The oauth2_mtls_token filter has been added for accepting or denying
incoming requests containing OAuth 2.0 certificate-bound access
tokens that are obtained from keystone identity server by users
through their OAuth 2.0 credentials and Mutual-TLS certificates.
Co-Authored-By: Hiromu Asahina <firstname.lastname@example.org>
Implements: blueprint support-oauth2-mtls
The oauth2_token filter has been added for accepting or denying
incoming requests containing OAuth2.0 client credentials access tokens
that are obtained from keystone identity server by users through their
Since setuptools v54.1.0, the parmeters with dash have been
deprecated in favor of the new parameters with underscore.
This change updates the parameters accordingly to avoid the warnings
like the example below.
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
In Zed cycle, we have dropped the python 3.6/3.7 testing
and its support. Add release notes and update the python
classifier for the same.
Co-Authored-By: Ghanshyam Mann <email@example.com>
... so that each service using the audit middleware can include these
parameters in .conf file generated by oslo-config-generator by adding
that entrypoint to the command.
This change adds the "warning-is-error" setting
to setup.cfg in order to enforce strict doc validation which
will cause the build to fail if any warnings are thrown.
This also removes the redundant loading of the todo plugin
warning that shows up while running 'tox -e docs' with
There was an old comment left regarding this bug:
which was fixed over a year ago but left over.
This change removes the comment and related extension
and adds the referenced pbr setting.
The intent of providing the list_auth_token_opts function was to provide
the oslo_config sample config file generator a list of options to
include in its sample files. However, services like zaqar have come to
rely on the list_auth_token_opts to list all the options that may be
consumed by auth_token middleware so that they can register them against
a non-global oslo_config object.
By removing deprecated options from the list_auth_token_opts we remove
these options from the config objects that the services use, however by
keeping them we will forever have deprecated options in sample config
To split these two functionalities create a new function that lists the
options available for sample config files and update the entrypoint to
reflect this. This function is currently private because it should only
need to be accessed via entrypoint. The old deprecated options are then
added back to the original list_auth_token_opts function.
Define filter factories so projects can reference them by name
and can take advantage of the python egg instead of referencing
by the direct path.
The setup.cfg refers to Programming Language of Python 3.3 whereas
jenkins is setup only to test Python 3.4. This patch updates setup.cfg
and removes py33 from tox.ini.
Since it is not supported to run very modern Keystonemiddleware
with much older services, py26 is no longer needed for Kyestonemiddleware.
This will allow us to cleanup the test-requires and other py26-specific
requirements from the project.
Keystonemiddleware is pure python and is version agnostic.
It should be marked as a universal wheel as it can be installed
anywhere by pip (see the documentation on python packaging and
wheels). This mirrors python-keystoneclient's marking as a
universal wheel (as most of the code in keystonemiddleware
originated from python-keystoneclient).
Register a 'keystonemiddleware.auth_token' entry point in the
oslo.config.opts namespace which, when called, returns a list of the
configuration options which may be registered by the project at runtime.
The idea here is that the sample config file generator can query this
and include the returned options in the sample config file of any
applications which use the middleware, e.g. currently the options
were listed in 'keystone_authtoken' section for those major projects.
Signed-off-by: Zhi Yan Liu <firstname.lastname@example.org>