Commit Graph

908 Commits

Author SHA1 Message Date
Jamie Lennox
bb98d0182d Declare an extras directory for plugins
Create an extras directory and add some explanatory documentation for
dealing with plugins defined in extras.

Change-Id: Ibdd6bc16f38d1b9ca38db775671876458ec60e7a
2015-11-03 14:31:36 +11:00
Jamie Lennox
72f225eaf4 Make public the base loader classes
The loaders are a companion part to the authentication plugins that
assist in loading a specific plugin from options supplied via a config
file, command line arguments or other mechanisms.

The Base loaders handle the options that are common to a specific
identity authentication mechanism. They were added to the private
directory in the move from keystoneclient as they are only used by the
loaders defined in that directory and it gave us time to settle the
interfaces.

They are not expected to be private forever as they are expected to be
reused by anyone that is developing identity plugins outside of the
keystoneauth repository.

Closes-Bug: #1507423
Change-Id: I4b2fc321ae75e92509aacb15ac21e96880f2b20e
2015-10-19 01:50:22 +00:00
Jenkins
79104aa0fe Merge "Allow fetching oslo.config Opts from plugins" 2015-10-16 02:27:21 +00:00
Jenkins
1e7de85f53 Merge "Expose bind data via AccessInfo" 2015-10-16 01:59:01 +00:00
Jenkins
cdef92c7a1 Merge "Add url as a deprecated alias for endpoint" 2015-10-16 01:58:54 +00:00
Jenkins
8204cfe350 Merge "Copy AccessInfo tests from keystoneclient" 2015-10-15 07:07:20 +00:00
Jenkins
5eac6fe03a Merge "Return None from generic plugin if failure" 2015-10-15 07:07:18 +00:00
Jamie Lennox
4fd8531fd5 Expose bind data via AccessInfo
The bind information is a standard part of the token data and can be
access from auth_token middleware so it should be exposed as part of the
AccessInfo object.

Change-Id: I45fc6eeed43f335aa1d771bdf1a11257432cb85c
2015-10-15 17:22:30 +11:00
Jenkins
76d6a70864 Merge "Fix deprecated options in oslo_config" 2015-10-15 05:08:16 +00:00
Jamie Lennox
14a25863df Return None from generic plugin if failure
The create_plugin method can be called multiple times with different
version values and the generic plugin should return an object if it is
suitable. By raising an error here when you have invalid parameters it
prevents the generic handler attempting additional version options.

Change-Id: I3391c6607fc53a154e10bee7e741bf73afeae5fa
2015-10-15 13:36:32 +11:00
OpenStack Proposal Bot
3ccc37410d Updated from global requirements
Change-Id: I94ef01f3d60a78d887903e243becc27e9bf57f2d
2015-10-14 09:29:24 +00:00
Jamie Lennox
b2484fdbf6 Copy AccessInfo tests from keystoneclient
There were some basic small issues with AccessInfo accessors and it
appears that the tests were never transferred across from
keystoneclient.

Copy those tests as closely as possible.

Change-Id: I391bf23097c5a8a176a50a938c04fa259df1de12
2015-10-14 18:14:21 +11:00
Jamie Lennox
54c0c6abe6 Fix deprecated options in oslo_config
Converting a keystoneauth Opt to an oslo_config Opt fails because we
convert the deprecated options to a real oslo_config Opt rather than a
DeprecatedOpt.

Change-Id: I1c86bec7cddcc5751e6584b381e60115b84e1d27
Closes-Bug: #1505906
2015-10-14 16:48:34 +11:00
OpenStack Proposal Bot
d6ffc5bb0e Updated from global requirements
Change-Id: Ie3039c0331779d11ac3350e29ee15311992d5f3f
2015-10-13 00:52:43 +00:00
Monty Taylor
67280cbb01 Add url as a deprecated alias for endpoint
In order for us to transition python-openstackclient to keystoneauth,
we need a path forward so that people can move from using the in-tree
token-endpoint plugin to just using the admin-token plugin (which is the
thing that should be used for the bootstrapping-keystone usecase)

We could do fancy things in OCC to accomplish this (I have a patch) -
but instead of doing that, which is, as Dean says, really a layer
violation, why don't we just put url in here and be done with it.

Change-Id: Ia240d9599aad0c3e6727fcde451e3ddd21bc242f
2015-10-11 10:25:35 -04:00
OpenStack Proposal Bot
8f680315d5 Updated from global requirements
Change-Id: I9cc861aac740d6605a370d9540e6e143e22c0d36
2015-10-09 05:00:37 +00:00
Jenkins
cbc2e15adf Merge "Make __all__ immutable" 2015-10-07 21:36:40 +00:00
Jenkins
2be61e6048 Merge "Make RST section delineation length match title" 2015-10-06 17:20:08 +00:00
Jenkins
6d12376ae1 Merge "auto-generate release history" 2015-10-06 01:02:46 +00:00
Steve Martinelli
7bb7f56932 auto-generate release history
currently there is no release history for keystoneauth, though
sometimes the commits are lacking context, this automated approach
is far better than nothing.

Change-Id: I584ded3921db9ecb8cad8f99d610bd2987394501
2015-10-05 21:16:21 +00:00
Dolph Mathews
e264bdba35 Make RST section delineation length match title
RST parsers will throw a warning if the length doesn't match the title,
because they're less sure that you intended to create a section title.

Change-Id: I28cd4ce3f1b4468de796ab7ab3c9fa8038d5d7dc
2015-10-05 17:04:45 +00:00
Dolph Mathews
e2120094fa Remove "Features" section from README
Such an empty section is pointless when we're actually tracking features
with wishlist bugs and specs anyway. This section should never exist in
mature projects.

Change-Id: I4ee657b3795fe8dc2ae55ee2085b441650bd0b07
2015-10-05 17:01:22 +00:00
Steve Martinelli
cddd78f489 Update the project description
The current description does not provide much insight into the
project, let's beef it up a bit.

Change-Id: I2088cce76accca30a0729a13c372d85348427152
2015-10-05 17:00:15 +00:00
Dolph Mathews
10c5961426 Make __all__ immutable
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are
immutable.

Change-Id: Ib3ab93224ba240040b08ece481ef5ba620c3f658
2015-10-01 18:21:31 +00:00
Jenkins
4ee46e58f7 Merge "Fix doc session example" 2015-09-30 16:44:08 +00:00
Jenkins
e1d788267a Merge "add openid connect plugins" 2015-09-30 05:12:15 +00:00
Jamie Lennox
f1885f0b7c Add UnknownConnectionError to __all__
Because UnknownConnectionError is not in __all__ it doesn't get imported
into the keystoneauth1.exceptions module and so it can't be used from
the session module.

Change-Id: I16061ee55871fc0eeaab752f21637d52158055fc
Closes-Bug: #1501022
2015-09-30 05:19:40 +10:00
Jenkins
eace93d41f Merge "Add shields.io version/downloads links/badges into README.rst" 2015-09-28 22:30:42 +00:00
Steve Martinelli
662394b104 remove references to keystone CLI
not sure what this was doing here in the first place, but the
CLI reference and man page have to go!

Change-Id: I68885014bd9c7ce2741580c8026567b698ed9361
2015-09-25 11:23:25 -04:00
Steve Martinelli
280a912c2d Add shields.io version/downloads links/badges into README.rst
add shields for version and downloads because it's useful to see
on pypi.

Change-Id: I66783c565daca173ce9db6cd5cf2d881878e74e7
2015-09-25 00:10:20 -04:00
Jamie Lennox
45a95b6e9b Allow fetching oslo.config Opts from plugins
At the moment we only have access to the loading.Opts for a plugin,
which is fine most of the time but in places like auth_token middleware
we sometimes need to manually register a plugin options.

Extend the existing function to get the options from a Loader directly
if one is passed.

Change-Id: I3fd0cead78d5cc8ee2a3d19f056b5eff15208f84
2015-09-25 10:40:16 +10:00
Ghe Rivero
a0e1d741d1 Fix doc session example
Update doc example to use keystoneclient and correct
v3 identity api parameters

Change-Id: I1ce288a1620c4aabd0aeaf78cb94ea13aa0657f8
2015-09-22 13:24:56 +02:00
Steve Martinelli
b3a454c56c add openid connect plugins
Refactor and add the existing password based plugin that exists
in keystoneclient:

https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/contrib/auth/v3/oidc.py

It's been refactored so that a base class is created with arguments
that are common to several openid connect flows.

The patch also includes support for a few auth flow called
authorization code.

Co-Authored-By: Zhao Jian <jianzj@cn.ibm.com>
Change-Id: I35db68e288e174617a05c0db3d77d5a86048fe9e
2015-09-21 20:11:03 +00:00
Monty Taylor
3915102963 Change ignore-errors to ignore_errors
Needed for coverage 4.0

Change-Id: I9ebe49e2660ba50a1b4b9e0cc30181d12099e8b9
2015-09-21 14:28:05 +00:00
OpenStack Proposal Bot
4501513ff3 Updated from global requirements
Change-Id: I868699b1950e5b4c0aba71b0e42e1f75a823db91
2015-09-18 16:38:35 +00:00
Jenkins
de40b62b0e Merge "Updated from global requirements" 2015-09-17 15:39:33 +00:00
OpenStack Proposal Bot
cd9bd94122 Updated from global requirements
Change-Id: I20a8ca5da4174e78b06d002760af120d991c9eca
2015-09-17 12:12:42 +00:00
Monty Taylor
835dfb8528 There is no token_endpoint.TokenEndpoint
Change-Id: If39478707f866c73c76ee48081467f5e4905beda
2015-09-17 13:29:36 +02:00
Gregory Haynes
ce67a601b0 Use option dest rather than name in missing error
When we are missing a required option we should use option.dest rather
then option.name so a user is presented with the correct value to use
(otherwise we say auth-url is missing when auth_url is what we actually
wanted, for example).

Change-Id: Ie1d72f6969bfcebdf94619158eb94ccac3bc75ba
2015-09-16 16:32:29 -07:00
Jenkins
7d2d29aedd Merge "Convert project to os-testr" 2015-09-16 21:03:26 +00:00
Jenkins
6ce09e133d Merge "Move generic loading tests into loading folder" 2015-09-15 10:56:48 +00:00
Jenkins
645df083ed Merge "Identity plugin thread safety" 2015-09-15 08:37:44 +00:00
Jamie Lennox
b46985ee87 Move generic loading tests into loading folder
There are two tests for loading options for generic plugins that were in
the regular plugin folder and not the loading folder. Move them.

Change-Id: Id0b1508afd20be84fb33154c18119da3b0674c3c
2015-09-15 16:30:00 +10:00
Jamie Lennox
a79f550dfc Move session loading tests into loading section
Session loading is being tested as part of the base session testing
file. It should be moved into the loading folder with other loading
specific tests.

Change-Id: I42ac48553ecd7fdda0357938387e17bdaf5e80a9
2015-09-10 12:37:20 +10:00
Jamie Lennox
c8d7506ce6 Identity plugin thread safety
A common case is for Nova (or other service) to create an admin
authentication from a CONF file and then have many greenlet threads that
want to reuse that authentication. If a token expires then many threads
all try and fetch a new token to use and can step over each other.

I was hoping for a way to put a lock in so that all plugins were thread
safe however fixing it for identity plugins solves almost all real world
situations and anyone doing non-identity plugins will have to manage
threads themselves.

Closes-Bug: #1493835
Change-Id: Ie478499a086a4b0db4fb9e5b820f6f5cd4074763
2015-09-09 12:52:14 +00:00
Jenkins
88a69ea9da Merge "Move around the tests so they can be found easier" 2015-09-07 20:24:24 +00:00
Mathieu Gagné
fac161a44a Fix typo in Python package summary in setup.cfg
Change-Id: Ic26d92a00059385644ae3db1eb204bcb64b391bf
Closes-bug: #1492431
2015-09-04 15:13:11 -04:00
TerryHowe
ec16789cf1 Convert project to os-testr
I am not sure how folks feel about this, but I think os-testr
makes failures a little easier to debug when tests fail.  For
one thing you get stdout/stderr in the test output.  Running a
single test is a little different:

    tox -e py27 -- --regex keystoneauth1.tests.unit.identity.test_token

Change-Id: Iea05633af3708c5e9443d86c8ddf947e68c0bebe
2015-09-03 06:52:54 -06:00
Jenkins
4818e2db70 Merge "Change the README to remove the warning for 1.0.0 release" 2015-09-03 09:06:45 +00:00
Jenkins
97f0258345 Merge "Add accessor method for raw catalog content" 2015-09-03 08:00:26 +00:00