| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
bug #1980177
Change-Id: I5e0a79b44e5cf80c82137f000a9dbd078fc931f2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The __future__ module [1] was used in this context to ensure compatibility
between python 2 and python 3.
We previously dropped the support of python 2.7 [2] and now we only support
python 3 so we don't need to continue to use this module and the imports
listed below.
Imports commonly used and their related PEPs:
- `division` is related to PEP 238 [3]
- `print_function` is related to PEP 3105 [4]
- `unicode_literals` is related to PEP 3112 [5]
- `with_statement` is related to PEP 343 [6]
- `absolute_import` is related to PEP 328 [7]
[1] https://docs.python.org/3/library/__future__.html
[2] https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html
[3] https://www.python.org/dev/peps/pep-0238
[4] https://www.python.org/dev/peps/pep-3105
[5] https://www.python.org/dev/peps/pep-3112
[6] https://www.python.org/dev/peps/pep-0343
[7] https://www.python.org/dev/peps/pep-0328
Change-Id: I0173b210e343ccf6b00c3b66959c001fdb1d699b
|
| |
|
|
|
| |
Closes-bug: 1945649
Change-Id: I7df5d9bf3cfb0e58e0e129a56170c8fe33523a4c
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change adds access_rules as a parameter for creating application
credentials, and also adds the ability to list access rules and to
retrieve and delete individual rules. Directly creating an access rule
or updating one is not supported.
bp whitelist-extension-for-app-creds
Depends-On: https://review.opendev.org/671374
Change-Id: I490f1e6b421d4f36f588f83a511ce39b9b4204e2
|
| |/
|
|
|
|
|
|
|
|
| |
This patch introduces the interface into listing project, to
specify parent_id to filter projects which has the given project
as their parent[1].
[1] https://docs.openstack.org/api-ref/identity/v3/?expanded=list-projects-detail#list-projects
Change-Id: If78030425468d4f99cba708540142871a2bf9190
|
| |
|
|
|
|
|
|
|
|
|
| |
This header is set to indicate to the keystone server that the client,
usually keystonemiddleware, will validate application credential access
rules. If not provided and the token uses access rules, the server will
return a 401.
bp whitelist-extension-for-app-creds
Change-Id: I64ac952d663e916150fbf7e5a8f70b76dddf3319
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added return-request-id-to-caller function to resources and resource
managers in the following files.
* keystoneclient/v3/projects.py
* keystoneclient/v3/registered_limits.py
* keystoneclient/v3/roles.py
* keystoneclient/v3/limits.py
* keystoneclient/v3/contrib/federation/saml.py
Also made changes in base.py for _put() method so that if
include_metadata is True, the response data should include request_id
instead of returning None as response.
Change-Id: Ifc0ec9a9d666cccfee3b08ac61596a3692307f23
Implements: blueprint return-request-id-to-caller
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added return-request-id-to-caller function tovresources and resource
managers in the following files.
* keystoneclient/v3/contrib/simple_cert.py
* keystoneclient/v3/contrib/endpoint_policy.py
* keystoneclient/v3/contrib/oauth1/access_tokens.py
* keystoneclient/v3/contrib/oauth1/request_tokens.py
Adding request-id to below V3 contrib API's is covered in base patch
[1] but this patch is specifically for V3 API's so covered their test
cases in this patch.
* keystoneclient/v3/contrib/endpoint_filter.py
* keystoneclient/v3/contrib/federation/identity_providers.py
* keystoneclient/v3/contrib/federation/mappings.py
* keystoneclient/v3/contrib/federation/protocols.py
* keystoneclient/v3/contrib/federation/service_providers.py
The methods in the resource class and resource manager return
a 'base.Response' class that has 'request_ids' property.
The caller can get request ids of the callee via that property.
[1] https://review.openstack.org/#/c/329913
Change-Id: I5f90c31020e0dd672a160c7b587f41ba8f2b596c
Co-authored-by: Dinesh Bhor <dinesh.bhor@nttdata.com>
Co-authored-by: Ankit Agrawal <ankit11.agrawal@nttdata.com>
Co-authored-by: Neha Alhat <neha.alhat@nttdata.com>
Implements: blueprint return-request-id-to-caller
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change-Id: Ie386caf4fc9ad660581558406cd72fafc391379d
Closes-Bug: #1763475
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added return-request-id-to-caller function to resources and resource
managers in the following files.
* keystoneclient/v3/projects.py
The methods in the resource class and resource manager return
a wrapper class that has 'request_ids' property.
The caller can get request ids of the callee via the property.
NOTE:
Remaining resources from the V3 package are already covered in the
base patch: https://review.openstack.org/#/c/329913/
Change-Id: I0133d51cfadc02e2dd926b8b0419b2e1dd0fa92a
Co-authored-by: Ankit Agrawal <ankit11.agrawal@nttdata.com>
Co-authored-by: Dinesh Bhor <dinesh.bhor@nttdata.com>
Implements: blueprint return-request-id-to-caller
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We don't check for "enabled" in the region
anywhere thus deprecating it from the create()
and update calls of the v3/region.py. We dont
use it in schema [1] as well as [2].
[1] https://github.com/openstack/keystone/blob/master/keystone/catalog/schema.py#L34
[2] https://github.com/openstack/keystone/blob/master/keystone/catalog/backends/sql.py#L33-L49
Change-Id: I0257d5d42916e3b4d008e592d54eeeebec591633
Partial-Bug: #1615076
|
| | |
| |
| |
| | |
Change-Id: I12ffcf28d05655f1f60038dcf1c42e43a516978e
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Thsi commit adds client support for managing limits in keystone.
bp unified-limits
Change-Id: I33251dbd4d3bfaf178ca86a2f5d564ac94879dd2
|
| |/
|
|
|
|
|
|
|
|
|
| |
This change add client support for creating, reading, updating, and
deleting registered limits.
A subsequent patch will do the same for project-specific limits.
bp unified-limits
Depends-On: https://review.openstack.org/#/c/569741/
Change-Id: I6b5d106d08af53c2ad41ed3f799e9e71d370c6dd
|
| |
|
|
|
|
|
| |
This change overrides the base find functionality within project
in order to encode tags to a base string.
Change-Id: I4599b8a4dafcb9d4178c973eb48a8ad3a7d292f5
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for creating, reading, and deleting application credentials.
Application credentials do not support updating.
Keystoneclient does not handle authentication with application
credentials. This is done in keystoneauth. Additional work will be
needed in python-openstackclient to support both CRUD and auth for
application credentials.
bp application credentials
Change-Id: I21214238deac2c45f2f2d666287c2ae106955ab1
|
| |/
|
|
|
|
|
|
|
| |
This commit adds the necessary bits to be able to use system
role assignments from python-keystoneclient.
bp system-scope
Change-Id: Iecbcbf020a15f2bec777334c648d4477f89f3b2c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the client functionality for the following project tag calls:
- Create a project tag on a project
- Check if a project tag exists on a project
- List project tags on a project
- Modify project tags on a project
- Delete a specific project tag on a project
- Delete all project tags on a project
Co-Authored-By: Jess Egler <jess.egler@gmail.com>
Co-Authored-By: Rohan Arora <ra271w@att.com>
Co-Authored-By: Tin Lam <tin@irrational.io>
Partially Implements: bp project-tags
Change-Id: I486b2969ae0aa2638842d842fb8b0955cc086d25
|
| |
|
|
|
|
|
|
|
| |
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keystoneclient's dependance
on the positional decorator.
Change-Id: I9e691cc8b0c04992f4a8dabd67e1b413d3220d23
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The following API calls are made available:
- GET /OS-EP-FILTER/projects/{project_id}/endpoint_groups
- GET /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects
- PUT /OS-EP-FILTER/endpoint_groups/{endpoint_group}/projects/{project_id}
- HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group}/projects/{project_id}
- DELETE /OS-EP-FILTER/endpoint_groups/{endpoint_group}/projects/{project_id}
Co-Authored-By: Samuel de Medeiros Queiroz <samueldmq@gmail.com>
Closes-Bug: #1641674
Change-Id: Idf938267479b5b8c50c9aa141c3c2770c2d69839
|
| |/
|
|
|
| |
Change-Id: I38e0ac35946ee6e53128babac3ea759a380572e0
Partial-Bug: 1696111
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The following API calls are made available:
- POST /OS-EP-FILTER/endpoint_groups
- GET /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
- HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
- PATCH /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
- DELETE /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
- GET /OS-EP-FILTER/endpoint_groups
Partial-Bug: #1641674
Change-Id: I285eefe82152b178268f671e8800a0ff8c1511e4
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While building keystoneclient docs, there are currently 12 warnings
emitted that specify either:
WARNING: more than one target found for cross-reference u'list'
WARNING: more than one target found for cross-reference u'Auth'
This change specifies the correct object for the docstring with
"List" since there are many instances of "list" within
keystoneclient and specifies the proper "Auth" object. With these
changes, the warnings no longer appear.
Change-Id: I4515429df38760700552d48fc570c03abf116f83
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- At least one API was not implemented (list_implied_roles)
- the tests were lacking assertions and proper mocked responses
- some of the functionality just didn't work (see bug)
- returning Role objects instead of InferenceRule objects
Related commits:
- I80a40e88b571fe9b0eca3af8b705ea79f28eb904
- I66e863fb83f8dfcca2c48116d4377df060f402c3
Closes-Bug: 1647934
Change-Id: I7b449a93d7d4d3eb9ca857f6c1f78f884bad2534
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Allow passing the allow_expired flag to v3 token validation to support
extended service to service communication.
Implements bp: allow-expired
Change-Id: Ia1763fedc1838ad3c58c7f8f98f00b7eaad55a5c
|
| | |
| |
| |
| |
| | |
TrivialFix:"dependant" should be "dependent"
Change-Id: I276876e5909ac5958c9e0e911b45e813b8104702
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Assigments replaced with argument assigment: endpoints.py, service_catalog.py
Note added: 'original_ip' value is never used: session.py
Refactor 'find()' method to increase readability: base.py
Change-Id: I469331b123fdf03e9e7c5d93e1c95da57d30fbbe
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide support for the domain-specific configuration storage available
via the REST API.
Domain configs are JSON blobs and we have fine grained control on them
via the Identity API. This fine grained control is not defined yet in the
client, though - for now, we can manage everything like Python dictionaries
and use operations like "update" whenever we want to delete a specific group
or option. This approach is similar to what is done in the federation mapping
API to handle mapping rules.
Functional tests are also included, this is useful to check if the new
feature works in an integration environment.
Co-Auhtored-By: Henry Nash <henryn@linux.vnet.ibm.com>
Co-Authored-By: Rodrigo Duarte <rduartes@redhat.com>
Closes-Bug: 1433306
Partially Implements: blueprint domain-config-ext
Change-Id: Ie6795b8633fed38c58b79250c11c9a045b7f95a4
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As keystoneclient and other services rely more on keystoneauth we should
assume that keystoneauth is our base auth library, not keystoneclient
and start to default to the objects provided from there. This will make
it easier to remove these objects when the time comes.
For the session independant parts of keystoneclient we should use the
exception names as provided by keystoneauth instead of the aliases in
keystoneclient.
Change-Id: Ic513046f8398a76c244e145d6cc3117cdf6bb4cd
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As keystoneclient and other services rely more on keystoneauth we should
assume that keystoneauth is our base auth library, not keystoneclient
and start to default to the objects provided from there. This will make
it easier to remove these objects when the time comes.
Use the AUTH_INTERFACE special object from keystoneauth in most places.
This uses it everywhere that is actually session independant. For
example it is not changed within the keystoneclient auth plugins
themselves as they are directly compatible with keystoneauth.
Change-Id: Ibc1224fca98c852106feb78c624b0b2f22b3a19d
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I66e863fb83f8dfcca2c48116d4377df060f402c3
Closes-Bug: 1622346
|
| |\ \ \
| |/ /
|/| | |
|
| | |/
| |
| |
| |
| |
| | |
Remove the $mapping_id parameter in the list() method docstring.
Change-Id: I608d445b25406d1b6c7783164584dab3baf90b04
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The 'data' argument was deprecated in the 1.7.0 release
and should have been removed in the 2.0.0 release. It has
been replaced by the 'blob' argument.
Related-Bug: 1259461
Change-Id: I762f46f605a65abe73547ad6e522c54b1cc3aac6
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In preparation to add functional tests for v3 tokens, this
change proposes to detail the method docs, because the tests
need to be based on them.
Change-Id: I5e09a0663c5490fa4dcedeb900c7668a93a8aebd
Partial-Bug: #1330769
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch fixes few nits left by the review
I8fef9c2ec54e38648e1000874c6d2381b6fad576
Change-Id: I31ea3ba97c806f9bb01d33c4a5b429d309816117
Partial-Bug: #1330769
|
