summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* updated translations2014.2.rc22014.2proposed/junoDolph Mathews2014-10-0714-2484/+43
| | | | | | | | | | | | | | this boils down to: $ python setup.py extract_messages $ python setup.py update_catalog --no-fuzzy-matching \ --ignore-obsolete=true $ source \ ../../openstack-infra/project-config/jenkins/scripts/common_translation_update.sh $ setup_loglevel_vars $ cleanup_po_files keystone Change-Id: I2a03f3d7eebe0be0250d4834256dfa3c634dbb48
* Merge "Validates controller methods exist when specified" into proposed/junoJenkins2014-10-071-0/+8
|\
| * Validates controller methods exist when specifiedDavid Stanek2014-10-061-0/+8
| | | | | | | | | | | | | | | | | | | | | | It was possible to specify an invalid controller method in a router. This will not cause an error until runtime. This change catches the error much earlier in the application lifecycle. In fact with this change errors should not be able to pass unit tests even if there is no specific test for the behavior. Related-bug: #1377304 Change-Id: Icc5646c143a234127a8b4ac8a74342ef3dca7e80
* | Merge "Fixes an error deleting an endpoint group project" into proposed/junoJenkins2014-10-072-9/+23
|\ \ | |/
| * Fixes an error deleting an endpoint group projectDavid Stanek2014-10-062-9/+23
| | | | | | | | | | | | | | | | | | Deleting a endpoint group project fails because the router specifies a controller method that doesn't exist. This returns a 500 error to the user for what should be a successful operation. Change-Id: I3b91d8023d31555893fb944da73633a69d8e286f Closes-bug: #1377304
* | Ensure sql upgrade tests can run with non-sqlite databases.Henry Nash2014-10-062-19/+65
|/ | | | | | | | | | | | | | | | | | | | | This patch fixes the issues that were preventing the running of live sql upgrade tests (either by running test_sql_upgrade directly or via test_sql_livetest), namely: - Dropping the tables that were in existence before the current scope of migration in an order that is FK friendly - Fixing an issue where the tables were being dropped in the wrong order in the downgrade of federation - Ensuring we don't hold sessions open over upgrade/downgrade steps in our test methods Limitations: - This patch has not been tested with DB2 Closes-Bug: 1363047 Closes-Bug: 1375937 Change-Id: Ied4741a9646b57bc6f2ddcdc8a380ea55b2a9634
* Fix tests comparing tokensBrant Knudson2014-10-021-10/+12
| | | | | | | | | | | | | | There were tests that verified that the PKI token body could be encrypted with CMS and compared to the token ID in the response. This test isn't safe because the token body may be different than the token encrypted with CMS since the order of items in the dict can change. The fix is to change the test to decode the PKI token ID and compare that to the response body JSON instead. Change-Id: Icc649b96071ff084d5c76f2ea2bcf3ecb08a0351 (cherry picked from commit 83394ba71ba06e9899aaa62f211919075f2a3d91)
* Merge "Convert unicode to UTF8 when calling ldap.str2dn()" into proposed/junoJenkins2014-10-023-4/+19
|\
| * Convert unicode to UTF8 when calling ldap.str2dn()Nathan Kinder2014-10-013-4/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | The string passed to ldap.str2dn() needs to be UTF8 encoded, otherwise we encounter UnicodeEncodeError exceptions. This patch adds UTF8 encoding where it was missing for ldap.str2dn() calls as well as some unit tests to cover the functions that were lacking this encoding step. Change-Id: I96e718f1d43f4aad272ca4990d3905a5adf1f07d Closes-bug: #1375139 (cherry picked from commit 09d38008aa0e7f8c6802088c807dd0ad6ba80e10)
* | Merge "Fix parsing of emulated enabled DN" into proposed/junoJenkins2014-10-022-3/+12
|\ \
| * | Fix parsing of emulated enabled DNNathan Kinder2014-09-302-3/+12
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | If a non-default emulated enabled DN is specified in configuration, the DN structure returned from python-ldap is incorrectly converted to a string. This leads to an index error when we attempt to extract the RDN attribute and value. This patch removes the incorrect string conversion and instead does the proper conversion on the RDN strings that we extract. Change-Id: I8f0c4594cfa9a41e1875870c3eb63fae32c8c041 Resolves-bug: #1375772 (cherry picked from commit 5380ddaadb0ce34b866b097cb6ac1396d2b30100)
* | Handle default string values when using user_enabled_invertNathan Kinder2014-09-302-0/+32
|/ | | | | | | | | | | | | | When the user_enabled_invert setting is being used, values returned from LDAP are ultimately converted to a bool type when we reach the inversion logic. If the user_enabled_default value is used due to no value being returned from LDAP, the type is a string. This causes the inversion logic to be evaluated incorrectly, as 'not' will return False for any non-empty string. This results in disabled accounts that should be enabled. Change-Id: Id7b024c12815748305458ca05fc8f8a6324c1908 Closes-bug: #1376053 (cherry picked from commit 50a6312ffa1f636bd74c98d9938ea4083bed2768)
* Merge "Remove trailing space from string"2014.2.rc1Jenkins2014-09-291-1/+1
|\
| * Remove trailing space from stringBrant Knudson2014-09-081-1/+1
| | | | | | | | | | | | There was an extra space at the end of the debug log string. Change-Id: I96a231d136a829e049a4e026ed07ff3730eeb388
* | Merge "Fixes code comment to be more accurate"Jenkins2014-09-291-3/+3
|\ \
| * | Fixes code comment to be more accurateDavid Stanek2014-09-081-3/+3
| | | | | | | | | | | | Change-Id: I4aaa57b05e9aab2ff223f62bd1f5fe0f37e7f247
* | | Merge "Correct typos in keystone/common/base64utils.py docstrings"Jenkins2014-09-291-2/+2
|\ \ \
| * | | Correct typos in keystone/common/base64utils.py docstringsPeter Razumovsky2014-09-111-2/+2
| | | | | | | | | | | | | | | | | | | | Closes-bug: #1366649 Change-Id: Ic3f4a3eb9da303a4da7d532f02f6c6e82a725924
* | | | Merge "improve dependency injection doc strings"Jenkins2014-09-291-35/+45
|\ \ \ \
| * | | | improve dependency injection doc stringsDolph Mathews2014-09-101-35/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also renames the provider_name argument to better convey it's status as a kwarg for internal use only. Change-Id: Ie1afee4e37cfa149ddb73a001985c98aa90b97a5
* | | | | Merge "Imported Translations from Transifex"Jenkins2014-09-281-11/+23
|\ \ \ \ \
| * | | | | Imported Translations from TransifexOpenStack Proposal Bot2014-09-271-11/+23
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Id48074b81f062408a6757c632f578837f6a3c87e
* | | | | | Merge "Updated from global requirements"Jenkins2014-09-272-2/+2
|\ \ \ \ \ \
| * | | | | | Updated from global requirementsOpenStack Proposal Bot2014-09-262-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I308fe2db811cc97185956ef60a739026ba815013
* | | | | | | Merge "Add version attribute to the SAML2 Assertion object."Jenkins2014-09-273-1/+19
|\ \ \ \ \ \ \
| * | | | | | | Add version attribute to the SAML2 Assertion object.Marek Denis2014-09-253-1/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Attribute ``version`` in the SAML2 Assertion should be non-empty. Change-Id: I46f4b0c45e38cc1315e320369a2ba7d2279eb16f Closes-Bug: #1373961
* | | | | | | | Merge "Uses session in migration to stop DB locking"Jenkins2014-09-271-7/+8
|\ \ \ \ \ \ \ \
| * | | | | | | | Uses session in migration to stop DB lockingDavid Stanek2014-09-261-7/+8
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using both the engine and session in a migration causes the DB to become locked. Change-Id: Icbd867ff4e385f4430bfa9b7c5680b870475176d Closes-bug: #1371620
* | | | | | | | Merge "Set issuer value to CONF.saml.idp_entity_id."Jenkins2014-09-272-8/+3
|\ \ \ \ \ \ \ \
| * | | | | | | | Set issuer value to CONF.saml.idp_entity_id.Marek Denis2014-09-262-8/+3
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating SAML assertion Keystone should always set issuer value in federation.controllers.Auth.create_saml_assertion() to CONF.saml.idp_entity_id. Change-Id: If970cdf20cfca8b1dc667eefd030083fdafe9424 Closes-Bug: #1374033
* | | | | | | | Merge "Fail on empty userId/username before query"Jenkins2014-09-272-2/+10
|\ \ \ \ \ \ \ \ | |_|/ / / / / / |/| | | | | | |
| * | | | | | | Fail on empty userId/username before queryKevin Benton2014-09-142-2/+10
| | |_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rather than attempting to query the database for an empty userId that results in an error, just raise an error immediately that has a better error message than one indicating a missing 'len()' attribute. Change-Id: I6db54d8f6114337d37be3cab20f60d7905243cba Closes-Bug: #1368046
* | | | | | | Merge "Mark k2k as experimental"Jenkins2014-09-261-0/+5
|\ \ \ \ \ \ \
| * | | | | | | Mark k2k as experimentalSteve Martinelli2014-09-251-0/+5
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clearly label that running keystone as an IdP is experimental. Change-Id: I8eac8b83110aef2fc9cb638eca6784c097bcb22c
* | | | | | | Merge "Update architecture documentation"Jenkins2014-09-261-40/+46
|\ \ \ \ \ \ \
| * | | | | | | Update architecture documentationSteve Martinelli2014-09-251-40/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The architecture docs are very dated, and have several references to tenants, PAM backends, and controllers that don't exist. Change-Id: I85de743006e7df4fcf8ddbc3afc1a4bcd69583e6
* | | | | | | | Merge "New section for CLI examples in docs"Jenkins2014-09-263-271/+299
|\ \ \ \ \ \ \ \
| * | | | | | | | New section for CLI examples in docsSteve Martinelli2014-09-253-271/+299
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In an effort to make 'configuration.rst' less bloated, move common cli examples to their own section. Changed the titling so they are no longer subtitles of another section. Change-Id: I2785cbe8563e5adcae65aebf88152a5e055c28a9
* | | | | | | | | Merge "Clean up the Configuration documentation"Jenkins2014-09-261-82/+146
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / /
| * | | | | | | | Clean up the Configuration documentationSteve Martinelli2014-09-251-82/+146
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Lots of lines that were well over 80 characters; several code examples were missing code-block syntax. General inconsistencies between what is actually available vs. what is documented. Change-Id: I726e13aa7c333973cf92bbe1550b939c634db493
* | | | | | | | Merge "Fix failure of delete domain group grant when identity is LDAP."Jenkins2014-09-262-2/+42
|\ \ \ \ \ \ \ \
| * | | | | | | | Fix failure of delete domain group grant when identity is LDAP.Henry Nash2014-09-252-2/+42
| | |/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When deleting a domain group assignment while using a non domain-aware backend, such as LDAP, an AttributeError was being raised when trying to find all the relevent tokens. This was due to a hang over from when you had to pass domain scope to list_user_in_group(). This only affected domain group grants, by luck we got away with it for group project grants. Change-Id: I47b61886698232a7d3dfb4b502d61723cb0eb786 Closes-Bug: 1373113
* | | | | | | | Merge "Adding an index on token.user_id and token.trust_id"Jenkins2014-09-263-1/+54
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | |
| * | | | | | | Adding an index on token.user_id and token.trust_idgalstrom212014-09-243-1/+54
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a performance update to ensure that we are scanning the fewest number of rows on a user delete (causing token revocations). Without these indexes it is possible to scan all valid tokens, causing significant overhead, to find the user or trust matching tokens. Due to selecting the extra column (needed for other matches in some cases) this can also cause issues with buffer pool sizes. Change-Id: I202b5c87a221d8dba99d16b0a1baa7546fef093b Closes-Bug: 1332666
* | | | | | | Merge "Fix a spelling mistake in keystone/common/utils.py"Jenkins2014-09-251-1/+1
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | |
| * | | | | | Fix a spelling mistake in keystone/common/utils.pyTahmina Ahmed2014-09-241-1/+1
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes-Bug: 1372287 Change-Id: I3f284c2739ff509cfe50536df095e8f79ec108fe
* | | | | | Merge "Prevent infinite recursion on persistence core on init"Jenkins2014-09-251-0/+8
|\ \ \ \ \ \ | |/ / / / / |/| | | | |
| * | | | | Prevent infinite recursion on persistence core on initMorgan Fainberg2014-09-231-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Raise an AttributeError for lookup on 'token_provider_api' within the __getattr__ on the keystone.token.persistence.core.Manager class. The __getattr__ will be called on dependency injection process dependencies and attempt to do a lookup on .token_provider_api, which nets an infinite recursion. If an AttributeError is raised the dependency processor will set the value correctly. Once the 'token_provider_api' attribute is set, __getattr__ is no longer called as the value is in the instantiated object's __dict__. Change-Id: I4af79f4568429dea27c1e11e5a77cefa5afc792c Closes-Bug: #1373167
* | | | | | Merge "Imported Translations from Transifex"Jenkins2014-09-244-81/+101
|\ \ \ \ \ \
| * | | | | | Imported Translations from TransifexOpenStack Proposal Bot2014-09-244-81/+101
| |/ / / / / | | | | | | | | | | | | | | | | | | Change-Id: I8089f75c9c64786b629787f343622ac72032562c
View Lorry Controller Status