Commit Graph

24 Commits (6ee21bd722b3e1dbec3e5a211e32f10fb2a20603)

Author SHA1 Message Date
Adrian Turjak 6a69e4dfbd add support for auth_receipts and multi-method auth
- new exception when an auth receipt is returned.
- a new method for auth receipt.
- support to existing v3 Auth plugins to add additional methods.
- Added a new MultiFactor plugin with loading support which
  takes method names as strings.

Change-Id: Ie6601a50011118e3a07be9752f747c2298ff5230
Closes-Bug: #1839748
2019-08-14 11:51:28 +12:00
Michael McCune 96559d6009 add a handler for unknown HTTP errors
This change adds logic to handle a situation where an error response has
been received by HTTP but its body schema is an unknown format.

This issue came up during a review of related changes:

Change-Id: I21a33052e951f515988fdfd8ab1f42440ca9d4f8
2019-06-04 16:03:33 -04:00
Michael McCune 01d2da9e47 add handling for multiple error returns
This change adds logic to the `exceptions.from_response` to handle
errors formatted in accordance with the API-SIG guidelines. When there
are multiple errors returned, only the first error will be included in
the exception with a note informing that there were more errors.

API SIG guideline:

email thread for content:

related neutron bug:

Change-Id: I1f06c2cd5c4e93e04582d4ffbb434db92010d712
2019-06-03 11:09:34 -04:00
Monty Taylor 5c79260971
Infer version from old versioned service type aliases
The last piece of service type alias support is to handle volumev2,
volumev3, workflowv2, workflowv3 and friends.

Although it's an annoying scenario, luckily legacy code that uses them
has a clear meaning. volumev2, version='3' is just legit not a thing.

Change-Id: Iec09bcb16d8e9b09e09bf12d03c2a55e679ad70c
2018-05-03 15:28:54 -05:00
Tin Lam 062dcc9cb2 Fix ClientException message property not set properly
To reproduce:

    >>> from keystoneauth1 import exceptions
    >>> e = exceptions.ClientException(message="test")
    >>> print(e.message)

Change-Id: If73df85768866fb93d90ff95479f29f64aabe73f
Co-Authored-By: Gage Hugo <>
Closes-Bug: #1534363
2017-01-26 12:28:05 +00:00
gengchc2 a00b8d844d Replace six.iteritems() with .items()
1.As mentioned in [1], we should avoid using
six.iteritems to achieve iterators. We can
use dict.items instead, as it will return
iterators in PY3 as well. And dict.items/keys
will more readable. 2.In py2, the performance
about list should be negligible, see the link [2].

Change-Id: I9f8f2c35f0d45d866076507a3a167aaafb8382e5
2016-12-09 10:59:00 +08:00
Alvaro Lopez Garcia 885aff00ac oidc: deprecate grant_type argument
The OpenID Connect grant type is something implicit to our plugins,
so there is no need to pass it as a keyword argument, we can define
this as a class argument. Moreover, it makes no sense to pass a
grant_type that is different to the grant type that is being
implemented. This change deprecates the keyword argument (showing a
warning to the users if they're passing it) and checking if the
grant_type is different to the one defined by the plugin itself.

Change-Id: I4fffc2c651487d3240bbc8458ad728b06b0ffa64
2016-07-14 11:08:29 +02:00
Alvaro Lopez Garcia 00746ea636 oidc: add discovery document support
The OpenID Connect specifies that all providers must return a JSON
discovery document [1] in a well-known location. We can let the user
pass this document instead of the individual endpoints (i.e. token and
authorization endpoint). Moreover, we can also check if the requested
grant_type (implicit to the used plugin, and one of client_credentials,
password, authorization_code) is supported by the provider before
starting the auth flow.


Fixes-bug: #1583682
Change-Id: I24b7960b25ddcff45552c0ab5541d92122d1d560
2016-07-14 10:19:10 +02:00
Navid Pustchi 21d5ba92e0 Fix H405, D105, D200, and D203 PEP257
Curently tox ignores H405, D105, D200, and D203.
H405: multi line docstring summary not separated with an empty line.
D105: Missing docstring in magic method.
D200: One-line docstring should fit on one line with quotes.
D203: 1 blank required before class docstring.
This patch removes tox ignores and fix docstrings.

Change-Id: Ia3ac9796630e24ce04dc9f38a8d944334d6978d2
2016-04-19 21:05:19 +00:00
Navid Pustchi f95a3bb6bc Fixing D204, D205, D208, and D211 pep8
Curently tox ignores D204, D205, D208, and D211.
D204: 1 blank required after class docstring.
D205: Blank line required between one-line summary and description.
D208: Docstring is over-indented.
D211: No blank lines allowed before class docstring.
This patch removes tox ignores and fix docstrings.

Change-Id: I691f728e7b12ad4fcd542a116fd3d491e83393a4
2016-04-19 08:30:55 +00:00
Navid Pustchi 2e0c0030a9 Removing tox ignore D400.
Currently tox ignores D400 (D400: First line should end with a period).
This change removes D400 ignore.
All pep8 violatios are fixed.

Change-Id: I9190a15a36c90d3c60a9c520cb53d5f182b0c4e9
2016-04-18 21:20:51 +00:00
Navid Pustchi 01cf25ad36 Removing tox ignore D401 and make keystoneauth compliant
Currently tox ignores D401 (401: First line should be in imperative mood).
This change removes it and make keystoneauth docstring compliantwith it.

Change-Id: Ia3bc1ecf0d2bd9699e9a1a549f9995c008db233c
2016-04-13 18:46:05 +00:00
Haiwei Xu 37548eed4f HTTPError should contain 'retry_after' parameter
'retry_after' may be passed as a parameter to create HTTPError
object, so add it to HTTPError parameter list.

Change-Id: Ia42b6b2e769ecd8cc2038a5a6384651cfa22c345
Closes-bug: #1524211
2016-01-19 15:24:55 +09:00
lin-hua-cheng 63429aeca8 Address hacking check H405
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneauth. This
also modifies our tox.ini so that we no longer ignore H405 violations.

Change-Id: I0ac1165f309edd486639e2729c18330b1d062eb3
Closes-Bug: 1482773
2015-11-18 21:18:37 -08:00
Dolph Mathews 10c5961426 Make __all__ immutable
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are

Change-Id: Ib3ab93224ba240040b08ece481ef5ba620c3f658
2015-10-01 18:21:31 +00:00
Jamie Lennox f1885f0b7c Add UnknownConnectionError to __all__
Because UnknownConnectionError is not in __all__ it doesn't get imported
into the keystoneauth1.exceptions module and so it can't be used from
the session module.

Change-Id: I16061ee55871fc0eeaab752f21637d52158055fc
Closes-Bug: #1501022
2015-09-30 05:19:40 +10:00
Gregory Haynes ce67a601b0 Use option dest rather than name in missing error
When we are missing a required option we should use option.dest rather
then so a user is presented with the correct value to use
(otherwise we say auth-url is missing when auth_url is what we actually
wanted, for example).

Change-Id: Ie1d72f6969bfcebdf94619158eb94ccac3bc75ba
2015-09-16 16:32:29 -07:00
Jamie Lennox d652305145 Raise error if loader is provided name without id
For v3 if you provide project_name or user_name without the
corresponding id it is going to fail. To get around this OSC and OCC
have been doing pre plugin loading validation checks.

Now that loading is separate from the plugin itself it makes sense that
we can enforce certain requirements on plugin loaders such that only
valid configurations may be loaded.

Change-Id: Ife6ff07214d702d76ce8b1d0e87f60f732aa0230
2015-09-01 13:58:53 +10:00
Jamie Lennox 5958739cb9 Change option requirement testing
Change options requirement testing so that it is performed on the base
load_from_options method. This will mean it gets shared between all
loading mechanisms.

I removed the verify_auth function because it is a bit too specific to
the OSC/OCC case. auth_type is not something that is part of
keystoneauth. I also modified the exception as it should no longer take
the plugin name as this would be knowledge any calling function has.

OSC/OCC could use this function to implement a higher level error
message, but I think it should be keystoneauth's responsibility to
validate auth plugins and they should just offload the options.

Change-Id: I1531b95562382e955fab44d01e7ba705d26d352f
2015-09-01 10:55:46 +10:00
Jenkins 8649e298e9 Merge "Port in the argument scrubbing from OCC" 2015-08-24 18:33:33 +00:00
TerryHowe 6be3ae70cd Clean up exception messages
In there was some
discussion about cleaning up these exception messages.  Here
it is.

Change-Id: I6bf1d7351f5fd90451f6d0d7c7e2575e584cbc62
2015-08-18 12:18:03 -06:00
Monty Taylor 2a80dc5f10 Port in the argument scrubbing from OCC
Processing a parameter dict and extracting the declared parameters for
the given auth plugin is clearly in the problem domain of keystoneauth.
It's also just simple data transformations. Move it here.

Change-Id: I6da32fee4061ab31207cb06503ec78bb45629fb2
2015-08-17 15:57:05 +00:00
TerryHowe c7f60421a0 Use human readable exception messages
Currently, the exceptions are nothing if converted to strings.
The doc strings are human reable and useful to users, so use them.

    $ python examples/
    ERROR: Exception raised:


    $ python examples/
    ERROR: Exception raised: Could not find requested endpoint in Service Catalog.

Change-Id: I1300e411c93bdfb17975e4f61e925b5b6474434c
2015-08-13 11:24:33 -06:00
Morgan Fainberg a0000e4e9a Move to the keystoneauth1 namespace
Conver from the keystoneauth namespace to keystoneauth1. This is to
ensure that is is possible to install all versions of keystoneauth

Change-Id: Ibbaf11525980c8edb5968d8b8ee19c55094e77d8
2015-06-25 16:48:54 -07:00