| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| | |
Change-Id: Ibc5b7875f9f374f46d8011fa37bb33e97ffb4bcc
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| | |
This makes submitting change for stable more simple.
Change-Id: Iafcf46800523d6e8d13e58c22e9cc808544b6984
|
| |/
|
|
|
|
|
|
|
| |
The "insecure" option was being treated as a bool when it was
actually provided as a string. The fix is to parse the string to
a bool.
Closes-Bug: 1411063
Change-Id: Id674f40532215788675c97a8fdfa91d4420347b3
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current way of using Popen does not close pipes properly,
and therefore long-running keystone processes, which depends on
keystoneclient.common.cms for data sigining, eventually hit
open file limit and stop working. Passing close_fds=True seems
to have solved the problem.
Change-Id: Ife452ab6843c1af5eb39debb8db453e45f78cba9
Closes-Bug: 1382906
|
| | |
| |
| |
| | |
Change-Id: Ib34efa77d08998f2c8ee5902623da990262da0e0
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| | |
Rules examples in ``create`` and ``update`` methods should be list of
rules, as this is what should be passed as an argument.
Change-Id: Ibebc28aa0697879b00437c5efe31e1c0d7c4c29d
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Running the tests with an old version of OpenSSL
results in many tests breaking without any hints
of the real cause. This handles that explictly,
stopping execution whenever the version is older
than 1.0 and exiting with an informative message.
Co-Authored-By: Rodrigo Duarte Sousa <rodrigods@lsd.ufcg.edu.br>
Closes-Bug: 1225084
Change-Id: I55e151d3fb4ddbe5ee4bf64bfdc597b4da73f6bb
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* keystoneclient/tests/v2_0/test_shell.py
(ShellTests.test_user_create_password_prompt): Remove the password
from the calling environment and fake out the check for an
interactive terminal session so that the code which implements
password prompting will actually be exercised.
Change-Id: I46f45553995316c7d006a83897413d57e127e48c
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Left timeutils and strutils in openstack/common since they are used in
openstack/common/apiclient and memorycache.
Change-Id: Idb5f09c159d907dfba84cd1f7501f650318af7d9
|
| |/ /
| |
| |
| |
| |
| |
| | |
Some of the docstrings have ``:return:`` instead of ``:returns:``
keyword. This patch fixes that and make it consistent.
Change-Id: I4321a63798ab9e2abdf0bbd716bf2b995be22ba3
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
By logging the sha1 hash of the token, it can be tracked through
different services.
Closes-bug: #1329301
Change-Id: I9c338f6a418ab8dd34dbaaf918b0ea6e9cbe79d7
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| | |
Created a private method to build URL queries.
Change-Id: Iaa480443e34073fa39d13d2452cd13c267a2bdd5
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you invoke any OpenStack API of any of the OpenStack services
e.g. glance, neutron, cinder, heat, ceilometer, nova, keystone
then it logs readable x-subject-token at the debug log level in the
respective log files.
Simply redacting the x-subject-token in keystone client response header
before logging it.
SecurityImpact
Closes-Bug: #1371355
Change-Id: Iac16c6358250677544761beea9f5c5d8ba29afac
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Address some issues that came up because of hacking upgrade.
But ignoring H904 since the slashes are valid, as they are in
comments, not code.
Change-Id: Ie8a94fc71632e4130c2ec663a5c6d3f2042f8263
Closes-Bug: #1328469
|
| |\ \ \ |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
cms_sign_data was not passing the md parameter to openssl, so it was
using the default digest of sha1. Some security standards require a
SHA2 algorithm for the digest.
This if for security hardening.
SecurityImpact
Change-Id: Iff063149e1f12df69bbf9015222d09d798980872
Closes-Bug: #1362343
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Removal of a spelling error.
Change-Id: If59dec6c226e86177019b665a5f0a0e5d42e6316
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Creating a client with a session using an Unscoped tokens now sets auth
info in client. This Auth Info is necessary in order to enumerate
projects. This is the standard login path for Horizon.
Change-Id: I688a27cd0e7c98e7cf899ac65bb593a85171813f
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove intersphinx from the docs build as it triggers network calls that
occasionally fail, and we don't really use intersphinx (links other
sphinx documents out on the internet)
This also removes the requirement for internet access during docs build.
This can cause docs jobs to fail if the project errors out on
warnings.
Change-Id: I71e941e2a639641a662a163c682eb86d51de42fb
Related-Bug: #1368910
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Do not iterate action.choices in the method add_arguments
in the class OpenStackHelpFormatter if action.choices is
not iterable because it is none.
Change-Id: Ie7110adb798326e5856fddfb6a7365c663b84998
Closes-Bug: #1372152
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When running with a havana-level of oslo.config (<1.3.0),
applications with any config options in their api-paste.ini will
fail to start with an error like
'StrOpt' object has no attribute 'type'
This is because the config options didn't have a type attribute
until 1.3.0.
During the grenade test, the havana level of oslo.config is used,
while the master level of keystoneclient is used, and also in the
havana tests the services are still using the keystoneclient
auth_token middleware.
Change-Id: I745c3e04f18941a2d41e191d43f61b926522bb9d
Closes-Bug: #1372422
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In the existing code, self.ssl_insecure is a string. If insecure
option is set in nova api-paste.ini, whatever it is 'true' or
'false', kwargs['verify'] will become False. This commit corrects
the condition expression. This patch is backported from
https://review.openstack.org/#/c/113191/
Change-Id: I91db8e1cb39c017167a4160079846ac7c0663b03
Closes-Bug: 1353315
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Authentication workflow for the Active Directory Federated Services
(ADFS) by Microsoft is different from 'standard' ECP based one.
This plugin allows for authentication and fetching security token with SAML2
assertion inside, sending to the Service Provide and retrieving an
unscoped token.
Change-Id: I588de1967a7fb92c5928686d092895847553923a
Implements: blueprint add-saml2-cli-authentication
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: Ib2ab829ed777a4f2fb13ec7426dffef99a4118ab
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When calculating the AWS Signature Version 4, in the case of POST,
We need to set the CanonicalQueryString to an empty string. this
follows the implementation of the AWS and boto clients.
Change-Id: Iad4e392119067e246c7b77009da3fef48d251382
Closes-Bug: 1360892
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: I67a599e362685f7990175fb5668e6909d670a225
|
| | |/ / / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This adds the client library class for the endpoint policy extension.
Implements: bp endpoint-policy
Change-Id: I7153d7a093f4299d7f912b0b4a9a02ffacdb9e69
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Federated tokens don't include domains in the user object.
Keystoneclient should be able to estimate whether the token is a
federated one and, if so, don't expect user domain information.
In case of the federated token keystoneclient returns None in response
to user_domain_name and user_domain_id calls.
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Closes-Bug: #1346820
Change-Id: I3453275fa1b0a41b1c015b0c3a92895a77d69a41
|
| |\ \ \ \ \ \ \ |
|
| | |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Connection Errors can be transient and there are many clients (including
auth_token middleware) that allow retrying requests that fail.
We should support this in the session, disabled by default, rather than
have multiple implementations for it.
For the moment I have purposefully not added it as an option to
Session.__init__ though I can see arguments for it. This can be added
later if there becomes a particular need.
I have also purposefully distinguished between Connection Errors (and
connect_retries) and HTTP errors. I don't know a good way to generalize
retrying on HTTP errors and they can be added later if required.
Blueprint: session-retries
Change-Id: Ia219636663980433ddb9c00c6df7c8477df4ef99
|
