The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
Remove hacking and friends from lower-constraints, those are not
needed for co-installing.
To help enable testing authenticating with application credentials in
keystonemiddleware we need the keystoneauth token fixtures to support
application credentials. This change adds application credentials to the
fixtures along with mocking of the new access rules attribute. Additionally,
add support for the new attribute in the AccessInfoV3 object so that
it will fully represent the new structure.
Since application credentials are used in some tokens it is important
to expose those attributes in the AccessInfoV3 object in the same way we
expose other token data.
The Service Types Authority has grown support for aliases, and the
os-service-types library exposes the data. Add support for matching
known aliases when matching endpoints for a user.
While writing an SDK patch, I accidentaly sent a tuple for interface and
things went boom. We already accept a list, so go ahead and accept
tuples and sets too.
The loop variable service_type masks the parameter service_type. It's
not a problem in this patch, but becomes a redefinition in the next
patch. It's pulled out here to not mix concerns.
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keysteonauth's dependance
on the positional decorator.
Sometimes, especially in places like service-to-service defaults, it's
very helpful to express a list of values. For instance, when thinking
about nova connecting to ironic, nova would like to have the default
value of "interface" be ['internal', 'public'] - which is to say, use
internal if it's there, but otherwise use public. This use case is covered
in the API-WG specs on discoverability.
For the new EndpointData object, in the (admittedly uncommon) case where
the user is not providing an interface and the catalog is v2, the user
would wind up with an EndpointData with no url or interface, rather than
an EndpointData for each v2 endpoint_type found with url and interface
This normalizes into v3 format so that the construction and be
straightforward, and introduces a denormalize used in the
ServiceCatalogV2 to re-combine the entries into the format expected by
V2 users of get_endpoints().
The existing version discovery process is awesome, but in the normal flows it
ultimately returns urls, not the full endpoint data, so it's not
possible to know what version was discovered.
Make an EndpointData object that gets created and plumb that through the
stack so that it's possible to request EndpointData instead of just
endpoints. The existing discovery logic is unchanged, and the existing
methods continue to return the data they returned before.
This patch allows keystoneauth to handle the v3 project scoped token
'is_domain' flag, that represents whether the scoped project acts as a
Follow on patches will build on this to create policy rules to execute
domain scoped token operations with project tokens.
There is currently incomplete is_admin_project information in the token.
We can expose this already via keystoneauth because we have to handle
the default case where there is nothing in the token.
The default feels backwards but to handle the historical situation where
a deployment has not got the admin_project set all projects were in the
admin project so it must default to true for policy enforcement.
Adds the fixture handling as well for testing with this enabled.
The parameter was called 'endpoint_type' in keystoneclient. Moving to
keystoneauth1 the parameter was renamed to 'interface'. Updated the
docstring in service_catalog to reflect that.
Wrong usage of "a" in the messages:
"build a etree.XML object"
"Return a object representing the list"
"build an etree.XML object"
"Return an object representing the list"
Totally 2 occurrences in keystoneauth base code.
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneauth. This
also modifies our tox.ini so that we no longer ignore H405 violations.
The bind information is a standard part of the token data and can be
access from auth_token middleware so it should be exposed as part of the
There were some basic small issues with AccessInfo accessors and it
appears that the tests were never transferred across from
Copy those tests as closely as possible.
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are
There are cases, such as os_auth in ansible, where a user wants to
be able to get at the raw catalog content. This is often extremely
useful when debugging cloud applications.
We've been trying to move people onto using interface rather than
endpoint_type for a while as interface is what is talked about in all
the API docs and is what is exposed by the clients.
Rename all occurrences of endpoint_type with interface.
The standard reason to search the catalog is that you want to know how
to find a particular service type. However with service_id and
endpoint_id you may not want to specify a service_type.
Allow searching for a url without specifying a service_type.
The ServiceCatalog and ServiceProviders should not really be needed in a
standalone sense. They are there to make it easier to work with an
AccessInfo. Therefore move all of this into a standalone access module.