Merge lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru into lp:ubuntu/precise-updates/keystone
- Precise (12.04)
- essex-sru
- Merge into precise-updates
Status: | Superseded | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Proposed branch: | lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru | ||||||||||||||||||||
Merge into: | lp:ubuntu/precise-updates/keystone | ||||||||||||||||||||
Diff against target: |
33638 lines (+30158/-3073) 34 files modified
.pc/applied-patches (+0/-3) .pc/fix-ubuntu-tests.patch/tests/test_keystoneclient.py (+9/-9) .pc/keystone-CVE-2012-3542.patch/keystone/identity/core.py (+0/-625) .pc/keystone-CVE-2012-4413.patch/keystone/identity/core.py (+0/-626) .pc/keystone-CVE-2012-4413.patch/keystone/token/core.py (+0/-107) .pc/keystone-CVE-2012-4413.patch/tests/test_keystoneclient.py (+0/-970) .pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2/core.py (+0/-347) ChangeLog (+29735/-0) PKG-INFO (+10/-0) debian/changelog (+29/-0) debian/keystone.logrotate (+3/-0) debian/patches/fix-ubuntu-tests.patch (+10/-12) debian/patches/keystone-CVE-2012-3542.patch (+0/-18) debian/patches/keystone-CVE-2012-4413.patch (+0/-147) debian/patches/keystone-CVE-2012-5571.patch (+0/-62) debian/patches/series (+0/-3) doc/keystone_compat_flows.sdx (+0/-99) keystone.egg-info/PKG-INFO (+10/-0) keystone.egg-info/SOURCES.txt (+176/-0) keystone.egg-info/dependency_links.txt (+1/-0) keystone.egg-info/not-zip-safe (+1/-0) keystone.egg-info/requires.txt (+11/-0) keystone.egg-info/top_level.txt (+1/-0) keystone/identity/core.py (+4/-4) keystone/token/backends/kvs.py (+13/-8) keystone/token/backends/memcache.py (+31/-1) keystone/token/backends/sql.py (+6/-1) keystone/token/core.py (+11/-5) setup.cfg (+8/-11) setup.py (+1/-1) tests/test_backend.py (+56/-5) tests/test_backend_memcache.py (+29/-6) tests/test_keystoneclient.py (+1/-1) tools/pip-requires (+2/-2) |
||||||||||||||||||||
To merge this branch: | bzr merge lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru | ||||||||||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
James Page | Needs Fixing | ||
Review via email: mp+140402@code.launchpad.net |
This proposal has been superseded by a proposal from 2012-12-18.
Commit message
Description of the change
- 30. By Yolanda Robla
-
fixing typo in changelog
Unmerged revisions
- 30. By Yolanda Robla
-
fixing typo in changelog
- 29. By Yolanda Robla
-
[ Chuck Short ]
* debian/keystone. logrotate: Compress log file when rotated. (LP: #1049309) [ Yolanda Robla Mota ]
* Resynchronize with stable/essex (c17a9992):
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (CVE-2012-5571)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(CVE-2012-3542)* Dropped, superseeded by new snapshot:
- debian/patches/ CVE-2012- 4413.patch [58ac669]
- debian/patches/ CVE-2012- 5571.patch [8735009]
- debian/patches/ CVE-2012- 3542.patch [5438d3b]
Preview Diff
1 | === modified file '.pc/applied-patches' |
2 | --- .pc/applied-patches 2012-11-26 14:07:34 +0000 |
3 | +++ .pc/applied-patches 2012-12-18 13:48:25 +0000 |
4 | @@ -1,5 +1,2 @@ |
5 | fix-ubuntu-tests.patch |
6 | sql_connection.patch |
7 | -keystone-CVE-2012-3542.patch |
8 | -keystone-CVE-2012-4413.patch |
9 | -keystone-CVE-2012-5571.patch |
10 | |
11 | === modified file '.pc/fix-ubuntu-tests.patch/tests/test_keystoneclient.py' |
12 | --- .pc/fix-ubuntu-tests.patch/tests/test_keystoneclient.py 2012-08-24 03:34:59 +0000 |
13 | +++ .pc/fix-ubuntu-tests.patch/tests/test_keystoneclient.py 2012-12-18 13:48:25 +0000 |
14 | @@ -769,15 +769,15 @@ |
15 | def test_tenant_add_and_remove_user(self): |
16 | client = self.get_client(admin=True) |
17 | client.roles.add_user_role(tenant=self.tenant_baz['id'], |
18 | - user=self.user_foo['id'], |
19 | + user=self.user_two['id'], |
20 | role=self.role_useless['id']) |
21 | user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) |
22 | - self.assert_(self.user_foo['id'] in [x.id for x in user_refs]) |
23 | + self.assert_(self.user_two['id'] in [x.id for x in user_refs]) |
24 | client.roles.remove_user_role(tenant=self.tenant_baz['id'], |
25 | - user=self.user_foo['id'], |
26 | + user=self.user_two['id'], |
27 | role=self.role_useless['id']) |
28 | user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) |
29 | - self.assert_(self.user_foo['id'] not in [x.id for x in user_refs]) |
30 | + self.assert_(self.user_two['id'] not in [x.id for x in user_refs]) |
31 | |
32 | def test_user_role_add_404(self): |
33 | from keystoneclient import exceptions as client_exceptions |
34 | @@ -890,16 +890,16 @@ |
35 | def test_tenant_add_and_remove_user(self): |
36 | client = self.get_client(admin=True) |
37 | client.roles.add_user_to_tenant(tenant_id=self.tenant_baz['id'], |
38 | - user_id=self.user_foo['id'], |
39 | + user_id=self.user_two['id'], |
40 | role_id=self.role_useless['id']) |
41 | role_refs = client.roles.get_user_role_refs( |
42 | - user_id=self.user_foo['id']) |
43 | + user_id=self.user_two['id']) |
44 | self.assert_(self.tenant_baz['id'] in [x.tenantId for x in role_refs]) |
45 | |
46 | # get the "role_refs" so we get the proper id, this is how the clients |
47 | # do it |
48 | roleref_refs = client.roles.get_user_role_refs( |
49 | - user_id=self.user_foo['id']) |
50 | + user_id=self.user_two['id']) |
51 | for roleref_ref in roleref_refs: |
52 | if (roleref_ref.roleId == self.role_useless['id'] |
53 | and roleref_ref.tenantId == self.tenant_baz['id']): |
54 | @@ -907,11 +907,11 @@ |
55 | break |
56 | |
57 | client.roles.remove_user_from_tenant(tenant_id=self.tenant_baz['id'], |
58 | - user_id=self.user_foo['id'], |
59 | + user_id=self.user_two['id'], |
60 | role_id=roleref_ref.id) |
61 | |
62 | role_refs = client.roles.get_user_role_refs( |
63 | - user_id=self.user_foo['id']) |
64 | + user_id=self.user_two['id']) |
65 | self.assert_(self.tenant_baz['id'] not in |
66 | [x.tenantId for x in role_refs]) |
67 | |
68 | |
69 | === removed directory '.pc/keystone-CVE-2012-3542.patch' |
70 | === removed directory '.pc/keystone-CVE-2012-3542.patch/keystone' |
71 | === removed directory '.pc/keystone-CVE-2012-3542.patch/keystone/identity' |
72 | === removed file '.pc/keystone-CVE-2012-3542.patch/keystone/identity/core.py' |
73 | --- .pc/keystone-CVE-2012-3542.patch/keystone/identity/core.py 2012-08-30 15:10:26 +0000 |
74 | +++ .pc/keystone-CVE-2012-3542.patch/keystone/identity/core.py 1970-01-01 00:00:00 +0000 |
75 | @@ -1,625 +0,0 @@ |
76 | -# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
77 | - |
78 | -# Copyright 2012 OpenStack LLC |
79 | -# |
80 | -# Licensed under the Apache License, Version 2.0 (the "License"); you may |
81 | -# not use this file except in compliance with the License. You may obtain |
82 | -# a copy of the License at |
83 | -# |
84 | -# http://www.apache.org/licenses/LICENSE-2.0 |
85 | -# |
86 | -# Unless required by applicable law or agreed to in writing, software |
87 | -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
88 | -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
89 | -# License for the specific language governing permissions and limitations |
90 | -# under the License. |
91 | - |
92 | -"""Main entry point into the Identity service.""" |
93 | - |
94 | -import uuid |
95 | -import urllib |
96 | -import urlparse |
97 | - |
98 | -from keystone import config |
99 | -from keystone import exception |
100 | -from keystone import policy |
101 | -from keystone import token |
102 | -from keystone.common import logging |
103 | -from keystone.common import manager |
104 | -from keystone.common import wsgi |
105 | - |
106 | - |
107 | -CONF = config.CONF |
108 | - |
109 | -LOG = logging.getLogger(__name__) |
110 | - |
111 | - |
112 | -class Manager(manager.Manager): |
113 | - """Default pivot point for the Identity backend. |
114 | - |
115 | - See :mod:`keystone.common.manager.Manager` for more details on how this |
116 | - dynamically calls the backend. |
117 | - |
118 | - """ |
119 | - |
120 | - def __init__(self): |
121 | - super(Manager, self).__init__(CONF.identity.driver) |
122 | - |
123 | - |
124 | -class Driver(object): |
125 | - """Interface description for an Identity driver.""" |
126 | - |
127 | - def authenticate(self, user_id=None, tenant_id=None, password=None): |
128 | - """Authenticate a given user, tenant and password. |
129 | - |
130 | - Returns: (user, tenant, metadata). |
131 | - |
132 | - """ |
133 | - raise exception.NotImplemented() |
134 | - |
135 | - def get_tenant(self, tenant_id): |
136 | - """Get a tenant by id. |
137 | - |
138 | - Returns: tenant_ref or None. |
139 | - |
140 | - """ |
141 | - raise exception.NotImplemented() |
142 | - |
143 | - def get_tenant_by_name(self, tenant_name): |
144 | - """Get a tenant by name. |
145 | - |
146 | - Returns: tenant_ref or None. |
147 | - |
148 | - """ |
149 | - raise exception.NotImplemented() |
150 | - |
151 | - def get_user(self, user_id): |
152 | - """Get a user by id. |
153 | - |
154 | - Returns: user_ref or None. |
155 | - |
156 | - """ |
157 | - raise exception.NotImplemented() |
158 | - |
159 | - def get_user_by_name(self, user_name): |
160 | - """Get a user by name. |
161 | - |
162 | - Returns: user_ref or None. |
163 | - |
164 | - """ |
165 | - raise exception.NotImplemented() |
166 | - |
167 | - def get_role(self, role_id): |
168 | - """Get a role by id. |
169 | - |
170 | - Returns: role_ref or None. |
171 | - |
172 | - """ |
173 | - raise exception.NotImplemented() |
174 | - |
175 | - def list_users(self): |
176 | - """List all users in the system. |
177 | - |
178 | - NOTE(termie): I'd prefer if this listed only the users for a given |
179 | - tenant. |
180 | - |
181 | - Returns: a list of user_refs or an empty list. |
182 | - |
183 | - """ |
184 | - raise exception.NotImplemented() |
185 | - |
186 | - def list_roles(self): |
187 | - """List all roles in the system. |
188 | - |
189 | - Returns: a list of role_refs or an empty list. |
190 | - |
191 | - """ |
192 | - raise exception.NotImplemented() |
193 | - |
194 | - # NOTE(termie): seven calls below should probably be exposed by the api |
195 | - # more clearly when the api redesign happens |
196 | - def add_user_to_tenant(self, tenant_id, user_id): |
197 | - raise exception.NotImplemented() |
198 | - |
199 | - def remove_user_from_tenant(self, tenant_id, user_id): |
200 | - raise exception.NotImplemented() |
201 | - |
202 | - def get_all_tenants(self): |
203 | - raise exception.NotImplemented() |
204 | - |
205 | - def get_tenants_for_user(self, user_id): |
206 | - """Get the tenants associated with a given user. |
207 | - |
208 | - Returns: a list of tenant ids. |
209 | - |
210 | - """ |
211 | - raise exception.NotImplemented() |
212 | - |
213 | - def get_roles_for_user_and_tenant(self, user_id, tenant_id): |
214 | - """Get the roles associated with a user within given tenant. |
215 | - |
216 | - Returns: a list of role ids. |
217 | - |
218 | - """ |
219 | - raise exception.NotImplemented() |
220 | - |
221 | - def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id): |
222 | - """Add a role to a user within given tenant.""" |
223 | - raise exception.NotImplemented() |
224 | - |
225 | - def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id): |
226 | - """Remove a role from a user within given tenant.""" |
227 | - raise exception.NotImplemented() |
228 | - |
229 | - # user crud |
230 | - def create_user(self, user_id, user): |
231 | - raise exception.NotImplemented() |
232 | - |
233 | - def update_user(self, user_id, user): |
234 | - raise exception.NotImplemented() |
235 | - |
236 | - def delete_user(self, user_id): |
237 | - raise exception.NotImplemented() |
238 | - |
239 | - # tenant crud |
240 | - def create_tenant(self, tenant_id, tenant): |
241 | - raise exception.NotImplemented() |
242 | - |
243 | - def update_tenant(self, tenant_id, tenant): |
244 | - raise exception.NotImplemented() |
245 | - |
246 | - def delete_tenant(self, tenant_id, tenant): |
247 | - raise exception.NotImplemented() |
248 | - |
249 | - # metadata crud |
250 | - |
251 | - def get_metadata(self, user_id, tenant_id): |
252 | - raise exception.NotImplemented() |
253 | - |
254 | - def create_metadata(self, user_id, tenant_id, metadata): |
255 | - raise exception.NotImplemented() |
256 | - |
257 | - def update_metadata(self, user_id, tenant_id, metadata): |
258 | - raise exception.NotImplemented() |
259 | - |
260 | - def delete_metadata(self, user_id, tenant_id, metadata): |
261 | - raise exception.NotImplemented() |
262 | - |
263 | - # role crud |
264 | - def create_role(self, role_id, role): |
265 | - raise exception.NotImplemented() |
266 | - |
267 | - def update_role(self, role_id, role): |
268 | - raise exception.NotImplemented() |
269 | - |
270 | - def delete_role(self, role_id): |
271 | - raise exception.NotImplemented() |
272 | - |
273 | - |
274 | -class PublicRouter(wsgi.ComposableRouter): |
275 | - def add_routes(self, mapper): |
276 | - tenant_controller = TenantController() |
277 | - mapper.connect('/tenants', |
278 | - controller=tenant_controller, |
279 | - action='get_tenants_for_token', |
280 | - conditions=dict(methods=['GET'])) |
281 | - |
282 | - |
283 | -class AdminRouter(wsgi.ComposableRouter): |
284 | - def add_routes(self, mapper): |
285 | - # Tenant Operations |
286 | - tenant_controller = TenantController() |
287 | - mapper.connect('/tenants', |
288 | - controller=tenant_controller, |
289 | - action='get_all_tenants', |
290 | - conditions=dict(method=['GET'])) |
291 | - mapper.connect('/tenants/{tenant_id}', |
292 | - controller=tenant_controller, |
293 | - action='get_tenant', |
294 | - conditions=dict(method=['GET'])) |
295 | - |
296 | - # User Operations |
297 | - user_controller = UserController() |
298 | - mapper.connect('/users/{user_id}', |
299 | - controller=user_controller, |
300 | - action='get_user', |
301 | - conditions=dict(method=['GET'])) |
302 | - |
303 | - # Role Operations |
304 | - roles_controller = RoleController() |
305 | - mapper.connect('/tenants/{tenant_id}/users/{user_id}/roles', |
306 | - controller=roles_controller, |
307 | - action='get_user_roles', |
308 | - conditions=dict(method=['GET'])) |
309 | - mapper.connect('/users/{user_id}/roles', |
310 | - controller=user_controller, |
311 | - action='get_user_roles', |
312 | - conditions=dict(method=['GET'])) |
313 | - |
314 | - |
315 | -class TenantController(wsgi.Application): |
316 | - def __init__(self): |
317 | - self.identity_api = Manager() |
318 | - self.policy_api = policy.Manager() |
319 | - self.token_api = token.Manager() |
320 | - super(TenantController, self).__init__() |
321 | - |
322 | - def get_all_tenants(self, context, **kw): |
323 | - """Gets a list of all tenants for an admin user.""" |
324 | - self.assert_admin(context) |
325 | - tenant_refs = self.identity_api.get_tenants(context) |
326 | - params = { |
327 | - 'limit': context['query_string'].get('limit'), |
328 | - 'marker': context['query_string'].get('marker'), |
329 | - } |
330 | - return self._format_tenant_list(tenant_refs, **params) |
331 | - |
332 | - def get_tenants_for_token(self, context, **kw): |
333 | - """Get valid tenants for token based on token used to authenticate. |
334 | - |
335 | - Pulls the token from the context, validates it and gets the valid |
336 | - tenants for the user in the token. |
337 | - |
338 | - Doesn't care about token scopedness. |
339 | - |
340 | - """ |
341 | - try: |
342 | - token_ref = self.token_api.get_token(context=context, |
343 | - token_id=context['token_id']) |
344 | - except exception.NotFound: |
345 | - raise exception.Unauthorized() |
346 | - |
347 | - user_ref = token_ref['user'] |
348 | - tenant_ids = self.identity_api.get_tenants_for_user( |
349 | - context, user_ref['id']) |
350 | - tenant_refs = [] |
351 | - for tenant_id in tenant_ids: |
352 | - tenant_refs.append(self.identity_api.get_tenant( |
353 | - context=context, |
354 | - tenant_id=tenant_id)) |
355 | - params = { |
356 | - 'limit': context['query_string'].get('limit'), |
357 | - 'marker': context['query_string'].get('marker'), |
358 | - } |
359 | - return self._format_tenant_list(tenant_refs, **params) |
360 | - |
361 | - def get_tenant(self, context, tenant_id): |
362 | - # TODO(termie): this stuff should probably be moved to middleware |
363 | - self.assert_admin(context) |
364 | - tenant = self.identity_api.get_tenant(context, tenant_id) |
365 | - if tenant is None: |
366 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
367 | - |
368 | - return {'tenant': tenant} |
369 | - |
370 | - # CRUD Extension |
371 | - def create_tenant(self, context, tenant): |
372 | - tenant_ref = self._normalize_dict(tenant) |
373 | - self.assert_admin(context) |
374 | - tenant_id = (tenant_ref.get('id') |
375 | - and tenant_ref.get('id') |
376 | - or uuid.uuid4().hex) |
377 | - tenant_ref['id'] = tenant_id |
378 | - |
379 | - tenant = self.identity_api.create_tenant( |
380 | - context, tenant_id, tenant_ref) |
381 | - return {'tenant': tenant} |
382 | - |
383 | - def update_tenant(self, context, tenant_id, tenant): |
384 | - self.assert_admin(context) |
385 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
386 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
387 | - |
388 | - tenant_ref = self.identity_api.update_tenant( |
389 | - context, tenant_id, tenant) |
390 | - return {'tenant': tenant_ref} |
391 | - |
392 | - def delete_tenant(self, context, tenant_id, **kw): |
393 | - self.assert_admin(context) |
394 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
395 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
396 | - |
397 | - self.identity_api.delete_tenant(context, tenant_id) |
398 | - |
399 | - def get_tenant_users(self, context, tenant_id, **kw): |
400 | - self.assert_admin(context) |
401 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
402 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
403 | - |
404 | - user_refs = self.identity_api.get_tenant_users(context, tenant_id) |
405 | - return {'users': user_refs} |
406 | - |
407 | - def _format_tenant_list(self, tenant_refs, **kwargs): |
408 | - marker = kwargs.get('marker') |
409 | - page_idx = 0 |
410 | - if marker is not None: |
411 | - for (marker_idx, tenant) in enumerate(tenant_refs): |
412 | - if tenant['id'] == marker: |
413 | - # we start pagination after the marker |
414 | - page_idx = marker_idx + 1 |
415 | - break |
416 | - else: |
417 | - msg = 'Marker could not be found' |
418 | - raise exception.ValidationError(message=msg) |
419 | - |
420 | - limit = kwargs.get('limit') |
421 | - if limit is not None: |
422 | - try: |
423 | - limit = int(limit) |
424 | - if limit < 0: |
425 | - raise AssertionError() |
426 | - except (ValueError, AssertionError): |
427 | - msg = 'Invalid limit value' |
428 | - raise exception.ValidationError(message=msg) |
429 | - |
430 | - tenant_refs = tenant_refs[page_idx:limit] |
431 | - |
432 | - for x in tenant_refs: |
433 | - if 'enabled' not in x: |
434 | - x['enabled'] = True |
435 | - o = {'tenants': tenant_refs, |
436 | - 'tenants_links': []} |
437 | - return o |
438 | - |
439 | - |
440 | -class UserController(wsgi.Application): |
441 | - def __init__(self): |
442 | - self.identity_api = Manager() |
443 | - self.policy_api = policy.Manager() |
444 | - self.token_api = token.Manager() |
445 | - super(UserController, self).__init__() |
446 | - |
447 | - def get_user(self, context, user_id): |
448 | - self.assert_admin(context) |
449 | - user_ref = self.identity_api.get_user(context, user_id) |
450 | - if not user_ref: |
451 | - raise exception.UserNotFound(user_id=user_id) |
452 | - |
453 | - return {'user': user_ref} |
454 | - |
455 | - def get_users(self, context): |
456 | - # NOTE(termie): i can't imagine that this really wants all the data |
457 | - # about every single user in the system... |
458 | - self.assert_admin(context) |
459 | - user_refs = self.identity_api.list_users(context) |
460 | - return {'users': user_refs} |
461 | - |
462 | - # CRUD extension |
463 | - def create_user(self, context, user): |
464 | - user = self._normalize_dict(user) |
465 | - self.assert_admin(context) |
466 | - tenant_id = user.get('tenantId', None) |
467 | - if (tenant_id is not None |
468 | - and self.identity_api.get_tenant(context, tenant_id) is None): |
469 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
470 | - user_id = uuid.uuid4().hex |
471 | - user_ref = user.copy() |
472 | - user_ref['id'] = user_id |
473 | - new_user_ref = self.identity_api.create_user( |
474 | - context, user_id, user_ref) |
475 | - if tenant_id: |
476 | - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) |
477 | - return {'user': new_user_ref} |
478 | - |
479 | - def update_user(self, context, user_id, user): |
480 | - # NOTE(termie): this is really more of a patch than a put |
481 | - self.assert_admin(context) |
482 | - if self.identity_api.get_user(context, user_id) is None: |
483 | - raise exception.UserNotFound(user_id=user_id) |
484 | - |
485 | - user_ref = self.identity_api.update_user(context, user_id, user) |
486 | - |
487 | - # If the password was changed or the user was disabled we clear tokens |
488 | - if user.get('password') or user.get('enabled', True) == False: |
489 | - try: |
490 | - for token_id in self.token_api.list_tokens(context, user_id): |
491 | - self.token_api.delete_token(context, token_id) |
492 | - except exception.NotImplemented: |
493 | - # The users status has been changed but tokens remain valid for |
494 | - # backends that can't list tokens for users |
495 | - LOG.warning('User %s status has changed, but existing tokens ' |
496 | - 'remain valid' % user_id) |
497 | - return {'user': user_ref} |
498 | - |
499 | - def delete_user(self, context, user_id): |
500 | - self.assert_admin(context) |
501 | - if self.identity_api.get_user(context, user_id) is None: |
502 | - raise exception.UserNotFound(user_id=user_id) |
503 | - |
504 | - self.identity_api.delete_user(context, user_id) |
505 | - |
506 | - def set_user_enabled(self, context, user_id, user): |
507 | - return self.update_user(context, user_id, user) |
508 | - |
509 | - def set_user_password(self, context, user_id, user): |
510 | - return self.update_user(context, user_id, user) |
511 | - |
512 | - def update_user_tenant(self, context, user_id, user): |
513 | - """Update the default tenant.""" |
514 | - # ensure that we're a member of that tenant |
515 | - tenant_id = user.get('tenantId') |
516 | - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) |
517 | - return self.update_user(context, user_id, user) |
518 | - |
519 | - |
520 | -class RoleController(wsgi.Application): |
521 | - def __init__(self): |
522 | - self.identity_api = Manager() |
523 | - self.token_api = token.Manager() |
524 | - self.policy_api = policy.Manager() |
525 | - super(RoleController, self).__init__() |
526 | - |
527 | - # COMPAT(essex-3) |
528 | - def get_user_roles(self, context, user_id, tenant_id=None): |
529 | - """Get the roles for a user and tenant pair. |
530 | - |
531 | - Since we're trying to ignore the idea of user-only roles we're |
532 | - not implementing them in hopes that the idea will die off. |
533 | - |
534 | - """ |
535 | - self.assert_admin(context) |
536 | - if tenant_id is None: |
537 | - raise exception.NotImplemented(message='User roles not supported: ' |
538 | - 'tenant ID required') |
539 | - |
540 | - user = self.identity_api.get_user(context, user_id) |
541 | - if user is None: |
542 | - raise exception.UserNotFound(user_id=user_id) |
543 | - tenant = self.identity_api.get_tenant(context, tenant_id) |
544 | - if tenant is None: |
545 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
546 | - |
547 | - roles = self.identity_api.get_roles_for_user_and_tenant( |
548 | - context, user_id, tenant_id) |
549 | - return {'roles': [self.identity_api.get_role(context, x) |
550 | - for x in roles]} |
551 | - |
552 | - # CRUD extension |
553 | - def get_role(self, context, role_id): |
554 | - self.assert_admin(context) |
555 | - role_ref = self.identity_api.get_role(context, role_id) |
556 | - if not role_ref: |
557 | - raise exception.RoleNotFound(role_id=role_id) |
558 | - return {'role': role_ref} |
559 | - |
560 | - def create_role(self, context, role): |
561 | - role = self._normalize_dict(role) |
562 | - self.assert_admin(context) |
563 | - role_id = uuid.uuid4().hex |
564 | - role['id'] = role_id |
565 | - role_ref = self.identity_api.create_role(context, role_id, role) |
566 | - return {'role': role_ref} |
567 | - |
568 | - def delete_role(self, context, role_id): |
569 | - self.assert_admin(context) |
570 | - self.get_role(context, role_id) |
571 | - self.identity_api.delete_role(context, role_id) |
572 | - |
573 | - def get_roles(self, context): |
574 | - self.assert_admin(context) |
575 | - roles = self.identity_api.list_roles(context) |
576 | - # TODO(termie): probably inefficient at some point |
577 | - return {'roles': roles} |
578 | - |
579 | - def add_role_to_user(self, context, user_id, role_id, tenant_id=None): |
580 | - """Add a role to a user and tenant pair. |
581 | - |
582 | - Since we're trying to ignore the idea of user-only roles we're |
583 | - not implementing them in hopes that the idea will die off. |
584 | - |
585 | - """ |
586 | - self.assert_admin(context) |
587 | - if tenant_id is None: |
588 | - raise exception.NotImplemented(message='User roles not supported: ' |
589 | - 'tenant_id required') |
590 | - if self.identity_api.get_user(context, user_id) is None: |
591 | - raise exception.UserNotFound(user_id=user_id) |
592 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
593 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
594 | - if self.identity_api.get_role(context, role_id) is None: |
595 | - raise exception.RoleNotFound(role_id=role_id) |
596 | - |
597 | - # This still has the weird legacy semantics that adding a role to |
598 | - # a user also adds them to a tenant |
599 | - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) |
600 | - self.identity_api.add_role_to_user_and_tenant( |
601 | - context, user_id, tenant_id, role_id) |
602 | - role_ref = self.identity_api.get_role(context, role_id) |
603 | - return {'role': role_ref} |
604 | - |
605 | - def remove_role_from_user(self, context, user_id, role_id, tenant_id=None): |
606 | - """Remove a role from a user and tenant pair. |
607 | - |
608 | - Since we're trying to ignore the idea of user-only roles we're |
609 | - not implementing them in hopes that the idea will die off. |
610 | - |
611 | - """ |
612 | - self.assert_admin(context) |
613 | - if tenant_id is None: |
614 | - raise exception.NotImplemented(message='User roles not supported: ' |
615 | - 'tenant_id required') |
616 | - if self.identity_api.get_user(context, user_id) is None: |
617 | - raise exception.UserNotFound(user_id=user_id) |
618 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
619 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
620 | - if self.identity_api.get_role(context, role_id) is None: |
621 | - raise exception.RoleNotFound(role_id=role_id) |
622 | - |
623 | - # This still has the weird legacy semantics that adding a role to |
624 | - # a user also adds them to a tenant, so we must follow up on that |
625 | - self.identity_api.remove_role_from_user_and_tenant( |
626 | - context, user_id, tenant_id, role_id) |
627 | - roles = self.identity_api.get_roles_for_user_and_tenant( |
628 | - context, user_id, tenant_id) |
629 | - if not roles: |
630 | - self.identity_api.remove_user_from_tenant( |
631 | - context, tenant_id, user_id) |
632 | - return |
633 | - |
634 | - # COMPAT(diablo): CRUD extension |
635 | - def get_role_refs(self, context, user_id): |
636 | - """Ultimate hack to get around having to make role_refs first-class. |
637 | - |
638 | - This will basically iterate over the various roles the user has in |
639 | - all tenants the user is a member of and create fake role_refs where |
640 | - the id encodes the user-tenant-role information so we can look |
641 | - up the appropriate data when we need to delete them. |
642 | - |
643 | - """ |
644 | - self.assert_admin(context) |
645 | - user_ref = self.identity_api.get_user(context, user_id) |
646 | - tenant_ids = self.identity_api.get_tenants_for_user(context, user_id) |
647 | - o = [] |
648 | - for tenant_id in tenant_ids: |
649 | - role_ids = self.identity_api.get_roles_for_user_and_tenant( |
650 | - context, user_id, tenant_id) |
651 | - for role_id in role_ids: |
652 | - ref = {'roleId': role_id, |
653 | - 'tenantId': tenant_id, |
654 | - 'userId': user_id} |
655 | - ref['id'] = urllib.urlencode(ref) |
656 | - o.append(ref) |
657 | - return {'roles': o} |
658 | - |
659 | - # COMPAT(diablo): CRUD extension |
660 | - def create_role_ref(self, context, user_id, role): |
661 | - """This is actually used for adding a user to a tenant. |
662 | - |
663 | - In the legacy data model adding a user to a tenant required setting |
664 | - a role. |
665 | - |
666 | - """ |
667 | - self.assert_admin(context) |
668 | - # TODO(termie): for now we're ignoring the actual role |
669 | - tenant_id = role.get('tenantId') |
670 | - role_id = role.get('roleId') |
671 | - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) |
672 | - self.identity_api.add_role_to_user_and_tenant( |
673 | - context, user_id, tenant_id, role_id) |
674 | - role_ref = self.identity_api.get_role(context, role_id) |
675 | - return {'role': role_ref} |
676 | - |
677 | - # COMPAT(diablo): CRUD extension |
678 | - def delete_role_ref(self, context, user_id, role_ref_id): |
679 | - """This is actually used for deleting a user from a tenant. |
680 | - |
681 | - In the legacy data model removing a user from a tenant required |
682 | - deleting a role. |
683 | - |
684 | - To emulate this, we encode the tenant and role in the role_ref_id, |
685 | - and if this happens to be the last role for the user-tenant pair, |
686 | - we remove the user from the tenant. |
687 | - |
688 | - """ |
689 | - self.assert_admin(context) |
690 | - # TODO(termie): for now we're ignoring the actual role |
691 | - role_ref_ref = urlparse.parse_qs(role_ref_id) |
692 | - tenant_id = role_ref_ref.get('tenantId')[0] |
693 | - role_id = role_ref_ref.get('roleId')[0] |
694 | - self.identity_api.remove_role_from_user_and_tenant( |
695 | - context, user_id, tenant_id, role_id) |
696 | - roles = self.identity_api.get_roles_for_user_and_tenant( |
697 | - context, user_id, tenant_id) |
698 | - if not roles: |
699 | - self.identity_api.remove_user_from_tenant( |
700 | - context, tenant_id, user_id) |
701 | |
702 | === removed directory '.pc/keystone-CVE-2012-4413.patch' |
703 | === removed directory '.pc/keystone-CVE-2012-4413.patch/keystone' |
704 | === removed directory '.pc/keystone-CVE-2012-4413.patch/keystone/identity' |
705 | === removed file '.pc/keystone-CVE-2012-4413.patch/keystone/identity/core.py' |
706 | --- .pc/keystone-CVE-2012-4413.patch/keystone/identity/core.py 2012-09-12 09:47:55 +0000 |
707 | +++ .pc/keystone-CVE-2012-4413.patch/keystone/identity/core.py 1970-01-01 00:00:00 +0000 |
708 | @@ -1,626 +0,0 @@ |
709 | -# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
710 | - |
711 | -# Copyright 2012 OpenStack LLC |
712 | -# |
713 | -# Licensed under the Apache License, Version 2.0 (the "License"); you may |
714 | -# not use this file except in compliance with the License. You may obtain |
715 | -# a copy of the License at |
716 | -# |
717 | -# http://www.apache.org/licenses/LICENSE-2.0 |
718 | -# |
719 | -# Unless required by applicable law or agreed to in writing, software |
720 | -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
721 | -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
722 | -# License for the specific language governing permissions and limitations |
723 | -# under the License. |
724 | - |
725 | -"""Main entry point into the Identity service.""" |
726 | - |
727 | -import uuid |
728 | -import urllib |
729 | -import urlparse |
730 | - |
731 | -from keystone import config |
732 | -from keystone import exception |
733 | -from keystone import policy |
734 | -from keystone import token |
735 | -from keystone.common import logging |
736 | -from keystone.common import manager |
737 | -from keystone.common import wsgi |
738 | - |
739 | - |
740 | -CONF = config.CONF |
741 | - |
742 | -LOG = logging.getLogger(__name__) |
743 | - |
744 | - |
745 | -class Manager(manager.Manager): |
746 | - """Default pivot point for the Identity backend. |
747 | - |
748 | - See :mod:`keystone.common.manager.Manager` for more details on how this |
749 | - dynamically calls the backend. |
750 | - |
751 | - """ |
752 | - |
753 | - def __init__(self): |
754 | - super(Manager, self).__init__(CONF.identity.driver) |
755 | - |
756 | - |
757 | -class Driver(object): |
758 | - """Interface description for an Identity driver.""" |
759 | - |
760 | - def authenticate(self, user_id=None, tenant_id=None, password=None): |
761 | - """Authenticate a given user, tenant and password. |
762 | - |
763 | - Returns: (user, tenant, metadata). |
764 | - |
765 | - """ |
766 | - raise exception.NotImplemented() |
767 | - |
768 | - def get_tenant(self, tenant_id): |
769 | - """Get a tenant by id. |
770 | - |
771 | - Returns: tenant_ref or None. |
772 | - |
773 | - """ |
774 | - raise exception.NotImplemented() |
775 | - |
776 | - def get_tenant_by_name(self, tenant_name): |
777 | - """Get a tenant by name. |
778 | - |
779 | - Returns: tenant_ref or None. |
780 | - |
781 | - """ |
782 | - raise exception.NotImplemented() |
783 | - |
784 | - def get_user(self, user_id): |
785 | - """Get a user by id. |
786 | - |
787 | - Returns: user_ref or None. |
788 | - |
789 | - """ |
790 | - raise exception.NotImplemented() |
791 | - |
792 | - def get_user_by_name(self, user_name): |
793 | - """Get a user by name. |
794 | - |
795 | - Returns: user_ref or None. |
796 | - |
797 | - """ |
798 | - raise exception.NotImplemented() |
799 | - |
800 | - def get_role(self, role_id): |
801 | - """Get a role by id. |
802 | - |
803 | - Returns: role_ref or None. |
804 | - |
805 | - """ |
806 | - raise exception.NotImplemented() |
807 | - |
808 | - def list_users(self): |
809 | - """List all users in the system. |
810 | - |
811 | - NOTE(termie): I'd prefer if this listed only the users for a given |
812 | - tenant. |
813 | - |
814 | - Returns: a list of user_refs or an empty list. |
815 | - |
816 | - """ |
817 | - raise exception.NotImplemented() |
818 | - |
819 | - def list_roles(self): |
820 | - """List all roles in the system. |
821 | - |
822 | - Returns: a list of role_refs or an empty list. |
823 | - |
824 | - """ |
825 | - raise exception.NotImplemented() |
826 | - |
827 | - # NOTE(termie): seven calls below should probably be exposed by the api |
828 | - # more clearly when the api redesign happens |
829 | - def add_user_to_tenant(self, tenant_id, user_id): |
830 | - raise exception.NotImplemented() |
831 | - |
832 | - def remove_user_from_tenant(self, tenant_id, user_id): |
833 | - raise exception.NotImplemented() |
834 | - |
835 | - def get_all_tenants(self): |
836 | - raise exception.NotImplemented() |
837 | - |
838 | - def get_tenants_for_user(self, user_id): |
839 | - """Get the tenants associated with a given user. |
840 | - |
841 | - Returns: a list of tenant ids. |
842 | - |
843 | - """ |
844 | - raise exception.NotImplemented() |
845 | - |
846 | - def get_roles_for_user_and_tenant(self, user_id, tenant_id): |
847 | - """Get the roles associated with a user within given tenant. |
848 | - |
849 | - Returns: a list of role ids. |
850 | - |
851 | - """ |
852 | - raise exception.NotImplemented() |
853 | - |
854 | - def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id): |
855 | - """Add a role to a user within given tenant.""" |
856 | - raise exception.NotImplemented() |
857 | - |
858 | - def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id): |
859 | - """Remove a role from a user within given tenant.""" |
860 | - raise exception.NotImplemented() |
861 | - |
862 | - # user crud |
863 | - def create_user(self, user_id, user): |
864 | - raise exception.NotImplemented() |
865 | - |
866 | - def update_user(self, user_id, user): |
867 | - raise exception.NotImplemented() |
868 | - |
869 | - def delete_user(self, user_id): |
870 | - raise exception.NotImplemented() |
871 | - |
872 | - # tenant crud |
873 | - def create_tenant(self, tenant_id, tenant): |
874 | - raise exception.NotImplemented() |
875 | - |
876 | - def update_tenant(self, tenant_id, tenant): |
877 | - raise exception.NotImplemented() |
878 | - |
879 | - def delete_tenant(self, tenant_id, tenant): |
880 | - raise exception.NotImplemented() |
881 | - |
882 | - # metadata crud |
883 | - |
884 | - def get_metadata(self, user_id, tenant_id): |
885 | - raise exception.NotImplemented() |
886 | - |
887 | - def create_metadata(self, user_id, tenant_id, metadata): |
888 | - raise exception.NotImplemented() |
889 | - |
890 | - def update_metadata(self, user_id, tenant_id, metadata): |
891 | - raise exception.NotImplemented() |
892 | - |
893 | - def delete_metadata(self, user_id, tenant_id, metadata): |
894 | - raise exception.NotImplemented() |
895 | - |
896 | - # role crud |
897 | - def create_role(self, role_id, role): |
898 | - raise exception.NotImplemented() |
899 | - |
900 | - def update_role(self, role_id, role): |
901 | - raise exception.NotImplemented() |
902 | - |
903 | - def delete_role(self, role_id): |
904 | - raise exception.NotImplemented() |
905 | - |
906 | - |
907 | -class PublicRouter(wsgi.ComposableRouter): |
908 | - def add_routes(self, mapper): |
909 | - tenant_controller = TenantController() |
910 | - mapper.connect('/tenants', |
911 | - controller=tenant_controller, |
912 | - action='get_tenants_for_token', |
913 | - conditions=dict(methods=['GET'])) |
914 | - |
915 | - |
916 | -class AdminRouter(wsgi.ComposableRouter): |
917 | - def add_routes(self, mapper): |
918 | - # Tenant Operations |
919 | - tenant_controller = TenantController() |
920 | - mapper.connect('/tenants', |
921 | - controller=tenant_controller, |
922 | - action='get_all_tenants', |
923 | - conditions=dict(method=['GET'])) |
924 | - mapper.connect('/tenants/{tenant_id}', |
925 | - controller=tenant_controller, |
926 | - action='get_tenant', |
927 | - conditions=dict(method=['GET'])) |
928 | - |
929 | - # User Operations |
930 | - user_controller = UserController() |
931 | - mapper.connect('/users/{user_id}', |
932 | - controller=user_controller, |
933 | - action='get_user', |
934 | - conditions=dict(method=['GET'])) |
935 | - |
936 | - # Role Operations |
937 | - roles_controller = RoleController() |
938 | - mapper.connect('/tenants/{tenant_id}/users/{user_id}/roles', |
939 | - controller=roles_controller, |
940 | - action='get_user_roles', |
941 | - conditions=dict(method=['GET'])) |
942 | - mapper.connect('/users/{user_id}/roles', |
943 | - controller=user_controller, |
944 | - action='get_user_roles', |
945 | - conditions=dict(method=['GET'])) |
946 | - |
947 | - |
948 | -class TenantController(wsgi.Application): |
949 | - def __init__(self): |
950 | - self.identity_api = Manager() |
951 | - self.policy_api = policy.Manager() |
952 | - self.token_api = token.Manager() |
953 | - super(TenantController, self).__init__() |
954 | - |
955 | - def get_all_tenants(self, context, **kw): |
956 | - """Gets a list of all tenants for an admin user.""" |
957 | - self.assert_admin(context) |
958 | - tenant_refs = self.identity_api.get_tenants(context) |
959 | - params = { |
960 | - 'limit': context['query_string'].get('limit'), |
961 | - 'marker': context['query_string'].get('marker'), |
962 | - } |
963 | - return self._format_tenant_list(tenant_refs, **params) |
964 | - |
965 | - def get_tenants_for_token(self, context, **kw): |
966 | - """Get valid tenants for token based on token used to authenticate. |
967 | - |
968 | - Pulls the token from the context, validates it and gets the valid |
969 | - tenants for the user in the token. |
970 | - |
971 | - Doesn't care about token scopedness. |
972 | - |
973 | - """ |
974 | - try: |
975 | - token_ref = self.token_api.get_token(context=context, |
976 | - token_id=context['token_id']) |
977 | - except exception.NotFound: |
978 | - raise exception.Unauthorized() |
979 | - |
980 | - user_ref = token_ref['user'] |
981 | - tenant_ids = self.identity_api.get_tenants_for_user( |
982 | - context, user_ref['id']) |
983 | - tenant_refs = [] |
984 | - for tenant_id in tenant_ids: |
985 | - tenant_refs.append(self.identity_api.get_tenant( |
986 | - context=context, |
987 | - tenant_id=tenant_id)) |
988 | - params = { |
989 | - 'limit': context['query_string'].get('limit'), |
990 | - 'marker': context['query_string'].get('marker'), |
991 | - } |
992 | - return self._format_tenant_list(tenant_refs, **params) |
993 | - |
994 | - def get_tenant(self, context, tenant_id): |
995 | - # TODO(termie): this stuff should probably be moved to middleware |
996 | - self.assert_admin(context) |
997 | - tenant = self.identity_api.get_tenant(context, tenant_id) |
998 | - if tenant is None: |
999 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
1000 | - |
1001 | - return {'tenant': tenant} |
1002 | - |
1003 | - # CRUD Extension |
1004 | - def create_tenant(self, context, tenant): |
1005 | - tenant_ref = self._normalize_dict(tenant) |
1006 | - self.assert_admin(context) |
1007 | - tenant_id = (tenant_ref.get('id') |
1008 | - and tenant_ref.get('id') |
1009 | - or uuid.uuid4().hex) |
1010 | - tenant_ref['id'] = tenant_id |
1011 | - |
1012 | - tenant = self.identity_api.create_tenant( |
1013 | - context, tenant_id, tenant_ref) |
1014 | - return {'tenant': tenant} |
1015 | - |
1016 | - def update_tenant(self, context, tenant_id, tenant): |
1017 | - self.assert_admin(context) |
1018 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
1019 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
1020 | - |
1021 | - tenant_ref = self.identity_api.update_tenant( |
1022 | - context, tenant_id, tenant) |
1023 | - return {'tenant': tenant_ref} |
1024 | - |
1025 | - def delete_tenant(self, context, tenant_id, **kw): |
1026 | - self.assert_admin(context) |
1027 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
1028 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
1029 | - |
1030 | - self.identity_api.delete_tenant(context, tenant_id) |
1031 | - |
1032 | - def get_tenant_users(self, context, tenant_id, **kw): |
1033 | - self.assert_admin(context) |
1034 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
1035 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
1036 | - |
1037 | - user_refs = self.identity_api.get_tenant_users(context, tenant_id) |
1038 | - return {'users': user_refs} |
1039 | - |
1040 | - def _format_tenant_list(self, tenant_refs, **kwargs): |
1041 | - marker = kwargs.get('marker') |
1042 | - page_idx = 0 |
1043 | - if marker is not None: |
1044 | - for (marker_idx, tenant) in enumerate(tenant_refs): |
1045 | - if tenant['id'] == marker: |
1046 | - # we start pagination after the marker |
1047 | - page_idx = marker_idx + 1 |
1048 | - break |
1049 | - else: |
1050 | - msg = 'Marker could not be found' |
1051 | - raise exception.ValidationError(message=msg) |
1052 | - |
1053 | - limit = kwargs.get('limit') |
1054 | - if limit is not None: |
1055 | - try: |
1056 | - limit = int(limit) |
1057 | - if limit < 0: |
1058 | - raise AssertionError() |
1059 | - except (ValueError, AssertionError): |
1060 | - msg = 'Invalid limit value' |
1061 | - raise exception.ValidationError(message=msg) |
1062 | - |
1063 | - tenant_refs = tenant_refs[page_idx:limit] |
1064 | - |
1065 | - for x in tenant_refs: |
1066 | - if 'enabled' not in x: |
1067 | - x['enabled'] = True |
1068 | - o = {'tenants': tenant_refs, |
1069 | - 'tenants_links': []} |
1070 | - return o |
1071 | - |
1072 | - |
1073 | -class UserController(wsgi.Application): |
1074 | - def __init__(self): |
1075 | - self.identity_api = Manager() |
1076 | - self.policy_api = policy.Manager() |
1077 | - self.token_api = token.Manager() |
1078 | - super(UserController, self).__init__() |
1079 | - |
1080 | - def get_user(self, context, user_id): |
1081 | - self.assert_admin(context) |
1082 | - user_ref = self.identity_api.get_user(context, user_id) |
1083 | - if not user_ref: |
1084 | - raise exception.UserNotFound(user_id=user_id) |
1085 | - |
1086 | - return {'user': user_ref} |
1087 | - |
1088 | - def get_users(self, context): |
1089 | - # NOTE(termie): i can't imagine that this really wants all the data |
1090 | - # about every single user in the system... |
1091 | - self.assert_admin(context) |
1092 | - user_refs = self.identity_api.list_users(context) |
1093 | - return {'users': user_refs} |
1094 | - |
1095 | - # CRUD extension |
1096 | - def create_user(self, context, user): |
1097 | - user = self._normalize_dict(user) |
1098 | - self.assert_admin(context) |
1099 | - tenant_id = user.get('tenantId', None) |
1100 | - if (tenant_id is not None |
1101 | - and self.identity_api.get_tenant(context, tenant_id) is None): |
1102 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
1103 | - user_id = uuid.uuid4().hex |
1104 | - user_ref = user.copy() |
1105 | - user_ref['id'] = user_id |
1106 | - new_user_ref = self.identity_api.create_user( |
1107 | - context, user_id, user_ref) |
1108 | - if tenant_id: |
1109 | - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) |
1110 | - return {'user': new_user_ref} |
1111 | - |
1112 | - def update_user(self, context, user_id, user): |
1113 | - # NOTE(termie): this is really more of a patch than a put |
1114 | - self.assert_admin(context) |
1115 | - if self.identity_api.get_user(context, user_id) is None: |
1116 | - raise exception.UserNotFound(user_id=user_id) |
1117 | - |
1118 | - user_ref = self.identity_api.update_user(context, user_id, user) |
1119 | - |
1120 | - # If the password was changed or the user was disabled we clear tokens |
1121 | - if user.get('password') or user.get('enabled', True) == False: |
1122 | - try: |
1123 | - for token_id in self.token_api.list_tokens(context, user_id): |
1124 | - self.token_api.delete_token(context, token_id) |
1125 | - except exception.NotImplemented: |
1126 | - # The users status has been changed but tokens remain valid for |
1127 | - # backends that can't list tokens for users |
1128 | - LOG.warning('User %s status has changed, but existing tokens ' |
1129 | - 'remain valid' % user_id) |
1130 | - return {'user': user_ref} |
1131 | - |
1132 | - def delete_user(self, context, user_id): |
1133 | - self.assert_admin(context) |
1134 | - if self.identity_api.get_user(context, user_id) is None: |
1135 | - raise exception.UserNotFound(user_id=user_id) |
1136 | - |
1137 | - self.identity_api.delete_user(context, user_id) |
1138 | - |
1139 | - def set_user_enabled(self, context, user_id, user): |
1140 | - return self.update_user(context, user_id, user) |
1141 | - |
1142 | - def set_user_password(self, context, user_id, user): |
1143 | - return self.update_user(context, user_id, user) |
1144 | - |
1145 | - def update_user_tenant(self, context, user_id, user): |
1146 | - """Update the default tenant.""" |
1147 | - self.assert_admin(context) |
1148 | - # ensure that we're a member of that tenant |
1149 | - tenant_id = user.get('tenantId') |
1150 | - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) |
1151 | - return self.update_user(context, user_id, user) |
1152 | - |
1153 | - |
1154 | -class RoleController(wsgi.Application): |
1155 | - def __init__(self): |
1156 | - self.identity_api = Manager() |
1157 | - self.token_api = token.Manager() |
1158 | - self.policy_api = policy.Manager() |
1159 | - super(RoleController, self).__init__() |
1160 | - |
1161 | - # COMPAT(essex-3) |
1162 | - def get_user_roles(self, context, user_id, tenant_id=None): |
1163 | - """Get the roles for a user and tenant pair. |
1164 | - |
1165 | - Since we're trying to ignore the idea of user-only roles we're |
1166 | - not implementing them in hopes that the idea will die off. |
1167 | - |
1168 | - """ |
1169 | - self.assert_admin(context) |
1170 | - if tenant_id is None: |
1171 | - raise exception.NotImplemented(message='User roles not supported: ' |
1172 | - 'tenant ID required') |
1173 | - |
1174 | - user = self.identity_api.get_user(context, user_id) |
1175 | - if user is None: |
1176 | - raise exception.UserNotFound(user_id=user_id) |
1177 | - tenant = self.identity_api.get_tenant(context, tenant_id) |
1178 | - if tenant is None: |
1179 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
1180 | - |
1181 | - roles = self.identity_api.get_roles_for_user_and_tenant( |
1182 | - context, user_id, tenant_id) |
1183 | - return {'roles': [self.identity_api.get_role(context, x) |
1184 | - for x in roles]} |
1185 | - |
1186 | - # CRUD extension |
1187 | - def get_role(self, context, role_id): |
1188 | - self.assert_admin(context) |
1189 | - role_ref = self.identity_api.get_role(context, role_id) |
1190 | - if not role_ref: |
1191 | - raise exception.RoleNotFound(role_id=role_id) |
1192 | - return {'role': role_ref} |
1193 | - |
1194 | - def create_role(self, context, role): |
1195 | - role = self._normalize_dict(role) |
1196 | - self.assert_admin(context) |
1197 | - role_id = uuid.uuid4().hex |
1198 | - role['id'] = role_id |
1199 | - role_ref = self.identity_api.create_role(context, role_id, role) |
1200 | - return {'role': role_ref} |
1201 | - |
1202 | - def delete_role(self, context, role_id): |
1203 | - self.assert_admin(context) |
1204 | - self.get_role(context, role_id) |
1205 | - self.identity_api.delete_role(context, role_id) |
1206 | - |
1207 | - def get_roles(self, context): |
1208 | - self.assert_admin(context) |
1209 | - roles = self.identity_api.list_roles(context) |
1210 | - # TODO(termie): probably inefficient at some point |
1211 | - return {'roles': roles} |
1212 | - |
1213 | - def add_role_to_user(self, context, user_id, role_id, tenant_id=None): |
1214 | - """Add a role to a user and tenant pair. |
1215 | - |
1216 | - Since we're trying to ignore the idea of user-only roles we're |
1217 | - not implementing them in hopes that the idea will die off. |
1218 | - |
1219 | - """ |
1220 | - self.assert_admin(context) |
1221 | - if tenant_id is None: |
1222 | - raise exception.NotImplemented(message='User roles not supported: ' |
1223 | - 'tenant_id required') |
1224 | - if self.identity_api.get_user(context, user_id) is None: |
1225 | - raise exception.UserNotFound(user_id=user_id) |
1226 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
1227 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
1228 | - if self.identity_api.get_role(context, role_id) is None: |
1229 | - raise exception.RoleNotFound(role_id=role_id) |
1230 | - |
1231 | - # This still has the weird legacy semantics that adding a role to |
1232 | - # a user also adds them to a tenant |
1233 | - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) |
1234 | - self.identity_api.add_role_to_user_and_tenant( |
1235 | - context, user_id, tenant_id, role_id) |
1236 | - role_ref = self.identity_api.get_role(context, role_id) |
1237 | - return {'role': role_ref} |
1238 | - |
1239 | - def remove_role_from_user(self, context, user_id, role_id, tenant_id=None): |
1240 | - """Remove a role from a user and tenant pair. |
1241 | - |
1242 | - Since we're trying to ignore the idea of user-only roles we're |
1243 | - not implementing them in hopes that the idea will die off. |
1244 | - |
1245 | - """ |
1246 | - self.assert_admin(context) |
1247 | - if tenant_id is None: |
1248 | - raise exception.NotImplemented(message='User roles not supported: ' |
1249 | - 'tenant_id required') |
1250 | - if self.identity_api.get_user(context, user_id) is None: |
1251 | - raise exception.UserNotFound(user_id=user_id) |
1252 | - if self.identity_api.get_tenant(context, tenant_id) is None: |
1253 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
1254 | - if self.identity_api.get_role(context, role_id) is None: |
1255 | - raise exception.RoleNotFound(role_id=role_id) |
1256 | - |
1257 | - # This still has the weird legacy semantics that adding a role to |
1258 | - # a user also adds them to a tenant, so we must follow up on that |
1259 | - self.identity_api.remove_role_from_user_and_tenant( |
1260 | - context, user_id, tenant_id, role_id) |
1261 | - roles = self.identity_api.get_roles_for_user_and_tenant( |
1262 | - context, user_id, tenant_id) |
1263 | - if not roles: |
1264 | - self.identity_api.remove_user_from_tenant( |
1265 | - context, tenant_id, user_id) |
1266 | - return |
1267 | - |
1268 | - # COMPAT(diablo): CRUD extension |
1269 | - def get_role_refs(self, context, user_id): |
1270 | - """Ultimate hack to get around having to make role_refs first-class. |
1271 | - |
1272 | - This will basically iterate over the various roles the user has in |
1273 | - all tenants the user is a member of and create fake role_refs where |
1274 | - the id encodes the user-tenant-role information so we can look |
1275 | - up the appropriate data when we need to delete them. |
1276 | - |
1277 | - """ |
1278 | - self.assert_admin(context) |
1279 | - user_ref = self.identity_api.get_user(context, user_id) |
1280 | - tenant_ids = self.identity_api.get_tenants_for_user(context, user_id) |
1281 | - o = [] |
1282 | - for tenant_id in tenant_ids: |
1283 | - role_ids = self.identity_api.get_roles_for_user_and_tenant( |
1284 | - context, user_id, tenant_id) |
1285 | - for role_id in role_ids: |
1286 | - ref = {'roleId': role_id, |
1287 | - 'tenantId': tenant_id, |
1288 | - 'userId': user_id} |
1289 | - ref['id'] = urllib.urlencode(ref) |
1290 | - o.append(ref) |
1291 | - return {'roles': o} |
1292 | - |
1293 | - # COMPAT(diablo): CRUD extension |
1294 | - def create_role_ref(self, context, user_id, role): |
1295 | - """This is actually used for adding a user to a tenant. |
1296 | - |
1297 | - In the legacy data model adding a user to a tenant required setting |
1298 | - a role. |
1299 | - |
1300 | - """ |
1301 | - self.assert_admin(context) |
1302 | - # TODO(termie): for now we're ignoring the actual role |
1303 | - tenant_id = role.get('tenantId') |
1304 | - role_id = role.get('roleId') |
1305 | - self.identity_api.add_user_to_tenant(context, tenant_id, user_id) |
1306 | - self.identity_api.add_role_to_user_and_tenant( |
1307 | - context, user_id, tenant_id, role_id) |
1308 | - role_ref = self.identity_api.get_role(context, role_id) |
1309 | - return {'role': role_ref} |
1310 | - |
1311 | - # COMPAT(diablo): CRUD extension |
1312 | - def delete_role_ref(self, context, user_id, role_ref_id): |
1313 | - """This is actually used for deleting a user from a tenant. |
1314 | - |
1315 | - In the legacy data model removing a user from a tenant required |
1316 | - deleting a role. |
1317 | - |
1318 | - To emulate this, we encode the tenant and role in the role_ref_id, |
1319 | - and if this happens to be the last role for the user-tenant pair, |
1320 | - we remove the user from the tenant. |
1321 | - |
1322 | - """ |
1323 | - self.assert_admin(context) |
1324 | - # TODO(termie): for now we're ignoring the actual role |
1325 | - role_ref_ref = urlparse.parse_qs(role_ref_id) |
1326 | - tenant_id = role_ref_ref.get('tenantId')[0] |
1327 | - role_id = role_ref_ref.get('roleId')[0] |
1328 | - self.identity_api.remove_role_from_user_and_tenant( |
1329 | - context, user_id, tenant_id, role_id) |
1330 | - roles = self.identity_api.get_roles_for_user_and_tenant( |
1331 | - context, user_id, tenant_id) |
1332 | - if not roles: |
1333 | - self.identity_api.remove_user_from_tenant( |
1334 | - context, tenant_id, user_id) |
1335 | |
1336 | === removed directory '.pc/keystone-CVE-2012-4413.patch/keystone/token' |
1337 | === removed file '.pc/keystone-CVE-2012-4413.patch/keystone/token/core.py' |
1338 | --- .pc/keystone-CVE-2012-4413.patch/keystone/token/core.py 2012-09-12 09:47:55 +0000 |
1339 | +++ .pc/keystone-CVE-2012-4413.patch/keystone/token/core.py 1970-01-01 00:00:00 +0000 |
1340 | @@ -1,107 +0,0 @@ |
1341 | -# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
1342 | - |
1343 | -# Copyright 2012 OpenStack LLC |
1344 | -# |
1345 | -# Licensed under the Apache License, Version 2.0 (the "License"); you may |
1346 | -# not use this file except in compliance with the License. You may obtain |
1347 | -# a copy of the License at |
1348 | -# |
1349 | -# http://www.apache.org/licenses/LICENSE-2.0 |
1350 | -# |
1351 | -# Unless required by applicable law or agreed to in writing, software |
1352 | -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
1353 | -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
1354 | -# License for the specific language governing permissions and limitations |
1355 | -# under the License. |
1356 | - |
1357 | -"""Main entry point into the Token service.""" |
1358 | - |
1359 | -import datetime |
1360 | - |
1361 | -from keystone import config |
1362 | -from keystone import exception |
1363 | -from keystone.common import manager |
1364 | - |
1365 | - |
1366 | -CONF = config.CONF |
1367 | -config.register_int('expiration', group='token', default=86400) |
1368 | - |
1369 | - |
1370 | -class Manager(manager.Manager): |
1371 | - """Default pivot point for the Token backend. |
1372 | - |
1373 | - See :mod:`keystone.common.manager.Manager` for more details on how this |
1374 | - dynamically calls the backend. |
1375 | - |
1376 | - """ |
1377 | - |
1378 | - def __init__(self): |
1379 | - super(Manager, self).__init__(CONF.token.driver) |
1380 | - |
1381 | - |
1382 | -class Driver(object): |
1383 | - """Interface description for a Token driver.""" |
1384 | - |
1385 | - def get_token(self, token_id): |
1386 | - """Get a token by id. |
1387 | - |
1388 | - :param token_id: identity of the token |
1389 | - :type token_id: string |
1390 | - :returns: token_ref |
1391 | - :raises: keystone.exception.TokenNotFound |
1392 | - |
1393 | - """ |
1394 | - raise exception.NotImplemented() |
1395 | - |
1396 | - def create_token(self, token_id, data): |
1397 | - """Create a token by id and data. |
1398 | - |
1399 | - :param token_id: identity of the token |
1400 | - :type token_id: string |
1401 | - :param data: dictionary with additional reference information |
1402 | - |
1403 | - :: |
1404 | - |
1405 | - { |
1406 | - expires='' |
1407 | - id=token_id, |
1408 | - user=user_ref, |
1409 | - tenant=tenant_ref, |
1410 | - metadata=metadata_ref |
1411 | - } |
1412 | - |
1413 | - :type data: dict |
1414 | - :returns: token_ref or None. |
1415 | - |
1416 | - """ |
1417 | - raise exception.NotImplemented() |
1418 | - |
1419 | - def delete_token(self, token_id): |
1420 | - """Deletes a token by id. |
1421 | - |
1422 | - :param token_id: identity of the token |
1423 | - :type token_id: string |
1424 | - :returns: None. |
1425 | - :raises: keystone.exception.TokenNotFound |
1426 | - |
1427 | - """ |
1428 | - raise exception.NotImplemented() |
1429 | - |
1430 | - def list_tokens(self, user_id): |
1431 | - """Returns a list of current token_id's for a user |
1432 | - |
1433 | - :param user_id: identity of the user |
1434 | - :type user_id: string |
1435 | - :returns: list of token_id's |
1436 | - |
1437 | - """ |
1438 | - raise exception.NotImplemented() |
1439 | - |
1440 | - def _get_default_expire_time(self): |
1441 | - """Determine when a token should expire based on the config. |
1442 | - |
1443 | - :returns: a naive utc datetime.datetime object |
1444 | - |
1445 | - """ |
1446 | - expire_delta = datetime.timedelta(seconds=CONF.token.expiration) |
1447 | - return datetime.datetime.utcnow() + expire_delta |
1448 | |
1449 | === removed directory '.pc/keystone-CVE-2012-4413.patch/tests' |
1450 | === removed file '.pc/keystone-CVE-2012-4413.patch/tests/test_keystoneclient.py' |
1451 | --- .pc/keystone-CVE-2012-4413.patch/tests/test_keystoneclient.py 2012-09-12 09:47:55 +0000 |
1452 | +++ .pc/keystone-CVE-2012-4413.patch/tests/test_keystoneclient.py 1970-01-01 00:00:00 +0000 |
1453 | @@ -1,970 +0,0 @@ |
1454 | -# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
1455 | - |
1456 | -# Copyright 2012 OpenStack LLC |
1457 | -# |
1458 | -# Licensed under the Apache License, Version 2.0 (the "License"); you may |
1459 | -# not use this file except in compliance with the License. You may obtain |
1460 | -# a copy of the License at |
1461 | -# |
1462 | -# http://www.apache.org/licenses/LICENSE-2.0 |
1463 | -# |
1464 | -# Unless required by applicable law or agreed to in writing, software |
1465 | -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
1466 | -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
1467 | -# License for the specific language governing permissions and limitations |
1468 | -# under the License. |
1469 | - |
1470 | -import time |
1471 | -import uuid |
1472 | - |
1473 | -import nose.exc |
1474 | - |
1475 | -from keystone import test |
1476 | - |
1477 | -import default_fixtures |
1478 | - |
1479 | -OPENSTACK_REPO = 'https://review.openstack.org/p/openstack' |
1480 | -KEYSTONECLIENT_REPO = '%s/python-keystoneclient.git' % OPENSTACK_REPO |
1481 | - |
1482 | - |
1483 | -class CompatTestCase(test.TestCase): |
1484 | - def setUp(self): |
1485 | - super(CompatTestCase, self).setUp() |
1486 | - |
1487 | - self.load_backends() |
1488 | - self.load_fixtures(default_fixtures) |
1489 | - |
1490 | - self.public_server = self.serveapp('keystone', name='main') |
1491 | - self.admin_server = self.serveapp('keystone', name='admin') |
1492 | - |
1493 | - # TODO(termie): is_admin is being deprecated once the policy stuff |
1494 | - # is all working |
1495 | - # TODO(termie): add an admin user to the fixtures and use that user |
1496 | - # override the fixtures, for now |
1497 | - self.metadata_foobar = self.identity_api.update_metadata( |
1498 | - self.user_foo['id'], self.tenant_bar['id'], |
1499 | - dict(roles=['keystone_admin'], is_admin='1')) |
1500 | - |
1501 | - def tearDown(self): |
1502 | - self.public_server.kill() |
1503 | - self.admin_server.kill() |
1504 | - self.public_server = None |
1505 | - self.admin_server = None |
1506 | - super(CompatTestCase, self).tearDown() |
1507 | - |
1508 | - def _public_url(self): |
1509 | - public_port = self.public_server.socket_info['socket'][1] |
1510 | - return "http://localhost:%s/v2.0" % public_port |
1511 | - |
1512 | - def _admin_url(self): |
1513 | - admin_port = self.admin_server.socket_info['socket'][1] |
1514 | - return "http://localhost:%s/v2.0" % admin_port |
1515 | - |
1516 | - def _client(self, admin=False, **kwargs): |
1517 | - from keystoneclient.v2_0 import client as ks_client |
1518 | - |
1519 | - url = self._admin_url() if admin else self._public_url() |
1520 | - kc = ks_client.Client(endpoint=url, |
1521 | - auth_url=self._public_url(), |
1522 | - **kwargs) |
1523 | - kc.authenticate() |
1524 | - # have to manually overwrite the management url after authentication |
1525 | - kc.management_url = url |
1526 | - return kc |
1527 | - |
1528 | - def get_client(self, user_ref=None, tenant_ref=None, admin=False): |
1529 | - if user_ref is None: |
1530 | - user_ref = self.user_foo |
1531 | - if tenant_ref is None: |
1532 | - for user in default_fixtures.USERS: |
1533 | - if user['id'] == user_ref['id']: |
1534 | - tenant_id = user['tenants'][0] |
1535 | - else: |
1536 | - tenant_id = tenant_ref['id'] |
1537 | - |
1538 | - return self._client(username=user_ref['name'], |
1539 | - password=user_ref['password'], |
1540 | - tenant_id=tenant_id, |
1541 | - admin=admin) |
1542 | - |
1543 | - |
1544 | -class KeystoneClientTests(object): |
1545 | - """Tests for all versions of keystoneclient.""" |
1546 | - |
1547 | - def test_authenticate_tenant_name_and_tenants(self): |
1548 | - client = self.get_client() |
1549 | - tenants = client.tenants.list() |
1550 | - self.assertEquals(tenants[0].id, self.tenant_bar['id']) |
1551 | - |
1552 | - def test_authenticate_tenant_id_and_tenants(self): |
1553 | - client = self._client(username=self.user_foo['name'], |
1554 | - password=self.user_foo['password'], |
1555 | - tenant_id='bar') |
1556 | - tenants = client.tenants.list() |
1557 | - self.assertEquals(tenants[0].id, self.tenant_bar['id']) |
1558 | - |
1559 | - def test_authenticate_invalid_tenant_id(self): |
1560 | - from keystoneclient import exceptions as client_exceptions |
1561 | - self.assertRaises(client_exceptions.Unauthorized, |
1562 | - self._client, |
1563 | - username=self.user_foo['name'], |
1564 | - password=self.user_foo['password'], |
1565 | - tenant_id='baz') |
1566 | - |
1567 | - def test_authenticate_token_no_tenant(self): |
1568 | - client = self.get_client() |
1569 | - token = client.auth_token |
1570 | - token_client = self._client(token=token) |
1571 | - tenants = token_client.tenants.list() |
1572 | - self.assertEquals(tenants[0].id, self.tenant_bar['id']) |
1573 | - |
1574 | - def test_authenticate_token_tenant_id(self): |
1575 | - client = self.get_client() |
1576 | - token = client.auth_token |
1577 | - token_client = self._client(token=token, tenant_id='bar') |
1578 | - tenants = token_client.tenants.list() |
1579 | - self.assertEquals(tenants[0].id, self.tenant_bar['id']) |
1580 | - |
1581 | - def test_authenticate_token_invalid_tenant_id(self): |
1582 | - from keystoneclient import exceptions as client_exceptions |
1583 | - client = self.get_client() |
1584 | - token = client.auth_token |
1585 | - self.assertRaises(client_exceptions.AuthorizationFailure, |
1586 | - self._client, token=token, tenant_id='baz') |
1587 | - |
1588 | - def test_authenticate_token_tenant_name(self): |
1589 | - client = self.get_client() |
1590 | - token = client.auth_token |
1591 | - token_client = self._client(token=token, tenant_name='BAR') |
1592 | - tenants = token_client.tenants.list() |
1593 | - self.assertEquals(tenants[0].id, self.tenant_bar['id']) |
1594 | - self.assertEquals(tenants[0].id, self.tenant_bar['id']) |
1595 | - |
1596 | - def test_authenticate_and_delete_token(self): |
1597 | - from keystoneclient import exceptions as client_exceptions |
1598 | - |
1599 | - client = self.get_client(admin=True) |
1600 | - token = client.auth_token |
1601 | - token_client = self._client(token=token) |
1602 | - tenants = token_client.tenants.list() |
1603 | - self.assertEquals(tenants[0].id, self.tenant_bar['id']) |
1604 | - |
1605 | - client.tokens.delete(token_client.auth_token) |
1606 | - |
1607 | - self.assertRaises(client_exceptions.Unauthorized, |
1608 | - token_client.tenants.list) |
1609 | - |
1610 | - def test_authenticate_no_password(self): |
1611 | - from keystoneclient import exceptions as client_exceptions |
1612 | - |
1613 | - user_ref = self.user_foo.copy() |
1614 | - user_ref['password'] = None |
1615 | - self.assertRaises(client_exceptions.AuthorizationFailure, |
1616 | - self.get_client, |
1617 | - user_ref) |
1618 | - |
1619 | - def test_authenticate_no_username(self): |
1620 | - from keystoneclient import exceptions as client_exceptions |
1621 | - |
1622 | - user_ref = self.user_foo.copy() |
1623 | - user_ref['name'] = None |
1624 | - self.assertRaises(client_exceptions.AuthorizationFailure, |
1625 | - self.get_client, |
1626 | - user_ref) |
1627 | - |
1628 | - def test_authenticate_disabled_tenant(self): |
1629 | - from keystoneclient import exceptions as client_exceptions |
1630 | - |
1631 | - admin_client = self.get_client(admin=True) |
1632 | - |
1633 | - tenant = { |
1634 | - 'name': uuid.uuid4().hex, |
1635 | - 'description': uuid.uuid4().hex, |
1636 | - 'enabled': False, |
1637 | - } |
1638 | - tenant_ref = admin_client.tenants.create( |
1639 | - tenant_name=tenant['name'], |
1640 | - description=tenant['description'], |
1641 | - enabled=tenant['enabled']) |
1642 | - tenant['id'] = tenant_ref.id |
1643 | - |
1644 | - user = { |
1645 | - 'name': uuid.uuid4().hex, |
1646 | - 'password': uuid.uuid4().hex, |
1647 | - 'email': uuid.uuid4().hex, |
1648 | - 'tenant_id': tenant['id'], |
1649 | - } |
1650 | - user_ref = admin_client.users.create( |
1651 | - name=user['name'], |
1652 | - password=user['password'], |
1653 | - email=user['email'], |
1654 | - tenant_id=user['tenant_id']) |
1655 | - user['id'] = user_ref.id |
1656 | - |
1657 | - # password authentication |
1658 | - self.assertRaises( |
1659 | - client_exceptions.Unauthorized, |
1660 | - self._client, |
1661 | - username=user['name'], |
1662 | - password=user['password'], |
1663 | - tenant_id=tenant['id']) |
1664 | - |
1665 | - # token authentication |
1666 | - client = self._client( |
1667 | - username=user['name'], |
1668 | - password=user['password']) |
1669 | - self.assertRaises( |
1670 | - client_exceptions.Unauthorized, |
1671 | - self._client, |
1672 | - token=client.auth_token, |
1673 | - tenant_id=tenant['id']) |
1674 | - |
1675 | - # FIXME(ja): this test should require the "keystone:admin" roled |
1676 | - # (probably the role set via --keystone_admin_role flag) |
1677 | - # FIXME(ja): add a test that admin endpoint is only sent to admin user |
1678 | - # FIXME(ja): add a test that admin endpoint returns unauthorized if not |
1679 | - # admin |
1680 | - def test_tenant_create_update_and_delete(self): |
1681 | - from keystoneclient import exceptions as client_exceptions |
1682 | - |
1683 | - tenant_name = 'original_tenant' |
1684 | - tenant_description = 'My original tenant!' |
1685 | - tenant_enabled = True |
1686 | - client = self.get_client(admin=True) |
1687 | - |
1688 | - # create, get, and list a tenant |
1689 | - tenant = client.tenants.create(tenant_name=tenant_name, |
1690 | - description=tenant_description, |
1691 | - enabled=tenant_enabled) |
1692 | - self.assertEquals(tenant.name, tenant_name) |
1693 | - self.assertEquals(tenant.description, tenant_description) |
1694 | - self.assertEquals(tenant.enabled, tenant_enabled) |
1695 | - |
1696 | - tenant = client.tenants.get(tenant_id=tenant.id) |
1697 | - self.assertEquals(tenant.name, tenant_name) |
1698 | - self.assertEquals(tenant.description, tenant_description) |
1699 | - self.assertEquals(tenant.enabled, tenant_enabled) |
1700 | - |
1701 | - tenant = [t for t in client.tenants.list() if t.id == tenant.id].pop() |
1702 | - self.assertEquals(tenant.name, tenant_name) |
1703 | - self.assertEquals(tenant.description, tenant_description) |
1704 | - self.assertEquals(tenant.enabled, tenant_enabled) |
1705 | - |
1706 | - # update, get, and list a tenant |
1707 | - tenant_name = 'updated_tenant' |
1708 | - tenant_description = 'Updated tenant!' |
1709 | - tenant_enabled = False |
1710 | - tenant = client.tenants.update(tenant_id=tenant.id, |
1711 | - tenant_name=tenant_name, |
1712 | - enabled=tenant_enabled, |
1713 | - description=tenant_description) |
1714 | - self.assertEquals(tenant.name, tenant_name) |
1715 | - self.assertEquals(tenant.description, tenant_description) |
1716 | - self.assertEquals(tenant.enabled, tenant_enabled) |
1717 | - |
1718 | - tenant = client.tenants.get(tenant_id=tenant.id) |
1719 | - self.assertEquals(tenant.name, tenant_name) |
1720 | - self.assertEquals(tenant.description, tenant_description) |
1721 | - self.assertEquals(tenant.enabled, tenant_enabled) |
1722 | - |
1723 | - tenant = [t for t in client.tenants.list() if t.id == tenant.id].pop() |
1724 | - self.assertEquals(tenant.name, tenant_name) |
1725 | - self.assertEquals(tenant.description, tenant_description) |
1726 | - self.assertEquals(tenant.enabled, tenant_enabled) |
1727 | - |
1728 | - # delete, get, and list a tenant |
1729 | - client.tenants.delete(tenant=tenant.id) |
1730 | - self.assertRaises(client_exceptions.NotFound, client.tenants.get, |
1731 | - tenant.id) |
1732 | - self.assertFalse([t for t in client.tenants.list() |
1733 | - if t.id == tenant.id]) |
1734 | - |
1735 | - def test_tenant_delete_404(self): |
1736 | - from keystoneclient import exceptions as client_exceptions |
1737 | - client = self.get_client(admin=True) |
1738 | - self.assertRaises(client_exceptions.NotFound, |
1739 | - client.tenants.delete, |
1740 | - tenant=uuid.uuid4().hex) |
1741 | - |
1742 | - def test_tenant_get_404(self): |
1743 | - from keystoneclient import exceptions as client_exceptions |
1744 | - client = self.get_client(admin=True) |
1745 | - self.assertRaises(client_exceptions.NotFound, |
1746 | - client.tenants.get, |
1747 | - tenant_id=uuid.uuid4().hex) |
1748 | - |
1749 | - def test_tenant_update_404(self): |
1750 | - from keystoneclient import exceptions as client_exceptions |
1751 | - client = self.get_client(admin=True) |
1752 | - self.assertRaises(client_exceptions.NotFound, |
1753 | - client.tenants.update, |
1754 | - tenant_id=uuid.uuid4().hex) |
1755 | - |
1756 | - def test_tenant_list(self): |
1757 | - client = self.get_client() |
1758 | - tenants = client.tenants.list() |
1759 | - self.assertEquals(len(tenants), 1) |
1760 | - |
1761 | - # Admin endpoint should return *all* tenants |
1762 | - client = self.get_client(admin=True) |
1763 | - tenants = client.tenants.list() |
1764 | - self.assertEquals(len(tenants), len(default_fixtures.TENANTS)) |
1765 | - |
1766 | - def test_invalid_password(self): |
1767 | - from keystoneclient import exceptions as client_exceptions |
1768 | - |
1769 | - good_client = self._client(username=self.user_foo['name'], |
1770 | - password=self.user_foo['password']) |
1771 | - good_client.tenants.list() |
1772 | - |
1773 | - self.assertRaises(client_exceptions.Unauthorized, |
1774 | - self._client, |
1775 | - username=self.user_foo['name'], |
1776 | - password='invalid') |
1777 | - |
1778 | - def test_invalid_user_password(self): |
1779 | - from keystoneclient import exceptions as client_exceptions |
1780 | - |
1781 | - self.assertRaises(client_exceptions.Unauthorized, |
1782 | - self._client, |
1783 | - username='blah', |
1784 | - password='blah') |
1785 | - |
1786 | - def test_change_password_invalidates_token(self): |
1787 | - from keystoneclient import exceptions as client_exceptions |
1788 | - |
1789 | - client = self.get_client(admin=True) |
1790 | - |
1791 | - username = uuid.uuid4().hex |
1792 | - passwd = uuid.uuid4().hex |
1793 | - user = client.users.create(name=username, password=passwd, |
1794 | - email=uuid.uuid4().hex) |
1795 | - |
1796 | - token_id = client.tokens.authenticate(username=username, |
1797 | - password=passwd).id |
1798 | - |
1799 | - # authenticate with a token should work before a password change |
1800 | - client.tokens.authenticate(token=token_id) |
1801 | - |
1802 | - client.users.update_password(user=user.id, password=uuid.uuid4().hex) |
1803 | - |
1804 | - # authenticate with a token should not work after a password change |
1805 | - self.assertRaises(client_exceptions.Unauthorized, |
1806 | - client.tokens.authenticate, |
1807 | - token=token_id) |
1808 | - |
1809 | - def test_disable_user_invalidates_token(self): |
1810 | - from keystoneclient import exceptions as client_exceptions |
1811 | - |
1812 | - admin_client = self.get_client(admin=True) |
1813 | - foo_client = self.get_client(self.user_foo) |
1814 | - |
1815 | - admin_client.users.update_enabled(user=self.user_foo['id'], |
1816 | - enabled=False) |
1817 | - |
1818 | - self.assertRaises(client_exceptions.Unauthorized, |
1819 | - foo_client.tokens.authenticate, |
1820 | - token=foo_client.auth_token) |
1821 | - |
1822 | - self.assertRaises(client_exceptions.Unauthorized, |
1823 | - self.get_client, |
1824 | - self.user_foo) |
1825 | - |
1826 | - def test_token_expiry_maintained(self): |
1827 | - foo_client = self.get_client(self.user_foo) |
1828 | - orig_token = foo_client.service_catalog.catalog['token'] |
1829 | - |
1830 | - time.sleep(1.01) |
1831 | - reauthenticated_token = foo_client.tokens.authenticate( |
1832 | - token=foo_client.auth_token) |
1833 | - |
1834 | - self.assertEquals(orig_token['expires'], |
1835 | - reauthenticated_token.expires) |
1836 | - |
1837 | - def test_user_create_update_delete(self): |
1838 | - from keystoneclient import exceptions as client_exceptions |
1839 | - |
1840 | - test_username = 'new_user' |
1841 | - client = self.get_client(admin=True) |
1842 | - user = client.users.create(name=test_username, |
1843 | - password='password', |
1844 | - email='user1@test.com') |
1845 | - self.assertEquals(user.name, test_username) |
1846 | - |
1847 | - user = client.users.get(user=user.id) |
1848 | - self.assertEquals(user.name, test_username) |
1849 | - |
1850 | - user = client.users.update(user=user, |
1851 | - name=test_username, |
1852 | - email='user2@test.com') |
1853 | - self.assertEquals(user.email, 'user2@test.com') |
1854 | - |
1855 | - # NOTE(termie): update_enabled doesn't return anything, probably a bug |
1856 | - client.users.update_enabled(user=user, enabled=False) |
1857 | - user = client.users.get(user.id) |
1858 | - self.assertFalse(user.enabled) |
1859 | - |
1860 | - self.assertRaises(client_exceptions.Unauthorized, |
1861 | - self._client, |
1862 | - username=test_username, |
1863 | - password='password') |
1864 | - client.users.update_enabled(user, True) |
1865 | - |
1866 | - user = client.users.update_password(user=user, password='password2') |
1867 | - |
1868 | - self._client(username=test_username, |
1869 | - password='password2') |
1870 | - |
1871 | - user = client.users.update_tenant(user=user, tenant='bar') |
1872 | - # TODO(ja): once keystonelight supports default tenant |
1873 | - # when you login without specifying tenant, the |
1874 | - # token should be scoped to tenant 'bar' |
1875 | - |
1876 | - client.users.delete(user.id) |
1877 | - self.assertRaises(client_exceptions.NotFound, client.users.get, |
1878 | - user.id) |
1879 | - |
1880 | - # Test creating a user with a tenant (auto-add to tenant) |
1881 | - user2 = client.users.create(name=test_username, |
1882 | - password='password', |
1883 | - email='user1@test.com', |
1884 | - tenant_id='bar') |
1885 | - self.assertEquals(user2.name, test_username) |
1886 | - |
1887 | - def test_user_create_404(self): |
1888 | - from keystoneclient import exceptions as client_exceptions |
1889 | - client = self.get_client(admin=True) |
1890 | - self.assertRaises(client_exceptions.NotFound, |
1891 | - client.users.create, |
1892 | - name=uuid.uuid4().hex, |
1893 | - password=uuid.uuid4().hex, |
1894 | - email=uuid.uuid4().hex, |
1895 | - tenant_id=uuid.uuid4().hex) |
1896 | - |
1897 | - def test_user_get_404(self): |
1898 | - from keystoneclient import exceptions as client_exceptions |
1899 | - client = self.get_client(admin=True) |
1900 | - self.assertRaises(client_exceptions.NotFound, |
1901 | - client.users.get, |
1902 | - user=uuid.uuid4().hex) |
1903 | - |
1904 | - def test_user_list_404(self): |
1905 | - from keystoneclient import exceptions as client_exceptions |
1906 | - client = self.get_client(admin=True) |
1907 | - self.assertRaises(client_exceptions.NotFound, |
1908 | - client.users.list, |
1909 | - tenant_id=uuid.uuid4().hex) |
1910 | - |
1911 | - def test_user_update_404(self): |
1912 | - from keystoneclient import exceptions as client_exceptions |
1913 | - client = self.get_client(admin=True) |
1914 | - self.assertRaises(client_exceptions.NotFound, |
1915 | - client.users.update, |
1916 | - user=uuid.uuid4().hex) |
1917 | - |
1918 | - def test_user_update_tenant_404(self): |
1919 | - raise nose.exc.SkipTest('N/A') |
1920 | - from keystoneclient import exceptions as client_exceptions |
1921 | - client = self.get_client(admin=True) |
1922 | - self.assertRaises(client_exceptions.NotFound, |
1923 | - client.users.update, |
1924 | - user=self.user_foo['id'], |
1925 | - tenant_id=uuid.uuid4().hex) |
1926 | - |
1927 | - def test_user_update_password_404(self): |
1928 | - from keystoneclient import exceptions as client_exceptions |
1929 | - client = self.get_client(admin=True) |
1930 | - self.assertRaises(client_exceptions.NotFound, |
1931 | - client.users.update_password, |
1932 | - user=uuid.uuid4().hex, |
1933 | - password=uuid.uuid4().hex) |
1934 | - |
1935 | - def test_user_delete_404(self): |
1936 | - from keystoneclient import exceptions as client_exceptions |
1937 | - client = self.get_client(admin=True) |
1938 | - self.assertRaises(client_exceptions.NotFound, |
1939 | - client.users.delete, |
1940 | - user=uuid.uuid4().hex) |
1941 | - |
1942 | - def test_user_list(self): |
1943 | - client = self.get_client(admin=True) |
1944 | - users = client.users.list() |
1945 | - self.assertTrue(len(users) > 0) |
1946 | - user = users[0] |
1947 | - self.assertRaises(AttributeError, lambda: user.password) |
1948 | - |
1949 | - def test_user_get(self): |
1950 | - client = self.get_client(admin=True) |
1951 | - user = client.users.get(user=self.user_foo['id']) |
1952 | - self.assertRaises(AttributeError, lambda: user.password) |
1953 | - |
1954 | - def test_role_get(self): |
1955 | - client = self.get_client(admin=True) |
1956 | - role = client.roles.get(role='keystone_admin') |
1957 | - self.assertEquals(role.id, 'keystone_admin') |
1958 | - |
1959 | - def test_role_crud(self): |
1960 | - from keystoneclient import exceptions as client_exceptions |
1961 | - |
1962 | - test_role = 'new_role' |
1963 | - client = self.get_client(admin=True) |
1964 | - role = client.roles.create(name=test_role) |
1965 | - self.assertEquals(role.name, test_role) |
1966 | - |
1967 | - role = client.roles.get(role=role.id) |
1968 | - self.assertEquals(role.name, test_role) |
1969 | - |
1970 | - client.roles.delete(role=role.id) |
1971 | - |
1972 | - self.assertRaises(client_exceptions.NotFound, |
1973 | - client.roles.delete, |
1974 | - role=role.id) |
1975 | - self.assertRaises(client_exceptions.NotFound, |
1976 | - client.roles.get, |
1977 | - role=role.id) |
1978 | - |
1979 | - def test_role_get_404(self): |
1980 | - from keystoneclient import exceptions as client_exceptions |
1981 | - client = self.get_client(admin=True) |
1982 | - self.assertRaises(client_exceptions.NotFound, |
1983 | - client.roles.get, |
1984 | - role=uuid.uuid4().hex) |
1985 | - |
1986 | - def test_role_delete_404(self): |
1987 | - from keystoneclient import exceptions as client_exceptions |
1988 | - client = self.get_client(admin=True) |
1989 | - self.assertRaises(client_exceptions.NotFound, |
1990 | - client.roles.delete, |
1991 | - role=uuid.uuid4().hex) |
1992 | - |
1993 | - def test_role_list_404(self): |
1994 | - from keystoneclient import exceptions as client_exceptions |
1995 | - client = self.get_client(admin=True) |
1996 | - self.assertRaises(client_exceptions.NotFound, |
1997 | - client.roles.roles_for_user, |
1998 | - user=uuid.uuid4().hex, |
1999 | - tenant=uuid.uuid4().hex) |
2000 | - self.assertRaises(client_exceptions.NotFound, |
2001 | - client.roles.roles_for_user, |
2002 | - user=self.user_foo['id'], |
2003 | - tenant=uuid.uuid4().hex) |
2004 | - self.assertRaises(client_exceptions.NotFound, |
2005 | - client.roles.roles_for_user, |
2006 | - user=uuid.uuid4().hex, |
2007 | - tenant=self.tenant_bar['id']) |
2008 | - |
2009 | - def test_role_list(self): |
2010 | - client = self.get_client(admin=True) |
2011 | - roles = client.roles.list() |
2012 | - # TODO(devcamcar): This assert should be more specific. |
2013 | - self.assertTrue(len(roles) > 0) |
2014 | - |
2015 | - def test_ec2_credential_crud(self): |
2016 | - client = self.get_client() |
2017 | - creds = client.ec2.list(user_id=self.user_foo['id']) |
2018 | - self.assertEquals(creds, []) |
2019 | - |
2020 | - cred = client.ec2.create(user_id=self.user_foo['id'], |
2021 | - tenant_id=self.tenant_bar['id']) |
2022 | - creds = client.ec2.list(user_id=self.user_foo['id']) |
2023 | - self.assertEquals(creds, [cred]) |
2024 | - |
2025 | - got = client.ec2.get(user_id=self.user_foo['id'], access=cred.access) |
2026 | - self.assertEquals(cred, got) |
2027 | - |
2028 | - client.ec2.delete(user_id=self.user_foo['id'], access=cred.access) |
2029 | - creds = client.ec2.list(user_id=self.user_foo['id']) |
2030 | - self.assertEquals(creds, []) |
2031 | - |
2032 | - def test_ec2_credentials_create_404(self): |
2033 | - from keystoneclient import exceptions as client_exceptions |
2034 | - client = self.get_client() |
2035 | - self.assertRaises(client_exceptions.NotFound, |
2036 | - client.ec2.create, |
2037 | - user_id=uuid.uuid4().hex, |
2038 | - tenant_id=self.tenant_bar['id']) |
2039 | - self.assertRaises(client_exceptions.NotFound, |
2040 | - client.ec2.create, |
2041 | - user_id=self.user_foo['id'], |
2042 | - tenant_id=uuid.uuid4().hex) |
2043 | - |
2044 | - def test_ec2_credentials_delete_404(self): |
2045 | - from keystoneclient import exceptions as client_exceptions |
2046 | - client = self.get_client() |
2047 | - self.assertRaises(client_exceptions.NotFound, |
2048 | - client.ec2.delete, |
2049 | - user_id=uuid.uuid4().hex, |
2050 | - access=uuid.uuid4().hex) |
2051 | - |
2052 | - def test_ec2_credentials_get_404(self): |
2053 | - from keystoneclient import exceptions as client_exceptions |
2054 | - client = self.get_client() |
2055 | - self.assertRaises(client_exceptions.NotFound, |
2056 | - client.ec2.get, |
2057 | - user_id=uuid.uuid4().hex, |
2058 | - access=uuid.uuid4().hex) |
2059 | - |
2060 | - def test_ec2_credentials_list_404(self): |
2061 | - from keystoneclient import exceptions as client_exceptions |
2062 | - client = self.get_client() |
2063 | - self.assertRaises(client_exceptions.NotFound, |
2064 | - client.ec2.list, |
2065 | - user_id=uuid.uuid4().hex) |
2066 | - |
2067 | - def test_ec2_credentials_list_user_forbidden(self): |
2068 | - from keystoneclient import exceptions as client_exceptions |
2069 | - |
2070 | - two = self.get_client(self.user_two) |
2071 | - self.assertRaises(client_exceptions.Forbidden, two.ec2.list, |
2072 | - user_id=self.user_foo['id']) |
2073 | - |
2074 | - def test_ec2_credentials_get_user_forbidden(self): |
2075 | - from keystoneclient import exceptions as client_exceptions |
2076 | - |
2077 | - foo = self.get_client() |
2078 | - cred = foo.ec2.create(user_id=self.user_foo['id'], |
2079 | - tenant_id=self.tenant_bar['id']) |
2080 | - |
2081 | - two = self.get_client(self.user_two) |
2082 | - self.assertRaises(client_exceptions.Forbidden, two.ec2.get, |
2083 | - user_id=self.user_foo['id'], access=cred.access) |
2084 | - |
2085 | - foo.ec2.delete(user_id=self.user_foo['id'], access=cred.access) |
2086 | - |
2087 | - def test_ec2_credentials_delete_user_forbidden(self): |
2088 | - from keystoneclient import exceptions as client_exceptions |
2089 | - |
2090 | - foo = self.get_client() |
2091 | - cred = foo.ec2.create(user_id=self.user_foo['id'], |
2092 | - tenant_id=self.tenant_bar['id']) |
2093 | - |
2094 | - two = self.get_client(self.user_two) |
2095 | - self.assertRaises(client_exceptions.Forbidden, two.ec2.delete, |
2096 | - user_id=self.user_foo['id'], access=cred.access) |
2097 | - |
2098 | - foo.ec2.delete(user_id=self.user_foo['id'], access=cred.access) |
2099 | - |
2100 | - def test_service_create_and_delete(self): |
2101 | - from keystoneclient import exceptions as client_exceptions |
2102 | - |
2103 | - test_service = 'new_service' |
2104 | - client = self.get_client(admin=True) |
2105 | - service = client.services.create(name=test_service, |
2106 | - service_type='test', |
2107 | - description='test') |
2108 | - self.assertEquals(service.name, test_service) |
2109 | - |
2110 | - service = client.services.get(id=service.id) |
2111 | - self.assertEquals(service.name, test_service) |
2112 | - |
2113 | - client.services.delete(id=service.id) |
2114 | - self.assertRaises(client_exceptions.NotFound, client.services.get, |
2115 | - id=service.id) |
2116 | - |
2117 | - def test_service_list(self): |
2118 | - client = self.get_client(admin=True) |
2119 | - test_service = 'new_service' |
2120 | - service = client.services.create(name=test_service, |
2121 | - service_type='test', |
2122 | - description='test') |
2123 | - services = client.services.list() |
2124 | - # TODO(devcamcar): This assert should be more specific. |
2125 | - self.assertTrue(len(services) > 0) |
2126 | - |
2127 | - def test_service_delete_404(self): |
2128 | - from keystoneclient import exceptions as client_exceptions |
2129 | - client = self.get_client(admin=True) |
2130 | - self.assertRaises(client_exceptions.NotFound, |
2131 | - client.services.delete, |
2132 | - id=uuid.uuid4().hex) |
2133 | - |
2134 | - def test_service_get_404(self): |
2135 | - from keystoneclient import exceptions as client_exceptions |
2136 | - client = self.get_client(admin=True) |
2137 | - self.assertRaises(client_exceptions.NotFound, |
2138 | - client.services.get, |
2139 | - id=uuid.uuid4().hex) |
2140 | - |
2141 | - def test_endpoint_create_404(self): |
2142 | - from keystoneclient import exceptions as client_exceptions |
2143 | - client = self.get_client(admin=True) |
2144 | - self.assertRaises(client_exceptions.NotFound, |
2145 | - client.endpoints.create, |
2146 | - region=uuid.uuid4().hex, |
2147 | - service_id=uuid.uuid4().hex, |
2148 | - publicurl=uuid.uuid4().hex, |
2149 | - adminurl=uuid.uuid4().hex, |
2150 | - internalurl=uuid.uuid4().hex) |
2151 | - |
2152 | - def test_endpoint_delete_404(self): |
2153 | - # the catalog backend is expected to return Not Implemented |
2154 | - from keystoneclient import exceptions as client_exceptions |
2155 | - client = self.get_client(admin=True) |
2156 | - self.assertRaises(client_exceptions.HTTPNotImplemented, |
2157 | - client.endpoints.delete, |
2158 | - id=uuid.uuid4().hex) |
2159 | - |
2160 | - def test_admin_requires_adminness(self): |
2161 | - from keystoneclient import exceptions as client_exceptions |
2162 | - # FIXME(ja): this should be Unauthorized |
2163 | - exception = client_exceptions.ClientException |
2164 | - |
2165 | - two = self.get_client(self.user_two, admin=True) # non-admin user |
2166 | - |
2167 | - # USER CRUD |
2168 | - self.assertRaises(exception, |
2169 | - two.users.list) |
2170 | - self.assertRaises(exception, |
2171 | - two.users.get, |
2172 | - user=self.user_two['id']) |
2173 | - self.assertRaises(exception, |
2174 | - two.users.create, |
2175 | - name='oops', |
2176 | - password='password', |
2177 | - email='oops@test.com') |
2178 | - self.assertRaises(exception, |
2179 | - two.users.delete, |
2180 | - user=self.user_foo['id']) |
2181 | - |
2182 | - # TENANT CRUD |
2183 | - self.assertRaises(exception, |
2184 | - two.tenants.list) |
2185 | - self.assertRaises(exception, |
2186 | - two.tenants.get, |
2187 | - tenant_id=self.tenant_bar['id']) |
2188 | - self.assertRaises(exception, |
2189 | - two.tenants.create, |
2190 | - tenant_name='oops', |
2191 | - description="shouldn't work!", |
2192 | - enabled=True) |
2193 | - self.assertRaises(exception, |
2194 | - two.tenants.delete, |
2195 | - tenant=self.tenant_baz['id']) |
2196 | - |
2197 | - # ROLE CRUD |
2198 | - self.assertRaises(exception, |
2199 | - two.roles.get, |
2200 | - role='keystone_admin') |
2201 | - self.assertRaises(exception, |
2202 | - two.roles.list) |
2203 | - self.assertRaises(exception, |
2204 | - two.roles.create, |
2205 | - name='oops') |
2206 | - self.assertRaises(exception, |
2207 | - two.roles.delete, |
2208 | - role='keystone_admin') |
2209 | - |
2210 | - # TODO(ja): MEMBERSHIP CRUD |
2211 | - # TODO(ja): determine what else todo |
2212 | - |
2213 | - |
2214 | -class KcMasterTestCase(CompatTestCase, KeystoneClientTests): |
2215 | - def test_tenant_add_and_remove_user(self): |
2216 | - client = self.get_client(admin=True) |
2217 | - client.roles.add_user_role(tenant=self.tenant_baz['id'], |
2218 | - user=self.user_foo['id'], |
2219 | - role=self.role_useless['id']) |
2220 | - user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) |
2221 | - self.assert_(self.user_foo['id'] in [x.id for x in user_refs]) |
2222 | - client.roles.remove_user_role(tenant=self.tenant_baz['id'], |
2223 | - user=self.user_foo['id'], |
2224 | - role=self.role_useless['id']) |
2225 | - user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) |
2226 | - self.assert_(self.user_foo['id'] not in [x.id for x in user_refs]) |
2227 | - |
2228 | - def test_user_role_add_404(self): |
2229 | - from keystoneclient import exceptions as client_exceptions |
2230 | - client = self.get_client(admin=True) |
2231 | - self.assertRaises(client_exceptions.NotFound, |
2232 | - client.roles.add_user_role, |
2233 | - tenant=uuid.uuid4().hex, |
2234 | - user=self.user_foo['id'], |
2235 | - role=self.role_useless['id']) |
2236 | - self.assertRaises(client_exceptions.NotFound, |
2237 | - client.roles.add_user_role, |
2238 | - tenant=self.tenant_baz['id'], |
2239 | - user=uuid.uuid4().hex, |
2240 | - role=self.role_useless['id']) |
2241 | - self.assertRaises(client_exceptions.NotFound, |
2242 | - client.roles.add_user_role, |
2243 | - tenant=self.tenant_baz['id'], |
2244 | - user=self.user_foo['id'], |
2245 | - role=uuid.uuid4().hex) |
2246 | - |
2247 | - def test_user_role_remove_404(self): |
2248 | - from keystoneclient import exceptions as client_exceptions |
2249 | - client = self.get_client(admin=True) |
2250 | - self.assertRaises(client_exceptions.NotFound, |
2251 | - client.roles.remove_user_role, |
2252 | - tenant=uuid.uuid4().hex, |
2253 | - user=self.user_foo['id'], |
2254 | - role=self.role_useless['id']) |
2255 | - self.assertRaises(client_exceptions.NotFound, |
2256 | - client.roles.remove_user_role, |
2257 | - tenant=self.tenant_baz['id'], |
2258 | - user=uuid.uuid4().hex, |
2259 | - role=self.role_useless['id']) |
2260 | - self.assertRaises(client_exceptions.NotFound, |
2261 | - client.roles.remove_user_role, |
2262 | - tenant=self.tenant_baz['id'], |
2263 | - user=self.user_foo['id'], |
2264 | - role=uuid.uuid4().hex) |
2265 | - self.assertRaises(client_exceptions.NotFound, |
2266 | - client.roles.remove_user_role, |
2267 | - tenant=self.tenant_baz['id'], |
2268 | - user=self.user_foo['id'], |
2269 | - role=self.role_useless['id']) |
2270 | - |
2271 | - def test_tenant_list_marker(self): |
2272 | - client = self.get_client() |
2273 | - |
2274 | - # Add two arbitrary tenants to user for testing purposes |
2275 | - for i in range(2): |
2276 | - tenant_id = uuid.uuid4().hex |
2277 | - tenant = {'name': 'tenant-%s' % tenant_id, 'id': tenant_id} |
2278 | - self.identity_api.create_tenant(tenant_id, tenant) |
2279 | - self.identity_api.add_user_to_tenant(tenant_id, |
2280 | - self.user_foo['id']) |
2281 | - |
2282 | - tenants = client.tenants.list() |
2283 | - self.assertEqual(len(tenants), 3) |
2284 | - |
2285 | - tenants_marker = client.tenants.list(marker=tenants[0].id) |
2286 | - self.assertEqual(len(tenants_marker), 2) |
2287 | - self.assertEqual(tenants[1].name, tenants_marker[0].name) |
2288 | - self.assertEqual(tenants[2].name, tenants_marker[1].name) |
2289 | - |
2290 | - def test_tenant_list_marker_not_found(self): |
2291 | - from keystoneclient import exceptions as client_exceptions |
2292 | - |
2293 | - client = self.get_client() |
2294 | - self.assertRaises(client_exceptions.BadRequest, |
2295 | - client.tenants.list, marker=uuid.uuid4().hex) |
2296 | - |
2297 | - def test_tenant_list_limit(self): |
2298 | - client = self.get_client() |
2299 | - |
2300 | - # Add two arbitrary tenants to user for testing purposes |
2301 | - for i in range(2): |
2302 | - tenant_id = uuid.uuid4().hex |
2303 | - tenant = {'name': 'tenant-%s' % tenant_id, 'id': tenant_id} |
2304 | - self.identity_api.create_tenant(tenant_id, tenant) |
2305 | - self.identity_api.add_user_to_tenant(tenant_id, |
2306 | - self.user_foo['id']) |
2307 | - |
2308 | - tenants = client.tenants.list() |
2309 | - self.assertEqual(len(tenants), 3) |
2310 | - |
2311 | - tenants_limited = client.tenants.list(limit=2) |
2312 | - self.assertEqual(len(tenants_limited), 2) |
2313 | - self.assertEqual(tenants[0].name, tenants_limited[0].name) |
2314 | - self.assertEqual(tenants[1].name, tenants_limited[1].name) |
2315 | - |
2316 | - def test_tenant_list_limit_bad_value(self): |
2317 | - from keystoneclient import exceptions as client_exceptions |
2318 | - |
2319 | - client = self.get_client() |
2320 | - self.assertRaises(client_exceptions.BadRequest, |
2321 | - client.tenants.list, limit='a') |
2322 | - self.assertRaises(client_exceptions.BadRequest, |
2323 | - client.tenants.list, limit=-1) |
2324 | - |
2325 | - def test_roles_get_by_user(self): |
2326 | - client = self.get_client(admin=True) |
2327 | - roles = client.roles.roles_for_user(user=self.user_foo['id'], |
2328 | - tenant=self.tenant_bar['id']) |
2329 | - self.assertTrue(len(roles) > 0) |
2330 | - |
2331 | - |
2332 | -class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): |
2333 | - def test_tenant_add_and_remove_user(self): |
2334 | - raise nose.exc.SkipTest('Keystoneclient Essex 3 tests disabled.') |
2335 | - client = self.get_client(admin=True) |
2336 | - client.roles.add_user_to_tenant(tenant_id=self.tenant_baz['id'], |
2337 | - user_id=self.user_foo['id'], |
2338 | - role_id=self.role_useless['id']) |
2339 | - role_refs = client.roles.get_user_role_refs( |
2340 | - user_id=self.user_foo['id']) |
2341 | - self.assert_(self.tenant_baz['id'] in [x.tenantId for x in role_refs]) |
2342 | - |
2343 | - # get the "role_refs" so we get the proper id, this is how the clients |
2344 | - # do it |
2345 | - roleref_refs = client.roles.get_user_role_refs( |
2346 | - user_id=self.user_foo['id']) |
2347 | - for roleref_ref in roleref_refs: |
2348 | - if (roleref_ref.roleId == self.role_useless['id'] |
2349 | - and roleref_ref.tenantId == self.tenant_baz['id']): |
2350 | - # use python's scope fall through to leave roleref_ref set |
2351 | - break |
2352 | - |
2353 | - client.roles.remove_user_from_tenant(tenant_id=self.tenant_baz['id'], |
2354 | - user_id=self.user_foo['id'], |
2355 | - role_id=roleref_ref.id) |
2356 | - |
2357 | - role_refs = client.roles.get_user_role_refs( |
2358 | - user_id=self.user_foo['id']) |
2359 | - self.assert_(self.tenant_baz['id'] not in |
2360 | - [x.tenantId for x in role_refs]) |
2361 | - |
2362 | - def test_roles_get_by_user(self): |
2363 | - raise nose.exc.SkipTest('Keystoneclient Essex 3 tests disabled.') |
2364 | - client = self.get_client(admin=True) |
2365 | - roles = client.roles.get_user_role_refs(user_id='foo') |
2366 | - self.assertTrue(len(roles) > 0) |
2367 | - |
2368 | - def test_role_list_404(self): |
2369 | - raise nose.exc.SkipTest('N/A') |
2370 | - |
2371 | - def test_authenticate_and_delete_token(self): |
2372 | - raise nose.exc.SkipTest('N/A') |
2373 | - |
2374 | - def test_user_create_update_delete(self): |
2375 | - raise nose.exc.SkipTest('Keystoneclient Essex 3 tests disabled.') |
2376 | - from keystoneclient import exceptions as client_exceptions |
2377 | - |
2378 | - test_username = 'new_user' |
2379 | - client = self.get_client(admin=True) |
2380 | - user = client.users.create(name=test_username, |
2381 | - password='password', |
2382 | - email='user1@test.com') |
2383 | - self.assertEquals(user.name, test_username) |
2384 | - |
2385 | - user = client.users.get(user=user.id) |
2386 | - self.assertEquals(user.name, test_username) |
2387 | - |
2388 | - user = client.users.update_email(user=user, email='user2@test.com') |
2389 | - self.assertEquals(user.email, 'user2@test.com') |
2390 | - |
2391 | - # NOTE(termie): update_enabled doesn't return anything, probably a bug |
2392 | - client.users.update_enabled(user=user, enabled=False) |
2393 | - user = client.users.get(user.id) |
2394 | - self.assertFalse(user.enabled) |
2395 | - |
2396 | - self.assertRaises(client_exceptions.Unauthorized, |
2397 | - self._client, |
2398 | - username=test_username, |
2399 | - password='password') |
2400 | - client.users.update_enabled(user, True) |
2401 | - |
2402 | - user = client.users.update_password(user=user, password='password2') |
2403 | - |
2404 | - self._client(username=test_username, |
2405 | - password='password2') |
2406 | - |
2407 | - user = client.users.update_tenant(user=user, tenant='bar') |
2408 | - # TODO(ja): once keystonelight supports default tenant |
2409 | - # when you login without specifying tenant, the |
2410 | - # token should be scoped to tenant 'bar' |
2411 | - |
2412 | - client.users.delete(user.id) |
2413 | - self.assertRaises(client_exceptions.NotFound, client.users.get, |
2414 | - user.id) |
2415 | - |
2416 | - def test_user_update_404(self): |
2417 | - raise nose.exc.SkipTest('N/A') |
2418 | - |
2419 | - def test_endpoint_create_404(self): |
2420 | - raise nose.exc.SkipTest('N/A') |
2421 | - |
2422 | - def test_endpoint_delete_404(self): |
2423 | - raise nose.exc.SkipTest('N/A') |
2424 | |
2425 | === removed directory '.pc/keystone-CVE-2012-5571.patch' |
2426 | === removed directory '.pc/keystone-CVE-2012-5571.patch/keystone' |
2427 | === removed directory '.pc/keystone-CVE-2012-5571.patch/keystone/contrib' |
2428 | === removed directory '.pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2' |
2429 | === removed file '.pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2/core.py' |
2430 | --- .pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2/core.py 2012-11-26 14:07:34 +0000 |
2431 | +++ .pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2/core.py 1970-01-01 00:00:00 +0000 |
2432 | @@ -1,347 +0,0 @@ |
2433 | -# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
2434 | - |
2435 | -# Copyright 2012 OpenStack LLC |
2436 | -# |
2437 | -# Licensed under the Apache License, Version 2.0 (the "License"); you may |
2438 | -# not use this file except in compliance with the License. You may obtain |
2439 | -# a copy of the License at |
2440 | -# |
2441 | -# http://www.apache.org/licenses/LICENSE-2.0 |
2442 | -# |
2443 | -# Unless required by applicable law or agreed to in writing, software |
2444 | -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
2445 | -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
2446 | -# License for the specific language governing permissions and limitations |
2447 | -# under the License. |
2448 | - |
2449 | -"""Main entry point into the EC2 Credentials service. |
2450 | - |
2451 | -This service allows the creation of access/secret credentials used for |
2452 | -the ec2 interop layer of OpenStack. |
2453 | - |
2454 | -A user can create as many access/secret pairs, each of which map to a |
2455 | -specific tenant. This is required because OpenStack supports a user |
2456 | -belonging to multiple tenants, whereas the signatures created on ec2-style |
2457 | -requests don't allow specification of which tenant the user wishs to act |
2458 | -upon. |
2459 | - |
2460 | -To complete the cycle, we provide a method that OpenStack services can |
2461 | -use to validate a signature and get a corresponding openstack token. This |
2462 | -token allows method calls to other services within the context the |
2463 | -access/secret was created. As an example, nova requests keystone to validate |
2464 | -the signature of a request, receives a token, and then makes a request to |
2465 | -glance to list images needed to perform the requested task. |
2466 | - |
2467 | -""" |
2468 | - |
2469 | -import uuid |
2470 | - |
2471 | -from keystone import catalog |
2472 | -from keystone import config |
2473 | -from keystone import exception |
2474 | -from keystone import identity |
2475 | -from keystone import policy |
2476 | -from keystone import service |
2477 | -from keystone import token |
2478 | -from keystone.common import manager |
2479 | -from keystone.common import utils |
2480 | -from keystone.common import wsgi |
2481 | - |
2482 | - |
2483 | -CONF = config.CONF |
2484 | - |
2485 | - |
2486 | -class Manager(manager.Manager): |
2487 | - """Default pivot point for the EC2 Credentials backend. |
2488 | - |
2489 | - See :mod:`keystone.common.manager.Manager` for more details on how this |
2490 | - dynamically calls the backend. |
2491 | - |
2492 | - """ |
2493 | - |
2494 | - def __init__(self): |
2495 | - super(Manager, self).__init__(CONF.ec2.driver) |
2496 | - |
2497 | - |
2498 | -class Ec2Extension(wsgi.ExtensionRouter): |
2499 | - def add_routes(self, mapper): |
2500 | - ec2_controller = Ec2Controller() |
2501 | - # validation |
2502 | - mapper.connect('/ec2tokens', |
2503 | - controller=ec2_controller, |
2504 | - action='authenticate', |
2505 | - conditions=dict(method=['POST'])) |
2506 | - |
2507 | - # crud |
2508 | - mapper.connect('/users/{user_id}/credentials/OS-EC2', |
2509 | - controller=ec2_controller, |
2510 | - action='create_credential', |
2511 | - conditions=dict(method=['POST'])) |
2512 | - mapper.connect('/users/{user_id}/credentials/OS-EC2', |
2513 | - controller=ec2_controller, |
2514 | - action='get_credentials', |
2515 | - conditions=dict(method=['GET'])) |
2516 | - mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}', |
2517 | - controller=ec2_controller, |
2518 | - action='get_credential', |
2519 | - conditions=dict(method=['GET'])) |
2520 | - mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}', |
2521 | - controller=ec2_controller, |
2522 | - action='delete_credential', |
2523 | - conditions=dict(method=['DELETE'])) |
2524 | - |
2525 | - |
2526 | -class Ec2Controller(wsgi.Application): |
2527 | - def __init__(self): |
2528 | - self.catalog_api = catalog.Manager() |
2529 | - self.identity_api = identity.Manager() |
2530 | - self.token_api = token.Manager() |
2531 | - self.policy_api = policy.Manager() |
2532 | - self.ec2_api = Manager() |
2533 | - super(Ec2Controller, self).__init__() |
2534 | - |
2535 | - def check_signature(self, creds_ref, credentials): |
2536 | - signer = utils.Ec2Signer(creds_ref['secret']) |
2537 | - signature = signer.generate(credentials) |
2538 | - if utils.auth_str_equal(credentials['signature'], signature): |
2539 | - return |
2540 | - # NOTE(vish): Some libraries don't use the port when signing |
2541 | - # requests, so try again without port. |
2542 | - elif ':' in credentials['signature']: |
2543 | - hostname, _port = credentials['host'].split(':') |
2544 | - credentials['host'] = hostname |
2545 | - signature = signer.generate(credentials) |
2546 | - if not utils.auth_str_equal(credentials.signature, signature): |
2547 | - raise exception.Unauthorized(message='Invalid EC2 signature.') |
2548 | - else: |
2549 | - raise exception.Unauthorized(message='EC2 signature not supplied.') |
2550 | - |
2551 | - def authenticate(self, context, credentials=None, |
2552 | - ec2Credentials=None): |
2553 | - """Validate a signed EC2 request and provide a token. |
2554 | - |
2555 | - Other services (such as Nova) use this **admin** call to determine |
2556 | - if a request they signed received is from a valid user. |
2557 | - |
2558 | - If it is a valid signature, an openstack token that maps |
2559 | - to the user/tenant is returned to the caller, along with |
2560 | - all the other details returned from a normal token validation |
2561 | - call. |
2562 | - |
2563 | - The returned token is useful for making calls to other |
2564 | - OpenStack services within the context of the request. |
2565 | - |
2566 | - :param context: standard context |
2567 | - :param credentials: dict of ec2 signature |
2568 | - :param ec2Credentials: DEPRECATED dict of ec2 signature |
2569 | - :returns: token: openstack token equivalent to access key along |
2570 | - with the corresponding service catalog and roles |
2571 | - """ |
2572 | - |
2573 | - # FIXME(ja): validate that a service token was used! |
2574 | - |
2575 | - # NOTE(termie): backwards compat hack |
2576 | - if not credentials and ec2Credentials: |
2577 | - credentials = ec2Credentials |
2578 | - |
2579 | - if not 'access' in credentials: |
2580 | - raise exception.Unauthorized(message='EC2 signature not supplied.') |
2581 | - |
2582 | - creds_ref = self._get_credentials(context, |
2583 | - credentials['access']) |
2584 | - self.check_signature(creds_ref, credentials) |
2585 | - |
2586 | - # TODO(termie): don't create new tokens every time |
2587 | - # TODO(termie): this is copied from TokenController.authenticate |
2588 | - token_id = uuid.uuid4().hex |
2589 | - tenant_ref = self.identity_api.get_tenant( |
2590 | - context=context, |
2591 | - tenant_id=creds_ref['tenant_id']) |
2592 | - user_ref = self.identity_api.get_user( |
2593 | - context=context, |
2594 | - user_id=creds_ref['user_id']) |
2595 | - metadata_ref = self.identity_api.get_metadata( |
2596 | - context=context, |
2597 | - user_id=user_ref['id'], |
2598 | - tenant_id=tenant_ref['id']) |
2599 | - catalog_ref = self.catalog_api.get_catalog( |
2600 | - context=context, |
2601 | - user_id=user_ref['id'], |
2602 | - tenant_id=tenant_ref['id'], |
2603 | - metadata=metadata_ref) |
2604 | - |
2605 | - token_ref = self.token_api.create_token( |
2606 | - context, token_id, dict(id=token_id, |
2607 | - user=user_ref, |
2608 | - tenant=tenant_ref, |
2609 | - metadata=metadata_ref)) |
2610 | - |
2611 | - # TODO(termie): optimize this call at some point and put it into the |
2612 | - # the return for metadata |
2613 | - # fill out the roles in the metadata |
2614 | - roles_ref = [] |
2615 | - for role_id in metadata_ref.get('roles', []): |
2616 | - roles_ref.append(self.identity_api.get_role(context, role_id)) |
2617 | - |
2618 | - # TODO(termie): make this a util function or something |
2619 | - # TODO(termie): i don't think the ec2 middleware currently expects a |
2620 | - # full return, but it contains a note saying that it |
2621 | - # would be better to expect a full return |
2622 | - token_controller = service.TokenController() |
2623 | - return token_controller._format_authenticate( |
2624 | - token_ref, roles_ref, catalog_ref) |
2625 | - |
2626 | - def create_credential(self, context, user_id, tenant_id): |
2627 | - """Create a secret/access pair for use with ec2 style auth. |
2628 | - |
2629 | - Generates a new set of credentials that map the the user/tenant |
2630 | - pair. |
2631 | - |
2632 | - :param context: standard context |
2633 | - :param user_id: id of user |
2634 | - :param tenant_id: id of tenant |
2635 | - :returns: credential: dict of ec2 credential |
2636 | - """ |
2637 | - if not self._is_admin(context): |
2638 | - self._assert_identity(context, user_id) |
2639 | - |
2640 | - self._assert_valid_user_id(context, user_id) |
2641 | - self._assert_valid_tenant_id(context, tenant_id) |
2642 | - |
2643 | - cred_ref = {'user_id': user_id, |
2644 | - 'tenant_id': tenant_id, |
2645 | - 'access': uuid.uuid4().hex, |
2646 | - 'secret': uuid.uuid4().hex} |
2647 | - self.ec2_api.create_credential(context, cred_ref['access'], cred_ref) |
2648 | - return {'credential': cred_ref} |
2649 | - |
2650 | - def get_credentials(self, context, user_id): |
2651 | - """List all credentials for a user. |
2652 | - |
2653 | - :param context: standard context |
2654 | - :param user_id: id of user |
2655 | - :returns: credentials: list of ec2 credential dicts |
2656 | - """ |
2657 | - if not self._is_admin(context): |
2658 | - self._assert_identity(context, user_id) |
2659 | - self._assert_valid_user_id(context, user_id) |
2660 | - return {'credentials': self.ec2_api.list_credentials(context, user_id)} |
2661 | - |
2662 | - def get_credential(self, context, user_id, credential_id): |
2663 | - """Retreive a user's access/secret pair by the access key. |
2664 | - |
2665 | - Grab the full access/secret pair for a given access key. |
2666 | - |
2667 | - :param context: standard context |
2668 | - :param user_id: id of user |
2669 | - :param credential_id: access key for credentials |
2670 | - :returns: credential: dict of ec2 credential |
2671 | - """ |
2672 | - if not self._is_admin(context): |
2673 | - self._assert_identity(context, user_id) |
2674 | - self._assert_valid_user_id(context, user_id) |
2675 | - creds = self._get_credentials(context, credential_id) |
2676 | - return {'credential': creds} |
2677 | - |
2678 | - def delete_credential(self, context, user_id, credential_id): |
2679 | - """Delete a user's access/secret pair. |
2680 | - |
2681 | - Used to revoke a user's access/secret pair |
2682 | - |
2683 | - :param context: standard context |
2684 | - :param user_id: id of user |
2685 | - :param credential_id: access key for credentials |
2686 | - :returns: bool: success |
2687 | - """ |
2688 | - if not self._is_admin(context): |
2689 | - self._assert_identity(context, user_id) |
2690 | - self._assert_owner(context, user_id, credential_id) |
2691 | - |
2692 | - self._assert_valid_user_id(context, user_id) |
2693 | - self._get_credentials(context, credential_id) |
2694 | - return self.ec2_api.delete_credential(context, credential_id) |
2695 | - |
2696 | - def _get_credentials(self, context, credential_id): |
2697 | - """Return credentials from an ID. |
2698 | - |
2699 | - :param context: standard context |
2700 | - :param credential_id: id of credential |
2701 | - :raises exception.Unauthorized: when credential id is invalid |
2702 | - :returns: credential: dict of ec2 credential. |
2703 | - """ |
2704 | - creds = self.ec2_api.get_credential(context, |
2705 | - credential_id) |
2706 | - if not creds: |
2707 | - raise exception.Unauthorized(message='EC2 access key not found.') |
2708 | - return creds |
2709 | - |
2710 | - def _assert_identity(self, context, user_id): |
2711 | - """Check that the provided token belongs to the user. |
2712 | - |
2713 | - :param context: standard context |
2714 | - :param user_id: id of user |
2715 | - :raises exception.Forbidden: when token is invalid |
2716 | - |
2717 | - """ |
2718 | - try: |
2719 | - token_ref = self.token_api.get_token(context=context, |
2720 | - token_id=context['token_id']) |
2721 | - except exception.TokenNotFound: |
2722 | - raise exception.Unauthorized() |
2723 | - token_user_id = token_ref['user'].get('id') |
2724 | - if not token_user_id == user_id: |
2725 | - raise exception.Forbidden() |
2726 | - |
2727 | - def _is_admin(self, context): |
2728 | - """Wrap admin assertion error return statement. |
2729 | - |
2730 | - :param context: standard context |
2731 | - :returns: bool: success |
2732 | - |
2733 | - """ |
2734 | - try: |
2735 | - self.assert_admin(context) |
2736 | - return True |
2737 | - except exception.Forbidden: |
2738 | - return False |
2739 | - |
2740 | - def _assert_owner(self, context, user_id, credential_id): |
2741 | - """Ensure the provided user owns the credential. |
2742 | - |
2743 | - :param context: standard context |
2744 | - :param user_id: expected credential owner |
2745 | - :param credential_id: id of credential object |
2746 | - :raises exception.Forbidden: on failure |
2747 | - |
2748 | - """ |
2749 | - cred_ref = self.ec2_api.get_credential(context, credential_id) |
2750 | - if not user_id == cred_ref['user_id']: |
2751 | - raise exception.Forbidden() |
2752 | - |
2753 | - def _assert_valid_user_id(self, context, user_id): |
2754 | - """Ensure a valid user id. |
2755 | - |
2756 | - :param context: standard context |
2757 | - :param user_id: expected credential owner |
2758 | - :raises exception.UserNotFound: on failure |
2759 | - |
2760 | - """ |
2761 | - user_ref = self.identity_api.get_user( |
2762 | - context=context, |
2763 | - user_id=user_id) |
2764 | - if not user_ref: |
2765 | - raise exception.UserNotFound(user_id=user_id) |
2766 | - |
2767 | - def _assert_valid_tenant_id(self, context, tenant_id): |
2768 | - """Ensure a valid tenant id. |
2769 | - |
2770 | - :param context: standard context |
2771 | - :param user_id: expected credential owner |
2772 | - :raises exception.UserNotFound: on failure |
2773 | - |
2774 | - """ |
2775 | - tenant_ref = self.identity_api.get_tenant( |
2776 | - context=context, |
2777 | - tenant_id=tenant_id) |
2778 | - if not tenant_ref: |
2779 | - raise exception.TenantNotFound(tenant_id=tenant_id) |
2780 | |
2781 | === added file 'ChangeLog' |
2782 | --- ChangeLog 1970-01-01 00:00:00 +0000 |
2783 | +++ ChangeLog 2012-12-18 13:48:25 +0000 |
2784 | @@ -0,0 +1,29735 @@ |
2785 | +commit c17a9992c8a94c7728bd762115874f125c0905b7 |
2786 | +Merge: 025b1d5 8735009 |
2787 | +Author: Jenkins <jenkins@review.openstack.org> |
2788 | +Date: Thu Nov 22 19:41:20 2012 +0000 |
2789 | + |
2790 | + Merge "Ensures User is member of tenant in ec2 validation" into stable/essex |
2791 | + |
2792 | +commit 025b1d52e61fff4dff913fc58d0de81712b808b6 |
2793 | +Author: Ionuț Arțăriși <iartarisi@suse.cz> |
2794 | +Date: Wed Oct 31 14:32:04 2012 +0100 |
2795 | + |
2796 | + pin sqlalchemy to 0.7 |
2797 | + |
2798 | + sqlalchemy 0.8.0b1 breaks some dependencies such as sqlalchemy-migrate, pin the version until we fix them |
2799 | + |
2800 | + Essex backport note: lower bound is not defined, Essex is known to work |
2801 | + with older sqlalchemy versions e.g. precise has 0.7.4 |
2802 | + |
2803 | + Fixes bug #1073569 |
2804 | + |
2805 | + Change-Id: I6620276bf8f0a7cbc1d51aa226cd33c512e59a48 |
2806 | + |
2807 | + tools/pip-requires | 4 ++-- |
2808 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
2809 | + |
2810 | +commit 8735009dc5b895db265a1cd573f39f4acfca2a19 |
2811 | +Author: Vishvananda Ishaya <vishvananda@gmail.com> |
2812 | +Date: Tue Nov 13 15:49:19 2012 -0800 |
2813 | + |
2814 | + Ensures User is member of tenant in ec2 validation |
2815 | + |
2816 | + It is possible that a user is no longer a member of a tenant when |
2817 | + they attempt to use an ec2 token. This checks to make sure that |
2818 | + the user still has at least one valid role in the tenant before |
2819 | + authenticating them. This should automatically work for the s3 |
2820 | + version as well since it is a subclass. |
2821 | + |
2822 | + Fixes bug 1064914 |
2823 | + |
2824 | + Change-Id: Ieb237bae936a7b00ce7ba4d4c59aec6c7a69ec21 |
2825 | + |
2826 | + keystone/contrib/ec2/core.py | 23 +++++++++++++---------- |
2827 | + 1 file changed, 13 insertions(+), 10 deletions(-) |
2828 | + |
2829 | +commit ddb40198c9323ff8dc82a44a72e456a7bfe736b8 |
2830 | +Author: Mark McLoughlin <markmc@redhat.com> |
2831 | +Date: Thu Oct 11 20:44:32 2012 +0100 |
2832 | + |
2833 | + Open 2012.1.4 development |
2834 | + |
2835 | + Bump version to 2012.1.4 to formally open development after the release |
2836 | + of 2012.1.3. |
2837 | + |
2838 | + See http://wiki.openstack.org/StableBranchRelease |
2839 | + |
2840 | + Note - 2012.1.3 is expected to be the final official release of Essex. |
2841 | + |
2842 | + Change-Id: I0de6fae1495deab60bd667e4653210b22b994b39 |
2843 | + |
2844 | + setup.py | 2 +- |
2845 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2846 | + |
2847 | +commit 0e1f05e7a851f5fb72742e4d3e4978d76fe23b55 |
2848 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
2849 | +Date: Tue Sep 25 19:04:50 2012 +0000 |
2850 | + |
2851 | + utf-8 encode user keys in memcache (bug 1056373) |
2852 | + |
2853 | + (cherry picked from commit 431e50a7851d2e7dbb212d02647faeb958ed21e8) |
2854 | + |
2855 | + Change-Id: I026dd4282742213e69c7aa02e109439b07a73c8e |
2856 | + |
2857 | + keystone/token/backends/memcache.py | 8 ++++++-- |
2858 | + tests/test_backend_memcache.py | 14 +++++++++++++- |
2859 | + 2 files changed, 19 insertions(+), 3 deletions(-) |
2860 | + |
2861 | +commit 176ee9bce7557937710c8ec8086ff61cc751cf0f |
2862 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
2863 | +Date: Thu Sep 13 11:59:11 2012 -0500 |
2864 | + |
2865 | + Limit token revocation to tenant (bug 1050025) |
2866 | + |
2867 | + Change-Id: I7ebe0192b4900ad9475119a6d582233b37b31fb4 |
2868 | + |
2869 | + keystone/identity/core.py | 8 ++++---- |
2870 | + keystone/token/backends/kvs.py | 15 ++++++++++----- |
2871 | + keystone/token/backends/memcache.py | 11 ++++++++--- |
2872 | + keystone/token/backends/sql.py | 7 ++++++- |
2873 | + keystone/token/core.py | 16 +++++++++++----- |
2874 | + tests/test_backend.py | 22 +++++++++++++++++++++- |
2875 | + 6 files changed, 60 insertions(+), 19 deletions(-) |
2876 | + |
2877 | +commit 58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e |
2878 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
2879 | +Date: Fri Sep 7 14:55:31 2012 -0500 |
2880 | + |
2881 | + Delete user tokens after role grant/revoke |
2882 | + |
2883 | + Delete user tokens when a new role is granted or revoked, in order to |
2884 | + prevent old tokens to continue to be valid for the original set of |
2885 | + roles for the remainder of the token's lifespan. |
2886 | + |
2887 | + Addresses CVE-2012-4413. |
2888 | + Fixes bug 1041396. |
2889 | + |
2890 | + Change-Id: Ib11b5b3a933c6000afe0c875c3f71f1f101bb202 |
2891 | + |
2892 | + keystone/identity/core.py | 7 ++++++- |
2893 | + keystone/token/core.py | 11 +++++++++++ |
2894 | + tests/test_keystoneclient.py | 18 +++++++++--------- |
2895 | + 3 files changed, 26 insertions(+), 10 deletions(-) |
2896 | + |
2897 | +commit cd1e48a7d60497c528af6d311bd5048821dc1c07 |
2898 | +Author: Adam Young <ayoung@redhat.com> |
2899 | +Date: Thu Sep 6 11:54:04 2012 -0400 |
2900 | + |
2901 | + List tokens for memcached backend |
2902 | + |
2903 | + Creates and updates an index of tokens in a memcache entry keyed |
2904 | + by the user id |
2905 | + |
2906 | + Bug 1046905 |
2907 | + |
2908 | + Change-Id: I114810297009331f491dc069d667f358092f1e34 |
2909 | + |
2910 | + keystone/token/backends/memcache.py | 23 +++++++++++++++++++- |
2911 | + tests/test_backend.py | 41 ++++++++++++++++++++++++++++++----- |
2912 | + tests/test_backend_memcache.py | 17 ++++++++++++--- |
2913 | + 3 files changed, 72 insertions(+), 9 deletions(-) |
2914 | + |
2915 | +commit 5438d3b5a219d7c8fa67e66e538d325a61617155 |
2916 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
2917 | +Date: Thu Aug 23 07:39:20 2012 -0500 |
2918 | + |
2919 | + Require authz to update user's tenant (bug 1040626) |
2920 | + |
2921 | + Change-Id: I82f80b84af2bc4db00b3dcb87a2ec338816a82e9 |
2922 | + |
2923 | + keystone/identity/core.py | 1 + |
2924 | + 1 file changed, 1 insertion(+) |
2925 | + |
2926 | +commit a16a0ab997c3a406da2ccf0005534d5f9d81861f |
2927 | +Merge: a130848 ff6df7c |
2928 | +Author: Jenkins <jenkins@review.openstack.org> |
2929 | +Date: Thu Aug 23 06:17:45 2012 +0000 |
2930 | + |
2931 | + Merge "Returning roles from authenticate in ldap backend" into stable/essex |
2932 | + |
2933 | +commit ff6df7cdbeaed6a8784955ba866332ec5f082ad5 |
2934 | +Author: Ryan Lane <rlane@wikimedia.org> |
2935 | +Date: Thu Jul 26 11:41:16 2012 -0700 |
2936 | + |
2937 | + Returning roles from authenticate in ldap backend |
2938 | + |
2939 | + Without this fix, the LDAP backend doesn't return |
2940 | + roles during the authentication phase. |
2941 | + |
2942 | + lp 1035428 |
2943 | + |
2944 | + Change-Id: Ibd7e5a8f5475b56a4d3063c85ab634e4c0614e7e |
2945 | + |
2946 | + AUTHORS | 1 + |
2947 | + keystone/identity/backends/ldap/core.py | 24 +++++++++++++++--------- |
2948 | + tests/test_backend.py | 10 ++++++++++ |
2949 | + 3 files changed, 26 insertions(+), 9 deletions(-) |
2950 | + |
2951 | +commit a130848c71f1bc65dcf98c085dee0c4796748faa |
2952 | +Author: Adam Young <ayoung@redhat.com> |
2953 | +Date: Thu Jul 26 15:30:39 2012 -0400 |
2954 | + |
2955 | + Allow overloading of username and tenant name in the config files. |
2956 | + |
2957 | + Includes documentation and sample config file values. |
2958 | + |
2959 | + Bug 997700 |
2960 | + |
2961 | + Patchset adds DocImpact flag for notifying doc team about these new |
2962 | + config file values. |
2963 | + |
2964 | + (cherry picked from commit 4f3dcb6c9b23867e6049f24c851b12904aee3b76) |
2965 | + |
2966 | + Conflicts: |
2967 | + |
2968 | + etc/keystone.conf.sample |
2969 | + keystone/config.py |
2970 | + |
2971 | + Change-Id: I94a162be07c224c705333804a53910833df96b8e |
2972 | + |
2973 | + doc/source/configuration.rst | 13 +++++++++++++ |
2974 | + keystone/config.py | 2 ++ |
2975 | + keystone/identity/backends/ldap/core.py | 2 ++ |
2976 | + 3 files changed, 17 insertions(+) |
2977 | + |
2978 | +commit 359c426f3009b6088efc364c035d104b089eb37a |
2979 | +Author: Mark McLoughlin <markmc@redhat.com> |
2980 | +Date: Fri Aug 10 06:54:48 2012 +0100 |
2981 | + |
2982 | + Open 2012.1.3 development |
2983 | + |
2984 | + Bump version to 2012.1.3 to formally open development of the next |
2985 | + Essex stable update release. |
2986 | + |
2987 | + See http://wiki.openstack.org/StableBranchRelease |
2988 | + |
2989 | + Change-Id: Ie3a82ed9b26d25a83b284d57e3d58ab6f4c31b30 |
2990 | + |
2991 | + setup.py | 2 +- |
2992 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2993 | + |
2994 | +commit afc37aeb10638807c9839fcc6f403b34029662a5 |
2995 | +Author: Mark McLoughlin <markmc@redhat.com> |
2996 | +Date: Wed Aug 8 00:45:22 2012 +0100 |
2997 | + |
2998 | + Open 2012.1.2 development |
2999 | + |
3000 | + Bump version to 2012.1.2 to formally open development of the next |
3001 | + Essex stable update release. |
3002 | + |
3003 | + See http://wiki.openstack.org/StableBranchRelease |
3004 | + |
3005 | + Change-Id: Id20de09f981f5389afbb9622ade9de7d4f3fd015 |
3006 | + |
3007 | + setup.py | 2 +- |
3008 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
3009 | + |
3010 | +commit f65604db7b504709fcb9aba2bcfd34a2aebffed3 |
3011 | +Merge: 46b3722 5373601 |
3012 | +Author: Jenkins <jenkins@review.openstack.org> |
3013 | +Date: Tue Jul 31 10:31:57 2012 +0000 |
3014 | + |
3015 | + Merge "Raise unauthorized if tenant disabled (bug 988920)" into stable/essex |
3016 | + |
3017 | +commit 46b3722245283858017cf4df83e2e1ca2311211d |
3018 | +Merge: d56a3fb 708c80e |
3019 | +Author: Jenkins <jenkins@review.openstack.org> |
3020 | +Date: Mon Jul 30 16:11:58 2012 +0000 |
3021 | + |
3022 | + Merge "fix variable names to coincide with the ones in common.ldap" into stable/essex |
3023 | + |
3024 | +commit 5373601bbdda10f879c08af1698852142b75f8d5 |
3025 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3026 | +Date: Mon Jul 16 16:08:32 2012 -0500 |
3027 | + |
3028 | + Raise unauthorized if tenant disabled (bug 988920) |
3029 | + |
3030 | + If the client attempts to explicitly authenticate against a disabled |
3031 | + tenant, keystone should return HTTP 401 Unauthorized. |
3032 | + |
3033 | + Change-Id: I49fe56b6ef8d9f2fc6b9357472dae8964bb9cb9c |
3034 | + |
3035 | + keystone/service.py | 11 ++++++++++ |
3036 | + tests/test_keystoneclient.py | 47 ++++++++++++++++++++++++++++++++++++++++++ |
3037 | + 2 files changed, 58 insertions(+) |
3038 | + |
3039 | +commit d56a3fb026268e87bdd54b862be388d69d5a1266 |
3040 | +Author: Dmitry Khovyakov <dkhovyakov@griddynamics.com> |
3041 | +Date: Wed Jul 11 14:17:46 2012 +0300 |
3042 | + |
3043 | + Import ec2 credentials from old keystone db |
3044 | + |
3045 | + Fix bug #1016056 |
3046 | + |
3047 | + Change-Id: Iebf31ccbdeff274b2c8f265911d3411963dd4844 |
3048 | + |
3049 | + AUTHORS | 1 + |
3050 | + keystone/common/sql/legacy.py | 19 +++++++++++++++++++ |
3051 | + 2 files changed, 20 insertions(+) |
3052 | + |
3053 | +commit 0b95c3cf66659a828de055b8d026c11e333cd8c8 |
3054 | +Author: J. Daniel Schmidt <jdsn@suse.de> |
3055 | +Date: Thu Jul 12 11:22:33 2012 +0200 |
3056 | + |
3057 | + cleanup dependent data upon user/tenant deletion |
3058 | + |
3059 | + fixes bug 974199 |
3060 | + fixes bug 973243 |
3061 | + |
3062 | + * upon deletion of tenant also delete user tenant relations |
3063 | + * upon deletion of tenant or user also delete corresponding metadata |
3064 | + * add foreign keys in metadata to ensure consistency |
3065 | + |
3066 | + see also: https://bugs.launchpad.net/keystone/+bug/959294/comments/16 |
3067 | + |
3068 | + Change-Id: I264714fe82b727e3e0f5273bcb781a580a3f3826 |
3069 | + |
3070 | + AUTHORS | 1 + |
3071 | + keystone/identity/backends/sql.py | 21 +++++++++++++++++++++ |
3072 | + tests/test_backend_sql.py | 35 +++++++++++++++++++++++++++++++++++ |
3073 | + 3 files changed, 57 insertions(+) |
3074 | + |
3075 | +commit 708c80ea8e4ca1897b6815b559ad9437b36448ef |
3076 | +Author: Ionuț Arțăriși <iartarisi@suse.cz> |
3077 | +Date: Fri Jun 29 13:02:26 2012 +0200 |
3078 | + |
3079 | + fix variable names to coincide with the ones in common.ldap |
3080 | + |
3081 | + Change-Id: I148d8d9b0a67b8c45d06227829d0105935216c4d |
3082 | + |
3083 | + keystone/identity/backends/ldap/core.py | 6 +++--- |
3084 | + 1 file changed, 3 insertions(+), 3 deletions(-) |
3085 | + |
3086 | +commit f1762e6d81be38fc6f9b3e12735a868896ce931d |
3087 | +Merge: d111d54 14b136a |
3088 | +Author: Jenkins <jenkins@review.openstack.org> |
3089 | +Date: Thu Jul 5 16:04:40 2012 +0000 |
3090 | + |
3091 | + Merge "Require authz for user role list (bug 1006815)" into stable/essex |
3092 | + |
3093 | +commit d111d548767bfed1d2c892e7bb443155c166fdc5 |
3094 | +Merge: 1428278 24df3ad |
3095 | +Author: Jenkins <jenkins@review.openstack.org> |
3096 | +Date: Thu Jul 5 15:43:54 2012 +0000 |
3097 | + |
3098 | + Merge "Require authz for service CRUD (bug 1006822)" into stable/essex |
3099 | + |
3100 | +commit 1428278b6202b7cb285f9e1bb278f894c05d31b0 |
3101 | +Merge: d8dbdbc 707b725 |
3102 | +Author: Jenkins <jenkins@review.openstack.org> |
3103 | +Date: Thu Jun 28 14:16:31 2012 +0000 |
3104 | + |
3105 | + Merge "Set defaultbranch in .gitreview to stable/essex" into stable/essex |
3106 | + |
3107 | +commit d8dbdbced061fa4a4e42ec33c4b7e7752b0ebc04 |
3108 | +Author: Rafael Durán Castañeda <rafadurancastaneda@gmail.com> |
3109 | +Date: Tue Jun 19 20:35:43 2012 +0200 |
3110 | + |
3111 | + Monkey patching 'thread'. |
3112 | + |
3113 | + Fixes bug 1012381. |
3114 | + |
3115 | + Change-Id: Icb7b2372df96d647fc6dcd4c4ebe72c8aa607f9d |
3116 | + |
3117 | + AUTHORS | 1 + |
3118 | + keystone/common/wsgi.py | 2 +- |
3119 | + 2 files changed, 2 insertions(+), 1 deletion(-) |
3120 | + |
3121 | +commit 14b136aed9d988f5a8f3e699bd4577c9b874d6c1 |
3122 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3123 | +Date: Sun Jun 3 12:24:07 2012 -0500 |
3124 | + |
3125 | + Require authz for user role list (bug 1006815) |
3126 | + |
3127 | + Change-Id: I65f25dcca3e265f44746930917434b45e64de15e |
3128 | + |
3129 | + keystone/identity/core.py | 1 + |
3130 | + tests/test_content_types.py | 11 +++++++++++ |
3131 | + 2 files changed, 12 insertions(+) |
3132 | + |
3133 | +commit 24df3adb3f50cbb5ada411bc67aba8a781e6a431 |
3134 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3135 | +Date: Sun Jun 3 11:00:54 2012 -0500 |
3136 | + |
3137 | + Require authz for service CRUD (bug 1006822) |
3138 | + |
3139 | + Change-Id: Ia90f0aa2b856b9a9874d4865fb92ee913e8125c5 |
3140 | + |
3141 | + keystone/catalog/core.py | 7 +++++++ |
3142 | + tests/test_content_types.py | 33 +++++++++++++++++++++++++++++++++ |
3143 | + 2 files changed, 40 insertions(+) |
3144 | + |
3145 | +commit 707b7259f9772e5f498990297c65b68116bdc3c1 |
3146 | +Author: Mark McLoughlin <markmc@redhat.com> |
3147 | +Date: Fri Jun 22 21:16:26 2012 +0100 |
3148 | + |
3149 | + Set defaultbranch in .gitreview to stable/essex |
3150 | + |
3151 | + This allows people run git-review without any arguments. |
3152 | + |
3153 | + Change-Id: I3f1c7ce22cbe40ed34f084fd3dbc0941ba787bcf |
3154 | + |
3155 | + .gitreview | 2 ++ |
3156 | + 1 file changed, 2 insertions(+) |
3157 | + |
3158 | +commit 29e74e73a6e51cffc0371b32354558391826a4aa |
3159 | +Author: Derek Higgins <derekh@redhat.com> |
3160 | +Date: Tue Jun 5 09:33:53 2012 +0100 |
3161 | + |
3162 | + Carrying over token expiry time when token chaining |
3163 | + |
3164 | + Fixes bug #998185 |
3165 | + |
3166 | + This commit causes the token expiry time to be maintained when |
3167 | + one token is being created from another |
3168 | + |
3169 | + Change-Id: I7b61692a60d9227423b93c267864a5abe939ca33 |
3170 | + |
3171 | + keystone/service.py | 3 ++- |
3172 | + tests/test_keystoneclient.py | 12 ++++++++++++ |
3173 | + 2 files changed, 14 insertions(+), 1 deletion(-) |
3174 | + |
3175 | +commit 9a841f3ba93d5a0bd1f56cc897415258ed6cf877 |
3176 | +Merge: 35d5ebd d960043 |
3177 | +Author: Jenkins <jenkins@review.openstack.org> |
3178 | +Date: Thu Jun 14 19:56:21 2012 +0000 |
3179 | + |
3180 | + Merge "Invalidate user tokens when a user is disabled" into stable/essex |
3181 | + |
3182 | +commit 35d5ebd54e02e4b79515e882506f0a518548d273 |
3183 | +Merge: 9695b86 ea03d05 |
3184 | +Author: Jenkins <jenkins@review.openstack.org> |
3185 | +Date: Thu Jun 14 16:58:30 2012 +0000 |
3186 | + |
3187 | + Merge "Invalidate user tokens when password is changed" into stable/essex |
3188 | + |
3189 | +commit 9695b8681801f3624b8f40dc06797aa171b5f30d |
3190 | +Merge: 0dcfe7e f70505c |
3191 | +Author: Jenkins <jenkins@review.openstack.org> |
3192 | +Date: Thu Jun 14 16:15:39 2012 +0000 |
3193 | + |
3194 | + Merge "Fix expired token tests" into stable/essex |
3195 | + |
3196 | +commit 0dcfe7ec2df5a45271847914997cbba92fdda330 |
3197 | +Merge: 18513c3 4265499 |
3198 | +Author: Jenkins <jenkins@review.openstack.org> |
3199 | +Date: Thu Jun 14 15:42:01 2012 +0000 |
3200 | + |
3201 | + Merge "Corrects url conversion in export_legacy_catalog" into stable/essex |
3202 | + |
3203 | +commit d9600434da14976463a0bd03abd8e0309f0db454 |
3204 | +Author: Derek Higgins <derekh@redhat.com> |
3205 | +Date: Fri May 11 13:42:43 2012 +0100 |
3206 | + |
3207 | + Invalidate user tokens when a user is disabled |
3208 | + |
3209 | + Fixes Bug 997194 |
3210 | + |
3211 | + Delete valid tokens for a user when they have been disabled |
3212 | + |
3213 | + Moved logic to delete tokens into update_user, as this can be called |
3214 | + directly form the REST API. |
3215 | + |
3216 | + Also checks if a user is enabled when creating a token from another |
3217 | + token, this helps in cases there the backend didn't support listing of |
3218 | + tokens (and as a result weren't deleted) |
3219 | + |
3220 | + Change-Id: Ib5ed73a7873bfa66ef31bf6d0f0322f50e677688 |
3221 | + |
3222 | + keystone/identity/core.py | 22 ++++++++++++---------- |
3223 | + keystone/service.py | 14 +++++++++++++- |
3224 | + tests/test_keystoneclient.py | 21 +++++++++++++++++++-- |
3225 | + 3 files changed, 44 insertions(+), 13 deletions(-) |
3226 | + |
3227 | +commit ea03d05ed5de0c015042876100d37a6a14bf56de |
3228 | +Author: Derek Higgins <derekh@redhat.com> |
3229 | +Date: Wed May 9 15:55:46 2012 +0100 |
3230 | + |
3231 | + Invalidate user tokens when password is changed |
3232 | + |
3233 | + Fixes bug 996595 |
3234 | + |
3235 | + This commit will cause all valid tokens to be deleted for a user |
3236 | + who's password is changed (implemented for the sql and kvs backends) |
3237 | + |
3238 | + Change-Id: I6ad7da8957b7041983a3fc91d9ba9368667d06ac |
3239 | + |
3240 | + AUTHORS | 1 + |
3241 | + keystone/identity/core.py | 14 +++++++++++++- |
3242 | + keystone/token/backends/kvs.py | 15 +++++++++++++++ |
3243 | + keystone/token/backends/sql.py | 14 ++++++++++++++ |
3244 | + keystone/token/core.py | 10 ++++++++++ |
3245 | + tests/test_keystoneclient.py | 23 +++++++++++++++++++++++ |
3246 | + 6 files changed, 76 insertions(+), 1 deletion(-) |
3247 | + |
3248 | +commit 18513c36e63ee2da417f1125cfa05ea9d525b6ee |
3249 | +Author: Mark McLoughlin <markmc@redhat.com> |
3250 | +Date: Thu Jun 14 10:59:33 2012 +0100 |
3251 | + |
3252 | + Open 2012.1.1 development |
3253 | + |
3254 | + Bump version to 2012.1.1 to formally open development of the next |
3255 | + Essex stable update release. |
3256 | + |
3257 | + See http://wiki.openstack.org/StableBranchRelease |
3258 | + |
3259 | + Change-Id: I845e8abca87751bbe4ebfa9414add247f2afdc1f |
3260 | + |
3261 | + setup.py | 2 +- |
3262 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
3263 | + |
3264 | +commit f70505ced12ae7319dedaf75bedb964c7469c6dd |
3265 | +Author: Mark McLoughlin <markmc@redhat.com> |
3266 | +Date: Tue Apr 10 13:35:30 2012 +0100 |
3267 | + |
3268 | + Fix expired token tests |
3269 | + |
3270 | + Fixes bug #983800 |
3271 | + |
3272 | + The expiration timestamps are expressed in UTC time, so ensure: |
3273 | + |
3274 | + 1) The timestamp of the token created by the test is UTC time (i.e. |
3275 | + utcnow() vs now()) |
3276 | + |
3277 | + 2) The expiration check in the dummy memcache client properly |
3278 | + accounts for UTC (i.e. utctimetuple() vs timetuple()) |
3279 | + |
3280 | + Change-Id: Ie7356456f79ab5a8070a79771bb7d210b1cedd47 |
3281 | + |
3282 | + tests/test_backend.py | 2 +- |
3283 | + tests/test_backend_memcache.py | 2 +- |
3284 | + 2 files changed, 2 insertions(+), 2 deletions(-) |
3285 | + |
3286 | +commit aa7e7b96e7bd05819c899906091b9121385dc125 |
3287 | +Author: Dan Prince <dprince@redhat.com> |
3288 | +Date: Wed Apr 11 10:57:56 2012 -0400 |
3289 | + |
3290 | + Add ChangeLog to tarball. |
3291 | + |
3292 | + Fixes LP Bug #978981. |
3293 | + |
3294 | + Change-Id: I5b98df88673422cfc39c471fd77eecd77fa0cf2c |
3295 | + |
3296 | + MANIFEST.in | 1 + |
3297 | + 1 file changed, 1 insertion(+) |
3298 | + |
3299 | +commit d0a73669369d86ff4c7b9de715fa4eec9bc58b59 |
3300 | +Author: Adam Gandelman <adamg@canonical.com> |
3301 | +Date: Mon Jun 11 10:35:16 2012 -0700 |
3302 | + |
3303 | + Flush tenant membership deletion before user |
3304 | + |
3305 | + Ensure user tenant membership is *actually* removed before deleting |
3306 | + user. |
3307 | + |
3308 | + Applied to 'stable/essex', originally committed to trunk via |
3309 | + https://review.openstack.org/#/c/7353/ |
3310 | + |
3311 | + Fixes bug 998137. |
3312 | + |
3313 | + Change-Id: Ib52970d68f288b8742c3e060c7040838a1c738c2 |
3314 | + |
3315 | + keystone/identity/backends/sql.py | 1 + |
3316 | + 1 file changed, 1 insertion(+) |
3317 | + |
3318 | +commit 426549934e323a9bc435b9ec58163e88f5e74a32 |
3319 | +Author: Sam Morrison <sorrison@gmail.com> |
3320 | +Date: Mon May 7 09:09:57 2012 +1000 |
3321 | + |
3322 | + Corrects url conversion in export_legacy_catalog |
3323 | + |
3324 | + Fixes bug 994936 |
3325 | + |
3326 | + Change-Id: Ia63fdae7d0bcd7f8b0b587da588404765e22fb8f |
3327 | + |
3328 | + AUTHORS | 1 + |
3329 | + keystone/common/sql/legacy.py | 2 +- |
3330 | + tests/test_import_legacy.py | 2 +- |
3331 | + 3 files changed, 3 insertions(+), 2 deletions(-) |
3332 | + |
3333 | +commit 7715d6cd72477af83d95563b69a5f0273bdb719b |
3334 | +Author: Alan Pevec <apevec@redhat.com> |
3335 | +Date: Mon Jun 11 20:19:50 2012 +0200 |
3336 | + |
3337 | + Fix test env for the stable branch |
3338 | + |
3339 | + Need both changes in one commit to pass the gate! |
3340 | + |
3341 | + * Nail pep8 dependencies to 1.0.1. |
3342 | + |
3343 | + Nails the pep8 deps for tox and test-requires to 1.0.1. |
3344 | + Fixes an issues causing pep8 failures due to a new pep8 release. |
3345 | + |
3346 | + (cherry picked from Nova stable) |
3347 | + |
3348 | + * Switch to 1000 rounds during unit tests |
3349 | + |
3350 | + Fixes bug 992918 |
3351 | + |
3352 | + passlib 1.6 introduced a minimum number of rounds for sha512_crypt. As |
3353 | + a result, increase the rounds used during testing to the minimum |
3354 | + |
3355 | + Change-Id: Ic0c635e92b4f13180a047904a6efa490ab599012 |
3356 | + |
3357 | + tests/test_overrides.conf | 2 +- |
3358 | + tools/test-requires | 2 +- |
3359 | + tox.ini | 2 +- |
3360 | + 3 files changed, 3 insertions(+), 3 deletions(-) |
3361 | + |
3362 | +commit aff45d69a73033241531f5e3542a8d1782ddd859 |
3363 | +Author: Mark McLoughlin <markmc@redhat.com> |
3364 | +Date: Fri Mar 30 12:17:48 2012 +0100 |
3365 | + |
3366 | + Make import_nova_auth only create roles which don't already exist |
3367 | + |
3368 | + Fixes bug #969088 |
3369 | + |
3370 | + If a role already exists, there's no particular need for import_nova_auth |
3371 | + to barf. Instead, we should just use the existing role. |
3372 | + |
3373 | + Change-Id: I18ae38af62b4c2b2423e20e436611fc30f844ae1 |
3374 | + |
3375 | + keystone/common/sql/nova.py | 5 ++++- |
3376 | + tests/test_migrate_nova_auth.py | 9 +++++++++ |
3377 | + 2 files changed, 13 insertions(+), 1 deletion(-) |
3378 | + |
3379 | +commit 7d08d12cea96910145f05499ba7d124603d7c4f6 |
3380 | +Author: Adam Gandelman <adamg@canonical.com> |
3381 | +Date: Mon Apr 2 14:21:43 2012 -0700 |
3382 | + |
3383 | + Remove tenant membership during user deletion |
3384 | + |
3385 | + Remove users' tenant membership on user deletion. Resolves a FK constraint |
3386 | + issue that previously went unnoticed due to testing against database |
3387 | + configurations that do not support FK constraints (MyISAM). |
3388 | + |
3389 | + Fixes LP bug 959294. |
3390 | + |
3391 | + Update: * Move tenant membership cleanup to the sql identity backend |
3392 | + * Add a test case to test_backend_sql |
3393 | + |
3394 | + Change-Id: Ib4f5da03033f7886b36d1ab3b8b4ac37f08b2e0e |
3395 | + |
3396 | + keystone/identity/backends/sql.py | 8 ++++++++ |
3397 | + tests/test_backend_sql.py | 11 +++++++++++ |
3398 | + 2 files changed, 19 insertions(+) |
3399 | + |
3400 | +commit aa542c420aa283968a0154a29038ec0bb1be9326 |
3401 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
3402 | +Date: Mon Apr 2 17:15:47 2012 +0200 |
3403 | + |
3404 | + Add a _ at the end of reseller_prefix default. |
3405 | + |
3406 | + - Fixes bug 971592. |
3407 | + |
3408 | + Change-Id: Ic9edb2b8b0043413e4ec16de9c669646ae4230a6 |
3409 | + |
3410 | + keystone/middleware/swift_auth.py | 11 ++++++++++- |
3411 | + 1 file changed, 10 insertions(+), 1 deletion(-) |
3412 | + |
3413 | +commit 0a0513d9fb1b84d5b998ff47088aee7f121dc794 |
3414 | +Merge: a05daf5 89e8dc0 |
3415 | +Author: Jenkins <jenkins@review.openstack.org> |
3416 | +Date: Tue Apr 3 19:39:43 2012 +0000 |
3417 | + |
3418 | + Merge "Add support to swift_auth for tokenless authz" into milestone-proposed |
3419 | + |
3420 | +commit a05daf5f53fbf0084e0f19ed4a8b686ff60bcb90 |
3421 | +Merge: bc153d5 4314ae6 |
3422 | +Author: Jenkins <jenkins@review.openstack.org> |
3423 | +Date: Tue Apr 3 19:29:19 2012 +0000 |
3424 | + |
3425 | + Merge "additional logging to support debugging auth issue" into milestone-proposed |
3426 | + |
3427 | +commit 89e8dc075151acc85d8c4f8972d3910c7f33bd25 |
3428 | +Author: Maru Newby <mnewby@internap.com> |
3429 | +Date: Tue Mar 20 22:19:36 2012 -0700 |
3430 | + |
3431 | + Add support to swift_auth for tokenless authz |
3432 | + |
3433 | + * Updates keystone.middleware.swift_auth to allow token-less |
3434 | + (unauthenticated) access for container sync (bug 954030) and |
3435 | + permitted referrers (bug 924578). |
3436 | + |
3437 | + Change-Id: Ieccf458c44dfe55f546dc15c79704800dad59ac0 |
3438 | + |
3439 | + doc/source/configuringservices.rst | 3 + |
3440 | + keystone/middleware/swift_auth.py | 106 +++++++++++++++++++++++++---------- |
3441 | + tests/test_swift_auth_middleware.py | 56 +++++++++--------- |
3442 | + 3 files changed, 104 insertions(+), 61 deletions(-) |
3443 | + |
3444 | +commit 4314ae6c038b96c080dfd13938678e358e5574e7 |
3445 | +Author: Joe Heck <heckj@mac.com> |
3446 | +Date: Fri Mar 30 22:04:16 2012 -0700 |
3447 | + |
3448 | + additional logging to support debugging auth issue |
3449 | + |
3450 | + fixes bug 969801 |
3451 | + |
3452 | + Change-Id: Iaf752e5f3692c91030cfd8575114f2c3293d1dba |
3453 | + |
3454 | + keystone/middleware/auth_token.py | 8 +++++++- |
3455 | + 1 file changed, 7 insertions(+), 1 deletion(-) |
3456 | + |
3457 | +commit bc153d5ad9b32737dd55c33fd12468e89189eded |
3458 | +Author: Maru Newby <mnewby@internap.com> |
3459 | +Date: Mon Mar 26 16:08:56 2012 -0700 |
3460 | + |
3461 | + Fixed misc errors in configuration.rst |
3462 | + |
3463 | + * Addresses bug 965788 |
3464 | + |
3465 | + Change-Id: I5aa276589a9818c7f523e6da9531af363139adbb |
3466 | + |
3467 | + doc/source/configuration.rst | 10 ++++++---- |
3468 | + 1 file changed, 6 insertions(+), 4 deletions(-) |
3469 | + |
3470 | +commit ada402155acf5bda83d1b0fbedfbb0d7e4144b58 |
3471 | +Author: termie <github@anarkystic.com> |
3472 | +Date: Thu Mar 29 16:03:17 2012 -0700 |
3473 | + |
3474 | + don't duplicate the extra dict in extra |
3475 | + |
3476 | + fixes bug 929815 |
3477 | + |
3478 | + Change-Id: Icfbe9a4b0eb2ef9b24bcf41113a6ec8e636210a9 |
3479 | + |
3480 | + keystone/catalog/backends/sql.py | 4 ++-- |
3481 | + keystone/identity/backends/sql.py | 4 ++-- |
3482 | + 2 files changed, 4 insertions(+), 4 deletions(-) |
3483 | + |
3484 | +commit 1b7aa15ae425e68c15588ba738e9b701b62d995a |
3485 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3486 | +Date: Tue Mar 27 10:57:04 2012 -0700 |
3487 | + |
3488 | + Raise keystone.exception for HTTP 401 (bug 962563) |
3489 | + |
3490 | + Change-Id: I22e3b6769c69ef5917028980007d3295fed99fb7 |
3491 | + |
3492 | + keystone/contrib/s3/core.py | 3 ++- |
3493 | + 1 file changed, 2 insertions(+), 1 deletion(-) |
3494 | + |
3495 | +commit b1336b0a3921621741ff8ba2adbc44113357e175 |
3496 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3497 | +Date: Fri Mar 23 10:46:16 2012 -0500 |
3498 | + |
3499 | + Validate object refs (return 404 instead of 500) |
3500 | + |
3501 | + Combined fix for bug 963056: |
3502 | + user-crud 404 |
3503 | + service-crud 404 |
3504 | + ec2-credential-crud 404 |
3505 | + user-role-crud 404 |
3506 | + endpoint-crud 404 |
3507 | + |
3508 | + Change-Id: I7762aaaae9817ea7426039e4700e16b59e18cba1 |
3509 | + |
3510 | + keystone/catalog/core.py | 5 +- |
3511 | + keystone/contrib/ec2/core.py | 2 + |
3512 | + keystone/exception.py | 2 +- |
3513 | + keystone/identity/backends/kvs.py | 4 + |
3514 | + keystone/identity/backends/sql.py | 4 + |
3515 | + keystone/identity/core.py | 26 +++++- |
3516 | + tests/test_keystoneclient.py | 175 +++++++++++++++++++++++++++++++++++++ |
3517 | + tests/test_keystoneclient_sql.py | 7 ++ |
3518 | + 8 files changed, 222 insertions(+), 3 deletions(-) |
3519 | + |
3520 | +commit 80afa04f6e031207e6a7003843852b37c81eacc6 |
3521 | +Merge: f745dae d9959d8 |
3522 | +Author: Jenkins <jenkins@review.openstack.org> |
3523 | +Date: Tue Apr 3 14:45:36 2012 +0000 |
3524 | + |
3525 | + Merge "tenant-crud 404 (bug 963056)" into milestone-proposed |
3526 | + |
3527 | +commit f745dae9a6d9c68140476daa8403d0efc09826ab |
3528 | +Merge: 8037722 b56e326 |
3529 | +Author: Jenkins <jenkins@review.openstack.org> |
3530 | +Date: Tue Apr 3 13:30:07 2012 +0000 |
3531 | + |
3532 | + Merge "role-crud 404 (bug 963056)" into milestone-proposed |
3533 | + |
3534 | +commit d9959d85a759b4acdff52c25f20a9462d66b185d |
3535 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3536 | +Date: Fri Mar 23 10:23:06 2012 -0500 |
3537 | + |
3538 | + tenant-crud 404 (bug 963056) |
3539 | + |
3540 | + tenant-get |
3541 | + tenant-update |
3542 | + tenant-delete |
3543 | + |
3544 | + Change-Id: I9e67cea985f546c9ddf6ce6d82a11486099bd524 |
3545 | + |
3546 | + keystone/identity/core.py | 10 +++++++++- |
3547 | + tests/test_keystoneclient.py | 21 +++++++++++++++++++++ |
3548 | + 2 files changed, 30 insertions(+), 1 deletion(-) |
3549 | + |
3550 | +commit b56e32645fa88cd21f4b5289cfb68d51fcbf740c |
3551 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3552 | +Date: Fri Mar 23 09:10:59 2012 -0500 |
3553 | + |
3554 | + role-crud 404 (bug 963056) |
3555 | + |
3556 | + role-get |
3557 | + role-delete |
3558 | + role-list |
3559 | + |
3560 | + Change-Id: I099b1e1e5bd2cd77a2ea3b72fb0f14b88a3af26e |
3561 | + |
3562 | + keystone/identity/backends/kvs.py | 3 +-- |
3563 | + keystone/identity/backends/sql.py | 3 +-- |
3564 | + keystone/identity/core.py | 13 ++++++++++-- |
3565 | + tests/test_keystoneclient.py | 41 +++++++++++++++++++++++++++++++++++-- |
3566 | + 4 files changed, 52 insertions(+), 8 deletions(-) |
3567 | + |
3568 | +commit 8037722264668d9b66326cdfac25f6cf84d2b7d4 |
3569 | +Author: Maru Newby <mnewby@internap.com> |
3570 | +Date: Tue Mar 20 18:47:19 2012 -0700 |
3571 | + |
3572 | + Improve swift_auth test coverage + Minor fixes |
3573 | + |
3574 | + * Isolates authorize() tests from wsgi tests |
3575 | + * Adds coverage for authorize() |
3576 | + * Adds support for a blank reseller_prefix |
3577 | + * Adds swift_auth test dependencies to tools/test-requires |
3578 | + * Cleans up authorize()'s use of tenant_id/tenant_name |
3579 | + (addresses bug 963546) |
3580 | + |
3581 | + Change-Id: I603b89ab4fe8559b0f5d72528afd659ee0f0bce1 |
3582 | + |
3583 | + AUTHORS | 1 + |
3584 | + keystone/middleware/swift_auth.py | 18 +-- |
3585 | + tests/test_swift_auth_middleware.py | 281 ++++++++++++++++++----------------- |
3586 | + tools/test-requires | 4 + |
3587 | + 4 files changed, 158 insertions(+), 146 deletions(-) |
3588 | + |
3589 | +commit f3ce326a8c9ab85f60145e6a198e061fd9ccf431 |
3590 | +Merge: 7abe0aa 1904228 |
3591 | +Author: Jenkins <jenkins@review.openstack.org> |
3592 | +Date: Fri Mar 23 17:59:24 2012 +0000 |
3593 | + |
3594 | + Merge "Check values for EC2." |
3595 | + |
3596 | +commit 7abe0aa3845459b95a7d4e401e51d4ab8c4c0280 |
3597 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
3598 | +Date: Wed Mar 21 16:59:15 2012 +0000 |
3599 | + |
3600 | + S3 tokens cleanups. |
3601 | + |
3602 | + - Cleanups. |
3603 | + - Remove reference about config admin_username/password/token. |
3604 | + - Return proper http error on errors. |
3605 | + - Add unittests (skip them for now when swift is not installed). |
3606 | + - Fixes bug 956983. |
3607 | + |
3608 | + Change-Id: I392fc274f3b01a5a0b5779dd13f9cd3b819ee65a |
3609 | + |
3610 | + doc/source/configuringservices.rst | 6 +- |
3611 | + keystone/middleware/s3_token.py | 124 ++++++++++++++++++++++------------ |
3612 | + tests/test_s3_token_middleware.py | 130 ++++++++++++++++++++++++++++++++++++ |
3613 | + 3 files changed, 213 insertions(+), 47 deletions(-) |
3614 | + |
3615 | +commit 1904228a5a3fef549c5b9294eba5c39f9f6f72bd |
3616 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
3617 | +Date: Thu Mar 22 21:34:39 2012 +0000 |
3618 | + |
3619 | + Check values for EC2. |
3620 | + |
3621 | + - Add multiple check to methods to make sure we have a proper |
3622 | + tenant_id/user_id/credentials. |
3623 | + - Fixes bug 958135. |
3624 | + |
3625 | + Change-Id: I4dd171e3db32d6ebdc70bb1a83492c8ecd09c21c |
3626 | + |
3627 | + keystone/contrib/ec2/core.py | 61 +++++++++++++++++++++++++++++++++++++----- |
3628 | + 1 file changed, 55 insertions(+), 6 deletions(-) |
3629 | + |
3630 | +commit 9feb00085f75ea2697fd2225e6003c2384904d08 |
3631 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3632 | +Date: Wed Mar 21 13:11:31 2012 -0500 |
3633 | + |
3634 | + Fix critical typo in endpoint_create (bug 961412) |
3635 | + |
3636 | + It looks like catalog crud was previously untested. |
3637 | + |
3638 | + Change-Id: I8e3060b6d6c737d3d97a5bd9076e9a5fdf9945e2 |
3639 | + |
3640 | + keystone/catalog/core.py | 2 +- |
3641 | + tests/test_keystoneclient_sql.py | 43 ++++++++++++++++++++++++++++++++++++++ |
3642 | + 2 files changed, 44 insertions(+), 1 deletion(-) |
3643 | + |
3644 | +commit 885f8d5950f8441e857d860b4e1cd4fd996440cd |
3645 | +Merge: d61aeda 94904e4 |
3646 | +Author: Jenkins <jenkins@review.openstack.org> |
3647 | +Date: Tue Mar 20 23:59:16 2012 +0000 |
3648 | + |
3649 | + Merge "Rename tokenauth to authtoken." |
3650 | + |
3651 | +commit d61aedaf868d984f1c317a73b362a2e7a366ef89 |
3652 | +Author: Yong Sheng Gong <gongysh@cn.ibm.com> |
3653 | +Date: Sun Mar 18 23:56:35 2012 +0800 |
3654 | + |
3655 | + unique role name constraint |
3656 | + |
3657 | + For SQL identity backend, add unique constraint with column definition; |
3658 | + for kvs and ldap backend, use python code to apply this constraint. |
3659 | + Test cases test_create_duplicate_role_name_fails and test_rename_duplicate_role_name_fails are added to guard it. |
3660 | + python run_tests.py test_backend_ldap test_backend_kvs test_backend_sql pass. |
3661 | + |
3662 | + bug 932258. |
3663 | + |
3664 | + Change-Id: I990f17a270e84d35c078f215c587a81d6784c192 |
3665 | + |
3666 | + AUTHORS | 1 + |
3667 | + keystone/identity/backends/kvs.py | 23 +++++++++++++++++++- |
3668 | + keystone/identity/backends/ldap/core.py | 14 ++++++++++++- |
3669 | + keystone/identity/backends/sql.py | 2 +- |
3670 | + tests/test_backend.py | 35 +++++++++++++++++++++++++------ |
3671 | + 5 files changed, 66 insertions(+), 9 deletions(-) |
3672 | + |
3673 | +commit f98cd4f27d68c47a003b529bbcfeffa9140e090d |
3674 | +Merge: 53b3d44 3a296a4 |
3675 | +Author: Jenkins <jenkins@review.openstack.org> |
3676 | +Date: Tue Mar 20 23:17:30 2012 +0000 |
3677 | + |
3678 | + Merge "Spring cleaning, fix PEP8 violations." |
3679 | + |
3680 | +commit 53b3d4498848ae2fff58751f9a791a9ebc00b742 |
3681 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
3682 | +Date: Sat Feb 25 11:37:17 2012 +0100 |
3683 | + |
3684 | + Add test for swift middleware. |
3685 | + |
3686 | + - skip the tests if we don't have swift installed. |
3687 | + |
3688 | + Change-Id: I3647538f3e7a32cbfce97b181c532371cef963da |
3689 | + |
3690 | + tests/test_swift_auth_middleware.py | 203 +++++++++++++++++++++++++++++++++++ |
3691 | + 1 file changed, 203 insertions(+) |
3692 | + |
3693 | +commit 3a296a458c4e2f9465ddc0330d03c3e7ec0e3c50 |
3694 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
3695 | +Date: Tue Mar 20 10:09:25 2012 +0000 |
3696 | + |
3697 | + Spring cleaning, fix PEP8 violations. |
3698 | + |
3699 | + Change-Id: Ide832cd64c9b285213e23901eaf81946d504e726 |
3700 | + |
3701 | + doc/source/conf.py | 33 +++++++++++-------- |
3702 | + run_tests.py | 1 - |
3703 | + tests/default_fixtures.py | 6 ++-- |
3704 | + tests/test_auth_token_middleware.py | 6 ++-- |
3705 | + tests/test_backend.py | 61 +++++++++++++++++------------------ |
3706 | + tests/test_backend_kvs.py | 58 ++++++++++++++++----------------- |
3707 | + tests/test_backend_sql.py | 30 ++++++++--------- |
3708 | + tests/test_content_types.py | 6 ++-- |
3709 | + tests/test_import_legacy.py | 2 -- |
3710 | + tests/test_keystoneclient.py | 6 ++-- |
3711 | + tests/test_middleware.py | 3 +- |
3712 | + 11 files changed, 108 insertions(+), 104 deletions(-) |
3713 | + |
3714 | +commit 5ea232a09f88d621980cbd5ef4655f9c9a2e2da1 |
3715 | +Merge: da04fc0 009d661 |
3716 | +Author: Jenkins <jenkins@review.openstack.org> |
3717 | +Date: Tue Mar 20 22:40:51 2012 +0000 |
3718 | + |
3719 | + Merge "Wrapped unexpected exceptions (bug 955411)" |
3720 | + |
3721 | +commit da04fc0de4b7f46a5559f3c81e54b5402e4876e3 |
3722 | +Merge: 57f1cb2 e677327 |
3723 | +Author: Jenkins <jenkins@review.openstack.org> |
3724 | +Date: Tue Mar 20 22:34:37 2012 +0000 |
3725 | + |
3726 | + Merge "Support PyPAM in pam backend, update to latest API" |
3727 | + |
3728 | +commit 94904e45e3276e1c274a25c785c0143cd6d6fec1 |
3729 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
3730 | +Date: Tue Mar 20 17:08:46 2012 +0000 |
3731 | + |
3732 | + Rename tokenauth to authtoken. |
3733 | + |
3734 | + - Avoid confusing by using the authtoken name for auth_token middleware. |
3735 | + - Improve swift_auth middleware doc. |
3736 | + |
3737 | + Change-Id: I287860eba067b99a1d89f8f17200820340836ff9 |
3738 | + |
3739 | + doc/source/configuringservices.rst | 10 +++++----- |
3740 | + keystone/middleware/swift_auth.py | 9 +++++++-- |
3741 | + 2 files changed, 12 insertions(+), 7 deletions(-) |
3742 | + |
3743 | +commit 57f1cb2c4a37ef0040321732fb64fc6cde02126d |
3744 | +Merge: 80c7936 3e4653a |
3745 | +Author: Jenkins <jenkins@review.openstack.org> |
3746 | +Date: Tue Mar 20 18:04:22 2012 +0000 |
3747 | + |
3748 | + Merge "fix keystone-all's usage of options vs conf" |
3749 | + |
3750 | +commit 80c7936b3147d53659025a76ac232de986f5ce64 |
3751 | +Author: termie <github@anarkystic.com> |
3752 | +Date: Tue Mar 20 10:41:03 2012 -0700 |
3753 | + |
3754 | + pass the arguments in when starting keystone-all |
3755 | + |
3756 | + fixes bug 942793 |
3757 | + |
3758 | + Change-Id: I044a56c1eedae2ecef04dd3aa60b91414b7abc14 |
3759 | + |
3760 | + bin/keystone-all | 2 +- |
3761 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
3762 | + |
3763 | +commit 3e4653a3914e84aec72ba159c4d23edba8ced48f |
3764 | +Author: termie <github@anarkystic.com> |
3765 | +Date: Tue Mar 20 10:47:31 2012 -0700 |
3766 | + |
3767 | + fix keystone-all's usage of options vs conf |
3768 | + |
3769 | + we shouldn't be using options at all, that was a leftover piece of code |
3770 | + from a long time ago. |
3771 | + |
3772 | + invalidates bug 949373 |
3773 | + |
3774 | + Change-Id: I29fcbd5f641464bda985900172b55bca45843f81 |
3775 | + |
3776 | + bin/keystone-all | 8 ++++---- |
3777 | + etc/keystone.conf | 2 +- |
3778 | + 2 files changed, 5 insertions(+), 5 deletions(-) |
3779 | + |
3780 | +commit 9c823977baca9944074c62cedf32f5107a95a443 |
3781 | +Merge: 3263f45 6f8752b |
3782 | +Author: Jenkins <jenkins@review.openstack.org> |
3783 | +Date: Tue Mar 20 17:19:51 2012 +0000 |
3784 | + |
3785 | + Merge "Clean up sql connection args" |
3786 | + |
3787 | +commit 3263f45926f054c759caa10e391777e7372e73a1 |
3788 | +Merge: 5d07cdf ee57716 |
3789 | +Author: Jenkins <jenkins@review.openstack.org> |
3790 | +Date: Tue Mar 20 16:59:17 2012 +0000 |
3791 | + |
3792 | + Merge "Improved file logging example (bug 959610)" |
3793 | + |
3794 | +commit 009d661a7e06ad72ab39b93433839bf567755ece |
3795 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3796 | +Date: Wed Mar 14 15:06:16 2012 -0500 |
3797 | + |
3798 | + Wrapped unexpected exceptions (bug 955411) |
3799 | + |
3800 | + - Replaced all webob.exc's (outside of middleware) with |
3801 | + keystone.exception's |
3802 | + - Raised 409 Conflict when creating/updating existing |
3803 | + user/tenant ID/names (bug 955464) |
3804 | + - Raised 501 Not Implemented for user-role-add w/o tenant_id |
3805 | + (bug 955548) |
3806 | + |
3807 | + Change-Id: I9f16cac502c20dd35a6b8da778e85bf3d9cfae49 |
3808 | + |
3809 | + keystone/catalog/backends/sql.py | 2 +- |
3810 | + keystone/catalog/core.py | 11 ++----- |
3811 | + keystone/common/ldap/core.py | 11 ++++--- |
3812 | + keystone/common/sql/core.py | 1 + |
3813 | + keystone/common/wsgi.py | 3 ++ |
3814 | + keystone/contrib/ec2/core.py | 20 +++++-------- |
3815 | + keystone/exception.py | 50 +++++++++++++++++++++++++++---- |
3816 | + keystone/identity/backends/kvs.py | 19 ++++++++---- |
3817 | + keystone/identity/backends/ldap/core.py | 2 +- |
3818 | + keystone/identity/backends/sql.py | 23 ++++++++++++++ |
3819 | + keystone/identity/core.py | 24 ++++++++------- |
3820 | + keystone/policy/backends/rules.py | 2 +- |
3821 | + keystone/service.py | 4 +-- |
3822 | + tests/test_exception.py | 4 +-- |
3823 | + 14 files changed, 121 insertions(+), 55 deletions(-) |
3824 | + |
3825 | +commit 5d07cdf438b97ec2fdc4685b2f1559f3258da102 |
3826 | +Author: Michael Basnight <mbasnight@gmail.com> |
3827 | +Date: Tue Mar 20 08:53:31 2012 -0500 |
3828 | + |
3829 | + Changing belongsTo validation back to ID |
3830 | + |
3831 | + * Fixes lp#960218 |
3832 | + |
3833 | + Change-Id: I6296413c211da92a4d0e07a544ca812d3544cb73 |
3834 | + |
3835 | + keystone/service.py | 2 +- |
3836 | + tests/test_content_types.py | 2 +- |
3837 | + 2 files changed, 2 insertions(+), 2 deletions(-) |
3838 | + |
3839 | +commit 3a70a2f9281fdfec6f770cfb60fcd2dce5a77c5f |
3840 | +Merge: 632fb0a 193374a |
3841 | +Author: Jenkins <jenkins@review.openstack.org> |
3842 | +Date: Tue Mar 20 04:55:46 2012 +0000 |
3843 | + |
3844 | + Merge "Fixes LP #954089 - Service list templated catalog" |
3845 | + |
3846 | +commit 632fb0a8cb4eddf76ce0695472601d69115149a9 |
3847 | +Merge: 4f3dade 2324247 |
3848 | +Author: Jenkins <jenkins@review.openstack.org> |
3849 | +Date: Tue Mar 20 04:49:56 2012 +0000 |
3850 | + |
3851 | + Merge "Swift middleware doc update." |
3852 | + |
3853 | +commit 4f3dade2367270442b685426befd6d6de665797b |
3854 | +Merge: ed231ff 678dcad |
3855 | +Author: Jenkins <jenkins@review.openstack.org> |
3856 | +Date: Tue Mar 20 04:44:01 2012 +0000 |
3857 | + |
3858 | + Merge "Refactor keystone.common.logging use (bug 948224)" |
3859 | + |
3860 | +commit ed231ffa8c3e90125bc73c528d1db8b46f3f5381 |
3861 | +Merge: 36b2b22 00a2392 |
3862 | +Author: Jenkins <jenkins@review.openstack.org> |
3863 | +Date: Tue Mar 20 04:37:59 2012 +0000 |
3864 | + |
3865 | + Merge "Installing keystone docs" |
3866 | + |
3867 | +commit 6f8752bf6ea74fb8841dac1a1d6b62af019b48e5 |
3868 | +Author: Brian Waldon <bcwaldon@gmail.com> |
3869 | +Date: Mon Mar 19 14:21:02 2012 -0700 |
3870 | + |
3871 | + Clean up sql connection args |
3872 | + |
3873 | + * Convert idle_timeout (pool_recycle) to integer |
3874 | + * Drop min_pool_size, max_pool_size, pool_timeout |
3875 | + * Fixes bug 959916 |
3876 | + |
3877 | + Change-Id: Ie124b3abdf00358d6b722e1c2e2a2fb22967ca5a |
3878 | + |
3879 | + doc/source/configuration.rst | 3 --- |
3880 | + etc/keystone.conf | 3 --- |
3881 | + keystone/config.py | 5 +---- |
3882 | + tests/backend_sql.conf | 3 --- |
3883 | + 4 files changed, 1 insertion(+), 13 deletions(-) |
3884 | + |
3885 | +commit 36b2b228daabd07e185e70800863991cbde6ba95 |
3886 | +Merge: 83bc8c0 6f2c858 |
3887 | +Author: Jenkins <jenkins@review.openstack.org> |
3888 | +Date: Tue Mar 20 04:15:44 2012 +0000 |
3889 | + |
3890 | + Merge "Update get_metadata to return {}" |
3891 | + |
3892 | +commit ee577163e32b88ca1345124c96ae3113d9a5ccdd |
3893 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
3894 | +Date: Mon Mar 19 14:49:18 2012 -0500 |
3895 | + |
3896 | + Improved file logging example (bug 959610) |
3897 | + |
3898 | + - Root logger w/ file handler will log WARNING, ERROR, CRITICAL by default |
3899 | + |
3900 | + Change-Id: I36cd07cec85712640daa013563401a3bc52f290c |
3901 | + |
3902 | + .gitignore | 2 +- |
3903 | + etc/keystone.conf | 2 +- |
3904 | + etc/logging.conf.sample | 23 ++++------------------- |
3905 | + 3 files changed, 6 insertions(+), 21 deletions(-) |
3906 | + |
3907 | +commit 83bc8c088ec66a858afce9a889a4407c59b9d48e |
3908 | +Merge: 5027c9d 773f0f8 |
3909 | +Author: Jenkins <jenkins@review.openstack.org> |
3910 | +Date: Mon Mar 19 18:07:20 2012 +0000 |
3911 | + |
3912 | + Merge "Fix default port for identity.internalURL" |
3913 | + |
3914 | +commit 5027c9d7150815abe1dde7e4d85d41eb2d0fad4d |
3915 | +Merge: 7c1e32b 56e4103 |
3916 | +Author: Jenkins <jenkins@review.openstack.org> |
3917 | +Date: Mon Mar 19 18:01:19 2012 +0000 |
3918 | + |
3919 | + Merge "docstring cleanup to remove sphinx warnings" |
3920 | + |
3921 | +commit 2324247baac2ba620da1f6cdc540462e6f0b6a5f |
3922 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
3923 | +Date: Mon Mar 19 14:53:36 2012 +0000 |
3924 | + |
3925 | + Swift middleware doc update. |
3926 | + |
3927 | + Change-Id: I01ecc4d602b5e887f66d32676f11a92d022f693f |
3928 | + |
3929 | + doc/source/configuringservices.rst | 13 ++++++++----- |
3930 | + 1 file changed, 8 insertions(+), 5 deletions(-) |
3931 | + |
3932 | +commit 7c1e32bba6837eb0937e6e7567aa5e7981db7fec |
3933 | +Merge: 43a84e3 2146119 |
3934 | +Author: Jenkins <jenkins@review.openstack.org> |
3935 | +Date: Mon Mar 19 16:26:45 2012 +0000 |
3936 | + |
3937 | + Merge "Remove nova-specific middlewares" |
3938 | + |
3939 | +commit 43a84e3b96450d29b7f3139a6e830583038c1d24 |
3940 | +Merge: 2c6a232 239e4f6 |
3941 | +Author: Jenkins <jenkins@review.openstack.org> |
3942 | +Date: Mon Mar 19 16:20:55 2012 +0000 |
3943 | + |
3944 | + Merge "Add check for MAX_PASSWORD_LENGTH to utils." |
3945 | + |
3946 | +commit 193374af3860e17ed03bb0431d823046079ae444 |
3947 | +Author: Jay Pipes <jaypipes@gmail.com> |
3948 | +Date: Tue Mar 13 17:30:07 2012 -0400 |
3949 | + |
3950 | + Fixes LP #954089 - Service list templated catalog |
3951 | + |
3952 | + * Adds missing test cases for the TemplatedCatalog |
3953 | + * Adds a base CatalogTest that different backends |
3954 | + can use |
3955 | + * Updates kvs.Catalog to raise ServiceNotFound where |
3956 | + appropriate |
3957 | + * Updates the tests.test_keystoneclient_sql to actually |
3958 | + test the SQL catalog backend |
3959 | + * Removes old test for incorrect endpoints listing |
3960 | + * Removes the keystone.catalog.core.Driver.service_exists |
3961 | + method since it was only implemented in the SQL driver |
3962 | + and wasn't required now that get_service and delete_service |
3963 | + properly raise ServiceNotFound exception. |
3964 | + |
3965 | + Change-Id: I35690cc147e56007be27bacf94eeff360e727e5d |
3966 | + |
3967 | + keystone/catalog/backends/kvs.py | 9 +++- |
3968 | + keystone/catalog/backends/sql.py | 10 ++--- |
3969 | + keystone/catalog/backends/templated.py | 3 ++ |
3970 | + keystone/catalog/core.py | 12 ++--- |
3971 | + keystone/exception.py | 4 ++ |
3972 | + keystone/test.py | 75 ++++++++++++++++++++------------ |
3973 | + tests/backend_sql.conf | 3 ++ |
3974 | + tests/default_fixtures.py | 21 +++++++++ |
3975 | + tests/test_backend.py | 20 +++++++++ |
3976 | + tests/test_backend_kvs.py | 7 +-- |
3977 | + tests/test_backend_templated.py | 57 ++++++++++++++++++++++++ |
3978 | + tests/test_keystoneclient.py | 8 ---- |
3979 | + 12 files changed, 174 insertions(+), 55 deletions(-) |
3980 | + |
3981 | +commit 2146119eaddaa5b3e375fef6590458a77932a58b |
3982 | +Author: Brian Waldon <bcwaldon@gmail.com> |
3983 | +Date: Mon Mar 19 08:31:26 2012 -0700 |
3984 | + |
3985 | + Remove nova-specific middlewares |
3986 | + |
3987 | + * Nova now ships with nova.api.auth.NovaKeystoneContext |
3988 | + * Nova does not depend on either of the middlewares being removed |
3989 | + |
3990 | + Change-Id: I9546e5c84ea1453f5dfd2dd7bf9924ccda57f87a |
3991 | + |
3992 | + doc/source/configuringservices.rst | 11 +- |
3993 | + doc/source/nova-api-paste.rst | 143 -------------------------- |
3994 | + keystone/middleware/nova_auth_token.py | 103 ------------------- |
3995 | + keystone/middleware/nova_keystone_context.py | 71 ------------- |
3996 | + 4 files changed, 1 insertion(+), 327 deletions(-) |
3997 | + |
3998 | +commit 239e4f64c2134338b32ffd6d42c0b6ff70cd040c |
3999 | +Author: Dan Prince <dprince@redhat.com> |
4000 | +Date: Fri Mar 16 21:46:31 2012 -0400 |
4001 | + |
4002 | + Add check for MAX_PASSWORD_LENGTH to utils. |
4003 | + |
4004 | + Updates to keystone password hashing and checking functions so |
4005 | + that a max password length is enforced. |
4006 | + |
4007 | + Fixes LP Bug #959288. |
4008 | + |
4009 | + Change-Id: Id3048f3c916e92c59ac5b063d09c3d612d51c97c |
4010 | + |
4011 | + keystone/common/utils.py | 17 +++++++++++++---- |
4012 | + tests/test_utils.py | 5 +++++ |
4013 | + 2 files changed, 18 insertions(+), 4 deletions(-) |
4014 | + |
4015 | +commit 2c6a232c38cf6bbd969421b2fe2fe7d410da327a |
4016 | +Author: Brian Waldon <bcwaldon@gmail.com> |
4017 | +Date: Fri Mar 16 15:55:22 2012 -0700 |
4018 | + |
4019 | + Remove glance_auth_token middleware |
4020 | + |
4021 | + * Fixes bug 957501 |
4022 | + |
4023 | + Change-Id: I2ae6ec7b391dd41587f2246940a8d392c12c91fe |
4024 | + |
4025 | + keystone/middleware/glance_auth_token.py | 78 ------------------------------ |
4026 | + 1 file changed, 78 deletions(-) |
4027 | + |
4028 | +commit e67732748c7ad4656f6ef5d9da3ff4789199bf9a |
4029 | +Author: Russell Bryant <rbryant@redhat.com> |
4030 | +Date: Wed Mar 14 16:55:24 2012 -0400 |
4031 | + |
4032 | + Support PyPAM in pam backend, update to latest API |
4033 | + |
4034 | + Fix bug 938801. |
4035 | + |
4036 | + This bug pointed out that some distros don't have the same pam Python |
4037 | + module packaged that this backend was expecting. In my case, on Fedora, |
4038 | + it's PAM and the API is not compatible with the pam module that was |
4039 | + used. This patch makes the backend support PyPAM, as well as the |
4040 | + original pam module that was used. |
4041 | + |
4042 | + In order to test this, I updated the pam backend to the latest backend |
4043 | + API. Even though the base class will raise NotImplementedError, I |
4044 | + included all functions here to make it more clear all of the things |
4045 | + this backend does not do. |
4046 | + |
4047 | + Change-Id: I74144f4e63b6830c8224bc87e1662eb5df8728a0 |
4048 | + |
4049 | + keystone/identity/backends/pam.py | 137 +++++++++++++++++++++++++++++++++---- |
4050 | + 1 file changed, 125 insertions(+), 12 deletions(-) |
4051 | + |
4052 | +commit 88ac1edec0b62fe5b18b2b0ffce3798f63f21351 |
4053 | +Merge: c93f663 f8cbd61 |
4054 | +Author: Jenkins <jenkins@review.openstack.org> |
4055 | +Date: Fri Mar 16 02:34:15 2012 +0000 |
4056 | + |
4057 | + Merge "sample_data.sh: check file paths for packaged installations" |
4058 | + |
4059 | +commit c93f6633cdcde89c346054a478fa17b12940b395 |
4060 | +Merge: 2415b17 9363d5f |
4061 | +Author: Jenkins <jenkins@review.openstack.org> |
4062 | +Date: Thu Mar 15 22:34:02 2012 +0000 |
4063 | + |
4064 | + Merge "Properly return 501 for unsupported Catalog calls" |
4065 | + |
4066 | +commit 2415b171b113aea4f4fbec5856b92cec36d44709 |
4067 | +Merge: 096300d e7bb737 |
4068 | +Author: Jenkins <jenkins@review.openstack.org> |
4069 | +Date: Thu Mar 15 17:23:52 2012 +0000 |
4070 | + |
4071 | + Merge "Add automatically generated code docs." |
4072 | + |
4073 | +commit 096300d072d8545f899586af44968c9ba43d380b |
4074 | +Merge: fdca62c ab6be05 |
4075 | +Author: Jenkins <jenkins@review.openstack.org> |
4076 | +Date: Thu Mar 15 14:46:48 2012 +0000 |
4077 | + |
4078 | + Merge "Update username -> name in token response." |
4079 | + |
4080 | +commit 773f0f84af282cd3e53650ccbb99284c37677b6a |
4081 | +Author: Julien Danjou <julien.danjou@enovance.com> |
4082 | +Date: Thu Mar 15 11:38:29 2012 +0100 |
4083 | + |
4084 | + Fix default port for identity.internalURL |
4085 | + |
4086 | + This should be the public_port and not the admin one. |
4087 | + |
4088 | + Change-Id: Ib09e7479c0507797532e6bb91d76b7d3083cc761 |
4089 | + Signed-off-by: Julien Danjou <julien.danjou@enovance.com> |
4090 | + |
4091 | + etc/default_catalog.templates | 2 +- |
4092 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
4093 | + |
4094 | +commit fdca62c93858e5bac09e5e20e0818585946a598d |
4095 | +Merge: 9a2010b d2c6e88 |
4096 | +Author: Jenkins <jenkins@review.openstack.org> |
4097 | +Date: Thu Mar 15 07:49:17 2012 +0000 |
4098 | + |
4099 | + Merge "Raising unauthorized instead of 500 (bug 954547)" |
4100 | + |
4101 | +commit 00a239278553fd357e56da35b559ec329dc9796a |
4102 | +Author: Joe Heck <heckj@mac.com> |
4103 | +Date: Wed Mar 14 19:03:59 2012 -0700 |
4104 | + |
4105 | + Installing keystone docs |
4106 | + |
4107 | + fixes bug 954217 |
4108 | + |
4109 | + Change-Id: Iba79d2d5bae836037d5b0e10169d9bbdba8603dc |
4110 | + |
4111 | + doc/source/index.rst | 5 +- |
4112 | + doc/source/installing.rst | 115 +++++++++++++++++++++++++++++++++++++++++++++ |
4113 | + 2 files changed, 118 insertions(+), 2 deletions(-) |
4114 | + |
4115 | +commit ab6be05068068b0902db44b1d60f56eea4fe1215 |
4116 | +Author: Brian Lamar <brian.lamar@rackspace.com> |
4117 | +Date: Wed Mar 14 18:30:13 2012 -0400 |
4118 | + |
4119 | + Update username -> name in token response. |
4120 | + |
4121 | + Tokens validation responses contain user information. The API docs |
4122 | + seem to indicate token["user"]["name"] contains the username but |
4123 | + currently the auth_token.py middleware checks for |
4124 | + token["user"]["username"]. This updates that check and the tests. |
4125 | + |
4126 | + Fixes bug 955563 |
4127 | + |
4128 | + Change-Id: Ib2fbf6fcea87f7066394cf14c18158f1e5eeaf06 |
4129 | + |
4130 | + keystone/middleware/auth_token.py | 2 +- |
4131 | + tests/test_auth_token_middleware.py | 8 ++++---- |
4132 | + 2 files changed, 5 insertions(+), 5 deletions(-) |
4133 | + |
4134 | +commit 678dcad410b2496eb1ed34bb91c0d0914a9c6b0d |
4135 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
4136 | +Date: Wed Mar 14 14:28:04 2012 -0500 |
4137 | + |
4138 | + Refactor keystone.common.logging use (bug 948224) |
4139 | + |
4140 | + Change-Id: I01b2b5748a2524273bb8c2b734ab22415652f739 |
4141 | + |
4142 | + HACKING.rst | 20 ++++++++++++++++ |
4143 | + keystone/catalog/backends/templated.py | 2 +- |
4144 | + keystone/common/bufferedhttp.py | 8 +++++-- |
4145 | + keystone/common/ldap/core.py | 5 ++-- |
4146 | + keystone/common/ldap/fakeldap.py | 4 ++-- |
4147 | + keystone/common/sql/nova.py | 16 ++++++------- |
4148 | + keystone/common/utils.py | 15 ++++++------ |
4149 | + keystone/common/wsgi.py | 37 +++++++++++++++-------------- |
4150 | + keystone/middleware/auth_token.py | 40 ++++++++++++++++---------------- |
4151 | + keystone/policy/backends/rules.py | 2 +- |
4152 | + keystone/test.py | 3 ++- |
4153 | + 11 files changed, 90 insertions(+), 62 deletions(-) |
4154 | + |
4155 | +commit 9a2010bfe81a386610a294d0b29c31e12db79773 |
4156 | +Merge: acc9f89 f4915af |
4157 | +Author: Jenkins <jenkins@review.openstack.org> |
4158 | +Date: Wed Mar 14 20:45:40 2012 +0000 |
4159 | + |
4160 | + Merge "Allow connect to another tenant." |
4161 | + |
4162 | +commit e7bb73767ba9b538bdab85cdb4edb2549c02427f |
4163 | +Author: Russell Bryant <rbryant@redhat.com> |
4164 | +Date: Wed Mar 14 16:05:46 2012 -0400 |
4165 | + |
4166 | + Add automatically generated code docs. |
4167 | + |
4168 | + Fix bug 954734. |
4169 | + |
4170 | + Fix "python setup.py build_sphinx" to build the code documentation via |
4171 | + sphinx-apidoc. |
4172 | + |
4173 | + Change-Id: I18eced31aab424b7c808697324cbf6cfede442a7 |
4174 | + |
4175 | + setup.py | 3 +++ |
4176 | + 1 file changed, 3 insertions(+) |
4177 | + |
4178 | +commit 9363d5fea676e1e083c5afe5287ef30c806046bf |
4179 | +Author: Adam Gandelman <adamg@canonical.com> |
4180 | +Date: Tue Mar 13 16:23:45 2012 -0700 |
4181 | + |
4182 | + Properly return 501 for unsupported Catalog calls |
4183 | + |
4184 | + Similar to the other APIs, this creates a Driver class that describes |
4185 | + expected functionality of the catalog driver and raises NotImplemented |
4186 | + accordingly. NotImplementedError()'s are caught and returned as proper |
4187 | + 501s instead of AttributeErrors. |
4188 | + |
4189 | + Also fixes some inconsistent paramters names in the sql backend. |
4190 | + |
4191 | + Fixes bug 954087 |
4192 | + |
4193 | + Update: Convert usage of NotImplementedError() to new |
4194 | + keystone.exception.NotImplemented() for all |
4195 | + unimplemented driver actions. |
4196 | + |
4197 | + Change-Id: I69d8e21a6f651e69b724ec5ed5784645bad80c00 |
4198 | + |
4199 | + doc/source/architecture.rst | 2 +- |
4200 | + keystone/catalog/backends/kvs.py | 3 +- |
4201 | + keystone/catalog/backends/sql.py | 6 +-- |
4202 | + keystone/catalog/core.py | 79 ++++++++++++++++++++++++++++++++++++++ |
4203 | + keystone/exception.py | 6 +++ |
4204 | + keystone/identity/core.py | 56 +++++++++++++-------------- |
4205 | + keystone/policy/core.py | 3 +- |
4206 | + keystone/service.py | 4 +- |
4207 | + keystone/token/core.py | 7 ++-- |
4208 | + 9 files changed, 127 insertions(+), 39 deletions(-) |
4209 | + |
4210 | +commit acc9f892b36aa7315ac84d1e7f6506a6fea9fbad |
4211 | +Merge: b03c204 a1e0174 |
4212 | +Author: Jenkins <jenkins@review.openstack.org> |
4213 | +Date: Wed Mar 14 18:22:30 2012 +0000 |
4214 | + |
4215 | + Merge "Update docs for keystone client cli args" |
4216 | + |
4217 | +commit 56e41037ba41b2507722dcbc54157cfe4cf4535f |
4218 | +Author: Joe Heck <heckj@mac.com> |
4219 | +Date: Wed Mar 14 17:19:37 2012 +0000 |
4220 | + |
4221 | + docstring cleanup to remove sphinx warnings |
4222 | + |
4223 | + Change-Id: Icfc273f2466f48307d2addd22b70f1759d23fd97 |
4224 | + |
4225 | + keystone/common/policy.py | 17 ++++++++++------- |
4226 | + keystone/policy/backends/rules.py | 6 ++++-- |
4227 | + 2 files changed, 14 insertions(+), 9 deletions(-) |
4228 | + |
4229 | +commit b03c2047815ff341547d2d9792dfd392148d277a |
4230 | +Author: Joe Heck <heckj@mac.com> |
4231 | +Date: Wed Mar 14 05:08:58 2012 +0000 |
4232 | + |
4233 | + updating documentation for rewrite of auth_token. |
4234 | + |
4235 | + fixes bug 944372 |
4236 | + |
4237 | + Change-Id: Ifac365a6eb141e0ca4701cf139d6ea66a0b3ffbc |
4238 | + |
4239 | + doc/source/configuringservices.rst | 3 +- |
4240 | + doc/source/images/graphs_305.svg | 41 -- |
4241 | + doc/source/images/graphs_both.svg | 36 -- |
4242 | + .../images/graphs_delegate_forbiden_basic.svg | 53 -- |
4243 | + .../images/graphs_delegate_forbiden_proxy.svg | 52 -- |
4244 | + doc/source/images/graphs_delegate_reject_basic.svg | 55 -- |
4245 | + doc/source/images/graphs_delegate_reject_oauth.svg | 56 -- |
4246 | + .../images/graphs_delegate_unimplemented.svg | 53 -- |
4247 | + doc/source/images/graphs_mapper.svg | 73 --- |
4248 | + doc/source/images/graphs_proxyAuth.svg | 51 -- |
4249 | + doc/source/images/images_layouts.svg | 200 ------- |
4250 | + doc/source/index.rst | 3 +- |
4251 | + doc/source/middleware_architecture.rst | 555 +++++--------------- |
4252 | + doc/source/old/middleware.rst | 169 ------ |
4253 | + doc/source/setup.rst | 28 +- |
4254 | + 15 files changed, 148 insertions(+), 1280 deletions(-) |
4255 | + |
4256 | +commit f4915afc5af0d1252e7779fcc30ffff892a69d91 |
4257 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
4258 | +Date: Wed Mar 14 16:19:12 2012 +0000 |
4259 | + |
4260 | + Allow connect to another tenant. |
4261 | + |
4262 | + - Works with nova s3_affix_tenant. |
4263 | + - This would only be allowed for user who has reselleradmin rights. |
4264 | + - Fixes bug 954505. |
4265 | + |
4266 | + Change-Id: Iea84f1c61f6c725982c8bee95889ce084d9ffd82 |
4267 | + |
4268 | + keystone/middleware/s3_token.py | 26 +++++++++++++++++++++----- |
4269 | + 1 file changed, 21 insertions(+), 5 deletions(-) |
4270 | + |
4271 | +commit fb4cbe9d3766ac0ccbe746114d5c6745bc91e002 |
4272 | +Merge: 5b3e05b dc41cb5 |
4273 | +Author: Jenkins <jenkins@review.openstack.org> |
4274 | +Date: Wed Mar 14 06:08:00 2012 +0000 |
4275 | + |
4276 | + Merge "Failing to update tenants (bug 953678, bug 954673)" |
4277 | + |
4278 | +commit a1e01747ea81fc128d08c02d449b477f52003680 |
4279 | +Author: Dean Troyer <dtroyer@gmail.com> |
4280 | +Date: Wed Mar 14 00:35:47 2012 -0500 |
4281 | + |
4282 | + Update docs for keystone client cli args |
4283 | + |
4284 | + Changes CLI args in keystone command per updated http://wiki.openstack.org/CLIAuth |
4285 | + |
4286 | + Change-Id: I097181c418f6cc2226fceb5c79d87fde36026594 |
4287 | + |
4288 | + doc/source/configuration.rst | 12 ++++++------ |
4289 | + 1 file changed, 6 insertions(+), 6 deletions(-) |
4290 | + |
4291 | +commit d2c6e88200bb33708a0861da4d1a10c0f7984895 |
4292 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
4293 | +Date: Tue Mar 13 22:06:34 2012 -0500 |
4294 | + |
4295 | + Raising unauthorized instead of 500 (bug 954547) |
4296 | + |
4297 | + Change-Id: I557ff1ca51261edf0824aeb4565816216c59c76e |
4298 | + |
4299 | + keystone/common/wsgi.py | 21 +++++++++++++++------ |
4300 | + 1 file changed, 15 insertions(+), 6 deletions(-) |
4301 | + |
4302 | +commit dc41cb5c11951b416d3e379bc944ac85737b979a |
4303 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
4304 | +Date: Tue Mar 13 16:11:27 2012 -0500 |
4305 | + |
4306 | + Failing to update tenants (bug 953678, bug 954673) |
4307 | + |
4308 | + - GET /tenants: Enabled attribute was being overridden |
4309 | + - "POST" /tenants/{tenant_id}: was failing to update KVS |
4310 | + |
4311 | + Change-Id: Icc1efef52d35777d73e6010bdfc0409e24570aa2 |
4312 | + |
4313 | + keystone/identity/backends/kvs.py | 3 +- |
4314 | + keystone/identity/core.py | 3 +- |
4315 | + tests/test_keystoneclient.py | 56 ++++++++++++++++++++++++++++--------- |
4316 | + 3 files changed, 47 insertions(+), 15 deletions(-) |
4317 | + |
4318 | +commit 5b3e05bbabd5366461630327e4498fe582ff8ab7 |
4319 | +Author: Adam Young <ayoung@redhat.com> |
4320 | +Date: Wed Mar 7 16:04:32 2012 -0500 |
4321 | + |
4322 | + added LDAP section to architecture and architecture |
4323 | + |
4324 | + https://bugs.launchpad.net/keystone/+bug/949521 |
4325 | + |
4326 | + Bug 949521 |
4327 | + |
4328 | + Change-Id: I2e37c0d946e3d97a2c4bc4bf4a50bd94466f70c2 |
4329 | + |
4330 | + doc/source/architecture.rst | 6 ++++++ |
4331 | + doc/source/configuration.rst | 42 +++++++++++++++++++++++++++++++++++++++--- |
4332 | + 2 files changed, 45 insertions(+), 3 deletions(-) |
4333 | + |
4334 | +commit e65a22c43a7fe44621080cee01f394c90b54320d |
4335 | +Author: Peng Yong <ppyy@pubyun.com> |
4336 | +Date: Sun Mar 11 10:35:15 2012 +0800 |
4337 | + |
4338 | + Bug #943031 MySQL Server has gone away |
4339 | + added docnotes of error messages caught for mysql and reference |
4340 | + |
4341 | + Change-Id: I147b32193436be891e54e36c6adc1b16fda886d3 |
4342 | + |
4343 | + AUTHORS | 1 + |
4344 | + keystone/common/sql/core.py | 43 +++++++++++++++++++++++++++++++++++++++---- |
4345 | + 2 files changed, 40 insertions(+), 4 deletions(-) |
4346 | + |
4347 | +commit 97460ef70b7a8008a27f73384c389c2b4c23dded |
4348 | +Merge: dee8153 73af033 |
4349 | +Author: Jenkins <jenkins@review.openstack.org> |
4350 | +Date: Tue Mar 13 21:28:39 2012 +0000 |
4351 | + |
4352 | + Merge "Improved legacy tenancy resolution (bug 951933)" |
4353 | + |
4354 | +commit dee81534cb2743262e2287da35e9b5970bd9cc12 |
4355 | +Author: Joe Heck <heckj@mac.com> |
4356 | +Date: Tue Mar 13 13:53:40 2012 -0700 |
4357 | + |
4358 | + making all use of time follow datetime.utcnow() |
4359 | + fixes bug 954057 |
4360 | + |
4361 | + Change-Id: I14fa475dc03410b8843ab028d30fbc8802c4be30 |
4362 | + |
4363 | + keystone/token/backends/kvs.py | 2 +- |
4364 | + keystone/token/backends/sql.py | 2 +- |
4365 | + keystone/token/core.py | 4 ++-- |
4366 | + tests/test_backend_memcache.py | 2 +- |
4367 | + 4 files changed, 5 insertions(+), 5 deletions(-) |
4368 | + |
4369 | +commit 73af033ded8fe9ba54c37ab4f2a7553b3be1e450 |
4370 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
4371 | +Date: Tue Mar 13 12:27:53 2012 -0500 |
4372 | + |
4373 | + Improved legacy tenancy resolution (bug 951933) |
4374 | + |
4375 | + Change-Id: Ia6fd5eb57e8d7f90328117351f7b814b1b4495dc |
4376 | + |
4377 | + keystone/middleware/auth_token.py | 33 ++++-- |
4378 | + tests/test_auth_token_middleware.py | 201 ++++++++++++++++++++++++++--------- |
4379 | + 2 files changed, 174 insertions(+), 60 deletions(-) |
4380 | + |
4381 | +commit f8cbd611cfa258f75051e41ebd83501cfec06630 |
4382 | +Author: Alan Pevec <apevec@redhat.com> |
4383 | +Date: Mon Feb 27 17:59:33 2012 +0100 |
4384 | + |
4385 | + sample_data.sh: check file paths for packaged installations |
4386 | + |
4387 | + v4: try to use system-wide configuration first |
4388 | + then fallback to assuming git checkout |
4389 | + |
4390 | + Change-Id: I6916f554cb9848fcb2d090e142b8915ad19a7486 |
4391 | + |
4392 | + tools/sample_data.sh | 19 +++++++++++++++---- |
4393 | + 1 file changed, 15 insertions(+), 4 deletions(-) |
4394 | + |
4395 | +commit 1e07b98d77a6ccb254e6f4411682235a47dab137 |
4396 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
4397 | +Date: Sat Mar 10 17:22:06 2012 +0100 |
4398 | + |
4399 | + Fix iso8601 import/use and date comparaison. |
4400 | + |
4401 | + - Store the unix time from iso8601.parse_date to compare against |
4402 | + time.time. |
4403 | + - on a WSGI environement the import don't get passed to the methods from |
4404 | + __init__ use a self. variable. |
4405 | + - Fixes bug 951603. |
4406 | + - Add unit tests. |
4407 | + - Add iso8601 to test-requires. |
4408 | + |
4409 | + Change-Id: Ia8af8b203d1310d5ae6868c3a14dfdf68d6e5331 |
4410 | + |
4411 | + keystone/middleware/auth_token.py | 6 ++- |
4412 | + tests/test_auth_token_middleware.py | 93 ++++++++++++++++++++++++++++------- |
4413 | + tools/test-requires | 1 + |
4414 | + 3 files changed, 79 insertions(+), 21 deletions(-) |
4415 | + |
4416 | +commit a036b3f77ba39301d0a5d44afe6c4253c0db8b15 |
4417 | +Author: Dean Troyer <dtroyer@gmail.com> |
4418 | +Date: Mon Mar 12 14:45:34 2012 -0500 |
4419 | + |
4420 | + Fix double-quoted service names |
4421 | + |
4422 | + The Keystone service template parser doesn't do any quote interpolation, |
4423 | + it just splits on ' = ' and passes the two parts on. So we just remove |
4424 | + the quotes for now. |
4425 | + |
4426 | + Fixes bug 943523 |
4427 | + |
4428 | + Change-Id: Ib9e17e70926339ab67f9c50a52a5036eeb7bfb65 |
4429 | + |
4430 | + etc/default_catalog.templates | 10 +++++----- |
4431 | + 1 file changed, 5 insertions(+), 5 deletions(-) |
4432 | + |
4433 | +commit f6fd0c79219e0b4f8108aba73553b120f763af54 |
4434 | +Merge: 0c3c27c 1b64c84 |
4435 | +Author: Jenkins <jenkins@review.openstack.org> |
4436 | +Date: Sun Mar 11 06:42:37 2012 +0000 |
4437 | + |
4438 | + Merge "Remove Nova Diablo reference from migrate docs" |
4439 | + |
4440 | +commit 1b64c8405381000b8738195b265c6c81690d8e9e |
4441 | +Author: Brian Waldon <bcwaldon@gmail.com> |
4442 | +Date: Sat Mar 10 20:59:40 2012 -0800 |
4443 | + |
4444 | + Remove Nova Diablo reference from migrate docs |
4445 | + |
4446 | + Change-Id: Ic8e07197db0b926c2ac7ee0ad6fcc936314ffe6f |
4447 | + |
4448 | + doc/source/configuration.rst | 2 +- |
4449 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
4450 | + |
4451 | +commit 0c3c27c7dbf8a4d359e8cae7f80fcaad5d8582e9 |
4452 | +Author: Deepak Garg <deepakgarg.iitg@gmail.com> |
4453 | +Date: Thu Mar 8 09:16:26 2012 +0530 |
4454 | + |
4455 | + Fixes the cli documentation of user/tenant/roles |
4456 | + |
4457 | + Fixed the subcommands and basic misconfiguration mentioned in bug #948211 |
4458 | + |
4459 | + Note: deleted the old commands after the review comments. |
4460 | + |
4461 | + Change-Id: I2a8491c35f346d120581156ae1743d07c3c11fd0 |
4462 | + |
4463 | + AUTHORS | 1 + |
4464 | + doc/source/configuration.rst | 103 +++++++++++++----------------------------- |
4465 | + 2 files changed, 32 insertions(+), 72 deletions(-) |
4466 | + |
4467 | +commit 9d245f8b6867bb7cb2b1230055de1230a483f0cb |
4468 | +Merge: a863c13 2f4fb46 |
4469 | +Author: Jenkins <jenkins@review.openstack.org> |
4470 | +Date: Sun Mar 11 01:54:48 2012 +0000 |
4471 | + |
4472 | + Merge "create service endpoints in sample data" |
4473 | + |
4474 | +commit a863c136720a1e3ddc098588afd171dc10ffb308 |
4475 | +Author: Brian Waldon <bcwaldon@gmail.com> |
4476 | +Date: Sat Mar 10 13:59:44 2012 -0800 |
4477 | + |
4478 | + Add simple set of tests for auth_token middleware |
4479 | + |
4480 | + Change-Id: Ie959e91dc555e35b8e5ba4b01c68a3f232efc115 |
4481 | + |
4482 | + keystone/middleware/auth_token.py | 7 +- |
4483 | + tests/test_auth_token_middleware.py | 162 +++++++++++++++++++++++++++++++++++ |
4484 | + 2 files changed, 168 insertions(+), 1 deletion(-) |
4485 | + |
4486 | +commit 7ee2a4618314217c1b5bae15e9346be4d9cb8107 |
4487 | +Merge: c373132 d6631d8 |
4488 | +Author: Jenkins <jenkins@review.openstack.org> |
4489 | +Date: Sat Mar 10 19:21:04 2012 +0000 |
4490 | + |
4491 | + Merge "update documention on changing user password" |
4492 | + |
4493 | +commit c373132e7fc720690d0f7531e1f5871632984c4f |
4494 | +Merge: 6db0067 259d938 |
4495 | +Author: Jenkins <jenkins@review.openstack.org> |
4496 | +Date: Sat Mar 10 19:01:34 2012 +0000 |
4497 | + |
4498 | + Merge "enables run_test option to skip integration" |
4499 | + |
4500 | +commit 6db00670ea33c39c408d657525ebd778c8932ce1 |
4501 | +Merge: ee5083d 48f2c7d |
4502 | +Author: Jenkins <jenkins@review.openstack.org> |
4503 | +Date: Sat Mar 10 11:29:31 2012 +0000 |
4504 | + |
4505 | + Merge "Add AUTHORS to the tarball." |
4506 | + |
4507 | +commit d6631d81d5f469415aed2023367adccb529ea656 |
4508 | +Author: Yaguang Tang <heut2008@gmail.com> |
4509 | +Date: Sat Mar 10 15:51:56 2012 +0800 |
4510 | + |
4511 | + update documention on changing user password |
4512 | + |
4513 | + Change-Id: I73be30eed4d2eed7a53c9dbdb5f29ec9c8f6eb6f |
4514 | + |
4515 | + doc/source/configuration.rst | 4 ++-- |
4516 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
4517 | + |
4518 | +commit ee5083d7b4d7c9f3d687ccba6fe652af0966b9e0 |
4519 | +Merge: b5c8b3a 94abc7e |
4520 | +Author: Jenkins <jenkins@review.openstack.org> |
4521 | +Date: Sat Mar 10 07:35:54 2012 +0000 |
4522 | + |
4523 | + Merge "Make sure we have a port number before int it." |
4524 | + |
4525 | +commit 259d9380e835d03d7358e4d953404b8207b8e8d7 |
4526 | +Author: Joe Heck <heckj@mac.com> |
4527 | +Date: Fri Mar 9 22:41:47 2012 -0800 |
4528 | + |
4529 | + enables run_test option to skip integration |
4530 | + |
4531 | + * fixes bug 948495 |
4532 | + |
4533 | + Change-Id: I274bfe9611d677c44117a0d9ff67394790794fc4 |
4534 | + |
4535 | + run_tests.sh | 8 ++++++++ |
4536 | + 1 file changed, 8 insertions(+) |
4537 | + |
4538 | +commit b5c8b3a81911491c97ee95e741c75ffd269f382a |
4539 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
4540 | +Date: Fri Mar 2 15:31:54 2012 +0000 |
4541 | + |
4542 | + Add token caching via memcache. |
4543 | + |
4544 | + - Fixes bug 938253 |
4545 | + - caching requires both python-memcache and iso8601 |
4546 | + |
4547 | + Change-Id: I23d5849aad4c6a2333b903eaca6d4f00be8615d3 |
4548 | + |
4549 | + doc/source/nova-api-paste.rst | 2 +- |
4550 | + doc/source/old/middleware.rst | 2 +- |
4551 | + keystone/middleware/auth_token.py | 70 +++++++++++++++++++++++++++++++++++++ |
4552 | + 3 files changed, 72 insertions(+), 2 deletions(-) |
4553 | + |
4554 | +commit 6f2c858f4382395bd4b4232e7ba3dd509327e4c6 |
4555 | +Author: Brian Lamar <brian.lamar@rackspace.com> |
4556 | +Date: Fri Mar 9 15:24:25 2012 -0500 |
4557 | + |
4558 | + Update get_metadata to return {} |
4559 | + |
4560 | + Fixes bug 951093 |
4561 | + |
4562 | + While the actual issue was encountered in keystone/service.py, |
4563 | + the underlying issue is that all identity backends seems to be |
4564 | + returning None when no metadata is found for a user. I would argue |
4565 | + that returning {} makes it easier on clients. |
4566 | + |
4567 | + Change-Id: I06faf755cc0dbe45b5d0a0f86c6235b27c856047 |
4568 | + |
4569 | + keystone/identity/backends/kvs.py | 2 +- |
4570 | + keystone/identity/backends/ldap/core.py | 8 +++----- |
4571 | + keystone/identity/backends/sql.py | 2 +- |
4572 | + tests/default_fixtures.py | 4 ++++ |
4573 | + tests/test_backend.py | 19 +++++++++++++++++-- |
4574 | + 5 files changed, 26 insertions(+), 9 deletions(-) |
4575 | + |
4576 | +commit e05bc6a6edeee5e1430e6c36fb38c911821800f5 |
4577 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
4578 | +Date: Thu Mar 1 12:31:53 2012 -0600 |
4579 | + |
4580 | + Diablo to Essex migration docs (bug 934328) |
4581 | + |
4582 | + - Also includes notes to address bug 947060 |
4583 | + |
4584 | + Change-Id: I2756457861f3e84334a7d37aed31372a3b02dd40 |
4585 | + |
4586 | + doc/source/configuration.rst | 408 ++++++++++++++++++++++-------------- |
4587 | + doc/source/man/keystone-manage.rst | 9 +- |
4588 | + 2 files changed, 260 insertions(+), 157 deletions(-) |
4589 | + |
4590 | +commit 5720730c2e55259f1894368e766256cded51a1df |
4591 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
4592 | +Date: Fri Mar 2 13:38:39 2012 -0600 |
4593 | + |
4594 | + Added license header (bug 929663) |
4595 | + |
4596 | + Change-Id: Ia36a22f2d6bba411e4fad81ea2d6fa1f0465a733 |
4597 | + |
4598 | + keystone/catalog/__init__.py | 16 ++++++++++++++++ |
4599 | + keystone/common/kvs.py | 14 ++++++++++++++ |
4600 | + keystone/common/ldap/__init__.py | 16 ++++++++++++++++ |
4601 | + keystone/common/ldap/core.py | 14 ++++++++++++++ |
4602 | + keystone/common/logging.py | 14 ++++++++++++++ |
4603 | + keystone/common/manager.py | 14 ++++++++++++++ |
4604 | + keystone/common/serializer.py | 16 ++++++++++++++++ |
4605 | + keystone/common/sql/__init__.py | 16 ++++++++++++++++ |
4606 | + keystone/common/sql/core.py | 14 ++++++++++++++ |
4607 | + keystone/common/sql/legacy.py | 14 ++++++++++++++ |
4608 | + keystone/common/sql/nova.py | 14 ++++++++++++++ |
4609 | + keystone/common/sql/util.py | 14 ++++++++++++++ |
4610 | + keystone/contrib/admin_crud/__init__.py | 16 ++++++++++++++++ |
4611 | + keystone/contrib/ec2/__init__.py | 16 ++++++++++++++++ |
4612 | + keystone/contrib/s3/__init__.py | 16 ++++++++++++++++ |
4613 | + keystone/identity/__init__.py | 16 ++++++++++++++++ |
4614 | + keystone/identity/backends/ldap/__init__.py | 16 ++++++++++++++++ |
4615 | + keystone/identity/backends/ldap/core.py | 14 ++++++++++++++ |
4616 | + keystone/middleware/__init__.py | 16 ++++++++++++++++ |
4617 | + keystone/policy/__init__.py | 16 ++++++++++++++++ |
4618 | + keystone/token/__init__.py | 16 ++++++++++++++++ |
4619 | + run_tests.sh | 14 ++++++++++++++ |
4620 | + setup.py | 3 +-- |
4621 | + tests/_ldap_livetest.py | 14 ++++++++++++++ |
4622 | + tests/default_fixtures.py | 16 ++++++++++++++++ |
4623 | + tests/test_backend_ldap.py | 14 ++++++++++++++ |
4624 | + tests/test_content_types.py | 14 ++++++++++++++ |
4625 | + tests/test_serializer.py | 14 ++++++++++++++ |
4626 | + tools/sample_data.sh | 14 ++++++++++++++ |
4627 | + 29 files changed, 419 insertions(+), 2 deletions(-) |
4628 | + |
4629 | +commit 48f2c7d4efb5e4691802fa5124523590b6321975 |
4630 | +Author: Dan Prince <dprince@redhat.com> |
4631 | +Date: Fri Mar 9 12:54:06 2012 -0500 |
4632 | + |
4633 | + Add AUTHORS to the tarball. |
4634 | + |
4635 | + Fixes LP Bug #950998. |
4636 | + |
4637 | + Change-Id: Ia521a9d013ef4fb332df4dc5576cc3e5f13651bc |
4638 | + |
4639 | + MANIFEST.in | 1 + |
4640 | + 1 file changed, 1 insertion(+) |
4641 | + |
4642 | +commit 2f4fb46159e8b73c8aba231ec2239b41bb53183c |
4643 | +Author: Alan Pevec <apevec@redhat.com> |
4644 | +Date: Wed Mar 7 21:31:37 2012 +0100 |
4645 | + |
4646 | + create service endpoints in sample data |
4647 | + |
4648 | + Enable creation of endpoints by setting ENABLE_ENDPOINTS environment |
4649 | + variable. Works with Catalog SQL backend. |
4650 | + |
4651 | + Change-Id: I9ba0ea1b3cf35720fb338e91f48fcbddc326971b |
4652 | + |
4653 | + keystone/catalog/backends/sql.py | 8 +++++- |
4654 | + tools/sample_data.sh | 51 +++++++++++++++++++++++++++++++++----- |
4655 | + 2 files changed, 52 insertions(+), 7 deletions(-) |
4656 | + |
4657 | +commit 303a10b9460c506455a74e890567031cf4c9cdef |
4658 | +Author: Dean Troyer <dtroyer@gmail.com> |
4659 | +Date: Fri Mar 9 00:03:46 2012 -0600 |
4660 | + |
4661 | + Fix EC2 credentials crud after policy backend change |
4662 | + |
4663 | + https://review.openstack.org/4659 implemented the common policy code |
4664 | + but made a change to the exception thrown by wsgi.Application.assert_admin() |
4665 | + and Ec2Controller._is_admin() needed updating. |
4666 | + |
4667 | + Fixes bug 950557 |
4668 | + |
4669 | + Change-Id: I0e27aeeabd1be5a6012e34aa71efdfc2f2d5a726 |
4670 | + |
4671 | + keystone/contrib/ec2/core.py | 2 +- |
4672 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
4673 | + |
4674 | +commit 0a124fa6a114ba357f6aec9ba4da5eb503483a95 |
4675 | +Merge: a2f2274 524cbd5 |
4676 | +Author: Jenkins <jenkins@review.openstack.org> |
4677 | +Date: Thu Mar 8 22:29:04 2012 +0000 |
4678 | + |
4679 | + Merge "add more default catalog templates" |
4680 | + |
4681 | +commit a2f2274c69df2ca5b040a69173f3eb7eb030c561 |
4682 | +Author: termie <github@anarkystic.com> |
4683 | +Date: Tue Feb 28 16:50:48 2012 -0800 |
4684 | + |
4685 | + port common policy code to keystone |
4686 | + |
4687 | + keystone.common.policy is copied from nova |
4688 | + |
4689 | + leave simple backend in as a shim until devstack stops referencing it |
4690 | + |
4691 | + Change-Id: Ibd579cfeb99465706d525b6565818a2d8f5f3b7c |
4692 | + |
4693 | + etc/keystone.conf | 2 +- |
4694 | + etc/policy.json | 3 + |
4695 | + keystone/common/policy.py | 207 ++++++++++++++++++++++++++++++++++++ |
4696 | + keystone/common/utils.py | 43 ++++++++ |
4697 | + keystone/common/wsgi.py | 7 +- |
4698 | + keystone/policy/backends/rules.py | 104 ++++++++++++++++++ |
4699 | + keystone/policy/backends/simple.py | 22 +--- |
4700 | + keystone/policy/core.py | 10 ++ |
4701 | + keystone/test.py | 22 ++-- |
4702 | + tests/policy.json | 3 + |
4703 | + tests/test_policy.py | 180 +++++++++++++++++++++++++++++++ |
4704 | + 11 files changed, 575 insertions(+), 28 deletions(-) |
4705 | + |
4706 | +commit e5254d48b133f3ec9798cc8eb48a03cb69ff2d97 |
4707 | +Merge: e422567 71aa1db |
4708 | +Author: Jenkins <jenkins@review.openstack.org> |
4709 | +Date: Thu Mar 8 21:38:24 2012 +0000 |
4710 | + |
4711 | + Merge "fix Nova Volume Service in sample data" |
4712 | + |
4713 | +commit e4225671cf9c5f3bac5a0f061fa90ad73a6ee673 |
4714 | +Author: Michael Basnight <mbasnight@gmail.com> |
4715 | +Date: Wed Mar 7 22:32:23 2012 -0600 |
4716 | + |
4717 | + rename belongs_to to belongsTo as per the API spec. |
4718 | + |
4719 | + fixes lp#949554 |
4720 | + |
4721 | + Change-Id: Ia24dda7e9aa8e075861029dd5edeafd01c9d89c2 |
4722 | + |
4723 | + keystone/service.py | 4 ++-- |
4724 | + tests/test_content_types.py | 2 +- |
4725 | + 2 files changed, 3 insertions(+), 3 deletions(-) |
4726 | + |
4727 | +commit 5231d3cc022d7a894e41f03a53eadd9ec4f16220 |
4728 | +Merge: 5c6bccf a7472f1 |
4729 | +Author: Jenkins <jenkins@review.openstack.org> |
4730 | +Date: Thu Mar 8 20:26:21 2012 +0000 |
4731 | + |
4732 | + Merge "HTTP_AUTHORIZATION was used in proxy mode" |
4733 | + |
4734 | +commit 94abc7ed3e8105cf80ad60558d01fc0839adc027 |
4735 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
4736 | +Date: Fri Mar 2 11:34:16 2012 +0000 |
4737 | + |
4738 | + Make sure we have a port number before int it. |
4739 | + |
4740 | + - Remove unused auth_location in s3_token along the way. |
4741 | + - Fixes bug 944720. |
4742 | + |
4743 | + Change-Id: Ib6e48511d09798868c5ca3fa00472525bc9f8823 |
4744 | + |
4745 | + keystone/middleware/auth_token.py | 3 +-- |
4746 | + keystone/middleware/s3_token.py | 9 +-------- |
4747 | + 2 files changed, 2 insertions(+), 10 deletions(-) |
4748 | + |
4749 | +commit 5c6bccf1c57b06a19845c696c19274ae9f080104 |
4750 | +Author: Michael Basnight <mbasnight@gmail.com> |
4751 | +Date: Wed Mar 7 22:32:23 2012 -0600 |
4752 | + |
4753 | + fixes lp#949648 change belongsTo validate to name |
4754 | + |
4755 | + Change-Id: I3d36290ad95a0440c006e2daff5b831be62957ae |
4756 | + |
4757 | + keystone/service.py | 2 +- |
4758 | + tests/test_content_types.py | 2 +- |
4759 | + 2 files changed, 2 insertions(+), 2 deletions(-) |
4760 | + |
4761 | +commit 4e4f793e0becb19d77cf137587adb9944a15f5f8 |
4762 | +Merge: 161c658 5c7f3cf |
4763 | +Author: Jenkins <jenkins@review.openstack.org> |
4764 | +Date: Thu Mar 8 04:00:28 2012 +0000 |
4765 | + |
4766 | + Merge "Set default identity driver to sql (bug 934332)" |
4767 | + |
4768 | +commit 161c6587af3908a1e6f23c398bc2221395e4466c |
4769 | +Merge: 07985e4 989d62f |
4770 | +Author: Jenkins <jenkins@review.openstack.org> |
4771 | +Date: Thu Mar 8 03:54:52 2012 +0000 |
4772 | + |
4773 | + Merge "Improve auth_str_equal()." |
4774 | + |
4775 | +commit 07985e4349dcead9f5487910020f5dec07351e5e |
4776 | +Merge: d0429ea 98170a7 |
4777 | +Author: Jenkins <jenkins@review.openstack.org> |
4778 | +Date: Thu Mar 8 00:34:28 2012 +0000 |
4779 | + |
4780 | + Merge "fixes bug lp#948439 belongs_to and serviceCatalog behavior * removing belongs_to as a kwarg and getting from the context * adding a serviceCatalog for belongs_to calls to tokens * adding test to validate belongs_to behavior in tokens" |
4781 | + |
4782 | +commit a7472f139d7f1c4b40906e66302db720efdb19a7 |
4783 | +Author: Jesse Andrews <anotherjesse@gmail.com> |
4784 | +Date: Wed Mar 7 16:00:45 2012 -0800 |
4785 | + |
4786 | + HTTP_AUTHORIZATION was used in proxy mode |
4787 | + |
4788 | + Change-Id: I72eae79bd1991321eac224777fb186c5022f2c12 |
4789 | + |
4790 | + keystone/middleware/auth_token.py | 6 ------ |
4791 | + 1 file changed, 6 deletions(-) |
4792 | + |
4793 | +commit 71aa1db60ff4f83599819f1d86aea411bfc9f4ae |
4794 | +Author: Alan Pevec <apevec@redhat.com> |
4795 | +Date: Wed Mar 7 13:52:36 2012 +0100 |
4796 | + |
4797 | + fix Nova Volume Service in sample data |
4798 | + |
4799 | + Change-Id: Ic6bb8ddea1ab894076d1580f5dbbe535aa668a8a |
4800 | + |
4801 | + tools/sample_data.sh | 4 ++-- |
4802 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
4803 | + |
4804 | +commit 98170a73dd28cebf9737c012d03554ffce5fd1f5 |
4805 | +Author: Michael Basnight <mbasnight@gmail.com> |
4806 | +Date: Tue Mar 6 21:36:01 2012 -0600 |
4807 | + |
4808 | + fixes bug lp#948439 belongs_to and serviceCatalog behavior |
4809 | + * removing belongs_to as a kwarg and getting from the context |
4810 | + * adding a serviceCatalog for belongs_to calls to tokens |
4811 | + * adding test to validate belongs_to behavior in tokens |
4812 | + |
4813 | + Change-Id: If6f6a7007a6830c57a5ac71aef0090e57a064232 |
4814 | + |
4815 | + AUTHORS | 1 + |
4816 | + keystone/service.py | 22 ++++++++++++++++++---- |
4817 | + tests/test_content_types.py | 22 +++++++++++++++++++--- |
4818 | + 3 files changed, 38 insertions(+), 7 deletions(-) |
4819 | + |
4820 | +commit d0429ea9b8849f99aa170cd09aef7776e2651dbf |
4821 | +Author: Devin Carlen <devin.carlen@gmail.com> |
4822 | +Date: Sat Mar 3 14:01:46 2012 -0800 |
4823 | + |
4824 | + Make bind host configurable |
4825 | + |
4826 | + * fixes bug 945868 |
4827 | + |
4828 | + Change-Id: Ib33dc9ad1878a9215c1a1ab10814fa7d0905cbdb |
4829 | + |
4830 | + bin/keystone-all | 6 ++++-- |
4831 | + etc/keystone.conf | 1 + |
4832 | + keystone/common/wsgi.py | 11 ++++++----- |
4833 | + keystone/config.py | 1 + |
4834 | + 4 files changed, 12 insertions(+), 7 deletions(-) |
4835 | + |
4836 | +commit fe6414c8c1f769e6cc87fc001b6c52c5fea0f160 |
4837 | +Merge: 358ecca ec35ea8 |
4838 | +Author: Jenkins <jenkins@review.openstack.org> |
4839 | +Date: Wed Mar 7 18:11:04 2012 +0000 |
4840 | + |
4841 | + Merge "Fix coverage jobs for Jenkins." |
4842 | + |
4843 | +commit 358eccac110f0ae315382043386296f27a871a73 |
4844 | +Merge: b68051c fd4e961 |
4845 | +Author: Jenkins <jenkins@review.openstack.org> |
4846 | +Date: Wed Mar 7 18:05:42 2012 +0000 |
4847 | + |
4848 | + Merge "Isolating backtraces to DEBUG (bug 947060)" |
4849 | + |
4850 | +commit 524cbd58acd0c47664e164f72f25524cb95b09f0 |
4851 | +Author: Alan Pevec <apevec@redhat.com> |
4852 | +Date: Tue Mar 6 21:46:52 2012 +0100 |
4853 | + |
4854 | + add more default catalog templates |
4855 | + |
4856 | + Image, Volume and Ec2 services were missing |
4857 | + |
4858 | + Change-Id: I409b0b587b0019dc97bf46760e8f732aa13b88de |
4859 | + |
4860 | + etc/default_catalog.templates | 15 +++++++++++++++ |
4861 | + 1 file changed, 15 insertions(+) |
4862 | + |
4863 | +commit ec35ea8b9e3b9ef3422ca8119e743de974099a68 |
4864 | +Author: Monty Taylor <mordred@inaugust.com> |
4865 | +Date: Tue Mar 6 22:11:38 2012 -0800 |
4866 | + |
4867 | + Fix coverage jobs for Jenkins. |
4868 | + |
4869 | + Change-Id: I9a97ac7b997f531d05d4a6beab7d6c16ced7016a |
4870 | + |
4871 | + tox.ini | 4 ++-- |
4872 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
4873 | + |
4874 | +commit 989d62fe8f606cb4fecaaaf1395e1cd9c3d81d67 |
4875 | +Author: Russell Bryant <rbryant@redhat.com> |
4876 | +Date: Tue Mar 6 13:18:58 2012 -0500 |
4877 | + |
4878 | + Improve auth_str_equal(). |
4879 | + |
4880 | + This patch is to improve auth_str_equal() a bit. The whole point of |
4881 | + this function is to do a string comparison in constant time to help |
4882 | + protect against timing attacks. The original implementation had a bit |
4883 | + of a silly property in that it would exit early if the strings were not |
4884 | + of the same length. This would theoretically still allow someone to |
4885 | + discover the proper length of a password. |
4886 | + |
4887 | + This patch moves the length verification to the end. It also makes it |
4888 | + so the main loop time to run is a function of the provided password |
4889 | + length instead of the length of the shorter of the two strings. |
4890 | + |
4891 | + Change-Id: I6dbe076818b7e3e8a313544ebd5c5734b5a025e5 |
4892 | + |
4893 | + keystone/common/utils.py | 22 +++++++++++++--------- |
4894 | + keystone/contrib/ec2/core.py | 4 ++-- |
4895 | + tests/test_utils.py | 1 + |
4896 | + 3 files changed, 16 insertions(+), 11 deletions(-) |
4897 | + |
4898 | +commit 5c7f3cff8d489fefbc34dadbefea6dc9604c4a4a |
4899 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
4900 | +Date: Fri Mar 2 11:26:29 2012 -0600 |
4901 | + |
4902 | + Set default identity driver to sql (bug 934332) |
4903 | + |
4904 | + Change-Id: Ibc5502f0feb2bcc9583ccd1aa9bf9bd94fef43ca |
4905 | + |
4906 | + etc/keystone.conf | 2 +- |
4907 | + tests/test_overrides.conf | 3 +++ |
4908 | + 2 files changed, 4 insertions(+), 1 deletion(-) |
4909 | + |
4910 | +commit b68051cd13cc71ebd15cd478afedf0c5d07ebd4e |
4911 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
4912 | +Date: Fri Mar 2 10:50:57 2012 -0600 |
4913 | + |
4914 | + Renamed sqlite files (bug 944951) |
4915 | + |
4916 | + Change-Id: Iae7aa34de0bf68da9e422719605753634cc0d113 |
4917 | + |
4918 | + etc/keystone.conf | 2 +- |
4919 | + keystone/common/sql/util.py | 2 +- |
4920 | + tests/backend_sql.conf | 2 +- |
4921 | + 3 files changed, 3 insertions(+), 3 deletions(-) |
4922 | + |
4923 | +commit 6621c79b06fc2848072e59d22d1224ae3a0c593a |
4924 | +Merge: a18b3f2 e8fb989 |
4925 | +Author: Jenkins <jenkins@review.openstack.org> |
4926 | +Date: Tue Mar 6 17:07:45 2012 +0000 |
4927 | + |
4928 | + Merge "Add reseller admin capability." |
4929 | + |
4930 | +commit fd4e9616ddca4dbd0c4f0545c376167b966eae8d |
4931 | +Author: Dolph Mathews <dolph.mathews@gmail.com> |
4932 | +Date: Mon Mar 5 16:47:58 2012 -0600 |
4933 | + |
4934 | + Isolating backtraces to DEBUG (bug 947060) |
4935 | + |
4936 | + Debug mode on: http://pastie.org/3529520 |
4937 | + (full backtrace to stdout) |
4938 | + |
4939 | + Debug mode off: http://pastie.org/3529526 |
4940 | + (Just an error message to stdout) |
4941 | + |
4942 | + Change-Id: I1d4e17cf73e7777c3cbaef7c5d7fd18a4f6e53dc |
4943 | + |
4944 | + keystone/catalog/backends/templated.py | 8 +++++++- |
4945 | + keystone/common/logging.py | 18 ++++++++++++++++++ |
4946 | + keystone/service.py | 4 ++++ |
4947 | + 3 files changed, 29 insertions(+), 1 deletion(-) |
4948 | + |
4949 | +commit a18b3f29c4a977977e6bf29d1edcba43d5e6005b |
4950 | +Merge: f8d7bbd 460c3f3 |
4951 | +Author: Jenkins <jenkins@review.openstack.org> |
4952 | +Date: Mon Mar 5 20:45:05 2012 +0000 |
4953 | + |
4954 | + Merge "Remove trailing whitespaces in regular file" |
4955 | + |
4956 | +commit f8d7bbd45b3e4d4fb3a77a74b1bd54f196dacda0 |
4957 | +Merge: fad1a38 bc34635 |
4958 | +Author: Jenkins <jenkins@review.openstack.org> |
4959 | +Date: Mon Mar 5 20:39:47 2012 +0000 |
4960 | + |
4961 | + Merge "LDAP get_user_by_name" |
4962 | + |
4963 | +commit fad1a388f89681a0f487ad5bb1aba2a58ea14b47 |
4964 | +Author: Joe Heck <heckj@mac.com> |
4965 | +Date: Fri Mar 2 16:39:10 2012 -0800 |
4966 | + |
4967 | + updating readme to point to developer setup docs |
4968 | + * fixes bug 945274 |
4969 | + |
4970 | + Change-Id: I6caf8da9fd0bd5647ae913efd752dd6651abcb85 |
4971 | + |
4972 | + README.rst | 7 +++++++ |
4973 | + 1 file changed, 7 insertions(+) |
4974 | + |
4975 | +commit e8fb989b8b07f3209300ecba043bdf14c94d497f |
4976 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
4977 | +Date: Mon Feb 13 23:29:49 2012 +0000 |
4978 | + |
4979 | + Add reseller admin capability. |
4980 | + |
4981 | + - A user with the reseller admin role will be able to access to every |
4982 | + other accounts. |
4983 | + - Rename name groups to roles. |
4984 | + |
4985 | + Change-Id: I8e86d8280a8fcdefbd4f9386bec11afdad797167 |
4986 | + |
4987 | + keystone/middleware/swift_auth.py | 45 ++++++++++++++++++++++++------------- |
4988 | + 1 file changed, 29 insertions(+), 16 deletions(-) |
4989 | + |
4990 | +commit 460c3f389185f352c36ccbe5e9f11579de334643 |
4991 | +Author: Hengqing Hu <hudayou@hotmail.com> |
4992 | +Date: Sat Mar 3 13:10:06 2012 +0800 |
4993 | + |
4994 | + Remove trailing whitespaces in regular file |
4995 | + |
4996 | + Change-Id: I8d05fbb7a372bf9a813da9165cd40af71a1ae4c2 |
4997 | + |
4998 | + AUTHORS | 1 + |
4999 | + doc/source/index.rst | 2 +- |
5000 | + doc/source/man/keystone-manage.rst | 2 +- |
Yolanda
Minor nitpick; this branch drops an empty line from the changelog;
Other than that builds OK.