8881 Commits

Author SHA1 Message Date
OpenStack Proposal Bot
5bd939fd23 Updated from global requirements
Change-Id: I763b285c32c4a016f5d2146e5a613f8df27c0895
2016-01-24 03:58:02 +00:00
Steve Martinelli
384424bf70 skip test_get_token_id_error_handling to get gate passing
only skip the test for the TestPKIProviderWithStdlib class

Change-Id: I9f1d487eff8b9afc85dc6290afcf5199a5ab12f3
Related-Bug: 1537401
2016-01-23 16:55:57 -05:00
Jenkins
efc08a2e10 Merge "Check for circular references when expanding implied roles" 2016-01-23 10:44:47 +00:00
Jenkins
1095645277 Merge "Refactors validation tests to better see the cases" 2016-01-23 10:43:55 +00:00
Jenkins
1265ce02c5 Merge "Update sample catalog templates" 2016-01-23 10:43:31 +00:00
Jenkins
759645807c Merge "Fixes style issues in a v2 controller tests" 2016-01-23 10:40:46 +00:00
Jenkins
f1a071a57f Merge "Prevents creating is_domain=True projects in v2" 2016-01-23 10:20:23 +00:00
Jenkins
18082380e2 Merge "Strengthen Mapping Validation in Federation Mappings" 2016-01-23 10:19:04 +00:00
Adam Young
2a5599811e Check for circular references when expanding implied roles
closes-bug #1536321

Change-Id: I30d4f54135864d10093437a0541d6f40255e40e2
2016-01-23 07:10:24 +00:00
Jenkins
dc01e06ab4 Merge "Address comments from Implied Role manager patch" 2016-01-23 07:00:21 +00:00
David Stanek
16fe29a038 Fixes style issues in a v2 controller tests
These are things I found when reviewing
I569e4ab147a16bb019fb3d5f4f6218c75f4a3cca.

Change-Id: Ie9fa3335c47340d6402ef6272139d4fe9f323f97
2016-01-23 02:05:59 +00:00
henriquetruta
5599226956 Prevents creating is_domain=True projects in v2
Keystone v2 must not allow the creation of projects with the is_domain
field set True.

Co-Authored-By: Rodrigo Duarte <rodrigods@lsd.ufcg.edu.br>

Change-Id: I569e4ab147a16bb019fb3d5f4f6218c75f4a3cca
Closes-Bug: 1496946
2016-01-23 02:02:28 +00:00
Jenkins
71436b3ca2 Merge "Updated from global requirements" 2016-01-23 01:42:41 +00:00
Jenkins
4b12da44fe Merge "deprecate write support for identity LDAP" 2016-01-22 21:18:38 +00:00
David Stanek
a52438fb0f Refactors validation tests to better see the cases
I had a hard time seeing if all of the cases were covered. This is to
make the cases very obvious.

Change-Id: I1c1c3f6cd4c29fd8e057f24c1d748d73af13627d
2016-01-22 20:41:13 +00:00
Jenkins
fdf36f7aa8 Merge "Deprecate hash_algorithm config option" 2016-01-22 19:10:36 +00:00
Jenkins
76ecb5ea4b Merge "Mark memcache and memcache_pool token deprecated" 2016-01-22 19:10:20 +00:00
Jenkins
aa392b3863 Merge "List assignments with names" 2016-01-22 19:10:03 +00:00
Jenkins
6324ce1eba Merge "Remove additional references to ldap role attribs" 2016-01-22 19:03:22 +00:00
Jenkins
ea4abae947 Merge "Remove more ldap project references" 2016-01-22 18:56:18 +00:00
lin-hua-cheng
b43b35bad2 Address comments from Implied Role manager patch
This patch addresses most of the comments from patch:
https://review.openstack.org/#/c/264260/

Changes:
- fix nits on documentation
- minor refactor in get and delete of implied
roles SQL backend
- added tests for CRD of implied role and ImpliedRoleNotFound

Change-Id: I96ce922d94826cc985af4f4b4acff3be24b35aad
2016-01-22 12:09:08 -05:00
Jenkins
7766a4af6f Merge "Fix typo abstact in comments" 2016-01-22 10:40:32 +00:00
Jenkins
2bfe207536 Merge "Add checks for token data creep using jsonschema" 2016-01-22 05:49:46 +00:00
OpenStack Proposal Bot
04fefbaaf7 Updated from global requirements
Change-Id: If1cce9fa698d37261229d3699efa1ab4cbee0935
2016-01-22 04:04:24 +00:00
Jenkins
67e6c3e84e Merge "Doc FIX" 2016-01-22 03:58:52 +00:00
Eric Brown
0727114808 Remove additional references to ldap role attribs
This removes additional references to ldap role attributes found
in the documentation and tests.

Commit I1bd02d5834814959a93601fe53f115d0f9cc08a8 removed the ldap
role backend.

Change-Id: If8e74aca9b983c0f0e9779ea6e5e1260c1eb6dd7
2016-01-22 01:41:42 +00:00
Jenkins
5ba4dc7d7a Merge "Fix docstring" 2016-01-22 00:12:17 +00:00
Jenkins
1147107441 Merge "Add asserts for service providers" 2016-01-22 00:11:58 +00:00
Jenkins
e0be4bc993 Merge "Remove bandit tox environment" 2016-01-21 22:34:25 +00:00
Eric Brown
73a39e1b9e Remove more ldap project references
Commit I848bf41022224fec65cd9555a6e82790b296dcbe removed the
LDAP resource and assignment backends. As a result, some more
items can be removed, namely:

* ProjectLdapStructureMixin class is no longer used anywhere.
* references to project related ldap attributes in test conf files
* removal of references to ldap project attributes in configuration
  doc

Change-Id: I3efb32c39d3077f787e31533ef5407948a5d8cfd
2016-01-21 22:20:16 +00:00
Jenkins
8adb156939 Merge "Remove LDAP Role Backend" 2016-01-21 22:14:59 +00:00
Jenkins
a962238ced Merge "Remove LDAP Resource and LDAP Assignment backends" 2016-01-21 22:14:43 +00:00
Jenkins
63a40ee461 Merge "Removes KVS catalog backend" 2016-01-21 22:13:16 +00:00
Jenkins
b425b91894 Merge "Fix test_crud_user_project_role_grants" 9.0.0.0b2 2016-01-21 04:13:09 +00:00
Jenkins
2702645af1 Merge "Deprecating API v2.0" 2016-01-21 00:57:30 +00:00
lin-hua-cheng
fc3c7199dd Fix typo abstact in comments
Change-Id: I185ac0f62b1addd2787bc547bae13a972ecea39e
2016-01-20 16:43:55 -08:00
Steve Martinelli
99a427833b deprecate write support for identity LDAP
At the previous summit, we decided to deprecate write support for
idenity LPAP. It'll be removed in 2 releases. Several config
options were affected, and those operations should now have
deprecation warnings.

implements bp: deprecated-as-of-mitaka

Change-Id: I1e989d6c5e85ba303609c7bb36116a8bdedce9e4
2016-01-19 21:47:59 -05:00
Steve Martinelli
9ebbcac6f8 Deprecate hash_algorithm config option
The PKI and PKIz drivers are now deprecated, but one of the
config options that only works for PKI has not been deprecated.

implements bp: deprecated-as-of-mitaka

Change-Id: I55d5fb2a2678dccd8638b0460921ba6f8e76da6a
2016-01-19 21:47:18 -05:00
Morgan Fainberg
146a45bfde Mark memcache and memcache_pool token deprecated
Mark the memcache and memcache_pool token persistence backends
deprecated in favor of using the fernet token (no-persistence
needed) backend.

This is only deprecating the token persistence backends and does
not affect the cache layer.

implements bp deprecated-as-of-mitaka

Change-Id: I552774f95bc246f7f013350f5b11ae4ae482bdc5
2016-01-19 21:45:48 -05:00
Tom Cocozzello
dc212cd4d2 List assignments with names
When a client calls list assignment API what is returned is the
role id, user id or group id, and project id or domain id. Most users
then call the api again for each of these entities to get their names,
creating many api calls between the client and server.  This can
be reduced by having the server do all the work instead.

This commit adds the functionality to include the user, role, group,
project, and domain names with the response if the parameter
'include_names' is set to True.

Change-Id: I0a1cc986b8a35aeafe567e5e7fee6eeb848ae113
Closes-Bug: #1479569
Implements: blueprint list-assignment-with-names
2016-01-19 21:30:47 -05:00
Morgan Fainberg
d78fcc361e Remove LDAP Role Backend
The LDAP Role Backend has been removed without the normal deprecation
notice in-code however, the Role backend was explicitly called out when
the deprecation announcement occured[1] and was explicitly included
as part of the deprecation of "assignment"-based LDAP. The LDAP Role
backend is not very useful without the other parts of the assignment
backend that were deprecated and removed.

[1] http://lists.openstack.org/pipermail/openstack/2015-January/011337.html

Change-Id: I1bd02d5834814959a93601fe53f115d0f9cc08a8
bp: removed-as-of-mitaka
2016-01-19 21:27:42 -05:00
Morgan Fainberg
e6efbe62b8 Remove LDAP Resource and LDAP Assignment backends
LDAP Resource and LDAP Assignment backends have been slated for removal
in the Mitaka release. This patchset removes support for the deprecated
LDAP backends.

Change-Id: I848bf41022224fec65cd9555a6e82790b296dcbe
bp: removed-as-of-mitaka
2016-01-19 21:26:30 -05:00
David Stanek
b1b4350017 Removes KVS catalog backend
The templated backend relied on the KVS backend to implement some
functionality. The functionality (CRUD for endpoint, services, etc.) is
arguably incorrect since it won't actually change the contents of the
catalog. The read only methods have been fixed to use the templated data
and the write methods raise NotImplemented.

bp: removed-as-of-mitaka
Partial-Bug: #1077282
Closes-Bug: #1367113
Closes-Bug: #1269789
Change-Id: Iaa68b18f0b6d7e9f5dc0cbf7d21a3d90dcdc1ea4
2016-01-19 21:26:30 -05:00
Jenkins
1053b63e8c Merge "Implied roles driver and manager" 2016-01-20 00:58:54 +00:00
Jenkins
fbf4eccb29 Merge "Add support for strict url safe option on new projects and domains" 2016-01-19 22:58:55 +00:00
Brant Knudson
ce37670e28 Fix docstring
The params in this docstring were missing the "param" part.

Change-Id: I64b406f061143c5b3af35d4d542d82d0621cec5f
2016-01-19 16:50:42 -06:00
Fernando Diaz
cc2cfff50f Strengthen Mapping Validation in Federation Mappings
This patch allows for better validation of mappings. Only user,
group, groups, and domain will be allowed as keys in the local
level.

Change-Id: I490f0522829802968024a6ca1cb45c446c6a3e0f
Closes-Bug: #1470718
2016-01-19 18:21:24 +00:00
Jenkins
cf03c0d1b1 Merge "Enable id, enabled attributes filtering for list IdP API" 2016-01-19 17:45:50 +00:00
Jenkins
f4e402f631 Merge "Fix indentation for oauth context" 2016-01-19 17:45:40 +00:00
Jenkins
b0cea2d7f1 Merge "Add release note for revert of c4723550aa95be403ff591dd132c9024549eff10" 2016-01-19 17:45:29 +00:00