- new exception when an auth receipt is returned.
- a new method for auth receipt.
- support to existing v3 Auth plugins to add additional methods.
- Added a new MultiFactor plugin with loading support which
takes method names as strings.
Change-Id: Ie6601a50011118e3a07be9752f747c2298ff5230
Closes-Bug: #1839748
The last piece of service type alias support is to handle volumev2,
volumev3, workflowv2, workflowv3 and friends.
Although it's an annoying scenario, luckily legacy code that uses them
has a clear meaning. volumev2, version='3' is just legit not a thing.
Needed-By: https://review.openstack.org/564494
Change-Id: Iec09bcb16d8e9b09e09bf12d03c2a55e679ad70c
1.As mentioned in [1], we should avoid using
six.iteritems to achieve iterators. We can
use dict.items instead, as it will return
iterators in PY3 as well. And dict.items/keys
will more readable. 2.In py2, the performance
about list should be negligible, see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: I9f8f2c35f0d45d866076507a3a167aaafb8382e5
The OpenID Connect grant type is something implicit to our plugins,
so there is no need to pass it as a keyword argument, we can define
this as a class argument. Moreover, it makes no sense to pass a
grant_type that is different to the grant type that is being
implemented. This change deprecates the keyword argument (showing a
warning to the users if they're passing it) and checking if the
grant_type is different to the one defined by the plugin itself.
Change-Id: I4fffc2c651487d3240bbc8458ad728b06b0ffa64
The OpenID Connect specifies that all providers must return a JSON
discovery document [1] in a well-known location. We can let the user
pass this document instead of the individual endpoints (i.e. token and
authorization endpoint). Moreover, we can also check if the requested
grant_type (implicit to the used plugin, and one of client_credentials,
password, authorization_code) is supported by the provider before
starting the auth flow.
[1] https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
Fixes-bug: #1583682
Change-Id: I24b7960b25ddcff45552c0ab5541d92122d1d560
Curently tox ignores H405, D105, D200, and D203.
H405: multi line docstring summary not separated with an empty line.
D105: Missing docstring in magic method.
D200: One-line docstring should fit on one line with quotes.
D203: 1 blank required before class docstring.
This patch removes tox ignores and fix docstrings.
Change-Id: Ia3ac9796630e24ce04dc9f38a8d944334d6978d2
Curently tox ignores D204, D205, D208, and D211.
D204: 1 blank required after class docstring.
D205: Blank line required between one-line summary and description.
D208: Docstring is over-indented.
D211: No blank lines allowed before class docstring.
This patch removes tox ignores and fix docstrings.
Change-Id: I691f728e7b12ad4fcd542a116fd3d491e83393a4
Currently tox ignores D400 (D400: First line should end with a period).
This change removes D400 ignore.
All pep8 violatios are fixed.
Change-Id: I9190a15a36c90d3c60a9c520cb53d5f182b0c4e9
Currently tox ignores D401 (401: First line should be in imperative mood).
This change removes it and make keystoneauth docstring compliantwith it.
Change-Id: Ia3bc1ecf0d2bd9699e9a1a549f9995c008db233c
'retry_after' may be passed as a parameter to create HTTPError
object, so add it to HTTPError parameter list.
Change-Id: Ia42b6b2e769ecd8cc2038a5a6384651cfa22c345
Closes-bug: #1524211
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneauth. This
also modifies our tox.ini so that we no longer ignore H405 violations.
Change-Id: I0ac1165f309edd486639e2729c18330b1d062eb3
Closes-Bug: 1482773
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are
immutable.
Change-Id: Ib3ab93224ba240040b08ece481ef5ba620c3f658
Because UnknownConnectionError is not in __all__ it doesn't get imported
into the keystoneauth1.exceptions module and so it can't be used from
the session module.
Change-Id: I16061ee55871fc0eeaab752f21637d52158055fc
Closes-Bug: #1501022
When we are missing a required option we should use option.dest rather
then option.name so a user is presented with the correct value to use
(otherwise we say auth-url is missing when auth_url is what we actually
wanted, for example).
Change-Id: Ie1d72f6969bfcebdf94619158eb94ccac3bc75ba
For v3 if you provide project_name or user_name without the
corresponding id it is going to fail. To get around this OSC and OCC
have been doing pre plugin loading validation checks.
Now that loading is separate from the plugin itself it makes sense that
we can enforce certain requirements on plugin loaders such that only
valid configurations may be loaded.
Change-Id: Ife6ff07214d702d76ce8b1d0e87f60f732aa0230
Change options requirement testing so that it is performed on the base
load_from_options method. This will mean it gets shared between all
loading mechanisms.
I removed the verify_auth function because it is a bit too specific to
the OSC/OCC case. auth_type is not something that is part of
keystoneauth. I also modified the exception as it should no longer take
the plugin name as this would be knowledge any calling function has.
OSC/OCC could use this function to implement a higher level error
message, but I think it should be keystoneauth's responsibility to
validate auth plugins and they should just offload the options.
Change-Id: I1531b95562382e955fab44d01e7ba705d26d352f
In https://review.openstack.org/#/c/212670/ there was some
discussion about cleaning up these exception messages. Here
it is.
Change-Id: I6bf1d7351f5fd90451f6d0d7c7e2575e584cbc62
Processing a parameter dict and extracting the declared parameters for
the given auth plugin is clearly in the problem domain of keystoneauth.
It's also just simple data transformations. Move it here.
Change-Id: I6da32fee4061ab31207cb06503ec78bb45629fb2
Currently, the exceptions are nothing if converted to strings.
The doc strings are human reable and useful to users, so use them.
Before:
$ python examples/connection.py
ERROR: Exception raised:
$
After:
$ python examples/connection.py
ERROR: Exception raised: Could not find requested endpoint in Service Catalog.
$
Change-Id: I1300e411c93bdfb17975e4f61e925b5b6474434c
Conver from the keystoneauth namespace to keystoneauth1. This is to
ensure that is is possible to install all versions of keystoneauth
side-by-side.
Change-Id: Ibbaf11525980c8edb5968d8b8ee19c55094e77d8
Adrian Turjak