The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Change-Id: Ic161a8f88c28d88898863e5b9d9380016fbb0d08
This change removes the unused "warnerrors" setting that
was part of [pbr], which was replaced by "warning-is-error"
in sphinx 1.5 and above[0]. This also fixes any warnings
and errors that came up when running `tox -edocs` using
this new feature:
- Specified correct instance of 'List'
This change also adds the "warning-is-error" setting
to setup.cfg in order to allow for strict doc validation
which will cause doc building to fail if any warnings
are thrown.
[0] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113085.html
Change-Id: I8111193e5a1ae7d063ab4cc37186aea1299964a4
Currently tox ignores D204, D205, and D207.
D204: 1 blank required after class docstring.
D205: Blank line required between one-line summary and description.
D207: Docstring is under-indented.
This change removes D204, D205, and D207 ignores in tox and fix violations.
Change-Id: Id20d216fbd7647d468859b960088aac61c582d9b
Currently tox ignores D401.
401: First line should be in imperative mood.
This change removes it and make keystoneclient docstrings compliant with it.
Change-Id: If34ff12d18390b357342cf29f2d116dd3c86a44d
To allow people to use a keystoneauth session with keystoneclient we
need to make it so that any exceptions that keystoneclient catch are the
same as what keystoneauth might throw.
The only practical way to do this is to map the keystoneclient
exceptions onto the keystoneauth equivalents. This is fairly easy as all
these exceptions were extracted from keystoneclient initially.
Closes-Bug: #1515048
Change-Id: I3b74b0ba1e1f9dda937a2d90e2d75ff0b7597a9b
The mapping for ConnectionError to ConnectionRefused have been
remove in a recent cleanup to move all exception to
keystoneclient.exceptions
related commit: 26534dadb1d0be00b87b632a038839ab1c18cfe4
Adding the mapping back for backward compatability.
Change-Id: I6f4627b9cd68615b509d17910fe2c1605e89fc26
Closes-Bug: #1492600
Applications are using exceptions out of
keystoneclient.openstack.common.apiclient.exceptions so it's part
of the public interface. But since it's from oslo-incubator it's
not considered stable. Since keystoneclient is all stable this
creates bad situation.
With this change, all the symbols out of apiclient.exceptions are
moved into keystoneclient.exceptions rather than the other way
around (keystoneclient.exceptions used to re-export all of
apiclient.exceptions). Now we're in control of the
apiclient.exceptions and keystoneclient.exceptions that
applications are using.
Closes-Bug: 1481806
Change-Id: Ib3afa86b9d276f6a45d1ecd6f9157ee02ec8570d
To allow authentication plugins such as using client certificates or
doing kerberos authentication with every request we need a way for the
plugins to manipulate the send parameters.
Change-Id: Ib9e81773ab988ea05869bc27097d2b25e963e59c
Blueprint: generic-plugins
This patch implements the new ways to get the project's hierarchy:
'subtree_as_ids': If True, returns projects IDs down the hierarchy
as a structured dictionay.
'parents_as_ids': If True, returns projects IDs up the hierarchy
as a structured dictionay.
Change-Id: Ia3afe994893dfca059cb8361f7ab1c14e28e1ad5
Implements: blueprint hierarchical-multitenancy-improvements
If you want to handle a NoMatchingPlugin exception rather than simply
exit then the name of the missing plugin is generally more useful than
the message.
The exception is specific enough that you can know what went wrong, but
you cannot determine the name of the missing plugin if you want to do
your own logging - only use the message that is generated.
We should keep the message but expose the plugin name as well.
Closes-Bug: #1410391
Change-Id: Ic93ec6583b8d7797529d36d63995ef0d8db754f1
Keystoneclient didn't provide translated messages. With this
change, the messages are marked for translation.
DocImpact
Implements: blueprint keystoneclient-i18n
Change-Id: I85263a71671a1dffed524185266e6bb7ae559630
The use of "#flake8: noqa" disables hacking checks for the entire
file. Switched to use of "# noqa" and fixed hacking problems.
Change-Id: I18785fb18bdce88e61e2451960e55aed0863c285
The argument to the :raises: directive is the class name. If the
class name is a valid reference it's rendered as a link to the
class. This change cleans up the :raises: directives to use the
reference correctly and use a valid class reference.
Change-Id: I84188b60de0ab4c6b5b2fb5a203c43bfde094707
This patch adds role assignments list support
to keystoneclient.
Created RoleAssignment resource and RoleAssignmentManager
classes. RoleAssignmentManager only implements the list()
method, the other inherited methods from base.CrudManager
raises a MethodNotImplemented error with customized messages.
This bp is complimented with the OSC part:
https://blueprints.launchpad.net/python-openstackclient/+spec/roles-assignment-list
Change-Id: I164b58b67ff42320238e943ddfa9d0a8aadd0a6d
Implements: blueprint roles-assignment-support
Closes-Bug: #1246310
Allows for a new form of document signature.
pkiz_sign will take data and encode it in a string that starts with
the substring "PKIZ_". This prefix indicates that the data has been:
1) Signed via PKI in Crypto Message Syntax (CMS) in binary (DER) format
2) Compressed using zlib (comparable to gzip)
3) urlsafe-base64 decoded
This process is reversed to validate the data.
middleware/auth_token.py will be capable of validating Keystone
tokens that are marshalled in the new format. The current existing
"PKI" tokens will continue to be identified with "MII", issued by
default, and validated as well. It will require corresponding changes
on the Keystone server to issue the new token format.
A separate script for generating the sample
data used in the unit tests,
examples/pki/gen_cmsz.py,
also serves as an example of how to
call the API from Python code.
Some of the sample data for the old tests had to be regenerated. A
stray comma in one of the JSON files made for non-parsing JSON.
Blueprint: compress-tokens
Closes-Bug: #1255321
Change-Id: Ia9a66ba3742da0bcd58c4c096b28cc8a66ad6569
There are a number of places where we expect a certain format of
response. If it's not found we often end up raising a KeyError when
accessing data.
Create a new Exception type that is raised when a HTTP response is not
appropriate for parsing and use it within authentication calls.
Closes-Bug: #1307306
Change-Id: I3cf2db07a8e76ee17702130e9efb0edf640d293a
With the move to the apiclient exceptions from oslo the basic HTTP error
class was renamed. This was not reflected in all places in the code.
It was also not picked up by the tests because the apiclient tests
weren't running due to a missing __init__.py file. Because this should
be backwards compatible it was added to the list in exceptions, the
check that this is available is in the (now running) apiclient tests.
Blueprint: common-client-library-2
Change-Id: I307c1083f29e3207cc86aa938043270e5c32b4bb
The exception module in oslo common code and in keystoneclient are similar.
In case of unification openstack clients, we should use modules from Oslo.
Changes of this patch:
- imported exceptions from common code instead of `apiclient.exception`
- added aliases for exceptions which was renamed
(reason: backwards compatibility)
- moved exceptions `EmptyCatalog` from `apiclient.exception` to `exceptions`
- cleaned `apiclient.exception` from duplicated exceptions
- `apiclient.__init__` and `apiclient.exceptions` are kept and labeled as
'deprecated'(reason: backwards compatibility)
bp common-client-library-2
Change-Id: Iedf4e5d753d4278d81751ba0f55fdef3566b56de
Extract the authentication code from a v2 client and move it to a series
of auth plugins. Auth plugins each represent one method of
authenticating with a server and there is a factory method on the base
class to select the appropriate plugin from a group of arguments.
When a v2 client wants to do authentication it will create
a new v2 auth plugin, do the authentication and then take that result
for the client to use.
Change-Id: I4dd7474643ed5c2a3204ea2ec56029f926010c2c
blueprint: auth-plugins
We don't need vim modelines in each source file, it can be set in
user's vimrc.
Change-Id: Ic7a61430a0a320ce6b0c4518d9f5d988e35f8aae
Closes-Bug: #1229324
Provides the framework for creating authentication plugins and using
them from a session object.
To allow this system to co-exist with the original client there is a bit
of a hack. The client object itself is now also an authentication
plugin, that supports the original client pattern. If a client is
created without a session object then that session object uses the
client as it's authentication plugin.
Change-Id: I682c8dcd3705148aaa804a91f4ed48a5b74bdc12
blueprint: auth-plugins
Allow discovery of the API versions a server supports and create an
appropriate client based on this.
Implements: blueprint api-version-discovery
Change-Id: I63e6759889066a784dc47e35152c82e1ead7951d
A wrapper around a number of connection variables. This will be extended
later with principals such as Kerberos authentication and http sessions.
The intent is that this session object will become the basis for all
other client library communications in OpenStack (as keystone wants to
control things like authentication for everybody).
Change-Id: I8ee728c49d554659d7057ebf17d0f8ceea4d7d8e
Part of: blueprint auth-plugins
- Add checking the openssl return code 2, related to following review
https://review.openstack.org/#/c/22716/
- Add support set subprocess to the cms, when we already know which
subprocess to use.
Closes-Bug: #1142574
Change-Id: I3f86e6ca8bb7738f57051ce7f0f5662b20e7a22b
The new apiclient.exceptions hierarchy is more comprehensive
and it covers almost all HTTP error status codes. These
exceptions can be used in novaclient, keystoneclient,
glanceclient, and other client projects thus providing a
single inteface.
Users can have benefit from OpenStack clients raising exceptions
of known classes while now every client has its own classes making
difficult to catch, e.g., NotFound for every client.
Change-Id: Ia7b25880e0ffca3526525a0f0e77c7e77c4f0076
Create a function out of the standard request call that handles common
headers like user agent and logging.
This makes future changes easier to digest.
Change-Id: Ia25f997df64efdce27c8fb815e544922940145c3
The Conflict Exception is added for HTTP error code 409.
However this exception is never raised as this class is not added to
the error_code map and always raises the ClientException whenever a
409 code is returned.
Fixes bug #1168826
Change-Id: I7045eae33533ff603f4aab61ea988264b46f0d09
* Implement correct certificate verification
* Add requests to tools/pip-requires
* Fix OS_CACERT env var help text
* Add info to README
* Rework tests to use requests
Pinned requests module to < 1.0 as 1.0.2 is now current in pipi
as of 17Dec2012.
Change-Id: I120d2c12d6f20ebe2fd7182ec8988cc73f623b80
Cleans up the code around exception handling and logging
when first authenticating (which often returns an unscoped token).
There's no need to be logging an exception on an expected empty
catalog and moreover the except block was a bare "except" which
could mask other errors.
Fixes bug 1070493
Change-Id: I5e791e95ce3f9ab77723a7f4698cb11b169dacfb
Bug: 1028799
No traceback, if service is unavailable; error out gracefully.
* keystoneclient/exceptions.py
ServiceUnavailable: New class to handle 503 status code.
Add the new class to list of handled exceptions.
Change-Id: I39a8ac594ef922d682731a926be26c8b6f648f9d
