Client specific code has been removed, this cleans up the related
lingering tests and fixes further keystoneclient namespace issues.
Change-Id: I620865a71c216c4040956fa5dce9949654877526
This should never have been added in a public way. I feel we are ok
making this private as there is no public use i can foresee.
Change-Id: Ib95365a11fa21146d51bea103c7709943aafdae8
MIN_TOKEN_LIFE_SECONDS is the number of seconds that the token provided
must be valid for to be used when making authentication requests. 1
second has always been a dumb number and was not based on any existing
value.
Because a user token may be reused by a service to make requests on
behalf of a user if the token is valid when sent it may not be valid for
the life of the request.
2 minutes is also an arbitrary value, but it should allow plenty of time
for service requests to complete before being rejected.
Closes-Bug: #1441910
Change-Id: I395a0770e72d1ec7904e656ca382a5270f793a8b
The keystone server understands that specifying unscoped in the scope
section of an auth request means that it should ignore the
default_project_id of a user and return an unscoped token.
This is the client side change to allow requesting these tokens via an
auth plugin.
Change-Id: Iba5ebcea0bf0d8e5a31d552977276fc03e536c67
Implements: bp explicit-unscoped
The audit_id is now a standard part of the v2 and v3 tokens. Expose it
via AccessInfo so that it is usable for services and middleware.
Change-Id: I14ddcfee5434084ad9da73c384e6f456602fdd2b
Closes-Bug: #1437129
assertRaisesRegexp is raising a warning message that indicated the
function is going to be deprecated, use assertRaisesRegex instead.
Change-Id: Iff3b36ebec5d5d4b75c95c699ab76704d0053137
Closes-Bug: #1436957
If the trust_id is unset it raises a KeyError. This is unusual from a
python perspective (if nothing else it should be AttributeError) and
different to all the other attributes of the fixture.
Return None if no trust_id is set on the fixture.
Change-Id: I15d33d77027a188fa47df18387c4610908f8e2d2
With the out of tree federation plugins going on extract the basic
federation workflow and required information that can be reused.
Change-Id: I6fdb3a5c6d9f3e1d6fa3425fd05809155effed1f
It has been mentioned a number of times that the self.requests naming
for the requests_mock object is confusing between whether you are
actually sending a request or are mocking a request.
Rename all entries of the requests object to requests_mock.
This cleans up a couple of entries where the older register_uri format
was being used in favour of using the HTTP method as the requests_mock
method.
Change-Id: I315085b4088130b510f9dbd696011d983598372c
For keystonemiddleware, shade and other projects that do more
complicated option loading than simply CLI or CONF file provide a means
to load an auth plugin where options are discovered by a provided
function.
This plugin is designed to work with the options as provided by
get_options rather than either the argparse or CONF registration
functions.
Use these as the default loading mechanism for the existing argparse and
CONF functions as it standardizes the mechanism between the two sources.
Change-Id: I15634ac30581c7aea14e709f12fb202570190f46
Closes-Bug: #1428900
The basic Auth plugin for v3 tokens makes the assumption that you need
to pass in some AuthMethod objects. This works well for most auth types
where you want the plugin to construct the auth request for you.
In the case of federation though we want to be able to have a rescoping
plugin that will return an auth_ref and not take any auth_methods as
arguments.
Extract the most basic part of the Auth plugin into BaseAuth class that
Auth and federation plugins can both inherit from.
Change-Id: Ia8c8c614b8eb51170346ff5b1e20a1e7ebbb47de
The V3 authentication plugins file contained the existing plugins as
well as the base class. As we look to add new plugins it is simpler if
we break this file up.
Change-Id: I42b222a2012ea10491450d6b91c2008178dc7671
It can become difficult to trace the client that created HTTP requests
as the logging all goes through the keystoneclient.session logger. Allow
passing the logger through the request function and make it able to be
set via the adapter so it can be set once per client instantiation.
Change-Id: Id45c315bee9a56f1c241210d667470751bf689d5
Closes-Bug: #1421868
This patch implements the new ways to get the project's hierarchy:
'subtree_as_ids': If True, returns projects IDs down the hierarchy
as a structured dictionay.
'parents_as_ids': If True, returns projects IDs up the hierarchy
as a structured dictionay.
Change-Id: Ia3afe994893dfca059cb8361f7ab1c14e28e1ad5
Implements: blueprint hierarchical-multitenancy-improvements
If the same service_type was mentioned in the catalog more than once
then only the last entry would be parsed and any possible other matches
would be lost.
This was something that novaclient used to do, and as we are pushing
sessions as the way that clients should all work we need to maintain
that compatibility.
Change-Id: I6964515ed1975bce1998897abfc02a1ec36e2584
Closes-Bug: #1425766
Some non-abstract methods only have docstring with no content,
this just add a default content to those function.
Change-Id: Idcf5b9f6ed766d3bc1541e158bdd8e58b06223e2
Setup test runners to run unit tests by default and add a stub
functional test that we can get gating.
Change-Id: I6627925ab63340c880adc7c938a0b74faff47bc7
Implements: bp functional-testing
Operations could fail if the response was logged and had a 'token'
field that's not a dict. The fix is to ignore all errors when
trying to remove the service catalog from the response.
Also, enhanced the service catalog removal code to support V2
tokens.
Closes-Bug: 1420080
Change-Id: I35b971415744825e8e5f00f30dcf193d04ee699a
Keystone v3 and v2 have different keywords in endpoint
dictionary. This patch adds ability for keystone client for correct
work with old and new API.
Change-Id: I886b4c7ac3cbe08ac1b88f490e9ca92a90256961
Closes-Bug: #1364463
Move all the existing tests to the unit/ subdirectory. This gives us
some room to add a functional/ directory later with other tests.
Change-Id: I0fb8d5b628eb8ee1f35f05f42d0c0ac9f285e8c3
Implements: functional-testing
This is a utility function that is used for reducing the amount of data
that is logged. It shouldn't be a public function.
I think there is very little risk from this in terms of compatibility as
it was only added recently.
Change-Id: I003e9f11be478b1282ea9cf179f2dd13e1672a80
Morgan Fainberg