: #1375772
(cherry picked from commit 5380ddaadb0ce34b866b097cb6ac1396d2b30100)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the user_enabled_invert setting is being used, values returned
from LDAP are ultimately converted to a bool type when we reach the
inversion logic. If the user_enabled_default value is used due to
no value being returned from LDAP, the type is a string. This causes
the inversion logic to be evaluated incorrectly, as 'not' will return
False for any non-empty string. This results in disabled accounts
that should be enabled.
Change-Id: Id7b024c12815748305458ca05fc8f8a6324c1908
Closes-bug: #1376053
(cherry picked from commit 50a6312ffa1f636bd74c98d9938ea4083bed2768)
|
|\ |
|
| |
| |
| |
| |
| |
| | |
There was an extra space at the end of the debug log string.
Change-Id: I96a231d136a829e049a4e026ed07ff3730eeb388
|
|\ \ |
|
| | |
| | |
| | |
| | | |
Change-Id: I4aaa57b05e9aab2ff223f62bd1f5fe0f37e7f247
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Closes-bug: #1366649
Change-Id: Ic3f4a3eb9da303a4da7d532f02f6c6e82a725924
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This also renames the provider_name argument to better convey it's
status as a kwarg for internal use only.
Change-Id: Ie1afee4e37cfa149ddb73a001985c98aa90b97a5
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: Id48074b81f062408a6757c632f578837f6a3c87e
|
|\ \ \ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: I308fe2db811cc97185956ef60a739026ba815013
|
|\ \ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Attribute ``version`` in the SAML2 Assertion should be non-empty.
Change-Id: I46f4b0c45e38cc1315e320369a2ba7d2279eb16f
Closes-Bug: #1373961
|
|\ \ \ \ \ \ \ \ |
|
| | |_|/ / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Using both the engine and session in a migration causes the DB to
become locked.
Change-Id: Icbd867ff4e385f4430bfa9b7c5680b870475176d
Closes-bug: #1371620
|
|\ \ \ \ \ \ \ \ |
|
| | |_|/ / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
When generating SAML assertion Keystone should always set issuer value
in federation.controllers.Auth.create_saml_assertion() to
CONF.saml.idp_entity_id.
Change-Id: If970cdf20cfca8b1dc667eefd030083fdafe9424
Closes-Bug: #1374033
|
|\ \ \ \ \ \ \ \
| |_|/ / / / / /
|/| | | | | | | |
|
| | |_|_|/ / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Rather than attempting to query the database for an empty userId
that results in an error, just raise an error immediately that
has a better error message than one indicating a missing 'len()'
attribute.
Change-Id: I6db54d8f6114337d37be3cab20f60d7905243cba
Closes-Bug: #1368046
|
|\ \ \ \ \ \ \ |
|
| | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Clearly label that running keystone as an IdP is experimental.
Change-Id: I8eac8b83110aef2fc9cb638eca6784c097bcb22c
|
|\ \ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The architecture docs are very dated, and have several references
to tenants, PAM backends, and controllers that don't exist.
Change-Id: I85de743006e7df4fcf8ddbc3afc1a4bcd69583e6
|
|\ \ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
In an effort to make 'configuration.rst' less bloated, move
common cli examples to their own section. Changed the titling
so they are no longer subtitles of another section.
Change-Id: I2785cbe8563e5adcae65aebf88152a5e055c28a9
|
|\ \ \ \ \ \ \ \ \
| |/ / / / / / / / |
|
| |/ / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Lots of lines that were well over 80 characters; several code
examples were missing code-block syntax. General inconsistencies
between what is actually available vs. what is documented.
Change-Id: I726e13aa7c333973cf92bbe1550b939c634db493
|
|\ \ \ \ \ \ \ \ |
|
| | |/ / / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
When deleting a domain group assignment while using a non
domain-aware backend, such as LDAP, an AttributeError was being
raised when trying to find all the relevent tokens. This was due
to a hang over from when you had to pass domain scope to
list_user_in_group(). This only affected domain group grants,
by luck we got away with it for group project grants.
Change-Id: I47b61886698232a7d3dfb4b502d61723cb0eb786
Closes-Bug: 1373113
|
|\ \ \ \ \ \ \ \
| |_|_|_|/ / / /
|/| | | | | | | |
|
| | |/ / / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is a performance update to ensure that we are scanning the fewest
number of rows on a user delete (causing token revocations). Without
these indexes it is possible to scan all valid tokens, causing
significant overhead, to find the user or trust matching tokens.
Due to selecting the extra column (needed for other matches in
some cases) this can also cause issues with buffer pool sizes.
Change-Id: I202b5c87a221d8dba99d16b0a1baa7546fef093b
Closes-Bug: 1332666
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Closes-Bug: 1372287
Change-Id: I3f284c2739ff509cfe50536df095e8f79ec108fe
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Raise an AttributeError for lookup on 'token_provider_api' within the
__getattr__ on the keystone.token.persistence.core.Manager class. The
__getattr__ will be called on dependency injection process dependencies
and attempt to do a lookup on .token_provider_api, which nets an
infinite recursion. If an AttributeError is raised the dependency
processor will set the value correctly. Once the 'token_provider_api'
attribute is set, __getattr__ is no longer called as the value is in
the instantiated object's __dict__.
Change-Id: I4af79f4568429dea27c1e11e5a77cefa5afc792c
Closes-Bug: #1373167
|
|\ \ \ \ \ \ |
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I8089f75c9c64786b629787f343622ac72032562c
|