| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: Id5d2aed9115a4b8e325a4be34172d4e239256aa5
|
|
|
|
| |
Change-Id: I09b0b8728efddad7446db1e14931d9e65b4cfc6a
|
|
|
|
| |
Change-Id: I4133bb4bcb55083ba1934a442ef2da8ab8d19c88
|
|
|
|
|
|
|
|
|
|
|
|
| |
User password update hardcoded the endpoint_filter to always use the public
endpoint. This will break deployments where services behind the firewall have
no access to the public endpoint. Endpoint selection should be allowed
by the end user (i.e. openstack --os-interface internal user password set).
Closes-Bug: 1503459
Change-Id: Ib11d60cd8e81b99aedb27f1cbbf6b79218045cf0
(cherry picked from commit d47da3b59c581dd3bb6bd4d75de819d0fd734fa5)
|
|
|
|
| |
Change-Id: Ie7e77ced616d9e6d36fdc4fb75f51c6823ff057a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should sanitize the response body before logging to make sure we
aren't leaking through credentials like in the case of the response from
the os-initialize_connection volume API.
Closes-Bug: #1490693
NOTE(mriedem): The test is slightly different in kilo because the
_http_log_response method requires kwargs.
Change-Id: Ifd95d3fb624b4636fb72cc11762af62e00a026a0
(cherry picked from commit 3e26ff824801d5084791a52980021784e794e35f)
|
|
|
|
| |
Change-Id: I5d75bea647a6374c7c85ae6d818c635b496f6f4e
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sync common code to address changes made in dependencies and make branch
"stable/kilo" workable.
Cherry-pick commits 0cc741a, 2aacb111, ac17de97 from oslo-incubator
Change-Id: If746912c99a83806137ca96e0863c4ff2ea8d96c
Closes-Bug: #1480314
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The SAML plugin handles redirects in a custom manner but currently only
checks for the 302 redirect code. This doesn't cover the mod_auth_mellon
case which responds with a 303.
Also handle the 303 redirect case.
Change-Id: Idab5f381fcbfb8c561184845d3aa5c8aab142ecd
Closes-Bug: #1501918
(cherry picked from commit 9cd71c064c77a22a0a58084a2abab77b023017b5)
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The ; separator allows providing parameters to a type not separating
type options. This means that in strict type checks like those performed
by mod_auth_mellon the check for accept type fails.
Change-Id: Ieeaa74b304921daef68497fec77cc6629ab2f0a2
Closes-Bug: #1488722
(cherry picked from commit e0276c65364bcb8a4a3fe1ad1c91899b1325836c)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per:
http://lists.openstack.org/pipermail/openstack-dev/2015-August/072982.html
The location of subunit2html changed on the images in the gate
so update the path used in the post_test_hook.
Long-term we should just use what's in devstack-gate.
Change-Id: I5e50e7d7ad845aba26403df1df412c0a139a6dc7
Closes-Bug: #1491646
(cherry picked from commit 3e862bbb1e2a7b488cf2de43651270e6afbb82ad)
|
|
|
|
| |
Change-Id: If5ccc195b0415c3e8155103dfc86dffa834ad47a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OAuth test verifies that access_token manager's methods make requests with
certain parameters. It is supposed to use values from mocked http handler
and compare them with referential values acquired from oauth client.
But instead of using values from mocked handler, it used the values from
oauth client and compared them with values from the client acquired using
attributes, basically testing oauthlib and not access_token manager's
methods.
Make the test compare correct values and remove check of timestamp,
which was useless because it is always mocked in tests and not provided in
actual requests.
As a consequence, use of get_oauth_params, which changed in oauthlib
1.0 and blocked the gate, was removed.
Closes-Bug: 1477177
Closes-Bug: 1477247
Change-Id: I5e049163f84fde5827104fd4a6441222eb08468f
(cherry picked from commit 7d5d8b343232ee5faf4de3381024095619335929)
|
|
|
|
| |
Change-Id: I38c6902ae4c94e2332be300fcfb4d141700170c1
|
|
|
|
|
|
|
|
|
| |
The "insecure" option was being treated as a bool when it was
actually provided as a string. The fix is to parse the string to
a bool.
Closes-Bug: 1411063
Change-Id: Id674f40532215788675c97a8fdfa91d4420347b3
|
|
|
|
| |
Change-Id: I1743fe17301bcbf6a8c9ed8f1f7167c591e23aa5
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
With the out of tree federation plugins going on extract the basic
federation workflow and required information that can be reused.
Change-Id: I6fdb3a5c6d9f3e1d6fa3425fd05809155effed1f
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Adds the error message to give a hint to the user about
what happened.
Change-Id: I9ca56de8592e65194062038c81b468be72ffb2d9
Closes-Bug: 1297280
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It has been mentioned a number of times that the self.requests naming
for the requests_mock object is confusing between whether you are
actually sending a request or are mocking a request.
Rename all entries of the requests object to requests_mock.
This cleans up a couple of entries where the older register_uri format
was being used in favour of using the HTTP method as the requests_mock
method.
Change-Id: I315085b4088130b510f9dbd696011d983598372c
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The keystone CLI is now deprecated. Every time you run it it's
going to print out an annoying message saying how deprecated it
is.
bp deprecate-cli
Change-Id: Ife7ad2025f515dc716efe2b2dd275663c21402da
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
There was no API support for the OS-SIMPLE-CERT v3 extension.
bp auth-token-use-client
Change-Id: Ic3d36018fc2e5a5a0da8d37a7fa58b77b8fa8e15
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It can become difficult to trace the client that created HTTP requests
as the logging all goes through the keystoneclient.session logger. Allow
passing the logger through the request function and make it able to be
set via the adapter so it can be set once per client instantiation.
Change-Id: Id45c315bee9a56f1c241210d667470751bf689d5
Closes-Bug: #1421868
|
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This applies to test_federation.IdentityProviderTests.test_create() and
test_federation.MappingTests.test_create()
Change-Id: Ie88c959626520fcec4ee64ffc73a8fc845c5a6d3
|
|\ \ \ \
| |_|_|/
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch implements the new ways to get the project's hierarchy:
'subtree_as_ids': If True, returns projects IDs down the hierarchy
as a structured dictionay.
'parents_as_ids': If True, returns projects IDs up the hierarchy
as a structured dictionay.
Change-Id: Ia3afe994893dfca059cb8361f7ab1c14e28e1ad5
Implements: blueprint hierarchical-multitenancy-improvements
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The basic Auth plugin for v3 tokens makes the assumption that you need
to pass in some AuthMethod objects. This works well for most auth types
where you want the plugin to construct the auth request for you.
In the case of federation though we want to be able to have a rescoping
plugin that will return an auth_ref and not take any auth_methods as
arguments.
Extract the most basic part of the Auth plugin into BaseAuth class that
Auth and federation plugins can both inherit from.
Change-Id: Ia8c8c614b8eb51170346ff5b1e20a1e7ebbb47de
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The V3 authentication plugins file contained the existing plugins as
well as the base class. As we look to add new plugins it is simpler if
we break this file up.
Change-Id: I42b222a2012ea10491450d6b91c2008178dc7671
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Implement CRUD operations for Service Providers used in K2K.
Implements: bp k2k-service-providers
Change-Id: I514c64d2a412d12cff922a02c575f1764a1a23ae
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add links to identity service and keystone middleware to
the landing page. This indicates to the user that the
three projects are related.
Change-Id: I37bb4cd866524bad69f90c53e6a58d58202fc263
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Partial-Bug: #1428321
|
|\ \ \ \ |
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I've only seen this happen once, however by making the token expiry 5
minutes in the future, then checking that it wont have expired in 300
seconds means that if the test happens all on the same second boundary
then the test will fail.
Just increase the time we're checking for by a second to ensure it
doesn't happen.
Change-Id: Iadeadfbacaf6f1b939c237919b52445c60c9bdd0
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This change adds the 'os_inherit_extension_inherited_to'
parameter when calling the list role assignment method.
It adds the following query to the URL:
http://host:35357/v3/role_assignments?scope.OS-INHERIT:inherited_to=projects
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Change-Id: I9bfeecf4ae9da6a0d232f0cff80af64a16ec0829
Closes-bug: 1367868
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The functions for creating signed tokens in common.cms always used
sha256 for the message digest. This might be inadequate in the future
so the digest algorithm shouldn't be hard-coded. A parameter is added
to allow choosing a different digest algorithm.
SecurityImpact
Change-Id: Ie19d093d0494443ce4cd880ae1f92dffd5c361ef
Related-Bug: #1362343
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I750e817d2ff4e464f36584e5fd298f8037bd84db
|
|\ \ \ \ \ |
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These are mostly unmodified other than:
- fixing up the imports to work in the keystoneclient directories.
- Setting the timeout value to 15 (the tempest default) as we don't
have a CONF file to make it configurable.
Take from tempest Commit: d3a8c7778217cceb84d995f1509e68bb8d7a403f
Change-Id: Id2a4300b7c0a53b2da2f62c07a0ffb71798908b6
Implements: bp functional-testing
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the same service_type was mentioned in the catalog more than once
then only the last entry would be parsed and any possible other matches
would be lost.
This was something that novaclient used to do, and as we are pushing
sessions as the way that clients should all work we need to maintain
that compatibility.
Change-Id: I6964515ed1975bce1998897abfc02a1ec36e2584
Closes-Bug: #1425766
|
|\ \ \ \ |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
Functional test job fails with permission denied trying to execute the
post_test_hook. Set permissions +x.
Change-Id: I9ef052daf73761ea1e4128fc1738278fc8fa2483
|