Commit Graph

32 Commits (6ee21bd722b3e1dbec3e5a211e32f10fb2a20603)

Author SHA1 Message Date
Andreas Jaeger c096099416 Update hacking for Python3
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.

Fix problems found.

Update local hacking checks for new flake8.

Remove hacking and friends from lower-constraints, those are not
needed for co-installing.

Change-Id: I59f0854c089a6ed4f0c4dad7755f946dc95ada3a
2020-03-31 20:11:31 +02:00
Colleen Murphy 8ea9bee56c Expose app creds and new attrs in fixtures
To help enable testing authenticating with application credentials in
keystonemiddleware we need the keystoneauth token fixtures to support
application credentials. This change adds application credentials to the
fixtures along with mocking of the new access rules attribute. Additionally,
add support for the new attribute in the AccessInfoV3 object so that
it will fully represent the new structure.

bp whitelist-extension-for-app-creds

Change-Id: Ia6fece77390942ac012be1c80691ba86dc1e49b4
2019-02-25 00:35:00 +01:00
Colleen Murphy 759a9a5f59 Expose application credentials in AccessInfoV3
Since application credentials are used in some tokens it is important
to expose those attributes in the AccessInfoV3 object in the same way we
expose other token data.

Change-Id: I36a0b8dd275df8fcee556ed305c34c16a90384e8
2019-02-10 21:34:36 +01:00
Monty Taylor 79cd91e755
Implement service_type alias lookups
The Service Types Authority has grown support for aliases, and the
os-service-types library exposes the data. Add support for matching
known aliases when matching endpoints for a user.

Change-Id: Ie90c265cb17905981d877abfaaa52354a3e63692
2018-05-03 15:28:50 -05:00
Monty Taylor 2e209e917d
Allow tuples and sets in interface list
While writing an SDK patch, I accidentaly sent a tuple for interface and
things went boom. We already accept a list, so go ahead and accept
tuples and sets too.

Change-Id: I4b14792c7eda4e489c53fdc95e40bde14a61c052
2018-04-26 11:42:14 -05:00
Lance Bragstad f9ab615eb1 Implement system scope
This commit introduces the necessary bits in order to get system
scoped tokens from a keystone server.

bp system-scope

Change-Id: I538f2a6cd2b4113910dfdac250c14f17f80051f6
2018-01-17 15:50:11 +00:00
Monty Taylor dc667f7354 Fix masked variable name
The loop variable service_type masks the parameter service_type. It's
not a problem in this patch, but becomes a redefinition in the next
patch. It's pulled out here to not mix concerns.

Change-Id: I489d7ecad3f38b15eaa71449461cdd83782bac7a
2018-01-09 21:55:27 +00:00
Morgan Fainberg 335a8cdf03 Remove use of positional decorator
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keysteonauth's dependance
on the positional decorator.

Change-Id: I20106345747860365cd0203ba1b33a2900e045b9
2017-08-07 16:37:07 -07:00
Jenkins c31240b5b3 Merge "Minor cleanup" 2017-07-18 16:16:40 +00:00
Eric Fried 0007f373ce Minor cleanup
Couple of docstring typos.

Change-Id: Ie3b7fcefde33adc3e4576ecb1a2a96ba47f8400e
2017-07-14 21:41:18 +00:00
Monty Taylor 2b949de8e9
Support a list of interface values
Sometimes, especially in places like service-to-service defaults, it's
very helpful to express a list of values. For instance, when thinking
about nova connecting to ironic, nova would like to have the default
value of "interface" be ['internal', 'public'] - which is to say, use
internal if it's there, but otherwise use public. This use case is covered
in the API-WG specs on discoverability.

Change-Id: I9102155c2d4ef1ef8bbb1d0fa26a5b5838108a4c
2017-06-29 08:03:34 -05:00
Monty Taylor c6b915306b
Rework EndpointData construction to normalize catalog first
For the new EndpointData object, in the (admittedly uncommon) case where
the user is not providing an interface and the catalog is v2, the user
would wind up with an EndpointData with no url or interface, rather than
an EndpointData for each v2 endpoint_type found with url and interface
set properly.

This normalizes into v3 format so that the construction and be
straightforward, and introduces a denormalize used in the
ServiceCatalogV2 to re-combine the entries into the format expected by
V2 users of get_endpoints().

Change-Id: Ieb77880917e8efdf436b635aea1679c98a314404
2017-06-11 22:01:21 -05:00
Monty Taylor 337e5af637
Add returning EndpointData objects from discovery
The existing version discovery process is awesome, but in the normal flows it
ultimately returns urls, not the full endpoint data, so it's not
possible to know what version was discovered.

Make an EndpointData object that gets created and plumb that through the
stack so that it's possible to request EndpointData instead of just
endpoints. The existing discovery logic is unchanged, and the existing
methods continue to return the data they returned before.

Change-Id: Id48861e7d6d20be16f61cb375a21bca4a43a2500
2017-06-09 09:01:54 -05:00
Clenimar Sousa b1f1e50a0d Add is_domain to keystoneauth token
This patch allows keystoneauth to handle the v3 project scoped token
'is_domain' flag, that represents whether the scoped project acts as a

Follow on patches will build on this to create policy rules to execute
domain scoped token operations with project tokens.

Change-Id: I28bea2aa1e1ab299eba1dfa9f0a8451a7846a5d5
Partially-Implements: add-isdomain-to-token
Depends-On: Ic0bd0c6cf2c47680063752820a067cf40d47b184
2016-05-18 21:56:36 -03:00
Jamie Lennox ed75863807 Expose is_admin_project in AccessInfo
There is currently incomplete is_admin_project information in the token.
We can expose this already via keystoneauth because we have to handle
the default case where there is nothing in the token.

The default feels backwards but to handle the historical situation where
a deployment has not got the admin_project set all projects were in the
admin project so it must default to true for policy enforcement.

Adds the fixture handling as well for testing with this enabled.

Change-Id: I58db52427a2bac6cd56794429559771499dc7f5a
Closes-Bug: #1577996
2016-05-10 14:10:52 +10:00
Navid Pustchi 2e0c0030a9 Removing tox ignore D400.
Currently tox ignores D400 (D400: First line should end with a period).
This change removes D400 ignore.
All pep8 violatios are fixed.

Change-Id: I9190a15a36c90d3c60a9c520cb53d5f182b0c4e9
2016-04-18 21:20:51 +00:00
Navid Pustchi 01cf25ad36 Removing tox ignore D401 and make keystoneauth compliant
Currently tox ignores D401 (401: First line should be in imperative mood).
This change removes it and make keystoneauth docstring compliantwith it.

Change-Id: Ia3bc1ecf0d2bd9699e9a1a549f9995c008db233c
2016-04-13 18:46:05 +00:00
Kristi Nikolla e57547c366 Renamed endpoint to interface in docstring
The parameter was called 'endpoint_type' in keystoneclient. Moving to
keystoneauth1 the parameter was renamed to 'interface'. Updated the
docstring in service_catalog to reflect that.

Change-Id: Iedbc77ec7a856653ffc9e0282d4ce97da36c3c87
2016-03-17 15:47:25 -04:00
Jamie Lennox f21def7061 Use positional library instead of our own copy
The positional library was spun directly out of what keystoneauth1 was
using so this is a fairly trivial change.

Change-Id: I7931ed1547d2a05e2d248bc3240a576dc68a0a40
2016-01-25 09:31:48 +11:00
hgangwx 35cad4a2ef Wrong usage of "a"
Wrong usage of "a" in the messages:
"build a etree.XML object"
"Return a object representing the list"

Should be:
"build an etree.XML object"
"Return an object representing the list"

Totally 2 occurrences in keystoneauth base code.

Change-Id: I0299e16d5340b4f062e119dc95a529b812f7606c
2015-12-30 19:43:56 +08:00
Jenkins 205433aa57 Merge "Address hacking check H405" 2015-11-19 07:21:38 +00:00
lin-hua-cheng 63429aeca8 Address hacking check H405
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneauth. This
also modifies our tox.ini so that we no longer ignore H405 violations.

Change-Id: I0ac1165f309edd486639e2729c18330b1d062eb3
Closes-Bug: 1482773
2015-11-18 21:18:37 -08:00
lin-hua-cheng 5a21e9a77a Refactored AccessInfo.project_scoped accessor
Simplified the implementation and moved to the base

Change-Id: I4e2017d5fa86be904e715e21e0d4081a1e2db5aa
2015-10-15 22:18:41 -07:00
Jamie Lennox 4fd8531fd5 Expose bind data via AccessInfo
The bind information is a standard part of the token data and can be
access from auth_token middleware so it should be exposed as part of the
AccessInfo object.

Change-Id: I45fc6eeed43f335aa1d771bdf1a11257432cb85c
2015-10-15 17:22:30 +11:00
Jamie Lennox b2484fdbf6 Copy AccessInfo tests from keystoneclient
There were some basic small issues with AccessInfo accessors and it
appears that the tests were never transferred across from

Copy those tests as closely as possible.

Change-Id: I391bf23097c5a8a176a50a938c04fa259df1de12
2015-10-14 18:14:21 +11:00
Dolph Mathews 10c5961426 Make __all__ immutable
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are

Change-Id: Ib3ab93224ba240040b08ece481ef5ba620c3f658
2015-10-01 18:21:31 +00:00
Monty Taylor 78c7d6448c Add accessor method for raw catalog content
There are cases, such as os_auth in ansible, where a user wants to
be able to get at the raw catalog content. This is often extremely
useful when debugging cloud applications.

Change-Id: Ibe51b5f1a4b1d93efb6076b5f97b0fd10376cd16
2015-09-03 12:26:53 +10:00
Jamie Lennox d227f6d237 Replace endpoint_type with interface in catalog
We've been trying to move people onto using interface rather than
endpoint_type for a while as interface is what is talked about in all
the API docs and is what is exposed by the clients.

Rename all occurrences of endpoint_type with interface.

Change-Id: If18d8e27e499c294cb4dc94521da843341287362
2015-08-10 10:08:52 +10:00
Jamie Lennox 65cbe5012d Remove service_type requirement from catalog searching
The standard reason to search the catalog is that you want to know how
to find a particular service type. However with service_id and
endpoint_id you may not want to specify a service_type.

Allow searching for a url without specifying a service_type.

Change-Id: I038fe5b0e04b689f1072db659219639d5193f558
2015-08-10 10:08:52 +10:00
Jamie Lennox 2aa4d8384d Allow searching a catalog on service or endpoint id
endpoint_id and service_id are parts of both the v2 and v3 tokens. We
should allow finding urls for them in the same way as other attributes.

Change-Id: I22b5f4bd44e9a493017de89e14a705699df24280
2015-08-10 10:08:52 +10:00
Jamie Lennox a00d82a723 Make missingproperty private
missingproperty is only for use within AccessInfo. Make it private.

Change-Id: I0d70d1ec89bb37a2f55fdf404a3131a0a0366e02
2015-08-07 14:17:42 +10:00
Jamie Lennox 9973144625 Move AccessInfo objects into own module
The ServiceCatalog and ServiceProviders should not really be needed in a
standalone sense. They are there to make it easier to work with an
AccessInfo. Therefore move all of this into a standalone access module.

Change-Id: Idc6856d89c2131855657d01114cc72372b3b11f4
2015-08-07 14:17:42 +10:00