diff options
author | Colleen Murphy <colleen@gazlene.net> | 2019-01-26 23:06:00 +0100 |
---|---|---|
committer | Colleen Murphy <colleen.murphy@suse.de> | 2019-07-15 16:05:59 -0700 |
commit | 5f093bf5ee9f8ed201f01bab9c9afbde0423df07 (patch) | |
tree | 90e46bfea194cc999b03e367cb9eb2572dcf011d /requirements.txt | |
parent | 2d3765ed565aba3b9793efcfc5c2d1ea534f1a0d (diff) | |
download | keystonemiddleware-5f093bf5ee9f8ed201f01bab9c9afbde0423df07.tar.gz |
Add validation of app cred access rules
This commit adds a validation step in the auth_token middleware to check
for the presence of an access_rules attribute in an application
credential token and to validate the request against the permissions
granted for that token. During token validation it sends a header to
keystone to indicate that it is capable of validating these access
rules, and not providing this header for a token like this would result
in the token failing validation. This disregards access rules for a
service request made by a service on behalf of a user, such as nova
making a request to glance, because such a request is not under the
control of the user and is not expected to be explicitly allowed in the
access rules.
bp whitelist-extension-for-app-creds
Depends-On: https://review.opendev.org/670377
Change-Id: I185e0541d5df538d74edadf9976b3034a2470c88
Diffstat (limited to 'requirements.txt')
-rw-r--r-- | requirements.txt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/requirements.txt b/requirements.txt index 80b26d4..d3f07ce 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -keystoneauth1>=3.4.0 # Apache-2.0 +keystoneauth1>=3.12.0 # Apache-2.0 oslo.cache>=1.26.0 # Apache-2.0 oslo.config>=5.2.0 # Apache-2.0 oslo.context>=2.19.2 # Apache-2.0 @@ -12,7 +12,7 @@ oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 oslo.utils>=3.33.0 # Apache-2.0 pbr!=2.1.0,>=2.0.0 # Apache-2.0 pycadf!=2.0.0,>=1.1.0 # Apache-2.0 -python-keystoneclient>=3.10.0 # Apache-2.0 +python-keystoneclient>=3.20.0 # Apache-2.0 requests>=2.14.2 # Apache-2.0 six>=1.10.0 # MIT WebOb>=1.7.1 # MIT |