| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
... so that the middleware can be loaded using the python egg instead
of the direct path.
Closes-Bug: #1940738
Change-Id: I57408766c120d2c9784f3886457e91ee7d30de1b
|
| |/
|
|
|
|
|
|
|
|
|
| |
... so that its options can be rendered by oslo-config-generator by
adding the entry point.
This change also updates the base oslo.middleware entry point to
include options of the middleware because the base entry point is
supposed to include all options in the oslo.middleware library.
Closes-Bug: #1940747
Change-Id: Ic9d79d9c46fc1dc78aa4d089e36219b2a34f4099
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a middleware that can be used as an alternative to noauth in
standalone environments.
This middleware uses a password file which supports the Apache htpasswd
syntax. This file is read for every request, so no service restart is
required when changes are made.
The only password digest supported is bcrypt, and the ``bcrypt``
python library is used for password checks since it supports ``$2y$``
prefixed bcrypt passwords as generated by the Apache htpasswd utility.
Adapted from I874783b8ece0eedf27a94dfed5163d0c82f8b9de.
Change-Id: I3d80d86afd063af9fa2f411885dbd0dc65a7bbc7
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Add a warning in the doc to explain '/healthcheck' doesn't provide
any sort of check if the API actually works.
Change-Id: Ib4a065f31140f885d3de53e2423e7b4a6635f345
|
| |/
|
|
| |
Change-Id: I5efbe90ec103fbf25412b2dc2cc6d85ccbb90f83
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The __future__ module [1] was used in this context to ensure compatibility
between python 2 and python 3.
We previously dropped the support of python 2.7 [2] and now we only support
python 3 so we don't need to continue to use this module and the imports
listed below.
Imports commonly used and their related PEPs:
- `division` is related to PEP 238 [3]
- `print_function` is related to PEP 3105 [4]
- `unicode_literals` is related to PEP 3112 [5]
- `with_statement` is related to PEP 343 [6]
- `absolute_import` is related to PEP 328 [7]
[1] https://docs.python.org/3/library/__future__.html
[2] https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html
[3] https://www.python.org/dev/peps/pep-0238
[4] https://www.python.org/dev/peps/pep-3105
[5] https://www.python.org/dev/peps/pep-3112
[6] https://www.python.org/dev/peps/pep-0343
[7] https://www.python.org/dev/peps/pep-0328
Change-Id: I4bc9301f5045848545182ef98e47f343a95904c3
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change-Id: I53005107bf4c05809182dc3865c5dc72c77b1054
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove obsolete sections from setup.cfg
- Update classifiers
- Use newer openstackdocstheme version
- Switch to hacking 3.0, fix problems found
Change-Id: I539b00204279c7645ef4a3f804f64a1e7af30f05
|
| |/
|
|
|
|
|
|
| |
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I15fc9e39d69f817fb5db8ce7111d0397a25c94b0
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I spent a few days figuring out what was making the OS-FEDERATION
mapping rules create/update API calls return "413 Entity Too Large"
errors for our CentOS7/haproxy/apache/mod_wsgi/keystone/python2 setup.
To make this a bit easier for future users then I would like to include
max_request_body_size and its value in the response and also log the
error.
Retaining the "Request is too large." bit in the message is intended to
also make it easier to find where the limit is set.
Resulting log error in keystone looks like:
2019-07-04 06:52:13.217789 | ubuntu-bionic | INFO
[oslo_middleware.sizelimit] Request is too large. Larger than
max_request_body_size (114688).
Change-Id: Ic66882afba25222ab8464ac9194c5002c8666db1
Closes-Bug: #1835363
Signed-off-by: Johan Guldmyr <johan.guldmyr@csc.fi>
|
| |
|
|
| |
Change-Id: I0ab27098deb48de60b4d93cbedf59c1d0aa4f318
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
This requires an upgrade of WebOb to 1.8.0.
Change-Id: Ifb0abb958ca30f19b4937384d9d732e2dc4e35a5
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Py36 is more strict about escape sequences in strings. Regex patterns
often cause warnings due to not being normal escape sequences. This gets
rid of a few warnings by switching these regex strings to use raw
strings.
Change-Id: Ied16e55780f2bf73fac54e0afc8394af468a67b8
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
| |/
|
|
|
|
| |
Use latest release 1.1.0 and compatible changes w.r.t pep8
Change-Id: I80abc19501fafe2397f3362719182fea870fdca7
|
| |
|
|
|
|
|
|
|
| |
The detailed healthcheck output includes some potentially sensitive
information like stack traces of the service. This may be
unacceptable in some organizations and we should point it out in the
help for the option.
Change-Id: Ic10c29f39ef601e4c7873acb0d56e1ec8e4ebcb3
|
| |
|
|
|
|
|
|
| |
As of version 3.5.0 moxstub will be deprecated,
so remove it where it has been used.
Change-Id: Ic98f3035fd9dff165259e3d194ab5eea11469169
Signed-off-by: Chuck Short <chucks@redhat.com>
|
| |
|
|
|
|
|
| |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I633afcf1828de3c0dae91beb466b09a3cafe106e
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Method set_latent is deprecated in favor of method set_defaults in
e9c3a23e845d8c53b266a3b2e4ca7fb0a5a0425a, we don't use this method
in any project, it's safe to remove it now.
Closes-Bug: #1659051
Closes-Bug: #1642008
Change-Id: Ic7f0c3801f42ebafda81a1fa0b02bde6d15b545d
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Class HTTPProxyToWSGIMiddleware was no longer necessary in new release,
and it was deprecated for removal.
Change-Id: Id442cc216723dbe875f817c91d90d258f1bb2db6
Closes-Bug: #1714860
|
| | |
| |
| |
| |
| |
| |
| | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I0e00c208ae201a2ea0fb380e54d7b6d739fdc2ad
|
| |/
|
|
|
|
|
|
| |
_parse_rfc7239_header() did not parse properly
a Forwarded header with additional spaces
Closes-Bug: #1711573
Change-Id: Ic8b7f9698d7b3440005b17d249b1c8f0f66dae8a
|
| |
|
|
|
|
|
| |
charset is required when response with body
Closes-Bug: #1707127
Change-Id: I9921c67866d252f972954eed5afbc90389e06c3f
|
| |
|
|
| |
Change-Id: Ie988ab85d74f314a3c0ecc0f86ddd9dc48ab2305
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace deprecated inspect.getargspec [1] with
inspect.getfullargspec [2], which is not deprecated in Python 3.x
inspect.getargspec is kept for Python 2.x, as the new function is
not available for it.
This was causing keystone unit tests output to be flooded with
deprecation warnings [3]
[1] https://docs.python.org/3/library/inspect.html#inspect.getargspec
[2] https://docs.python.org/3/library/inspect.html#inspect.getfullargspec
[3] http://logs.openstack.org/43/474543/3/check/gate-keystone-python35/ae16a96/console.html.gz#_2017-06-15_22_15_16_925141
Change-Id: Ia37ac562122d6315be1ce1277a6753a9caf15998
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Defining configuration under cors.* blocks is deprecated. However, we
advertise [cors.subdomain] as a CORS section, and still throw a warning
if that section (that we list) is used in config files.
This was causing warnings in the keystone unit tests output, since the
generated config file does contain both of those listed sections [2].
[1] https://github.com/openstack/oslo.middleware/blob/master/oslo_middleware/cors.py#L200-L205
[2] https://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L587-L616
Change-Id: Ice114bf1fdceda7bf122f5fd6b98fc88a85c8ff3
|
| |
|
|
|
|
|
|
|
| |
We deprecate and change parameter enforce_type's default value to
True[1], and will remove it int the future, so don't need it anymore.
[1] https://review.openstack.org/328692
Change-Id: I243444f53e14543c5e4ae4c40d9582fb2d17e155
|
| |
|
|
|
|
|
|
| |
If an inbound header that validates against the regex ``req-$uuid`` is
passed in, we'll set it where oslo.context could later read it. This
creates a mechanism for parents to pass their request-id to children.
Change-Id: I5c5268e8680392395fbe04efe0124575ad8db468
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We discovered that Nova is using a local version of the request_id
header code because it's x-compute-request-id predates
x-openstack-request-id, and things were never migrated after the oslo
code was extracted. In order to let Nova use the base code (which may
become more complicated with inbound request-id setting) we need to
support a compat headers field, which is additional http header names
that should be set with the request-id value.
Change-Id: I18a92f8bf2f85fcf30d32be68bae58f64b135df0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Webob >=1.7.0 change its way to check if body is readable [1],
The is_body_readable() method returns False now. request.content_length
will be set when set request.body automatically, and if
request.context_length is None request.body will return returns b''.[3]
So just set request.body in test.
[1] https://github.com/Pylons/webob/commit/0e6fcbfbc58af6fdd4e125543bf8f5fb91b984c6
[2] https://github.com/Pylons/webob/blame/master/webob/request.py#L699
[3] https://github.com/Pylons/webob/blame/master/webob/request.py#L692
Closes-Bug: #1679658
Change-Id: I4e0932dd8664d96b2733c5d3b1fa846af0c7d132
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Log messages are no longer being translated.
This removes all use of the _LE, _LI, and _LW
translation markers to simplify logging and to
avoid confusion with new contributions.
See:
http://lists.openstack.org/pipermail/openstack-i18n/2016-November/002574.html
http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html
Change-Id: I797b5f0374d6f8ca1cb4641246cab414aa5466dd
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We need to pass into VersionInfo what one would expect from running:
setup.py --name
Right now we pass in say oslo_context and pbr fails if there is no .git in
the python source tree
Closes-Bug: #1662266
Change-Id: Ia1495af62a02410607c27f443af59dc20b052072
|
| |
|
|
|
|
|
|
|
| |
If an exception is caught by the catch_errors middleware the entire
request is dumped into the log including sensitive information like
tokens. Filter that information before outputting the failed request.
Closes-Bug: #1628031
Change-Id: I2563403993513c37751576223275350cac2e0937
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change-Id: Idb5ae55971e7f76348c224b1bea5c5e19c6278e0
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new StatsMiddleware is a Paste filter that examines the URL path and
request method, and sends a stat count and a timer to a statsd host
whose name is based on the path/method.
If your statsd is configured to send stats to Graphite, you'll end up
with stat names of the form:
timer.<appname>.<METHOD>.<path>.<from>.<url>
Because a dot has special meaning in Graphite, dots in API versions that
appear in the path will be replaced with _, so for example v2.1 becomes v2_1,
and v1.0 becomes v1_0.
Change-Id: Ieaffeded1bf81c0782d88f49b6f5209f11744899
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Openstack common has a wrapper for generating uuids. We should
use that function when generating uuids for consistency.
Change-Id: I50cd018b490dea341e6bcfb3034a0244194b4d99
Closes-Bug: #1082248
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1.As mentioned in [1], we should avoid using
six.iteritems to achieve iterators. We can
use dict.items instead, as it will return
iterators in PY3 as well. And dict.items/keys
will more readable. 2.In py2, the performance
about list should be negligible, see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: Ieb7b8a62ef5b8fae79fa41861ad3910ecad988c8
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If X-Auth-Token is logged in files, it may be caught by attackers.
This patch tries to replace token-id by * in log files.
Change-Id: Icf0cd9d4da37575d79a0da94ade979793ad0d3fa
Closes-Bug:#1646254
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The healthcheck middleware has actually wrongly been designed as a
filter, whereas it is its own application.
This patch fixes that by exporting the healthcheck middleware as an
application, while keeping the old behaviour for compatibility with
existing deployment.
Change-Id: I1ff43c71449f1955267faf6a85f4d70f705db097
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This makes sure that if the module organization change, nothing breaks.
Change-Id: Ib4fb1e2210a9cea6b12214e0d1e3570086ac2e68
|
