summaryrefslogtreecommitdiff
path: root/keystoneclient/session.py
Commit message (Collapse)AuthorAgeFilesLines
* Adds bandit nosec flag to hashlib.sha1lhinds2017-08-311-1/+3
| | | | | | | | | | | | | A bandit patch to block sha1 hash is failing CI [1], due to a false positive on hashlib.sha1 (which actually uses HMAC-SHA1 in keystone that is considered more secure then standard SHA1) This change marks a # nosec comment against the line which is triggering the false positive in Bandit. [1] https://review.openstack.org/#/c/437563/6 Change-Id: Ib9618119c77f41fba0e612e37c7511676bed47e8
* Remove use of positional decoratorMorgan Fainberg2017-08-071-6/+2
| | | | | | | | | The positional decorator results in poorly maintainable code in a misguided effort to emulate python3's key-word-arg only notation and functionality. This patch removes keystoneclient's dependance on the positional decorator. Change-Id: I9e691cc8b0c04992f4a8dabd67e1b413d3220d23
* Merge "Replace six.iteritems() with .items()"Jenkins2017-06-131-2/+2
|\
| * Replace six.iteritems() with .items()M V P Nitesh2017-04-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | 1.As mentioned in [1], we should avoid using six.iteritems to achieve iterators. We can use dict.items instead, as it will return iterators in PY3 as well. And dict.items/keys will more readable. 2.In py2, the performance about list should be negligible, see the link [2]. [1] https://wiki.openstack.org/wiki/Python3 [2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html Change-Id: I18a6890935ebdbb589269379f21a0dd47d07eb3a
* | Merge "Remove log translations in python-keystoneclient"Jenkins2017-05-161-4/+4
|\ \ | |/ |/|
| * Remove log translations in python-keystoneclientwingwj2017-03-211-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | Log messages are no longer being translated. This removes all use of the _LE, _LI, and _LW translation markers to simplify logging and to avoid confusion with new contributions. See: http://lists.openstack.org/pipermail/openstack-i18n/2016-November/002574.html http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html Change-Id: Ia77819cbb133903d20e821bff0c45766b11ef07b
* | Fix response body being omitted in debug mode incorrectlyTin Lam2017-01-171-2/+8
| | | | | | | | | | | | | | | | | | | | In debug mode, when a response's header Content-Type is set to "application/json" with a parameter, i.e., "application/json; charset=UTF-8". This patch set ignores the additional parameter and only match the mimetype. Change-Id: Ie8fcb1061e0e49b039436947524cfdc704c83846 Closes-Bug: #1656981
* | Only log application/json in session to start3.9.0Steve Martinelli2017-01-101-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When whitelisting content types to debug print from session we chose application/json and application/text. application/text is not a real mime type, text is typically text/plain. Rather than guess at mime types only print application/json to start with, but make it easy for additional types to be added later. Adapted from keystoneauth: Ica5fee076cdab8b1d5167161d28af7313fad9477 Related-Bug: 1616105 Change-Id: Ieaa8fb3ea8d25e09b89498f23b70b18c0f6153f1
* | X-Serivce-Token should be hashed in the logTin Lam2017-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | Currently, logs display the hash values of X-Auth-Token, Authorization, and X-Subject-Token, but not the value of the X-Service-Token. This patch set adds the X-Service-Token to the list of header fields to be hashed for logging purposes. Change-Id: Iaa3a27f4b6c3baf964fa0c71328ffe9df43b2c0a Closes-Bug: #1654847
* | Merge "Do not log binary data during request"Jenkins2017-01-081-0/+5
|\ \
| * | Do not log binary data during requestSteve Martinelli2017-01-061-0/+5
| |/ | | | | | | | | | | | | | | | | | | Do not log binary data during debug logging of a session. Replace the binary data with the string <binary_data> instead. sort of a backport of: I5184002f3a21c5e0ee510b21b9a7884c8dccd1e3 Change-Id: I07ddbc3967f297597542f1975004d94c490f6e6b Related-Bug: 1616105
* | Merge "Prevent MemoryError when logging response bodies"Jenkins2017-01-051-4/+15
|\ \ | |/ |/|
| * Prevent MemoryError when logging response bodiesTobias Diaz2017-01-051-4/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Response bodies are loaded into memory prior to being logged. Loading huge response bodies may result in a MemoryError. This patch proposes that only JSON and TEXT responses be logged, i.e when the Content-Type header is application/json or application/text. Responses that do not include or have a different Content-Type header will have their body omitted. This is a sort of backport of the fix for keystoneauth sessions, see I93b6fff73368c4f58bdebf8566c4948b50980cee Co-Authored-By: Samuel de Medeiros Queiroz <samueldmq@gmail.com> Closes-bug: 1616105 Change-Id: I8f43eee3a0b35041c6cf672e476f8151cf2f8d14
* | Increase readability of 'find()' method and small improvementsArthur Miranda2016-10-211-0/+1
|/ | | | | | | | Assigments replaced with argument assigment: endpoints.py, service_catalog.py Note added: 'original_ip' value is never used: session.py Refactor 'find()' method to increase readability: base.py Change-Id: I469331b123fdf03e9e7c5d93e1c95da57d30fbbe
* Fixing D202 and D203 PEP257 violation.Navid Pustchi2016-05-041-3/+0
| | | | | | | | | Currently tox ignores D202 and D203. D202: No blank lines allowed after function docstring. D203: 1 blank required before class docstring. This change removes D202 and D203 ignores in tox and fix violations. Change-Id: I97ef88c9cfd56774e47f789cbbcf8ccfe85d7737
* Fixing D204, D205, and D207 PEP257 violation.Navid Pustchi2016-05-041-0/+1
| | | | | | | | | | Currently tox ignores D204, D205, and D207. D204: 1 blank required after class docstring. D205: Blank line required between one-line summary and description. D207: Docstring is under-indented. This change removes D204, D205, and D207 ignores in tox and fix violations. Change-Id: Id20d216fbd7647d468859b960088aac61c582d9b
* Fix D401 PEP257 violation.Navid Pustchi2016-04-231-2/+2
| | | | | | | | Currently tox ignores D401. 401: First line should be in imperative mood. This change removes it and make keystoneclient docstrings compliant with it. Change-Id: If34ff12d18390b357342cf29f2d116dd3c86a44d
* Removing bandit.yaml in favor of defaultsChristopher J Schaefer2016-04-191-4/+6
| | | | | | | | | | | Removing old configuration options for build-in defaults of latest bandit functionality. Also, marking flagged items with _# nosec_ with a descriptive comment on why the code is acceptable as is. Co-Authored-By: Christopher J Schaefer <cjschaef@us.ibm.com> Co-Authored-By: Tom Cocozzello <tjcocozz@us.ibm.com> Change-Id: I138ebd46a8be195177361a9c3306bb70423b639d
* Merge "Handle exception on UnicodeDecodError in logging of request"Jenkins2016-02-121-2/+11
|\
| * Handle exception on UnicodeDecodError in logging of requestTrevor McKay2016-02-101-2/+11
| | | | | | | | | | | | | | | | | | | | | | If the logging of an HTTP request causes a UnicodeDecodeError, modify the log entry using oslo_utils.encodeutils.safe_decode with errors='replace' and try again Co-Authored-By: Nikita Konovalov <nkonovalov@mirantis.com> Change-Id: Ic365c654ebca4045208c6c30e232665145db7b4c Closes-Bug: #1453953
* | Deprecate SessionJamie Lennox2016-02-031-0/+6
|/ | | | | | | | Deprecate the keystoneclient Session object in favour of keystoneauth's Session. Change-Id: I26e000d626a466f63d10d2a961adc698f8de0636 Implements: bp deprecate-to-ksa
* use positional library instead of utilsSteve Martinelli2016-01-251-6/+6
| | | | | | swap instances of utils.positional with the positional library. Change-Id: Id8a9961e68d287a802f25512fc970829e9feb5c2
* Address hacking check H405lin-hua-cheng2016-01-131-3/+4
| | | | | | | | | Previously, there were a string of commits to keystone that addresed ignored hacking checks. This commit does the same for H405 in keystoneclient. This also modifies our tox.ini so that we no longer ignore H405 violations. Change-Id: I2af152e5425a0e9c82314039fdbb90d661c22680 Closes-Bug: 1482773
* No keystone Endpoint now gives a valid Error Messagerajiv2015-11-261-1/+4
| | | | | | | | When no valid keystone endpoint exist, EndpointNotFound exception is raised with an error message Change-Id: I75b00cb73b18bc19261c061e0ae217ef251f8853 Closes-Bug: #1208991
* Merge "Iterate over copy of session.adapters keys in Python2/3"Jenkins2015-11-111-1/+1
|\
| * Iterate over copy of session.adapters keys in Python2/3Corey Bryant2015-11-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Iterate over a copy of session.adapters keys in both Python 2.x and Python 3.x. In Python 3.x, keys() is not a copy, and therefore items can't be popped from it while iterating. Note that this patch addresses the following error message which is new in Python 3.5. That is, you need to be using Python 3.5+ to reproduce this error. RuntimeError: OrderedDict mutated during iteration https://bugs.python.org/issue24369 https://hg.python.org/cpython/rev/0d8679858272 Change-Id: Iaa2be0dc8ef26e51ce5e8f50049c9e8f84418ec0 Closes-Bug: #1483872
* | Docstring spelling and function-vs-method fixesDolph Mathews2015-10-211-1/+1
| | | | | | | | | | | | These are all object methods, not independent functions. Change-Id: I3c232d922e61a94c7dc2c2b9a8d3768fd42be1a7
* | List creation could be rewritten as a list literalAnkit Agrawal2015-09-241-3/+4
|/ | | | | | | | | | | | | | | | | | | In _http_log_response method of session.py module, list "string_parts' is created as below. string_parts = ['RESP:'] string_parts.append('[%s]' % response.status_code) Could be rewritten as string_parts = [ 'RESP:', '[%s]' % response.status_code ] TrivialFix Change-Id: I83d04a71e030f3904c84cead4659c230393631db
* Merge "Fixes missing socket attribute error during init_poolmanager"Jenkins2015-09-081-4/+17
|\
| * Fixes missing socket attribute error during init_poolmanagerClaudiu Belu2015-08-261-4/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On Windows, the 'socket' python module does not contain the attributes TCP_KEEPCNT or TCP_KEEPINTVL, causing services consuming the library to malfunction. Adds conditionals for adding the mentioned socket attributes to the socket options. socket.SIO_KEEPALIVE_VALS cannot be added as a socket option for Windows, as there is another way entirely to enable that option. Change-Id: I2e9746ae65400bbd23c3b48dfc3167de9eb66494 Partial-Bug: #1483696
* | Merge "Mask passwords when logging the HTTP response"Jenkins2015-09-031-1/+3
|\ \
| * | Mask passwords when logging the HTTP responseMatt Riedemann2015-08-311-1/+3
| |/ | | | | | | | | | | | | | | | | | | We should sanitize the response body before logging to make sure we aren't leaking through credentials like in the case of the response from the os-initialize_connection volume API. Closes-Bug: #1490693 Change-Id: Ifd95d3fb624b4636fb72cc11762af62e00a026a0
* | Update deprecation text for Session propertiesBrant Knudson2015-08-291-2/+4
|/ | | | | | | | | The deprecation text should say when the property was deprecated and when we expect to remove it. bp deprecations Change-Id: I9f1af56d03f0251a7cf3f4a4130928bb0780aece
* Proper deprecation for Session.get_token()Brant Knudson2015-08-131-3/+9
| | | | | | | | | | | | | Session.get_token() wasn't properly deprecated since the deprecation was only mentioned in the docstring. Proper deprecation requires use of warnings/debtcollector and documentation. Also, changed a test to use the non-deprecated function instead where the test wasn't checking that the deprecated function worked. bp deprecations Change-Id: I3d421b35554d58476281e037f90ab9b48e82730a
* Deprecate use of cert and keyBrant Knudson2015-08-131-6/+9
| | | | | | | | | | | There was a comment to deprecate creating a Session with cert and key rather than a tuple to cert. Also, fixed places where the deprecated usage was being used. bp deprecations Change-Id: I3596635bbc5611dd002a8beb063540a8c284c192
* Proper deprecation for Session.construct()Brant Knudson2015-08-131-3/+16
| | | | | | | | | | Session.construct() wasn't properly deprecated since the deprecation was only mentioned in the docstring. Proper deprecation requires use of warnings/debtcollector and documentation. bp deprecations Change-Id: Ieff238aff9d39cfbbb80381b2392c33d0359acb3
* Stop using .keys() on dicts where not neededBrant Knudson2015-08-061-2/+2
| | | | | | | | Iterating over a dict results in the keys. Using the 'in' operator on a dict checks if it's a key. Change-Id: I6affbfa1a79a9e8c0b5b304078a7a8e4e792eecd
* Clarify setting socket_optionsBrant Knudson2015-08-021-22/+24
| | | | | | | | There was a lot of code that would have no effect if kwargs already had socket_options set. To make the code clearer, only execute the code if it's going to have an effect. Change-Id: Ic42f5a0bac07113aff59d36d19293dc6d65cd58a
* Remove check for requests versionBrant Knudson2015-08-021-23/+22
| | | | | | | requirements.txt has requests>=2.5.2, so requests version is always going to be >= 2.4.1 and there's no need to check it. Change-Id: I8069cfbd54ce716979bc991d137bd2e71790a1e4
* Set reasonable defaults for TCP Keep-AliveIan Cordasco2015-07-231-3/+28
| | | | | | | | | | | | Previously we simply turned on TCP Keep-Alive which relied on per-distribution, per-operating system defaults for keep-alive options. Here we set reasonable defaults since long running processes can get stuck for hours on end by using system defaults. This also adds comments around the options to explain why they're being set. Closes-bug: 1477275 Related-bug: 1323862 Change-Id: Ibd53ae2d4d2455db0ebc9951e5c764befc57850f
* Merge "Removes unused debug logging code"Jenkins2015-06-181-22/+7
|\
| * Removes unused debug logging codeDavid Stanek2015-05-301-22/+7
| | | | | | | | | | | | Since this code is no longer used I just went ahead and deleted it. Change-Id: I84978a4974c5a4a9a6dc46116b2a03f6046995d4
* | Merge "Add get_communication_params interface to plugins"Jenkins2015-06-091-0/+66
|\ \
| * | Add get_communication_params interface to pluginsJamie Lennox2015-05-261-0/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | To allow authentication plugins such as using client certificates or doing kerberos authentication with every request we need a way for the plugins to manipulate the send parameters. Change-Id: Ib9e81773ab988ea05869bc27097d2b25e963e59c Blueprint: generic-plugins
* | | Stop using function deprecated in Python 3Brant Knudson2015-06-081-2/+2
|/ / | | | | | | | | | | | | | | | | Python 3 deprecated the logger.warn method in favor of warning. DeprecationWarning: The 'warn' method is deprecated, use 'warning' instead Change-Id: Idbd4de3c7c631fb2c235701c9b300c37a90d9538
* | Fix auth required message translationJamie Lennox2015-05-261-7/+11
|/ | | | | | | Passing a string that is formatted into a translation function doesn't work. We need to pass the full translatable string. Change-Id: I94b13f18c19b3b872fab380f8822a88db1b876e9
* Merge "Ensure that failing responses are logged"Jenkins2015-05-201-1/+1
|\
| * Ensure that failing responses are loggedJamie Lennox2015-05-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | The boolean value of a failed response is False and so the way we populate the log output does not work when the request failed. When logging check that a response is not None rather than simply checking it's boolean value. Change-Id: I07fb46f156fdf8267fd3d4dc7c587cd604838d73 Closes-Bug: #1451625
* | Drop use of 'oslo' namespace packageDoug Hellmann2015-05-081-2/+2
|/ | | | | | | | | | | | | | | | | | | | | The Oslo libraries have moved all of their code out of the 'oslo' namespace package into per-library packages. The namespace package was retained during kilo for backwards compatibility, but will be removed by the liberty-2 milestone. This change removes the use of the namespace package, replacing it with the new package names. The patches in the libraries will be put on hold until application patches have landed, or L2, whichever comes first. At that point, new versions of the libraries without namespace packages will be released as a major version update. Please merge this patch, or an equivalent, before L2 to avoid problems with those library releases. Blueprint: remove-namespace-packages https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages Change-Id: I387a7a1a817058a4daca313fe6df60612cb84864
* Make process_header privateJamie Lennox2015-04-141-4/+4
| | | | | | | This should never have been added in a public way. I feel we are ok making this private as there is no public use i can foresee. Change-Id: Ib95365a11fa21146d51bea103c7709943aafdae8
View Lorry Controller Status