The goal is to move the responsibility of reference checks away from
controllers and into the underlying managers & drivers, which can
handle the task with equal or greater efficiency.
- Tenant references from create_user/update_user are NOT tested
due to inconsistencies between backends
- Additional test coverage improvements
Also fixes bug 999209, bug 999608, bug 1006029, bug 1006055, bug 1006287,
bug 1006334, and bug 1006344.
Change-Id: I7de592e7dd4518038436b9a9fdaab559b00a0537
Fixes bug #998185
This commit causes the token expiry time to be maintained when
one token is being created from another
Change-Id: I7b61692a60d9227423b93c267864a5abe939ca33
Fixes Bug 997194
Delete valid tokens for a user when they have been disabled
Moved logic to delete tokens into update_user, as this can be called
directly form the REST API.
Also checks if a user is enabled when creating a token from another
token, this helps in cases there the backend didn't support listing of
tokens (and as a result weren't deleted)
Change-Id: Ib5ed73a7873bfa66ef31bf6d0f0322f50e677688
Fixes bug 996595
This commit will cause all valid tokens to be deleted for a user
who's password is changed (implemented for the sql and kvs backends)
Change-Id: I6ad7da8957b7041983a3fc91d9ba9368667d06ac
* Adds missing test cases for the TemplatedCatalog
* Adds a base CatalogTest that different backends
can use
* Updates kvs.Catalog to raise ServiceNotFound where
appropriate
* Updates the tests.test_keystoneclient_sql to actually
test the SQL catalog backend
* Removes old test for incorrect endpoints listing
* Removes the keystone.catalog.core.Driver.service_exists
method since it was only implemented in the SQL driver
and wasn't required now that get_service and delete_service
properly raise ServiceNotFound exception.
Change-Id: I35690cc147e56007be27bacf94eeff360e727e5d
- GET /tenants: Enabled attribute was being overridden
- "POST" /tenants/{tenant_id}: was failing to update KVS
Change-Id: Icc1efef52d35777d73e6010bdfc0409e24570aa2
Bug 933852
Merged over the code from the legacy keystone implementation, updated
style and streamlined the API a bit.
* Unit tests can be run against a live OpenLDAP server
* Password hashing done via passlib. Only does salted sha1, which is what simple_bind requires, but is not secure.
* Added pip dependencies
Change-Id: I5296d94f6b7d0a7c7dbc887cdae872171e34bb5f
Update keystone/service.py to more gracefully handle auth
failures and return an HTTP 401.
Fixes LP Bug #938815.
Change-Id: I44d7a9b36e6ac30f30326beb76b125dc2addc2fb
Incidentally this required refactoring the keystoneclient
tests to differentiate between calls that are explicitly
admin API calls vs. public API calls. Previously all tests
had been hitting the admin API endpoint.
Fixed bug 933786.
Change-Id: I50c2505aefb64636b7b64fbff045fd427715396b
When we run gating tests in jenkins, any access of network resources is a
potential source of false-negative on the test due to intermittent service
failures on systems that are out of our control. We observe that this is
actually quite frequent when things want to access PyPI or github. With
pypi, we pre-create virtualenvs and cache the eggs so that an individual
test run doesn't fail due to pypi not responding. For repos, if at all
possible, we direct them all at the gerrit instance, because since gerrit is
driving the test run in the first place, it's indicative of a much larger
problem if jenkins can't talk to it - and it's one that we can fix if it
does come up.
Change-Id: I9f54133f7f2025d15a9d0b270d2466438cbc6dd5
