Tox 2.0 stopped passing environment variables from the parent to
the tests, so the functional tests were failing since they rely
on keystone CLI getting the OS_* environment variables.
Change-Id: I4f05379df41a3f6ca24ce8eb6911144a381f058e
The actual attribute returned in object references of the /protocols API
is 'id', as in all other keystone APIs that return objects. The
implementation of new_ref() here doesn't actually include an 'id'
reference though, and goes out of it's way to test the wrong thing. This
patch fix that, eliminates the workarounds, and does a touch of
refactoring to bring these tests in line with tests of other client
managers.
Change-Id: I9a272b3ef91934e780106d89b5091b4bfb87ad29
Closes-Bug: 1453847
The Oslo libraries have moved all of their code out of the 'oslo'
namespace package into per-library packages. The namespace package was
retained during kilo for backwards compatibility, but will be removed by
the liberty-2 milestone. This change removes the use of the namespace
package, replacing it with the new package names.
The patches in the libraries will be put on hold until application
patches have landed, or L2, whichever comes first. At that point, new
versions of the libraries without namespace packages will be released as
a major version update.
Please merge this patch, or an equivalent, before L2 to avoid problems
with those library releases.
Blueprint: remove-namespace-packages
https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages
Change-Id: I387a7a1a817058a4daca313fe6df60612cb84864
Don't build API documentation for the keystoneclient tests.
These are not public functions, pollute the existing docs, and extend
the time required to build docs.
A re-implementation of be1e94f
Change-Id: Ib0e91ebfe4234bc3332b7c3051dba98248312a34
Sync with oslo incubator to remove the oslo namespaced packages. These
will be removed during the liberty cycle.
Blueprint: remove-namespace-packages
Oslo-incubator commit: 691b2c40be88e44d9377be782db813432c572653
Change-Id: Ia267f84ec35d3e282bec69f48024a14350ace896
A temporary fix was added to get around a bug in how pbr handles
its autodoc_tree_index_modules setting. Since this bug is fixed we no
longer need the work around.
Change-Id: Id8274ef5c244bf50a34702ed9b4e50d3b82d8028
Closes-Bug: #1260495
The boolean value of a failed response is False and so the way we
populate the log output does not work when the request failed.
When logging check that a response is not None rather than simply
checking it's boolean value.
Change-Id: I07fb46f156fdf8267fd3d4dc7c587cd604838d73
Closes-Bug: #1451625
with --slowest flag, the slowest unit test cases will be printed,
which is useful to check performance issue.
Change-Id: I282845967877ed9298ca6f7f8bd6699a118fec1a
load_from_argparse_arguments is very specifically for use with argparse.
We can therefore safely prompt for a password from the user if none is
provided and it won't affect config options or other loading mechanisms.
Change-Id: Ib76743b768c5f0eef756184f1da49613423298f0
The docstring for Adapter says that the version is a tuple like
(3,0), but the HttpClient was passing a string like "v3".
Closes-Bug: 1450272
Change-Id: I74b009d68f5601bda3ae92b3c8de1ecef00d8316
The code has been moved to the new keystonemiddleware project and
keystone.middleware was deprecated since Juno. It's time to drop it in
Liberty.
Remove the directory keystoneclient/middleware/.
Remove test_auth_token_middleware.py, test_memcache_crypt.py and
test_s3_token_middleware.py in keystoneclient/tests/unit/.
Remove the create_middleware_cert shell function from
examples/pki/gen_pki.sh. And remove the call from
examples/pki/run_all.sh.
Remove netaddr, pycrypto and WebOb test dependencies, only needed to
test the removed middleware.
DocImpact: The keystoneclient.middleware module has been removed
Closes-Bug: #1449066
Change-Id: I88ddfdb674db1ec9c0fd4f9a62ae8347785ea10c
The service catalog should contain an endpoint id and service id in the
v3 token and an endpoint id in the v2 token.
Change-Id: I8835bcb7c68ae8d0175b6f58a4750cd6e25fd84c
Particular for use in writing error messages and help text it can be
useful to get a list of all the plugins that are installed on the
system. Provide a version that returns the classes as well so that you
don't have to reload the modules if the user is picking one.
Closes-Bug: #1423711
Change-Id: I021249eac8156c2d3ccbbacb7503184b6eb6e784
The "insecure" option was being treated as a bool when it was
actually provided as a string. The fix is to parse the string to
a bool.
Closes-Bug: 1411063
Change-Id: Id674f40532215788675c97a8fdfa91d4420347b3
This should never have been added in a public way. I feel we are ok
making this private as there is no public use i can foresee.
Change-Id: Ib95365a11fa21146d51bea103c7709943aafdae8
The tests didn't pass with requests<2.3 because of the cookies
monkey-patching.
To test this, make sure the requests library in your tox venv is
the right level:
$ .tox/py27/bin/pip install -U "requests<2.3"
Then run the tests.
Closes-Bug: 1442919
Change-Id: Ie93906ba2370dada2386a50ae2137337ccf98f10
MIN_TOKEN_LIFE_SECONDS is the number of seconds that the token provided
must be valid for to be used when making authentication requests. 1
second has always been a dumb number and was not based on any existing
value.
Because a user token may be reused by a service to make requests on
behalf of a user if the token is valid when sent it may not be valid for
the life of the request.
2 minutes is also an arbitrary value, but it should allow plenty of time
for service requests to complete before being rejected.
Closes-Bug: #1441910
Change-Id: I395a0770e72d1ec7904e656ca382a5270f793a8b
This patch allows the user to perform the
following API calls through the
python-keystoneclient:
Assign role to user on projects owned by a domain:
PUT /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
List user's inherited project roles on a domain:
GET /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
Check if user has an inherited project role on domain:
HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revoke an inherited project role from user on domain:
DELETE /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
These same operations regarding groups instead of users are also available.
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Co-Authored-By: Samuel Medeiros <samuel@lsd.ufcg.edu.br>
Change-Id: I877168e3922cdd19868d508ef9fc34d0c7e7abcb
Closes-bug: 1367866
A user should be able to exchange their token for an ECP wrapped
SAML assertion.
implements bp generate-saml-assertions
Change-Id: Ic9c20aebc5cd91650576ad050c09779df54f1d94
A user should be able to exchange their token for a SAML assertion
that is valid on a service provider (the user should must provide
this data).
implements bp generate-saml-assertions
Change-Id: I5cb635929c7f6823ab1e4b1db5e48045be9e0737
The keystone server understands that specifying unscoped in the scope
section of an auth request means that it should ignore the
default_project_id of a user and return an unscoped token.
This is the client side change to allow requesting these tokens via an
auth plugin.
Change-Id: Iba5ebcea0bf0d8e5a31d552977276fc03e536c67
Implements: bp explicit-unscoped
The /auth routes are the preferred mechanism for listing the projects
and domains that the current token can be authenticated to as they
supports both federated and regular tokens.
Expose these routes via the client so that they can be consumed.
Change-Id: I9724a648ebd9d21edf8ffcc64f4cdb897a99101c
We need to allow get_endpoint(interface=auth.AUTH_INTERFACE, version=X)
to support the same version negotiation that the service catalog goes
through. This is required to support generic plugins where you often
provide an unversioned auth_url to the plugin but need a versioned URL
to query for available projects.
Change-Id: Id423a538c169264a81c5714e6a9eff9b33912a55
Closes-Bug: #1438013
The audit_id is now a standard part of the v2 and v3 tokens. Expose it
via AccessInfo so that it is usable for services and middleware.
Change-Id: I14ddcfee5434084ad9da73c384e6f456602fdd2b
Closes-Bug: #1437129
