This patch extends the identity provider API to receive, return
and set the authorization_ttl on an identity provider.
Change-Id: I3c58da290d52149e307280042ed20447da4687f7
Partial-Bug: 1809116
This patch adds functionality to allow an operator to pass in a
federated attribute when updating a user. When a user is updated
the federated objects in the federated attribute will be updated
and associated along with the user.
Co-Authored-By: Kristi Nikolla <knikolla@bu.edu>
Partial-Bug: 1816076
Change-Id: I8ee43b437b551858c198320204b768cdba311506
This patch adds functionality to allow an operator to pass in a
federated attribute when creating a user. When a user is created
the federated objects in the federated attribute will be created
and associated along with the user.
Co-Authored-By: Kristi Nikolla <knikolla@bu.edu>
Partial-Bug: 1816076
Change-Id: I6db03af81099a7509635881f05adf5a7257466a7
Make a few cleanups:
- Remove python 2.7 stanza from setup.py
- Add requires on python >= 3.6 to setup.cfg so that pypi and pip
know about the requirement
- Remove obsolete sections from setup.cfg
- Update classifiers
Change-Id: Id04f2ca5b879ee1f37cd349ff85ebec01389213a
This patch adds functionality to get_user that allows it to pull all
associated federated objects and tack it on to be displayed to the
user.
Partial-Bug: 1816076
Change-Id: I8d69ef68153d6650652e1081e5e7b9e5e31a3ed1
When a federated user authenticates, they are added to their
mapped groups during shadowing.
Closes-Bug: 1809116
Change-Id: I19dc400b2a7aa46709b242cdeef82beaca975ff3
Modify the base driver and SQL driver to support expiring group
memberships.
Additions to the SQL Driver to support listing expiring groups
for user.
Change-Id: I7d52cd2003f511483619a429de57201df4990209
Partial-Bug: 1809116
Depends-On: I4294a879071dde07e5eb1da4df133de8032e1059
Creates the model and migration for the expiring user group
membership table.
Change-Id: I48093403539918f81e6a174bdfa7b6497dd307fb
Partial-Bug: 1809116
Currently, a keystone IdP does not provide the
groups to which user belong when generating SAML
assertions.This patch adds an additional attribute
called "openstack_groups" in the assertion.
Change-Id: I205e8bbf9a4579b16177f57e29e363f4205a2b48
Closes-Bug: #1641625
This change moves the time mocking from using freezegun to
using oslo.utils TimeFixture for the unit test
test_with_passcode_in_previous_windows_extended, which was
occasionally failing with 401 errors due to
the totp creation time not properly be faked with
4 extended windows.
Closes-Bug: #1843464
Change-Id: I3aefd99907fbc2d03538c9814f7279b282715679
Roles, projects, and domains can accept "immutable" as a resource
option. This change explains the option in the admin guide and updates
the API reference to mention it.
Change-Id: I95926927472f6418f97a08fea0ebd56da04ce7a5
Related-bug: #1823258
many years ago when eventlet support was dropped
the usage of osl_concurrency was also removed.
commit was here I963d94bbd188dbb6eba68623a42c5bc3f2289da4
dropping requirement on it since it is not used
Change-Id: I72f278b7da59096f71f0e59f0fb1f70f93265aa4
after commit I8bbcedb7ad3f0bc2e06dfa13878a97411ee1dc6d switched usage
to unittest.mock everywhere we can now drop mock from test-requirements
which reduces extra package from being installed
Change-Id: Id9d87aa8449b46dd74b2acedcdd9239200d108fb
The "options" is not "optional" in user api responses.
This patch removes the 'optional' from the same and also updates
string with the format to be used while creating api-ref in
keystone.
Change-Id: I848f168215800b42480d14f1f1905d8843ed3faa
Ensure that Zuul publishes both the shibboleth config and the shibboleth
logs in the job artifacts so that we can debug issues with the SAML SP.
Change-Id: I53f844fae775d9b30d9b7f867bac0ed873b86bc7
SQLAlchemy 1.4 will be introducing a new warning
class called RemovedIn20Warning, which will indicate behaviors
and APIs that are planned on being changed for the
SQLAlchemy 2.0 release [1]. As SQLAlchemy 2.0 is planned on
being a more major API break, applications will normally need
to wait until they are fully on SQLAlchemy 1.4 only as well as
Python 3 only in order to begin using new APIs that will allow
migration to 2.0.
For now, Keystone and others don't have a need to be raising
for this warning as there are not yet clear upgrade paths
established.
[1] https://docs.sqlalchemy.org/en/14/changelog/migration_20.html#sqlalchemy-1-x-to-2-0-transition
Change-Id: Icb005b2e7b9d851f5a3e8677599b32a6e3edddc2
The mock library is a third party lib that attempted to bridge the gap
between Python 2 and Python 3 mocking. Now that we have moved to py3
only, there is no need to use a third party lib and we can use the
standard built-in mocking support.
Change-Id: I8bbcedb7ad3f0bc2e06dfa13878a97411ee1dc6d
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
This implements TODOs added in [1], as promised in [2].
The first TODO is realised only partially because most ldap code
actually relies on having two connections obtained from the pool.
This optimizes mixin code by removing extra ldap calls.
There is no change in the observed behaviour of integration.
This also removes some duplication and refactors names to avoid
some confusion related to dn/object_id.
Backport to: Train, Stein (with [1]&[3]), Rocky (with [1]&[3]),
Queens (with [1]&[3])
[1] c7fae97d873f72068ca65538ec5b5919c0ac7d5a
[2] https://review.opendev.org/683303
[3] 19d4831daa3991bed48fb364fa05927740c96445
Change-Id: I22f3bce647182996dfc06084ee6d4989449e3d2d
Remove unused git_cmd from api-ref.
Remove html_last_updated_fmt and latex_engine setting,
these are done by openstackdocstheme nowadays.
Change-Id: I1c63f83b3fa074f9fa136e0b89bba0586756bc56
