| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: I38c6902ae4c94e2332be300fcfb4d141700170c1
|
|
|
|
|
|
|
|
|
| |
The "insecure" option was being treated as a bool when it was
actually provided as a string. The fix is to parse the string to
a bool.
Closes-Bug: 1411063
Change-Id: Id674f40532215788675c97a8fdfa91d4420347b3
|
|
|
|
| |
Change-Id: I1743fe17301bcbf6a8c9ed8f1f7167c591e23aa5
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
With the out of tree federation plugins going on extract the basic
federation workflow and required information that can be reused.
Change-Id: I6fdb3a5c6d9f3e1d6fa3425fd05809155effed1f
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Adds the error message to give a hint to the user about
what happened.
Change-Id: I9ca56de8592e65194062038c81b468be72ffb2d9
Closes-Bug: 1297280
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It has been mentioned a number of times that the self.requests naming
for the requests_mock object is confusing between whether you are
actually sending a request or are mocking a request.
Rename all entries of the requests object to requests_mock.
This cleans up a couple of entries where the older register_uri format
was being used in favour of using the HTTP method as the requests_mock
method.
Change-Id: I315085b4088130b510f9dbd696011d983598372c
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The keystone CLI is now deprecated. Every time you run it it's
going to print out an annoying message saying how deprecated it
is.
bp deprecate-cli
Change-Id: Ife7ad2025f515dc716efe2b2dd275663c21402da
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
There was no API support for the OS-SIMPLE-CERT v3 extension.
bp auth-token-use-client
Change-Id: Ic3d36018fc2e5a5a0da8d37a7fa58b77b8fa8e15
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It can become difficult to trace the client that created HTTP requests
as the logging all goes through the keystoneclient.session logger. Allow
passing the logger through the request function and make it able to be
set via the adapter so it can be set once per client instantiation.
Change-Id: Id45c315bee9a56f1c241210d667470751bf689d5
Closes-Bug: #1421868
|
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This applies to test_federation.IdentityProviderTests.test_create() and
test_federation.MappingTests.test_create()
Change-Id: Ie88c959626520fcec4ee64ffc73a8fc845c5a6d3
|
|\ \ \ \
| |_|_|/
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch implements the new ways to get the project's hierarchy:
'subtree_as_ids': If True, returns projects IDs down the hierarchy
as a structured dictionay.
'parents_as_ids': If True, returns projects IDs up the hierarchy
as a structured dictionay.
Change-Id: Ia3afe994893dfca059cb8361f7ab1c14e28e1ad5
Implements: blueprint hierarchical-multitenancy-improvements
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The basic Auth plugin for v3 tokens makes the assumption that you need
to pass in some AuthMethod objects. This works well for most auth types
where you want the plugin to construct the auth request for you.
In the case of federation though we want to be able to have a rescoping
plugin that will return an auth_ref and not take any auth_methods as
arguments.
Extract the most basic part of the Auth plugin into BaseAuth class that
Auth and federation plugins can both inherit from.
Change-Id: Ia8c8c614b8eb51170346ff5b1e20a1e7ebbb47de
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The V3 authentication plugins file contained the existing plugins as
well as the base class. As we look to add new plugins it is simpler if
we break this file up.
Change-Id: I42b222a2012ea10491450d6b91c2008178dc7671
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Implement CRUD operations for Service Providers used in K2K.
Implements: bp k2k-service-providers
Change-Id: I514c64d2a412d12cff922a02c575f1764a1a23ae
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add links to identity service and keystone middleware to
the landing page. This indicates to the user that the
three projects are related.
Change-Id: I37bb4cd866524bad69f90c53e6a58d58202fc263
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Partial-Bug: #1428321
|
|\ \ \ \ |
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I've only seen this happen once, however by making the token expiry 5
minutes in the future, then checking that it wont have expired in 300
seconds means that if the test happens all on the same second boundary
then the test will fail.
Just increase the time we're checking for by a second to ensure it
doesn't happen.
Change-Id: Iadeadfbacaf6f1b939c237919b52445c60c9bdd0
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This change adds the 'os_inherit_extension_inherited_to'
parameter when calling the list role assignment method.
It adds the following query to the URL:
http://host:35357/v3/role_assignments?scope.OS-INHERIT:inherited_to=projects
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Change-Id: I9bfeecf4ae9da6a0d232f0cff80af64a16ec0829
Closes-bug: 1367868
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The functions for creating signed tokens in common.cms always used
sha256 for the message digest. This might be inadequate in the future
so the digest algorithm shouldn't be hard-coded. A parameter is added
to allow choosing a different digest algorithm.
SecurityImpact
Change-Id: Ie19d093d0494443ce4cd880ae1f92dffd5c361ef
Related-Bug: #1362343
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I750e817d2ff4e464f36584e5fd298f8037bd84db
|
|\ \ \ \ \ |
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These are mostly unmodified other than:
- fixing up the imports to work in the keystoneclient directories.
- Setting the timeout value to 15 (the tempest default) as we don't
have a CONF file to make it configurable.
Take from tempest Commit: d3a8c7778217cceb84d995f1509e68bb8d7a403f
Change-Id: Id2a4300b7c0a53b2da2f62c07a0ffb71798908b6
Implements: bp functional-testing
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the same service_type was mentioned in the catalog more than once
then only the last entry would be parsed and any possible other matches
would be lost.
This was something that novaclient used to do, and as we are pushing
sessions as the way that clients should all work we need to maintain
that compatibility.
Change-Id: I6964515ed1975bce1998897abfc02a1ec36e2584
Closes-Bug: #1425766
|
|\ \ \ \ |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
Functional test job fails with permission denied trying to execute the
post_test_hook. Set permissions +x.
Change-Id: I9ef052daf73761ea1e4128fc1738278fc8fa2483
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some non-abstract methods only have docstring with no content,
this just add a default content to those function.
Change-Id: Idcf5b9f6ed766d3bc1541e158bdd8e58b06223e2
|
|\ \ \ \ |
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Keystone v3 and v2 have different keywords in endpoint
dictionary. This patch adds ability for keystone client for correct
work with old and new API.
Change-Id: I886b4c7ac3cbe08ac1b88f490e9ca92a90256961
Closes-Bug: #1364463
|
| |/ /
|/| |
| | |
| | | |
Change-Id: If749314fbad1c0e1c55614fed10e7211c62559af
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is a utility function that is used for reducing the amount of data
that is logged. It shouldn't be a public function.
I think there is very little risk from this in terms of compatibility as
it was only added recently.
Change-Id: I003e9f11be478b1282ea9cf179f2dd13e1672a80
|
|\ \ \ \ |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Setup test runners to run unit tests by default and add a stub
functional test that we can get gating.
Change-Id: I6627925ab63340c880adc7c938a0b74faff47bc7
Implements: bp functional-testing
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Operations could fail if the response was logged and had a 'token'
field that's not a dict. The fix is to ignore all errors when
trying to remove the service catalog from the response.
Also, enhanced the service catalog removal code to support V2
tokens.
Closes-Bug: 1420080
Change-Id: I35b971415744825e8e5f00f30dcf193d04ee699a
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Move all the existing tests to the unit/ subdirectory. This gives us
some room to add a functional/ directory later with other tests.
Change-Id: I0fb8d5b628eb8ee1f35f05f42d0c0ac9f285e8c3
Implements: functional-testing
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The comment of function is_asn1_token says "Max length of the
content using 2 octets is 7FFF or 32767", which should be 3FFF or
16383. Using Base64 string "MII" as the pki asn1 prefix, whose
binary form is 0x3082+0b00, the two octets for content length will
start with 0b00, so the max length is 0b0011+0xFFF(0x3FFF).
Change-Id: I6c3cedc0243a60328e0e7bd45957616ad272f524
|
|\ \ \ \
| |_|/ /
|/| | | |
|