Since the Python 3.5 gate job builds cleanly now, we should claim
support for Python 3.5 in the metadata's classifier.
Change-Id: I215313560d6bb3501093c95870c12cde1f11b5a5
PBR's warnerrors is supposed to fail a build job when warnings are
present in the documentation. Unfortunately that hasn't been working for
a while.
With an upcoming release of PBR this flag will be fixed and any
warnings will fail docs jobs again. There is therefore a coordinated
effort to disable this flag until the PBR release has been completed and
requirements updated. After which time we can reenable the flag and
ensure docs build successfully.
http://lists.openstack.org/pipermail/openstack-dev/2016-June/097849.html
Change-Id: I0043518bdd09d2b2db5be48a942ae91ffc74a524
keystone.common.config is 1200+ lines of super dense, merge-conflict
prone, difficult to navigate, and finicky to maintain code. Let's follow
nova's lead and break it down into more manageable modules.
This patch creates a new Python package, keystone.conf, and moves all of
our configuration options into it, mirroring nova's nova.conf package.
There are a couple special modules in keystone.conf introduced here as
well:
- keystone.conf.__init__: This causes all of Keystone options to be
registered on import, so consumers of keystone.conf don't have
races with config initialization code while trying to use
oslo_config.cfg.CONF directly (keystone.conf replaces all uses for
oslo_config.cfg.CONF in keystone).
- keystone.conf.base: Keystone's [DEFAULT] group options. I'd prefer
this to be called 'default.py', but I'm just copying nova's lead here.
- keystone.conf.opts: The entry point for oslo.config itself.
- keystone.conf.constants: There are a few constants (deprecation
messages, default paths, etc) that are used by multiple configuration
modules, so they need to live in a common place.
Change-Id: Ia3daffe3fef111b42de203762e966cd14d8927e2
This reverts commit 5486f0ae4a.
The files installed this way are installed in /usr/etc when
running PBR in the context of distros.
Change-Id: I192864675a8b34082e34f60caac770da76ca02aa
These are basically the only configuration options in keystone defined
outside of keystone/common/config.py, so the only goal here is to
centralize them into one place.
Change-Id: I1369fd7835b31e57a094d07deb6a1aacc1d314b5
This is a follow-up patch for 5486f0ae4a.
This simplify the syntax as authorized by pbr, and makes sure that the
first value is a directory as expected.
Change-Id: I98fb657b9ca82515783060a07787658c9ecbeef2
When installing Keystone e.g. in a virtualenv, no configuration files
are installed at all, making it impossible to run Keystone.
This patches solve that by carrying the necessary files as data_files.
Change-Id: I9bb94e73a8e0349a4f56a07dda5d657a2ac28ac1
Two years ago the translation files have been split into several
files, separating the log messages of different log levels from each
other, like X.pot, X-log-warning.pot, X-log-info.pot, and so on.
However, the setup.py command `compile_catalogs`, that comes from the
babel package and compiles the corresponding .po files into .mo
files, only supported one file per python package. This means that
during packaging `compile_catalogs` never compiled the X-log-*.po
files, so the corresponding translations were always missing.
Since babel 2.3 the domain can be set to a space separated list of
domains. This change adds the the additional log level files to the
domain list.
The obsolete check that .po and .pot files are valid is removed from
tox.ini.
Change-Id: I1f0bfb181e2b84ac6dd0ce61881cd2cc4400bdcb
Closes-Bug: #1536226
Eventlet has been deprecated since the Kilo release and is
being removed in Newton.
A follow on patch will be proposed to remove the [ssl] section
since it is now redundant.
Co-Authored-By: Grzegorz Grasza <grzegorz.grasza@intel.com>
Partially implements: bp removed-as-of-newton
Change-Id: I963d94bbd188dbb6eba68623a42c5bc3f2289da4
OSprofiler is an Oslo library dedicated to enable cross-service
OpenStack profiling. This makes possible to trace the OpenStack
request through all projects supporting the library, where the
profiling is enabled, and generate JSON and HTML human-readable
reports, describing what time was spent on which operation, e.g.
API or DB request.
This change inclues the following:
* Add settings for OSprofiler wsgi middleware
This middleware is used for 2 things:
1) It checks that person who want to trace is trusted and knows
secret HMAC key (that is specified in paste.ini).
2) It initalize profiler in case of proper trace headers
and add first wsgi trace point, with info about HTTP request.
* Init profiler on start in both cases (httpd or eventlet)
* Adding new conf group for profiler (to enable/disable)
* By default osprofiler is disabled
TBD:
* Adding trace point for all DB (sql) calls. For proper format and
result oslo.db enginefacade module needs to be updated.
To test (old variant, will be changed with new commit to the
python-openstackclient):
$ . amdminrc # you should be admin user/tenant to fetch profiling data
$ keystone --profile SECRET_KEY user-list
$ osprofiler trace show --html --out result.html <TRACE_ID>
Old python-keystoneclient change: https://review.openstack.org/#/c/114856/
Python-openstack client change: https://review.openstack.org/#/c/255861/
Depends-On: I248b134e0e245bd4cece0ebe225b9b729eedaf78
Change-Id: I3d6eaa7a5ab7ee9ae177f3e1d6cc92f0a01e6a42
This patch adds the basic files and configs in order to enable the
keystone tempest plugin interface using tempest-plugin-cookiecutter.
Since we are adding them inside keystone's repository, they can be
installed alongside keystone and to run the tests (when we have one)
we simply use `testr run keystone_tempest_plugin` in tempest.
For more details about the tempest plugin interface see [1]
[1] http://docs.openstack.org/developer/tempest/plugin.html
Change-Id: Ia42e79246251e8af1010aa8eaf462aacf75644a7
Partially-Implements: bp keystone-tempest-plugin-tests
No config generator hooks should ever be registered with a name that
belongs to another project. In this case, using oslo.middleware.cors
means that *every other project* that loads the middleware gets this
application's defaults when the generator is run on a system with
everything installed (such as a dev box with devstack). Use the name
of the app instead, to ensure that the defaults are only set when this
app's sample config and documentation are being generated.
Change-Id: I6a8c7d44b9db9325003ff2fdb667b0ced7739e96
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
"Shadow users: unified identity" implementation:
Federated users have a idp_id, protocol_id, display name,
and a unique ID asserted by the identity provider. These
are the minimal pieces of data required to identify
returning users and provide them with a consistent identity.
Note: the following work items left will be completed in a
separate patch:
* Allow concrete role assignments for federated users
* Shadowing LDAP users
bp shadow-users
Change-Id: Ieb582947038b4a75ef4237939ad8a90079b38aa8
Default values for CORS middleware have been moved from paste.ini
into oslo's config generator. All configuration options in use will
now live in one place.
Change-Id: I9d31c574de6af4c7598c90d7e128cd9fa7273672
Support TOTP as a distinct authentication mechanism from Password.
bp totp-auth
Co-Authored-By: David Stanek <dstanek@dstanek.com>
Change-Id: Ic0ccf89b9f35d3167a413b10f43be43cf892aead
The LDAP Role Backend has been removed without the normal deprecation
notice in-code however, the Role backend was explicitly called out when
the deprecation announcement occured[1] and was explicitly included
as part of the deprecation of "assignment"-based LDAP. The LDAP Role
backend is not very useful without the other parts of the assignment
backend that were deprecated and removed.
[1] http://lists.openstack.org/pipermail/openstack/2015-January/011337.html
Change-Id: I1bd02d5834814959a93601fe53f115d0f9cc08a8
bp: removed-as-of-mitaka
LDAP Resource and LDAP Assignment backends have been slated for removal
in the Mitaka release. This patchset removes support for the deprecated
LDAP backends.
Change-Id: I848bf41022224fec65cd9555a6e82790b296dcbe
bp: removed-as-of-mitaka
The templated backend relied on the KVS backend to implement some
functionality. The functionality (CRUD for endpoint, services, etc.) is
arguably incorrect since it won't actually change the contents of the
catalog. The read only methods have been fixed to use the templated data
and the write methods raise NotImplemented.
bp: removed-as-of-mitaka
Partial-Bug: #1077282
Closes-Bug: #1367113
Closes-Bug: #1269789
Change-Id: Iaa68b18f0b6d7e9f5dc0cbf7d21a3d90dcdc1ea4
Define filter factories so other projects can reference them by name
and can take advantage of the python egg instead of referencing
by the direct path.
Change-Id: I8f2b409e35b44323ef1a4488de5964a0f1bd7cdc
Closes-Bug: 1500509
Following the instructions that are provided in the mailing list [0].
We need to remove the version line from setup.cfg, as from now
on releases will be tagged using the release tools rather
than version being set in setup.cfg
[0] http://lists.openstack.org/pipermail/openstack-dev/2015-November/080692.html
Change-Id: I3be169b5cbc8040585486137dafaf6eafd16bc58
Depends-On: I658a63bdd47633ff35066e61e874c67a3ac02d92
Remove endpoint_filter as an extension and move it to a core resource,
i.e. consolidate endpoint_filter extension into catalog.
For now we leave the database migrations in the extension directory,
this will address in a separate patch.
DocImpact: Remove the endpoint_filter extension from keystone's
paste pipeline.
Co-Authored-By: Jamie Lennox <jamielennox@redhat.com>
Partially implements: bp move-extensions
Change-Id: Ib8969d584f6be053aaad6e6051fde5e3b7ef7485
Remove revoke as an extension and move it to a core resource.
For now we leave the database migrations in the extension directory
until we have a general policy for merging these into core.
DocImpact: update keystone-paste and remove revoke from pipeline
Change-Id: I2d6f425a508b7acb4b4d079e4387f25bf7555683
Implements: bp move-extensions
Remove oauth1 as an extension and move it to a core resource.
For now we leave the database migrations in the extension directory
until we have a general policy for merging these into core.
DocImpact: update keystone-paste and remove oauth1 from pipeline
Change-Id: I0ed1ec44d42c3b379a5c2a40e3e6298842dfc01d
Implements: bp move-extensions
Remove federation as an extension and move it to a core resource.
For now we leave the database migrations in the extension directory
until we have a general policy for merging these into core.
Some instances of federation constants were removed because
they were causing a circular dependency, these can be refactored in
a later patch.
DocImpact: You should no longer run the migrations for this extension
Implements: bp move-extensions
Co-Authored-By: Nithya Renganathan <narengan@us.ibm.com>
Change-Id: If5857a6ee4c7c527929069b25beab40f4c5d87e2
There are files hanging around the top level directory that only
handle the versioning routes of keystone (/v2.0 and /v3).
These should be moved to their own package to further isolate
these APIs.
Closes-Bug: #1504892
DocImpact
Change-Id: Ica0ddcbeb6f7fc00a4ad3919fa16bf135637a607
Bump preversion to mark the start of the Mitaka development branch.
The liberty release branch will be cut from the previous commit.
Change-Id: I1ed49e0ba8dcd0c1211951742045e488bf3f5f87
This allows deployers to install packages that are required for
memcache and MongoDB using keystone['memcache'] and
keystone['MongoDB'], respectively.
Change-Id: Ie11a3017664015f1048cbedd5f727dd50f704055
Partial-Bug: 1479962
The httpd/keystone.py file needed to be copied and then
symlinked when used by web servers to "admin" and "main".
pbr 1.4.0 added support for wsgi_scripts that creates scripts
for wsgi servers on install. Keystone will now specify
wsgi_scripts so that the admin (keystone-wsgi-admin) and
main (keystone-wsgi-public) scripts will be created on install.
See http://httpd.apache.org/docs/2.4/upgrading.html#access for
the apache docs with examples for the Allow/Deny/Require
directives.
DocImpact
Related-Bug: #1441733
Change-Id: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
Commit 0d6bfaf2e3f839704f07b265ba81e224936a2b49 fixed the pbr bug which
was released in 0.11 which is also the minimum required version of pbr
for Liberty.
Commit 6f98a9e2bd removed the other part
of the keystone doc building workaround, but missed removing this note
about cleaning everything up later.
Related-Bug: #1260495
Change-Id: Ia4c8c903f049714013a0c6faab65b28a00c303b9
A "default" entrypoint is defined for each auth method. The
default driver will be used if there's no config option for the
method, or the config option is not set, or if the config option
is set to "default".
For the external methods, since there's several of them, each gets
a short name that can be used rather than the qualified class.
bp stevedore
DocImpact
Change-Id: I2484af32e9eb3703869cf441e4f9851b54b0db2b
Use oslo.service rather than service from oslo-incubator.
openstack-common.conf was updated and sync from oslo-incubator to
clean up unused modules.
Check requirements files to make sure there are no new unused
requirements (there are none).
config generator configuration was updated to pull options from
oslo.service.
Closes-Bug: 1466851
Depends-On: I305cf53bad6213c151395e93d656b53a8a28e1db
Change-Id: Ie8ef66720bdc480cd1c67548c7a20bf78eeeac71
The Stevedore library is used for loading auth drivers rather
than using importutils. This provides a level of indirection for
deployers/packagers.
The importutils method of loading drivers is still supported, but
it's deprecated.
bp stevedore
Change-Id: I170a5e422805e988ac472676c8838d8cc7a1ad77
Remove endpoint_policy as an extension and move it to a core resource.
For now we leave the database migrations in the extension directory
until we have a general policy for merging these into core.
DocImpact: You should no longer run the migrations for this extension.
Implements: bp replace-extensions
Change-Id: I6215b7df497c142a5e73b62543e0d76458c85f64
A temporary fix was added to get around a bug in how pbr handles
its autodoc_tree_index_modules setting. Since this bug is fixed we no
longer need the work around.
Change-Id: I6af0fdd6d1efacb47692b89c329e45ac59fef7cb
Closes-Bug: #1260495
With stevedore support, we can use shorter names for the drivers
rather than the full class path.
Using the full class path is supported, but deprecated (the code
falls back to importing by importutils which is already reported
as deprecated).
bp stevedore
Co-Authored-By: Boris Bobrov <bbobrov@mirantis.com>
Change-Id: I11cf1bca474f59419185e2a1970c1dae31017329
Eric Brown
Jamie Lennox
Dolph Mathews
Thomas Goirand
Julien Danjou
Sean Perry
Sven Anderson
OpenStack Proposal Bot
Morgan Fainberg
Steve Martinelli
Dina Belova
Rodrigo Duarte
Doug Hellmann
Ronald De Rose
Michael Krotscheck
werner mendizabal
jinxingfang
David Stanek
zhang.lei
Dave Chen
Thierry Carrez
Brant Knudson
Matt Riedemann
Jamie Lennox