This reverts commit aa06f462a6f74312289705f0da41ac5c2a549693.
We finally did not release the transitional package,
so the previous commit has no meaning.
Change-Id: I03f53dc45ec5c425863ac7278f2fb1a0d9a298f2
It was suggested to create a new major version (which will be 4.0.0)
of DOA as a transitional package to stop providing any module itself.
http://lists.openstack.org/pipermail/openstack-dev/2018-January/126431.html
Queens release of horizon is planned to depend on the new DOA release.
Part of blueprint merge-openstack-auth
Change-Id: I3776fedcf21c1b4d669fede478f58518d489f0ef
In Queens development cycle, openstack_auth code was merged
into the horizon repository.
blueprint merge-openstack-auth
Change-Id: I74b10a90fe79fc768cfb8de6f68d3cd2f4938e51
In Django 1.10 a new Form property was introduced, defaulting to True,
which enabled HTML form validation for fields marked "required" in
Django. This changed old behavior, which was that required fields were
only validated server-side. This patch restores old behavior by setting
use_required_attribute to False for the inherited AuthenticationForm.
This problem arose because when WebSSO is enabled and a
non-keystone-credentials authentication method is selected from the
dropdown list, the now-hidden username and password fields are still
marked "required" and still validated client-side, even though they are
invisible to the user and cannot be filled in. It would be nice to fix
the javascript to properly turn the "required" attribute on or off
depending on what authentication method is selected and whether the
"required" fields are even visible, but for now this just restores the
behavior we had before Djanto 1.10.
Change-Id: I3e798a2288d9c33396b40a86b07ea8c163d3b525
Closes-bug: #1703109
This change introduces the POLICY_DIRS setting which adds the ability
to define multiple policy directories per service.
Blueprint: policy-dirs
Change-Id: Ie42f1aa68539b7388661ddfe2c265255cd574736
In case DEFAULT_SERVICE_REGIONS setting in Horizon config is specified
(on a per-endpoint basis), use it instead of a value stored in
cookies. This value is still checked for sanity, i.e. it should be
present in Keystone service catalog.
Change-Id: Ia4787b56db7ce7787bd8aac21b5c0ec8a95a6f09
Related-Bug: #1506825
Closes-Bug: #1703390
Current hacking check actually does not check attribute-level
imports. We can safely drop import_exceptions from tox.ini.
Also drops noqa to guard import exceptions from the same reason.
Change-Id: I4e37931a7bfb0aa7867d027125ffcf66e414cf08
Recently the support for domain drop-down menu at login was merged
into django_openstack_auth and the corresponding settings docs were
merged into horizon. This commit migrates the settings docs from
horizon as we recently moved django_openstack_auth settings into
the in-tree docuemnt.
Change-Id: Idc84a2535c1918079c6dcba09aef9110cf9be7df
On clouds that use domain-specific Identity configuration[1], a user
must provide both their username and domain in order to log into
horizon. Without this patch, users must be aware of their domain's name
and enter it into a text box at login. This is sensible on public
clouds, because supplying potential domains to an unauthenticated user
exposes too much information about other customers and makes potential
attacks easier. On private clouds, however, it is a hinderance to
usability. For example, when migrating from a single-domain
configuration to a multi-domain configuration, users must now guess or
be informed of their domain in order to enter it in the text box. As
another example, when keystone domains are mapped to Active Directory
domains, the user may not be used to having to know their AD domains and
would prefer to select a likely one based on their geographical location
or department from a dropdown menu.
This patch adds support for a new config option,
"OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN" for enabling a dropdown menu
instead of a textbox when MULTIDOMAIN_SUPPORT is enabled. The dropdown
is disabled by default. If enabled, choices for domains to display and
submit are configured in "OPENSTACK_KEYSTONE_DOMAIN_CHOICES". It is not
possible to dynamically generate a list of domains before the user has
authenticated and this would be a huge security hole if this was
possible. Requiring the admin to statically set the domain list allows
them to hide private domains like the service users domain.
[1] https://docs.openstack.org/developer/keystone/configuration.html#domain-specific-drivers
Change-Id: Ie0a7e36b9975342fab81ddebb87880608d3ef187
Needed-By: I71d64182524d1f54745d9e42347b3a605fa2a920
Previously most (not all) openstack_auth configuration options
are documented in the horizon documentation.
It would be nice if we have the config reference in the same repo
so that we can easily manage the contents.
Horizon document will be updated to refer to this.
Change-Id: Ie1986a77bc5d69e27ae52f3b59377a41c3462e2b
* Populate doc build timestamp
* Fix the title of reference/user.rst as openstackdocstheme does not
handle a title string with backquoted string in the nav icons.
* Remove unnecessary build configurations (manpage, latex, texinfo)
* Remove the heading "Indices and tables" in index.rst.
It simplifies the toc of the top page.
Change-Id: If35bd99ee203105418ea49eb921b2d6d428e0187
Starting in Django 1.7, standalone scripts, such as a sphinx build
require that django.setup() be called first. See:
https://docs.djangoproject.com/en/1.8/releases/1.7/#standalone-scripts
This should be added to the horizon/docs/source/conf.py
setenv DJANGO_SETTINGS_MODULE for docs env in tox.ini
is no longer needed as it is configured in doc/source/conf.py.
Change-Id: I910dae37770ab9767689918a0c61b78d9c56115a