| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Replaced `raise nose.exc.SkipTest()` statement to self.skipTest().
Removed unused nose.exc imports.
Fixes bug 1172794
Change-Id: Ieb353864acadef43508d185156c7fa1667baa845
|
|
|
|
|
|
|
|
|
|
| |
Extensions register themselves with keystone/common/extension.py
as either public, admin, or both, and they show up in the extensions
collection on http://<hostname>:<port>/v2.0/extensions/
Bug 1177531
Change-Id: Ic0b5c84e28342e96c3197c1b46f8b1656e2d7050
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there is a mixture of strategies in the v2 and v3 controllers
for how to get the roles assigned for the scope of the requested
authentication. This duplicates code, is hard to maintain and in at
least once case (where your only roles on a project are due to a group
membership) is not actually correct (for v2 tokens).
This change does the following:
- Standardizes on using the 'get_roles_for_user_and_project()', and its
domain equivalent, for how roles are obtained to build a token. This
was already the case for v3 tokens. The controllers no longer need
to get metadata and extract the roles.
- Removes the driver level function to 'authorize_for_project' - this is
now handled wihin the controller. The driver simply supports the user
authentication.
A nice (and planned for) sideffect of the above is that we now hide
the schema of how we store roles within the driver layer - i.e.
nothing outside of the driver (other than any specific-to-implementation
tests) have to know about how roles are stored in the metadata. This paves
the way for a re-implementation of the grant tables in IceHouse.
This change also fills in missing function definitons in the assignment
driver.
Implements bp authenticate-role-rationalization
Change-Id: I75fc7f5f728649d40ab1c696b33bbcd88ea6edee
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The environment module will be configured once, during code initialization.
Subsequently all other possibly-evented modules will retrieve from
environment and transparently obtain either the eventlet or standard
library modules.
If eventlet, httplib, subprocess or other environment dependant module
is referenced outside of the environment module it should be considered
a bug.
The changes to tests are required to ensure that test is imported first
to setup the environment. Hopefully these can all be replaced with an
__init__.py in a post-nose keystone.
Implements: blueprint extract-eventlet
Change-Id: Icacd6f2ee0906ac5d303777c1f87a184f38283bf
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having enabled="true" in json data when updating tenant will produce 500
When updating a project, no type check was performed on the enabled
attribute. Therefore, if enabled value in JSON/XML is not a boolean but
a string, keystone responds with an incorrect Http 500 error code and
the stacktrace.
The change introduces a type validation of the enabled attribute at
identity manager. If the type is not a boolean, keystone now returns an
appropriate Http 400 error code with a message pointing a bad format for
the attribute.
Test cases have been added to file test_backend and test_content_types
for testing the case when enabled attribute is a string or int when
updating project.
Fixes bug #1191384
Change-Id: I86dd7e71d4bac1e3fd6fcabaa1a2136a47722e5f
|
|
|
|
|
|
| |
fixes: bug #1167593
Change-Id: Ie18fa17f16383f31d8aa083e69fa501d80eb4553
|
|
|
|
| |
Change-Id: Iacd2d9e09be4ab3d6a3c5acf4074e4af7e300602
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before this patch auth_token middleware required admin user credentials
stored in assorted config files. With this patch only non-admin user
credentials are needed. The revocation_list and validate_token commands
use an policy.json rule, to only allow these commands if you are in have the
service role.
Rule used:
"service_role": [["role:service"]],
"service_or_admin": [["rule:admin_required"], ["rule:service_role"]],
Added the policy wrapper on the validate functions.
Fixes bug 1153789
Change-Id: I43986e26b16aa5213ad2536a0d07d942bf3dbbbb
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- docstring should not start with a space (flake8 H401)
- one line docstring needs punctuation (flake8 H402)
- multi line docstring end on new line (flake8 H403)
- multi line docstring should start with a summary (flake8 H404)
Change-Id: I69b414395930bda739aa01b785ac619fa8bb7d9b
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The intention is to remain as close as possible to the original
implementation and so leaves a number of easy cleanups and optimisations
until a later patch.
In writing tests their are a number of changes for API tests that are a
result of webob/webtest restrictions:
* response.body is now the string body and response.result is the parsed
dictionary.
* response.status is now a string eg. '200 OK', use
response.status_code to get the integer
* response.getheader no longer exists. response.headers is a dictionary
like object that can be accessed (case independently) with [] or
.get()
Working towards: blueprint extract-eventlet
Change-Id: I393b4bad2fd6eacc0b8ae98fc204d1323014b5e4
|
| |
| |
| |
| |
| |
| |
| |
| | |
Extract the use of assertTrue(len(...)) into a method. The docs for
assertTrue say that it equates to bool(expr) is True and so the format
is correct however it reads inconsistently.
Change-Id: I75acf75f6eaac9b7f92fd452cc60ab0cfd447c7f
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating or updating a user, no type check was performed on the
enabled attribute. Therefore, if enabled value in JSON/XML is not a
boolean buta string or an int, keystone responds with an incorrect
Http 500 error code and the stacktrace.
The change introduces a type validation of the enabled attribute
at backend and api layer. If the type is not a boolean, keystone
now returns an appropriate Http 400 error code with a message
pointing a bad format for the attribute.
Test cases have been added to file test_backend and
test_content_types for testing the case when enabled attribute is a
string or int when creating or updating user.
The same correction can be done for create/update projects, domains.
Change-Id: I7d2fe3acf0c4dbd3ce5bdf9f4d059df085853b84
Fixes: bug #1110435
|
|/
|
|
| |
Change-Id: Ifc8c876760f8402fc3293326972b9286fb1635c9
|
|
|
|
|
|
|
|
|
| |
When serializer xml formatter response need set empty element to "" to
align with JSON formatter.
Fix bug 1168317
Change-Id: I4985791095f43eac88fe42ec16f6a78bbf77ec07
|
|
|
|
| |
Change-Id: Ida82b8e607ba940efdad9e764d26408d3aaae7a8
|
|
|
|
|
|
|
|
| |
Protected against XMLSyntaxError that can occur in from_xml. Return
a validation error (400) instead of an internal server error (500).
Change-Id: Ic5160f4f6c810e96b74dbf9563547ac739a54c5e
Fixes: bug #1101043
|
|
|
|
|
|
| |
This reverts commit d8599dcda06514a9687af3f714e55ff7580af9db.
Change-Id: Iddb881070a91b9761a567a7d3b6d906e228af9f6
|
|
|
|
|
|
|
|
|
| |
Makes the resolution of local imports work
when running individual tests.
Bug 1152326
Change-Id: I72f54bdbb60a6d7acf32bdbdc02d7bce69add84e
|
|
|
|
|
|
|
| |
correct status code from 200 Ok to 201 Created for v3 POST requests.
Fixes: bug #1131119
Change-Id: Iabeb6daf677e0f34defdef5e58d87229fc90346f
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Blueprint trusts
creates a trust. Using a trust, one user (the trustee), can then
create tokens with a subset of another user's (the trustor) roles and
projects.
If the impersonate flag in the trust is set, the token user_id is set
to the trustor's user ID
If the impersonate flag is not set, the token's user_is is set to the
trustee's user ID
check that both trustor and trustee are enabled prior to creating
the trust token.
sql and kvs backends
sql upgrade scripts
unit tests for backends, auth and v3 api
modifications to the trust controller for creating tokens
Authenticates that only user can be trustor in create
Deleting a trust invalidates all tokens created from that trust
Adds the trust id and the id of the trustee to the header of the token
policy rules for trust
This version has a workaround for testing against the KVS version
of the Service catalog
Change-Id: I5745f4d9a4180b59671a143a55ed87019e98ec76
|
|
|
|
| |
Change-Id: I4408b3e6e0752ca75bc36399f5148890820e9a89
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also implemented the following:
blueprint pluggable-identity-authentication-handlers
blueprint stop-ids-in-uris
blueprint multi-factor-authn (just the plumbing)
What's missing?
* domain scoping (will be implemented by Henry?)
Change-Id: I191c0b2cb3367b2a5f8a2dc674c284bb13ea97e3
|
|
|
|
|
|
|
|
|
|
|
| |
add list_projects
mod list_groups, list_domains, get_project_users to match sql response
not adding list_user_projects
fix list_projects to return refs
drop get_projects and get_all_projects
Change-Id: Ifa1433918b8770cd7d59f36f71f2e6b935625ae5
|
|
|
|
|
|
|
| |
git ls-files | misspellings -f -
Source: https://github.com/lyda/misspell-check
Change-Id: Icbd2412aa65bc8135e5dcd83ee69e94f5a42f7a2
|
|
|
|
|
|
| |
return a 400 Bad Request if there are invalid arguments params supplied
Change-Id: I82da8a6db4a2847c8407cd0917b2d71ac9f9ba7a
|
|
|
|
| |
Change-Id: Idfba75f90e38de315ec50e660932beb8243f76f8
|
|
|
|
|
|
| |
Fixes bug 1087405.
Change-Id: I152c7f418a66ccfe541e26efe75b59bffa6c3849
|
|
|
|
| |
Change-Id: I8301043965e08ffdec63441e612628d9a60876b7
|
|
|
|
|
|
|
|
|
|
|
| |
* /v2.0/tenants?name=<tenant_name>
* /v2.0/user?name=<user_name>
* added get_tenant_by_name() to tests/test_content_types.py
* added get_user_by_name() to tests/test_content_types.py
bug 1055763
Change-Id: Id30dc853db12e155238fbb39cef6a081284cb86c
|
|
|
|
| |
Change-Id: Ia7dad06ec763994ce0beb171c481ab01c20af6cb
|
|
|
|
| |
Change-Id: Ifed4fc2158e9eb003561620504d2d35e07cdd3bd
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the revocation list into a JSON document and get the Vary header.
This will also allow the revocation list to carry additional
information in the future, to include sufficient information for the
calling application to figure out how to get the certificates it
requires.
Bug 1038309
Change-Id: I4a41cbd8a7352e5b5f951027d6f2063b169bce89
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes bug 1022575
Making change to tests/*py to pass pep8 tests.
pep8 tests started failing following
39b20acc933cb0fdf73075ddb9a9d82665b84b23 update pep8 to 1.3.3
04df79b64e5f2296df03579700535774e158f623 include tests dir in pep8 tests
Change-Id: I2d7dec0a87f1ae9b5f828d7f321b65bf8c06a421
|
|
|
|
|
|
|
|
|
|
|
| |
Implements blueprint use-common-jsonutils
1. Edit openstack-common.conf and import keystone/openstack/common/jsonutils.py
2. Remove json package imports and replace with jsonutils
Client code in vendor/ hasn't been changed
Change-Id: I57c670fde9f2c2241eddab1b012e8d5e6a72deb7
|
|
|
|
|
|
|
| |
* This will allow for chained requests (novaclient -> nova -> cinder)
* Fixes bug 1010237
Change-Id: Iab126cb1f2fb01ca7da24fa9fe97ec81ee96e455
|
|
|
|
| |
Change-Id: I65f25dcca3e265f44746930917434b45e64de15e
|
|
|
|
| |
Change-Id: Ia90f0aa2b856b9a9874d4865fb92ee913e8125c5
|
|
|
|
| |
Change-Id: Ide832cd64c9b285213e23901eaf81946d504e726
|
|
|
|
|
|
| |
* Fixes lp#960218
Change-Id: I6296413c211da92a4d0e07a544ca812d3544cb73
|
|
|
|
| |
Change-Id: Ia36a22f2d6bba411e4fad81ea2d6fa1f0465a733
|
|
|
|
|
|
| |
fixes lp#949554
Change-Id: Ia24dda7e9aa8e075861029dd5edeafd01c9d89c2
|
|
|
|
| |
Change-Id: I3d36290ad95a0440c006e2daff5b831be62957ae
|
|
|
|
|
|
|
|
| |
* removing belongs_to as a kwarg and getting from the context
* adding a serviceCatalog for belongs_to calls to tokens
* adding test to validate belongs_to behavior in tokens
Change-Id: If6f6a7007a6830c57a5ac71aef0090e57a064232
|
|
|
|
| |
Change-Id: Ide2a6073a0a54e017d1fcb8d9065ec6f348e07cd
|
|
|
|
| |
Change-Id: I0db0d64725824fb27cb1f9418203d962f82b00ab
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
Also addresses bug 928045 by returning 204 No Content
for null content bodies.
Change-Id: Icd4b8b5f6c29c074cb014c301fe86cd917f6663e
|
|/
|
|
|
|
|
|
| |
Public & admin specific variations of:
- GET /extensions
- GET /extensions/{extension_alias}
Change-Id: I9f8424667f1a8a10d2a7301d42d60800ba207f3e
|
|
Middleware rewrites incoming XML requests as JSON, and outgoing JSON as
XML, per Accept and Content-Type headers.
Tests assert that core API methods support WADL/XSD specs, and cover
JSON content as well.
Change-Id: I6897971dd745766cbc472fd6e5346b1b34d933b0
|