HTTPClient's forwarded session and adapter properties weren't
properly deprecated since the deprecations was only mentioned in
the docstring. Proper deprecation requires use of warnings/
debtcollector and documentation.
bp deprecations
Change-Id: Iea76d7bbc3bdeb13f7fdb097f13e007b4dd85c8d
HTTPClient.request and related methods weren't properly
deprecated since they were only mentioned in the docstrings.
Proper deprecation requires use of warnings/debtcollector and
documentation.
Also, fixed places where the deprecated request method was called.
bp deprecations
Change-Id: I0a16933252937ca046793bb6eb2e5cc5da03c9ae
HTTPClient tenant_id and tenant_name properties weren't properly
deprecated since they were only mentioned in the docstring. Proper
deprecation requires use of warnings/debtcollector and
documentation.
bp deprecations
Change-Id: I3c2f87df14bc9f8ffd82b99919fd1048123d0669
HTTPClient() tenant_id and tenant_name parameters weren't properly
deprecated since they were only mentioned in the docstring. Proper
deprecation requires use of warnings/debtcollector and documentation.
Also fixed a bunch of places in the tests where tenant_id and
tenant_name were still being used despite being deprecated.
bp deprecations
Change-Id: I9c4f596b8ff10aede6c417886638a942cb18044c
httpclient.request() wasn't properly deprecated since it was only
mentioned in a comment. Proper deprecation requires use of
warnings/debtcollector and documentation.
bp deprecations
Change-Id: Id35d64a8b2d536c5de90e398b2a7680fa30881d6
The comments for the auth_url and management_url properties say
that they're deprecated and to use the service catalog, but
internal code was using the deprecated function. The
code needs to be changed to use non-deprecated function.
bp deprecations
Change-Id: I6ada821fe305650d22e58a55192332f0f4986537
The docstring for Adapter says that the version is a tuple like
(3,0), but the HttpClient was passing a string like "v3".
Closes-Bug: 1450272
Change-Id: I74b009d68f5601bda3ae92b3c8de1ecef00d8316
This would ideally not be required however when building certain URLs
the current user_id is needed. And when communicating with certain
services we need to have access to the current project id. It seems
better to allow plugins to give up the information if they have it than
do various hacks to try and get it from them.
Change-Id: Ib61b0628702806268be623a9987a922a60b04165
Closes-Bug: #1364724
We can't simply pass through kwargs to the adapter for compatibility
reasons however make sure that we accept the appropriate arguments and
pass them to adapter.
Also add some notes to try and keep them up to date.
Closes-Bug: #1399492
Change-Id: If72295590483bb52fcf5a0d59cf95f3e49ea69c8
When the docs are rendered to HTML, any docs on __init__ are not
displayed. The parameters to the constructor have to be documented on
the class rather than on the __init__ method.
Also, corrected other minor issues in the same areas.
Change-Id: Ic56da33f6b99fe5efb636c289e3c4e1569f0c84c
Apart from making keystoneclient follow the same patterns of using an
adapter that we are trying to push onto other clients this severs the
cyclical dependency between managers and the client object.
There are a few changes that have had to be rolled into one to make the
transition work. These can't be separated unfortunately as they are
interdependent.
* managers are now passed the adapter instead of the client. They
therefore don't have reference to the other managers on the client.
* The adapter has been subclassed to provide user_id as there are some
managers that require user_id be provided for changing passwords etc.
* client.auth_url has been replaced with a call to get_endpoint which is
supported by the adapter.
* management=True has been removed from all the managers and they now
correctly set the interface they want.
Change-Id: I49fbd50571f0c1484e1cbc3dcb2159d25b21b1bc
Keystoneclient didn't provide translated messages. With this
change, the messages are marked for translation.
DocImpact
Implements: blueprint keystoneclient-i18n
Change-Id: I85263a71671a1dffed524185266e6bb7ae559630
If you ask client if there is a service catalog when it is unauthorized
it tries to look up the service catalog on a None object. If the client
is unauthorized it should always return False as there cannot be a
service catalog.
Change-Id: I439f71e548b8230e7ce38d1a0e9d0d8f9b205d77
Closes-Bug: 1239219
The argument to the :raises: directive is the class name. If the
class name is a valid reference it's rendered as a link to the
class. This change cleans up the :raises: directives to use the
reference correctly and use a valid class reference.
Change-Id: I84188b60de0ab4c6b5b2fb5a203c43bfde094707
Left timeutils and strutils in openstack/common since they are used in
openstack/common/apiclient and memorycache.
Change-Id: Idb5f09c159d907dfba84cd1f7501f650318af7d9
Because keystoneclient tries to figure out a management_url in all
contexts, it means that any end-user who uses any python-*client from
OpenStack that is using python-keystoneclient will always get a warning
about not being able to get a management token. This is, however, not
something that they need warning about, since there is no expectation
they'll have one. It's distressing to see it as part of normal
operation.
So just remove the warning.
Change-Id: Ia103a53c09c00fc09cef5fb24be546fc1da0684a
Address some issues that came up because of hacking upgrade.
But ignoring H904 since the slashes are valid, as they are in
comments, not code.
Change-Id: Ie8a94fc71632e4130c2ec663a5c6d3f2042f8263
Closes-Bug: #1328469
The fake session object is to prevent a cyclical dependency between
HTTPClient and the session from leaving hanging session objects around.
This is still necessary if you construct a client the old way however if
you are using the session properly then there is no cyclical dependency
and so we shouldn't prevent people using the connection pooling
advantages of the session.
Related-Bug: #1282089
Change-Id: Ifca2c7ddd95a81af01ee43246ecc8e74abf95602
There are certain requests that will always want to be sent to the
auth_url.
Add a new interface type to the get_endpoint command of the base
identity plugin such that if you ask for the 'auth' interface it will
give you the auth_url.
Implements: blueprint session-auth-endpoint
Change-Id: If653970354b919fdd6e80c061611c3aad129c574
keyring is conditionally imported if available on your platform,
however not all versions of keyring actually work. Specifically
we have global-requirements of >=2.1,!=3.3, so we know those are
the only versions we believe work.
If you are on an older platform, using system installed
python-keyring, python-keystoneclient won't install a new version,
because it's optional, but then will use a terriblely old verison,
which explodes with dbus errors.
The fix is to be more explicit on import.
Change-Id: I040f7b2311d7d5a450b8b12642752ac519b206fa
Closes-Bug: #1242992
If you pass a version number to the endpoint_filter then an identity
plugin will make a request to the URL in the service catalog and find an
appropriate URL for the requested version.
It caches the response to each of the discovery queries so that it
should only query once per URL.
This will only work for applications that create session objects
directly as the legacy model does not use the get_endpoint features of
an identity plugin.
This change showed an inconsistency in the docstrings between discovery
and the usage of discovery so the docstring was fixed.
Blueprint: endpoint-version-query
Change-Id: I277f2f6ad6c8cd44f1a9c06cf07d62bc8f8b383b
Fixed most of the errors reported back from hacking 0.9.2.
Specifically:
- E128 continuation line under-indented for visual indent
- E251 unexpected spaces around keyword / parameter equals
- E265 block comment should start with '# '
- H305 imports not grouped correctly
- H307 like imports should be grouped together
- H402 one line docstring needs punctuation
- H904 Wrap long lines in parentheses instead of a backslash
But opted to ignore the following for now:
- E122: continuation line missing indentation or outdented
- H405: multi line docstring summary not separated with an empty line
Change-Id: Ib8e698d85fd598fa91435538657361a1f695ce89
There are files containing string format arguments inside
logging messages. Using logging function parameters should
be preferred.
Change-Id: Ibd9def4cf111d5dcf15dff64f85a723214a3c14e
Closes-Bug: #1320930
In the future clients will simply pass the service they expect to talk
to and the path. This will prevent every service trying to get their own
base urls from the service catalog individually.
This can later be extended to have the auth plugin actually contact the
URL from the service catalog which will let us have unversioned
endpoints in the catalog handled from a single location.
Change-Id: I80f0b5b1dbb45565fec09d1cb2c0552cfb9a72f5
blueprint: auth-plugin-endpoints
Apply the positional decorator to functions. It has been added as I
think best practice would dictate, though in some places it has been
added in a way that doesn't break existing tests.
Closes-Bug: #1295881
Change-Id: I4f7ddbede4cba4ab79d144ad1f9dc83ea76f204a
We don't need vim modelines in each source file, it can be set in
user's vimrc.
Change-Id: Ic7a61430a0a320ce6b0c4518d9f5d988e35f8aae
Closes-Bug: #1229324
Provides the framework for creating authentication plugins and using
them from a session object.
To allow this system to co-exist with the original client there is a bit
of a hack. The client object itself is now also an authentication
plugin, that supports the original client pattern. If a client is
created without a session object then that session object uses the
client as it's authentication plugin.
Change-Id: I682c8dcd3705148aaa804a91f4ed48a5b74bdc12
blueprint: auth-plugins
Session.construct will create a session based upon the kwargs that used
to be passed to a client __init__ function. This will allow clients an
easy path to providing compatibility with deprecated arguments.
Make use of the function throughout discovery. Discovery was initially
released prior to the session object being completed and was therefore
handled with the same arguments as a client. Instead we should use a
session object so use the conversion function to convert those kwargs
into a session object if one is not provided.
Change-Id: I8dc1e0810ea6ebc6ea648ec37d7881825c566676
When deprecating the use of management_url from service_catalog we
updated the management_url setter for the project scoped token, however
we missed the domain scoped token case.
There is actually nothing we can do here to test this scenario as the
backwards compatibility code that was installed handles this for us and
there is no problem, however we should not be internally relying on
deprecated code.
Change-Id: I59bac4d9d74f2eb8bc6edd40518c7cd5a4fe1343
This patch adjust import items and add missing blank lines acording
to http://docs.openstack.org/developer/hacking/#imports
{{stdlib imports in human alphabetical order}}
\n
{{third-party lib imports in human alphabetical order}}
\n
{{project imports in human alphabetical order}}
\n
\n
{{begin your code}}
hacking project also enforce some checks for import group.
Let make the change in keytoneclient
Change-Id: Ic83bd5ee426905588f4a2d555851a9a01fc69f02
Previously the client assumed that if a user passed a token then this
token should be used for everything. This assumption is correct for the
endpoint/token case but not in the auth_url/token case where you will
want to fetch a new token. This is needed in the case where you want to
use an existing token to fetch a token that is re-scoped or activate a
trust.
There are still problems such as if you use auth_url/token
authentication then when the token expires it will try to refresh it,
but authenticating with a token will not extend the token expiry.
Closes-Bug: #1257541
Change-Id: I1c35600ca5437da44071dcea5361bfb42f6b72a3
Particularly 305 is expected to be handled by the tests so we need to
handle this centrally if we want to have session and non-session clients
to work the same way.
Change-Id: Id4ec35ddd8b8304d24df9e6cd2ab995d123ef125
I think debug handling was initially done this way for CLI handling
where we wanted to make sure only the correct information was printed to
the console. However as logging.basicConfig sets up a stream handler on
the root logging object I can't see any purpose to the debug handling in
the actual HTTPClient. Further than this it is completely wrong that a
client library is messing with it's logging level, this should be handled
by an application.
The debug flag is maintained and deprecated in HTTPClient and removed
from the session object. There has been no release since the addition of
session so there is no problem with compatibility.
Change-Id: Ib00f3d93d099ed1a9dd25f17121610a7289f0061
Region name is taken as a parameter but is ignored in all communication
with the service catalog. Currently region can be stored in the token
data and then requests to url functions will return the appropriate
region. This is the wrong approach because there is nothing specific to
the token (or auth_data) that is region specific. Instead region
information should be held by the client.
Closes-Bug: 1147530
Closes-Bug: 1255992
Change-Id: I812aa89c8b4af28e294e63926a7f88e8246fffc5
A wrapper around a number of connection variables. This will be extended
later with principals such as Kerberos authentication and http sessions.
The intent is that this session object will become the basis for all
other client library communications in OpenStack (as keystone wants to
control things like authentication for everybody).
Change-Id: I8ee728c49d554659d7057ebf17d0f8ceea4d7d8e
Part of: blueprint auth-plugins
