| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fix the typo for the attribute word in comment and docstring.
Change-Id: Ic4a841c333d712a22503c1d7dc2d21619c601408
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added return-request-id-to-caller function to resources and resource
managers in the following files.
* keystoneclient/v3/projects.py
* keystoneclient/v3/registered_limits.py
* keystoneclient/v3/roles.py
* keystoneclient/v3/limits.py
* keystoneclient/v3/contrib/federation/saml.py
Also made changes in base.py for _put() method so that if
include_metadata is True, the response data should include request_id
instead of returning None as response.
Change-Id: Ifc0ec9a9d666cccfee3b08ac61596a3692307f23
Implements: blueprint return-request-id-to-caller
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change is required to return 'request_id' from client
to log request_id mappings of cross-project requests.
Instantiating class 'keystoneclient.v3.client.Client' using
'include_metadata=True' will cause manager response to return
a new 'Response' class instead of just the data. This 'Response'
class is going to have additional metadata properties available
like 'request_ids' and the original data will be available as
property 'data' to it.
This change is backward compatible since user has to set a new
parameter 'include_metadata=True' to client in order to get the
request_id returned.
Co-author: Dinesh Bhor <dinesh.bhor@nttdata.com>
Partially Implements: blueprint return-request-id-to-caller
Change-Id: Ibefaa484158ff08bfcacc1e2802d87fc26fd76a5
|
|/
|
|
|
|
|
|
|
| |
Refer to a merged commit.
https://review.openstack.org/#/c/588983/
TrivialFix
Change-Id: Ie3a02843e35382dd24230e91534b6ed72846957d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the client functionality for the following project tag calls:
- Create a project tag on a project
- Check if a project tag exists on a project
- List project tags on a project
- Modify project tags on a project
- Delete a specific project tag on a project
- Delete all project tags on a project
Co-Authored-By: Jess Egler <jess.egler@gmail.com>
Co-Authored-By: Rohan Arora <ra271w@att.com>
Co-Authored-By: Tin Lam <tin@irrational.io>
Partially Implements: bp project-tags
Change-Id: I486b2969ae0aa2638842d842fb8b0955cc086d25
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.As mentioned in [1], we should avoid using six.iteritems to achieve
iterators. We can use dict.items instead, as it will return iterators
in PY3 as well. And dict.items/keys will more readable.
2.In py2, the performance about list should be negligible, see the
link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: I18a6890935ebdbb589269379f21a0dd47d07eb3a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before, the way filters were passed in would not allow filtering
on the same key.
For example:
keystone.users.list(name__contains='test', name__contains='user')
This fails because of how kwargs handles key/value pairs.
This patch allows using multiple values for the same filter.
Example:
keystone.users.list(name__contains=['test', 'user'])
Specifying the only one filter value is still functional as expected.
Co-Authored-By: Jeffrey Augustine <ja224e@att.com>
Partially-Implements: bp pci-dss-query-password-expired-users
Change-Id: I89cecf7e18974e7860ba0925840d6264168eabcb
|
|
|
|
|
|
|
|
| |
It is untested and doesn't work for a while. It also causes a failure
when the method is used by other client or by keystoneclient itself.
Change-Id: Icdd53936a107933e275acd43b5ebe94b8d04bc4b
Closes-Bug: 1637530
|
|
|
|
|
|
|
|
| |
Assigments replaced with argument assigment: endpoints.py, service_catalog.py
Note added: 'original_ip' value is never used: session.py
Refactor 'find()' method to increase readability: base.py
Change-Id: I469331b123fdf03e9e7c5d93e1c95da57d30fbbe
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As keystoneclient and other services rely more on keystoneauth we should
assume that keystoneauth is our base auth library, not keystoneclient
and start to default to the objects provided from there. This will make
it easier to remove these objects when the time comes.
For the session independant parts of keystoneclient we should use the
exception names as provided by keystoneauth instead of the aliases in
keystoneclient.
Change-Id: Ic513046f8398a76c244e145d6cc3117cdf6bb4cd
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As keystoneclient and other services rely more on keystoneauth we should
assume that keystoneauth is our base auth library, not keystoneclient
and start to default to the objects provided from there. This will make
it easier to remove these objects when the time comes.
Use the AUTH_INTERFACE special object from keystoneauth in most places.
This uses it everywhere that is actually session independant. For
example it is not changed within the keystoneclient auth plugins
themselves as they are directly compatible with keystoneauth.
Change-Id: Ibc1224fca98c852106feb78c624b0b2f22b3a19d
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible to set and get custom attributes through the API, and
it's also possible to use any Unicode strings, not only ASCII range.
It works perfectly fine when accessing the API directly using
e.g. curl.
However, keystoneclient stumbles on the non-ascii keys because
it tries to set this as an attribute for the resource class and fails
because Python 2.7 does not support non-ascii identifiers:
https://docs.python.org/2.7/reference/lexical_analysis.html#identifiers
So change the logic to skip setting non-ascii attributes; they are still
available in the dict representation.
Closes-Bug: #1626403
Change-Id: I267188cdb1d303e3d0fb6bd3229b606f4fe9b2d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Python 3 __ne__ by default delegates to __eq__ and inverts the
result, but in Python 2 they urge you to define __ne__ when you
define __eq__ for it to work properly [1].There are no implied
relationships among the comparison operators. The truth of x==y
does not imply that x!=y is false. Accordingly, when defining
__eq__(), one should also define __ne__() so that the operators
will behave as expected.
[1]https://docs.python.org/2/reference/datamodel.html#object.__ne__
Also fixes spelling errors:resoruces.
Change-Id: Iae4ce0fe84fae810711cc8c3fdb94eb9ca1d772e
Closes-Bug: #1586268
|
|
|
|
|
|
|
|
| |
Currently tox ignores D105.
D105: Missing docstring in magic method.
This change removes it and make keystoneclient docstring compliant with it.
Change-Id: I34dfc164891880425f542f8f8aa3426ec8640c96
|
|
|
|
|
|
|
|
| |
Currently tox ignores D200.
D200: One-line docstring should fit on one line with quotes.
This change removes D200 ignore in tox and fix violations.
Change-Id: Icbf8cc1d4f1c00daeedeffe4397369f9e468b191
|
|
|
|
|
|
|
|
|
|
| |
Currently tox ignores D204, D205, and D207.
D204: 1 blank required after class docstring.
D205: Blank line required between one-line summary and description.
D207: Docstring is under-indented.
This change removes D204, D205, and D207 ignores in tox and fix violations.
Change-Id: Id20d216fbd7647d468859b960088aac61c582d9b
|
|
|
|
|
|
|
|
| |
Currently tox ignores D401.
401: First line should be in imperative mood.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: If34ff12d18390b357342cf29f2d116dd3c86a44d
|
|
|
|
|
|
|
|
|
|
|
| |
Removing old configuration options for build-in defaults of latest
bandit functionality. Also, marking flagged items with _# nosec_
with a descriptive comment on why the code is acceptable as is.
Co-Authored-By: Christopher J Schaefer <cjschaef@us.ibm.com>
Co-Authored-By: Tom Cocozzello <tjcocozz@us.ibm.com>
Change-Id: I138ebd46a8be195177361a9c3306bb70423b639d
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 870be44c0ed5564101f9cf9d53e8085fb01680c8.
This change breaks end users of the library. See:
http://logs.openstack.org/50/285450/1/check/gate-shade-dsvm-functional-keystone2/d1093b5/console.html#_2016-02-26_20_49_32_928
For an example of a consumer of the library being broken.
Change-Id: I1912003afb89579eb869767db7a411c451bc9806
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a custom list with flag `truncated` to support corresponding
response from the identity service.
This is wanted by Horizon, that wants to know that the list returned
from keystone is not full and that more strict filters need to be
applied.
The previous attempt in commit c28d40814962b3a8ccb81e5e7d7f832c8f0a3c9a
was reverted by d20b300589863bcf165945beb129ebcc3621a14f because it
broke other code. This commit changes the way the flag is added and
verifies that existing code will not break.
Change-Id: Ia86cfd91110adae6d7ab86ff1f152a8f9be27837
Closes-Bug: 1520244
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneclient. This
also modifies our tox.ini so that we no longer ignore H405 violations.
Change-Id: I2af152e5425a0e9c82314039fdbb90d661c22680
Closes-Bug: 1482773
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit c28d40814962b3a8ccb81e5e7d7f832c8f0a3c9a.
This is causing stable keystone to fail. keystone has tests
that verify that the returned value of the list
operation == [], which fails since the return value is now
an object and not a list.
Change-Id: Ieb143574271b991d3e19e864497073fbedf46bcb
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wrap a list of objects into custom class with additional attributes.
This is wanted by Horizon, that wants to know that the list returned
from keystone is not full and that more strict filters need to be
applied.
Change-Id: Icfabfd055aed1648dc4130b03ec3dbf9bad4e45a
Closes-Bug: 1520244
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| | |
This method says it's deprecated but it's an internal method, so
there's no need to deprecate it, just remove it.
Change-Id: I916b4a5c9dc2320a4bff7f966fd0c7d5a4957ff9
|
|/
|
|
|
|
|
|
|
|
|
|
| |
The __eq__ of apiclient.base.Resource will return True,
if the two objects have same id, even if they have different
other attributes value. The behavior is weird and don't
match the semantics of object equal. The objects that have
different value should be different objects.
Fix this issue and add some test cases in this patch.
Change-Id: I1565c6e66d6dd6cf7bd2b7e8526157190deb45de
Closes-Bug: #1499369
|
|
|
|
|
|
|
|
|
| |
abstractmethod bodies aren't going to be called by unit tests, so
there's no way to get coverage. The code in an abstractmethod body
should be marked with "# pragma: no cover" so that they don't show
up as missed in the coverage report.
Change-Id: I88a7481ab22f2ce1abfd62badc5f5048acc6929f
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
keystoneclient is using apiclient.base and in order to properly
deprecate and eventually get rid of apiclient we need to move the
symbols that keystoneclient uses out of apiclient.
This change moves apiclient.base.Resource into keystoneclient.base
by merging apiclient.base.Resource into the existing
keystoneclient.base.Resource. apiclient.base.Resource is now
renaming keystoneclient.base.Resource for backwards-compatibility.
Change-Id: Id479711b7c9437aaf171def6976aab8b303ec56d
|
|
|
|
|
|
|
|
|
|
| |
base.Manager's api property wasn't properly deprecated since all it
had was documentation. Proper deprecation requires use of warnings
and documentation.
bp deprecations
Change-Id: Ic5e218151e9b3f3b66f78729052680691d5ad582
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This use case isn't covered by our current APIs:
GET /entities?id={entity_id}
Because we have a dedicated API for that:
GET /entities/{entity_id}
But our list() methods generally support **kwargs, which are passed as
query parameters to keystone. When an 'id' is passed to keystone as a
query parameter, keystone rightly ignores it and returns an unfiltered
collection.
This change raises a client-side TypeError (as you'd expect when you try
to pass a keyword argument that a function isn't expecting), and
includes a helpful suggestion to try calling get() instead.
Change-Id: I100b69bbf571ad6de49ccc5ad1099c20b877d13d
Closes-Bug: 1452298
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch allows the user to perform the
following API calls through the
python-keystoneclient:
Assign role to user on projects owned by a domain:
PUT /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
List user's inherited project roles on a domain:
GET /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
Check if user has an inherited project role on domain:
HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revoke an inherited project role from user on domain:
DELETE /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
These same operations regarding groups instead of users are also available.
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Co-Authored-By: Samuel Medeiros <samuel@lsd.ufcg.edu.br>
Change-Id: I877168e3922cdd19868d508ef9fc34d0c7e7abcb
Closes-bug: 1367866
|
|/
|
|
|
|
|
|
|
|
|
| |
This patch implements the new ways to get the project's hierarchy:
'subtree_as_ids': If True, returns projects IDs down the hierarchy
as a structured dictionay.
'parents_as_ids': If True, returns projects IDs up the hierarchy
as a structured dictionay.
Change-Id: Ia3afe994893dfca059cb8361f7ab1c14e28e1ad5
Implements: blueprint hierarchical-multitenancy-improvements
|
|
|
|
|
|
|
|
|
|
| |
When the docs are rendered to HTML, any docs on __init__ are not
displayed. The parameters to the constructor have to be documented on
the class rather than on the __init__ method.
Also, corrected other minor issues in the same areas.
Change-Id: Ic56da33f6b99fe5efb636c289e3c4e1569f0c84c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apart from making keystoneclient follow the same patterns of using an
adapter that we are trying to push onto other clients this severs the
cyclical dependency between managers and the client object.
There are a few changes that have had to be rolled into one to make the
transition work. These can't be separated unfortunately as they are
interdependent.
* managers are now passed the adapter instead of the client. They
therefore don't have reference to the other managers on the client.
* The adapter has been subclassed to provide user_id as there are some
managers that require user_id be provided for changing passwords etc.
* client.auth_url has been replaced with a call to get_endpoint which is
supported by the adapter.
* management=True has been removed from all the managers and they now
correctly set the interface they want.
Change-Id: I49fbd50571f0c1484e1cbc3dcb2159d25b21b1bc
|
|
|
|
|
|
|
|
|
|
|
| |
Keystoneclient didn't provide translated messages. With this
change, the messages are marked for translation.
DocImpact
Implements: blueprint keystoneclient-i18n
Change-Id: I85263a71671a1dffed524185266e6bb7ae559630
|
|
|
|
|
|
| |
Created a private method to build URL queries.
Change-Id: Iaa480443e34073fa39d13d2452cd13c267a2bdd5
|
|
|
|
|
|
|
|
| |
Creating a client with a session using an Unscoped tokens now sets auth
info in client. This Auth Info is necessary in order to enumerate
projects. This is the standard login path for Horizon.
Change-Id: I688a27cd0e7c98e7cf899ac65bb593a85171813f
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the ability to turn off logging from the session object and then
handle logging of auth requests within their own sections. This is a
very simplistic ability to completely disable logging. Logging more
filtered debugging can be added later.
This new ability is utilized in this patch to prevent logging of
requests that include passwords. This covers authenticate, password
change, and user update requests that include passwords.
SecurityImpact
Change-Id: I3dabb94ab047e86b8730e73416c1a1c333688489
Closes-Bug: #1004114
Closes-Bug: #1327019
|
|
|
|
|
|
|
|
|
|
|
| |
Resource managers may need to pass certain overrides down to the session
layer. The most common example would be to allow them to specify a
different interface to issue a request to than is common. It is possible
later that we may wish to expose this ability to users as well so that
they can choose in there own programs what interface, endpoint name etc
a particular request should be issued to.
Change-Id: I7ee0931d4ea78cf9f463b2f0b54457226c5bea8d
|
|
|
|
|
|
| |
rules are avaialble at https://en.wikipedia.org/wiki/Wikipedia:AutoWikiBrowser/Typos
Change-Id: I67fb3e0d02c931cb7e605ac74ea8272956afa8e1
|
|
|
|
|
|
|
|
|
|
|
| |
Most methods of Resource class from keystoneclient are similar to methods
from common code.
In the process of unification of the clients code we should
reuse common functionality from Oslo.
Related to blueprint common-client-library-2
Change-Id: I5858eec1596a6921dcf49dfcefb7abd4387de73b
|
|
|
|
|
|
|
|
| |
We don't need vim modelines in each source file, it can be set in
user's vimrc.
Change-Id: Ic7a61430a0a320ce6b0c4518d9f5d988e35f8aae
Closes-Bug: #1229324
|
|
|
|
|
|
|
|
|
|
| |
In Python 3, dict.items() returns 'a dict_item'. Iterating over it while
deleting some of the dictionary elements is forbidden. We have to iterate over
a list to avoid getting this error:
RuntimeError: dictionary changed size during iteration
Change-Id: I43401e6eb9a31148fda4677644bf99e1b739d0dd
|