A commonly requested document is what auth plugins are available and
what parameters do they accept. Create an extension that can iterate
through the stevedore namespace and render all its available options.
Change-Id: Id0d0983c9803ce4e0ce201310a1603bc0ff30ca0
Currently, logs display the hash values of X-Auth-Token,
Authorization, and X-Subject-Token, but not the value of
the X-Service-Token. This patch set adds the X-Service-Token
to the list of header fields to be hashed for logging purposes.
Change-Id: I4d996a2631f61a2c9bbbc7f959e97c7279be023d
Closes-Bug: #1654847
In Python 3 __ne__ by default delegates to __eq__ and inverts the
result, but in Python 2 they urge you to define __ne__ when you define
__eq__ for it to work properly [1]. There are no implied relationships
among the comparison operators. The truth of x==y does not imply that
x!=y is false. Accordingly, when defining __eq__(), one should also
define __ne__() so that the operators will behave as expected.
[1]https://docs.python.org/2/reference/datamodel.html#object.__ne__
Change-Id: I6ad4b07911f6c8236dfcd048aceebd44cd760fe2
Now that there exists only a gate job for Python 3.5 and not 3.4,
we should remove those references to the 3.4 that is untested.
Change-Id: I82f370a4d9da07e121e0ce6cac851008e3925639
Response bodies are loaded into memory prior to
being logged.
Loading huge response bodies may result in a
MemoryError.
This patch proposes that only JSON and TEXT
responses be logged, i.e when the Content-Type
header is application/json or application/text.
Responses that do not include or have a different
Content-Type header will have their body omitted.
Closes-bug: 1616105
Change-Id: I93b6fff73368c4f58bdebf8566c4948b50980cee
The following file added utf-8 encoding but never used. So we can
removes them at all.
keystoneauth1/tests/unit/extras/kerberos/base.py
Change-Id: I82ee422cd40dd0b7e584b566fb073fc1583396c7
Adding constraints support to libraries is slightly more complex than
services as the libraries themselves are listed in upper-constraints.txt
which leads to errors that you can't install a specific version and a
constrained version.
This change adds constraints support by also adding a helper script to
edit the constraints to remove keystoneauth.
Change-Id: I5101c316ec57c6166ca7fee47de9450a936f0664
1.As mentioned in [1], we should avoid using
six.iteritems to achieve iterators. We can
use dict.items instead, as it will return
iterators in PY3 as well. And dict.items/keys
will more readable. 2.In py2, the performance
about list should be negligible, see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: I9f8f2c35f0d45d866076507a3a167aaafb8382e5
Auth token middleware does a bit of a hack where it passes an Adapter in
as a session to the client. This is useful there because we need to know
much more about the authentication information than we do in most
clients.
We should look at fixing this in auth_token middleware, however for now
we shouldn't issue a deprecation warning when a user passes an Adapter
as a session object because this has always been designed to work - just
not something we recommend.
Change-Id: If7ebe59d5908275e607f32244027c8e6f3d1e157
Closes-Bug: #1647230
Keystoneauth already uses PBR:-
setuptools.setup(
setup_requires=['pbr>=1.8'],
pbr=True)
This patch removes `MANIFEST.in` file as pbr generates a
sensible manifest from git files and some standard files
and it removes the need for an explicit `MANIFEST.in` file.
Change-Id: Ibf29e5b6c5ea34a23198e88c57372f1e8bbb2fc2
Closes-Bug: #1608980
Currently, the plugins supported in the generic plugins all have a
reathenticate option, however, this is not passed anywhere in the
generic plugin interface. This adds it to the base class in order to
support this, and provide a more interchangeable interface between
the version-specific plugins and the generic one.
Change-Id: I35f1c9dcd20017b9c442b04c142e46cad4d15eb4
Closes-Bug: #1643782
Following OpenStack Style Guidelines[1]:
[H203] Unit test assertions tend to give better messages for more
specific assertions. As a result, assertIsNotNone(...) is preferred
over assertNotEqual(None, ...) and assertIsNot(None, ...)
[1] http://docs.openstack.org/developer/hacking/#unit-tests-and-assertraises
Change-Id: Iadb27153109b2c4b92df43fc97a5e50eed86f58c
The IDNA library has gotten more strict. The use of `_` in the TLD is
not valid. This change modifies the betamax test-case to use
`keystoneauth-betamax.test` instead of `keystoneauth.betamax_test`
correcting the invalid character in the TLD.
Change-Id: I01c5e6c0145158515d837b216fd066a5a558f498
to better the user experience, mark a few of the open id connect
options as required, users should get back more meaningful
error messages.
as part of the change, there was also a discrepancy between what
the loader used for the authorization code, and what the plugin
was using. deprecate the old loader option (authorization-code)
in favor of the one used by the plugin (code).
Change-Id: I18318ef44f99e4f973176dd99b61770b1151f7a0
Partial-Bug: 1593192
You can pass client_name and client_version to Adapter.__init__ but for
most clients this means overriding Adapter.__init__ and setdefault()-ing
the client_name and version.
As most clients already override the Adapter object it'd be easier if
they could just set these values on the class as they are not going to
change between instances.
Change-Id: I301a7f77c8cf423bc1d45e3dcbb2325f6853b9a9
There are still a lot of places where keystoneclient sessions are being
used and we've made a fair effort to maintain compatibility with these
sessions.
Unfortunately passing client_name and client_version for user_agent
generation is something only present in keystoneauth and passing it to a
keystoneclient session results in failure.
Whilst it would be good to just tell people to fix their code in reality
we'll probably be dealing with this for a while so just check to ensure
it really is a keystoneauth session we are passing parameters to and
warn otherwise.
Change-Id: I4d51ee08cfa9094443aca7128fe5323a95974a4d
The testtools.test module is the unit testing module for testtools and
is an internal module with additional requirements. We should not be
relying on this module.
Copy the tests that were exposed from testtools into here.
Change-Id: I1e09228cff7a0c8136447f07df6864045a6fb849
Now if body contains json, its content type forcibly
changes to application/json, which is not correct in
some case, like json-patch request.
This code fixes this situation and sets application/json
contnent type only if this header hasn't been set before.
Change-Id: I4e0c44d444519f056dfa48c9603dbc3ca6b01822
Closes-bug: #1634110
urllib/requests ConnectionError is a translation of
SocketError. However, when we translate this *yet again* we drop the
message from Requests. That message contains the actual SocketError
details, which are often critical for debugging an issue.
This keeps those details in the error message as we carry this up.
Change-Id: I6b753fddaebdcbcfe62680585a5b6febf62647b3
There are cases from a service where you have to wrap and pass a User
and Service token together to make things work. Add a wrapper that adds
both the user and service token to requests.
This will be something we will handle differently in auth_token
middleware but should still provide for other implementations.
Change-Id: I284f799d1f9e8d33ff032376af02b64cd6bbf510
Allow specifying a service name and version to the session and a client
name and version to the adapter. The way this will work is that
libraries such as keystoneclient will pass client_name and
client_version when creating their adapter. Then when nova or another
service creates a session it will provide the service name and version.
The combination of these will be used to provide a meaningful user
agent.
Change-Id: Ibe516d9b248513579d5e8ca94015c4ae9c00f3f9
Closes-Bug: #1614846
Releasenote translation publishing is being prepared. 'locale_dirs'
needs to be defined in conf.py to generate translated version of the
release notes.
Note that this repository might not get translated release notes - or
no translations at all - but we add the entry here nevertheless to
prepare for it.
Change-Id: Ic011eb678ef125f65245bb4309c54e20018fc278
When caching was implemented it was added to the v2 and v3 plugins but
for some reason the generic plugins were missed.
To do generic plugin caching we'll skip even trying to figure out the
inner plugin for now and just load the authentication for the generic.
Closes-Bug: #1616261
Change-Id: Icbb8acde0dca084f4a221f8ebff5503d5bdc219a