There are certain requests that will always want to be sent to the
auth_url.
Add a new interface type to the get_endpoint command of the base
identity plugin such that if you ask for the 'auth' interface it will
give you the auth_url.
Implements: blueprint session-auth-endpoint
Change-Id: If653970354b919fdd6e80c061611c3aad129c574
Provide a pattern for auth plugins to load themselves from a config
object. The first user of this will be auth_token middleware however it
is not likely to be the only user.
By doing this in an exportable way we are defining a single config file
format for specifying how to load a plugin for all services. We also
provide a standard way of retrieving a plugins options for loading via
other mechanisms.
Blueprint: standard-client-params
Change-Id: I353b26a1ffc04a20666e76f5bd2f1e6d7c19a22d
Fixed most of the errors reported back from hacking 0.9.2.
Specifically:
- E128 continuation line under-indented for visual indent
- E251 unexpected spaces around keyword / parameter equals
- E265 block comment should start with '# '
- H305 imports not grouped correctly
- H307 like imports should be grouped together
- H402 one line docstring needs punctuation
- H904 Wrap long lines in parentheses instead of a backslash
But opted to ignore the following for now:
- E122: continuation line missing indentation or outdented
- H405: multi line docstring summary not separated with an empty line
Change-Id: Ib8e698d85fd598fa91435538657361a1f695ce89
The catalog was recently enhanced to allow filtering based on the
service_name so this should be passed on to endpoint filtering.
Change-Id: If08fcdba9719f6aacdcbbb6b951117f4f544f9ca
To allow session to re-fetch a token on an Unauthorized call we add an
invalidate method to auth plugins that is expected to flush all the
current authentication data from the plugin such that it will be
refreshed on next request.
This is then used to reissue requests from session when an Unauthorized
is called.
Change-Id: I98fa76fd67e97dc0a8c1ec0bf734792c337b5177
blueprint: keystoneclient-auth-token
In the future clients will simply pass the service they expect to talk
to and the path. This will prevent every service trying to get their own
base urls from the service catalog individually.
This can later be extended to have the auth plugin actually contact the
URL from the service catalog which will let us have unversioned
endpoints in the catalog handled from a single location.
Change-Id: I80f0b5b1dbb45565fec09d1cb2c0552cfb9a72f5
blueprint: auth-plugin-endpoints
We don't need vim modelines in each source file, it can be set in
user's vimrc.
Change-Id: Ic7a61430a0a320ce6b0c4518d9f5d988e35f8aae
Closes-Bug: #1229324
Provides the framework for creating authentication plugins and using
them from a session object.
To allow this system to co-exist with the original client there is a bit
of a hack. The client object itself is now also an authentication
plugin, that supports the original client pattern. If a client is
created without a session object then that session object uses the
client as it's authentication plugin.
Change-Id: I682c8dcd3705148aaa804a91f4ed48a5b74bdc12
blueprint: auth-plugins
