Commit Graph

666 Commits (faf52ea37383b967297d9196dee42aa67184720d)

Author SHA1 Message Date
Morgan Fainberg faf52ea373 Fix namespace issues and remove tests for client-specific code
Client specific code has been removed, this cleans up the related
lingering tests and fixes further keystoneclient namespace issues.

Change-Id: I620865a71c216c4040956fa5dce9949654877526
2015-04-20 15:14:17 -07:00
Morgan Fainberg 3768b0537e update _discover to use keystoneauth namespace
Change-Id: I0b4d2641ed467dc6ed076fc45b87a64356f39825
2015-04-20 14:59:17 -07:00
Morgan Fainberg 01d3e0e33f Merge branch 'ksc_master'
Merge in history for
2015-04-20 14:56:40 -07:00
Morgan Fainberg 62a1ba9000 move keystoneclient/ to keystoneauth/
Change-Id: I46e4873c1765b3815d724584e4b56a09bab04f1a
2015-04-20 14:55:59 -07:00
Morgan Fainberg f70d313def Initial Split of python-keystoneclient to keystoneauth
Change-Id: Ib33d022506072749e23caf6d9defbcc9a65c8b48
2015-04-20 14:49:59 -07:00
Jenkins 0d0a57c963 Merge "Uncap library requirements for liberty" 2015-04-17 17:45:18 +00:00
Jenkins 7d4aa37457 Merge "Make process_header private" 2015-04-17 15:01:16 +00:00
Doug Hellmann ea0bcb5370 Uncap library requirements for liberty
Change-Id: Iedcc83c838ba91de90ab089728e6d0cde371394d
Depends-On: Ib948b756b8e6ca47a4c9c44c48031e54b7386a06
2015-04-16 18:13:09 +00:00
Jamie Lennox 93c34309b3 Make process_header private
This should never have been added in a public way. I feel we are ok
making this private as there is no public use i can foresee.

Change-Id: Ib95365a11fa21146d51bea103c7709943aafdae8
2015-04-14 15:06:56 +10:00
Jamie Lennox af6f1924eb Increase minimum token life required
MIN_TOKEN_LIFE_SECONDS is the number of seconds that the token provided
must be valid for to be used when making authentication requests. 1
second has always been a dumb number and was not based on any existing

Because a user token may be reused by a service to make requests on
behalf of a user if the token is valid when sent it may not be valid for
the life of the request.

2 minutes is also an arbitrary value, but it should allow plenty of time
for service requests to complete before being rejected.

Closes-Bug: #1441910
Change-Id: I395a0770e72d1ec7904e656ca382a5270f793a8b
2015-04-09 10:48:30 +10:00
Jenkins 746131c0ea Merge "Provide a generic auth plugin loader" 2015-04-08 06:47:31 +00:00
Jenkins a87b8da985 Merge "Return None for missing trust_id in fixture" 2015-04-08 04:13:41 +00:00
Jamie Lennox 91e67141bc Allow requesting an unscoped Token
The keystone server understands that specifying unscoped in the scope
section of an auth request means that it should ignore the
default_project_id of a user and return an unscoped token.

This is the client side change to allow requesting these tokens via an
auth plugin.

Change-Id: Iba5ebcea0bf0d8e5a31d552977276fc03e536c67
Implements: bp explicit-unscoped
2015-03-31 10:03:20 +11:00
Jenkins 19b3fd648e Merge "Expose audit_id via AccessInfo" 2015-03-30 01:14:08 +00:00
Jamie Lennox 01ac047e9e Expose audit_id via AccessInfo
The audit_id is now a standard part of the v2 and v3 tokens. Expose it
via AccessInfo so that it is usable for services and middleware.

Change-Id: I14ddcfee5434084ad9da73c384e6f456602fdd2b
Closes-Bug: #1437129
2015-03-28 14:33:15 +11:00
Jenkins 1c4a3c7779 Merge "Replace assertRaisesRegexp with assertRaisesRegex" 2015-03-27 02:29:22 +00:00
Victor Morales aef20a833e Replace assertRaisesRegexp with assertRaisesRegex
assertRaisesRegexp is raising a warning message that indicated the
function is going to be deprecated, use assertRaisesRegex instead.

Change-Id: Iff3b36ebec5d5d4b75c95c699ab76704d0053137
Closes-Bug: #1436957
2015-03-26 20:31:02 +00:00
OpenStack Proposal Bot 1f8d47e0bf Updated from global requirements
Change-Id: I499261729a8342a7dd733b3d4ff18cb5b86e946f
2015-03-26 11:01:31 +00:00
Jenkins b0dd0ce80d Merge "Add a FederatedBase v3 plugin" 2015-03-24 21:46:36 +00:00
Jamie Lennox 2a4095eef0 Return None for missing trust_id in fixture
If the trust_id is unset it raises a KeyError. This is unusual from a
python perspective (if nothing else it should be AttributeError) and
different to all the other attributes of the fixture.

Return None if no trust_id is set on the fixture.

Change-Id: I15d33d77027a188fa47df18387c4610908f8e2d2
2015-03-24 21:31:27 +11:00
Jenkins c6d33c441b Merge "Improve feedback message in SSL error" 2015-03-24 00:55:21 +00:00
Rodrigo Duarte Sousa 542195cbb8 Improve feedback message in SSL error
Adds the error message to give a hint to the user about
what happened.

Change-Id: I9ca56de8592e65194062038c81b468be72ffb2d9
Closes-Bug: 1297280
2015-03-20 10:04:39 -03:00
Jamie Lennox cd9c2f9b84 Add a FederatedBase v3 plugin
With the out of tree federation plugins going on extract the basic
federation workflow and required information that can be reused.

Change-Id: I6fdb3a5c6d9f3e1d6fa3425fd05809155effed1f
2015-03-20 20:29:18 +11:00
Jenkins 42178bd7c4 Merge "Rename requests mock object in testing" 2015-03-20 07:37:45 +00:00
Jenkins cfa2103fcc Merge "Allow passing logger object to request" 2015-03-18 21:35:11 +00:00
Jenkins fb350dcce3 Merge "Implements subtree_as_ids and parents_as_ids" 2015-03-18 03:59:43 +00:00
Jamie Lennox 66f59fb031 Rename requests mock object in testing
It has been mentioned a number of times that the self.requests naming
for the requests_mock object is confusing between whether you are
actually sending a request or are mocking a request.

Rename all entries of the requests object to requests_mock.

This cleans up a couple of entries where the older register_uri format
was being used in favour of using the HTTP method as the requests_mock

Change-Id: I315085b4088130b510f9dbd696011d983598372c
2015-03-18 10:31:06 +11:00
Jamie Lennox 2281a79f38 Provide a generic auth plugin loader
For keystonemiddleware, shade and other projects that do more
complicated option loading than simply CLI or CONF file provide a means
to load an auth plugin where options are discovered by a provided

This plugin is designed to work with the options as provided by
get_options rather than either the argparse or CONF registration

Use these as the default loading mechanism for the existing argparse and
CONF functions as it standardizes the mechanism between the two sources.

Change-Id: I15634ac30581c7aea14e709f12fb202570190f46
Closes-Bug: #1428900
2015-03-18 10:25:55 +11:00
Jamie Lennox 3e6fd8ab78 Extract BaseAuth out of Auth Plugin
The basic Auth plugin for v3 tokens makes the assumption that you need
to pass in some AuthMethod objects. This works well for most auth types
where you want the plugin to construct the auth request for you.

In the case of federation though we want to be able to have a rescoping
plugin that will return an auth_ref and not take any auth_methods as

Extract the most basic part of the Auth plugin into BaseAuth class that
Auth and federation plugins can both inherit from.

Change-Id: Ia8c8c614b8eb51170346ff5b1e20a1e7ebbb47de
2015-03-17 09:54:17 +11:00
Jamie Lennox 2dd985e403 Split v3 authentication file into module
The V3 authentication plugins file contained the existing plugins as
well as the base class. As we look to add new plugins it is simpler if
we break this file up.

Change-Id: I42b222a2012ea10491450d6b91c2008178dc7671
2015-03-17 09:54:17 +11:00
Jamie Lennox 4bde9ffb3a Allow passing logger object to request
It can become difficult to trace the client that created HTTP requests
as the logging all goes through the keystoneclient.session logger. Allow
passing the logger through the request function and make it able to be
set via the adapter so it can be set once per client instantiation.

Change-Id: Id45c315bee9a56f1c241210d667470751bf689d5
Closes-Bug: #1421868
2015-03-16 15:16:07 +11:00
Rodrigo Duarte Sousa 6d49acd13e Implements subtree_as_ids and parents_as_ids
This patch implements the new ways to get the project's hierarchy:
  'subtree_as_ids': If True, returns projects IDs down the hierarchy
                    as a structured dictionay.
  'parents_as_ids': If True, returns projects IDs up the hierarchy
                    as a structured dictionay.

Change-Id: Ia3afe994893dfca059cb8361f7ab1c14e28e1ad5
Implements: blueprint hierarchical-multitenancy-improvements
2015-03-13 17:02:39 -03:00
OpenStack Proposal Bot 4784c32c9b Updated from global requirements
Change-Id: I750e817d2ff4e464f36584e5fd298f8037bd84db
2015-03-05 04:57:50 +00:00
Jamie Lennox e2dad7d82c Allow handling multiple service_types
If the same service_type was mentioned in the catalog more than once
then only the last entry would be parsed and any possible other matches
would be lost.

This was something that novaclient used to do, and as we are pushing
sessions as the way that clients should all work we need to maintain
that compatibility.

Change-Id: I6964515ed1975bce1998897abfc02a1ec36e2584
Closes-Bug: #1425766
2015-02-26 14:29:18 +11:00
Jenkins 195d5214b0 Merge "Add default body for non-abstract empty methods" 2015-02-23 01:38:27 +00:00
Jenkins b61d6b6dbb Merge "Using correct keyword for region in v3" 2015-02-23 01:38:04 +00:00
OpenStack Proposal Bot 358729a84d Updated from global requirements
Change-Id: If749314fbad1c0e1c55614fed10e7211c62559af
2015-02-20 13:59:27 +00:00
lin-hua-cheng 55e574495b Add default body for non-abstract empty methods
Some non-abstract methods only have docstring with no content,
this just add a default content to those function.

Change-Id: Idcf5b9f6ed766d3bc1541e158bdd8e58b06223e2
2015-02-14 05:57:37 +00:00
Jenkins c140e073d2 Merge "Make remove_service_catalog private" 2015-02-13 16:38:49 +00:00
Jenkins 01ab4b9314 Merge "Create functional test base" 2015-02-13 15:56:05 +00:00
Jamie Lennox c419425c85 Create functional test base
Setup test runners to run unit tests by default and add a stub
functional test that we can get gating.

Change-Id: I6627925ab63340c880adc7c938a0b74faff47bc7
Implements: bp functional-testing
2015-02-13 17:55:34 +11:00
Brant Knudson 9ceb44c612 Ignore all failures removing catalog when logging token
Operations could fail if the response was logged and had a 'token'
field that's not a dict. The fix is to ignore all errors when
trying to remove the service catalog from the response.

Also, enhanced the service catalog removal code to support V2

Closes-Bug: 1420080
Change-Id: I35b971415744825e8e5f00f30dcf193d04ee699a
2015-02-12 20:20:48 -06:00
Sergey Kraynev b00c073679 Using correct keyword for region in v3
Keystone v3 and v2 have different keywords in endpoint
dictionary. This patch adds ability for keystone client for correct
work with old and new API.

Change-Id: I886b4c7ac3cbe08ac1b88f490e9ca92a90256961
Closes-Bug: #1364463
2015-02-12 07:24:16 -05:00
Jenkins f82f274f6b Merge "Move tests to the unit subdirectory" 2015-02-12 07:36:45 +00:00
Jamie Lennox 51e8842af2 Move tests to the unit subdirectory
Move all the existing tests to the unit/ subdirectory. This gives us
some room to add a functional/ directory later with other tests.

Change-Id: I0fb8d5b628eb8ee1f35f05f42d0c0ac9f285e8c3
Implements: functional-testing
2015-02-11 19:03:25 +11:00
Jenkins 5790f49dca Merge "Reference identity plugins from" 2015-02-10 06:59:32 +00:00
Jamie Lennox d55fdf0841 Make remove_service_catalog private
This is a utility function that is used for reducing the amount of data
that is logged. It shouldn't be a public function.

I think there is very little risk from this in terms of compatibility as
it was only added recently.

Change-Id: I003e9f11be478b1282ea9cf179f2dd13e1672a80
2015-02-10 15:25:36 +11:00
Jenkins a3fd4e8570 Merge "Change hacking check to verify all oslo imports" 2015-02-10 03:56:57 +00:00
Jenkins ff8cb77653 Merge "Change oslo.i18n to oslo_i18n" 2015-02-10 03:56:49 +00:00
Jenkins 08f47dda81 Merge "Workflow documentation is now in infra-manual" 2015-02-10 02:52:12 +00:00