The plugin documentation had some errors, like:
- Erroneous Python code
- Missing OpenID Connect plugins.
- Not in alphabetical order.
Change-Id: I92cd40b130e55b04476b723db9bf7c309427832d
Extras documentation has a link for "extras dependencies" that
results in a "404 Not Found" error page. This patch fixes the doc
link to the correct URL from setuptools online doc.
Closes-Bug: #1604168
Change-Id: I8846f05a33eb6886004f551fc659b77cb8285de0
An auth plugin that allows service clients to be authenticated
with the X.509 tokenless authentication. Please find typical configured
options in authentication-plugins.rst
implements bp keystone-tokenless-authz-with-x509-ssl-client-cert
Change-Id: Ie0298f0ef7f3891cfc81072ab9ef9e501773fe5f
In fc95d255 we made the kerberos plugin loadable via stevedore but did
not add it to the list of plugins that could be loaded that way. This
patch documents it.
Change-Id: Iea719e485287aec610520d440272179f0a9ee84f
OAuth1 has been supported by keystone for a long time, and was supported
as an authentication plugin in keystoneclient. Port this work to
keystoneauth and add the ability to load it from the CLI.
Closes-Bug: #1524862
Change-Id: Ie53aeb1b926104cac692cd98551a701522f7fec4
The Discover class can fiilter API versions by experimental status, deprecated
status, and unknown status, and potentially more designations in the future.
The parameters that control this were not exposed in the Session or Adapter, so
users could not take advantage of this filtering through normal means. This
patch creates an 'allow' parameter for the Adapter that will get passed down as
keyword arguments into Discover.raw_version_data().
Now, given an unversioned endpoint like:
$ openstack endpoint show cinder
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://192.168.122.183:8776 |
| enabled | True |
| id | 485107c1d92b41829c331a2dc82aaaeb |
| internalurl | http://192.168.122.183:8776 |
| publicurl | http://192.168.122.183:8776 |
| region | RegionOne |
| service_id | 01b4f36a173d4c59b31fc95763095373 |
| service_name | cinder |
| service_type | volume |
+--------------+----------------------------------+
an Adapter can be used like this (this example would be expected to fail
since it disallows the deprecated volume V1 API):
auth = Password(<auth_params>)
sess = session.Session(auth=auth)
adptr = adapter.Adapter(sess)
adptr.get('<project-id>/volumes',
endpoint_filter={'service_type': 'volume',
'interface': 'public',
'version': 1},
allow={'allow_deprecated': False}))
This is inspired by an abandoned patch to keystoneclient[1] that exposed this
information as a tuple. The problem with exposing it like that is that
raw_version_data() defaults allow_deprecated to True, so including 'deprecated'
in the tuple or not including it would have the same result. Using a dict
allows us to keep the Discover interface the same.
[1] https://review.openstack.org/#/c/130159
Co-authored-by: Endre Karlson <endre.karlson@hp.com>
Change-Id: I54c29e1c2a4a2b02a3967f4ea108b8d2533616eb
Closes-bug: #1394245
In d0617885 the example in the Service Discovery section was changed to
include the full URL of the endpoint. On closer inspection, it turns
out that the example is deliberately pointing out that you don't need
the full URL when using endpoint filtering, since the endpoint filter
is supposed to look up the endpoint in the catalog. The reason it
wasn't working out of the box, as pointed out in the bug[1], was that
devstack sets up v2.0 endpoints, so the example path was appending /v3
to a v2.0 endpoint and failing.
This patch reverts the example back to using just a path, but omits the
'/v3' part of the path and uses the admin interface so that it will
work on v2.0. This will work out of the box on devstack and will still
work if the user has set up endpoints with '/v3' in them.
[1] https://bugs.launchpad.net/keystoneauth/+bug/1519054/comments/2
Change-Id: I11637aaa1939327eb6d1819c1b740a99e0f21e83
When building packages if git is absent, then we should not set
html_last_updated_fmt. It can still be set via the -D switch
when building with sphinx-build.
Change-Id: I3c55983a29150bb4f3742df5efa068f339ee1cd7
Closes-Bug: #1552251
Provide examples on authentication using extras plugins:
- kerberos
- saml2
- adfs
Implements bp documentation
Change-Id: I18d11a98e056546f1a101001e1665e2968e75c65
Reworded some sections.
Cleaned up some rst formatting. `` is for string constants, ` is for
field names.
Change-Id: Iad6c2baa5c41ed70aea1e30f677ba2682879952c
The federation plugins weren't referenced along with the other
authentication plugins so nobody could find them.
Change-Id: Iedfe179e36864405521e854962d0e6628cf2f5fe
os.popen() is deprecated since version 2.6. Resolved with use of
subprocess module.
Closes-bug: #1529836
Change-Id: I0cc16f50fef738594c123a27f34a517dd002e4f5
With the upcoming deprecations from keystoneclient we should do a better
job explaining the changes for people trying to transition.
Change-Id: I7e0227c4b50267b165c119f0e83e28a400f18a09
When copying this documentation over from keystoneclient we much have
simply replaced occurences of keystoneclient with keystoneauth. Details
how to migrate keystoneclient to using sessions make sense in
keystoneclient however the migration doc makes no sense in keystoneauth1
because those parameters don't exist.
Change-Id: I70160f42115d7dfe7610699479baf2e9420fe1b3
The auth plugin from the keystoneclient-kerberos repository is
copied to this package. It was in its own repository because it
requires the requests-kerberos package and we want to minimize
requirements in keystoneauth (or keystoneclient at the time the
plugin was originally developed). Since we've got support for
"extras" in setup.cfg in pip now this isn't an issue with the
package anymore. Users of the kerberos plugin must install the
extra packages using
$ pip install keystoneauth['kerberos']
otherwise the plugin will fail to load.
Closes-Bug: 1512741
Change-Id: Ia84bf559413e9bfd1a3faaceb417c2477bd10d5f
Create an extras directory and add some explanatory documentation for
dealing with plugins defined in extras.
Change-Id: Ibdd6bc16f38d1b9ca38db775671876458ec60e7a
currently there is no release history for keystoneauth, though
sometimes the commits are lacking context, this automated approach
is far better than nothing.
Change-Id: I584ded3921db9ecb8cad8f99d610bd2987394501
not sure what this was doing here in the first place, but the
CLI reference and man page have to go!
Change-Id: I68885014bd9c7ce2741580c8026567b698ed9361
Conver from the keystoneauth namespace to keystoneauth1. This is to
ensure that is is possible to install all versions of keystoneauth
side-by-side.
Change-Id: Ibbaf11525980c8edb5968d8b8ee19c55094e77d8
A temporary fix was added to get around a bug in how pbr handles
its autodoc_tree_index_modules setting. Since this bug is fixed we no
longer need the work around.
Change-Id: Id8274ef5c244bf50a34702ed9b4e50d3b82d8028
Closes-Bug: #1260495
(cherry picked from commit 045e47938f445741b6efedeb7243d3b413ea3229)
Update the description to something more appropriate to keystoneauth and
remove the api version specific docs that are not relevant.
Change-Id: Ife0243f9ca5d268fee9544835f3a981cd47144c8
This was simply the result of:
find -type f | xargs sed -i 's/keystoneclient/keystoneauth/g'
find -type f | xargs sed -i 's/python-keystoneauth/keystoneauth/g'
in the docs directory to fix the build failure.
Will look at a doc rewrite soon.
Change-Id: I05d4be12f31ea47e917dc79e50d17b174bf89938
To better facilitate the building and publishing of sphinx
documentation by Jenkins we are moving all openstack projects with
sphinx documentation to a common doc tree structure. Documentation
goes in project/doc/source and build results go in project/doc/build.
Change-Id: I205e8bb1ddf6dae1d7392b32975319c6a6d98673
