We should not try loading keyrings if we dont' have to. We
certainly should not print messages if keyrings are not even
needed
Fix for LP# 1145071
Change-Id: I700a2b40620359f6f1fbe03c6a6239d162ddea61
The requests module dropped all configuration with the 1.0.0 release.
There's no danger_mode and no 'verbose'' mode. The former
shouldn't be necessary anymore and the latter can be done by setting
a different log handler for the request.logging root logger.
Change-Id: I41bfaf2574f6d7fc21f86e0124ceae7df6481eee
Signed-off-by: Chuck Short <chuck.short@canonical.com>
This implements handling of token expiration. Once the token is expired,
this will request automatically for a new one.
A special case is introduced if the user specified a token when the client
is initialized: this is the auth_token_from_user. In this case, we can't
know the expiration date, so we just assume it will never expire and don't
handle it ourself.
Change-Id: I3771ff5d669da015d4aa259de422c5d81aed3eb4
Signed-off-by: Julien Danjou <julien@danjou.info>
body (string rep) is at 'data' in the kwargs dict. 'body' was deleted prior to this call.
Change-Id: Ieea3d11f5246ee785e41df3bc54ac61200808354
Fixes: bug #1104313
- There's no need to call parent init function since that's the default
behaviour.
- The token attribute is nor used nor updated anywhere.
Change-Id: Ib0b2729a396a2d761931ce0e178c49c49814eb21
Signed-off-by: Julien Danjou <julien@danjou.info>
Add a new cli argument (--timeout) which
is by default 600 seconds which will be
set in the requests library so that timeouts
can occur correctly.
Change-Id: I845c55dfb6f6b8345663ccdb5b150a2655f20026
* Implement correct certificate verification
* Add requests to tools/pip-requires
* Fix OS_CACERT env var help text
* Add info to README
* Rework tests to use requests
Pinned requests module to < 1.0 as 1.0.2 is now current in pipi
as of 17Dec2012.
Change-Id: I120d2c12d6f20ebe2fd7182ec8988cc73f623b80
Updates keystoneclient so that it uses a print statement to
stderr instead of a logger.warn if stderr is a tty.
This works around problems caused by the fact that logging isn't always
initialized when this module import runs (and fails) thus causing:
No handlers could be found for logger "keystoneclient.client"
instead of the intended log message.
Fixes LP Bug #1090396
Change-Id: I94e2c45eec14edfe3c2f356af6907aa827808a13
Updates the use_keyring option for the Keystone Client class
to default to False by default. This provides for a much
easier upgrade path the the most recent keystone-client code
and is backwards compatible with the previous release.
This does not change the default of the no_cache keystone CLI
which will still enable use_keyring by default.
Fixes LP Bug #1087434.
Change-Id: Iaafadde660b0542a9c0a9c1bb742cb369b523a68
User can optionally turn off keyring by specifying the --no-cache option.
It can also be disabled with environment variable OS-NO-CACHE.
Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
bug 1078589
* allow client values to be overridden, but use auth_ref if none
available
* added tests to match this flow
* refactored tokens into test_fixtures.py file
Change-Id: I771a2dee6dedf31d883417d9b4e6e64bbb620f14
blueprint solidify-python-api
* extended and updated documentation strings
* updated README.rst with latest options
* made debug a pass-through value, optionally set on client (instead of
just being pulled from environment variable)
* adding AccessInfo object and associated tests
(access.AccessInfo meant to be a cacheable object external to client
and ultimately to replace service_catalog and it's existing functionality)
* extending authtoken to support lists of endpoints
* maintaining a single entity for client.management_url with first from
list of possible endpoints
* create project_name and project_id synonyms to match tenant_name and
tenant_id
* replacing authenticate call to a pure method, not overloading the
resource/manager path that confuses base URL concepts.
* throw AuthorizationFailure if client attempts to access keystone
resources before it has a management url
* special case listing tenant using auth_url for unscoped tokens authorized
through client
* special case listing tokens.authenticate for Dashboard to allow unscoped
tokens to hand back parity information to dashboard
Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
Formally, OpenStack Keystone implements the OpenStack Identity API, and
this is a client to the API, not to Keystone itself.
Change-Id: If568866221a29ba041f0f2cd56dc81deeb9ebc00
The original IP is useful in cases where keystoneclient is used by a
different openstack component and we need to know who made the original
request. Otherwise it gets overwritten by e.g. Dashboard's host's IP.
bug 1046837
Change-Id: Ic22c565e92010afd89c8573c375919215b70d73d
This patch moves the json.loads(body) call in the
HTTP response handling to after the check for non-
200-300 return codes. This gets rid of the
ValueError exception raise when you hit, for instance,
a 400 or 404.
Also changes a number of logger.exception() calls to
logger.debug() calls, since some exceptions are expected
and should not be logged as exceptions per-se.
fixes LP bug#1067512
Change-Id: If66fb1846ddc19da5bc2f15c6e0dd09019a56932
Allows to ignore validation errors that typically occur with self-signed
SSL certificates. Making this explicit is important as one would
typically only use this in development or in-house deployments.
This should also fix bug 1012591.
Change-Id: I1210fafc9257648c902176fbcfae9d47e47fc557
2-way SSL. See also https://review.openstack.org/#/c/7706/ for the
corresponding review for the 2-way SSL addition to Keystone.
Change-Id: If0cb46a43d663687396d93604a7139d85a4e7114
* allows skipping of service catalog
* removes odd logic about password equivalence
* also removes extra call to authenticate
Change-Id: I5c0979107da99593b4ce8eb16c9695ba530da095
Remove os_ from internal variable names corresponding to OS_ env
variables.
Strip trailing '/' from --auth_url since server doesn't seem to
tolerate '//' in the URL path.
Fixes lp923920
Change-Id: I3e48441d63b6504fd088aa07241f66d63590d935
