| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Keystone audit middleware requires to iterate req.context as dict,
but Glance requires to access req.context.read_only.
When glance enabled audit, they are conflict with each other.
This patch fix this issue by store audit context in
req.environ['audit.context']
Change-Id: Ib9a62a4cd0b7b9ffb9fa2d6440e8072d45ee0fee
Closes-Bug: #1809101
Signed-off-by: Leehom Li <feli5@cisco.com>
(cherry picked from commit 82707e15a5bce8de2d33b1c865c96844c9770580)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Background:
As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future.
The usual offset is +15 years, because that is how long I expect some software will be used in some places.
This showed up failing tests in our package build.
See https://reproducible-builds.org/ for why this matters.
This makes it expire 1 year in the future to model realistic tokens.
NOTE: in addition to the orginal backport, this patch adds the following
changes. The changes has to be combined into a single patch in order to
avoid circular dependencies.
1. fixed the hadcoded token expiration date in
keystonemiddleware/tests/unit/client_fixtures.py. This is using the same
technique in the original backport.
2. fixed bandit complains in keystonemiddleware/auth_token/_request.py.
The request environment variable names are not tokens. We'll need to
mark them as false positives so bandit can stop chirping.
3. updated the lower constraint for python-memcached to 1.59 to be
consistent with openstack/requirements
4. combined with cherry pick from commit
0a65b1420799e7c7f8736e9f6c234f755ab5ac6b to avoid circular dependency. Without
combining them, neither backport will pass all the gates.
5. combined with cherry pick from commmit
e93d078958047ebc15159224e2068acdd8e6b768 to avoid circular dependency. Without
combining them, neither backport will pass all the gates.
Change-Id: I73bde68be53afff4e8dff12d756b8381f34b2adb
(cherry picked from commit 0a65b1420799e7c7f8736e9f6c234f755ab5ac6b)
(cherry picked from commit e93d078958047ebc15159224e2068acdd8e6b768)
(cherry picked from commit 4a4c96ce9b28ed54f93a21ca405c5b34ef3c3429)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html
Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
|
|
|
|
|
|
|
|
|
|
| |
When parsing the service catalog to find the source, audit middleware
should skip over the services which have no endpoints instead of
assuming they will have at least one endpoint.
Change-Id: I287873e99338d95baaf20d52ecb3a43763a401fc
Closes-Bug: #1800017
(cherry picked from commit 6779838a242b222672721407cc320672ab24067a)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a mechanically generated patch to complete step 1 of moving
the zuul job settings out of project-config and into each project
repository.
Because there will be a separate patch on each branch, the branch
specifiers for branch-specific jobs have been removed.
Because this patch is generated by a script, there may be some
cosmetic changes to the layout of the YAML file(s) as the contents are
normalized.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I67659243ab1c609d20d8305a38322937997c48aa
Story: #2002586
Task: #24304
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of removing reliance on the old and deprecated zuul-cloner, we
need to shift constraints declaration to the deps line. This means we
unfortunately have to duplicate the extras declarations into
test-requirements - because otherwise the contraints for
keystonemiddleware conflicts with the installation of itself.
Conflicts:
Updated tox.ini to pull stable/rocky constraints
Change-Id: I8dbb31d1c1fda6df386f456dcf1d8bbed6d168ce
(cherry picked from commit 9a6875d479c22b81b47f545253f674a8c6221331)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new stable upper-constraints file is only available
after the openstack/requirements repository is branched.
This will happen around the RC1 timeframe.
Recheck and merge this change once the requirements
repository has been branched.
The CI system will work with this patch before the requirements
repository is branched because zuul configues the job to run
with a local copy of the file and defaults to the master branch.
However, accepting the patch will break the test configuration
on developers' local systems, so please wait until after the
requirements repository is branched to merge the patch.
Change-Id: I6ee28c13cba172d99fe41d173aa95158f028a36f
|
|
|
|
| |
Change-Id: I2b0b95d0dfc40ad2c349ab93e002d16c93fd83bb
|
|
|
|
|
|
|
|
|
|
| |
Keystonemiddleware's abstraction for the memcache pool was broken
when converting to use a queue.Queue. The logic that placed the
connection back into the pool was moved to .acquire and the reserve
method was not using acquire.
Change-Id: I0eda5981cbb661f63790258cf8e70c7340615159
Closes-Bug: #1782404
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We want to default to running all tox environments under python 3, so
set the basepython value in each environment.
We do not want to specify a minor version number, because we do not
want to have to update the file every time we upgrade python.
We do not want to set the override once in testenv, because that
breaks the more specific versions used in default environments like
py35 and py36.
Change-Id: I21491f302cbc6ca7a9b5ac12c487cf214bf4866e
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For compliance with the Project Testing Interface as described in:
https://governance.openstack.org/tc/reference/project-testing-interface.html
http://lists.openstack.org/pipermail/openstack-dev/2017-December/125710.html
http://lists.openstack.org/pipermail/openstack-dev/2018-March/128594.html
Co-Authored-By: Nguyen Hai <nguyentrihai93@gmail.com>
Change-Id: Ia0a27229f09467980ff4af014001febb017bb36d
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The ChangeLog file is generated when we run `python setup.py sdist`,
which doesn't naturally happen when we run `tox -edocs`, so on a fresh
clone the docs build will fail because it references the ChangeLog file
which isn't there. Since we don't rely on pbr any more for release notes
and we have a sophisticated release note management tool, point the docs
at the published release notes instead of the pbr ChangeLog.
Change-Id: I614091eae739154337795a8f120b68686ad0ed0a
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We already switched the unit tests to follow the updated PTI
guidelines[1] but neglected to switch the coverage environment. Do that
now.
[1] https://governance.openstack.org/tc/reference/pti/python.html#python-test-running
Change-Id: Ie153516196f18c030ea58e76a0eac15c86169c6b
|
|/
|
|
|
|
|
| |
The titles in the index.rst can't be shown in the webpage.
This patch adds them back.
Change-Id: I56febf6cb137b7f6dbc05365d48159be36d18c13
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Keystonemiddleware attempts to parse user/service tokens and populate
request headers for other services to consume. This information is
important for services looking to build oslo.context objects from
request environments.
Change-Id: I0717c2a5207a647999b4f9bcdf11f728984f0812
Closes-Bug: 1766731
|
|/
|
|
|
|
|
| |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I27a90c1f3132af5cbbeb18a6e59f88f5fe387a36
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Based on the RFCs[1], in http header, a string of text is parsed
as a single value if it is quoted using double-quote marks.
This patch change the single quote to double quote in the header
"WWW-Authenticate" which is returned when 401 error raises.
[1]: https://tools.ietf.org/html/rfc7230#section-3.2.6
https://tools.ietf.org/html/rfc7235#section-2.1
Change-Id: I524c93d30607ea6ab70de92ceea207ee77f34c25
Closes-bug: #1762362
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When handling timeouts talking to the keystone server, you may see log
messages like
authtoken: Bad response code while validating token: 408
authtoken: Token validation failure.
<traceback>
AttributeError: 'NoneType' object has no attribute 'text'
Since there's no response from the server when keystoneclient raises
RequestTimeout [1], the `response` attribute is understandably None.
Now, only log the response text if there's text to log. Additionally,
log the response message (as well as status code) to provide as much
context as we can for the error.
[1] https://github.com/openstack/python-keystoneclient/blob/3.15.0/keystoneclient/session.py#L469
Change-Id: Id400e4c38d07cbe7e1866dd572a17fc54c31e82a
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
examples/pki/cms/revocation_list.der
is empty file. We probably should delete it.
Change-Id: I15da1d514de07b76cf20d8fdf95cb11ffe816a70
|
|\ \ \ \ |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, we'd set _http_request_max_retries to 0, but that attribute
was removed in 1.3.0. Now, test runs are several seconds faster when
tests are executed serially.
Related-Change: Id092e8f42f843dbfbc1c30589b50ba341ccf4aae
Change-Id: I61d9b9617b1118d0696435d028bbda7a6c119bf8
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
CI job now uses pip >= 10.0.0 to install the package.
In pip >= 10.0.0, if the package name is missing, the command
"pip install -U" returns error, but in pip < 10.0.0 it
just logs warning.
So this patch make sure the package name exists first.
Change-Id: Id900640a7133f837ece8c6c0e7d2e4c17665a53d
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Create a tox environment for running the unit tests against the lower
bounds of the dependencies.
Create a lower-constraints.txt to be used to enforce the lower bounds
in those tests.
Add openstack-tox-lower-constraints job to the zuul configuration.
See http://lists.openstack.org/pipermail/openstack-dev/2018-March/128352.html
for more details.
Change-Id: Ief8bbf14effa1266c62c4600f889a18f1fdbde32
Depends-On: https://review.openstack.org/555034
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
|
|\ \ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Change the outdated links to the latest links in README
Change-Id: Ifbdc011b4ac998abc82e129568481d6ca2b2114f
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
kwargs_to_fetch_token was deprecated and should be
removed in Rocky now.
Change-Id: Ic247efb84c5133449ead6a9864bbd7748e5e74bd
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The memcache client class actually has no __exit__ function.
Remove the "with" usage to avoid the __exit__ error.
Change-Id: I15b3d08f4afae289e7eb0848ff1db08141196d3c
Closes-Bug: #1747565
|
|\ \ \ \
| |/ / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Now keystonemiddleware use oslo.cache to init the
MemcacheClientPool. The MemcacheClientPool in
Olso.cache needs (urls, arguments, **kwargs) parameter
to init, but keystonemiddleware passed only
(urls, **kwargs). Then it leads the error:
__init__() takes exactly 3 arguments (2 given)
This patch fixed this issue.
Please note that even this error is fixed, set
"memcache_use_advanced_pool = True" will lead another
error, see bug #1747565 for the detail. It will be
fixed in the following patch.
Closes-bug: #1748160
Change-Id: I642f959ab8b010207314312a6b6a06a6de23e92c
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I71330bf5adcdd55a1a782189a29886f9189dddd0
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Ia31fc31bd33e85622a15bc383cf1bb7af753de7e
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
The url of home-page is out of date. We need update it.
Change-Id: I9b9b3033d3fdb7c1db5eea090b558c160c673243
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I6a01826b6e09db2374626ec55ed2477f9002f589
|
|\ \ \ |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the keystonemiddleware is used directly in the WSGI stack of an
application, the 503 that is raised when the keystone service errors
or cannot be reached needs to identify that keystone is the service
that has failed, otherwise it appears to the client that it is the
service they are trying to access is down, which is misleading.
This addresses the problem in the most straightforward way possible:
the exception that causes the 503 is given a message including the
word "Keystone".
The call method in BaseAuthTokenTestCase gains an
expected_body_string kwarg. If not None, the response body (as
a six.text_type) is compared with the value.
Change-Id: Idf211e7bc99139744af232f5ea3ecb4be41551ca
Closes-Bug: #1747655
Closes-Bug: #1749797
|
|\ \ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a configuration option, 'use_oslo_messaging', to indicate whether
to use oslo_messaging notifier. It is set to true for backwards
compatibility.
We can't use audit middleware with services like Swift, which have no
dependency on Oslo and does not work well with oslo_log. Swift uses rsyslog.
Currently, audit middleware indiscriminately chooses oslo_messaging if the
package is installed. This is problematic if Swift proxy is on the same
controller as any service which consumes oslo_messaging. With this new option,
Swift can now safely consume audit middleware by electing to use local
log notifier instead of oslo_messaging.
Change-Id: I87bf857c20e4b78e97d40dcc51a1b4ff0014abb2
Closes-Bug: #1695038
|