1257 Commits

Author SHA1 Message Date
Jamie Lennox
c21ef89a88 Add a full listing of all auth plugins and there options
A commonly requested document is what auth plugins are available and
what parameters do they accept. Create an extension that can iterate
through the stevedore namespace and render all its available options.

Change-Id: Id0d0983c9803ce4e0ce201310a1603bc0ff30ca0
2017-01-10 14:40:28 +00:00
Tin Lam
9d3ae3ef94 X-Serivce-Token should be hashed in the log
Currently, logs display the hash values of X-Auth-Token,
Authorization, and X-Subject-Token, but not the value of
the X-Service-Token.  This patch set adds the X-Service-Token
to the list of header fields to be hashed for logging purposes.

Change-Id: I4d996a2631f61a2c9bbbc7f959e97c7279be023d
Closes-Bug: #1654847
2017-01-09 16:08:20 +00:00
Jenkins
f387043138 Merge "Add __ne__ built-in function" 2017-01-06 18:12:48 +00:00
howardlee
7666acbb1e Add __ne__ built-in function
In Python 3 __ne__ by default delegates to __eq__ and inverts the
result, but in Python 2 they urge you to define __ne__ when you define
__eq__ for it to work properly [1]. There are no implied relationships
among the comparison operators. The truth of x==y does not imply that
x!=y is false. Accordingly, when defining __eq__(), one should also
define __ne__() so that the operators will behave as expected.

[1]https://docs.python.org/2/reference/datamodel.html#object.__ne__

Change-Id: I6ad4b07911f6c8236dfcd048aceebd44cd760fe2
2017-01-06 14:32:41 +00:00
Eric Brown
b7008bd1b6 Remove references to Python 3.4
Now that there exists only a gate job for Python 3.5 and not 3.4,
we should remove those references to the 3.4 that is untested.

Change-Id: I82f370a4d9da07e121e0ce6cac851008e3925639
2017-01-05 15:27:51 -08:00
Samuel de Medeiros Queiroz
f345559a06 Prevent MemoryError when logging response bodies
Response bodies are loaded into memory prior to
being logged.

Loading huge response bodies may result in a
MemoryError.

This patch proposes that only JSON and TEXT
responses be logged, i.e when the Content-Type
header is application/json or application/text.

Responses that do not include or have a different
Content-Type header will have their body omitted.

Closes-bug: 1616105

Change-Id: I93b6fff73368c4f58bdebf8566c4948b50980cee
2017-01-04 04:52:06 +00:00
OpenStack Proposal Bot
014db209d8 Updated from global requirements
Change-Id: I8e42b0ee27ef5c30a675b76cefd7c8ed90a0b5e5
2016-12-23 03:12:21 +00:00
Cao Xuan Hoang
a142082b10 Removes unnecessary utf-8 encoding
The following file added utf-8 encoding but never used. So we can
removes them at all.

keystoneauth1/tests/unit/extras/kerberos/base.py

Change-Id: I82ee422cd40dd0b7e584b566fb073fc1583396c7
2016-12-22 09:30:50 +07:00
Tony Breeds
7c2d2220c3 Add Constraints support
Adding constraints support to libraries is slightly more complex than
services as the libraries themselves are listed in upper-constraints.txt
which leads to errors that you can't install a specific version and a
constrained version.

This change adds constraints support by also adding a helper script to
edit the constraints to remove keystoneauth.

Change-Id: I5101c316ec57c6166ca7fee47de9450a936f0664
2016-12-21 11:24:09 +11:00
Jenkins
459f3c0926 Merge "Replace six.iteritems() with .items()" 2016-12-16 04:11:33 +00:00
Jenkins
afc6eea34d Merge "Don't issue deprecation warning when nesting adapters" 2016-12-16 03:24:21 +00:00
Dirk Mueller
0e6a57621a Remove discover from test-requirements
It's only needed for python < 2.7 which is not supported

Change-Id: I822cca31b7e4282f55d881db53fbfe8de86c55a3
2016-12-15 08:48:10 +01:00
gengchc2
a00b8d844d Replace six.iteritems() with .items()
1.As mentioned in [1], we should avoid using
six.iteritems to achieve iterators. We can
use dict.items instead, as it will return
iterators in PY3 as well. And dict.items/keys
will more readable. 2.In py2, the performance
about list should be negligible, see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html

Change-Id: I9f8f2c35f0d45d866076507a3a167aaafb8382e5
2016-12-09 10:59:00 +08:00
Jamie Lennox
c5bac3a32c Don't issue deprecation warning when nesting adapters
Auth token middleware does a bit of a hack where it passes an Adapter in
as a session to the client. This is useful there because we need to know
much more about the authentication information than we do in most
clients.

We should look at fixing this in auth_token middleware, however for now
we shouldn't issue a deprecation warning when a user passes an Adapter
as a session object because this has always been designed to work - just
not something we recommend.

Change-Id: If7ebe59d5908275e607f32244027c8e6f3d1e157
Closes-Bug: #1647230
2016-12-06 09:14:44 +11:00
OpenStack Proposal Bot
301ecb4bd8 Updated from global requirements
Change-Id: I04aa5807cad2968708fcf9971af1f5e9324e0070
2016-12-02 05:06:05 +00:00
Jenkins
3e2ea6a9cc Merge "Show team and repo badges on README" 2016-11-28 03:13:53 +00:00
Flavio Percoco
89301bdea9 Show team and repo badges on README
This patch adds the team's and repository's badges to the README file.
The motivation behind this is to communicate the project status and
features at first glance.

For more information about this effort, please read this email thread:

http://lists.openstack.org/pipermail/openstack-dev/2016-October/105562.html

To see an example of how this would look like check:

https://gist.github.com/925e12d20373c828b0514eee3a5716af

Change-Id: I8962215a156558c24e29c70dc8debc6342457080
2016-11-25 16:43:03 +01:00
Jeremy Liu
559bd5affc Drop MANIFEST.in - it's not needed by pbr
Keystoneauth already uses PBR:-
setuptools.setup(
 setup_requires=['pbr>=1.8'],
 pbr=True)

This patch removes `MANIFEST.in` file as pbr generates a
sensible manifest from git files and some standard files
and it removes the need for an explicit `MANIFEST.in` file.

Change-Id: Ibf29e5b6c5ea34a23198e88c57372f1e8bbb2fc2
Closes-Bug: #1608980
2016-11-25 17:13:11 +08:00
Juan Antonio Osorio Robles
08539ec4d6 Add reauthenticate to generic plugins
Currently, the plugins supported in the generic plugins all have a
reathenticate option, however, this is not passed anywhere in the
generic plugin interface. This adds it to the base class in order to
support this, and provide a more interchangeable interface between
the version-specific plugins and the generic one.

Change-Id: I35f1c9dcd20017b9c442b04c142e46cad4d15eb4
Closes-Bug: #1643782
2016-11-22 09:59:14 +02:00
Jenkins
b6f8648177 Merge "Using assertIsNotNone() instead of assertNotEqual(None)" 2016-11-18 00:39:44 +00:00
Cao Xuan Hoang
b55a286462 Using assertIsNotNone() instead of assertNotEqual(None)
Following OpenStack Style Guidelines[1]:
[H203] Unit test assertions tend to give better messages for more
specific assertions. As a result, assertIsNotNone(...) is preferred
over assertNotEqual(None, ...) and assertIsNot(None, ...)

[1] http://docs.openstack.org/developer/hacking/#unit-tests-and-assertraises

Change-Id: Iadb27153109b2c4b92df43fc97a5e50eed86f58c
2016-11-17 22:33:58 +00:00
melissaml
f2242de6fe Fix a typo in base.py
TrivialFix

Change-Id: I6e7ea9bafd59a0915d3f88df595a0653af2a0f1e
2016-11-17 23:10:23 +08:00
Morgan Fainberg
6858ccdd0f Correct betamax fixture for more strict IDNA
The IDNA library has gotten more strict. The use of `_` in the TLD is
not valid. This change modifies the betamax test-case to use
`keystoneauth-betamax.test` instead of `keystoneauth.betamax_test`
correcting the invalid character in the TLD.

Change-Id: I01c5e6c0145158515d837b216fd066a5a558f498
2016-11-16 16:26:54 -08:00
Jenkins
42a6bf8dfc Merge "mark a few oidc parameters as required" 2016-11-09 17:13:29 +00:00
OpenStack Proposal Bot
94eb71c61e Updated from global requirements
Change-Id: I81c138deb1999df1df58f707a59786c95f5b21e0
2016-11-09 04:16:41 +00:00
OpenStack Proposal Bot
da701f0a39 Updated from global requirements
Change-Id: I9400e4c268baea3b061897a0ae82043e48445222
2016-11-06 01:59:47 +00:00
OpenStack Proposal Bot
868f6c573d Updated from global requirements
Change-Id: I87a71b09301542d886790ec37de39976da99170e
2016-11-02 15:32:50 +00:00
Jenkins
e308aae67d Merge "Add a service token wrapper" 2016-11-02 00:14:18 +00:00
Steve Martinelli
827895281b mark a few oidc parameters as required
to better the user experience, mark a few of the open id connect
options as required, users should get back more meaningful
error messages.

as part of the change, there was also a discrepancy between what
the loader used for the authorization code, and what the plugin
was using. deprecate the old loader option (authorization-code)
in favor of the one used by the plugin (code).

Change-Id: I18318ef44f99e4f973176dd99b61770b1151f7a0
Partial-Bug: 1593192
2016-11-01 11:12:12 -04:00
OpenStack Proposal Bot
e5b9dbc385 Updated from global requirements
Change-Id: I3cd006656fc47af2819586eef5ed7bcf432017fc
2016-10-27 12:15:00 +00:00
OpenStack Proposal Bot
a70a6a1ca9 Updated from global requirements
Change-Id: I5a81cbd4deb4ab006f43afd2a18b48b231d42818
2016-10-22 01:20:08 +00:00
OpenStack Proposal Bot
92bba25391 Updated from global requirements
Change-Id: Ib5314a7feec4eda5158bfa7fede8062c6c0969d6
2016-10-21 00:43:29 +00:00
Jenkins
946278d98c Merge "Show deprecation warning and limit features for KSC session" 2016-10-20 04:01:43 +00:00
Jamie Lennox
57f8d2cde5 Allow setting client_name, client_version on adapter
You can pass client_name and client_version to Adapter.__init__ but for
most clients this means overriding Adapter.__init__ and setdefault()-ing
the client_name and version.

As most clients already override the Adapter object it'd be easier if
they could just set these values on the class as they are not going to
change between instances.

Change-Id: I301a7f77c8cf423bc1d45e3dcbb2325f6853b9a9
2016-10-20 02:15:42 +00:00
Jamie Lennox
6c71469783 Show deprecation warning and limit features for KSC session
There are still a lot of places where keystoneclient sessions are being
used and we've made a fair effort to maintain compatibility with these
sessions.

Unfortunately passing client_name and client_version for user_agent
generation is something only present in keystoneauth and passing it to a
keystoneclient session results in failure.

Whilst it would be good to just tell people to fix their code in reality
we'll probably be dealing with this for a while so just check to ensure
it really is a keystoneauth session we are passing parameters to and
warn otherwise.

Change-Id: I4d51ee08cfa9094443aca7128fe5323a95974a4d
2016-10-20 02:15:34 +00:00
Jamie Lennox
31b9d125b0 Don't use private testtools.test module
The testtools.test module is the unit testing module for testtools and
is an internal module with additional requirements. We should not be
relying on this module.

Copy the tests that were exposed from testtools into here.

Change-Id: I1e09228cff7a0c8136447f07df6864045a6fb849
2016-10-20 11:23:02 +11:00
Mike Fedosin
ab39cf0667 Prevent changing content type in request
Now if body contains json, its content type forcibly
changes to application/json, which is not correct in
some case, like json-patch request.

This code fixes this situation and sets application/json
contnent type only if this header hasn't been set before.

Change-Id: I4e0c44d444519f056dfa48c9603dbc3ca6b01822
Closes-bug: #1634110
2016-10-17 15:54:45 +03:00
Jenkins
626886b4aa Merge "be more explicit about connection errors" 2016-10-13 21:00:28 +00:00
Jenkins
04ea2a8181 Merge "Fix a typo in opts.py" 2016-10-13 21:00:19 +00:00
Sean Dague
7d26de17f5 be more explicit about connection errors
urllib/requests ConnectionError is a translation of
SocketError. However, when we translate this *yet again* we drop the
message from Requests. That message contains the actual SocketError
details, which are often critical for debugging an issue.

This keeps those details in the error message as we carry this up.

Change-Id: I6b753fddaebdcbcfe62680585a5b6febf62647b3
2016-10-13 14:43:45 -04:00
melissaml
729e4cd846 Fix a typo in opts.py
Removed redundant 'the'

Change-Id: I4e72aeb4580ef197a9fd214b26879408e5a63a9e
2016-10-13 10:28:00 +08:00
gecong1973
e1bf1f0e83 Fix a typo in base.py
TrivialFix

Change-Id: Ifffcea354e785a7fc5720e15d3bd259be559f13e
2016-10-13 09:42:13 +08:00
Jenkins
8185d4ffe9 Merge "Implement caching for the generic plugins." 2016-10-11 06:57:26 +00:00
Jenkins
9e9a1c2fe3 Merge "Enable release notes translation" 2016-10-11 06:43:56 +00:00
Jamie Lennox
e69cff8654 Add a service token wrapper
There are cases from a service where you have to wrap and pass a User
and Service token together to make things work. Add a wrapper that adds
both the user and service token to requests.

This will be something we will handle differently in auth_token
middleware but should still provide for other implementations.

Change-Id: I284f799d1f9e8d33ff032376af02b64cd6bbf510
2016-10-11 14:14:40 +11:00
Jamie Lennox
eb5571a6ca Allow specifying client and service info to user_agent
Allow specifying a service name and version to the session and a client
name and version to the adapter. The way this will work is that
libraries such as keystoneclient will pass client_name and
client_version when creating their adapter. Then when nova or another
service creates a session it will provide the service name and version.
The combination of these will be used to provide a meaningful user
agent.

Change-Id: Ibe516d9b248513579d5e8ca94015c4ae9c00f3f9
Closes-Bug: #1614846
2016-10-07 09:53:50 +11:00
Andreas Jaeger
6c93b0b292 Enable release notes translation
Releasenote translation publishing is being prepared. 'locale_dirs'
needs to be defined in conf.py to generate translated version of the
release notes.

Note that this repository might not get translated release notes - or
no translations at all - but we add the entry here nevertheless to
prepare for it.

Change-Id: Ic011eb678ef125f65245bb4309c54e20018fc278
2016-10-06 20:28:28 +02:00
OpenStack Proposal Bot
811cd1f3e1 Updated from global requirements
Change-Id: I8b0aa4629ac34d2365ad7e700ea1d4b47a6adeac
2016-10-06 16:55:57 +00:00
Jamie Lennox
01b7c87285 Implement caching for the generic plugins.
When caching was implemented it was added to the v2 and v3 plugins but
for some reason the generic plugins were missed.

To do generic plugin caching we'll skip even trying to figure out the
inner plugin for now and just load the authentication for the generic.

Closes-Bug: #1616261
Change-Id: Icbb8acde0dca084f4a221f8ebff5503d5bdc219a
2016-10-04 16:00:32 +11:00
OpenStack Proposal Bot
1004db07b7 Updated from global requirements
Change-Id: I7c8b691b0290f79c72f86719dff667a61ea5ca9e
2016-09-30 19:59:41 +00:00