8281 Commits

Author SHA1 Message Date
Brant Knudson
068cba0047 Enable try_except_pass Bandit test
The try_except_pass test checks that pass isn't used in an except
block because it's the source of lots of security issues. The
current instances of pass in an except block are marked as nosec.

Change-Id: I73af6b80fa75286e96943026b7b71ad23dc1786b
2015-10-15 12:56:35 -05:00
Brant Knudson
61397486a3 Enable subprocess_without_shell_equals_true Bandit test
The subprocess_without_shell_equals_true test checks that subprocess
is called because it can easily be used incorrectly. The current use
is correct since it passes a list rather than a command string.

Change-Id: Ia31b1911547560e245cd1ae0c91cf7789146424f
2015-10-15 12:56:35 -05:00
Jenkins
2fd0f65712 Merge "Create a version package" 2015-10-15 17:39:23 +00:00
OpenStack Proposal Bot
f01b564036 Updating sample configuration file
Change-Id: Ie677fb24c7322fd5b175430706fe00474f7d3aa9
2015-10-15 07:28:48 +00:00
Jenkins
b915b5b656 Merge "Remove bas64utils and tests" 2015-10-15 07:27:16 +00:00
Jenkins
668a8bcc9c Merge "add placeholder migrations for liberty" 2015-10-15 07:12:21 +00:00
Jenkins
161c201d3f Merge "Updated from global requirements" 2015-10-15 04:18:21 +00:00
Jenkins
8fe85c036a Merge "Handle 16-char non-uuid user IDs in payload" 2015-10-15 04:18:15 +00:00
Jenkins
437c416461 Merge "keystone-paste.ini docs for deployers are out of date" 2015-10-15 04:17:38 +00:00
Jenkins
6f8c99b72e Merge "add initiator to v2 calls for additional auditing" 2015-10-15 04:13:18 +00:00
Jenkins
0b7330dfda Merge "Refactor: Don't hard code 409 Conflict error codes" 2015-10-15 04:11:12 +00:00
Jenkins
3f73891181 Merge "Fix the referred [app:app_v3] into [pipeline:api_v3]" 2015-10-15 03:05:13 +00:00
OpenStack Proposal Bot
a56018e57c Updated from global requirements
Change-Id: I46ad52ff5188a96f0b7f6ec810d3b682e8e9c59d
2015-10-15 00:05:30 +00:00
Ron De Rose
558bbff0cb keystone-paste.ini docs for deployers are out of date
Updated the docs to better reflect v3 deployments. Essentially, matched
the [app:service_v3] entry with the value in the ini file.

Closes-Bug: 1504891
Change-Id: I57f6a2a5287b2f6aa108586c1ad07b9a6235d53d
2015-10-14 18:50:10 +00:00
Steve Martinelli
0fe9eec011 add placeholder migrations for liberty
this should land as soon as possible for mitaka

Change-Id: I965bc59b2fdfd6351391f43e5311154727b26f86
2015-10-13 01:22:38 -04:00
Steve Martinelli
514781188a Remove bas64utils and tests
This code looks completely unused, so remove it.

Change-Id: I642998710f4b6f5ac9914c4865b7941d6bdfdb79
2015-10-13 00:33:39 -04:00
Steve Martinelli
64c491f932 Create a version package
There are files hanging around the top level directory that only
handle the versioning routes of keystone (/v2.0 and /v3).

These should be moved to their own package to further isolate
these APIs.

Closes-Bug: #1504892
DocImpact

Change-Id: Ica0ddcbeb6f7fc00a4ad3919fa16bf135637a607
2015-10-12 23:59:16 +00:00
Brant Knudson
6016d01700 Remove oslo.policy implementation tests from keystone
oslo.policy 0.12.0 contains a change to use requests to do the http
check rather than urllib. This change caused keystone tests to fail
because the keystone tests were mocking urllib, making assumptions
about how oslo.policy is implemented. Keystone doesn't need to test
internal features of oslo.policy, so these tests are removed.

Change-Id: I9d6e4950b9fe75cbb94100c8effdcec002642027
Closes-Bug: 1505374
2015-10-12 15:14:53 -05:00
Lance Bragstad
ce293f68ed Refactor: Don't hard code 409 Conflict error codes
This patch replaces hard coded HTTP codes with constants.

Change-Id: I5b314c250d2e891ed8af1d3878b57461075c68f1
2015-10-12 19:00:21 +00:00
Jenkins
8500d76e35 Merge "Refactor: change 403 status codes in test names" 2015-10-12 16:19:39 +00:00
Jenkins
0fef62167d Merge "Refactor: change 410 status codes in test names" 2015-10-12 05:07:19 +00:00
Jenkins
e44664ee3b Merge "Refactor: change 400 status codes in test names" 2015-10-12 05:07:07 +00:00
Jenkins
1559fe0852 Merge "Refactor: change 404 status codes in test names" 2015-10-12 04:48:29 +00:00
Jenkins
68b7c6c098 Merge "Expose 1501698 bug" 2015-10-10 05:08:54 +00:00
Jenkins
5f8f711c55 Merge "Enable password_config_option_not_marked_secret Bandit test" 2015-10-09 18:06:57 +00:00
Lance Bragstad
9b81c3e1b2 Refactor: change 403 status codes in test names
Change I952cac73a9713bde4ad757371ca8b4ded93f207e refactored the keystone test
cases to use the six.moves.http_client for HTTP status codes instead of
integers. This change refactors the method names to follow the same pattern.

Change-Id: I90b17a7196075c164fe8bbd0f43af13a118e4c7e
2015-10-09 15:16:29 +00:00
Lance Bragstad
c1ac777eaf Refactor: change 410 status codes in test names
Change I952cac73a9713bde4ad757371ca8b4ded93f207e refactored the keystone test
cases to use the six.moves.http_client for HTTP status codes instead of
integers. This change refactors the method names to follow the same pattern.

Change-Id: I6f0cc05d9bf45a32d50e83151141796ba76325ec
2015-10-09 15:14:16 +00:00
Lance Bragstad
0448bc4a98 Refactor: change 400 status codes in test names
Change I952cac73a9713bde4ad757371ca8b4ded93f207e refactored the keystone test
cases to use the six.moves.http_client for HTTP status codes instead of
integers. This change refactors the method names to follow the same pattern.

Change-Id: Ic830ba42200ea39d0a0bd5f3355b8b32b292ae83
2015-10-09 15:12:27 +00:00
Jenkins
d25de7de9e Merge "Imported Translations from Zanata" 2015-10-09 15:09:10 +00:00
Lance Bragstad
fb20c5fca9 Refactor: change 404 status codes in test names
Change I952cac73a9713bde4ad757371ca8b4ded93f207e refactored the keystone test
cases to use the six.moves.http_client for HTTP status codes instead of
integers. This change refactors the method names to follow the same pattern.

Change-Id: I5b48598afa55a7c15ca21e79f9c572001e17b069
2015-10-09 15:08:23 +00:00
OpenStack Proposal Bot
6f5fce4937 Updated from global requirements
Change-Id: Ibc42bb8a71f3fd01dd8e28fe47d71b13e36b9426
2015-10-09 12:20:04 +00:00
Jenkins
3f1a6a1c50 Merge "Fixed missed translatable string inside exception" 2015-10-09 10:59:55 +00:00
OpenStack Proposal Bot
c148c956d3 Imported Translations from Zanata
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure

Change-Id: Ie9915954c7b83305a228d18400e09f2206f8c329
2015-10-09 06:13:56 +00:00
Steve Martinelli
84b2285a1e add initiator to v2 calls for additional auditing
currently notifications are emitted for v2 calls, but the
initiator field is not filled in.

Co-authored-by: sam leong <chio-fai-sam.leong@hpe.com>

Change-Id: Ie2c3fe8d105d59ab89b7f6625e159d4eb6e923b0
Closes-Bug: #1485035
2015-10-08 16:28:50 -07:00
Jenkins
0e1d261ecf Merge "Enable hardcoded_bind_all_interfaces Bandit test" 2015-10-08 16:26:16 +00:00
Tom Cocozzello
8cd929e27a Fixed missed translatable string inside exception
A string inside an exception was not being passed to
i18n translation so it will only show up as English if it
was ever thrown.

Here is a grep I used to make sure there were no more
exception strings that were not being passed to translations
before they were thown.
grep -r 'exception' . | grep '("' | grep -v '_'

Change-Id: I51a0d6d5b1d4053c380c8be5a0e6ac4e61985b81
2015-10-08 08:54:56 -05:00
Jenkins
e0e147cf8a Merge "functional tests for keystone on subpaths" 2015-10-08 06:05:22 +00:00
Jenkins
c043818cad Merge "Document httpd for accept on /identity, /identity_admin" 2015-10-08 05:09:18 +00:00
Jenkins
43bd7944fe Merge "Reclassify get_project_by_name() controller method" 2015-10-08 01:06:44 +00:00
Jenkins
b0df1f22ca Merge "Additional documentation for services" 2015-10-07 23:46:27 +00:00
Jenkins
617f6dbd04 Merge "Deprecate httpd/keystone.py" 2015-10-07 23:43:26 +00:00
Eric Brown
794e1510cc Handle 16-char non-uuid user IDs in payload
If a user_id just happens to be of 16 character length, this will
cause the convert_uuid_bytes_to_hex function to improperly return
a UUID value instead of the user_id string unconverted.

This patch modifies the payload to indicate whether the ID was in
fact a UUID and the attempt to convert to bytes was successful.

This change has effect on more than just user IDs.  It also resovles
potential issues with project IDs, group IDs, IDP IDs, and scope IDs.

Change-Id: Ia4a4f760d67d8bbc22759c48fc800aef016b84ed
Closes-Bug: #1497461
2015-10-07 14:50:35 -07:00
Jenkins
7128933e1b Merge "Rename fernet methods to match expiration timestamp" 2015-10-07 20:47:59 +00:00
Jenkins
b492efcb06 Merge "Documentation for other services" 2015-10-07 20:47:47 +00:00
Jenkins
f6053143d9 Merge "Add unit test for creating RequestContext" 2015-10-07 19:37:06 +00:00
Jenkins
7a3b2a2092 Merge "Add user_domain_id, project_domain_id to auth context" 2015-10-07 19:36:55 +00:00
Jenkins
a243ba5c0a Merge "Add user domain info to federated fernet tokens" 2015-10-07 19:34:40 +00:00
Lance Bragstad
ebbffb6298 Additional documentation for services
Change-Id: I285baf3e0fa7115623e31610fd4e9c3ba6aa098b
2015-10-07 15:37:52 +00:00
Lance Bragstad
94904b305b Rename fernet methods to match expiration timestamp
Fernet tokens carry the token creation time as part of the Fernet
specification, which is an integer. This is not the case with the token
expiration time, which is carried in the payload of the Fernet token. Keystone
converts the timestamp to a floating point value to save space in the token.
Previously, all the methods handling this conversion, along with the related
tests, communicated that this conversion was to an integer instead of a
float. This change corrects the methods signatures in the Fernet token provider
to be consistent with the timestamp type that is used in the implementation.

Change-Id: Ibea9fa0d546948501ebcd9f9f826b1f1319246f2
2015-10-07 14:13:54 +00:00
Jenkins
01b5a711c3 Merge "Updated from global requirements" 2015-10-07 09:53:21 +00:00