Commit Graph

19 Commits (master)

Author SHA1 Message Date
sunyonggen ca28df8480 OAuth 2.0 Mutual-TLS Support
Added a new OAuth2mTlsClientCredential plugin, accessible via the
'v3oauth2mtlsclientcredential' entry point, making possible to
authenticate using an OAuth 2.0 Mutual-TLS client credentials.

Co-Authored-By: Hiromu Asahina <>
Change-Id: I0e02ef18da5d60cdd1bcde07b07c2071b74b73d6
Implements: blueprint support-oauth2-mtls
4 months ago
Colleen Murphy 8ea9bee56c Expose app creds and new attrs in fixtures
To help enable testing authenticating with application credentials in
keystonemiddleware we need the keystoneauth token fixtures to support
application credentials. This change adds application credentials to the
fixtures along with mocking of the new access rules attribute. Additionally,
add support for the new attribute in the AccessInfoV3 object so that
it will fully represent the new structure.

bp whitelist-extension-for-app-creds

Change-Id: Ia6fece77390942ac012be1c80691ba86dc1e49b4
4 years ago
Colleen Murphy 759a9a5f59 Expose application credentials in AccessInfoV3
Since application credentials are used in some tokens it is important
to expose those attributes in the AccessInfoV3 object in the same way we
expose other token data.

Change-Id: I36a0b8dd275df8fcee556ed305c34c16a90384e8
4 years ago
Lance Bragstad f9ab615eb1 Implement system scope
This commit introduces the necessary bits in order to get system
scoped tokens from a keystone server.

bp system-scope

Change-Id: I538f2a6cd2b4113910dfdac250c14f17f80051f6
5 years ago
Morgan Fainberg 335a8cdf03 Remove use of positional decorator
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keysteonauth's dependance
on the positional decorator.

Change-Id: I20106345747860365cd0203ba1b33a2900e045b9
6 years ago
Clenimar Sousa b1f1e50a0d Add is_domain to keystoneauth token
This patch allows keystoneauth to handle the v3 project scoped token
'is_domain' flag, that represents whether the scoped project acts as a

Follow on patches will build on this to create policy rules to execute
domain scoped token operations with project tokens.

Change-Id: I28bea2aa1e1ab299eba1dfa9f0a8451a7846a5d5
Partially-Implements: add-isdomain-to-token
Depends-On: Ic0bd0c6cf2c47680063752820a067cf40d47b184
7 years ago
Jamie Lennox ed75863807 Expose is_admin_project in AccessInfo
There is currently incomplete is_admin_project information in the token.
We can expose this already via keystoneauth because we have to handle
the default case where there is nothing in the token.

The default feels backwards but to handle the historical situation where
a deployment has not got the admin_project set all projects were in the
admin project so it must default to true for policy enforcement.

Adds the fixture handling as well for testing with this enabled.

Change-Id: I58db52427a2bac6cd56794429559771499dc7f5a
Closes-Bug: #1577996
7 years ago
Navid Pustchi 2e0c0030a9 Removing tox ignore D400.
Currently tox ignores D400 (D400: First line should end with a period).
This change removes D400 ignore.
All pep8 violatios are fixed.

Change-Id: I9190a15a36c90d3c60a9c520cb53d5f182b0c4e9
7 years ago
Navid Pustchi 01cf25ad36 Removing tox ignore D401 and make keystoneauth compliant
Currently tox ignores D401 (401: First line should be in imperative mood).
This change removes it and make keystoneauth docstring compliantwith it.

Change-Id: Ia3bc1ecf0d2bd9699e9a1a549f9995c008db233c
7 years ago
Jamie Lennox f21def7061 Use positional library instead of our own copy
The positional library was spun directly out of what keystoneauth1 was
using so this is a fairly trivial change.

Change-Id: I7931ed1547d2a05e2d248bc3240a576dc68a0a40
7 years ago
hgangwx 35cad4a2ef Wrong usage of "a"
Wrong usage of "a" in the messages:
"build a etree.XML object"
"Return a object representing the list"

Should be:
"build an etree.XML object"
"Return an object representing the list"

Totally 2 occurrences in keystoneauth base code.

Change-Id: I0299e16d5340b4f062e119dc95a529b812f7606c
8 years ago
Jenkins 205433aa57 Merge "Address hacking check H405" 8 years ago
lin-hua-cheng 63429aeca8 Address hacking check H405
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneauth. This
also modifies our tox.ini so that we no longer ignore H405 violations.

Change-Id: I0ac1165f309edd486639e2729c18330b1d062eb3
Closes-Bug: 1482773
8 years ago
lin-hua-cheng 5a21e9a77a Refactored AccessInfo.project_scoped accessor
Simplified the implementation and moved to the base

Change-Id: I4e2017d5fa86be904e715e21e0d4081a1e2db5aa
8 years ago
Jamie Lennox 4fd8531fd5 Expose bind data via AccessInfo
The bind information is a standard part of the token data and can be
access from auth_token middleware so it should be exposed as part of the
AccessInfo object.

Change-Id: I45fc6eeed43f335aa1d771bdf1a11257432cb85c
8 years ago
Jamie Lennox b2484fdbf6 Copy AccessInfo tests from keystoneclient
There were some basic small issues with AccessInfo accessors and it
appears that the tests were never transferred across from

Copy those tests as closely as possible.

Change-Id: I391bf23097c5a8a176a50a938c04fa259df1de12
8 years ago
Dolph Mathews 10c5961426 Make __all__ immutable
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are

Change-Id: Ib3ab93224ba240040b08ece481ef5ba620c3f658
8 years ago
Jamie Lennox a00d82a723 Make missingproperty private
missingproperty is only for use within AccessInfo. Make it private.

Change-Id: I0d70d1ec89bb37a2f55fdf404a3131a0a0366e02
8 years ago
Jamie Lennox 9973144625 Move AccessInfo objects into own module
The ServiceCatalog and ServiceProviders should not really be needed in a
standalone sense. They are there to make it easier to work with an
AccessInfo. Therefore move all of this into a standalone access module.

Change-Id: Idc6856d89c2131855657d01114cc72372b3b11f4
8 years ago