summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Make sure audit middleware use own context" into stable/rockyrocky-em5.2.2stable/rockyZuul2020-01-284-10/+18
|\
| * Make sure audit middleware use own contextLeehom Li (feli5)2019-04-294-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | Keystone audit middleware requires to iterate req.context as dict, but Glance requires to access req.context.read_only. When glance enabled audit, they are conflict with each other. This patch fix this issue by store audit context in req.environ['audit.context'] Change-Id: Ib9a62a4cd0b7b9ffb9fa2d6440e8072d45ee0fee Closes-Bug: #1809101 Signed-off-by: Leehom Li <feli5@cisco.com> (cherry picked from commit 82707e15a5bce8de2d33b1c865c96844c9770580)
* | Make tests pass in 2022Bernhard M. Wiedemann2020-01-238-10/+22
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Background: As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future. The usual offset is +15 years, because that is how long I expect some software will be used in some places. This showed up failing tests in our package build. See https://reproducible-builds.org/ for why this matters. This makes it expire 1 year in the future to model realistic tokens. NOTE: in addition to the orginal backport, this patch adds the following changes. The changes has to be combined into a single patch in order to avoid circular dependencies. 1. fixed the hadcoded token expiration date in keystonemiddleware/tests/unit/client_fixtures.py. This is using the same technique in the original backport. 2. fixed bandit complains in keystonemiddleware/auth_token/_request.py. The request environment variable names are not tokens. We'll need to mark them as false positives so bandit can stop chirping. 3. updated the lower constraint for python-memcached to 1.59 to be consistent with openstack/requirements 4. combined with cherry pick from commit 0a65b1420799e7c7f8736e9f6c234f755ab5ac6b to avoid circular dependency. Without combining them, neither backport will pass all the gates. 5. combined with cherry pick from commmit e93d078958047ebc15159224e2068acdd8e6b768 to avoid circular dependency. Without combining them, neither backport will pass all the gates. Change-Id: I73bde68be53afff4e8dff12d756b8381f34b2adb (cherry picked from commit 0a65b1420799e7c7f8736e9f6c234f755ab5ac6b) (cherry picked from commit e93d078958047ebc15159224e2068acdd8e6b768) (cherry picked from commit 4a4c96ce9b28ed54f93a21ca405c5b34ef3c3429)
* OpenDev Migration Patch5.2.1OpenDev Sysadmins2019-04-191-1/+1
| | | | | | | | | | | | | | | This commit was bulk generated and pushed by the OpenDev sysadmins as a part of the Git hosting and code review systems migration detailed in these mailing list posts: http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html Attempts have been made to correct repository namespaces and hostnames based on simple pattern matching, but it's possible some were updated incorrectly or missed entirely. Please reach out to us via the contact information listed at https://opendev.org/ with any questions you may have.
* Skip the services with no endpoints when parsing service catalogGuang Yee2018-10-293-0/+29
| | | | | | | | | | When parsing the service catalog to find the source, audit middleware should skip over the services which have no endpoints instead of assuming they will have at least one endpoint. Change-Id: I287873e99338d95baaf20d52ecb3a43763a401fc Closes-Bug: #1800017 (cherry picked from commit 6779838a242b222672721407cc320672ab24067a)
* Merge "import zuul job settings from project-config" into stable/rockyZuul2018-09-101-0/+10
|\
| * import zuul job settings from project-configDoug Hellmann2018-08-291-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a mechanically generated patch to complete step 1 of moving the zuul job settings out of project-config and into each project repository. Because there will be a separate patch on each branch, the branch specifiers for branch-specific jobs have been removed. Because this patch is generated by a script, there may be some cosmetic changes to the layout of the YAML file(s) as the contents are normalized. See the python3-first goal document for details: https://governance.openstack.org/tc/goals/stein/python3-first.html Change-Id: I67659243ab1c609d20d8305a38322937997c48aa Story: #2002586 Task: #24304
* | Remove tox_install.shLance Bragstad2018-09-073-40/+6
|/ | | | | | | | | | | | | | As part of removing reliance on the old and deprecated zuul-cloner, we need to shift constraints declaration to the deps line. This means we unfortunately have to duplicate the extras declarations into test-requirements - because otherwise the contraints for keystonemiddleware conflicts with the installation of itself. Conflicts: Updated tox.ini to pull stable/rocky constraints Change-Id: I8dbb31d1c1fda6df386f456dcf1d8bbed6d168ce (cherry picked from commit 9a6875d479c22b81b47f545253f674a8c6221331)
* Update UPPER_CONSTRAINTS_FILE for stable/rockyOpenStack Release Bot2018-07-261-1/+1
| | | | | | | | | | | | | | | | | | The new stable upper-constraints file is only available after the openstack/requirements repository is branched. This will happen around the RC1 timeframe. Recheck and merge this change once the requirements repository has been branched. The CI system will work with this patch before the requirements repository is branched because zuul configues the job to run with a local copy of the file and defaults to the master branch. However, accepting the patch will break the test configuration on developers' local systems, so please wait until after the requirements repository is branched to merge the patch. Change-Id: I6ee28c13cba172d99fe41d173aa95158f028a36f
* Update .gitreview for stable/rockyOpenStack Release Bot2018-07-261-0/+1
| | | | Change-Id: I2b0b95d0dfc40ad2c349ab93e002d16c93fd83bb
* Fix KeystoneMiddleware memcachepool abstraction5.2.0Morgan Fainberg2018-07-183-1/+36
| | | | | | | | | | Keystonemiddleware's abstraction for the memcache pool was broken when converting to use a queue.Queue. The logic that placed the connection back into the pool was moved to .acquire and the reserve method was not using acquire. Change-Id: I0eda5981cbb661f63790258cf8e70c7340615159 Closes-Bug: #1782404
* Merge "fix tox python3 overrides"Zuul2018-06-071-0/+7
|\
| * fix tox python3 overridesDoug Hellmann2018-06-061-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We want to default to running all tox environments under python 3, so set the basepython value in each environment. We do not want to specify a minor version number, because we do not want to have to update the file every time we upgrade python. We do not want to set the override once in testenv, because that breaks the more specific versions used in default environments like py35 and py36. Change-Id: I21491f302cbc6ca7a9b5ac12c487cf214bf4866e Signed-off-by: Doug Hellmann <doug@doughellmann.com>
* | Merge "Follow the new PTI for document build"Zuul2018-06-065-19/+14
|\ \ | |/ |/|
| * Follow the new PTI for document buildmelissaml2018-06-065-19/+14
| | | | | | | | | | | | | | | | | | | | For compliance with the Project Testing Interface as described in: https://governance.openstack.org/tc/reference/project-testing-interface.html http://lists.openstack.org/pipermail/openstack-dev/2017-December/125710.html http://lists.openstack.org/pipermail/openstack-dev/2018-March/128594.html Co-Authored-By: Nguyen Hai <nguyentrihai93@gmail.com> Change-Id: Ia0a27229f09467980ff4af014001febb017bb36d
* | Merge "Don't rely on pbr ChangeLog for docs"Zuul2018-06-062-4/+2
|\ \
| * | Don't rely on pbr ChangeLog for docsColleen Murphy2018-05-242-4/+2
| |/ | | | | | | | | | | | | | | | | | | | | The ChangeLog file is generated when we run `python setup.py sdist`, which doesn't naturally happen when we run `tox -edocs`, so on a fresh clone the docs build will fail because it references the ChangeLog file which isn't there. Since we don't rely on pbr any more for release notes and we have a sophisticated release note management tool, point the docs at the published release notes instead of the pbr ChangeLog. Change-Id: I614091eae739154337795a8f120b68686ad0ed0a
* | Merge "Switch coverage tox env to stestr"Zuul2018-06-062-3/+9
|\ \
| * | Switch coverage tox env to stestrColleen Murphy2018-05-312-3/+9
| |/ | | | | | | | | | | | | | | | | | | We already switched the unit tests to follow the updated PTI guidelines[1] but neglected to switch the coverage environment. Do that now. [1] https://governance.openstack.org/tc/reference/pti/python.html#python-test-running Change-Id: Ie153516196f18c030ea58e76a0eac15c86169c6b
* | Fix the title in index.rstwangxiyuan2018-05-251-0/+1
|/ | | | | | | The titles in the index.rst can't be shown in the webpage. This patch adds them back. Change-Id: I56febf6cb137b7f6dbc05365d48159be36d18c13
* Merge "Introduce new header for system-scoped tokens"5.1.0Zuul2018-05-095-0/+48
|\
| * Introduce new header for system-scoped tokensLance Bragstad2018-05-025-0/+48
| | | | | | | | | | | | | | | | | | | | Keystonemiddleware attempts to parse user/service tokens and populate request headers for other services to consume. This information is important for services looking to build oslo.context objects from request environments. Change-Id: I0717c2a5207a647999b4f9bcdf11f728984f0812 Closes-Bug: 1766731
* | Imported Translations from ZanataOpenStack Proposal Bot2018-05-012-11/+67
|/ | | | | | | For more information about this automatic import see: https://docs.openstack.org/i18n/latest/reviewing-translation-import.html Change-Id: I27a90c1f3132af5cbbeb18a6e59f88f5fe387a36
* Merge "Double quote www_authenticate_uri"Zuul2018-04-213-10/+16
|\
| * Double quote www_authenticate_uriwangxiyuan2018-04-123-10/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on the RFCs[1], in http header, a string of text is parsed as a single value if it is quoted using double-quote marks. This patch change the single quote to double quote in the header "WWW-Authenticate" which is returned when 401 error raises. [1]: https://tools.ietf.org/html/rfc7230#section-3.2.6 https://tools.ietf.org/html/rfc7235#section-2.1 Change-Id: I524c93d30607ea6ab70de92ceea207ee77f34c25 Closes-bug: #1762362
* | Merge "Only include response body if there's a response"Zuul2018-04-202-3/+23
|\ \
| * | Only include response body if there's a responseTim Burke2018-04-102-3/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When handling timeouts talking to the keystone server, you may see log messages like authtoken: Bad response code while validating token: 408 authtoken: Token validation failure. <traceback> AttributeError: 'NoneType' object has no attribute 'text' Since there's no response from the server when keystoneclient raises RequestTimeout [1], the `response` attribute is understandably None. Now, only log the response text if there's text to log. Additionally, log the response message (as well as status code) to provide as much context as we can for the error. [1] https://github.com/openstack/python-keystoneclient/blob/3.15.0/keystoneclient/session.py#L469 Change-Id: Id400e4c38d07cbe7e1866dd572a17fc54c31e82a
* | | Merge "Remove empty files"Zuul2018-04-201-0/+0
|\ \ \
| * | | Remove empty filesNguyen Hung Phuong2018-02-221-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | examples/pki/cms/revocation_list.der is empty file. We probably should delete it. Change-Id: I15da1d514de07b76cf20d8fdf95cb11ffe816a70
* | | | Merge "Properly zero out max_retries in test_http_error_not_cached_token"Zuul2018-04-201-1/+1
|\ \ \ \
| * | | | Properly zero out max_retries in test_http_error_not_cached_tokenTim Burke2018-04-101-1/+1
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we'd set _http_request_max_retries to 0, but that attribute was removed in 1.3.0. Now, test runs are several seconds faster when tests are executed serially. Related-Change: Id092e8f42f843dbfbc1c30589b50ba341ccf4aae Change-Id: I61d9b9617b1118d0696435d028bbda7a6c119bf8
* | | | Fix the doc CI failurewangxiyuan2018-04-201-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CI job now uses pip >= 10.0.0 to install the package. In pip >= 10.0.0, if the package name is missing, the command "pip install -U" returns error, but in pip < 10.0.0 it just logs warning. So this patch make sure the package name exists first. Change-Id: Id900640a7133f837ece8c6c0e7d2e4c17665a53d
* | | | add lower-constraints job5.0.0Doug Hellmann2018-04-093-0/+100
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create a tox environment for running the unit tests against the lower bounds of the dependencies. Create a lower-constraints.txt to be used to enforce the lower bounds in those tests. Add openstack-tox-lower-constraints job to the zuul configuration. See http://lists.openstack.org/pipermail/openstack-dev/2018-March/128352.html for more details. Change-Id: Ief8bbf14effa1266c62c4600f889a18f1fdbde32 Depends-On: https://review.openstack.org/555034 Signed-off-by: Doug Hellmann <doug@doughellmann.com>
* | | Merge "Update links in README"Zuul2018-04-061-2/+2
|\ \ \
| * | | Update links in READMEwanghui2018-03-281-2/+2
| |/ / | | | | | | | | | | | | | | | Change the outdated links to the latest links in README Change-Id: Ifbdc011b4ac998abc82e129568481d6ca2b2114f
* | | Merge "Remove kwargs_to_fetch_token"Zuul2018-04-043-19/+7
|\ \ \ | |/ / |/| |
| * | Remove kwargs_to_fetch_tokenwangxiyuan2018-02-223-19/+7
| | | | | | | | | | | | | | | | | | | | | kwargs_to_fetch_token was deprecated and should be removed in Rocky now. Change-Id: Ic247efb84c5133449ead6a9864bbd7748e5e74bd
* | | Merge "Fix the AttributeError: __exit__ error"Zuul2018-03-242-3/+8
|\ \ \
| * | | Fix the AttributeError: __exit__ errorwangxiyuan2018-02-222-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The memcache client class actually has no __exit__ function. Remove the "with" usage to avoid the __exit__ error. Change-Id: I15b3d08f4afae289e7eb0848ff1db08141196d3c Closes-Bug: #1747565
* | | | Merge "Add arguments for MemcacheClientPool init"Zuul2018-03-242-2/+18
|\ \ \ \ | |/ / /
| * | | Add arguments for MemcacheClientPool initwangxiyuan2018-02-222-2/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now keystonemiddleware use oslo.cache to init the MemcacheClientPool. The MemcacheClientPool in Olso.cache needs (urls, arguments, **kwargs) parameter to init, but keystonemiddleware passed only (urls, **kwargs). Then it leads the error: __init__() takes exactly 3 arguments (2 given) This patch fixed this issue. Please note that even this error is fixed, set "memcache_use_advanced_pool = True" will lead another error, see bug #1747565 for the detail. It will be fixed in the following patch. Closes-bug: #1748160 Change-Id: I642f959ab8b010207314312a6b6a06a6de23e92c
* | | | Updated from global requirementsOpenStack Proposal Bot2018-03-232-2/+2
| | | | | | | | | | | | | | | | Change-Id: I71330bf5adcdd55a1a782189a29886f9189dddd0
* | | | Updated from global requirementsOpenStack Proposal Bot2018-03-173-3/+3
| | | | | | | | | | | | | | | | Change-Id: Ia31fc31bd33e85622a15bc383cf1bb7af753de7e
* | | | Merge "Update home-page url"Zuul2018-03-161-1/+1
|\ \ \ \
| * | | | Update home-page urlmelissaml2018-02-261-1/+1
| |/ / / | | | | | | | | | | | | | | | | | | | | The url of home-page is out of date. We need update it. Change-Id: I9b9b3033d3fdb7c1db5eea090b558c160c673243
* | | | Imported Translations from ZanataOpenStack Proposal Bot2018-03-014-32/+15
|/ / / | | | | | | | | | | | | | | | | | | For more information about this automatic import see: https://docs.openstack.org/i18n/latest/reviewing-translation-import.html Change-Id: I6a01826b6e09db2374626ec55ed2477f9002f589
* | | Merge "Identify the keystone service when raising 503"Zuul2018-02-204-3/+19
|\ \ \
| * | | Identify the keystone service when raising 503Chris Dent2018-02-204-3/+19
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the keystonemiddleware is used directly in the WSGI stack of an application, the 503 that is raised when the keystone service errors or cannot be reached needs to identify that keystone is the service that has failed, otherwise it appears to the client that it is the service they are trying to access is down, which is misleading. This addresses the problem in the most straightforward way possible: the exception that causes the 503 is given a message including the word "Keystone". The call method in BaseAuthTokenTestCase gains an expected_body_string kwarg. If not None, the response body (as a six.text_type) is compared with the value. Change-Id: Idf211e7bc99139744af232f5ea3ecb4be41551ca Closes-Bug: #1747655 Closes-Bug: #1749797
* | | Merge "Add option to disable using oslo_message notifier"Zuul2018-02-204-1/+32
|\ \ \
| * | | Add option to disable using oslo_message notifierStefan Nica2018-02-204-1/+32
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a configuration option, 'use_oslo_messaging', to indicate whether to use oslo_messaging notifier. It is set to true for backwards compatibility. We can't use audit middleware with services like Swift, which have no dependency on Oslo and does not work well with oslo_log. Swift uses rsyslog. Currently, audit middleware indiscriminately chooses oslo_messaging if the package is installed. This is problematic if Swift proxy is on the same controller as any service which consumes oslo_messaging. With this new option, Swift can now safely consume audit middleware by electing to use local log notifier instead of oslo_messaging. Change-Id: I87bf857c20e4b78e97d40dcc51a1b4ff0014abb2 Closes-Bug: #1695038
View Lorry Controller Status