| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit c28d40814962b3a8ccb81e5e7d7f832c8f0a3c9a.
This is causing stable keystone to fail. keystone has tests
that verify that the returned value of the list
operation == [], which fails since the return value is now
an object and not a list.
Change-Id: Ieb143574271b991d3e19e864497073fbedf46bcb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit d3b11d674d6539a0a09e0c432983ebf172e8ad79.
This is causing auth_token middleware tests to fail. The error is
like:
EndpointNotFound: public endpoint for identity service in east
region not found
So this is going to potentially affect customers.
Change-Id: I5ad917e48c9b140709dd3bf95e89c07ea58d6a66
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wrap a list of objects into custom class with additional attributes.
This is wanted by Horizon, that wants to know that the list returned
from keystone is not full and that more strict filters need to be
applied.
Change-Id: Icfabfd055aed1648dc4130b03ec3dbf9bad4e45a
Closes-Bug: 1520244
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The __eq__ of apiclient.base.Resource will return True,
if the two objects have same id, even if they have different
other attributes value. The behavior is weird and don't
match the semantics of object equal. The objects that have
different value should be different objects.
Fix this issue and add some test cases in this patch.
Change-Id: I1565c6e66d6dd6cf7bd2b7e8526157190deb45de
Closes-Bug: #1499369
|
| |\ \ \
| |_|/
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All of the other Openstack services have a 'public' default endpoint
type. Keystone has 'admin' default endpoint type. Why not make
Keystone compliant and change the default for Keystone v3 from 'admin'
to 'public'. Keystone v2 will remain the same with an 'admin' default.
Closes-Bug: #1457702
Change-Id: I515438477dba72c2a0c4595603000690511b5700
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The managers have a bad habit of reaching back into the client and
making assumptions about the values that are saved there. These
assumptions are not always correct when we use the session object.
Test all the versioned managers against a client that was constructed
with the old method and with a keystoneclient session object and a
keystoneauth1 session object.
Change-Id: I93a26db7ae7e4d887aa815108be71c72b4a1f2bb
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Client tests are broadly seperated into v2 and v3. These folders don't
distinguish between the tests that are on v2/v3 auth and those that are
CRUD related. This means that the base v2 and v3 test class always
create a client object for the tests to use, even if they don't need it.
Whilst this isn't a big deal now, we want to be able to seperate only
those tests that require a client so we can test them with multiple
different styles of client.
Add a new ClientTestCase class that will construct a client object for
the tests that need it.
Change-Id: I61f463ac5e878107c1889672f4d4cf5874821363
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
hacking should go under tests, no reason to pollute the top level
directory with non-keystoneclient related bits.
Change-Id: Ib4e9a3acfbab5a115c76bbc8bbf7241f42c6eac8
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is needed for Domain Admin to list role assignments.
Related-Bug: 1437407
Depends-On: I3495c7cab3b40811b2722ac7d70ddda30410b62b
Closes-Bug: #1462694
Change-Id: I63849d5f39d090fec3ef6b9182f339e198e0c551
|
| | |
| |
| |
| |
| |
| |
| | |
remove the default arguments "{}" when the function is defined.
Change-Id: I81efaf299bc058208a5f553432068e93712cba83
ref: http://docs.python-guide.org/en/latest/writing/gotchas/
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The code has been moved to the new keystonemiddleware project and
keystone.middleware was deprecated since Juno. It's time to drop it in
Mitaka.
Remove the directory keystoneclient/middleware/.
Remove test_auth_token_middleware.py, test_memcache_crypt.py and
test_s3_token_middleware.py in keystoneclient/tests/unit/.
Remove the create_middleware_cert shell function from
examples/pki/gen_pki.sh. And remove the call from
examples/pki/run_all.sh.
Remove netaddr, pycrypto and WebOb test dependencies, only needed to
test the removed middleware.
Closes-Bug: #1449066
Change-Id: Iedd6887dcde62177d37e1e1988ed72bcb59c05f6
|
| |/
|
|
|
|
|
|
|
|
|
| |
User password update hardcoded the endpoint_filter to always use the public
endpoint. This will break deployments where services behind the firewall have
no access to the public endpoint. Endpoint selection should be allowed
by the end user (i.e. openstack --os-interface internal user password set).
Closes-Bug: 1503459
Change-Id: Ib11d60cd8e81b99aedb27f1cbbf6b79218045cf0
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The FakeLog defined in keystoneclient/tests/unit/test_http.py isn't
used anywhere. This patch removes it.
fixtures package already provides a FakeLogger for us to use,
so we really don't need to maintain a private implementation,
this patch removes FakeLog in test_auth_token_middleware and replaces
it with fixtures.FakeLogger
Change-Id: I6aaf761a9676edf5bd799d22b79497be1d423e7c
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
We are removing Python 2.6 support from the Keystone libraries.
Change-Id: I1c7a79edd41a73946c9d77bfb8cd2075e2500760
Closes-Bug: 1519449
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Running keystoneclient unittest is really painful, because it's
impossible to see what failed in all of the deprecation output.
Make most of it go away. There is still a chunk that is being elusive.
Change-Id: I006859b016274fc1adf69653ff75b3071d2c9446
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
The attempt at a move to user-name is an exercise in churn, and is
filling everyone's logs with admonitions to change the name of their
variables - which does not work if they do. Swap this, effectively
reverting the attempt at a move. user-name will continue to work on
the off chance anyone started consuming that path, which is unlikely
because none of the consuming programs expose that as an actual option.
Closes-Bug: 1498247
Change-Id: I62d991fda1df63c9cbabfde2f6836bc031f5147c
|
| |
|
|
|
|
|
|
|
| |
If the user passes a Session in, we can pull the endpoint to use for
discovery from the Session itself, rather than erroring.
Closes-Bug: #1513839
Co-Authored-By: Dolph Mathews <dolph.mathews@gmail.com>
Change-Id: I82a41c67f80d2494f04739d82b112b7ff1dc4682
|
| |
|
|
|
|
|
|
| |
In unit tests, there are two assertions for 'adminURL',
but lost one for 'internalURL'. Fixed the problem.
Change-Id: I4694cc121f8ad617a8c8e93e21bf6228f183dab6
Closes-bug: #1479582
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although a bare docstring is entirely valid grammar, those new to Python find
that pattern baffling, *especially* when other similar methods contain pass
statements. So, for consistency, add a pass statement to otherwise bare
@abc.abstractmethods.
Note that the implementation of an @abc.abstractmethod (in the abstract
base class) can still be called by concrete children, so suddenly
raising a NotImplementedError() instead might be "surprising" to
implementors. A no-op such as "pass" or "return None" is preferable.
Change-Id: I79969ad1a3429516ea785c649a165ead54944225
|
| |
|
|
|
|
|
|
|
|
|
| |
The SAML plugin handles redirects in a custom manner but currently only
checks for the 302 redirect code. This doesn't cover the mod_auth_mellon
case which responds with a 303.
Also handle the 303 redirect case.
Change-Id: Idab5f381fcbfb8c561184845d3aa5c8aab142ecd
Closes-Bug: #1501918
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Creating an HTTPClient without a session is deprecated and
the ServiceCatalog's region_name parameter is also deprecated.
This follows suite with the following commits to update tests
to handle deprecation warnings:
803eb235d50daad27074198effc98ca536f1550f
42bd016e1f0e011ba745dba243e62401298e324c
Change-Id: I1c5a3dc2c8448873696262ca951c58666c692a61
Closes-Bug: #1499790
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Recently, the error message in _process_communicate_handle_oserror()
has been i18n'ed, which caused the regression as another code path
appended a string to it, which causes the TypeError to be raised.
Fix it by using string formatting instead of '+' to force it
to convert to string before concatenating.
Closes-Bug: 1421652
Change-Id: I7229b46888f798ac4a69c140ab389afed49b8c3c
|
| |/
|
|
|
|
|
|
| |
The old region filter didn't work, it was not available
in Keystone.
Change-Id: Ic4d60a046df1f231d02a45998c8a0ef7c5b7b107
Closes-bug: #1482772
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On Windows, the 'socket' python module does not contain the
attributes TCP_KEEPCNT or TCP_KEEPINTVL, causing services
consuming the library to malfunction.
Adds conditionals for adding the mentioned socket attributes
to the socket options.
socket.SIO_KEEPALIVE_VALS cannot be added as a socket option
for Windows, as there is another way entirely to enable that
option.
Change-Id: I2e9746ae65400bbd23c3b48dfc3167de9eb66494
Partial-Bug: #1483696
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The comments indicated that creating a Discover without a
session is deprecated, but there was no warning generated.
Also, updated the Discover() parameter docstrings with the
standard deprecation info (e.g., in what release it's
deprecated and when we might remove it).
bp deprecations
Change-Id: I1d42b74aa72c15b95ac3c365b40d8c622869ed7e
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We should sanitize the response body before logging to make sure we
aren't leaking through credentials like in the case of the response from
the os-initialize_connection volume API.
Closes-Bug: #1490693
Change-Id: Ifd95d3fb624b4636fb72cc11762af62e00a026a0
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
The comments indicated that creating a HTTPClient without a
session is deprecated, but there was no warning generated.
bp deprecations
Change-Id: I44796cbff95a7bbdd6e7a58e5cfb8360bdae5477
|
| |/
|
|
|
|
|
|
|
|
| |
UserManager's project argument wasn't properly deprecated since the
deprecation was logged. Proper deprecation requires use of
warnings/debtcollector and documentation.
bp deprecations
Change-Id: Idebce2e9781f6f92be402e9441f2116b63b4f832
|
| |
|
|
|
|
|
|
|
|
|
| |
CredentialManager's data argument wasn't properly deprecated since
the deprecation was only mentioned in the docstring. Proper
deprecation requires use of warnings/debtcollector and
documentation.
bp deprecations
Change-Id: Ibdb4bda622119eec963ce5b57673dc01ff279b0e
|
| |
|
|
|
|
|
|
|
| |
There was a comment to deprecate creating a v3 Client
without a session.
bp deprecations
Change-Id: Ifc3fa9ffef12554646ca80f04527de757df3aa95
|
| |
|
|
|
|
|
|
|
| |
There was a comment to deprecate creating a v2_0 Client
without a session.
bp deprecations
Change-Id: I71ff64754c8f90d184615eeec558718c11a1794a
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Session.get_token() wasn't properly deprecated since the deprecation
was only mentioned in the docstring. Proper deprecation requires use
of warnings/debtcollector and documentation.
Also, changed a test to use the non-deprecated function instead where
the test wasn't checking that the deprecated function worked.
bp deprecations
Change-Id: I3d421b35554d58476281e037f90ab9b48e82730a
|
| |
|
|
|
|
|
|
|
|
|
| |
There was a comment to deprecate creating a Session with cert and
key rather than a tuple to cert.
Also, fixed places where the deprecated usage was being used.
bp deprecations
Change-Id: I3596635bbc5611dd002a8beb063540a8c284c192
|
| |
|
|
|
|
|
|
|
|
| |
Session.construct() wasn't properly deprecated since the deprecation
was only mentioned in the docstring. Proper deprecation requires use
of warnings/debtcollector and documentation.
bp deprecations
Change-Id: Ieff238aff9d39cfbbb80381b2392c33d0359acb3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a FIXME to deprecate ServiceCatalog's region_name
parameter and property. This is now deprecated.
Note that debtcollector isn't used here since the deprecation
happens on ServiceCatalog's __init__() to catch use in
subclasses of ServiceCatalog. ServiceCatalog also has a
factory function that constructs the correct instance and
the factory function always passes region_name, so it's
always using the deprecated kwarg even when region_name
isn't passed to the factory. It's not worth figuring out
how to do this with debtcollector.
bp deprecations
Change-Id: I0e64712474ca2767f3c0ade919359132450f6776
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Iterating over a dict results in the keys.
Using the 'in' operator on a dict checks if it's a key.
Change-Id: I6affbfa1a79a9e8c0b5b304078a7a8e4e792eecd
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows the user to perform the Inherited roles from projects API calls
through python-keystoneclient.
Assign role to user on projects in a subtree
PUT /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
List user's inherited project roles on project
GET /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/inherited_to_projects
Check if user has an inherited project role on project
HEAD /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revoke an inherited project role from user on project
DELETE /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
These same operations regarding groups instead of users are also
available.
Change-Id: I8396d80f031726bbd23f2cc2bb302a7691f98cba
Closes-bug: 1446702
|
| |\ |
|
