This client hasn't been compatible with Python 2 in years,
so there is no point depending on a Python 2/Python 3
compatibility library.
Change-Id: I6979fcf0f92408751d9c3df937c8d4c060cfff54
Added return-request-id-to-caller function to resources and resource
managers in the following files.
* keystoneclient/v3/projects.py
* keystoneclient/v3/registered_limits.py
* keystoneclient/v3/roles.py
* keystoneclient/v3/limits.py
* keystoneclient/v3/contrib/federation/saml.py
Also made changes in base.py for _put() method so that if
include_metadata is True, the response data should include request_id
instead of returning None as response.
Change-Id: Ifc0ec9a9d666cccfee3b08ac61596a3692307f23
Implements: blueprint return-request-id-to-caller
This change is required to return 'request_id' from client
to log request_id mappings of cross-project requests.
Instantiating class 'keystoneclient.v3.client.Client' using
'include_metadata=True' will cause manager response to return
a new 'Response' class instead of just the data. This 'Response'
class is going to have additional metadata properties available
like 'request_ids' and the original data will be available as
property 'data' to it.
This change is backward compatible since user has to set a new
parameter 'include_metadata=True' to client in order to get the
request_id returned.
Co-author: Dinesh Bhor <dinesh.bhor@nttdata.com>
Partially Implements: blueprint return-request-id-to-caller
Change-Id: Ibefaa484158ff08bfcacc1e2802d87fc26fd76a5
Adds the client functionality for the following project tag calls:
- Create a project tag on a project
- Check if a project tag exists on a project
- List project tags on a project
- Modify project tags on a project
- Delete a specific project tag on a project
- Delete all project tags on a project
Co-Authored-By: Jess Egler <jess.egler@gmail.com>
Co-Authored-By: Rohan Arora <ra271w@att.com>
Co-Authored-By: Tin Lam <tin@irrational.io>
Partially Implements: bp project-tags
Change-Id: I486b2969ae0aa2638842d842fb8b0955cc086d25
1.As mentioned in [1], we should avoid using six.iteritems to achieve
iterators. We can use dict.items instead, as it will return iterators
in PY3 as well. And dict.items/keys will more readable.
2.In py2, the performance about list should be negligible, see the
link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: I18a6890935ebdbb589269379f21a0dd47d07eb3a
Before, the way filters were passed in would not allow filtering
on the same key.
For example:
keystone.users.list(name__contains='test', name__contains='user')
This fails because of how kwargs handles key/value pairs.
This patch allows using multiple values for the same filter.
Example:
keystone.users.list(name__contains=['test', 'user'])
Specifying the only one filter value is still functional as expected.
Co-Authored-By: Jeffrey Augustine <ja224e@att.com>
Partially-Implements: bp pci-dss-query-password-expired-users
Change-Id: I89cecf7e18974e7860ba0925840d6264168eabcb
It is untested and doesn't work for a while. It also causes a failure
when the method is used by other client or by keystoneclient itself.
Change-Id: Icdd53936a107933e275acd43b5ebe94b8d04bc4b
Closes-Bug: 1637530
Assigments replaced with argument assigment: endpoints.py, service_catalog.py
Note added: 'original_ip' value is never used: session.py
Refactor 'find()' method to increase readability: base.py
Change-Id: I469331b123fdf03e9e7c5d93e1c95da57d30fbbe
It's possible to set and get custom attributes through the API, and
it's also possible to use any Unicode strings, not only ASCII range.
It works perfectly fine when accessing the API directly using
e.g. curl.
However, keystoneclient stumbles on the non-ascii keys because
it tries to set this as an attribute for the resource class and fails
because Python 2.7 does not support non-ascii identifiers:
https://docs.python.org/2.7/reference/lexical_analysis.html#identifiers
So change the logic to skip setting non-ascii attributes; they are still
available in the dict representation.
Closes-Bug: #1626403
Change-Id: I267188cdb1d303e3d0fb6bd3229b606f4fe9b2d8
As keystoneclient and other services rely more on keystoneauth we should
assume that keystoneauth is our base auth library, not keystoneclient
and start to default to the objects provided from there. This will make
it easier to remove these objects when the time comes.
For the session independant parts of keystoneclient we should use the
exception names as provided by keystoneauth instead of the aliases in
keystoneclient.
Change-Id: Ic513046f8398a76c244e145d6cc3117cdf6bb4cd
As keystoneclient and other services rely more on keystoneauth we should
assume that keystoneauth is our base auth library, not keystoneclient
and start to default to the objects provided from there. This will make
it easier to remove these objects when the time comes.
Use the AUTH_INTERFACE special object from keystoneauth in most places.
This uses it everywhere that is actually session independant. For
example it is not changed within the keystoneclient auth plugins
themselves as they are directly compatible with keystoneauth.
Change-Id: Ibc1224fca98c852106feb78c624b0b2f22b3a19d
In Python 3 __ne__ by default delegates to __eq__ and inverts the
result, but in Python 2 they urge you to define __ne__ when you
define __eq__ for it to work properly [1].There are no implied
relationships among the comparison operators. The truth of x==y
does not imply that x!=y is false. Accordingly, when defining
__eq__(), one should also define __ne__() so that the operators
will behave as expected.
[1]https://docs.python.org/2/reference/datamodel.html#object.__ne__
Also fixes spelling errors:resoruces.
Change-Id: Iae4ce0fe84fae810711cc8c3fdb94eb9ca1d772e
Closes-Bug: #1586268
Currently tox ignores D105.
D105: Missing docstring in magic method.
This change removes it and make keystoneclient docstring compliant with it.
Change-Id: I34dfc164891880425f542f8f8aa3426ec8640c96
Currently tox ignores D200.
D200: One-line docstring should fit on one line with quotes.
This change removes D200 ignore in tox and fix violations.
Change-Id: Icbf8cc1d4f1c00daeedeffe4397369f9e468b191
Currently tox ignores D204, D205, and D207.
D204: 1 blank required after class docstring.
D205: Blank line required between one-line summary and description.
D207: Docstring is under-indented.
This change removes D204, D205, and D207 ignores in tox and fix violations.
Change-Id: Id20d216fbd7647d468859b960088aac61c582d9b
Currently tox ignores D401.
401: First line should be in imperative mood.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: If34ff12d18390b357342cf29f2d116dd3c86a44d
Removing old configuration options for build-in defaults of latest
bandit functionality. Also, marking flagged items with _# nosec_
with a descriptive comment on why the code is acceptable as is.
Co-Authored-By: Christopher J Schaefer <cjschaef@us.ibm.com>
Co-Authored-By: Tom Cocozzello <tjcocozz@us.ibm.com>
Change-Id: I138ebd46a8be195177361a9c3306bb70423b639d
Create a custom list with flag `truncated` to support corresponding
response from the identity service.
This is wanted by Horizon, that wants to know that the list returned
from keystone is not full and that more strict filters need to be
applied.
The previous attempt in commit c28d40814962b3a8ccb81e5e7d7f832c8f0a3c9a
was reverted by d20b300589863bcf165945beb129ebcc3621a14f because it
broke other code. This commit changes the way the flag is added and
verifies that existing code will not break.
Change-Id: Ia86cfd91110adae6d7ab86ff1f152a8f9be27837
Closes-Bug: 1520244
This reverts commit c28d40814962b3a8ccb81e5e7d7f832c8f0a3c9a.
This is causing stable keystone to fail. keystone has tests
that verify that the returned value of the list
operation == [], which fails since the return value is now
an object and not a list.
Change-Id: Ieb143574271b991d3e19e864497073fbedf46bcb
Previously, there were a string of commits to keystone that addresed ignored
hacking checks. This commit does the same for H405 in keystoneclient. This
also modifies our tox.ini so that we no longer ignore H405 violations.
Change-Id: I2af152e5425a0e9c82314039fdbb90d661c22680
Closes-Bug: 1482773
This method says it's deprecated but it's an internal method, so
there's no need to deprecate it, just remove it.
Change-Id: I916b4a5c9dc2320a4bff7f966fd0c7d5a4957ff9
Wrap a list of objects into custom class with additional attributes.
This is wanted by Horizon, that wants to know that the list returned
from keystone is not full and that more strict filters need to be
applied.
Change-Id: Icfabfd055aed1648dc4130b03ec3dbf9bad4e45a
Closes-Bug: 1520244
The __eq__ of apiclient.base.Resource will return True,
if the two objects have same id, even if they have different
other attributes value. The behavior is weird and don't
match the semantics of object equal. The objects that have
different value should be different objects.
Fix this issue and add some test cases in this patch.
Change-Id: I1565c6e66d6dd6cf7bd2b7e8526157190deb45de
Closes-Bug: #1499369
abstractmethod bodies aren't going to be called by unit tests, so
there's no way to get coverage. The code in an abstractmethod body
should be marked with "# pragma: no cover" so that they don't show
up as missed in the coverage report.
Change-Id: I88a7481ab22f2ce1abfd62badc5f5048acc6929f
keystoneclient is using apiclient.base and in order to properly
deprecate and eventually get rid of apiclient we need to move the
symbols that keystoneclient uses out of apiclient.
This change moves apiclient.base.Resource into keystoneclient.base
by merging apiclient.base.Resource into the existing
keystoneclient.base.Resource. apiclient.base.Resource is now
renaming keystoneclient.base.Resource for backwards-compatibility.
Change-Id: Id479711b7c9437aaf171def6976aab8b303ec56d
base.Manager's api property wasn't properly deprecated since all it
had was documentation. Proper deprecation requires use of warnings
and documentation.
bp deprecations
Change-Id: Ic5e218151e9b3f3b66f78729052680691d5ad582
This use case isn't covered by our current APIs:
GET /entities?id={entity_id}
Because we have a dedicated API for that:
GET /entities/{entity_id}
But our list() methods generally support **kwargs, which are passed as
query parameters to keystone. When an 'id' is passed to keystone as a
query parameter, keystone rightly ignores it and returns an unfiltered
collection.
This change raises a client-side TypeError (as you'd expect when you try
to pass a keyword argument that a function isn't expecting), and
includes a helpful suggestion to try calling get() instead.
Change-Id: I100b69bbf571ad6de49ccc5ad1099c20b877d13d
Closes-Bug: 1452298
This patch allows the user to perform the
following API calls through the
python-keystoneclient:
Assign role to user on projects owned by a domain:
PUT /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
List user's inherited project roles on a domain:
GET /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
Check if user has an inherited project role on domain:
HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revoke an inherited project role from user on domain:
DELETE /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
These same operations regarding groups instead of users are also available.
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Co-Authored-By: Samuel Medeiros <samuel@lsd.ufcg.edu.br>
Change-Id: I877168e3922cdd19868d508ef9fc34d0c7e7abcb
Closes-bug: 1367866
This patch implements the new ways to get the project's hierarchy:
'subtree_as_ids': If True, returns projects IDs down the hierarchy
as a structured dictionay.
'parents_as_ids': If True, returns projects IDs up the hierarchy
as a structured dictionay.
Change-Id: Ia3afe994893dfca059cb8361f7ab1c14e28e1ad5
Implements: blueprint hierarchical-multitenancy-improvements
When the docs are rendered to HTML, any docs on __init__ are not
displayed. The parameters to the constructor have to be documented on
the class rather than on the __init__ method.
Also, corrected other minor issues in the same areas.
Change-Id: Ic56da33f6b99fe5efb636c289e3c4e1569f0c84c
Apart from making keystoneclient follow the same patterns of using an
adapter that we are trying to push onto other clients this severs the
cyclical dependency between managers and the client object.
There are a few changes that have had to be rolled into one to make the
transition work. These can't be separated unfortunately as they are
interdependent.
* managers are now passed the adapter instead of the client. They
therefore don't have reference to the other managers on the client.
* The adapter has been subclassed to provide user_id as there are some
managers that require user_id be provided for changing passwords etc.
* client.auth_url has been replaced with a call to get_endpoint which is
supported by the adapter.
* management=True has been removed from all the managers and they now
correctly set the interface they want.
Change-Id: I49fbd50571f0c1484e1cbc3dcb2159d25b21b1bc
Keystoneclient didn't provide translated messages. With this
change, the messages are marked for translation.
DocImpact
Implements: blueprint keystoneclient-i18n
Change-Id: I85263a71671a1dffed524185266e6bb7ae559630
Creating a client with a session using an Unscoped tokens now sets auth
info in client. This Auth Info is necessary in order to enumerate
projects. This is the standard login path for Horizon.
Change-Id: I688a27cd0e7c98e7cf899ac65bb593a85171813f
Add the ability to turn off logging from the session object and then
handle logging of auth requests within their own sections. This is a
very simplistic ability to completely disable logging. Logging more
filtered debugging can be added later.
This new ability is utilized in this patch to prevent logging of
requests that include passwords. This covers authenticate, password
change, and user update requests that include passwords.
SecurityImpact
Change-Id: I3dabb94ab047e86b8730e73416c1a1c333688489
Closes-Bug: #1004114
Closes-Bug: #1327019
Resource managers may need to pass certain overrides down to the session
layer. The most common example would be to allow them to specify a
different interface to issue a request to than is common. It is possible
later that we may wish to expose this ability to users as well so that
they can choose in there own programs what interface, endpoint name etc
a particular request should be issued to.
Change-Id: I7ee0931d4ea78cf9f463b2f0b54457226c5bea8d
Most methods of Resource class from keystoneclient are similar to methods
from common code.
In the process of unification of the clients code we should
reuse common functionality from Oslo.
Related to blueprint common-client-library-2
Change-Id: I5858eec1596a6921dcf49dfcefb7abd4387de73b
We don't need vim modelines in each source file, it can be set in
user's vimrc.
Change-Id: Ic7a61430a0a320ce6b0c4518d9f5d988e35f8aae
Closes-Bug: #1229324
