The oauth2_mtls_token filter has been added for accepting or denying
incoming requests containing OAuth 2.0 certificate-bound access
tokens that are obtained from keystone identity server by users
through their OAuth 2.0 credentials and Mutual-TLS certificates.
Co-Authored-By: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp>
Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614
Change-Id: I49127d845954ad6eab39e6e6305948ef0e4ed7b5
Implements: blueprint support-oauth2-mtls
The oauth2_token filter has been added for accepting or denying
incoming requests containing OAuth2.0 client credentials access tokens
that are obtained from keystone identity server by users through their
application credentials.
Change-Id: I15e438681749ed2c2666804a9efd8d4712a7b01c
Since setuptools v54.1.0[1], the parmeters with dash have been
deprecated in favor of the new parameters with underscore.
This change updates the parameters accordingly to avoid the warnings
like the example below.
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: Id43f253899b5af1f40a41d7fff1f78c316b31367
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Add release notes and update the python
classifier for the same.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Co-Authored-By: Ghanshyam Mann <gmann@ghanshyammann.com>
Change-Id: I0b6a6b22ce7e9e2de4cf7eadd87699d7b26cdda6
Python 2 support was removed during Ussuri cycle. This change adds
the classifier to clearly state that only Python 3 is supported.
Change-Id: I4bfe0bd6eaed2c5edeef00de4c5f9830ceaee71b
... so that each service using the audit middleware can include these
parameters in .conf file generated by oslo-config-generator by adding
that entrypoint to the command.
Closes-Bug: #1939632
Change-Id: Ied954c633570c51af9504514ffed18e12de8caac
These translation sections are not needed anymore, Babel can
generate translation files without them.
Change-Id: I50b3b5feef4b5e78e9f920bc20bbaf75db70b787
Python 3.5 was the target runtime for the Rocky release.
The current target py3 runtime for Stein is Python 3.6,
so there is no reason to keep testing against the older version. Also
correct setup.cfg and tox.ini to reflect the current supported Python
versions.
https://governance.openstack.org/tc/reference/runtimes/stein.html#python-runtime-for-stein
Change-Id: I7304a04870bd5a41ae593d543291a25d73cabe60
This change adds the "warning-is-error" setting
to setup.cfg in order to enforce strict doc validation which
will cause the build to fail if any warnings are thrown.
This also removes the redundant loading of the todo plugin
warning that shows up while running 'tox -e docs' with
'warning-is-error' enabled.
Change-Id: I33c110073feec7dd38ab75981d6f97c654852f37
There was an old comment left regarding this bug:
https://bugs.launchpad.net/pbr/+bug/1260495
which was fixed over a year ago but left over.
This change removes the comment and related extension
and adds the referenced pbr setting.
Change-Id: Ib334c136835a9b5b43cabe13b9616cce45e578e0
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: I8521461203fe40e4576f4de7cfb500bd64027d6d
Now that there exists only a gate job for Python 3.5 and not 3.4,
we should remove those references to the 3.4 that is untested.
Change-Id: I77626618b9c8a61017df3e28c10a779a54422080
The intent of providing the list_auth_token_opts function was to provide
the oslo_config sample config file generator a list of options to
include in its sample files. However, services like zaqar have come to
rely on the list_auth_token_opts to list all the options that may be
consumed by auth_token middleware so that they can register them against
a non-global oslo_config object.
By removing deprecated options from the list_auth_token_opts we remove
these options from the config objects that the services use, however by
keeping them we will forever have deprecated options in sample config
files.
To split these two functionalities create a new function that lists the
options available for sample config files and update the entrypoint to
reflect this. This function is currently private because it should only
need to be accessed via entrypoint. The old deprecated options are then
added back to the original list_auth_token_opts function.
Closes-Bug: #1533932
Change-Id: I2aae5483c9309ab75985298c8de5b6f24cbc0f0d
Define filter factories so projects can reference them by name
and can take advantage of the python egg instead of referencing
by the direct path.
Change-Id: I555ca5e4ae6bd89775d8ef95940b6915f4cef4da
Closes-Bug: #1505407
The setup.cfg refers to Programming Language of Python 3.3 whereas
jenkins is setup only to test Python 3.4. This patch updates setup.cfg
and removes py33 from tox.ini.
TrivialFix
Change-Id: I6e4b01bf4997a99fd0ac0c2602d87321c076d2ad
Since it is not supported to run very modern Keystonemiddleware
with much older services, py26 is no longer needed for Kyestonemiddleware.
This will allow us to cleanup the test-requires and other py26-specific
requirements from the project.
Depends-On: I316d3ec56ade662cb5deeca0d3d48230c878f35d
Change-Id: If4bbac7b5d14107037591e8916170841e17d0ef1
Keystonemiddleware is pure python and is version agnostic.
It should be marked as a universal wheel as it can be installed
anywhere by pip (see the documentation on python packaging and
wheels). This mirrors python-keystoneclient's marking as a
universal wheel (as most of the code in keystonemiddleware
originated from python-keystoneclient).
Change-Id: I3e25578e6fc7a30b5eb7544d85a7ef39e711bd34
Register a 'keystonemiddleware.auth_token' entry point in the
oslo.config.opts namespace which, when called, returns a list of the
configuration options which may be registered by the project at runtime.
The idea here is that the sample config file generator can query this
and include the returned options in the sample config file of any
applications which use the middleware, e.g. currently the options
were listed in 'keystone_authtoken' section for those major projects.
Related-Change-Id: I15686708fc9460948a58cfea3d18dae40ba1fda9
Related-Change-Id: Ic28351258652d2ea38974e2f4d1aa6b1d3dd7192
Related-Change-Id: I76043b08e2872867e5af2a5ac902e4d092fda5c8
Related-Bug: #1300546
Change-Id: Iae31856d5886ee78786972d80c7c103c3460a2b3
Signed-off-by: Zhi Yan Liu <zhiyanl@cn.ibm.com>
sunyonggen