The try_except_pass test checks that pass isn't used in an except
block because it's the source of lots of security issues. The
current instances of pass in an except block are marked as nosec.
Change-Id: I73af6b80fa75286e96943026b7b71ad23dc1786b
The subprocess_without_shell_equals_true test checks that subprocess
is called because it can easily be used incorrectly. The current use
is correct since it passes a list rather than a command string.
Change-Id: Ia31b1911547560e245cd1ae0c91cf7789146424f
Updated the docs to better reflect v3 deployments. Essentially, matched
the [app:service_v3] entry with the value in the ini file.
Closes-Bug: 1504891
Change-Id: I57f6a2a5287b2f6aa108586c1ad07b9a6235d53d
There are files hanging around the top level directory that only
handle the versioning routes of keystone (/v2.0 and /v3).
These should be moved to their own package to further isolate
these APIs.
Closes-Bug: #1504892
DocImpact
Change-Id: Ica0ddcbeb6f7fc00a4ad3919fa16bf135637a607
oslo.policy 0.12.0 contains a change to use requests to do the http
check rather than urllib. This change caused keystone tests to fail
because the keystone tests were mocking urllib, making assumptions
about how oslo.policy is implemented. Keystone doesn't need to test
internal features of oslo.policy, so these tests are removed.
Change-Id: I9d6e4950b9fe75cbb94100c8effdcec002642027
Closes-Bug: 1505374
Change I952cac73a9713bde4ad757371ca8b4ded93f207e refactored the keystone test
cases to use the six.moves.http_client for HTTP status codes instead of
integers. This change refactors the method names to follow the same pattern.
Change-Id: I90b17a7196075c164fe8bbd0f43af13a118e4c7e
Change I952cac73a9713bde4ad757371ca8b4ded93f207e refactored the keystone test
cases to use the six.moves.http_client for HTTP status codes instead of
integers. This change refactors the method names to follow the same pattern.
Change-Id: I6f0cc05d9bf45a32d50e83151141796ba76325ec
Change I952cac73a9713bde4ad757371ca8b4ded93f207e refactored the keystone test
cases to use the six.moves.http_client for HTTP status codes instead of
integers. This change refactors the method names to follow the same pattern.
Change-Id: Ic830ba42200ea39d0a0bd5f3355b8b32b292ae83
Change I952cac73a9713bde4ad757371ca8b4ded93f207e refactored the keystone test
cases to use the six.moves.http_client for HTTP status codes instead of
integers. This change refactors the method names to follow the same pattern.
Change-Id: I5b48598afa55a7c15ca21e79f9c572001e17b069
currently notifications are emitted for v2 calls, but the
initiator field is not filled in.
Co-authored-by: sam leong <chio-fai-sam.leong@hpe.com>
Change-Id: Ie2c3fe8d105d59ab89b7f6625e159d4eb6e923b0
Closes-Bug: #1485035
A string inside an exception was not being passed to
i18n translation so it will only show up as English if it
was ever thrown.
Here is a grep I used to make sure there were no more
exception strings that were not being passed to translations
before they were thown.
grep -r 'exception' . | grep '("' | grep -v '_'
Change-Id: I51a0d6d5b1d4053c380c8be5a0e6ac4e61985b81
If a user_id just happens to be of 16 character length, this will
cause the convert_uuid_bytes_to_hex function to improperly return
a UUID value instead of the user_id string unconverted.
This patch modifies the payload to indicate whether the ID was in
fact a UUID and the attempt to convert to bytes was successful.
This change has effect on more than just user IDs. It also resovles
potential issues with project IDs, group IDs, IDP IDs, and scope IDs.
Change-Id: Ia4a4f760d67d8bbc22759c48fc800aef016b84ed
Closes-Bug: #1497461
Fernet tokens carry the token creation time as part of the Fernet
specification, which is an integer. This is not the case with the token
expiration time, which is carried in the payload of the Fernet token. Keystone
converts the timestamp to a floating point value to save space in the token.
Previously, all the methods handling this conversion, along with the related
tests, communicated that this conversion was to an integer instead of a
float. This change corrects the methods signatures in the Fernet token provider
to be consistent with the timestamp type that is used in the implementation.
Change-Id: Ibea9fa0d546948501ebcd9f9f826b1f1319246f2