Commit Graph

2354 Commits

Author SHA1 Message Date
Dolph Mathews
23ca656927 Refactor 404's into managers & drivers (bug 968519)
The goal is to move the responsibility of reference checks away from
controllers and into the underlying managers & drivers, which can
handle the task with equal or greater efficiency.

- Tenant references from create_user/update_user are NOT tested
  due to inconsistencies between backends
- Additional test coverage improvements

Also fixes bug 999209, bug 999608, bug 1006029, bug 1006055, bug 1006287,
bug 1006334, and bug 1006344.

Change-Id: I7de592e7dd4518038436b9a9fdaab559b00a0537
2012-06-27 11:47:24 -05:00
Bhuvan Arumugam
94f45dac51 Utilize newer changes in openstack-common.
Use common.setup.get_cmdclass() to clean-up redundant code.

* keystone/openstack/common/setup.py
  Sync from openstack-common project.

* setup.py
  Code clean-up. No functional change.

Change-Id: I12f538ba8e727270b3b615dc06b0fd0328f36e1e
2012-06-21 21:14:26 -07:00
Dolph Mathews
991a6182e0 Removed unused import
Change-Id: I9fec34122ca28ac9d2d9866cfe6ab203998d177d
2012-06-21 11:21:49 -05:00
Jenkins
d085f43875 Merge "Monkey patching 'thread'." 2012-06-20 23:07:48 +00:00
Zhongyue Luo
79647c6baf Reorder imports by full module path
Fixes bug #1013441

Sort imports by lexicographical order of full module path

Change-Id: I60231d87618466426dc7bfac7bb0644a0dbd079a
2012-06-20 07:39:42 +08:00
Anthony Young
cc91786a5b Pass serviceCatalog in auth_token middleware
* This will allow  for chained requests (novaclient -> nova -> cinder)
 * Fixes bug 1010237

Change-Id: Iab126cb1f2fb01ca7da24fa9fe97ec81ee96e455
2012-06-19 16:53:09 -05:00
Jenkins
720b7648a5 Merge "Fixed typo in routing conditions (bug 1006793)" 2012-06-19 19:48:37 +00:00
Jenkins
bda35f25c7 Merge "400 on unrecognized content type (bug 1012282)" 2012-06-19 19:28:33 +00:00
Dolph Mathews
a68d530133 Fixed typo in routing conditions (bug 1006793)
The kwarg should be 'method' not 'methods', per Routes docs.
See: http://routes.readthedocs.org/en/latest/setting_up.html#conditions

Example in lieu of negative tests...
Without this change: http://paste.openstack.org/raw/18326/
With this change: http://paste.openstack.org/raw/18325/

Change-Id: If91fc0c79b320652674c68c433989a60c098dc1e
2012-06-19 14:25:19 -05:00
Jenkins
9bc14483a4 Merge "Speed up SQL unit tests." 2012-06-19 19:19:59 +00:00
Dolph Mathews
489c6b60d1 400 on unrecognized content type (bug 1012282)
Unrecognized content type:
  http://paste.openstack.org/raw/18537/

Malformed JSON:
  http://paste.openstack.org/raw/18536/

Change-Id: I76afbf9300bcb1c11bed74eddbe4972c451c5877
2012-06-19 14:17:24 -05:00
Rafael Durán Castañeda
3f9f77af19 Monkey patching 'thread'.
Fixes bug 1012381.

Change-Id: Icb7b2372df96d647fc6dcd4c4ebe72c8aa607f9d
2012-06-19 20:40:05 +02:00
Adam Young
5c35a84b72 Speed up SQL unit tests.
Using a cached copy of the SQLite Data base speeds up the tests:

Before this change

Ran 44 tests in 126.154s
OK
Slowest 5 tests took 15.87 secs:
    3.34       test_delete_role (test_backend_sql.SqlIdentity)
    3.17       test_delete_user_with_tenant_association (test_backend_sql.SqlIdentity)
    3.17       test_create_tenant_invalid_name_fails (test_backend_sql.SqlIdentity)
    3.10       test_get_user (test_backend_sql.SqlIdentity)
    3.10       test_get_tenant_bad_tenant (test_backend_sql.SqlIdentity)

After this change:

Ran 44 tests in 58.996s

OK
Slowest 5 tests took 8.64 secs:
    2.57       test_add_user_to_tenant (test_backend_sql.SqlIdentity)
    1.58       test_update_tenant_long_name_fails (test_backend_sql.SqlIdentity)
    1.51       test_rename_duplicate_user_name_fails (test_backend_sql.SqlIdentity)
    1.50       test_delete_tenant_with_user_association (test_backend_sql.SqlIdentity)
    1.49       test_delete_user_with_tenant_association (test_backend_sql.SqlIdentity)

Slowest test was where the database was initialized

Change-Id: Idf046763e8718762695bbcedce4d223f654054db
2012-06-18 20:27:41 -04:00
Dolph Mathews
66a0b63dab PEP8 fixes
Change-Id: I0989396691eb31d9008c016e64f2c197f8c7e48c
2012-06-18 14:16:34 -05:00
Monty Taylor
e33a4742a8 Clean up test requires a bit.
The main culprit here was prettytable - but because of the way this was
working, it was causing intermittent transient network issues from pypi in
the devstack gates.

Change-Id: I62117116c850361c5e2de7e6485c14ef43007c1d
2012-06-16 13:01:39 -04:00
Jenkins
a00791576e Merge "Carrying over token expiry time when token chaining" 2012-06-14 16:59:13 +00:00
Jenkins
b6c0c029bf Merge "Use cfg's new global CONF object" 2012-06-14 16:59:13 +00:00
Jenkins
deeefdb7c2 Merge "Tweak for easier, safer subclassing" 2012-06-14 16:59:11 +00:00
Mark McLoughlin
b2aa78b558 Use cfg's new global CONF object
Implements blueprint cfg-global-object

Change-Id: Ic53b41dafa8666ce21f33697f7e8697f1e5cb0fd
2012-06-13 08:14:40 +01:00
Jenkins
84a7f37510 Merge "Require authz for user role list (bug 1006815)" 2012-06-08 17:00:02 +00:00
Chmouel Boudjnah
b2aa620bc9 Add s3 extension in keystone.conf sample.
- Document S3 functionality along the way.

Change-Id: I5525cd084aa16a33176c2ed0c3df53e9743072fc
2012-06-08 15:15:18 +00:00
Jenkins
3f5d394def Merge "fix importing of optional modules in auth_token" 2012-06-07 17:20:14 +00:00
Ken Thomas
3ed1cafebd Tweak for easier, safer subclassing
Implements the "follow up suggestion" in blueprint sql-identiy-pam

Moved the call to utils.check_password call to its own subroutine.
This allows anyone creating a subclass for sql.Identity to just replace
this new 'check_password' method rather than the entire
'authenticate' method. (This is modeled after ldap/core.py which
already does this.) If the logic in 'authenticate' changes, any
derrived classes won't need to be modified.

Updated to make method private.

Change-Id: I1a06596861fd016f63f5f1a5fe8180993f04f4f5
2012-06-07 10:10:59 -07:00
Dolph Mathews
c785018e0e Revert file mode to be non-executable
Change-Id: Ib2a84f1e5d7d155fc53c60ede073c96a2332d030
2012-06-07 10:49:09 -05:00
Pádraig Brady
b71fb3de89 fix importing of optional modules in auth_token
* keystone/middleware/auth_token.py: Catch the
correct exception so that the memcache and iso8601
modules can be optional as intended.
* tests/test_auth_token_middleware.py: Test
the ImportError path
* keystone/test.py: Add a new mixin class to
support disabling importing of a module.

Bug: 1003715
Change-Id: I87cc2f3bc79b17a52ea672bac7e0ebcf9e1fce57
2012-06-07 16:46:21 +01:00
Jenkins
987bc69326 Merge "Use X_USER_NAME and X_ROLES headers." 2012-06-06 15:56:38 +00:00
Jenkins
d68ef5864e Merge "Require authz for service CRUD (bug 1006822)" 2012-06-05 18:26:44 +00:00
Jenkins
7fbb4d225f Merge "Use cfg's new behavior of reset() clearing overrides" 2012-06-05 17:56:02 +00:00
Jenkins
b75efede1a Merge "Use cfg's new group autocreation feature" 2012-06-05 17:56:00 +00:00
Jenkins
2ec3e232dc Merge "Sync with latest version of openstack.common.cfg" 2012-06-05 17:55:58 +00:00
Derek Higgins
375838cfce Carrying over token expiry time when token chaining
Fixes bug #998185

This commit causes the token expiry time to be maintained when
one token is being created from another

Change-Id: I7b61692a60d9227423b93c267864a5abe939ca33
2012-06-05 15:27:13 +01:00
Zhongyue Luo
17723a6b6d Keystone should use openstack.common.importutils
Implements blueprint use-common-importutils

Change-Id: I597f71dc72aa3b87a454c4a23ca1b5328e222f76
2012-06-04 13:49:02 +08:00
Dolph Mathews
868054992f Require authz for user role list (bug 1006815)
Change-Id: I65f25dcca3e265f44746930917434b45e64de15e
2012-06-03 12:24:10 -05:00
Dolph Mathews
1d146f5c32 Require authz for service CRUD (bug 1006822)
Change-Id: Ia90f0aa2b856b9a9874d4865fb92ee913e8125c5
2012-06-03 12:08:44 -05:00
Dolph Mathews
4bfa203ac4 PEP8 fixes
Change-Id: I957311f7e2f371217d8812c7319b87623e8972e9
2012-06-01 08:19:04 -07:00
Jenkins
1349e12735 Merge "Update swift_auth documentation." 2012-05-29 21:58:21 +00:00
Jenkins
b6dbb103e1 Merge "Add ACL check using <tenant_id>:<user> format." 2012-05-29 21:38:26 +00:00
Jenkins
081c541603 Merge "Make sure we parse delay_auth_decision as boolean." 2012-05-29 21:17:51 +00:00
Jenkins
dd59347b65 Merge "Changed arguments in keystone CLI for consistency." 2012-05-29 21:07:53 +00:00
Jenkins
ab735fe20f Merge "Allow other middleware overriding authentication." 2012-05-29 20:58:23 +00:00
Jenkins
8de61f8af4 Merge "blueprint 2-way-ssl" 2012-05-29 20:17:33 +00:00
Jenkins
654dd41632 Merge "One 'ctrl-c' kills keystone." 2012-05-29 19:24:12 +00:00
Mark McLoughlin
d2619f12cd Use cfg's new behavior of reset() clearing overrides
Change-Id: I992a955529e57f20c2dc6db62b7305558848cf0c
2012-05-29 09:10:57 +01:00
Mark McLoughlin
65ec6529d4 Use cfg's new group autocreation feature
Change-Id: I8bd2581f01fb97afc64305743818ddc146dc14fe
2012-05-29 09:10:57 +01:00
Mark McLoughlin
dd14b16c5c Sync with latest version of openstack.common.cfg
Changes since last sync:

 - make reset() clear defaults and overrides
 - automatically create option groups
 - allow options to be marked as required
 - use a list comprehension instead of map()

Change-Id: Id259a7ffe791a7e272fcc8bb21d7d0bc4f9e591d
2012-05-29 09:10:57 +01:00
Liem Nguyen
f537a8259b blueprint 2-way-ssl
Implemented bp/2-way-ssl using eventlet-based SSL.

Change-Id: I5aeb622aded13b406e01c78a2d8c245543306180
2012-05-24 17:09:53 +00:00
Chmouel Boudjnah
bb2fbb7030 Fixes some pep8 warning/errors.
- Using flake8 so a bit more than that.

Change-Id: I63fa21f7d3d02f96c0c56804fdd56da37c952d7d
2012-05-24 16:21:09 +02:00
Chmouel Boudjnah
055d073803 Update swift_auth documentation.
- Make it consistent between the source documentation and the rst
  documentation.
- Note about the default being https.

Change-Id: Ic78ef79198eee9b514bb52fce12d7224e9ab65ae
2012-05-23 12:52:09 +02:00
Lin Hua Cheng
30654a65ea Add ACL check using <tenant_id>:<user> format.
Fixes bug 999998.

Swift auth middleware uses a new format for expressing
a container ACL for a user: <tenant_name>:<user>. This
fix add supports for checking ACL using the old format
of <tenant_id>:<user>.

Change-Id: I44985b191afb174605c35041741056ae1e78fa77
2012-05-22 22:16:59 -07:00
Chmouel Boudjnah
daf395b5e8 Use X_USER_NAME and X_ROLES headers.
- Don't use deprecated headers X_USER and X_ROLE but the newest one
  X_USER_NAME and X_ROLES.
- Fixes bug 999447.

Change-Id: I12752c7668863cbb47ee4b6e484cc494133443e8
2012-05-22 15:03:15 +00:00