| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Change-Id: Ic161a8f88c28d88898863e5b9d9380016fbb0d08
|
|
|
|
| |
Change-Id: I56e9c3b03ed85c1c6031390b835d678c43e51e17
|
|
|
|
|
|
|
|
|
| |
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keystoneclient's dependance
on the positional decorator.
Change-Id: I9e691cc8b0c04992f4a8dabd67e1b413d3220d23
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.As mentioned in [1], we should avoid using six.iteritems to achieve
iterators. We can use dict.items instead, as it will return iterators
in PY3 as well. And dict.items/keys will more readable.
2.In py2, the performance about list should be negligible, see the
link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: I18a6890935ebdbb589269379f21a0dd47d07eb3a
|
|
|
|
|
|
|
|
| |
the current regex pattern will match incorrect
strings like: Boto/2x0t2
Change-Id: I260f4e0d98f082172a3a67a1fbaa05da5369ea49
Closes-Bug: #1658639
|
|
|
|
|
|
|
|
| |
It was added in 2014 and was supposed to be used for sharing revocation
events with keystonemiddleware. It was never finished, and the code is
untested and is not used by anything.
Change-Id: I905b7b3d95274b3c501b1e584e492eefa72158c1
|
|
|
|
|
|
|
|
|
| |
Currently tox ignores D202 and D203.
D202: No blank lines allowed after function docstring.
D203: 1 blank required before class docstring.
This change removes D202 and D203 ignores in tox and fix violations.
Change-Id: I97ef88c9cfd56774e47f789cbbcf8ccfe85d7737
|
|
|
|
|
|
|
|
| |
Currently tox ignores D301.
D301: Use r”“” if any backslashes in adocstring.
This change removes D301 ignore and fix violations.
Change-Id: I9dbe2c9d59e2c2d8585a53840a579a9b9c57a09c
|
|
|
|
|
|
|
|
| |
Currently tox ignores D400.
D400: First line should end with a period.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: I29ecb4c58bb03c0b9a3be0b7a74d18fb06a350f2
|
|
|
|
|
|
|
|
| |
Currently tox ignores D401.
401: First line should be in imperative mood.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: If34ff12d18390b357342cf29f2d116dd3c86a44d
|
|
|
|
|
|
|
|
|
|
|
| |
Removing old configuration options for build-in defaults of latest
bandit functionality. Also, marking flagged items with _# nosec_
with a descriptive comment on why the code is acceptable as is.
Co-Authored-By: Christopher J Schaefer <cjschaef@us.ibm.com>
Co-Authored-By: Tom Cocozzello <tjcocozz@us.ibm.com>
Change-Id: I138ebd46a8be195177361a9c3306bb70423b639d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the CLI has been deprecated for a long time, and many docs and
install guides recommend using OSC instead of `keystone`.
- removes CLI
- removes man page from docs
- removes CLI tests
- removes `bootstrap` from contrib
- removes entrypoint from setup.cfg
implements bp: remove-cli
Change-Id: Icbe15814bc4faf33f513f9654440068795eae807
|
|
|
|
|
|
| |
swap instances of utils.positional with the positional library.
Change-Id: Id8a9961e68d287a802f25512fc970829e9feb5c2
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneclient. This
also modifies our tox.ini so that we no longer ignore H405 violations.
Change-Id: I2af152e5425a0e9c82314039fdbb90d661c22680
Closes-Bug: 1482773
|
|/
|
|
|
|
|
|
|
| |
Password, token, and secret options should be marked as secret=True
so that when the value is logged the logger knows to obfuscate the
value.
Change-Id: I6ebdfa3bf6faf37bc11640a5826b3b55bb920fc4
Closes-Bug: 1534299
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wrong usage of "a/an" in the messages:
"string that is the id field for an pre-existing"
"build a etree.XML object filling certain"
Should be:
"string that is the id field for a pre-existing"
"build an etree.XML object filling certain"
Totally 2 occurrences in python-keystoneclient base code.
Change-Id: Icef5247672f95af87375a4a135a961aefb0a4906
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The attempt at a move to user-name is an exercise in churn, and is
filling everyone's logs with admonitions to change the name of their
variables - which does not work if they do. Swap this, effectively
reverting the attempt at a move. user-name will continue to work on
the off chance anyone started consuming that path, which is unlikely
because none of the consuming programs expose that as an actual option.
Closes-Bug: 1498247
Change-Id: I62d991fda1df63c9cbabfde2f6836bc031f5147c
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Dictionary creation could be rewritten as a dictionary literal.
for example:
token_values = {}
token_values['user_id'] = access.get('user', {}).get('id')
could be rewritten as
token_values = {'user_id': access.get('user', {}).get('id')}
TrivialFix
Change-Id: I0c5677b527d440b8faded31bf4d9d62805391ae3
|
|/
|
|
|
|
|
|
|
|
|
| |
The SAML plugin handles redirects in a custom manner but currently only
checks for the 302 redirect code. This doesn't cover the mod_auth_mellon
case which responds with a 303.
Also handle the 303 redirect case.
Change-Id: Idab5f381fcbfb8c561184845d3aa5c8aab142ecd
Closes-Bug: #1501918
|
|
|
|
|
|
|
|
|
| |
The ; separator allows providing parameters to a type not separating
type options. This means that in strict type checks like those performed
by mod_auth_mellon the check for accept type fails.
Change-Id: Ieeaa74b304921daef68497fec77cc6629ab2f0a2
Closes-Bug: #1488722
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
properties
BaseIdentityPlugin's username, password, and token_id properties
weren't properly deprecated since all they had was a comment in
the code. Proper deprecation requires use of warnings and
documentation.
Where the plugins already provide their own properties, the
properties need to be un-deprecated.
bp deprecations
Change-Id: Ic9fce89b8544d8c01f16e8f9c2f9dd2659d03c18
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
oslo_utils.timeutils.isotime() is deprecated as of 1.6 so we need
to stop using it.
The deprecation message says to use datetime.datetime.isoformat()
instead, but the format of the string generated by isoformat isn't
the same as the format of the string generated by isotime. The string
is used in tokens and other public APIs and we can't change it
without potentially breaking clients.
So the workaround is to copy the current implementation from
oslo_utils.timeutils.isotime() to keystone.common.utils.isotime().
Change-Id: I34b12b96de3ea21beaf935ed8a9f6bae2fe0d0bc
Closes-Bug: 1461251
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows a federated user to obtain an unscoped token by
providing login credentials for a keystone identity provider.
The current implementation should work with any properly configured
openid connect provider.
partially implements bp openid-connect
Change-Id: Iade52b5c1432d64582cbaa8bac41ac6366c210f9
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The oslo.config libraries are moving away from oslo-namespaced
packages.
Note that his requires oslo.config>=1.6.0
bp drop-namespace-packages
Change-Id: Ic0d4053875da0628f2359c109f2779d12aadc3eb
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
oslo_utils moved out of the oslo namespace.
bp drop-namespace-packages
Change-Id: I72e67dc1f649ba137dd06f5ab7133858c6abd67d
|
|/
|
|
| |
Change-Id: Ie2a05aab512feeac967a64527d649377fd5bc6b9
|
|
|
|
|
|
|
|
|
|
| |
When the docs are rendered to HTML, any docs on __init__ are not
displayed. The parameters to the constructor have to be documented on
the class rather than on the __init__ method.
Also, corrected other minor issues in the same areas.
Change-Id: Ic56da33f6b99fe5efb636c289e3c4e1569f0c84c
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
The :returns: directive doesn't take an argument. To specify the
return type, use the :rtype: directive.
Change-Id: I3aaab824792333b3f75a10af92f5b712cc9b4ff6
|
| |
| |
| |
| |
| |
| |
| |
| | |
I think the original author had good intentions and didn't want to
duplicate code. Unfortunately I think this is more confusing since the
property returns a new value every time it is referenced.
Change-Id: I41db60f28cf15038a8430e238b9204d652e878b1
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
The argument to the :raises: directive is the class name. If the
class name is a valid reference it's rendered as a link to the
class. This change cleans up the :raises: directives to use the
reference correctly and use a valid class reference.
Change-Id: I84188b60de0ab4c6b5b2fb5a203c43bfde094707
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Keystoneclient didn't provide translated messages. With this
change, the messages are marked for translation.
DocImpact
Implements: blueprint keystoneclient-i18n
Change-Id: I85263a71671a1dffed524185266e6bb7ae559630
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| | |
Left timeutils and strutils in openstack/common since they are used in
openstack/common/apiclient and memorycache.
Change-Id: Idb5f09c159d907dfba84cd1f7501f650318af7d9
|
|/
|
|
|
|
|
| |
Some of the docstrings have ``:return:`` instead of ``:returns:``
keyword. This patch fixes that and make it consistent.
Change-Id: I4321a63798ab9e2abdf0bbd716bf2b995be22ba3
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Authentication workflow for the Active Directory Federated Services
(ADFS) by Microsoft is different from 'standard' ECP based one.
This plugin allows for authentication and fetching security token with SAML2
assertion inside, sending to the Service Provide and retrieving an
unscoped token.
Change-Id: I588de1967a7fb92c5928686d092895847553923a
Implements: blueprint add-saml2-cli-authentication
|
|/
|
|
|
|
|
|
|
| |
When calculating the AWS Signature Version 4, in the case of POST,
We need to set the CanonicalQueryString to an empty string. this
follows the implementation of the AWS and boto clients.
Change-Id: Iad4e392119067e246c7b77009da3fef48d251382
Closes-Bug: 1360892
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the ability to turn off logging from the session object and then
handle logging of auth requests within their own sections. This is a
very simplistic ability to completely disable logging. Logging more
filtered debugging can be added later.
This new ability is utilized in this patch to prevent logging of
requests that include passwords. This covers authenticate, password
change, and user update requests that include passwords.
SecurityImpact
Change-Id: I3dabb94ab047e86b8730e73416c1a1c333688489
Closes-Bug: #1004114
Closes-Bug: #1327019
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For the consisteny a property returning authentication url
should be called token_url.
This patch renames ``saml2_token_url`` to ``token_url`` in the
contrib.auth.v3.saml2.Saml2UnscopedPlugin plugin.
Change-Id: I435a118bb31338a37a29eec68b8e9ce50d163675
|
|/
|
|
|
|
|
|
| |
All underlying HTTP calls executed via ``keystoneclient.session.Session``
object should have ``authenticated=False`` option enforced indicating the
plugin is not authenticated with the Identity Service yet.
Change-Id: I946f1ed6a55c4172d8f4bf6a24e5cbc3a00d1154
|
|
|
|
|
|
|
|
| |
Scope unscoped federation token.
The plugin mimics standard v3.Token behaviour.
Change-Id: I81f30a7c893be15e715c57bd43035b12d8435f58
Implements: blueprint add-saml2-cli-authentication
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Auth plugin authenticating against remote SAML based Identity Providers.
Upon successful authentication the plugin retrieves and stores unscoped token.
Plugin object should be later used for scoping the token.
Currently only HTTP BasicAuth Method is supported as
an IdP authn method.
Will not work for ADFS, as that has extensions to the document formats
as well as a different workflow.
Change-Id: Ieea40505a406bedf7219fa6f9e6cf29a45ad6e88
Implements: blueprint add-saml2-cli-authentication
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit copies the revoke model from Keystone to
keystoneclient. The only difference in the model.py
file between keystoneclient and keystone is the
import due to a change of the oslo-incubator path
(project name is keystoneclient not keystone).
Blueprint: revocation-event-api
Change-Id: I6215d6679f9bb0dff6941c2a65ceeefd1ff9d88a
|