Merge lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru into lp:ubuntu/precise-updates/keystone
- Precise (12.04)
- essex-sru
- Merge into precise-updates
Status: | Superseded | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Proposed branch: | lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru | ||||||||||||||||||||
Merge into: | lp:ubuntu/precise-updates/keystone | ||||||||||||||||||||
Diff against target: |
33638 lines (+30158/-3073) 34 files modified
.pc/applied-patches (+0/-3) .pc/fix-ubuntu-tests.patch/tests/test_keystoneclient.py (+9/-9) .pc/keystone-CVE-2012-3542.patch/keystone/identity/core.py (+0/-625) .pc/keystone-CVE-2012-4413.patch/keystone/identity/core.py (+0/-626) .pc/keystone-CVE-2012-4413.patch/keystone/token/core.py (+0/-107) .pc/keystone-CVE-2012-4413.patch/tests/test_keystoneclient.py (+0/-970) .pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2/core.py (+0/-347) ChangeLog (+29735/-0) PKG-INFO (+10/-0) debian/changelog (+29/-0) debian/keystone.logrotate (+3/-0) debian/patches/fix-ubuntu-tests.patch (+10/-12) debian/patches/keystone-CVE-2012-3542.patch (+0/-18) debian/patches/keystone-CVE-2012-4413.patch (+0/-147) debian/patches/keystone-CVE-2012-5571.patch (+0/-62) debian/patches/series (+0/-3) doc/keystone_compat_flows.sdx (+0/-99) keystone.egg-info/PKG-INFO (+10/-0) keystone.egg-info/SOURCES.txt (+176/-0) keystone.egg-info/dependency_links.txt (+1/-0) keystone.egg-info/not-zip-safe (+1/-0) keystone.egg-info/requires.txt (+11/-0) keystone.egg-info/top_level.txt (+1/-0) keystone/identity/core.py (+4/-4) keystone/token/backends/kvs.py (+13/-8) keystone/token/backends/memcache.py (+31/-1) keystone/token/backends/sql.py (+6/-1) keystone/token/core.py (+11/-5) setup.cfg (+8/-11) setup.py (+1/-1) tests/test_backend.py (+56/-5) tests/test_backend_memcache.py (+29/-6) tests/test_keystoneclient.py (+1/-1) tools/pip-requires (+2/-2) |
||||||||||||||||||||
To merge this branch: | bzr merge lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru | ||||||||||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
James Page | Needs Fixing | ||
Review via email:
|
This proposal has been superseded by a proposal from 2012-12-18.
Commit message
Description of the change
- 30. By Yolanda Robla
-
fixing typo in changelog
Unmerged revisions
- 30. By Yolanda Robla
-
fixing typo in changelog
- 29. By Yolanda Robla
-
[ Chuck Short ]
* debian/keystone. logrotate: Compress log file when rotated. (LP: #1049309) [ Yolanda Robla Mota ]
* Resynchronize with stable/essex (c17a9992):
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (CVE-2012-5571)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(CVE-2012-3542)* Dropped, superseeded by new snapshot:
- debian/patches/ CVE-2012- 4413.patch [58ac669]
- debian/patches/ CVE-2012- 5571.patch [8735009]
- debian/patches/ CVE-2012- 3542.patch [5438d3b]
Preview Diff
1 | === modified file '.pc/applied-patches' | |||
2 | --- .pc/applied-patches 2012-11-26 14:07:34 +0000 | |||
3 | +++ .pc/applied-patches 2012-12-18 13:48:25 +0000 | |||
4 | @@ -1,5 +1,2 @@ | |||
5 | 1 | fix-ubuntu-tests.patch | 1 | fix-ubuntu-tests.patch |
6 | 2 | sql_connection.patch | 2 | sql_connection.patch |
7 | 3 | keystone-CVE-2012-3542.patch | ||
8 | 4 | keystone-CVE-2012-4413.patch | ||
9 | 5 | keystone-CVE-2012-5571.patch | ||
10 | 6 | 3 | ||
11 | === modified file '.pc/fix-ubuntu-tests.patch/tests/test_keystoneclient.py' | |||
12 | --- .pc/fix-ubuntu-tests.patch/tests/test_keystoneclient.py 2012-08-24 03:34:59 +0000 | |||
13 | +++ .pc/fix-ubuntu-tests.patch/tests/test_keystoneclient.py 2012-12-18 13:48:25 +0000 | |||
14 | @@ -769,15 +769,15 @@ | |||
15 | 769 | def test_tenant_add_and_remove_user(self): | 769 | def test_tenant_add_and_remove_user(self): |
16 | 770 | client = self.get_client(admin=True) | 770 | client = self.get_client(admin=True) |
17 | 771 | client.roles.add_user_role(tenant=self.tenant_baz['id'], | 771 | client.roles.add_user_role(tenant=self.tenant_baz['id'], |
19 | 772 | user=self.user_foo['id'], | 772 | user=self.user_two['id'], |
20 | 773 | role=self.role_useless['id']) | 773 | role=self.role_useless['id']) |
21 | 774 | user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) | 774 | user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) |
23 | 775 | self.assert_(self.user_foo['id'] in [x.id for x in user_refs]) | 775 | self.assert_(self.user_two['id'] in [x.id for x in user_refs]) |
24 | 776 | client.roles.remove_user_role(tenant=self.tenant_baz['id'], | 776 | client.roles.remove_user_role(tenant=self.tenant_baz['id'], |
26 | 777 | user=self.user_foo['id'], | 777 | user=self.user_two['id'], |
27 | 778 | role=self.role_useless['id']) | 778 | role=self.role_useless['id']) |
28 | 779 | user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) | 779 | user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) |
30 | 780 | self.assert_(self.user_foo['id'] not in [x.id for x in user_refs]) | 780 | self.assert_(self.user_two['id'] not in [x.id for x in user_refs]) |
31 | 781 | 781 | ||
32 | 782 | def test_user_role_add_404(self): | 782 | def test_user_role_add_404(self): |
33 | 783 | from keystoneclient import exceptions as client_exceptions | 783 | from keystoneclient import exceptions as client_exceptions |
34 | @@ -890,16 +890,16 @@ | |||
35 | 890 | def test_tenant_add_and_remove_user(self): | 890 | def test_tenant_add_and_remove_user(self): |
36 | 891 | client = self.get_client(admin=True) | 891 | client = self.get_client(admin=True) |
37 | 892 | client.roles.add_user_to_tenant(tenant_id=self.tenant_baz['id'], | 892 | client.roles.add_user_to_tenant(tenant_id=self.tenant_baz['id'], |
39 | 893 | user_id=self.user_foo['id'], | 893 | user_id=self.user_two['id'], |
40 | 894 | role_id=self.role_useless['id']) | 894 | role_id=self.role_useless['id']) |
41 | 895 | role_refs = client.roles.get_user_role_refs( | 895 | role_refs = client.roles.get_user_role_refs( |
43 | 896 | user_id=self.user_foo['id']) | 896 | user_id=self.user_two['id']) |
44 | 897 | self.assert_(self.tenant_baz['id'] in [x.tenantId for x in role_refs]) | 897 | self.assert_(self.tenant_baz['id'] in [x.tenantId for x in role_refs]) |
45 | 898 | 898 | ||
46 | 899 | # get the "role_refs" so we get the proper id, this is how the clients | 899 | # get the "role_refs" so we get the proper id, this is how the clients |
47 | 900 | # do it | 900 | # do it |
48 | 901 | roleref_refs = client.roles.get_user_role_refs( | 901 | roleref_refs = client.roles.get_user_role_refs( |
50 | 902 | user_id=self.user_foo['id']) | 902 | user_id=self.user_two['id']) |
51 | 903 | for roleref_ref in roleref_refs: | 903 | for roleref_ref in roleref_refs: |
52 | 904 | if (roleref_ref.roleId == self.role_useless['id'] | 904 | if (roleref_ref.roleId == self.role_useless['id'] |
53 | 905 | and roleref_ref.tenantId == self.tenant_baz['id']): | 905 | and roleref_ref.tenantId == self.tenant_baz['id']): |
54 | @@ -907,11 +907,11 @@ | |||
55 | 907 | break | 907 | break |
56 | 908 | 908 | ||
57 | 909 | client.roles.remove_user_from_tenant(tenant_id=self.tenant_baz['id'], | 909 | client.roles.remove_user_from_tenant(tenant_id=self.tenant_baz['id'], |
59 | 910 | user_id=self.user_foo['id'], | 910 | user_id=self.user_two['id'], |
60 | 911 | role_id=roleref_ref.id) | 911 | role_id=roleref_ref.id) |
61 | 912 | 912 | ||
62 | 913 | role_refs = client.roles.get_user_role_refs( | 913 | role_refs = client.roles.get_user_role_refs( |
64 | 914 | user_id=self.user_foo['id']) | 914 | user_id=self.user_two['id']) |
65 | 915 | self.assert_(self.tenant_baz['id'] not in | 915 | self.assert_(self.tenant_baz['id'] not in |
66 | 916 | [x.tenantId for x in role_refs]) | 916 | [x.tenantId for x in role_refs]) |
67 | 917 | 917 | ||
68 | 918 | 918 | ||
69 | === removed directory '.pc/keystone-CVE-2012-3542.patch' | |||
70 | === removed directory '.pc/keystone-CVE-2012-3542.patch/keystone' | |||
71 | === removed directory '.pc/keystone-CVE-2012-3542.patch/keystone/identity' | |||
72 | === removed file '.pc/keystone-CVE-2012-3542.patch/keystone/identity/core.py' | |||
73 | --- .pc/keystone-CVE-2012-3542.patch/keystone/identity/core.py 2012-08-30 15:10:26 +0000 | |||
74 | +++ .pc/keystone-CVE-2012-3542.patch/keystone/identity/core.py 1970-01-01 00:00:00 +0000 | |||
75 | @@ -1,625 +0,0 @@ | |||
76 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
77 | 2 | |||
78 | 3 | # Copyright 2012 OpenStack LLC | ||
79 | 4 | # | ||
80 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
81 | 6 | # not use this file except in compliance with the License. You may obtain | ||
82 | 7 | # a copy of the License at | ||
83 | 8 | # | ||
84 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
85 | 10 | # | ||
86 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
87 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
88 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
89 | 14 | # License for the specific language governing permissions and limitations | ||
90 | 15 | # under the License. | ||
91 | 16 | |||
92 | 17 | """Main entry point into the Identity service.""" | ||
93 | 18 | |||
94 | 19 | import uuid | ||
95 | 20 | import urllib | ||
96 | 21 | import urlparse | ||
97 | 22 | |||
98 | 23 | from keystone import config | ||
99 | 24 | from keystone import exception | ||
100 | 25 | from keystone import policy | ||
101 | 26 | from keystone import token | ||
102 | 27 | from keystone.common import logging | ||
103 | 28 | from keystone.common import manager | ||
104 | 29 | from keystone.common import wsgi | ||
105 | 30 | |||
106 | 31 | |||
107 | 32 | CONF = config.CONF | ||
108 | 33 | |||
109 | 34 | LOG = logging.getLogger(__name__) | ||
110 | 35 | |||
111 | 36 | |||
112 | 37 | class Manager(manager.Manager): | ||
113 | 38 | """Default pivot point for the Identity backend. | ||
114 | 39 | |||
115 | 40 | See :mod:`keystone.common.manager.Manager` for more details on how this | ||
116 | 41 | dynamically calls the backend. | ||
117 | 42 | |||
118 | 43 | """ | ||
119 | 44 | |||
120 | 45 | def __init__(self): | ||
121 | 46 | super(Manager, self).__init__(CONF.identity.driver) | ||
122 | 47 | |||
123 | 48 | |||
124 | 49 | class Driver(object): | ||
125 | 50 | """Interface description for an Identity driver.""" | ||
126 | 51 | |||
127 | 52 | def authenticate(self, user_id=None, tenant_id=None, password=None): | ||
128 | 53 | """Authenticate a given user, tenant and password. | ||
129 | 54 | |||
130 | 55 | Returns: (user, tenant, metadata). | ||
131 | 56 | |||
132 | 57 | """ | ||
133 | 58 | raise exception.NotImplemented() | ||
134 | 59 | |||
135 | 60 | def get_tenant(self, tenant_id): | ||
136 | 61 | """Get a tenant by id. | ||
137 | 62 | |||
138 | 63 | Returns: tenant_ref or None. | ||
139 | 64 | |||
140 | 65 | """ | ||
141 | 66 | raise exception.NotImplemented() | ||
142 | 67 | |||
143 | 68 | def get_tenant_by_name(self, tenant_name): | ||
144 | 69 | """Get a tenant by name. | ||
145 | 70 | |||
146 | 71 | Returns: tenant_ref or None. | ||
147 | 72 | |||
148 | 73 | """ | ||
149 | 74 | raise exception.NotImplemented() | ||
150 | 75 | |||
151 | 76 | def get_user(self, user_id): | ||
152 | 77 | """Get a user by id. | ||
153 | 78 | |||
154 | 79 | Returns: user_ref or None. | ||
155 | 80 | |||
156 | 81 | """ | ||
157 | 82 | raise exception.NotImplemented() | ||
158 | 83 | |||
159 | 84 | def get_user_by_name(self, user_name): | ||
160 | 85 | """Get a user by name. | ||
161 | 86 | |||
162 | 87 | Returns: user_ref or None. | ||
163 | 88 | |||
164 | 89 | """ | ||
165 | 90 | raise exception.NotImplemented() | ||
166 | 91 | |||
167 | 92 | def get_role(self, role_id): | ||
168 | 93 | """Get a role by id. | ||
169 | 94 | |||
170 | 95 | Returns: role_ref or None. | ||
171 | 96 | |||
172 | 97 | """ | ||
173 | 98 | raise exception.NotImplemented() | ||
174 | 99 | |||
175 | 100 | def list_users(self): | ||
176 | 101 | """List all users in the system. | ||
177 | 102 | |||
178 | 103 | NOTE(termie): I'd prefer if this listed only the users for a given | ||
179 | 104 | tenant. | ||
180 | 105 | |||
181 | 106 | Returns: a list of user_refs or an empty list. | ||
182 | 107 | |||
183 | 108 | """ | ||
184 | 109 | raise exception.NotImplemented() | ||
185 | 110 | |||
186 | 111 | def list_roles(self): | ||
187 | 112 | """List all roles in the system. | ||
188 | 113 | |||
189 | 114 | Returns: a list of role_refs or an empty list. | ||
190 | 115 | |||
191 | 116 | """ | ||
192 | 117 | raise exception.NotImplemented() | ||
193 | 118 | |||
194 | 119 | # NOTE(termie): seven calls below should probably be exposed by the api | ||
195 | 120 | # more clearly when the api redesign happens | ||
196 | 121 | def add_user_to_tenant(self, tenant_id, user_id): | ||
197 | 122 | raise exception.NotImplemented() | ||
198 | 123 | |||
199 | 124 | def remove_user_from_tenant(self, tenant_id, user_id): | ||
200 | 125 | raise exception.NotImplemented() | ||
201 | 126 | |||
202 | 127 | def get_all_tenants(self): | ||
203 | 128 | raise exception.NotImplemented() | ||
204 | 129 | |||
205 | 130 | def get_tenants_for_user(self, user_id): | ||
206 | 131 | """Get the tenants associated with a given user. | ||
207 | 132 | |||
208 | 133 | Returns: a list of tenant ids. | ||
209 | 134 | |||
210 | 135 | """ | ||
211 | 136 | raise exception.NotImplemented() | ||
212 | 137 | |||
213 | 138 | def get_roles_for_user_and_tenant(self, user_id, tenant_id): | ||
214 | 139 | """Get the roles associated with a user within given tenant. | ||
215 | 140 | |||
216 | 141 | Returns: a list of role ids. | ||
217 | 142 | |||
218 | 143 | """ | ||
219 | 144 | raise exception.NotImplemented() | ||
220 | 145 | |||
221 | 146 | def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id): | ||
222 | 147 | """Add a role to a user within given tenant.""" | ||
223 | 148 | raise exception.NotImplemented() | ||
224 | 149 | |||
225 | 150 | def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id): | ||
226 | 151 | """Remove a role from a user within given tenant.""" | ||
227 | 152 | raise exception.NotImplemented() | ||
228 | 153 | |||
229 | 154 | # user crud | ||
230 | 155 | def create_user(self, user_id, user): | ||
231 | 156 | raise exception.NotImplemented() | ||
232 | 157 | |||
233 | 158 | def update_user(self, user_id, user): | ||
234 | 159 | raise exception.NotImplemented() | ||
235 | 160 | |||
236 | 161 | def delete_user(self, user_id): | ||
237 | 162 | raise exception.NotImplemented() | ||
238 | 163 | |||
239 | 164 | # tenant crud | ||
240 | 165 | def create_tenant(self, tenant_id, tenant): | ||
241 | 166 | raise exception.NotImplemented() | ||
242 | 167 | |||
243 | 168 | def update_tenant(self, tenant_id, tenant): | ||
244 | 169 | raise exception.NotImplemented() | ||
245 | 170 | |||
246 | 171 | def delete_tenant(self, tenant_id, tenant): | ||
247 | 172 | raise exception.NotImplemented() | ||
248 | 173 | |||
249 | 174 | # metadata crud | ||
250 | 175 | |||
251 | 176 | def get_metadata(self, user_id, tenant_id): | ||
252 | 177 | raise exception.NotImplemented() | ||
253 | 178 | |||
254 | 179 | def create_metadata(self, user_id, tenant_id, metadata): | ||
255 | 180 | raise exception.NotImplemented() | ||
256 | 181 | |||
257 | 182 | def update_metadata(self, user_id, tenant_id, metadata): | ||
258 | 183 | raise exception.NotImplemented() | ||
259 | 184 | |||
260 | 185 | def delete_metadata(self, user_id, tenant_id, metadata): | ||
261 | 186 | raise exception.NotImplemented() | ||
262 | 187 | |||
263 | 188 | # role crud | ||
264 | 189 | def create_role(self, role_id, role): | ||
265 | 190 | raise exception.NotImplemented() | ||
266 | 191 | |||
267 | 192 | def update_role(self, role_id, role): | ||
268 | 193 | raise exception.NotImplemented() | ||
269 | 194 | |||
270 | 195 | def delete_role(self, role_id): | ||
271 | 196 | raise exception.NotImplemented() | ||
272 | 197 | |||
273 | 198 | |||
274 | 199 | class PublicRouter(wsgi.ComposableRouter): | ||
275 | 200 | def add_routes(self, mapper): | ||
276 | 201 | tenant_controller = TenantController() | ||
277 | 202 | mapper.connect('/tenants', | ||
278 | 203 | controller=tenant_controller, | ||
279 | 204 | action='get_tenants_for_token', | ||
280 | 205 | conditions=dict(methods=['GET'])) | ||
281 | 206 | |||
282 | 207 | |||
283 | 208 | class AdminRouter(wsgi.ComposableRouter): | ||
284 | 209 | def add_routes(self, mapper): | ||
285 | 210 | # Tenant Operations | ||
286 | 211 | tenant_controller = TenantController() | ||
287 | 212 | mapper.connect('/tenants', | ||
288 | 213 | controller=tenant_controller, | ||
289 | 214 | action='get_all_tenants', | ||
290 | 215 | conditions=dict(method=['GET'])) | ||
291 | 216 | mapper.connect('/tenants/{tenant_id}', | ||
292 | 217 | controller=tenant_controller, | ||
293 | 218 | action='get_tenant', | ||
294 | 219 | conditions=dict(method=['GET'])) | ||
295 | 220 | |||
296 | 221 | # User Operations | ||
297 | 222 | user_controller = UserController() | ||
298 | 223 | mapper.connect('/users/{user_id}', | ||
299 | 224 | controller=user_controller, | ||
300 | 225 | action='get_user', | ||
301 | 226 | conditions=dict(method=['GET'])) | ||
302 | 227 | |||
303 | 228 | # Role Operations | ||
304 | 229 | roles_controller = RoleController() | ||
305 | 230 | mapper.connect('/tenants/{tenant_id}/users/{user_id}/roles', | ||
306 | 231 | controller=roles_controller, | ||
307 | 232 | action='get_user_roles', | ||
308 | 233 | conditions=dict(method=['GET'])) | ||
309 | 234 | mapper.connect('/users/{user_id}/roles', | ||
310 | 235 | controller=user_controller, | ||
311 | 236 | action='get_user_roles', | ||
312 | 237 | conditions=dict(method=['GET'])) | ||
313 | 238 | |||
314 | 239 | |||
315 | 240 | class TenantController(wsgi.Application): | ||
316 | 241 | def __init__(self): | ||
317 | 242 | self.identity_api = Manager() | ||
318 | 243 | self.policy_api = policy.Manager() | ||
319 | 244 | self.token_api = token.Manager() | ||
320 | 245 | super(TenantController, self).__init__() | ||
321 | 246 | |||
322 | 247 | def get_all_tenants(self, context, **kw): | ||
323 | 248 | """Gets a list of all tenants for an admin user.""" | ||
324 | 249 | self.assert_admin(context) | ||
325 | 250 | tenant_refs = self.identity_api.get_tenants(context) | ||
326 | 251 | params = { | ||
327 | 252 | 'limit': context['query_string'].get('limit'), | ||
328 | 253 | 'marker': context['query_string'].get('marker'), | ||
329 | 254 | } | ||
330 | 255 | return self._format_tenant_list(tenant_refs, **params) | ||
331 | 256 | |||
332 | 257 | def get_tenants_for_token(self, context, **kw): | ||
333 | 258 | """Get valid tenants for token based on token used to authenticate. | ||
334 | 259 | |||
335 | 260 | Pulls the token from the context, validates it and gets the valid | ||
336 | 261 | tenants for the user in the token. | ||
337 | 262 | |||
338 | 263 | Doesn't care about token scopedness. | ||
339 | 264 | |||
340 | 265 | """ | ||
341 | 266 | try: | ||
342 | 267 | token_ref = self.token_api.get_token(context=context, | ||
343 | 268 | token_id=context['token_id']) | ||
344 | 269 | except exception.NotFound: | ||
345 | 270 | raise exception.Unauthorized() | ||
346 | 271 | |||
347 | 272 | user_ref = token_ref['user'] | ||
348 | 273 | tenant_ids = self.identity_api.get_tenants_for_user( | ||
349 | 274 | context, user_ref['id']) | ||
350 | 275 | tenant_refs = [] | ||
351 | 276 | for tenant_id in tenant_ids: | ||
352 | 277 | tenant_refs.append(self.identity_api.get_tenant( | ||
353 | 278 | context=context, | ||
354 | 279 | tenant_id=tenant_id)) | ||
355 | 280 | params = { | ||
356 | 281 | 'limit': context['query_string'].get('limit'), | ||
357 | 282 | 'marker': context['query_string'].get('marker'), | ||
358 | 283 | } | ||
359 | 284 | return self._format_tenant_list(tenant_refs, **params) | ||
360 | 285 | |||
361 | 286 | def get_tenant(self, context, tenant_id): | ||
362 | 287 | # TODO(termie): this stuff should probably be moved to middleware | ||
363 | 288 | self.assert_admin(context) | ||
364 | 289 | tenant = self.identity_api.get_tenant(context, tenant_id) | ||
365 | 290 | if tenant is None: | ||
366 | 291 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
367 | 292 | |||
368 | 293 | return {'tenant': tenant} | ||
369 | 294 | |||
370 | 295 | # CRUD Extension | ||
371 | 296 | def create_tenant(self, context, tenant): | ||
372 | 297 | tenant_ref = self._normalize_dict(tenant) | ||
373 | 298 | self.assert_admin(context) | ||
374 | 299 | tenant_id = (tenant_ref.get('id') | ||
375 | 300 | and tenant_ref.get('id') | ||
376 | 301 | or uuid.uuid4().hex) | ||
377 | 302 | tenant_ref['id'] = tenant_id | ||
378 | 303 | |||
379 | 304 | tenant = self.identity_api.create_tenant( | ||
380 | 305 | context, tenant_id, tenant_ref) | ||
381 | 306 | return {'tenant': tenant} | ||
382 | 307 | |||
383 | 308 | def update_tenant(self, context, tenant_id, tenant): | ||
384 | 309 | self.assert_admin(context) | ||
385 | 310 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
386 | 311 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
387 | 312 | |||
388 | 313 | tenant_ref = self.identity_api.update_tenant( | ||
389 | 314 | context, tenant_id, tenant) | ||
390 | 315 | return {'tenant': tenant_ref} | ||
391 | 316 | |||
392 | 317 | def delete_tenant(self, context, tenant_id, **kw): | ||
393 | 318 | self.assert_admin(context) | ||
394 | 319 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
395 | 320 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
396 | 321 | |||
397 | 322 | self.identity_api.delete_tenant(context, tenant_id) | ||
398 | 323 | |||
399 | 324 | def get_tenant_users(self, context, tenant_id, **kw): | ||
400 | 325 | self.assert_admin(context) | ||
401 | 326 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
402 | 327 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
403 | 328 | |||
404 | 329 | user_refs = self.identity_api.get_tenant_users(context, tenant_id) | ||
405 | 330 | return {'users': user_refs} | ||
406 | 331 | |||
407 | 332 | def _format_tenant_list(self, tenant_refs, **kwargs): | ||
408 | 333 | marker = kwargs.get('marker') | ||
409 | 334 | page_idx = 0 | ||
410 | 335 | if marker is not None: | ||
411 | 336 | for (marker_idx, tenant) in enumerate(tenant_refs): | ||
412 | 337 | if tenant['id'] == marker: | ||
413 | 338 | # we start pagination after the marker | ||
414 | 339 | page_idx = marker_idx + 1 | ||
415 | 340 | break | ||
416 | 341 | else: | ||
417 | 342 | msg = 'Marker could not be found' | ||
418 | 343 | raise exception.ValidationError(message=msg) | ||
419 | 344 | |||
420 | 345 | limit = kwargs.get('limit') | ||
421 | 346 | if limit is not None: | ||
422 | 347 | try: | ||
423 | 348 | limit = int(limit) | ||
424 | 349 | if limit < 0: | ||
425 | 350 | raise AssertionError() | ||
426 | 351 | except (ValueError, AssertionError): | ||
427 | 352 | msg = 'Invalid limit value' | ||
428 | 353 | raise exception.ValidationError(message=msg) | ||
429 | 354 | |||
430 | 355 | tenant_refs = tenant_refs[page_idx:limit] | ||
431 | 356 | |||
432 | 357 | for x in tenant_refs: | ||
433 | 358 | if 'enabled' not in x: | ||
434 | 359 | x['enabled'] = True | ||
435 | 360 | o = {'tenants': tenant_refs, | ||
436 | 361 | 'tenants_links': []} | ||
437 | 362 | return o | ||
438 | 363 | |||
439 | 364 | |||
440 | 365 | class UserController(wsgi.Application): | ||
441 | 366 | def __init__(self): | ||
442 | 367 | self.identity_api = Manager() | ||
443 | 368 | self.policy_api = policy.Manager() | ||
444 | 369 | self.token_api = token.Manager() | ||
445 | 370 | super(UserController, self).__init__() | ||
446 | 371 | |||
447 | 372 | def get_user(self, context, user_id): | ||
448 | 373 | self.assert_admin(context) | ||
449 | 374 | user_ref = self.identity_api.get_user(context, user_id) | ||
450 | 375 | if not user_ref: | ||
451 | 376 | raise exception.UserNotFound(user_id=user_id) | ||
452 | 377 | |||
453 | 378 | return {'user': user_ref} | ||
454 | 379 | |||
455 | 380 | def get_users(self, context): | ||
456 | 381 | # NOTE(termie): i can't imagine that this really wants all the data | ||
457 | 382 | # about every single user in the system... | ||
458 | 383 | self.assert_admin(context) | ||
459 | 384 | user_refs = self.identity_api.list_users(context) | ||
460 | 385 | return {'users': user_refs} | ||
461 | 386 | |||
462 | 387 | # CRUD extension | ||
463 | 388 | def create_user(self, context, user): | ||
464 | 389 | user = self._normalize_dict(user) | ||
465 | 390 | self.assert_admin(context) | ||
466 | 391 | tenant_id = user.get('tenantId', None) | ||
467 | 392 | if (tenant_id is not None | ||
468 | 393 | and self.identity_api.get_tenant(context, tenant_id) is None): | ||
469 | 394 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
470 | 395 | user_id = uuid.uuid4().hex | ||
471 | 396 | user_ref = user.copy() | ||
472 | 397 | user_ref['id'] = user_id | ||
473 | 398 | new_user_ref = self.identity_api.create_user( | ||
474 | 399 | context, user_id, user_ref) | ||
475 | 400 | if tenant_id: | ||
476 | 401 | self.identity_api.add_user_to_tenant(context, tenant_id, user_id) | ||
477 | 402 | return {'user': new_user_ref} | ||
478 | 403 | |||
479 | 404 | def update_user(self, context, user_id, user): | ||
480 | 405 | # NOTE(termie): this is really more of a patch than a put | ||
481 | 406 | self.assert_admin(context) | ||
482 | 407 | if self.identity_api.get_user(context, user_id) is None: | ||
483 | 408 | raise exception.UserNotFound(user_id=user_id) | ||
484 | 409 | |||
485 | 410 | user_ref = self.identity_api.update_user(context, user_id, user) | ||
486 | 411 | |||
487 | 412 | # If the password was changed or the user was disabled we clear tokens | ||
488 | 413 | if user.get('password') or user.get('enabled', True) == False: | ||
489 | 414 | try: | ||
490 | 415 | for token_id in self.token_api.list_tokens(context, user_id): | ||
491 | 416 | self.token_api.delete_token(context, token_id) | ||
492 | 417 | except exception.NotImplemented: | ||
493 | 418 | # The users status has been changed but tokens remain valid for | ||
494 | 419 | # backends that can't list tokens for users | ||
495 | 420 | LOG.warning('User %s status has changed, but existing tokens ' | ||
496 | 421 | 'remain valid' % user_id) | ||
497 | 422 | return {'user': user_ref} | ||
498 | 423 | |||
499 | 424 | def delete_user(self, context, user_id): | ||
500 | 425 | self.assert_admin(context) | ||
501 | 426 | if self.identity_api.get_user(context, user_id) is None: | ||
502 | 427 | raise exception.UserNotFound(user_id=user_id) | ||
503 | 428 | |||
504 | 429 | self.identity_api.delete_user(context, user_id) | ||
505 | 430 | |||
506 | 431 | def set_user_enabled(self, context, user_id, user): | ||
507 | 432 | return self.update_user(context, user_id, user) | ||
508 | 433 | |||
509 | 434 | def set_user_password(self, context, user_id, user): | ||
510 | 435 | return self.update_user(context, user_id, user) | ||
511 | 436 | |||
512 | 437 | def update_user_tenant(self, context, user_id, user): | ||
513 | 438 | """Update the default tenant.""" | ||
514 | 439 | # ensure that we're a member of that tenant | ||
515 | 440 | tenant_id = user.get('tenantId') | ||
516 | 441 | self.identity_api.add_user_to_tenant(context, tenant_id, user_id) | ||
517 | 442 | return self.update_user(context, user_id, user) | ||
518 | 443 | |||
519 | 444 | |||
520 | 445 | class RoleController(wsgi.Application): | ||
521 | 446 | def __init__(self): | ||
522 | 447 | self.identity_api = Manager() | ||
523 | 448 | self.token_api = token.Manager() | ||
524 | 449 | self.policy_api = policy.Manager() | ||
525 | 450 | super(RoleController, self).__init__() | ||
526 | 451 | |||
527 | 452 | # COMPAT(essex-3) | ||
528 | 453 | def get_user_roles(self, context, user_id, tenant_id=None): | ||
529 | 454 | """Get the roles for a user and tenant pair. | ||
530 | 455 | |||
531 | 456 | Since we're trying to ignore the idea of user-only roles we're | ||
532 | 457 | not implementing them in hopes that the idea will die off. | ||
533 | 458 | |||
534 | 459 | """ | ||
535 | 460 | self.assert_admin(context) | ||
536 | 461 | if tenant_id is None: | ||
537 | 462 | raise exception.NotImplemented(message='User roles not supported: ' | ||
538 | 463 | 'tenant ID required') | ||
539 | 464 | |||
540 | 465 | user = self.identity_api.get_user(context, user_id) | ||
541 | 466 | if user is None: | ||
542 | 467 | raise exception.UserNotFound(user_id=user_id) | ||
543 | 468 | tenant = self.identity_api.get_tenant(context, tenant_id) | ||
544 | 469 | if tenant is None: | ||
545 | 470 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
546 | 471 | |||
547 | 472 | roles = self.identity_api.get_roles_for_user_and_tenant( | ||
548 | 473 | context, user_id, tenant_id) | ||
549 | 474 | return {'roles': [self.identity_api.get_role(context, x) | ||
550 | 475 | for x in roles]} | ||
551 | 476 | |||
552 | 477 | # CRUD extension | ||
553 | 478 | def get_role(self, context, role_id): | ||
554 | 479 | self.assert_admin(context) | ||
555 | 480 | role_ref = self.identity_api.get_role(context, role_id) | ||
556 | 481 | if not role_ref: | ||
557 | 482 | raise exception.RoleNotFound(role_id=role_id) | ||
558 | 483 | return {'role': role_ref} | ||
559 | 484 | |||
560 | 485 | def create_role(self, context, role): | ||
561 | 486 | role = self._normalize_dict(role) | ||
562 | 487 | self.assert_admin(context) | ||
563 | 488 | role_id = uuid.uuid4().hex | ||
564 | 489 | role['id'] = role_id | ||
565 | 490 | role_ref = self.identity_api.create_role(context, role_id, role) | ||
566 | 491 | return {'role': role_ref} | ||
567 | 492 | |||
568 | 493 | def delete_role(self, context, role_id): | ||
569 | 494 | self.assert_admin(context) | ||
570 | 495 | self.get_role(context, role_id) | ||
571 | 496 | self.identity_api.delete_role(context, role_id) | ||
572 | 497 | |||
573 | 498 | def get_roles(self, context): | ||
574 | 499 | self.assert_admin(context) | ||
575 | 500 | roles = self.identity_api.list_roles(context) | ||
576 | 501 | # TODO(termie): probably inefficient at some point | ||
577 | 502 | return {'roles': roles} | ||
578 | 503 | |||
579 | 504 | def add_role_to_user(self, context, user_id, role_id, tenant_id=None): | ||
580 | 505 | """Add a role to a user and tenant pair. | ||
581 | 506 | |||
582 | 507 | Since we're trying to ignore the idea of user-only roles we're | ||
583 | 508 | not implementing them in hopes that the idea will die off. | ||
584 | 509 | |||
585 | 510 | """ | ||
586 | 511 | self.assert_admin(context) | ||
587 | 512 | if tenant_id is None: | ||
588 | 513 | raise exception.NotImplemented(message='User roles not supported: ' | ||
589 | 514 | 'tenant_id required') | ||
590 | 515 | if self.identity_api.get_user(context, user_id) is None: | ||
591 | 516 | raise exception.UserNotFound(user_id=user_id) | ||
592 | 517 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
593 | 518 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
594 | 519 | if self.identity_api.get_role(context, role_id) is None: | ||
595 | 520 | raise exception.RoleNotFound(role_id=role_id) | ||
596 | 521 | |||
597 | 522 | # This still has the weird legacy semantics that adding a role to | ||
598 | 523 | # a user also adds them to a tenant | ||
599 | 524 | self.identity_api.add_user_to_tenant(context, tenant_id, user_id) | ||
600 | 525 | self.identity_api.add_role_to_user_and_tenant( | ||
601 | 526 | context, user_id, tenant_id, role_id) | ||
602 | 527 | role_ref = self.identity_api.get_role(context, role_id) | ||
603 | 528 | return {'role': role_ref} | ||
604 | 529 | |||
605 | 530 | def remove_role_from_user(self, context, user_id, role_id, tenant_id=None): | ||
606 | 531 | """Remove a role from a user and tenant pair. | ||
607 | 532 | |||
608 | 533 | Since we're trying to ignore the idea of user-only roles we're | ||
609 | 534 | not implementing them in hopes that the idea will die off. | ||
610 | 535 | |||
611 | 536 | """ | ||
612 | 537 | self.assert_admin(context) | ||
613 | 538 | if tenant_id is None: | ||
614 | 539 | raise exception.NotImplemented(message='User roles not supported: ' | ||
615 | 540 | 'tenant_id required') | ||
616 | 541 | if self.identity_api.get_user(context, user_id) is None: | ||
617 | 542 | raise exception.UserNotFound(user_id=user_id) | ||
618 | 543 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
619 | 544 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
620 | 545 | if self.identity_api.get_role(context, role_id) is None: | ||
621 | 546 | raise exception.RoleNotFound(role_id=role_id) | ||
622 | 547 | |||
623 | 548 | # This still has the weird legacy semantics that adding a role to | ||
624 | 549 | # a user also adds them to a tenant, so we must follow up on that | ||
625 | 550 | self.identity_api.remove_role_from_user_and_tenant( | ||
626 | 551 | context, user_id, tenant_id, role_id) | ||
627 | 552 | roles = self.identity_api.get_roles_for_user_and_tenant( | ||
628 | 553 | context, user_id, tenant_id) | ||
629 | 554 | if not roles: | ||
630 | 555 | self.identity_api.remove_user_from_tenant( | ||
631 | 556 | context, tenant_id, user_id) | ||
632 | 557 | return | ||
633 | 558 | |||
634 | 559 | # COMPAT(diablo): CRUD extension | ||
635 | 560 | def get_role_refs(self, context, user_id): | ||
636 | 561 | """Ultimate hack to get around having to make role_refs first-class. | ||
637 | 562 | |||
638 | 563 | This will basically iterate over the various roles the user has in | ||
639 | 564 | all tenants the user is a member of and create fake role_refs where | ||
640 | 565 | the id encodes the user-tenant-role information so we can look | ||
641 | 566 | up the appropriate data when we need to delete them. | ||
642 | 567 | |||
643 | 568 | """ | ||
644 | 569 | self.assert_admin(context) | ||
645 | 570 | user_ref = self.identity_api.get_user(context, user_id) | ||
646 | 571 | tenant_ids = self.identity_api.get_tenants_for_user(context, user_id) | ||
647 | 572 | o = [] | ||
648 | 573 | for tenant_id in tenant_ids: | ||
649 | 574 | role_ids = self.identity_api.get_roles_for_user_and_tenant( | ||
650 | 575 | context, user_id, tenant_id) | ||
651 | 576 | for role_id in role_ids: | ||
652 | 577 | ref = {'roleId': role_id, | ||
653 | 578 | 'tenantId': tenant_id, | ||
654 | 579 | 'userId': user_id} | ||
655 | 580 | ref['id'] = urllib.urlencode(ref) | ||
656 | 581 | o.append(ref) | ||
657 | 582 | return {'roles': o} | ||
658 | 583 | |||
659 | 584 | # COMPAT(diablo): CRUD extension | ||
660 | 585 | def create_role_ref(self, context, user_id, role): | ||
661 | 586 | """This is actually used for adding a user to a tenant. | ||
662 | 587 | |||
663 | 588 | In the legacy data model adding a user to a tenant required setting | ||
664 | 589 | a role. | ||
665 | 590 | |||
666 | 591 | """ | ||
667 | 592 | self.assert_admin(context) | ||
668 | 593 | # TODO(termie): for now we're ignoring the actual role | ||
669 | 594 | tenant_id = role.get('tenantId') | ||
670 | 595 | role_id = role.get('roleId') | ||
671 | 596 | self.identity_api.add_user_to_tenant(context, tenant_id, user_id) | ||
672 | 597 | self.identity_api.add_role_to_user_and_tenant( | ||
673 | 598 | context, user_id, tenant_id, role_id) | ||
674 | 599 | role_ref = self.identity_api.get_role(context, role_id) | ||
675 | 600 | return {'role': role_ref} | ||
676 | 601 | |||
677 | 602 | # COMPAT(diablo): CRUD extension | ||
678 | 603 | def delete_role_ref(self, context, user_id, role_ref_id): | ||
679 | 604 | """This is actually used for deleting a user from a tenant. | ||
680 | 605 | |||
681 | 606 | In the legacy data model removing a user from a tenant required | ||
682 | 607 | deleting a role. | ||
683 | 608 | |||
684 | 609 | To emulate this, we encode the tenant and role in the role_ref_id, | ||
685 | 610 | and if this happens to be the last role for the user-tenant pair, | ||
686 | 611 | we remove the user from the tenant. | ||
687 | 612 | |||
688 | 613 | """ | ||
689 | 614 | self.assert_admin(context) | ||
690 | 615 | # TODO(termie): for now we're ignoring the actual role | ||
691 | 616 | role_ref_ref = urlparse.parse_qs(role_ref_id) | ||
692 | 617 | tenant_id = role_ref_ref.get('tenantId')[0] | ||
693 | 618 | role_id = role_ref_ref.get('roleId')[0] | ||
694 | 619 | self.identity_api.remove_role_from_user_and_tenant( | ||
695 | 620 | context, user_id, tenant_id, role_id) | ||
696 | 621 | roles = self.identity_api.get_roles_for_user_and_tenant( | ||
697 | 622 | context, user_id, tenant_id) | ||
698 | 623 | if not roles: | ||
699 | 624 | self.identity_api.remove_user_from_tenant( | ||
700 | 625 | context, tenant_id, user_id) | ||
701 | 626 | 0 | ||
702 | === removed directory '.pc/keystone-CVE-2012-4413.patch' | |||
703 | === removed directory '.pc/keystone-CVE-2012-4413.patch/keystone' | |||
704 | === removed directory '.pc/keystone-CVE-2012-4413.patch/keystone/identity' | |||
705 | === removed file '.pc/keystone-CVE-2012-4413.patch/keystone/identity/core.py' | |||
706 | --- .pc/keystone-CVE-2012-4413.patch/keystone/identity/core.py 2012-09-12 09:47:55 +0000 | |||
707 | +++ .pc/keystone-CVE-2012-4413.patch/keystone/identity/core.py 1970-01-01 00:00:00 +0000 | |||
708 | @@ -1,626 +0,0 @@ | |||
709 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
710 | 2 | |||
711 | 3 | # Copyright 2012 OpenStack LLC | ||
712 | 4 | # | ||
713 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
714 | 6 | # not use this file except in compliance with the License. You may obtain | ||
715 | 7 | # a copy of the License at | ||
716 | 8 | # | ||
717 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
718 | 10 | # | ||
719 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
720 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
721 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
722 | 14 | # License for the specific language governing permissions and limitations | ||
723 | 15 | # under the License. | ||
724 | 16 | |||
725 | 17 | """Main entry point into the Identity service.""" | ||
726 | 18 | |||
727 | 19 | import uuid | ||
728 | 20 | import urllib | ||
729 | 21 | import urlparse | ||
730 | 22 | |||
731 | 23 | from keystone import config | ||
732 | 24 | from keystone import exception | ||
733 | 25 | from keystone import policy | ||
734 | 26 | from keystone import token | ||
735 | 27 | from keystone.common import logging | ||
736 | 28 | from keystone.common import manager | ||
737 | 29 | from keystone.common import wsgi | ||
738 | 30 | |||
739 | 31 | |||
740 | 32 | CONF = config.CONF | ||
741 | 33 | |||
742 | 34 | LOG = logging.getLogger(__name__) | ||
743 | 35 | |||
744 | 36 | |||
745 | 37 | class Manager(manager.Manager): | ||
746 | 38 | """Default pivot point for the Identity backend. | ||
747 | 39 | |||
748 | 40 | See :mod:`keystone.common.manager.Manager` for more details on how this | ||
749 | 41 | dynamically calls the backend. | ||
750 | 42 | |||
751 | 43 | """ | ||
752 | 44 | |||
753 | 45 | def __init__(self): | ||
754 | 46 | super(Manager, self).__init__(CONF.identity.driver) | ||
755 | 47 | |||
756 | 48 | |||
757 | 49 | class Driver(object): | ||
758 | 50 | """Interface description for an Identity driver.""" | ||
759 | 51 | |||
760 | 52 | def authenticate(self, user_id=None, tenant_id=None, password=None): | ||
761 | 53 | """Authenticate a given user, tenant and password. | ||
762 | 54 | |||
763 | 55 | Returns: (user, tenant, metadata). | ||
764 | 56 | |||
765 | 57 | """ | ||
766 | 58 | raise exception.NotImplemented() | ||
767 | 59 | |||
768 | 60 | def get_tenant(self, tenant_id): | ||
769 | 61 | """Get a tenant by id. | ||
770 | 62 | |||
771 | 63 | Returns: tenant_ref or None. | ||
772 | 64 | |||
773 | 65 | """ | ||
774 | 66 | raise exception.NotImplemented() | ||
775 | 67 | |||
776 | 68 | def get_tenant_by_name(self, tenant_name): | ||
777 | 69 | """Get a tenant by name. | ||
778 | 70 | |||
779 | 71 | Returns: tenant_ref or None. | ||
780 | 72 | |||
781 | 73 | """ | ||
782 | 74 | raise exception.NotImplemented() | ||
783 | 75 | |||
784 | 76 | def get_user(self, user_id): | ||
785 | 77 | """Get a user by id. | ||
786 | 78 | |||
787 | 79 | Returns: user_ref or None. | ||
788 | 80 | |||
789 | 81 | """ | ||
790 | 82 | raise exception.NotImplemented() | ||
791 | 83 | |||
792 | 84 | def get_user_by_name(self, user_name): | ||
793 | 85 | """Get a user by name. | ||
794 | 86 | |||
795 | 87 | Returns: user_ref or None. | ||
796 | 88 | |||
797 | 89 | """ | ||
798 | 90 | raise exception.NotImplemented() | ||
799 | 91 | |||
800 | 92 | def get_role(self, role_id): | ||
801 | 93 | """Get a role by id. | ||
802 | 94 | |||
803 | 95 | Returns: role_ref or None. | ||
804 | 96 | |||
805 | 97 | """ | ||
806 | 98 | raise exception.NotImplemented() | ||
807 | 99 | |||
808 | 100 | def list_users(self): | ||
809 | 101 | """List all users in the system. | ||
810 | 102 | |||
811 | 103 | NOTE(termie): I'd prefer if this listed only the users for a given | ||
812 | 104 | tenant. | ||
813 | 105 | |||
814 | 106 | Returns: a list of user_refs or an empty list. | ||
815 | 107 | |||
816 | 108 | """ | ||
817 | 109 | raise exception.NotImplemented() | ||
818 | 110 | |||
819 | 111 | def list_roles(self): | ||
820 | 112 | """List all roles in the system. | ||
821 | 113 | |||
822 | 114 | Returns: a list of role_refs or an empty list. | ||
823 | 115 | |||
824 | 116 | """ | ||
825 | 117 | raise exception.NotImplemented() | ||
826 | 118 | |||
827 | 119 | # NOTE(termie): seven calls below should probably be exposed by the api | ||
828 | 120 | # more clearly when the api redesign happens | ||
829 | 121 | def add_user_to_tenant(self, tenant_id, user_id): | ||
830 | 122 | raise exception.NotImplemented() | ||
831 | 123 | |||
832 | 124 | def remove_user_from_tenant(self, tenant_id, user_id): | ||
833 | 125 | raise exception.NotImplemented() | ||
834 | 126 | |||
835 | 127 | def get_all_tenants(self): | ||
836 | 128 | raise exception.NotImplemented() | ||
837 | 129 | |||
838 | 130 | def get_tenants_for_user(self, user_id): | ||
839 | 131 | """Get the tenants associated with a given user. | ||
840 | 132 | |||
841 | 133 | Returns: a list of tenant ids. | ||
842 | 134 | |||
843 | 135 | """ | ||
844 | 136 | raise exception.NotImplemented() | ||
845 | 137 | |||
846 | 138 | def get_roles_for_user_and_tenant(self, user_id, tenant_id): | ||
847 | 139 | """Get the roles associated with a user within given tenant. | ||
848 | 140 | |||
849 | 141 | Returns: a list of role ids. | ||
850 | 142 | |||
851 | 143 | """ | ||
852 | 144 | raise exception.NotImplemented() | ||
853 | 145 | |||
854 | 146 | def add_role_to_user_and_tenant(self, user_id, tenant_id, role_id): | ||
855 | 147 | """Add a role to a user within given tenant.""" | ||
856 | 148 | raise exception.NotImplemented() | ||
857 | 149 | |||
858 | 150 | def remove_role_from_user_and_tenant(self, user_id, tenant_id, role_id): | ||
859 | 151 | """Remove a role from a user within given tenant.""" | ||
860 | 152 | raise exception.NotImplemented() | ||
861 | 153 | |||
862 | 154 | # user crud | ||
863 | 155 | def create_user(self, user_id, user): | ||
864 | 156 | raise exception.NotImplemented() | ||
865 | 157 | |||
866 | 158 | def update_user(self, user_id, user): | ||
867 | 159 | raise exception.NotImplemented() | ||
868 | 160 | |||
869 | 161 | def delete_user(self, user_id): | ||
870 | 162 | raise exception.NotImplemented() | ||
871 | 163 | |||
872 | 164 | # tenant crud | ||
873 | 165 | def create_tenant(self, tenant_id, tenant): | ||
874 | 166 | raise exception.NotImplemented() | ||
875 | 167 | |||
876 | 168 | def update_tenant(self, tenant_id, tenant): | ||
877 | 169 | raise exception.NotImplemented() | ||
878 | 170 | |||
879 | 171 | def delete_tenant(self, tenant_id, tenant): | ||
880 | 172 | raise exception.NotImplemented() | ||
881 | 173 | |||
882 | 174 | # metadata crud | ||
883 | 175 | |||
884 | 176 | def get_metadata(self, user_id, tenant_id): | ||
885 | 177 | raise exception.NotImplemented() | ||
886 | 178 | |||
887 | 179 | def create_metadata(self, user_id, tenant_id, metadata): | ||
888 | 180 | raise exception.NotImplemented() | ||
889 | 181 | |||
890 | 182 | def update_metadata(self, user_id, tenant_id, metadata): | ||
891 | 183 | raise exception.NotImplemented() | ||
892 | 184 | |||
893 | 185 | def delete_metadata(self, user_id, tenant_id, metadata): | ||
894 | 186 | raise exception.NotImplemented() | ||
895 | 187 | |||
896 | 188 | # role crud | ||
897 | 189 | def create_role(self, role_id, role): | ||
898 | 190 | raise exception.NotImplemented() | ||
899 | 191 | |||
900 | 192 | def update_role(self, role_id, role): | ||
901 | 193 | raise exception.NotImplemented() | ||
902 | 194 | |||
903 | 195 | def delete_role(self, role_id): | ||
904 | 196 | raise exception.NotImplemented() | ||
905 | 197 | |||
906 | 198 | |||
907 | 199 | class PublicRouter(wsgi.ComposableRouter): | ||
908 | 200 | def add_routes(self, mapper): | ||
909 | 201 | tenant_controller = TenantController() | ||
910 | 202 | mapper.connect('/tenants', | ||
911 | 203 | controller=tenant_controller, | ||
912 | 204 | action='get_tenants_for_token', | ||
913 | 205 | conditions=dict(methods=['GET'])) | ||
914 | 206 | |||
915 | 207 | |||
916 | 208 | class AdminRouter(wsgi.ComposableRouter): | ||
917 | 209 | def add_routes(self, mapper): | ||
918 | 210 | # Tenant Operations | ||
919 | 211 | tenant_controller = TenantController() | ||
920 | 212 | mapper.connect('/tenants', | ||
921 | 213 | controller=tenant_controller, | ||
922 | 214 | action='get_all_tenants', | ||
923 | 215 | conditions=dict(method=['GET'])) | ||
924 | 216 | mapper.connect('/tenants/{tenant_id}', | ||
925 | 217 | controller=tenant_controller, | ||
926 | 218 | action='get_tenant', | ||
927 | 219 | conditions=dict(method=['GET'])) | ||
928 | 220 | |||
929 | 221 | # User Operations | ||
930 | 222 | user_controller = UserController() | ||
931 | 223 | mapper.connect('/users/{user_id}', | ||
932 | 224 | controller=user_controller, | ||
933 | 225 | action='get_user', | ||
934 | 226 | conditions=dict(method=['GET'])) | ||
935 | 227 | |||
936 | 228 | # Role Operations | ||
937 | 229 | roles_controller = RoleController() | ||
938 | 230 | mapper.connect('/tenants/{tenant_id}/users/{user_id}/roles', | ||
939 | 231 | controller=roles_controller, | ||
940 | 232 | action='get_user_roles', | ||
941 | 233 | conditions=dict(method=['GET'])) | ||
942 | 234 | mapper.connect('/users/{user_id}/roles', | ||
943 | 235 | controller=user_controller, | ||
944 | 236 | action='get_user_roles', | ||
945 | 237 | conditions=dict(method=['GET'])) | ||
946 | 238 | |||
947 | 239 | |||
948 | 240 | class TenantController(wsgi.Application): | ||
949 | 241 | def __init__(self): | ||
950 | 242 | self.identity_api = Manager() | ||
951 | 243 | self.policy_api = policy.Manager() | ||
952 | 244 | self.token_api = token.Manager() | ||
953 | 245 | super(TenantController, self).__init__() | ||
954 | 246 | |||
955 | 247 | def get_all_tenants(self, context, **kw): | ||
956 | 248 | """Gets a list of all tenants for an admin user.""" | ||
957 | 249 | self.assert_admin(context) | ||
958 | 250 | tenant_refs = self.identity_api.get_tenants(context) | ||
959 | 251 | params = { | ||
960 | 252 | 'limit': context['query_string'].get('limit'), | ||
961 | 253 | 'marker': context['query_string'].get('marker'), | ||
962 | 254 | } | ||
963 | 255 | return self._format_tenant_list(tenant_refs, **params) | ||
964 | 256 | |||
965 | 257 | def get_tenants_for_token(self, context, **kw): | ||
966 | 258 | """Get valid tenants for token based on token used to authenticate. | ||
967 | 259 | |||
968 | 260 | Pulls the token from the context, validates it and gets the valid | ||
969 | 261 | tenants for the user in the token. | ||
970 | 262 | |||
971 | 263 | Doesn't care about token scopedness. | ||
972 | 264 | |||
973 | 265 | """ | ||
974 | 266 | try: | ||
975 | 267 | token_ref = self.token_api.get_token(context=context, | ||
976 | 268 | token_id=context['token_id']) | ||
977 | 269 | except exception.NotFound: | ||
978 | 270 | raise exception.Unauthorized() | ||
979 | 271 | |||
980 | 272 | user_ref = token_ref['user'] | ||
981 | 273 | tenant_ids = self.identity_api.get_tenants_for_user( | ||
982 | 274 | context, user_ref['id']) | ||
983 | 275 | tenant_refs = [] | ||
984 | 276 | for tenant_id in tenant_ids: | ||
985 | 277 | tenant_refs.append(self.identity_api.get_tenant( | ||
986 | 278 | context=context, | ||
987 | 279 | tenant_id=tenant_id)) | ||
988 | 280 | params = { | ||
989 | 281 | 'limit': context['query_string'].get('limit'), | ||
990 | 282 | 'marker': context['query_string'].get('marker'), | ||
991 | 283 | } | ||
992 | 284 | return self._format_tenant_list(tenant_refs, **params) | ||
993 | 285 | |||
994 | 286 | def get_tenant(self, context, tenant_id): | ||
995 | 287 | # TODO(termie): this stuff should probably be moved to middleware | ||
996 | 288 | self.assert_admin(context) | ||
997 | 289 | tenant = self.identity_api.get_tenant(context, tenant_id) | ||
998 | 290 | if tenant is None: | ||
999 | 291 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
1000 | 292 | |||
1001 | 293 | return {'tenant': tenant} | ||
1002 | 294 | |||
1003 | 295 | # CRUD Extension | ||
1004 | 296 | def create_tenant(self, context, tenant): | ||
1005 | 297 | tenant_ref = self._normalize_dict(tenant) | ||
1006 | 298 | self.assert_admin(context) | ||
1007 | 299 | tenant_id = (tenant_ref.get('id') | ||
1008 | 300 | and tenant_ref.get('id') | ||
1009 | 301 | or uuid.uuid4().hex) | ||
1010 | 302 | tenant_ref['id'] = tenant_id | ||
1011 | 303 | |||
1012 | 304 | tenant = self.identity_api.create_tenant( | ||
1013 | 305 | context, tenant_id, tenant_ref) | ||
1014 | 306 | return {'tenant': tenant} | ||
1015 | 307 | |||
1016 | 308 | def update_tenant(self, context, tenant_id, tenant): | ||
1017 | 309 | self.assert_admin(context) | ||
1018 | 310 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
1019 | 311 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
1020 | 312 | |||
1021 | 313 | tenant_ref = self.identity_api.update_tenant( | ||
1022 | 314 | context, tenant_id, tenant) | ||
1023 | 315 | return {'tenant': tenant_ref} | ||
1024 | 316 | |||
1025 | 317 | def delete_tenant(self, context, tenant_id, **kw): | ||
1026 | 318 | self.assert_admin(context) | ||
1027 | 319 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
1028 | 320 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
1029 | 321 | |||
1030 | 322 | self.identity_api.delete_tenant(context, tenant_id) | ||
1031 | 323 | |||
1032 | 324 | def get_tenant_users(self, context, tenant_id, **kw): | ||
1033 | 325 | self.assert_admin(context) | ||
1034 | 326 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
1035 | 327 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
1036 | 328 | |||
1037 | 329 | user_refs = self.identity_api.get_tenant_users(context, tenant_id) | ||
1038 | 330 | return {'users': user_refs} | ||
1039 | 331 | |||
1040 | 332 | def _format_tenant_list(self, tenant_refs, **kwargs): | ||
1041 | 333 | marker = kwargs.get('marker') | ||
1042 | 334 | page_idx = 0 | ||
1043 | 335 | if marker is not None: | ||
1044 | 336 | for (marker_idx, tenant) in enumerate(tenant_refs): | ||
1045 | 337 | if tenant['id'] == marker: | ||
1046 | 338 | # we start pagination after the marker | ||
1047 | 339 | page_idx = marker_idx + 1 | ||
1048 | 340 | break | ||
1049 | 341 | else: | ||
1050 | 342 | msg = 'Marker could not be found' | ||
1051 | 343 | raise exception.ValidationError(message=msg) | ||
1052 | 344 | |||
1053 | 345 | limit = kwargs.get('limit') | ||
1054 | 346 | if limit is not None: | ||
1055 | 347 | try: | ||
1056 | 348 | limit = int(limit) | ||
1057 | 349 | if limit < 0: | ||
1058 | 350 | raise AssertionError() | ||
1059 | 351 | except (ValueError, AssertionError): | ||
1060 | 352 | msg = 'Invalid limit value' | ||
1061 | 353 | raise exception.ValidationError(message=msg) | ||
1062 | 354 | |||
1063 | 355 | tenant_refs = tenant_refs[page_idx:limit] | ||
1064 | 356 | |||
1065 | 357 | for x in tenant_refs: | ||
1066 | 358 | if 'enabled' not in x: | ||
1067 | 359 | x['enabled'] = True | ||
1068 | 360 | o = {'tenants': tenant_refs, | ||
1069 | 361 | 'tenants_links': []} | ||
1070 | 362 | return o | ||
1071 | 363 | |||
1072 | 364 | |||
1073 | 365 | class UserController(wsgi.Application): | ||
1074 | 366 | def __init__(self): | ||
1075 | 367 | self.identity_api = Manager() | ||
1076 | 368 | self.policy_api = policy.Manager() | ||
1077 | 369 | self.token_api = token.Manager() | ||
1078 | 370 | super(UserController, self).__init__() | ||
1079 | 371 | |||
1080 | 372 | def get_user(self, context, user_id): | ||
1081 | 373 | self.assert_admin(context) | ||
1082 | 374 | user_ref = self.identity_api.get_user(context, user_id) | ||
1083 | 375 | if not user_ref: | ||
1084 | 376 | raise exception.UserNotFound(user_id=user_id) | ||
1085 | 377 | |||
1086 | 378 | return {'user': user_ref} | ||
1087 | 379 | |||
1088 | 380 | def get_users(self, context): | ||
1089 | 381 | # NOTE(termie): i can't imagine that this really wants all the data | ||
1090 | 382 | # about every single user in the system... | ||
1091 | 383 | self.assert_admin(context) | ||
1092 | 384 | user_refs = self.identity_api.list_users(context) | ||
1093 | 385 | return {'users': user_refs} | ||
1094 | 386 | |||
1095 | 387 | # CRUD extension | ||
1096 | 388 | def create_user(self, context, user): | ||
1097 | 389 | user = self._normalize_dict(user) | ||
1098 | 390 | self.assert_admin(context) | ||
1099 | 391 | tenant_id = user.get('tenantId', None) | ||
1100 | 392 | if (tenant_id is not None | ||
1101 | 393 | and self.identity_api.get_tenant(context, tenant_id) is None): | ||
1102 | 394 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
1103 | 395 | user_id = uuid.uuid4().hex | ||
1104 | 396 | user_ref = user.copy() | ||
1105 | 397 | user_ref['id'] = user_id | ||
1106 | 398 | new_user_ref = self.identity_api.create_user( | ||
1107 | 399 | context, user_id, user_ref) | ||
1108 | 400 | if tenant_id: | ||
1109 | 401 | self.identity_api.add_user_to_tenant(context, tenant_id, user_id) | ||
1110 | 402 | return {'user': new_user_ref} | ||
1111 | 403 | |||
1112 | 404 | def update_user(self, context, user_id, user): | ||
1113 | 405 | # NOTE(termie): this is really more of a patch than a put | ||
1114 | 406 | self.assert_admin(context) | ||
1115 | 407 | if self.identity_api.get_user(context, user_id) is None: | ||
1116 | 408 | raise exception.UserNotFound(user_id=user_id) | ||
1117 | 409 | |||
1118 | 410 | user_ref = self.identity_api.update_user(context, user_id, user) | ||
1119 | 411 | |||
1120 | 412 | # If the password was changed or the user was disabled we clear tokens | ||
1121 | 413 | if user.get('password') or user.get('enabled', True) == False: | ||
1122 | 414 | try: | ||
1123 | 415 | for token_id in self.token_api.list_tokens(context, user_id): | ||
1124 | 416 | self.token_api.delete_token(context, token_id) | ||
1125 | 417 | except exception.NotImplemented: | ||
1126 | 418 | # The users status has been changed but tokens remain valid for | ||
1127 | 419 | # backends that can't list tokens for users | ||
1128 | 420 | LOG.warning('User %s status has changed, but existing tokens ' | ||
1129 | 421 | 'remain valid' % user_id) | ||
1130 | 422 | return {'user': user_ref} | ||
1131 | 423 | |||
1132 | 424 | def delete_user(self, context, user_id): | ||
1133 | 425 | self.assert_admin(context) | ||
1134 | 426 | if self.identity_api.get_user(context, user_id) is None: | ||
1135 | 427 | raise exception.UserNotFound(user_id=user_id) | ||
1136 | 428 | |||
1137 | 429 | self.identity_api.delete_user(context, user_id) | ||
1138 | 430 | |||
1139 | 431 | def set_user_enabled(self, context, user_id, user): | ||
1140 | 432 | return self.update_user(context, user_id, user) | ||
1141 | 433 | |||
1142 | 434 | def set_user_password(self, context, user_id, user): | ||
1143 | 435 | return self.update_user(context, user_id, user) | ||
1144 | 436 | |||
1145 | 437 | def update_user_tenant(self, context, user_id, user): | ||
1146 | 438 | """Update the default tenant.""" | ||
1147 | 439 | self.assert_admin(context) | ||
1148 | 440 | # ensure that we're a member of that tenant | ||
1149 | 441 | tenant_id = user.get('tenantId') | ||
1150 | 442 | self.identity_api.add_user_to_tenant(context, tenant_id, user_id) | ||
1151 | 443 | return self.update_user(context, user_id, user) | ||
1152 | 444 | |||
1153 | 445 | |||
1154 | 446 | class RoleController(wsgi.Application): | ||
1155 | 447 | def __init__(self): | ||
1156 | 448 | self.identity_api = Manager() | ||
1157 | 449 | self.token_api = token.Manager() | ||
1158 | 450 | self.policy_api = policy.Manager() | ||
1159 | 451 | super(RoleController, self).__init__() | ||
1160 | 452 | |||
1161 | 453 | # COMPAT(essex-3) | ||
1162 | 454 | def get_user_roles(self, context, user_id, tenant_id=None): | ||
1163 | 455 | """Get the roles for a user and tenant pair. | ||
1164 | 456 | |||
1165 | 457 | Since we're trying to ignore the idea of user-only roles we're | ||
1166 | 458 | not implementing them in hopes that the idea will die off. | ||
1167 | 459 | |||
1168 | 460 | """ | ||
1169 | 461 | self.assert_admin(context) | ||
1170 | 462 | if tenant_id is None: | ||
1171 | 463 | raise exception.NotImplemented(message='User roles not supported: ' | ||
1172 | 464 | 'tenant ID required') | ||
1173 | 465 | |||
1174 | 466 | user = self.identity_api.get_user(context, user_id) | ||
1175 | 467 | if user is None: | ||
1176 | 468 | raise exception.UserNotFound(user_id=user_id) | ||
1177 | 469 | tenant = self.identity_api.get_tenant(context, tenant_id) | ||
1178 | 470 | if tenant is None: | ||
1179 | 471 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
1180 | 472 | |||
1181 | 473 | roles = self.identity_api.get_roles_for_user_and_tenant( | ||
1182 | 474 | context, user_id, tenant_id) | ||
1183 | 475 | return {'roles': [self.identity_api.get_role(context, x) | ||
1184 | 476 | for x in roles]} | ||
1185 | 477 | |||
1186 | 478 | # CRUD extension | ||
1187 | 479 | def get_role(self, context, role_id): | ||
1188 | 480 | self.assert_admin(context) | ||
1189 | 481 | role_ref = self.identity_api.get_role(context, role_id) | ||
1190 | 482 | if not role_ref: | ||
1191 | 483 | raise exception.RoleNotFound(role_id=role_id) | ||
1192 | 484 | return {'role': role_ref} | ||
1193 | 485 | |||
1194 | 486 | def create_role(self, context, role): | ||
1195 | 487 | role = self._normalize_dict(role) | ||
1196 | 488 | self.assert_admin(context) | ||
1197 | 489 | role_id = uuid.uuid4().hex | ||
1198 | 490 | role['id'] = role_id | ||
1199 | 491 | role_ref = self.identity_api.create_role(context, role_id, role) | ||
1200 | 492 | return {'role': role_ref} | ||
1201 | 493 | |||
1202 | 494 | def delete_role(self, context, role_id): | ||
1203 | 495 | self.assert_admin(context) | ||
1204 | 496 | self.get_role(context, role_id) | ||
1205 | 497 | self.identity_api.delete_role(context, role_id) | ||
1206 | 498 | |||
1207 | 499 | def get_roles(self, context): | ||
1208 | 500 | self.assert_admin(context) | ||
1209 | 501 | roles = self.identity_api.list_roles(context) | ||
1210 | 502 | # TODO(termie): probably inefficient at some point | ||
1211 | 503 | return {'roles': roles} | ||
1212 | 504 | |||
1213 | 505 | def add_role_to_user(self, context, user_id, role_id, tenant_id=None): | ||
1214 | 506 | """Add a role to a user and tenant pair. | ||
1215 | 507 | |||
1216 | 508 | Since we're trying to ignore the idea of user-only roles we're | ||
1217 | 509 | not implementing them in hopes that the idea will die off. | ||
1218 | 510 | |||
1219 | 511 | """ | ||
1220 | 512 | self.assert_admin(context) | ||
1221 | 513 | if tenant_id is None: | ||
1222 | 514 | raise exception.NotImplemented(message='User roles not supported: ' | ||
1223 | 515 | 'tenant_id required') | ||
1224 | 516 | if self.identity_api.get_user(context, user_id) is None: | ||
1225 | 517 | raise exception.UserNotFound(user_id=user_id) | ||
1226 | 518 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
1227 | 519 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
1228 | 520 | if self.identity_api.get_role(context, role_id) is None: | ||
1229 | 521 | raise exception.RoleNotFound(role_id=role_id) | ||
1230 | 522 | |||
1231 | 523 | # This still has the weird legacy semantics that adding a role to | ||
1232 | 524 | # a user also adds them to a tenant | ||
1233 | 525 | self.identity_api.add_user_to_tenant(context, tenant_id, user_id) | ||
1234 | 526 | self.identity_api.add_role_to_user_and_tenant( | ||
1235 | 527 | context, user_id, tenant_id, role_id) | ||
1236 | 528 | role_ref = self.identity_api.get_role(context, role_id) | ||
1237 | 529 | return {'role': role_ref} | ||
1238 | 530 | |||
1239 | 531 | def remove_role_from_user(self, context, user_id, role_id, tenant_id=None): | ||
1240 | 532 | """Remove a role from a user and tenant pair. | ||
1241 | 533 | |||
1242 | 534 | Since we're trying to ignore the idea of user-only roles we're | ||
1243 | 535 | not implementing them in hopes that the idea will die off. | ||
1244 | 536 | |||
1245 | 537 | """ | ||
1246 | 538 | self.assert_admin(context) | ||
1247 | 539 | if tenant_id is None: | ||
1248 | 540 | raise exception.NotImplemented(message='User roles not supported: ' | ||
1249 | 541 | 'tenant_id required') | ||
1250 | 542 | if self.identity_api.get_user(context, user_id) is None: | ||
1251 | 543 | raise exception.UserNotFound(user_id=user_id) | ||
1252 | 544 | if self.identity_api.get_tenant(context, tenant_id) is None: | ||
1253 | 545 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
1254 | 546 | if self.identity_api.get_role(context, role_id) is None: | ||
1255 | 547 | raise exception.RoleNotFound(role_id=role_id) | ||
1256 | 548 | |||
1257 | 549 | # This still has the weird legacy semantics that adding a role to | ||
1258 | 550 | # a user also adds them to a tenant, so we must follow up on that | ||
1259 | 551 | self.identity_api.remove_role_from_user_and_tenant( | ||
1260 | 552 | context, user_id, tenant_id, role_id) | ||
1261 | 553 | roles = self.identity_api.get_roles_for_user_and_tenant( | ||
1262 | 554 | context, user_id, tenant_id) | ||
1263 | 555 | if not roles: | ||
1264 | 556 | self.identity_api.remove_user_from_tenant( | ||
1265 | 557 | context, tenant_id, user_id) | ||
1266 | 558 | return | ||
1267 | 559 | |||
1268 | 560 | # COMPAT(diablo): CRUD extension | ||
1269 | 561 | def get_role_refs(self, context, user_id): | ||
1270 | 562 | """Ultimate hack to get around having to make role_refs first-class. | ||
1271 | 563 | |||
1272 | 564 | This will basically iterate over the various roles the user has in | ||
1273 | 565 | all tenants the user is a member of and create fake role_refs where | ||
1274 | 566 | the id encodes the user-tenant-role information so we can look | ||
1275 | 567 | up the appropriate data when we need to delete them. | ||
1276 | 568 | |||
1277 | 569 | """ | ||
1278 | 570 | self.assert_admin(context) | ||
1279 | 571 | user_ref = self.identity_api.get_user(context, user_id) | ||
1280 | 572 | tenant_ids = self.identity_api.get_tenants_for_user(context, user_id) | ||
1281 | 573 | o = [] | ||
1282 | 574 | for tenant_id in tenant_ids: | ||
1283 | 575 | role_ids = self.identity_api.get_roles_for_user_and_tenant( | ||
1284 | 576 | context, user_id, tenant_id) | ||
1285 | 577 | for role_id in role_ids: | ||
1286 | 578 | ref = {'roleId': role_id, | ||
1287 | 579 | 'tenantId': tenant_id, | ||
1288 | 580 | 'userId': user_id} | ||
1289 | 581 | ref['id'] = urllib.urlencode(ref) | ||
1290 | 582 | o.append(ref) | ||
1291 | 583 | return {'roles': o} | ||
1292 | 584 | |||
1293 | 585 | # COMPAT(diablo): CRUD extension | ||
1294 | 586 | def create_role_ref(self, context, user_id, role): | ||
1295 | 587 | """This is actually used for adding a user to a tenant. | ||
1296 | 588 | |||
1297 | 589 | In the legacy data model adding a user to a tenant required setting | ||
1298 | 590 | a role. | ||
1299 | 591 | |||
1300 | 592 | """ | ||
1301 | 593 | self.assert_admin(context) | ||
1302 | 594 | # TODO(termie): for now we're ignoring the actual role | ||
1303 | 595 | tenant_id = role.get('tenantId') | ||
1304 | 596 | role_id = role.get('roleId') | ||
1305 | 597 | self.identity_api.add_user_to_tenant(context, tenant_id, user_id) | ||
1306 | 598 | self.identity_api.add_role_to_user_and_tenant( | ||
1307 | 599 | context, user_id, tenant_id, role_id) | ||
1308 | 600 | role_ref = self.identity_api.get_role(context, role_id) | ||
1309 | 601 | return {'role': role_ref} | ||
1310 | 602 | |||
1311 | 603 | # COMPAT(diablo): CRUD extension | ||
1312 | 604 | def delete_role_ref(self, context, user_id, role_ref_id): | ||
1313 | 605 | """This is actually used for deleting a user from a tenant. | ||
1314 | 606 | |||
1315 | 607 | In the legacy data model removing a user from a tenant required | ||
1316 | 608 | deleting a role. | ||
1317 | 609 | |||
1318 | 610 | To emulate this, we encode the tenant and role in the role_ref_id, | ||
1319 | 611 | and if this happens to be the last role for the user-tenant pair, | ||
1320 | 612 | we remove the user from the tenant. | ||
1321 | 613 | |||
1322 | 614 | """ | ||
1323 | 615 | self.assert_admin(context) | ||
1324 | 616 | # TODO(termie): for now we're ignoring the actual role | ||
1325 | 617 | role_ref_ref = urlparse.parse_qs(role_ref_id) | ||
1326 | 618 | tenant_id = role_ref_ref.get('tenantId')[0] | ||
1327 | 619 | role_id = role_ref_ref.get('roleId')[0] | ||
1328 | 620 | self.identity_api.remove_role_from_user_and_tenant( | ||
1329 | 621 | context, user_id, tenant_id, role_id) | ||
1330 | 622 | roles = self.identity_api.get_roles_for_user_and_tenant( | ||
1331 | 623 | context, user_id, tenant_id) | ||
1332 | 624 | if not roles: | ||
1333 | 625 | self.identity_api.remove_user_from_tenant( | ||
1334 | 626 | context, tenant_id, user_id) | ||
1335 | 627 | 0 | ||
1336 | === removed directory '.pc/keystone-CVE-2012-4413.patch/keystone/token' | |||
1337 | === removed file '.pc/keystone-CVE-2012-4413.patch/keystone/token/core.py' | |||
1338 | --- .pc/keystone-CVE-2012-4413.patch/keystone/token/core.py 2012-09-12 09:47:55 +0000 | |||
1339 | +++ .pc/keystone-CVE-2012-4413.patch/keystone/token/core.py 1970-01-01 00:00:00 +0000 | |||
1340 | @@ -1,107 +0,0 @@ | |||
1341 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
1342 | 2 | |||
1343 | 3 | # Copyright 2012 OpenStack LLC | ||
1344 | 4 | # | ||
1345 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
1346 | 6 | # not use this file except in compliance with the License. You may obtain | ||
1347 | 7 | # a copy of the License at | ||
1348 | 8 | # | ||
1349 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
1350 | 10 | # | ||
1351 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
1352 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
1353 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
1354 | 14 | # License for the specific language governing permissions and limitations | ||
1355 | 15 | # under the License. | ||
1356 | 16 | |||
1357 | 17 | """Main entry point into the Token service.""" | ||
1358 | 18 | |||
1359 | 19 | import datetime | ||
1360 | 20 | |||
1361 | 21 | from keystone import config | ||
1362 | 22 | from keystone import exception | ||
1363 | 23 | from keystone.common import manager | ||
1364 | 24 | |||
1365 | 25 | |||
1366 | 26 | CONF = config.CONF | ||
1367 | 27 | config.register_int('expiration', group='token', default=86400) | ||
1368 | 28 | |||
1369 | 29 | |||
1370 | 30 | class Manager(manager.Manager): | ||
1371 | 31 | """Default pivot point for the Token backend. | ||
1372 | 32 | |||
1373 | 33 | See :mod:`keystone.common.manager.Manager` for more details on how this | ||
1374 | 34 | dynamically calls the backend. | ||
1375 | 35 | |||
1376 | 36 | """ | ||
1377 | 37 | |||
1378 | 38 | def __init__(self): | ||
1379 | 39 | super(Manager, self).__init__(CONF.token.driver) | ||
1380 | 40 | |||
1381 | 41 | |||
1382 | 42 | class Driver(object): | ||
1383 | 43 | """Interface description for a Token driver.""" | ||
1384 | 44 | |||
1385 | 45 | def get_token(self, token_id): | ||
1386 | 46 | """Get a token by id. | ||
1387 | 47 | |||
1388 | 48 | :param token_id: identity of the token | ||
1389 | 49 | :type token_id: string | ||
1390 | 50 | :returns: token_ref | ||
1391 | 51 | :raises: keystone.exception.TokenNotFound | ||
1392 | 52 | |||
1393 | 53 | """ | ||
1394 | 54 | raise exception.NotImplemented() | ||
1395 | 55 | |||
1396 | 56 | def create_token(self, token_id, data): | ||
1397 | 57 | """Create a token by id and data. | ||
1398 | 58 | |||
1399 | 59 | :param token_id: identity of the token | ||
1400 | 60 | :type token_id: string | ||
1401 | 61 | :param data: dictionary with additional reference information | ||
1402 | 62 | |||
1403 | 63 | :: | ||
1404 | 64 | |||
1405 | 65 | { | ||
1406 | 66 | expires='' | ||
1407 | 67 | id=token_id, | ||
1408 | 68 | user=user_ref, | ||
1409 | 69 | tenant=tenant_ref, | ||
1410 | 70 | metadata=metadata_ref | ||
1411 | 71 | } | ||
1412 | 72 | |||
1413 | 73 | :type data: dict | ||
1414 | 74 | :returns: token_ref or None. | ||
1415 | 75 | |||
1416 | 76 | """ | ||
1417 | 77 | raise exception.NotImplemented() | ||
1418 | 78 | |||
1419 | 79 | def delete_token(self, token_id): | ||
1420 | 80 | """Deletes a token by id. | ||
1421 | 81 | |||
1422 | 82 | :param token_id: identity of the token | ||
1423 | 83 | :type token_id: string | ||
1424 | 84 | :returns: None. | ||
1425 | 85 | :raises: keystone.exception.TokenNotFound | ||
1426 | 86 | |||
1427 | 87 | """ | ||
1428 | 88 | raise exception.NotImplemented() | ||
1429 | 89 | |||
1430 | 90 | def list_tokens(self, user_id): | ||
1431 | 91 | """Returns a list of current token_id's for a user | ||
1432 | 92 | |||
1433 | 93 | :param user_id: identity of the user | ||
1434 | 94 | :type user_id: string | ||
1435 | 95 | :returns: list of token_id's | ||
1436 | 96 | |||
1437 | 97 | """ | ||
1438 | 98 | raise exception.NotImplemented() | ||
1439 | 99 | |||
1440 | 100 | def _get_default_expire_time(self): | ||
1441 | 101 | """Determine when a token should expire based on the config. | ||
1442 | 102 | |||
1443 | 103 | :returns: a naive utc datetime.datetime object | ||
1444 | 104 | |||
1445 | 105 | """ | ||
1446 | 106 | expire_delta = datetime.timedelta(seconds=CONF.token.expiration) | ||
1447 | 107 | return datetime.datetime.utcnow() + expire_delta | ||
1448 | 108 | 0 | ||
1449 | === removed directory '.pc/keystone-CVE-2012-4413.patch/tests' | |||
1450 | === removed file '.pc/keystone-CVE-2012-4413.patch/tests/test_keystoneclient.py' | |||
1451 | --- .pc/keystone-CVE-2012-4413.patch/tests/test_keystoneclient.py 2012-09-12 09:47:55 +0000 | |||
1452 | +++ .pc/keystone-CVE-2012-4413.patch/tests/test_keystoneclient.py 1970-01-01 00:00:00 +0000 | |||
1453 | @@ -1,970 +0,0 @@ | |||
1454 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
1455 | 2 | |||
1456 | 3 | # Copyright 2012 OpenStack LLC | ||
1457 | 4 | # | ||
1458 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
1459 | 6 | # not use this file except in compliance with the License. You may obtain | ||
1460 | 7 | # a copy of the License at | ||
1461 | 8 | # | ||
1462 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
1463 | 10 | # | ||
1464 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
1465 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
1466 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
1467 | 14 | # License for the specific language governing permissions and limitations | ||
1468 | 15 | # under the License. | ||
1469 | 16 | |||
1470 | 17 | import time | ||
1471 | 18 | import uuid | ||
1472 | 19 | |||
1473 | 20 | import nose.exc | ||
1474 | 21 | |||
1475 | 22 | from keystone import test | ||
1476 | 23 | |||
1477 | 24 | import default_fixtures | ||
1478 | 25 | |||
1479 | 26 | OPENSTACK_REPO = 'https://review.openstack.org/p/openstack' | ||
1480 | 27 | KEYSTONECLIENT_REPO = '%s/python-keystoneclient.git' % OPENSTACK_REPO | ||
1481 | 28 | |||
1482 | 29 | |||
1483 | 30 | class CompatTestCase(test.TestCase): | ||
1484 | 31 | def setUp(self): | ||
1485 | 32 | super(CompatTestCase, self).setUp() | ||
1486 | 33 | |||
1487 | 34 | self.load_backends() | ||
1488 | 35 | self.load_fixtures(default_fixtures) | ||
1489 | 36 | |||
1490 | 37 | self.public_server = self.serveapp('keystone', name='main') | ||
1491 | 38 | self.admin_server = self.serveapp('keystone', name='admin') | ||
1492 | 39 | |||
1493 | 40 | # TODO(termie): is_admin is being deprecated once the policy stuff | ||
1494 | 41 | # is all working | ||
1495 | 42 | # TODO(termie): add an admin user to the fixtures and use that user | ||
1496 | 43 | # override the fixtures, for now | ||
1497 | 44 | self.metadata_foobar = self.identity_api.update_metadata( | ||
1498 | 45 | self.user_foo['id'], self.tenant_bar['id'], | ||
1499 | 46 | dict(roles=['keystone_admin'], is_admin='1')) | ||
1500 | 47 | |||
1501 | 48 | def tearDown(self): | ||
1502 | 49 | self.public_server.kill() | ||
1503 | 50 | self.admin_server.kill() | ||
1504 | 51 | self.public_server = None | ||
1505 | 52 | self.admin_server = None | ||
1506 | 53 | super(CompatTestCase, self).tearDown() | ||
1507 | 54 | |||
1508 | 55 | def _public_url(self): | ||
1509 | 56 | public_port = self.public_server.socket_info['socket'][1] | ||
1510 | 57 | return "http://localhost:%s/v2.0" % public_port | ||
1511 | 58 | |||
1512 | 59 | def _admin_url(self): | ||
1513 | 60 | admin_port = self.admin_server.socket_info['socket'][1] | ||
1514 | 61 | return "http://localhost:%s/v2.0" % admin_port | ||
1515 | 62 | |||
1516 | 63 | def _client(self, admin=False, **kwargs): | ||
1517 | 64 | from keystoneclient.v2_0 import client as ks_client | ||
1518 | 65 | |||
1519 | 66 | url = self._admin_url() if admin else self._public_url() | ||
1520 | 67 | kc = ks_client.Client(endpoint=url, | ||
1521 | 68 | auth_url=self._public_url(), | ||
1522 | 69 | **kwargs) | ||
1523 | 70 | kc.authenticate() | ||
1524 | 71 | # have to manually overwrite the management url after authentication | ||
1525 | 72 | kc.management_url = url | ||
1526 | 73 | return kc | ||
1527 | 74 | |||
1528 | 75 | def get_client(self, user_ref=None, tenant_ref=None, admin=False): | ||
1529 | 76 | if user_ref is None: | ||
1530 | 77 | user_ref = self.user_foo | ||
1531 | 78 | if tenant_ref is None: | ||
1532 | 79 | for user in default_fixtures.USERS: | ||
1533 | 80 | if user['id'] == user_ref['id']: | ||
1534 | 81 | tenant_id = user['tenants'][0] | ||
1535 | 82 | else: | ||
1536 | 83 | tenant_id = tenant_ref['id'] | ||
1537 | 84 | |||
1538 | 85 | return self._client(username=user_ref['name'], | ||
1539 | 86 | password=user_ref['password'], | ||
1540 | 87 | tenant_id=tenant_id, | ||
1541 | 88 | admin=admin) | ||
1542 | 89 | |||
1543 | 90 | |||
1544 | 91 | class KeystoneClientTests(object): | ||
1545 | 92 | """Tests for all versions of keystoneclient.""" | ||
1546 | 93 | |||
1547 | 94 | def test_authenticate_tenant_name_and_tenants(self): | ||
1548 | 95 | client = self.get_client() | ||
1549 | 96 | tenants = client.tenants.list() | ||
1550 | 97 | self.assertEquals(tenants[0].id, self.tenant_bar['id']) | ||
1551 | 98 | |||
1552 | 99 | def test_authenticate_tenant_id_and_tenants(self): | ||
1553 | 100 | client = self._client(username=self.user_foo['name'], | ||
1554 | 101 | password=self.user_foo['password'], | ||
1555 | 102 | tenant_id='bar') | ||
1556 | 103 | tenants = client.tenants.list() | ||
1557 | 104 | self.assertEquals(tenants[0].id, self.tenant_bar['id']) | ||
1558 | 105 | |||
1559 | 106 | def test_authenticate_invalid_tenant_id(self): | ||
1560 | 107 | from keystoneclient import exceptions as client_exceptions | ||
1561 | 108 | self.assertRaises(client_exceptions.Unauthorized, | ||
1562 | 109 | self._client, | ||
1563 | 110 | username=self.user_foo['name'], | ||
1564 | 111 | password=self.user_foo['password'], | ||
1565 | 112 | tenant_id='baz') | ||
1566 | 113 | |||
1567 | 114 | def test_authenticate_token_no_tenant(self): | ||
1568 | 115 | client = self.get_client() | ||
1569 | 116 | token = client.auth_token | ||
1570 | 117 | token_client = self._client(token=token) | ||
1571 | 118 | tenants = token_client.tenants.list() | ||
1572 | 119 | self.assertEquals(tenants[0].id, self.tenant_bar['id']) | ||
1573 | 120 | |||
1574 | 121 | def test_authenticate_token_tenant_id(self): | ||
1575 | 122 | client = self.get_client() | ||
1576 | 123 | token = client.auth_token | ||
1577 | 124 | token_client = self._client(token=token, tenant_id='bar') | ||
1578 | 125 | tenants = token_client.tenants.list() | ||
1579 | 126 | self.assertEquals(tenants[0].id, self.tenant_bar['id']) | ||
1580 | 127 | |||
1581 | 128 | def test_authenticate_token_invalid_tenant_id(self): | ||
1582 | 129 | from keystoneclient import exceptions as client_exceptions | ||
1583 | 130 | client = self.get_client() | ||
1584 | 131 | token = client.auth_token | ||
1585 | 132 | self.assertRaises(client_exceptions.AuthorizationFailure, | ||
1586 | 133 | self._client, token=token, tenant_id='baz') | ||
1587 | 134 | |||
1588 | 135 | def test_authenticate_token_tenant_name(self): | ||
1589 | 136 | client = self.get_client() | ||
1590 | 137 | token = client.auth_token | ||
1591 | 138 | token_client = self._client(token=token, tenant_name='BAR') | ||
1592 | 139 | tenants = token_client.tenants.list() | ||
1593 | 140 | self.assertEquals(tenants[0].id, self.tenant_bar['id']) | ||
1594 | 141 | self.assertEquals(tenants[0].id, self.tenant_bar['id']) | ||
1595 | 142 | |||
1596 | 143 | def test_authenticate_and_delete_token(self): | ||
1597 | 144 | from keystoneclient import exceptions as client_exceptions | ||
1598 | 145 | |||
1599 | 146 | client = self.get_client(admin=True) | ||
1600 | 147 | token = client.auth_token | ||
1601 | 148 | token_client = self._client(token=token) | ||
1602 | 149 | tenants = token_client.tenants.list() | ||
1603 | 150 | self.assertEquals(tenants[0].id, self.tenant_bar['id']) | ||
1604 | 151 | |||
1605 | 152 | client.tokens.delete(token_client.auth_token) | ||
1606 | 153 | |||
1607 | 154 | self.assertRaises(client_exceptions.Unauthorized, | ||
1608 | 155 | token_client.tenants.list) | ||
1609 | 156 | |||
1610 | 157 | def test_authenticate_no_password(self): | ||
1611 | 158 | from keystoneclient import exceptions as client_exceptions | ||
1612 | 159 | |||
1613 | 160 | user_ref = self.user_foo.copy() | ||
1614 | 161 | user_ref['password'] = None | ||
1615 | 162 | self.assertRaises(client_exceptions.AuthorizationFailure, | ||
1616 | 163 | self.get_client, | ||
1617 | 164 | user_ref) | ||
1618 | 165 | |||
1619 | 166 | def test_authenticate_no_username(self): | ||
1620 | 167 | from keystoneclient import exceptions as client_exceptions | ||
1621 | 168 | |||
1622 | 169 | user_ref = self.user_foo.copy() | ||
1623 | 170 | user_ref['name'] = None | ||
1624 | 171 | self.assertRaises(client_exceptions.AuthorizationFailure, | ||
1625 | 172 | self.get_client, | ||
1626 | 173 | user_ref) | ||
1627 | 174 | |||
1628 | 175 | def test_authenticate_disabled_tenant(self): | ||
1629 | 176 | from keystoneclient import exceptions as client_exceptions | ||
1630 | 177 | |||
1631 | 178 | admin_client = self.get_client(admin=True) | ||
1632 | 179 | |||
1633 | 180 | tenant = { | ||
1634 | 181 | 'name': uuid.uuid4().hex, | ||
1635 | 182 | 'description': uuid.uuid4().hex, | ||
1636 | 183 | 'enabled': False, | ||
1637 | 184 | } | ||
1638 | 185 | tenant_ref = admin_client.tenants.create( | ||
1639 | 186 | tenant_name=tenant['name'], | ||
1640 | 187 | description=tenant['description'], | ||
1641 | 188 | enabled=tenant['enabled']) | ||
1642 | 189 | tenant['id'] = tenant_ref.id | ||
1643 | 190 | |||
1644 | 191 | user = { | ||
1645 | 192 | 'name': uuid.uuid4().hex, | ||
1646 | 193 | 'password': uuid.uuid4().hex, | ||
1647 | 194 | 'email': uuid.uuid4().hex, | ||
1648 | 195 | 'tenant_id': tenant['id'], | ||
1649 | 196 | } | ||
1650 | 197 | user_ref = admin_client.users.create( | ||
1651 | 198 | name=user['name'], | ||
1652 | 199 | password=user['password'], | ||
1653 | 200 | email=user['email'], | ||
1654 | 201 | tenant_id=user['tenant_id']) | ||
1655 | 202 | user['id'] = user_ref.id | ||
1656 | 203 | |||
1657 | 204 | # password authentication | ||
1658 | 205 | self.assertRaises( | ||
1659 | 206 | client_exceptions.Unauthorized, | ||
1660 | 207 | self._client, | ||
1661 | 208 | username=user['name'], | ||
1662 | 209 | password=user['password'], | ||
1663 | 210 | tenant_id=tenant['id']) | ||
1664 | 211 | |||
1665 | 212 | # token authentication | ||
1666 | 213 | client = self._client( | ||
1667 | 214 | username=user['name'], | ||
1668 | 215 | password=user['password']) | ||
1669 | 216 | self.assertRaises( | ||
1670 | 217 | client_exceptions.Unauthorized, | ||
1671 | 218 | self._client, | ||
1672 | 219 | token=client.auth_token, | ||
1673 | 220 | tenant_id=tenant['id']) | ||
1674 | 221 | |||
1675 | 222 | # FIXME(ja): this test should require the "keystone:admin" roled | ||
1676 | 223 | # (probably the role set via --keystone_admin_role flag) | ||
1677 | 224 | # FIXME(ja): add a test that admin endpoint is only sent to admin user | ||
1678 | 225 | # FIXME(ja): add a test that admin endpoint returns unauthorized if not | ||
1679 | 226 | # admin | ||
1680 | 227 | def test_tenant_create_update_and_delete(self): | ||
1681 | 228 | from keystoneclient import exceptions as client_exceptions | ||
1682 | 229 | |||
1683 | 230 | tenant_name = 'original_tenant' | ||
1684 | 231 | tenant_description = 'My original tenant!' | ||
1685 | 232 | tenant_enabled = True | ||
1686 | 233 | client = self.get_client(admin=True) | ||
1687 | 234 | |||
1688 | 235 | # create, get, and list a tenant | ||
1689 | 236 | tenant = client.tenants.create(tenant_name=tenant_name, | ||
1690 | 237 | description=tenant_description, | ||
1691 | 238 | enabled=tenant_enabled) | ||
1692 | 239 | self.assertEquals(tenant.name, tenant_name) | ||
1693 | 240 | self.assertEquals(tenant.description, tenant_description) | ||
1694 | 241 | self.assertEquals(tenant.enabled, tenant_enabled) | ||
1695 | 242 | |||
1696 | 243 | tenant = client.tenants.get(tenant_id=tenant.id) | ||
1697 | 244 | self.assertEquals(tenant.name, tenant_name) | ||
1698 | 245 | self.assertEquals(tenant.description, tenant_description) | ||
1699 | 246 | self.assertEquals(tenant.enabled, tenant_enabled) | ||
1700 | 247 | |||
1701 | 248 | tenant = [t for t in client.tenants.list() if t.id == tenant.id].pop() | ||
1702 | 249 | self.assertEquals(tenant.name, tenant_name) | ||
1703 | 250 | self.assertEquals(tenant.description, tenant_description) | ||
1704 | 251 | self.assertEquals(tenant.enabled, tenant_enabled) | ||
1705 | 252 | |||
1706 | 253 | # update, get, and list a tenant | ||
1707 | 254 | tenant_name = 'updated_tenant' | ||
1708 | 255 | tenant_description = 'Updated tenant!' | ||
1709 | 256 | tenant_enabled = False | ||
1710 | 257 | tenant = client.tenants.update(tenant_id=tenant.id, | ||
1711 | 258 | tenant_name=tenant_name, | ||
1712 | 259 | enabled=tenant_enabled, | ||
1713 | 260 | description=tenant_description) | ||
1714 | 261 | self.assertEquals(tenant.name, tenant_name) | ||
1715 | 262 | self.assertEquals(tenant.description, tenant_description) | ||
1716 | 263 | self.assertEquals(tenant.enabled, tenant_enabled) | ||
1717 | 264 | |||
1718 | 265 | tenant = client.tenants.get(tenant_id=tenant.id) | ||
1719 | 266 | self.assertEquals(tenant.name, tenant_name) | ||
1720 | 267 | self.assertEquals(tenant.description, tenant_description) | ||
1721 | 268 | self.assertEquals(tenant.enabled, tenant_enabled) | ||
1722 | 269 | |||
1723 | 270 | tenant = [t for t in client.tenants.list() if t.id == tenant.id].pop() | ||
1724 | 271 | self.assertEquals(tenant.name, tenant_name) | ||
1725 | 272 | self.assertEquals(tenant.description, tenant_description) | ||
1726 | 273 | self.assertEquals(tenant.enabled, tenant_enabled) | ||
1727 | 274 | |||
1728 | 275 | # delete, get, and list a tenant | ||
1729 | 276 | client.tenants.delete(tenant=tenant.id) | ||
1730 | 277 | self.assertRaises(client_exceptions.NotFound, client.tenants.get, | ||
1731 | 278 | tenant.id) | ||
1732 | 279 | self.assertFalse([t for t in client.tenants.list() | ||
1733 | 280 | if t.id == tenant.id]) | ||
1734 | 281 | |||
1735 | 282 | def test_tenant_delete_404(self): | ||
1736 | 283 | from keystoneclient import exceptions as client_exceptions | ||
1737 | 284 | client = self.get_client(admin=True) | ||
1738 | 285 | self.assertRaises(client_exceptions.NotFound, | ||
1739 | 286 | client.tenants.delete, | ||
1740 | 287 | tenant=uuid.uuid4().hex) | ||
1741 | 288 | |||
1742 | 289 | def test_tenant_get_404(self): | ||
1743 | 290 | from keystoneclient import exceptions as client_exceptions | ||
1744 | 291 | client = self.get_client(admin=True) | ||
1745 | 292 | self.assertRaises(client_exceptions.NotFound, | ||
1746 | 293 | client.tenants.get, | ||
1747 | 294 | tenant_id=uuid.uuid4().hex) | ||
1748 | 295 | |||
1749 | 296 | def test_tenant_update_404(self): | ||
1750 | 297 | from keystoneclient import exceptions as client_exceptions | ||
1751 | 298 | client = self.get_client(admin=True) | ||
1752 | 299 | self.assertRaises(client_exceptions.NotFound, | ||
1753 | 300 | client.tenants.update, | ||
1754 | 301 | tenant_id=uuid.uuid4().hex) | ||
1755 | 302 | |||
1756 | 303 | def test_tenant_list(self): | ||
1757 | 304 | client = self.get_client() | ||
1758 | 305 | tenants = client.tenants.list() | ||
1759 | 306 | self.assertEquals(len(tenants), 1) | ||
1760 | 307 | |||
1761 | 308 | # Admin endpoint should return *all* tenants | ||
1762 | 309 | client = self.get_client(admin=True) | ||
1763 | 310 | tenants = client.tenants.list() | ||
1764 | 311 | self.assertEquals(len(tenants), len(default_fixtures.TENANTS)) | ||
1765 | 312 | |||
1766 | 313 | def test_invalid_password(self): | ||
1767 | 314 | from keystoneclient import exceptions as client_exceptions | ||
1768 | 315 | |||
1769 | 316 | good_client = self._client(username=self.user_foo['name'], | ||
1770 | 317 | password=self.user_foo['password']) | ||
1771 | 318 | good_client.tenants.list() | ||
1772 | 319 | |||
1773 | 320 | self.assertRaises(client_exceptions.Unauthorized, | ||
1774 | 321 | self._client, | ||
1775 | 322 | username=self.user_foo['name'], | ||
1776 | 323 | password='invalid') | ||
1777 | 324 | |||
1778 | 325 | def test_invalid_user_password(self): | ||
1779 | 326 | from keystoneclient import exceptions as client_exceptions | ||
1780 | 327 | |||
1781 | 328 | self.assertRaises(client_exceptions.Unauthorized, | ||
1782 | 329 | self._client, | ||
1783 | 330 | username='blah', | ||
1784 | 331 | password='blah') | ||
1785 | 332 | |||
1786 | 333 | def test_change_password_invalidates_token(self): | ||
1787 | 334 | from keystoneclient import exceptions as client_exceptions | ||
1788 | 335 | |||
1789 | 336 | client = self.get_client(admin=True) | ||
1790 | 337 | |||
1791 | 338 | username = uuid.uuid4().hex | ||
1792 | 339 | passwd = uuid.uuid4().hex | ||
1793 | 340 | user = client.users.create(name=username, password=passwd, | ||
1794 | 341 | email=uuid.uuid4().hex) | ||
1795 | 342 | |||
1796 | 343 | token_id = client.tokens.authenticate(username=username, | ||
1797 | 344 | password=passwd).id | ||
1798 | 345 | |||
1799 | 346 | # authenticate with a token should work before a password change | ||
1800 | 347 | client.tokens.authenticate(token=token_id) | ||
1801 | 348 | |||
1802 | 349 | client.users.update_password(user=user.id, password=uuid.uuid4().hex) | ||
1803 | 350 | |||
1804 | 351 | # authenticate with a token should not work after a password change | ||
1805 | 352 | self.assertRaises(client_exceptions.Unauthorized, | ||
1806 | 353 | client.tokens.authenticate, | ||
1807 | 354 | token=token_id) | ||
1808 | 355 | |||
1809 | 356 | def test_disable_user_invalidates_token(self): | ||
1810 | 357 | from keystoneclient import exceptions as client_exceptions | ||
1811 | 358 | |||
1812 | 359 | admin_client = self.get_client(admin=True) | ||
1813 | 360 | foo_client = self.get_client(self.user_foo) | ||
1814 | 361 | |||
1815 | 362 | admin_client.users.update_enabled(user=self.user_foo['id'], | ||
1816 | 363 | enabled=False) | ||
1817 | 364 | |||
1818 | 365 | self.assertRaises(client_exceptions.Unauthorized, | ||
1819 | 366 | foo_client.tokens.authenticate, | ||
1820 | 367 | token=foo_client.auth_token) | ||
1821 | 368 | |||
1822 | 369 | self.assertRaises(client_exceptions.Unauthorized, | ||
1823 | 370 | self.get_client, | ||
1824 | 371 | self.user_foo) | ||
1825 | 372 | |||
1826 | 373 | def test_token_expiry_maintained(self): | ||
1827 | 374 | foo_client = self.get_client(self.user_foo) | ||
1828 | 375 | orig_token = foo_client.service_catalog.catalog['token'] | ||
1829 | 376 | |||
1830 | 377 | time.sleep(1.01) | ||
1831 | 378 | reauthenticated_token = foo_client.tokens.authenticate( | ||
1832 | 379 | token=foo_client.auth_token) | ||
1833 | 380 | |||
1834 | 381 | self.assertEquals(orig_token['expires'], | ||
1835 | 382 | reauthenticated_token.expires) | ||
1836 | 383 | |||
1837 | 384 | def test_user_create_update_delete(self): | ||
1838 | 385 | from keystoneclient import exceptions as client_exceptions | ||
1839 | 386 | |||
1840 | 387 | test_username = 'new_user' | ||
1841 | 388 | client = self.get_client(admin=True) | ||
1842 | 389 | user = client.users.create(name=test_username, | ||
1843 | 390 | password='password', | ||
1844 | 391 | email='user1@test.com') | ||
1845 | 392 | self.assertEquals(user.name, test_username) | ||
1846 | 393 | |||
1847 | 394 | user = client.users.get(user=user.id) | ||
1848 | 395 | self.assertEquals(user.name, test_username) | ||
1849 | 396 | |||
1850 | 397 | user = client.users.update(user=user, | ||
1851 | 398 | name=test_username, | ||
1852 | 399 | email='user2@test.com') | ||
1853 | 400 | self.assertEquals(user.email, 'user2@test.com') | ||
1854 | 401 | |||
1855 | 402 | # NOTE(termie): update_enabled doesn't return anything, probably a bug | ||
1856 | 403 | client.users.update_enabled(user=user, enabled=False) | ||
1857 | 404 | user = client.users.get(user.id) | ||
1858 | 405 | self.assertFalse(user.enabled) | ||
1859 | 406 | |||
1860 | 407 | self.assertRaises(client_exceptions.Unauthorized, | ||
1861 | 408 | self._client, | ||
1862 | 409 | username=test_username, | ||
1863 | 410 | password='password') | ||
1864 | 411 | client.users.update_enabled(user, True) | ||
1865 | 412 | |||
1866 | 413 | user = client.users.update_password(user=user, password='password2') | ||
1867 | 414 | |||
1868 | 415 | self._client(username=test_username, | ||
1869 | 416 | password='password2') | ||
1870 | 417 | |||
1871 | 418 | user = client.users.update_tenant(user=user, tenant='bar') | ||
1872 | 419 | # TODO(ja): once keystonelight supports default tenant | ||
1873 | 420 | # when you login without specifying tenant, the | ||
1874 | 421 | # token should be scoped to tenant 'bar' | ||
1875 | 422 | |||
1876 | 423 | client.users.delete(user.id) | ||
1877 | 424 | self.assertRaises(client_exceptions.NotFound, client.users.get, | ||
1878 | 425 | user.id) | ||
1879 | 426 | |||
1880 | 427 | # Test creating a user with a tenant (auto-add to tenant) | ||
1881 | 428 | user2 = client.users.create(name=test_username, | ||
1882 | 429 | password='password', | ||
1883 | 430 | email='user1@test.com', | ||
1884 | 431 | tenant_id='bar') | ||
1885 | 432 | self.assertEquals(user2.name, test_username) | ||
1886 | 433 | |||
1887 | 434 | def test_user_create_404(self): | ||
1888 | 435 | from keystoneclient import exceptions as client_exceptions | ||
1889 | 436 | client = self.get_client(admin=True) | ||
1890 | 437 | self.assertRaises(client_exceptions.NotFound, | ||
1891 | 438 | client.users.create, | ||
1892 | 439 | name=uuid.uuid4().hex, | ||
1893 | 440 | password=uuid.uuid4().hex, | ||
1894 | 441 | email=uuid.uuid4().hex, | ||
1895 | 442 | tenant_id=uuid.uuid4().hex) | ||
1896 | 443 | |||
1897 | 444 | def test_user_get_404(self): | ||
1898 | 445 | from keystoneclient import exceptions as client_exceptions | ||
1899 | 446 | client = self.get_client(admin=True) | ||
1900 | 447 | self.assertRaises(client_exceptions.NotFound, | ||
1901 | 448 | client.users.get, | ||
1902 | 449 | user=uuid.uuid4().hex) | ||
1903 | 450 | |||
1904 | 451 | def test_user_list_404(self): | ||
1905 | 452 | from keystoneclient import exceptions as client_exceptions | ||
1906 | 453 | client = self.get_client(admin=True) | ||
1907 | 454 | self.assertRaises(client_exceptions.NotFound, | ||
1908 | 455 | client.users.list, | ||
1909 | 456 | tenant_id=uuid.uuid4().hex) | ||
1910 | 457 | |||
1911 | 458 | def test_user_update_404(self): | ||
1912 | 459 | from keystoneclient import exceptions as client_exceptions | ||
1913 | 460 | client = self.get_client(admin=True) | ||
1914 | 461 | self.assertRaises(client_exceptions.NotFound, | ||
1915 | 462 | client.users.update, | ||
1916 | 463 | user=uuid.uuid4().hex) | ||
1917 | 464 | |||
1918 | 465 | def test_user_update_tenant_404(self): | ||
1919 | 466 | raise nose.exc.SkipTest('N/A') | ||
1920 | 467 | from keystoneclient import exceptions as client_exceptions | ||
1921 | 468 | client = self.get_client(admin=True) | ||
1922 | 469 | self.assertRaises(client_exceptions.NotFound, | ||
1923 | 470 | client.users.update, | ||
1924 | 471 | user=self.user_foo['id'], | ||
1925 | 472 | tenant_id=uuid.uuid4().hex) | ||
1926 | 473 | |||
1927 | 474 | def test_user_update_password_404(self): | ||
1928 | 475 | from keystoneclient import exceptions as client_exceptions | ||
1929 | 476 | client = self.get_client(admin=True) | ||
1930 | 477 | self.assertRaises(client_exceptions.NotFound, | ||
1931 | 478 | client.users.update_password, | ||
1932 | 479 | user=uuid.uuid4().hex, | ||
1933 | 480 | password=uuid.uuid4().hex) | ||
1934 | 481 | |||
1935 | 482 | def test_user_delete_404(self): | ||
1936 | 483 | from keystoneclient import exceptions as client_exceptions | ||
1937 | 484 | client = self.get_client(admin=True) | ||
1938 | 485 | self.assertRaises(client_exceptions.NotFound, | ||
1939 | 486 | client.users.delete, | ||
1940 | 487 | user=uuid.uuid4().hex) | ||
1941 | 488 | |||
1942 | 489 | def test_user_list(self): | ||
1943 | 490 | client = self.get_client(admin=True) | ||
1944 | 491 | users = client.users.list() | ||
1945 | 492 | self.assertTrue(len(users) > 0) | ||
1946 | 493 | user = users[0] | ||
1947 | 494 | self.assertRaises(AttributeError, lambda: user.password) | ||
1948 | 495 | |||
1949 | 496 | def test_user_get(self): | ||
1950 | 497 | client = self.get_client(admin=True) | ||
1951 | 498 | user = client.users.get(user=self.user_foo['id']) | ||
1952 | 499 | self.assertRaises(AttributeError, lambda: user.password) | ||
1953 | 500 | |||
1954 | 501 | def test_role_get(self): | ||
1955 | 502 | client = self.get_client(admin=True) | ||
1956 | 503 | role = client.roles.get(role='keystone_admin') | ||
1957 | 504 | self.assertEquals(role.id, 'keystone_admin') | ||
1958 | 505 | |||
1959 | 506 | def test_role_crud(self): | ||
1960 | 507 | from keystoneclient import exceptions as client_exceptions | ||
1961 | 508 | |||
1962 | 509 | test_role = 'new_role' | ||
1963 | 510 | client = self.get_client(admin=True) | ||
1964 | 511 | role = client.roles.create(name=test_role) | ||
1965 | 512 | self.assertEquals(role.name, test_role) | ||
1966 | 513 | |||
1967 | 514 | role = client.roles.get(role=role.id) | ||
1968 | 515 | self.assertEquals(role.name, test_role) | ||
1969 | 516 | |||
1970 | 517 | client.roles.delete(role=role.id) | ||
1971 | 518 | |||
1972 | 519 | self.assertRaises(client_exceptions.NotFound, | ||
1973 | 520 | client.roles.delete, | ||
1974 | 521 | role=role.id) | ||
1975 | 522 | self.assertRaises(client_exceptions.NotFound, | ||
1976 | 523 | client.roles.get, | ||
1977 | 524 | role=role.id) | ||
1978 | 525 | |||
1979 | 526 | def test_role_get_404(self): | ||
1980 | 527 | from keystoneclient import exceptions as client_exceptions | ||
1981 | 528 | client = self.get_client(admin=True) | ||
1982 | 529 | self.assertRaises(client_exceptions.NotFound, | ||
1983 | 530 | client.roles.get, | ||
1984 | 531 | role=uuid.uuid4().hex) | ||
1985 | 532 | |||
1986 | 533 | def test_role_delete_404(self): | ||
1987 | 534 | from keystoneclient import exceptions as client_exceptions | ||
1988 | 535 | client = self.get_client(admin=True) | ||
1989 | 536 | self.assertRaises(client_exceptions.NotFound, | ||
1990 | 537 | client.roles.delete, | ||
1991 | 538 | role=uuid.uuid4().hex) | ||
1992 | 539 | |||
1993 | 540 | def test_role_list_404(self): | ||
1994 | 541 | from keystoneclient import exceptions as client_exceptions | ||
1995 | 542 | client = self.get_client(admin=True) | ||
1996 | 543 | self.assertRaises(client_exceptions.NotFound, | ||
1997 | 544 | client.roles.roles_for_user, | ||
1998 | 545 | user=uuid.uuid4().hex, | ||
1999 | 546 | tenant=uuid.uuid4().hex) | ||
2000 | 547 | self.assertRaises(client_exceptions.NotFound, | ||
2001 | 548 | client.roles.roles_for_user, | ||
2002 | 549 | user=self.user_foo['id'], | ||
2003 | 550 | tenant=uuid.uuid4().hex) | ||
2004 | 551 | self.assertRaises(client_exceptions.NotFound, | ||
2005 | 552 | client.roles.roles_for_user, | ||
2006 | 553 | user=uuid.uuid4().hex, | ||
2007 | 554 | tenant=self.tenant_bar['id']) | ||
2008 | 555 | |||
2009 | 556 | def test_role_list(self): | ||
2010 | 557 | client = self.get_client(admin=True) | ||
2011 | 558 | roles = client.roles.list() | ||
2012 | 559 | # TODO(devcamcar): This assert should be more specific. | ||
2013 | 560 | self.assertTrue(len(roles) > 0) | ||
2014 | 561 | |||
2015 | 562 | def test_ec2_credential_crud(self): | ||
2016 | 563 | client = self.get_client() | ||
2017 | 564 | creds = client.ec2.list(user_id=self.user_foo['id']) | ||
2018 | 565 | self.assertEquals(creds, []) | ||
2019 | 566 | |||
2020 | 567 | cred = client.ec2.create(user_id=self.user_foo['id'], | ||
2021 | 568 | tenant_id=self.tenant_bar['id']) | ||
2022 | 569 | creds = client.ec2.list(user_id=self.user_foo['id']) | ||
2023 | 570 | self.assertEquals(creds, [cred]) | ||
2024 | 571 | |||
2025 | 572 | got = client.ec2.get(user_id=self.user_foo['id'], access=cred.access) | ||
2026 | 573 | self.assertEquals(cred, got) | ||
2027 | 574 | |||
2028 | 575 | client.ec2.delete(user_id=self.user_foo['id'], access=cred.access) | ||
2029 | 576 | creds = client.ec2.list(user_id=self.user_foo['id']) | ||
2030 | 577 | self.assertEquals(creds, []) | ||
2031 | 578 | |||
2032 | 579 | def test_ec2_credentials_create_404(self): | ||
2033 | 580 | from keystoneclient import exceptions as client_exceptions | ||
2034 | 581 | client = self.get_client() | ||
2035 | 582 | self.assertRaises(client_exceptions.NotFound, | ||
2036 | 583 | client.ec2.create, | ||
2037 | 584 | user_id=uuid.uuid4().hex, | ||
2038 | 585 | tenant_id=self.tenant_bar['id']) | ||
2039 | 586 | self.assertRaises(client_exceptions.NotFound, | ||
2040 | 587 | client.ec2.create, | ||
2041 | 588 | user_id=self.user_foo['id'], | ||
2042 | 589 | tenant_id=uuid.uuid4().hex) | ||
2043 | 590 | |||
2044 | 591 | def test_ec2_credentials_delete_404(self): | ||
2045 | 592 | from keystoneclient import exceptions as client_exceptions | ||
2046 | 593 | client = self.get_client() | ||
2047 | 594 | self.assertRaises(client_exceptions.NotFound, | ||
2048 | 595 | client.ec2.delete, | ||
2049 | 596 | user_id=uuid.uuid4().hex, | ||
2050 | 597 | access=uuid.uuid4().hex) | ||
2051 | 598 | |||
2052 | 599 | def test_ec2_credentials_get_404(self): | ||
2053 | 600 | from keystoneclient import exceptions as client_exceptions | ||
2054 | 601 | client = self.get_client() | ||
2055 | 602 | self.assertRaises(client_exceptions.NotFound, | ||
2056 | 603 | client.ec2.get, | ||
2057 | 604 | user_id=uuid.uuid4().hex, | ||
2058 | 605 | access=uuid.uuid4().hex) | ||
2059 | 606 | |||
2060 | 607 | def test_ec2_credentials_list_404(self): | ||
2061 | 608 | from keystoneclient import exceptions as client_exceptions | ||
2062 | 609 | client = self.get_client() | ||
2063 | 610 | self.assertRaises(client_exceptions.NotFound, | ||
2064 | 611 | client.ec2.list, | ||
2065 | 612 | user_id=uuid.uuid4().hex) | ||
2066 | 613 | |||
2067 | 614 | def test_ec2_credentials_list_user_forbidden(self): | ||
2068 | 615 | from keystoneclient import exceptions as client_exceptions | ||
2069 | 616 | |||
2070 | 617 | two = self.get_client(self.user_two) | ||
2071 | 618 | self.assertRaises(client_exceptions.Forbidden, two.ec2.list, | ||
2072 | 619 | user_id=self.user_foo['id']) | ||
2073 | 620 | |||
2074 | 621 | def test_ec2_credentials_get_user_forbidden(self): | ||
2075 | 622 | from keystoneclient import exceptions as client_exceptions | ||
2076 | 623 | |||
2077 | 624 | foo = self.get_client() | ||
2078 | 625 | cred = foo.ec2.create(user_id=self.user_foo['id'], | ||
2079 | 626 | tenant_id=self.tenant_bar['id']) | ||
2080 | 627 | |||
2081 | 628 | two = self.get_client(self.user_two) | ||
2082 | 629 | self.assertRaises(client_exceptions.Forbidden, two.ec2.get, | ||
2083 | 630 | user_id=self.user_foo['id'], access=cred.access) | ||
2084 | 631 | |||
2085 | 632 | foo.ec2.delete(user_id=self.user_foo['id'], access=cred.access) | ||
2086 | 633 | |||
2087 | 634 | def test_ec2_credentials_delete_user_forbidden(self): | ||
2088 | 635 | from keystoneclient import exceptions as client_exceptions | ||
2089 | 636 | |||
2090 | 637 | foo = self.get_client() | ||
2091 | 638 | cred = foo.ec2.create(user_id=self.user_foo['id'], | ||
2092 | 639 | tenant_id=self.tenant_bar['id']) | ||
2093 | 640 | |||
2094 | 641 | two = self.get_client(self.user_two) | ||
2095 | 642 | self.assertRaises(client_exceptions.Forbidden, two.ec2.delete, | ||
2096 | 643 | user_id=self.user_foo['id'], access=cred.access) | ||
2097 | 644 | |||
2098 | 645 | foo.ec2.delete(user_id=self.user_foo['id'], access=cred.access) | ||
2099 | 646 | |||
2100 | 647 | def test_service_create_and_delete(self): | ||
2101 | 648 | from keystoneclient import exceptions as client_exceptions | ||
2102 | 649 | |||
2103 | 650 | test_service = 'new_service' | ||
2104 | 651 | client = self.get_client(admin=True) | ||
2105 | 652 | service = client.services.create(name=test_service, | ||
2106 | 653 | service_type='test', | ||
2107 | 654 | description='test') | ||
2108 | 655 | self.assertEquals(service.name, test_service) | ||
2109 | 656 | |||
2110 | 657 | service = client.services.get(id=service.id) | ||
2111 | 658 | self.assertEquals(service.name, test_service) | ||
2112 | 659 | |||
2113 | 660 | client.services.delete(id=service.id) | ||
2114 | 661 | self.assertRaises(client_exceptions.NotFound, client.services.get, | ||
2115 | 662 | id=service.id) | ||
2116 | 663 | |||
2117 | 664 | def test_service_list(self): | ||
2118 | 665 | client = self.get_client(admin=True) | ||
2119 | 666 | test_service = 'new_service' | ||
2120 | 667 | service = client.services.create(name=test_service, | ||
2121 | 668 | service_type='test', | ||
2122 | 669 | description='test') | ||
2123 | 670 | services = client.services.list() | ||
2124 | 671 | # TODO(devcamcar): This assert should be more specific. | ||
2125 | 672 | self.assertTrue(len(services) > 0) | ||
2126 | 673 | |||
2127 | 674 | def test_service_delete_404(self): | ||
2128 | 675 | from keystoneclient import exceptions as client_exceptions | ||
2129 | 676 | client = self.get_client(admin=True) | ||
2130 | 677 | self.assertRaises(client_exceptions.NotFound, | ||
2131 | 678 | client.services.delete, | ||
2132 | 679 | id=uuid.uuid4().hex) | ||
2133 | 680 | |||
2134 | 681 | def test_service_get_404(self): | ||
2135 | 682 | from keystoneclient import exceptions as client_exceptions | ||
2136 | 683 | client = self.get_client(admin=True) | ||
2137 | 684 | self.assertRaises(client_exceptions.NotFound, | ||
2138 | 685 | client.services.get, | ||
2139 | 686 | id=uuid.uuid4().hex) | ||
2140 | 687 | |||
2141 | 688 | def test_endpoint_create_404(self): | ||
2142 | 689 | from keystoneclient import exceptions as client_exceptions | ||
2143 | 690 | client = self.get_client(admin=True) | ||
2144 | 691 | self.assertRaises(client_exceptions.NotFound, | ||
2145 | 692 | client.endpoints.create, | ||
2146 | 693 | region=uuid.uuid4().hex, | ||
2147 | 694 | service_id=uuid.uuid4().hex, | ||
2148 | 695 | publicurl=uuid.uuid4().hex, | ||
2149 | 696 | adminurl=uuid.uuid4().hex, | ||
2150 | 697 | internalurl=uuid.uuid4().hex) | ||
2151 | 698 | |||
2152 | 699 | def test_endpoint_delete_404(self): | ||
2153 | 700 | # the catalog backend is expected to return Not Implemented | ||
2154 | 701 | from keystoneclient import exceptions as client_exceptions | ||
2155 | 702 | client = self.get_client(admin=True) | ||
2156 | 703 | self.assertRaises(client_exceptions.HTTPNotImplemented, | ||
2157 | 704 | client.endpoints.delete, | ||
2158 | 705 | id=uuid.uuid4().hex) | ||
2159 | 706 | |||
2160 | 707 | def test_admin_requires_adminness(self): | ||
2161 | 708 | from keystoneclient import exceptions as client_exceptions | ||
2162 | 709 | # FIXME(ja): this should be Unauthorized | ||
2163 | 710 | exception = client_exceptions.ClientException | ||
2164 | 711 | |||
2165 | 712 | two = self.get_client(self.user_two, admin=True) # non-admin user | ||
2166 | 713 | |||
2167 | 714 | # USER CRUD | ||
2168 | 715 | self.assertRaises(exception, | ||
2169 | 716 | two.users.list) | ||
2170 | 717 | self.assertRaises(exception, | ||
2171 | 718 | two.users.get, | ||
2172 | 719 | user=self.user_two['id']) | ||
2173 | 720 | self.assertRaises(exception, | ||
2174 | 721 | two.users.create, | ||
2175 | 722 | name='oops', | ||
2176 | 723 | password='password', | ||
2177 | 724 | email='oops@test.com') | ||
2178 | 725 | self.assertRaises(exception, | ||
2179 | 726 | two.users.delete, | ||
2180 | 727 | user=self.user_foo['id']) | ||
2181 | 728 | |||
2182 | 729 | # TENANT CRUD | ||
2183 | 730 | self.assertRaises(exception, | ||
2184 | 731 | two.tenants.list) | ||
2185 | 732 | self.assertRaises(exception, | ||
2186 | 733 | two.tenants.get, | ||
2187 | 734 | tenant_id=self.tenant_bar['id']) | ||
2188 | 735 | self.assertRaises(exception, | ||
2189 | 736 | two.tenants.create, | ||
2190 | 737 | tenant_name='oops', | ||
2191 | 738 | description="shouldn't work!", | ||
2192 | 739 | enabled=True) | ||
2193 | 740 | self.assertRaises(exception, | ||
2194 | 741 | two.tenants.delete, | ||
2195 | 742 | tenant=self.tenant_baz['id']) | ||
2196 | 743 | |||
2197 | 744 | # ROLE CRUD | ||
2198 | 745 | self.assertRaises(exception, | ||
2199 | 746 | two.roles.get, | ||
2200 | 747 | role='keystone_admin') | ||
2201 | 748 | self.assertRaises(exception, | ||
2202 | 749 | two.roles.list) | ||
2203 | 750 | self.assertRaises(exception, | ||
2204 | 751 | two.roles.create, | ||
2205 | 752 | name='oops') | ||
2206 | 753 | self.assertRaises(exception, | ||
2207 | 754 | two.roles.delete, | ||
2208 | 755 | role='keystone_admin') | ||
2209 | 756 | |||
2210 | 757 | # TODO(ja): MEMBERSHIP CRUD | ||
2211 | 758 | # TODO(ja): determine what else todo | ||
2212 | 759 | |||
2213 | 760 | |||
2214 | 761 | class KcMasterTestCase(CompatTestCase, KeystoneClientTests): | ||
2215 | 762 | def test_tenant_add_and_remove_user(self): | ||
2216 | 763 | client = self.get_client(admin=True) | ||
2217 | 764 | client.roles.add_user_role(tenant=self.tenant_baz['id'], | ||
2218 | 765 | user=self.user_foo['id'], | ||
2219 | 766 | role=self.role_useless['id']) | ||
2220 | 767 | user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) | ||
2221 | 768 | self.assert_(self.user_foo['id'] in [x.id for x in user_refs]) | ||
2222 | 769 | client.roles.remove_user_role(tenant=self.tenant_baz['id'], | ||
2223 | 770 | user=self.user_foo['id'], | ||
2224 | 771 | role=self.role_useless['id']) | ||
2225 | 772 | user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) | ||
2226 | 773 | self.assert_(self.user_foo['id'] not in [x.id for x in user_refs]) | ||
2227 | 774 | |||
2228 | 775 | def test_user_role_add_404(self): | ||
2229 | 776 | from keystoneclient import exceptions as client_exceptions | ||
2230 | 777 | client = self.get_client(admin=True) | ||
2231 | 778 | self.assertRaises(client_exceptions.NotFound, | ||
2232 | 779 | client.roles.add_user_role, | ||
2233 | 780 | tenant=uuid.uuid4().hex, | ||
2234 | 781 | user=self.user_foo['id'], | ||
2235 | 782 | role=self.role_useless['id']) | ||
2236 | 783 | self.assertRaises(client_exceptions.NotFound, | ||
2237 | 784 | client.roles.add_user_role, | ||
2238 | 785 | tenant=self.tenant_baz['id'], | ||
2239 | 786 | user=uuid.uuid4().hex, | ||
2240 | 787 | role=self.role_useless['id']) | ||
2241 | 788 | self.assertRaises(client_exceptions.NotFound, | ||
2242 | 789 | client.roles.add_user_role, | ||
2243 | 790 | tenant=self.tenant_baz['id'], | ||
2244 | 791 | user=self.user_foo['id'], | ||
2245 | 792 | role=uuid.uuid4().hex) | ||
2246 | 793 | |||
2247 | 794 | def test_user_role_remove_404(self): | ||
2248 | 795 | from keystoneclient import exceptions as client_exceptions | ||
2249 | 796 | client = self.get_client(admin=True) | ||
2250 | 797 | self.assertRaises(client_exceptions.NotFound, | ||
2251 | 798 | client.roles.remove_user_role, | ||
2252 | 799 | tenant=uuid.uuid4().hex, | ||
2253 | 800 | user=self.user_foo['id'], | ||
2254 | 801 | role=self.role_useless['id']) | ||
2255 | 802 | self.assertRaises(client_exceptions.NotFound, | ||
2256 | 803 | client.roles.remove_user_role, | ||
2257 | 804 | tenant=self.tenant_baz['id'], | ||
2258 | 805 | user=uuid.uuid4().hex, | ||
2259 | 806 | role=self.role_useless['id']) | ||
2260 | 807 | self.assertRaises(client_exceptions.NotFound, | ||
2261 | 808 | client.roles.remove_user_role, | ||
2262 | 809 | tenant=self.tenant_baz['id'], | ||
2263 | 810 | user=self.user_foo['id'], | ||
2264 | 811 | role=uuid.uuid4().hex) | ||
2265 | 812 | self.assertRaises(client_exceptions.NotFound, | ||
2266 | 813 | client.roles.remove_user_role, | ||
2267 | 814 | tenant=self.tenant_baz['id'], | ||
2268 | 815 | user=self.user_foo['id'], | ||
2269 | 816 | role=self.role_useless['id']) | ||
2270 | 817 | |||
2271 | 818 | def test_tenant_list_marker(self): | ||
2272 | 819 | client = self.get_client() | ||
2273 | 820 | |||
2274 | 821 | # Add two arbitrary tenants to user for testing purposes | ||
2275 | 822 | for i in range(2): | ||
2276 | 823 | tenant_id = uuid.uuid4().hex | ||
2277 | 824 | tenant = {'name': 'tenant-%s' % tenant_id, 'id': tenant_id} | ||
2278 | 825 | self.identity_api.create_tenant(tenant_id, tenant) | ||
2279 | 826 | self.identity_api.add_user_to_tenant(tenant_id, | ||
2280 | 827 | self.user_foo['id']) | ||
2281 | 828 | |||
2282 | 829 | tenants = client.tenants.list() | ||
2283 | 830 | self.assertEqual(len(tenants), 3) | ||
2284 | 831 | |||
2285 | 832 | tenants_marker = client.tenants.list(marker=tenants[0].id) | ||
2286 | 833 | self.assertEqual(len(tenants_marker), 2) | ||
2287 | 834 | self.assertEqual(tenants[1].name, tenants_marker[0].name) | ||
2288 | 835 | self.assertEqual(tenants[2].name, tenants_marker[1].name) | ||
2289 | 836 | |||
2290 | 837 | def test_tenant_list_marker_not_found(self): | ||
2291 | 838 | from keystoneclient import exceptions as client_exceptions | ||
2292 | 839 | |||
2293 | 840 | client = self.get_client() | ||
2294 | 841 | self.assertRaises(client_exceptions.BadRequest, | ||
2295 | 842 | client.tenants.list, marker=uuid.uuid4().hex) | ||
2296 | 843 | |||
2297 | 844 | def test_tenant_list_limit(self): | ||
2298 | 845 | client = self.get_client() | ||
2299 | 846 | |||
2300 | 847 | # Add two arbitrary tenants to user for testing purposes | ||
2301 | 848 | for i in range(2): | ||
2302 | 849 | tenant_id = uuid.uuid4().hex | ||
2303 | 850 | tenant = {'name': 'tenant-%s' % tenant_id, 'id': tenant_id} | ||
2304 | 851 | self.identity_api.create_tenant(tenant_id, tenant) | ||
2305 | 852 | self.identity_api.add_user_to_tenant(tenant_id, | ||
2306 | 853 | self.user_foo['id']) | ||
2307 | 854 | |||
2308 | 855 | tenants = client.tenants.list() | ||
2309 | 856 | self.assertEqual(len(tenants), 3) | ||
2310 | 857 | |||
2311 | 858 | tenants_limited = client.tenants.list(limit=2) | ||
2312 | 859 | self.assertEqual(len(tenants_limited), 2) | ||
2313 | 860 | self.assertEqual(tenants[0].name, tenants_limited[0].name) | ||
2314 | 861 | self.assertEqual(tenants[1].name, tenants_limited[1].name) | ||
2315 | 862 | |||
2316 | 863 | def test_tenant_list_limit_bad_value(self): | ||
2317 | 864 | from keystoneclient import exceptions as client_exceptions | ||
2318 | 865 | |||
2319 | 866 | client = self.get_client() | ||
2320 | 867 | self.assertRaises(client_exceptions.BadRequest, | ||
2321 | 868 | client.tenants.list, limit='a') | ||
2322 | 869 | self.assertRaises(client_exceptions.BadRequest, | ||
2323 | 870 | client.tenants.list, limit=-1) | ||
2324 | 871 | |||
2325 | 872 | def test_roles_get_by_user(self): | ||
2326 | 873 | client = self.get_client(admin=True) | ||
2327 | 874 | roles = client.roles.roles_for_user(user=self.user_foo['id'], | ||
2328 | 875 | tenant=self.tenant_bar['id']) | ||
2329 | 876 | self.assertTrue(len(roles) > 0) | ||
2330 | 877 | |||
2331 | 878 | |||
2332 | 879 | class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): | ||
2333 | 880 | def test_tenant_add_and_remove_user(self): | ||
2334 | 881 | raise nose.exc.SkipTest('Keystoneclient Essex 3 tests disabled.') | ||
2335 | 882 | client = self.get_client(admin=True) | ||
2336 | 883 | client.roles.add_user_to_tenant(tenant_id=self.tenant_baz['id'], | ||
2337 | 884 | user_id=self.user_foo['id'], | ||
2338 | 885 | role_id=self.role_useless['id']) | ||
2339 | 886 | role_refs = client.roles.get_user_role_refs( | ||
2340 | 887 | user_id=self.user_foo['id']) | ||
2341 | 888 | self.assert_(self.tenant_baz['id'] in [x.tenantId for x in role_refs]) | ||
2342 | 889 | |||
2343 | 890 | # get the "role_refs" so we get the proper id, this is how the clients | ||
2344 | 891 | # do it | ||
2345 | 892 | roleref_refs = client.roles.get_user_role_refs( | ||
2346 | 893 | user_id=self.user_foo['id']) | ||
2347 | 894 | for roleref_ref in roleref_refs: | ||
2348 | 895 | if (roleref_ref.roleId == self.role_useless['id'] | ||
2349 | 896 | and roleref_ref.tenantId == self.tenant_baz['id']): | ||
2350 | 897 | # use python's scope fall through to leave roleref_ref set | ||
2351 | 898 | break | ||
2352 | 899 | |||
2353 | 900 | client.roles.remove_user_from_tenant(tenant_id=self.tenant_baz['id'], | ||
2354 | 901 | user_id=self.user_foo['id'], | ||
2355 | 902 | role_id=roleref_ref.id) | ||
2356 | 903 | |||
2357 | 904 | role_refs = client.roles.get_user_role_refs( | ||
2358 | 905 | user_id=self.user_foo['id']) | ||
2359 | 906 | self.assert_(self.tenant_baz['id'] not in | ||
2360 | 907 | [x.tenantId for x in role_refs]) | ||
2361 | 908 | |||
2362 | 909 | def test_roles_get_by_user(self): | ||
2363 | 910 | raise nose.exc.SkipTest('Keystoneclient Essex 3 tests disabled.') | ||
2364 | 911 | client = self.get_client(admin=True) | ||
2365 | 912 | roles = client.roles.get_user_role_refs(user_id='foo') | ||
2366 | 913 | self.assertTrue(len(roles) > 0) | ||
2367 | 914 | |||
2368 | 915 | def test_role_list_404(self): | ||
2369 | 916 | raise nose.exc.SkipTest('N/A') | ||
2370 | 917 | |||
2371 | 918 | def test_authenticate_and_delete_token(self): | ||
2372 | 919 | raise nose.exc.SkipTest('N/A') | ||
2373 | 920 | |||
2374 | 921 | def test_user_create_update_delete(self): | ||
2375 | 922 | raise nose.exc.SkipTest('Keystoneclient Essex 3 tests disabled.') | ||
2376 | 923 | from keystoneclient import exceptions as client_exceptions | ||
2377 | 924 | |||
2378 | 925 | test_username = 'new_user' | ||
2379 | 926 | client = self.get_client(admin=True) | ||
2380 | 927 | user = client.users.create(name=test_username, | ||
2381 | 928 | password='password', | ||
2382 | 929 | email='user1@test.com') | ||
2383 | 930 | self.assertEquals(user.name, test_username) | ||
2384 | 931 | |||
2385 | 932 | user = client.users.get(user=user.id) | ||
2386 | 933 | self.assertEquals(user.name, test_username) | ||
2387 | 934 | |||
2388 | 935 | user = client.users.update_email(user=user, email='user2@test.com') | ||
2389 | 936 | self.assertEquals(user.email, 'user2@test.com') | ||
2390 | 937 | |||
2391 | 938 | # NOTE(termie): update_enabled doesn't return anything, probably a bug | ||
2392 | 939 | client.users.update_enabled(user=user, enabled=False) | ||
2393 | 940 | user = client.users.get(user.id) | ||
2394 | 941 | self.assertFalse(user.enabled) | ||
2395 | 942 | |||
2396 | 943 | self.assertRaises(client_exceptions.Unauthorized, | ||
2397 | 944 | self._client, | ||
2398 | 945 | username=test_username, | ||
2399 | 946 | password='password') | ||
2400 | 947 | client.users.update_enabled(user, True) | ||
2401 | 948 | |||
2402 | 949 | user = client.users.update_password(user=user, password='password2') | ||
2403 | 950 | |||
2404 | 951 | self._client(username=test_username, | ||
2405 | 952 | password='password2') | ||
2406 | 953 | |||
2407 | 954 | user = client.users.update_tenant(user=user, tenant='bar') | ||
2408 | 955 | # TODO(ja): once keystonelight supports default tenant | ||
2409 | 956 | # when you login without specifying tenant, the | ||
2410 | 957 | # token should be scoped to tenant 'bar' | ||
2411 | 958 | |||
2412 | 959 | client.users.delete(user.id) | ||
2413 | 960 | self.assertRaises(client_exceptions.NotFound, client.users.get, | ||
2414 | 961 | user.id) | ||
2415 | 962 | |||
2416 | 963 | def test_user_update_404(self): | ||
2417 | 964 | raise nose.exc.SkipTest('N/A') | ||
2418 | 965 | |||
2419 | 966 | def test_endpoint_create_404(self): | ||
2420 | 967 | raise nose.exc.SkipTest('N/A') | ||
2421 | 968 | |||
2422 | 969 | def test_endpoint_delete_404(self): | ||
2423 | 970 | raise nose.exc.SkipTest('N/A') | ||
2424 | 971 | 0 | ||
2425 | === removed directory '.pc/keystone-CVE-2012-5571.patch' | |||
2426 | === removed directory '.pc/keystone-CVE-2012-5571.patch/keystone' | |||
2427 | === removed directory '.pc/keystone-CVE-2012-5571.patch/keystone/contrib' | |||
2428 | === removed directory '.pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2' | |||
2429 | === removed file '.pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2/core.py' | |||
2430 | --- .pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2/core.py 2012-11-26 14:07:34 +0000 | |||
2431 | +++ .pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2/core.py 1970-01-01 00:00:00 +0000 | |||
2432 | @@ -1,347 +0,0 @@ | |||
2433 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
2434 | 2 | |||
2435 | 3 | # Copyright 2012 OpenStack LLC | ||
2436 | 4 | # | ||
2437 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
2438 | 6 | # not use this file except in compliance with the License. You may obtain | ||
2439 | 7 | # a copy of the License at | ||
2440 | 8 | # | ||
2441 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
2442 | 10 | # | ||
2443 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
2444 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
2445 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
2446 | 14 | # License for the specific language governing permissions and limitations | ||
2447 | 15 | # under the License. | ||
2448 | 16 | |||
2449 | 17 | """Main entry point into the EC2 Credentials service. | ||
2450 | 18 | |||
2451 | 19 | This service allows the creation of access/secret credentials used for | ||
2452 | 20 | the ec2 interop layer of OpenStack. | ||
2453 | 21 | |||
2454 | 22 | A user can create as many access/secret pairs, each of which map to a | ||
2455 | 23 | specific tenant. This is required because OpenStack supports a user | ||
2456 | 24 | belonging to multiple tenants, whereas the signatures created on ec2-style | ||
2457 | 25 | requests don't allow specification of which tenant the user wishs to act | ||
2458 | 26 | upon. | ||
2459 | 27 | |||
2460 | 28 | To complete the cycle, we provide a method that OpenStack services can | ||
2461 | 29 | use to validate a signature and get a corresponding openstack token. This | ||
2462 | 30 | token allows method calls to other services within the context the | ||
2463 | 31 | access/secret was created. As an example, nova requests keystone to validate | ||
2464 | 32 | the signature of a request, receives a token, and then makes a request to | ||
2465 | 33 | glance to list images needed to perform the requested task. | ||
2466 | 34 | |||
2467 | 35 | """ | ||
2468 | 36 | |||
2469 | 37 | import uuid | ||
2470 | 38 | |||
2471 | 39 | from keystone import catalog | ||
2472 | 40 | from keystone import config | ||
2473 | 41 | from keystone import exception | ||
2474 | 42 | from keystone import identity | ||
2475 | 43 | from keystone import policy | ||
2476 | 44 | from keystone import service | ||
2477 | 45 | from keystone import token | ||
2478 | 46 | from keystone.common import manager | ||
2479 | 47 | from keystone.common import utils | ||
2480 | 48 | from keystone.common import wsgi | ||
2481 | 49 | |||
2482 | 50 | |||
2483 | 51 | CONF = config.CONF | ||
2484 | 52 | |||
2485 | 53 | |||
2486 | 54 | class Manager(manager.Manager): | ||
2487 | 55 | """Default pivot point for the EC2 Credentials backend. | ||
2488 | 56 | |||
2489 | 57 | See :mod:`keystone.common.manager.Manager` for more details on how this | ||
2490 | 58 | dynamically calls the backend. | ||
2491 | 59 | |||
2492 | 60 | """ | ||
2493 | 61 | |||
2494 | 62 | def __init__(self): | ||
2495 | 63 | super(Manager, self).__init__(CONF.ec2.driver) | ||
2496 | 64 | |||
2497 | 65 | |||
2498 | 66 | class Ec2Extension(wsgi.ExtensionRouter): | ||
2499 | 67 | def add_routes(self, mapper): | ||
2500 | 68 | ec2_controller = Ec2Controller() | ||
2501 | 69 | # validation | ||
2502 | 70 | mapper.connect('/ec2tokens', | ||
2503 | 71 | controller=ec2_controller, | ||
2504 | 72 | action='authenticate', | ||
2505 | 73 | conditions=dict(method=['POST'])) | ||
2506 | 74 | |||
2507 | 75 | # crud | ||
2508 | 76 | mapper.connect('/users/{user_id}/credentials/OS-EC2', | ||
2509 | 77 | controller=ec2_controller, | ||
2510 | 78 | action='create_credential', | ||
2511 | 79 | conditions=dict(method=['POST'])) | ||
2512 | 80 | mapper.connect('/users/{user_id}/credentials/OS-EC2', | ||
2513 | 81 | controller=ec2_controller, | ||
2514 | 82 | action='get_credentials', | ||
2515 | 83 | conditions=dict(method=['GET'])) | ||
2516 | 84 | mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}', | ||
2517 | 85 | controller=ec2_controller, | ||
2518 | 86 | action='get_credential', | ||
2519 | 87 | conditions=dict(method=['GET'])) | ||
2520 | 88 | mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}', | ||
2521 | 89 | controller=ec2_controller, | ||
2522 | 90 | action='delete_credential', | ||
2523 | 91 | conditions=dict(method=['DELETE'])) | ||
2524 | 92 | |||
2525 | 93 | |||
2526 | 94 | class Ec2Controller(wsgi.Application): | ||
2527 | 95 | def __init__(self): | ||
2528 | 96 | self.catalog_api = catalog.Manager() | ||
2529 | 97 | self.identity_api = identity.Manager() | ||
2530 | 98 | self.token_api = token.Manager() | ||
2531 | 99 | self.policy_api = policy.Manager() | ||
2532 | 100 | self.ec2_api = Manager() | ||
2533 | 101 | super(Ec2Controller, self).__init__() | ||
2534 | 102 | |||
2535 | 103 | def check_signature(self, creds_ref, credentials): | ||
2536 | 104 | signer = utils.Ec2Signer(creds_ref['secret']) | ||
2537 | 105 | signature = signer.generate(credentials) | ||
2538 | 106 | if utils.auth_str_equal(credentials['signature'], signature): | ||
2539 | 107 | return | ||
2540 | 108 | # NOTE(vish): Some libraries don't use the port when signing | ||
2541 | 109 | # requests, so try again without port. | ||
2542 | 110 | elif ':' in credentials['signature']: | ||
2543 | 111 | hostname, _port = credentials['host'].split(':') | ||
2544 | 112 | credentials['host'] = hostname | ||
2545 | 113 | signature = signer.generate(credentials) | ||
2546 | 114 | if not utils.auth_str_equal(credentials.signature, signature): | ||
2547 | 115 | raise exception.Unauthorized(message='Invalid EC2 signature.') | ||
2548 | 116 | else: | ||
2549 | 117 | raise exception.Unauthorized(message='EC2 signature not supplied.') | ||
2550 | 118 | |||
2551 | 119 | def authenticate(self, context, credentials=None, | ||
2552 | 120 | ec2Credentials=None): | ||
2553 | 121 | """Validate a signed EC2 request and provide a token. | ||
2554 | 122 | |||
2555 | 123 | Other services (such as Nova) use this **admin** call to determine | ||
2556 | 124 | if a request they signed received is from a valid user. | ||
2557 | 125 | |||
2558 | 126 | If it is a valid signature, an openstack token that maps | ||
2559 | 127 | to the user/tenant is returned to the caller, along with | ||
2560 | 128 | all the other details returned from a normal token validation | ||
2561 | 129 | call. | ||
2562 | 130 | |||
2563 | 131 | The returned token is useful for making calls to other | ||
2564 | 132 | OpenStack services within the context of the request. | ||
2565 | 133 | |||
2566 | 134 | :param context: standard context | ||
2567 | 135 | :param credentials: dict of ec2 signature | ||
2568 | 136 | :param ec2Credentials: DEPRECATED dict of ec2 signature | ||
2569 | 137 | :returns: token: openstack token equivalent to access key along | ||
2570 | 138 | with the corresponding service catalog and roles | ||
2571 | 139 | """ | ||
2572 | 140 | |||
2573 | 141 | # FIXME(ja): validate that a service token was used! | ||
2574 | 142 | |||
2575 | 143 | # NOTE(termie): backwards compat hack | ||
2576 | 144 | if not credentials and ec2Credentials: | ||
2577 | 145 | credentials = ec2Credentials | ||
2578 | 146 | |||
2579 | 147 | if not 'access' in credentials: | ||
2580 | 148 | raise exception.Unauthorized(message='EC2 signature not supplied.') | ||
2581 | 149 | |||
2582 | 150 | creds_ref = self._get_credentials(context, | ||
2583 | 151 | credentials['access']) | ||
2584 | 152 | self.check_signature(creds_ref, credentials) | ||
2585 | 153 | |||
2586 | 154 | # TODO(termie): don't create new tokens every time | ||
2587 | 155 | # TODO(termie): this is copied from TokenController.authenticate | ||
2588 | 156 | token_id = uuid.uuid4().hex | ||
2589 | 157 | tenant_ref = self.identity_api.get_tenant( | ||
2590 | 158 | context=context, | ||
2591 | 159 | tenant_id=creds_ref['tenant_id']) | ||
2592 | 160 | user_ref = self.identity_api.get_user( | ||
2593 | 161 | context=context, | ||
2594 | 162 | user_id=creds_ref['user_id']) | ||
2595 | 163 | metadata_ref = self.identity_api.get_metadata( | ||
2596 | 164 | context=context, | ||
2597 | 165 | user_id=user_ref['id'], | ||
2598 | 166 | tenant_id=tenant_ref['id']) | ||
2599 | 167 | catalog_ref = self.catalog_api.get_catalog( | ||
2600 | 168 | context=context, | ||
2601 | 169 | user_id=user_ref['id'], | ||
2602 | 170 | tenant_id=tenant_ref['id'], | ||
2603 | 171 | metadata=metadata_ref) | ||
2604 | 172 | |||
2605 | 173 | token_ref = self.token_api.create_token( | ||
2606 | 174 | context, token_id, dict(id=token_id, | ||
2607 | 175 | user=user_ref, | ||
2608 | 176 | tenant=tenant_ref, | ||
2609 | 177 | metadata=metadata_ref)) | ||
2610 | 178 | |||
2611 | 179 | # TODO(termie): optimize this call at some point and put it into the | ||
2612 | 180 | # the return for metadata | ||
2613 | 181 | # fill out the roles in the metadata | ||
2614 | 182 | roles_ref = [] | ||
2615 | 183 | for role_id in metadata_ref.get('roles', []): | ||
2616 | 184 | roles_ref.append(self.identity_api.get_role(context, role_id)) | ||
2617 | 185 | |||
2618 | 186 | # TODO(termie): make this a util function or something | ||
2619 | 187 | # TODO(termie): i don't think the ec2 middleware currently expects a | ||
2620 | 188 | # full return, but it contains a note saying that it | ||
2621 | 189 | # would be better to expect a full return | ||
2622 | 190 | token_controller = service.TokenController() | ||
2623 | 191 | return token_controller._format_authenticate( | ||
2624 | 192 | token_ref, roles_ref, catalog_ref) | ||
2625 | 193 | |||
2626 | 194 | def create_credential(self, context, user_id, tenant_id): | ||
2627 | 195 | """Create a secret/access pair for use with ec2 style auth. | ||
2628 | 196 | |||
2629 | 197 | Generates a new set of credentials that map the the user/tenant | ||
2630 | 198 | pair. | ||
2631 | 199 | |||
2632 | 200 | :param context: standard context | ||
2633 | 201 | :param user_id: id of user | ||
2634 | 202 | :param tenant_id: id of tenant | ||
2635 | 203 | :returns: credential: dict of ec2 credential | ||
2636 | 204 | """ | ||
2637 | 205 | if not self._is_admin(context): | ||
2638 | 206 | self._assert_identity(context, user_id) | ||
2639 | 207 | |||
2640 | 208 | self._assert_valid_user_id(context, user_id) | ||
2641 | 209 | self._assert_valid_tenant_id(context, tenant_id) | ||
2642 | 210 | |||
2643 | 211 | cred_ref = {'user_id': user_id, | ||
2644 | 212 | 'tenant_id': tenant_id, | ||
2645 | 213 | 'access': uuid.uuid4().hex, | ||
2646 | 214 | 'secret': uuid.uuid4().hex} | ||
2647 | 215 | self.ec2_api.create_credential(context, cred_ref['access'], cred_ref) | ||
2648 | 216 | return {'credential': cred_ref} | ||
2649 | 217 | |||
2650 | 218 | def get_credentials(self, context, user_id): | ||
2651 | 219 | """List all credentials for a user. | ||
2652 | 220 | |||
2653 | 221 | :param context: standard context | ||
2654 | 222 | :param user_id: id of user | ||
2655 | 223 | :returns: credentials: list of ec2 credential dicts | ||
2656 | 224 | """ | ||
2657 | 225 | if not self._is_admin(context): | ||
2658 | 226 | self._assert_identity(context, user_id) | ||
2659 | 227 | self._assert_valid_user_id(context, user_id) | ||
2660 | 228 | return {'credentials': self.ec2_api.list_credentials(context, user_id)} | ||
2661 | 229 | |||
2662 | 230 | def get_credential(self, context, user_id, credential_id): | ||
2663 | 231 | """Retreive a user's access/secret pair by the access key. | ||
2664 | 232 | |||
2665 | 233 | Grab the full access/secret pair for a given access key. | ||
2666 | 234 | |||
2667 | 235 | :param context: standard context | ||
2668 | 236 | :param user_id: id of user | ||
2669 | 237 | :param credential_id: access key for credentials | ||
2670 | 238 | :returns: credential: dict of ec2 credential | ||
2671 | 239 | """ | ||
2672 | 240 | if not self._is_admin(context): | ||
2673 | 241 | self._assert_identity(context, user_id) | ||
2674 | 242 | self._assert_valid_user_id(context, user_id) | ||
2675 | 243 | creds = self._get_credentials(context, credential_id) | ||
2676 | 244 | return {'credential': creds} | ||
2677 | 245 | |||
2678 | 246 | def delete_credential(self, context, user_id, credential_id): | ||
2679 | 247 | """Delete a user's access/secret pair. | ||
2680 | 248 | |||
2681 | 249 | Used to revoke a user's access/secret pair | ||
2682 | 250 | |||
2683 | 251 | :param context: standard context | ||
2684 | 252 | :param user_id: id of user | ||
2685 | 253 | :param credential_id: access key for credentials | ||
2686 | 254 | :returns: bool: success | ||
2687 | 255 | """ | ||
2688 | 256 | if not self._is_admin(context): | ||
2689 | 257 | self._assert_identity(context, user_id) | ||
2690 | 258 | self._assert_owner(context, user_id, credential_id) | ||
2691 | 259 | |||
2692 | 260 | self._assert_valid_user_id(context, user_id) | ||
2693 | 261 | self._get_credentials(context, credential_id) | ||
2694 | 262 | return self.ec2_api.delete_credential(context, credential_id) | ||
2695 | 263 | |||
2696 | 264 | def _get_credentials(self, context, credential_id): | ||
2697 | 265 | """Return credentials from an ID. | ||
2698 | 266 | |||
2699 | 267 | :param context: standard context | ||
2700 | 268 | :param credential_id: id of credential | ||
2701 | 269 | :raises exception.Unauthorized: when credential id is invalid | ||
2702 | 270 | :returns: credential: dict of ec2 credential. | ||
2703 | 271 | """ | ||
2704 | 272 | creds = self.ec2_api.get_credential(context, | ||
2705 | 273 | credential_id) | ||
2706 | 274 | if not creds: | ||
2707 | 275 | raise exception.Unauthorized(message='EC2 access key not found.') | ||
2708 | 276 | return creds | ||
2709 | 277 | |||
2710 | 278 | def _assert_identity(self, context, user_id): | ||
2711 | 279 | """Check that the provided token belongs to the user. | ||
2712 | 280 | |||
2713 | 281 | :param context: standard context | ||
2714 | 282 | :param user_id: id of user | ||
2715 | 283 | :raises exception.Forbidden: when token is invalid | ||
2716 | 284 | |||
2717 | 285 | """ | ||
2718 | 286 | try: | ||
2719 | 287 | token_ref = self.token_api.get_token(context=context, | ||
2720 | 288 | token_id=context['token_id']) | ||
2721 | 289 | except exception.TokenNotFound: | ||
2722 | 290 | raise exception.Unauthorized() | ||
2723 | 291 | token_user_id = token_ref['user'].get('id') | ||
2724 | 292 | if not token_user_id == user_id: | ||
2725 | 293 | raise exception.Forbidden() | ||
2726 | 294 | |||
2727 | 295 | def _is_admin(self, context): | ||
2728 | 296 | """Wrap admin assertion error return statement. | ||
2729 | 297 | |||
2730 | 298 | :param context: standard context | ||
2731 | 299 | :returns: bool: success | ||
2732 | 300 | |||
2733 | 301 | """ | ||
2734 | 302 | try: | ||
2735 | 303 | self.assert_admin(context) | ||
2736 | 304 | return True | ||
2737 | 305 | except exception.Forbidden: | ||
2738 | 306 | return False | ||
2739 | 307 | |||
2740 | 308 | def _assert_owner(self, context, user_id, credential_id): | ||
2741 | 309 | """Ensure the provided user owns the credential. | ||
2742 | 310 | |||
2743 | 311 | :param context: standard context | ||
2744 | 312 | :param user_id: expected credential owner | ||
2745 | 313 | :param credential_id: id of credential object | ||
2746 | 314 | :raises exception.Forbidden: on failure | ||
2747 | 315 | |||
2748 | 316 | """ | ||
2749 | 317 | cred_ref = self.ec2_api.get_credential(context, credential_id) | ||
2750 | 318 | if not user_id == cred_ref['user_id']: | ||
2751 | 319 | raise exception.Forbidden() | ||
2752 | 320 | |||
2753 | 321 | def _assert_valid_user_id(self, context, user_id): | ||
2754 | 322 | """Ensure a valid user id. | ||
2755 | 323 | |||
2756 | 324 | :param context: standard context | ||
2757 | 325 | :param user_id: expected credential owner | ||
2758 | 326 | :raises exception.UserNotFound: on failure | ||
2759 | 327 | |||
2760 | 328 | """ | ||
2761 | 329 | user_ref = self.identity_api.get_user( | ||
2762 | 330 | context=context, | ||
2763 | 331 | user_id=user_id) | ||
2764 | 332 | if not user_ref: | ||
2765 | 333 | raise exception.UserNotFound(user_id=user_id) | ||
2766 | 334 | |||
2767 | 335 | def _assert_valid_tenant_id(self, context, tenant_id): | ||
2768 | 336 | """Ensure a valid tenant id. | ||
2769 | 337 | |||
2770 | 338 | :param context: standard context | ||
2771 | 339 | :param user_id: expected credential owner | ||
2772 | 340 | :raises exception.UserNotFound: on failure | ||
2773 | 341 | |||
2774 | 342 | """ | ||
2775 | 343 | tenant_ref = self.identity_api.get_tenant( | ||
2776 | 344 | context=context, | ||
2777 | 345 | tenant_id=tenant_id) | ||
2778 | 346 | if not tenant_ref: | ||
2779 | 347 | raise exception.TenantNotFound(tenant_id=tenant_id) | ||
2780 | 348 | 0 | ||
2781 | === added file 'ChangeLog' | |||
2782 | --- ChangeLog 1970-01-01 00:00:00 +0000 | |||
2783 | +++ ChangeLog 2012-12-18 13:48:25 +0000 | |||
2784 | @@ -0,0 +1,29735 @@ | |||
2785 | 1 | commit c17a9992c8a94c7728bd762115874f125c0905b7 | ||
2786 | 2 | Merge: 025b1d5 8735009 | ||
2787 | 3 | Author: Jenkins <jenkins@review.openstack.org> | ||
2788 | 4 | Date: Thu Nov 22 19:41:20 2012 +0000 | ||
2789 | 5 | |||
2790 | 6 | Merge "Ensures User is member of tenant in ec2 validation" into stable/essex | ||
2791 | 7 | |||
2792 | 8 | commit 025b1d52e61fff4dff913fc58d0de81712b808b6 | ||
2793 | 9 | Author: Ionuț Arțăriși <iartarisi@suse.cz> | ||
2794 | 10 | Date: Wed Oct 31 14:32:04 2012 +0100 | ||
2795 | 11 | |||
2796 | 12 | pin sqlalchemy to 0.7 | ||
2797 | 13 | |||
2798 | 14 | sqlalchemy 0.8.0b1 breaks some dependencies such as sqlalchemy-migrate, pin the version until we fix them | ||
2799 | 15 | |||
2800 | 16 | Essex backport note: lower bound is not defined, Essex is known to work | ||
2801 | 17 | with older sqlalchemy versions e.g. precise has 0.7.4 | ||
2802 | 18 | |||
2803 | 19 | Fixes bug #1073569 | ||
2804 | 20 | |||
2805 | 21 | Change-Id: I6620276bf8f0a7cbc1d51aa226cd33c512e59a48 | ||
2806 | 22 | |||
2807 | 23 | tools/pip-requires | 4 ++-- | ||
2808 | 24 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
2809 | 25 | |||
2810 | 26 | commit 8735009dc5b895db265a1cd573f39f4acfca2a19 | ||
2811 | 27 | Author: Vishvananda Ishaya <vishvananda@gmail.com> | ||
2812 | 28 | Date: Tue Nov 13 15:49:19 2012 -0800 | ||
2813 | 29 | |||
2814 | 30 | Ensures User is member of tenant in ec2 validation | ||
2815 | 31 | |||
2816 | 32 | It is possible that a user is no longer a member of a tenant when | ||
2817 | 33 | they attempt to use an ec2 token. This checks to make sure that | ||
2818 | 34 | the user still has at least one valid role in the tenant before | ||
2819 | 35 | authenticating them. This should automatically work for the s3 | ||
2820 | 36 | version as well since it is a subclass. | ||
2821 | 37 | |||
2822 | 38 | Fixes bug 1064914 | ||
2823 | 39 | |||
2824 | 40 | Change-Id: Ieb237bae936a7b00ce7ba4d4c59aec6c7a69ec21 | ||
2825 | 41 | |||
2826 | 42 | keystone/contrib/ec2/core.py | 23 +++++++++++++---------- | ||
2827 | 43 | 1 file changed, 13 insertions(+), 10 deletions(-) | ||
2828 | 44 | |||
2829 | 45 | commit ddb40198c9323ff8dc82a44a72e456a7bfe736b8 | ||
2830 | 46 | Author: Mark McLoughlin <markmc@redhat.com> | ||
2831 | 47 | Date: Thu Oct 11 20:44:32 2012 +0100 | ||
2832 | 48 | |||
2833 | 49 | Open 2012.1.4 development | ||
2834 | 50 | |||
2835 | 51 | Bump version to 2012.1.4 to formally open development after the release | ||
2836 | 52 | of 2012.1.3. | ||
2837 | 53 | |||
2838 | 54 | See http://wiki.openstack.org/StableBranchRelease | ||
2839 | 55 | |||
2840 | 56 | Note - 2012.1.3 is expected to be the final official release of Essex. | ||
2841 | 57 | |||
2842 | 58 | Change-Id: I0de6fae1495deab60bd667e4653210b22b994b39 | ||
2843 | 59 | |||
2844 | 60 | setup.py | 2 +- | ||
2845 | 61 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
2846 | 62 | |||
2847 | 63 | commit 0e1f05e7a851f5fb72742e4d3e4978d76fe23b55 | ||
2848 | 64 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
2849 | 65 | Date: Tue Sep 25 19:04:50 2012 +0000 | ||
2850 | 66 | |||
2851 | 67 | utf-8 encode user keys in memcache (bug 1056373) | ||
2852 | 68 | |||
2853 | 69 | (cherry picked from commit 431e50a7851d2e7dbb212d02647faeb958ed21e8) | ||
2854 | 70 | |||
2855 | 71 | Change-Id: I026dd4282742213e69c7aa02e109439b07a73c8e | ||
2856 | 72 | |||
2857 | 73 | keystone/token/backends/memcache.py | 8 ++++++-- | ||
2858 | 74 | tests/test_backend_memcache.py | 14 +++++++++++++- | ||
2859 | 75 | 2 files changed, 19 insertions(+), 3 deletions(-) | ||
2860 | 76 | |||
2861 | 77 | commit 176ee9bce7557937710c8ec8086ff61cc751cf0f | ||
2862 | 78 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
2863 | 79 | Date: Thu Sep 13 11:59:11 2012 -0500 | ||
2864 | 80 | |||
2865 | 81 | Limit token revocation to tenant (bug 1050025) | ||
2866 | 82 | |||
2867 | 83 | Change-Id: I7ebe0192b4900ad9475119a6d582233b37b31fb4 | ||
2868 | 84 | |||
2869 | 85 | keystone/identity/core.py | 8 ++++---- | ||
2870 | 86 | keystone/token/backends/kvs.py | 15 ++++++++++----- | ||
2871 | 87 | keystone/token/backends/memcache.py | 11 ++++++++--- | ||
2872 | 88 | keystone/token/backends/sql.py | 7 ++++++- | ||
2873 | 89 | keystone/token/core.py | 16 +++++++++++----- | ||
2874 | 90 | tests/test_backend.py | 22 +++++++++++++++++++++- | ||
2875 | 91 | 6 files changed, 60 insertions(+), 19 deletions(-) | ||
2876 | 92 | |||
2877 | 93 | commit 58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e | ||
2878 | 94 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
2879 | 95 | Date: Fri Sep 7 14:55:31 2012 -0500 | ||
2880 | 96 | |||
2881 | 97 | Delete user tokens after role grant/revoke | ||
2882 | 98 | |||
2883 | 99 | Delete user tokens when a new role is granted or revoked, in order to | ||
2884 | 100 | prevent old tokens to continue to be valid for the original set of | ||
2885 | 101 | roles for the remainder of the token's lifespan. | ||
2886 | 102 | |||
2887 | 103 | Addresses CVE-2012-4413. | ||
2888 | 104 | Fixes bug 1041396. | ||
2889 | 105 | |||
2890 | 106 | Change-Id: Ib11b5b3a933c6000afe0c875c3f71f1f101bb202 | ||
2891 | 107 | |||
2892 | 108 | keystone/identity/core.py | 7 ++++++- | ||
2893 | 109 | keystone/token/core.py | 11 +++++++++++ | ||
2894 | 110 | tests/test_keystoneclient.py | 18 +++++++++--------- | ||
2895 | 111 | 3 files changed, 26 insertions(+), 10 deletions(-) | ||
2896 | 112 | |||
2897 | 113 | commit cd1e48a7d60497c528af6d311bd5048821dc1c07 | ||
2898 | 114 | Author: Adam Young <ayoung@redhat.com> | ||
2899 | 115 | Date: Thu Sep 6 11:54:04 2012 -0400 | ||
2900 | 116 | |||
2901 | 117 | List tokens for memcached backend | ||
2902 | 118 | |||
2903 | 119 | Creates and updates an index of tokens in a memcache entry keyed | ||
2904 | 120 | by the user id | ||
2905 | 121 | |||
2906 | 122 | Bug 1046905 | ||
2907 | 123 | |||
2908 | 124 | Change-Id: I114810297009331f491dc069d667f358092f1e34 | ||
2909 | 125 | |||
2910 | 126 | keystone/token/backends/memcache.py | 23 +++++++++++++++++++- | ||
2911 | 127 | tests/test_backend.py | 41 ++++++++++++++++++++++++++++++----- | ||
2912 | 128 | tests/test_backend_memcache.py | 17 ++++++++++++--- | ||
2913 | 129 | 3 files changed, 72 insertions(+), 9 deletions(-) | ||
2914 | 130 | |||
2915 | 131 | commit 5438d3b5a219d7c8fa67e66e538d325a61617155 | ||
2916 | 132 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
2917 | 133 | Date: Thu Aug 23 07:39:20 2012 -0500 | ||
2918 | 134 | |||
2919 | 135 | Require authz to update user's tenant (bug 1040626) | ||
2920 | 136 | |||
2921 | 137 | Change-Id: I82f80b84af2bc4db00b3dcb87a2ec338816a82e9 | ||
2922 | 138 | |||
2923 | 139 | keystone/identity/core.py | 1 + | ||
2924 | 140 | 1 file changed, 1 insertion(+) | ||
2925 | 141 | |||
2926 | 142 | commit a16a0ab997c3a406da2ccf0005534d5f9d81861f | ||
2927 | 143 | Merge: a130848 ff6df7c | ||
2928 | 144 | Author: Jenkins <jenkins@review.openstack.org> | ||
2929 | 145 | Date: Thu Aug 23 06:17:45 2012 +0000 | ||
2930 | 146 | |||
2931 | 147 | Merge "Returning roles from authenticate in ldap backend" into stable/essex | ||
2932 | 148 | |||
2933 | 149 | commit ff6df7cdbeaed6a8784955ba866332ec5f082ad5 | ||
2934 | 150 | Author: Ryan Lane <rlane@wikimedia.org> | ||
2935 | 151 | Date: Thu Jul 26 11:41:16 2012 -0700 | ||
2936 | 152 | |||
2937 | 153 | Returning roles from authenticate in ldap backend | ||
2938 | 154 | |||
2939 | 155 | Without this fix, the LDAP backend doesn't return | ||
2940 | 156 | roles during the authentication phase. | ||
2941 | 157 | |||
2942 | 158 | lp 1035428 | ||
2943 | 159 | |||
2944 | 160 | Change-Id: Ibd7e5a8f5475b56a4d3063c85ab634e4c0614e7e | ||
2945 | 161 | |||
2946 | 162 | AUTHORS | 1 + | ||
2947 | 163 | keystone/identity/backends/ldap/core.py | 24 +++++++++++++++--------- | ||
2948 | 164 | tests/test_backend.py | 10 ++++++++++ | ||
2949 | 165 | 3 files changed, 26 insertions(+), 9 deletions(-) | ||
2950 | 166 | |||
2951 | 167 | commit a130848c71f1bc65dcf98c085dee0c4796748faa | ||
2952 | 168 | Author: Adam Young <ayoung@redhat.com> | ||
2953 | 169 | Date: Thu Jul 26 15:30:39 2012 -0400 | ||
2954 | 170 | |||
2955 | 171 | Allow overloading of username and tenant name in the config files. | ||
2956 | 172 | |||
2957 | 173 | Includes documentation and sample config file values. | ||
2958 | 174 | |||
2959 | 175 | Bug 997700 | ||
2960 | 176 | |||
2961 | 177 | Patchset adds DocImpact flag for notifying doc team about these new | ||
2962 | 178 | config file values. | ||
2963 | 179 | |||
2964 | 180 | (cherry picked from commit 4f3dcb6c9b23867e6049f24c851b12904aee3b76) | ||
2965 | 181 | |||
2966 | 182 | Conflicts: | ||
2967 | 183 | |||
2968 | 184 | etc/keystone.conf.sample | ||
2969 | 185 | keystone/config.py | ||
2970 | 186 | |||
2971 | 187 | Change-Id: I94a162be07c224c705333804a53910833df96b8e | ||
2972 | 188 | |||
2973 | 189 | doc/source/configuration.rst | 13 +++++++++++++ | ||
2974 | 190 | keystone/config.py | 2 ++ | ||
2975 | 191 | keystone/identity/backends/ldap/core.py | 2 ++ | ||
2976 | 192 | 3 files changed, 17 insertions(+) | ||
2977 | 193 | |||
2978 | 194 | commit 359c426f3009b6088efc364c035d104b089eb37a | ||
2979 | 195 | Author: Mark McLoughlin <markmc@redhat.com> | ||
2980 | 196 | Date: Fri Aug 10 06:54:48 2012 +0100 | ||
2981 | 197 | |||
2982 | 198 | Open 2012.1.3 development | ||
2983 | 199 | |||
2984 | 200 | Bump version to 2012.1.3 to formally open development of the next | ||
2985 | 201 | Essex stable update release. | ||
2986 | 202 | |||
2987 | 203 | See http://wiki.openstack.org/StableBranchRelease | ||
2988 | 204 | |||
2989 | 205 | Change-Id: Ie3a82ed9b26d25a83b284d57e3d58ab6f4c31b30 | ||
2990 | 206 | |||
2991 | 207 | setup.py | 2 +- | ||
2992 | 208 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
2993 | 209 | |||
2994 | 210 | commit afc37aeb10638807c9839fcc6f403b34029662a5 | ||
2995 | 211 | Author: Mark McLoughlin <markmc@redhat.com> | ||
2996 | 212 | Date: Wed Aug 8 00:45:22 2012 +0100 | ||
2997 | 213 | |||
2998 | 214 | Open 2012.1.2 development | ||
2999 | 215 | |||
3000 | 216 | Bump version to 2012.1.2 to formally open development of the next | ||
3001 | 217 | Essex stable update release. | ||
3002 | 218 | |||
3003 | 219 | See http://wiki.openstack.org/StableBranchRelease | ||
3004 | 220 | |||
3005 | 221 | Change-Id: Id20de09f981f5389afbb9622ade9de7d4f3fd015 | ||
3006 | 222 | |||
3007 | 223 | setup.py | 2 +- | ||
3008 | 224 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
3009 | 225 | |||
3010 | 226 | commit f65604db7b504709fcb9aba2bcfd34a2aebffed3 | ||
3011 | 227 | Merge: 46b3722 5373601 | ||
3012 | 228 | Author: Jenkins <jenkins@review.openstack.org> | ||
3013 | 229 | Date: Tue Jul 31 10:31:57 2012 +0000 | ||
3014 | 230 | |||
3015 | 231 | Merge "Raise unauthorized if tenant disabled (bug 988920)" into stable/essex | ||
3016 | 232 | |||
3017 | 233 | commit 46b3722245283858017cf4df83e2e1ca2311211d | ||
3018 | 234 | Merge: d56a3fb 708c80e | ||
3019 | 235 | Author: Jenkins <jenkins@review.openstack.org> | ||
3020 | 236 | Date: Mon Jul 30 16:11:58 2012 +0000 | ||
3021 | 237 | |||
3022 | 238 | Merge "fix variable names to coincide with the ones in common.ldap" into stable/essex | ||
3023 | 239 | |||
3024 | 240 | commit 5373601bbdda10f879c08af1698852142b75f8d5 | ||
3025 | 241 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3026 | 242 | Date: Mon Jul 16 16:08:32 2012 -0500 | ||
3027 | 243 | |||
3028 | 244 | Raise unauthorized if tenant disabled (bug 988920) | ||
3029 | 245 | |||
3030 | 246 | If the client attempts to explicitly authenticate against a disabled | ||
3031 | 247 | tenant, keystone should return HTTP 401 Unauthorized. | ||
3032 | 248 | |||
3033 | 249 | Change-Id: I49fe56b6ef8d9f2fc6b9357472dae8964bb9cb9c | ||
3034 | 250 | |||
3035 | 251 | keystone/service.py | 11 ++++++++++ | ||
3036 | 252 | tests/test_keystoneclient.py | 47 ++++++++++++++++++++++++++++++++++++++++++ | ||
3037 | 253 | 2 files changed, 58 insertions(+) | ||
3038 | 254 | |||
3039 | 255 | commit d56a3fb026268e87bdd54b862be388d69d5a1266 | ||
3040 | 256 | Author: Dmitry Khovyakov <dkhovyakov@griddynamics.com> | ||
3041 | 257 | Date: Wed Jul 11 14:17:46 2012 +0300 | ||
3042 | 258 | |||
3043 | 259 | Import ec2 credentials from old keystone db | ||
3044 | 260 | |||
3045 | 261 | Fix bug #1016056 | ||
3046 | 262 | |||
3047 | 263 | Change-Id: Iebf31ccbdeff274b2c8f265911d3411963dd4844 | ||
3048 | 264 | |||
3049 | 265 | AUTHORS | 1 + | ||
3050 | 266 | keystone/common/sql/legacy.py | 19 +++++++++++++++++++ | ||
3051 | 267 | 2 files changed, 20 insertions(+) | ||
3052 | 268 | |||
3053 | 269 | commit 0b95c3cf66659a828de055b8d026c11e333cd8c8 | ||
3054 | 270 | Author: J. Daniel Schmidt <jdsn@suse.de> | ||
3055 | 271 | Date: Thu Jul 12 11:22:33 2012 +0200 | ||
3056 | 272 | |||
3057 | 273 | cleanup dependent data upon user/tenant deletion | ||
3058 | 274 | |||
3059 | 275 | fixes bug 974199 | ||
3060 | 276 | fixes bug 973243 | ||
3061 | 277 | |||
3062 | 278 | * upon deletion of tenant also delete user tenant relations | ||
3063 | 279 | * upon deletion of tenant or user also delete corresponding metadata | ||
3064 | 280 | * add foreign keys in metadata to ensure consistency | ||
3065 | 281 | |||
3066 | 282 | see also: https://bugs.launchpad.net/keystone/+bug/959294/comments/16 | ||
3067 | 283 | |||
3068 | 284 | Change-Id: I264714fe82b727e3e0f5273bcb781a580a3f3826 | ||
3069 | 285 | |||
3070 | 286 | AUTHORS | 1 + | ||
3071 | 287 | keystone/identity/backends/sql.py | 21 +++++++++++++++++++++ | ||
3072 | 288 | tests/test_backend_sql.py | 35 +++++++++++++++++++++++++++++++++++ | ||
3073 | 289 | 3 files changed, 57 insertions(+) | ||
3074 | 290 | |||
3075 | 291 | commit 708c80ea8e4ca1897b6815b559ad9437b36448ef | ||
3076 | 292 | Author: Ionuț Arțăriși <iartarisi@suse.cz> | ||
3077 | 293 | Date: Fri Jun 29 13:02:26 2012 +0200 | ||
3078 | 294 | |||
3079 | 295 | fix variable names to coincide with the ones in common.ldap | ||
3080 | 296 | |||
3081 | 297 | Change-Id: I148d8d9b0a67b8c45d06227829d0105935216c4d | ||
3082 | 298 | |||
3083 | 299 | keystone/identity/backends/ldap/core.py | 6 +++--- | ||
3084 | 300 | 1 file changed, 3 insertions(+), 3 deletions(-) | ||
3085 | 301 | |||
3086 | 302 | commit f1762e6d81be38fc6f9b3e12735a868896ce931d | ||
3087 | 303 | Merge: d111d54 14b136a | ||
3088 | 304 | Author: Jenkins <jenkins@review.openstack.org> | ||
3089 | 305 | Date: Thu Jul 5 16:04:40 2012 +0000 | ||
3090 | 306 | |||
3091 | 307 | Merge "Require authz for user role list (bug 1006815)" into stable/essex | ||
3092 | 308 | |||
3093 | 309 | commit d111d548767bfed1d2c892e7bb443155c166fdc5 | ||
3094 | 310 | Merge: 1428278 24df3ad | ||
3095 | 311 | Author: Jenkins <jenkins@review.openstack.org> | ||
3096 | 312 | Date: Thu Jul 5 15:43:54 2012 +0000 | ||
3097 | 313 | |||
3098 | 314 | Merge "Require authz for service CRUD (bug 1006822)" into stable/essex | ||
3099 | 315 | |||
3100 | 316 | commit 1428278b6202b7cb285f9e1bb278f894c05d31b0 | ||
3101 | 317 | Merge: d8dbdbc 707b725 | ||
3102 | 318 | Author: Jenkins <jenkins@review.openstack.org> | ||
3103 | 319 | Date: Thu Jun 28 14:16:31 2012 +0000 | ||
3104 | 320 | |||
3105 | 321 | Merge "Set defaultbranch in .gitreview to stable/essex" into stable/essex | ||
3106 | 322 | |||
3107 | 323 | commit d8dbdbced061fa4a4e42ec33c4b7e7752b0ebc04 | ||
3108 | 324 | Author: Rafael Durán Castañeda <rafadurancastaneda@gmail.com> | ||
3109 | 325 | Date: Tue Jun 19 20:35:43 2012 +0200 | ||
3110 | 326 | |||
3111 | 327 | Monkey patching 'thread'. | ||
3112 | 328 | |||
3113 | 329 | Fixes bug 1012381. | ||
3114 | 330 | |||
3115 | 331 | Change-Id: Icb7b2372df96d647fc6dcd4c4ebe72c8aa607f9d | ||
3116 | 332 | |||
3117 | 333 | AUTHORS | 1 + | ||
3118 | 334 | keystone/common/wsgi.py | 2 +- | ||
3119 | 335 | 2 files changed, 2 insertions(+), 1 deletion(-) | ||
3120 | 336 | |||
3121 | 337 | commit 14b136aed9d988f5a8f3e699bd4577c9b874d6c1 | ||
3122 | 338 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3123 | 339 | Date: Sun Jun 3 12:24:07 2012 -0500 | ||
3124 | 340 | |||
3125 | 341 | Require authz for user role list (bug 1006815) | ||
3126 | 342 | |||
3127 | 343 | Change-Id: I65f25dcca3e265f44746930917434b45e64de15e | ||
3128 | 344 | |||
3129 | 345 | keystone/identity/core.py | 1 + | ||
3130 | 346 | tests/test_content_types.py | 11 +++++++++++ | ||
3131 | 347 | 2 files changed, 12 insertions(+) | ||
3132 | 348 | |||
3133 | 349 | commit 24df3adb3f50cbb5ada411bc67aba8a781e6a431 | ||
3134 | 350 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3135 | 351 | Date: Sun Jun 3 11:00:54 2012 -0500 | ||
3136 | 352 | |||
3137 | 353 | Require authz for service CRUD (bug 1006822) | ||
3138 | 354 | |||
3139 | 355 | Change-Id: Ia90f0aa2b856b9a9874d4865fb92ee913e8125c5 | ||
3140 | 356 | |||
3141 | 357 | keystone/catalog/core.py | 7 +++++++ | ||
3142 | 358 | tests/test_content_types.py | 33 +++++++++++++++++++++++++++++++++ | ||
3143 | 359 | 2 files changed, 40 insertions(+) | ||
3144 | 360 | |||
3145 | 361 | commit 707b7259f9772e5f498990297c65b68116bdc3c1 | ||
3146 | 362 | Author: Mark McLoughlin <markmc@redhat.com> | ||
3147 | 363 | Date: Fri Jun 22 21:16:26 2012 +0100 | ||
3148 | 364 | |||
3149 | 365 | Set defaultbranch in .gitreview to stable/essex | ||
3150 | 366 | |||
3151 | 367 | This allows people run git-review without any arguments. | ||
3152 | 368 | |||
3153 | 369 | Change-Id: I3f1c7ce22cbe40ed34f084fd3dbc0941ba787bcf | ||
3154 | 370 | |||
3155 | 371 | .gitreview | 2 ++ | ||
3156 | 372 | 1 file changed, 2 insertions(+) | ||
3157 | 373 | |||
3158 | 374 | commit 29e74e73a6e51cffc0371b32354558391826a4aa | ||
3159 | 375 | Author: Derek Higgins <derekh@redhat.com> | ||
3160 | 376 | Date: Tue Jun 5 09:33:53 2012 +0100 | ||
3161 | 377 | |||
3162 | 378 | Carrying over token expiry time when token chaining | ||
3163 | 379 | |||
3164 | 380 | Fixes bug #998185 | ||
3165 | 381 | |||
3166 | 382 | This commit causes the token expiry time to be maintained when | ||
3167 | 383 | one token is being created from another | ||
3168 | 384 | |||
3169 | 385 | Change-Id: I7b61692a60d9227423b93c267864a5abe939ca33 | ||
3170 | 386 | |||
3171 | 387 | keystone/service.py | 3 ++- | ||
3172 | 388 | tests/test_keystoneclient.py | 12 ++++++++++++ | ||
3173 | 389 | 2 files changed, 14 insertions(+), 1 deletion(-) | ||
3174 | 390 | |||
3175 | 391 | commit 9a841f3ba93d5a0bd1f56cc897415258ed6cf877 | ||
3176 | 392 | Merge: 35d5ebd d960043 | ||
3177 | 393 | Author: Jenkins <jenkins@review.openstack.org> | ||
3178 | 394 | Date: Thu Jun 14 19:56:21 2012 +0000 | ||
3179 | 395 | |||
3180 | 396 | Merge "Invalidate user tokens when a user is disabled" into stable/essex | ||
3181 | 397 | |||
3182 | 398 | commit 35d5ebd54e02e4b79515e882506f0a518548d273 | ||
3183 | 399 | Merge: 9695b86 ea03d05 | ||
3184 | 400 | Author: Jenkins <jenkins@review.openstack.org> | ||
3185 | 401 | Date: Thu Jun 14 16:58:30 2012 +0000 | ||
3186 | 402 | |||
3187 | 403 | Merge "Invalidate user tokens when password is changed" into stable/essex | ||
3188 | 404 | |||
3189 | 405 | commit 9695b8681801f3624b8f40dc06797aa171b5f30d | ||
3190 | 406 | Merge: 0dcfe7e f70505c | ||
3191 | 407 | Author: Jenkins <jenkins@review.openstack.org> | ||
3192 | 408 | Date: Thu Jun 14 16:15:39 2012 +0000 | ||
3193 | 409 | |||
3194 | 410 | Merge "Fix expired token tests" into stable/essex | ||
3195 | 411 | |||
3196 | 412 | commit 0dcfe7ec2df5a45271847914997cbba92fdda330 | ||
3197 | 413 | Merge: 18513c3 4265499 | ||
3198 | 414 | Author: Jenkins <jenkins@review.openstack.org> | ||
3199 | 415 | Date: Thu Jun 14 15:42:01 2012 +0000 | ||
3200 | 416 | |||
3201 | 417 | Merge "Corrects url conversion in export_legacy_catalog" into stable/essex | ||
3202 | 418 | |||
3203 | 419 | commit d9600434da14976463a0bd03abd8e0309f0db454 | ||
3204 | 420 | Author: Derek Higgins <derekh@redhat.com> | ||
3205 | 421 | Date: Fri May 11 13:42:43 2012 +0100 | ||
3206 | 422 | |||
3207 | 423 | Invalidate user tokens when a user is disabled | ||
3208 | 424 | |||
3209 | 425 | Fixes Bug 997194 | ||
3210 | 426 | |||
3211 | 427 | Delete valid tokens for a user when they have been disabled | ||
3212 | 428 | |||
3213 | 429 | Moved logic to delete tokens into update_user, as this can be called | ||
3214 | 430 | directly form the REST API. | ||
3215 | 431 | |||
3216 | 432 | Also checks if a user is enabled when creating a token from another | ||
3217 | 433 | token, this helps in cases there the backend didn't support listing of | ||
3218 | 434 | tokens (and as a result weren't deleted) | ||
3219 | 435 | |||
3220 | 436 | Change-Id: Ib5ed73a7873bfa66ef31bf6d0f0322f50e677688 | ||
3221 | 437 | |||
3222 | 438 | keystone/identity/core.py | 22 ++++++++++++---------- | ||
3223 | 439 | keystone/service.py | 14 +++++++++++++- | ||
3224 | 440 | tests/test_keystoneclient.py | 21 +++++++++++++++++++-- | ||
3225 | 441 | 3 files changed, 44 insertions(+), 13 deletions(-) | ||
3226 | 442 | |||
3227 | 443 | commit ea03d05ed5de0c015042876100d37a6a14bf56de | ||
3228 | 444 | Author: Derek Higgins <derekh@redhat.com> | ||
3229 | 445 | Date: Wed May 9 15:55:46 2012 +0100 | ||
3230 | 446 | |||
3231 | 447 | Invalidate user tokens when password is changed | ||
3232 | 448 | |||
3233 | 449 | Fixes bug 996595 | ||
3234 | 450 | |||
3235 | 451 | This commit will cause all valid tokens to be deleted for a user | ||
3236 | 452 | who's password is changed (implemented for the sql and kvs backends) | ||
3237 | 453 | |||
3238 | 454 | Change-Id: I6ad7da8957b7041983a3fc91d9ba9368667d06ac | ||
3239 | 455 | |||
3240 | 456 | AUTHORS | 1 + | ||
3241 | 457 | keystone/identity/core.py | 14 +++++++++++++- | ||
3242 | 458 | keystone/token/backends/kvs.py | 15 +++++++++++++++ | ||
3243 | 459 | keystone/token/backends/sql.py | 14 ++++++++++++++ | ||
3244 | 460 | keystone/token/core.py | 10 ++++++++++ | ||
3245 | 461 | tests/test_keystoneclient.py | 23 +++++++++++++++++++++++ | ||
3246 | 462 | 6 files changed, 76 insertions(+), 1 deletion(-) | ||
3247 | 463 | |||
3248 | 464 | commit 18513c36e63ee2da417f1125cfa05ea9d525b6ee | ||
3249 | 465 | Author: Mark McLoughlin <markmc@redhat.com> | ||
3250 | 466 | Date: Thu Jun 14 10:59:33 2012 +0100 | ||
3251 | 467 | |||
3252 | 468 | Open 2012.1.1 development | ||
3253 | 469 | |||
3254 | 470 | Bump version to 2012.1.1 to formally open development of the next | ||
3255 | 471 | Essex stable update release. | ||
3256 | 472 | |||
3257 | 473 | See http://wiki.openstack.org/StableBranchRelease | ||
3258 | 474 | |||
3259 | 475 | Change-Id: I845e8abca87751bbe4ebfa9414add247f2afdc1f | ||
3260 | 476 | |||
3261 | 477 | setup.py | 2 +- | ||
3262 | 478 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
3263 | 479 | |||
3264 | 480 | commit f70505ced12ae7319dedaf75bedb964c7469c6dd | ||
3265 | 481 | Author: Mark McLoughlin <markmc@redhat.com> | ||
3266 | 482 | Date: Tue Apr 10 13:35:30 2012 +0100 | ||
3267 | 483 | |||
3268 | 484 | Fix expired token tests | ||
3269 | 485 | |||
3270 | 486 | Fixes bug #983800 | ||
3271 | 487 | |||
3272 | 488 | The expiration timestamps are expressed in UTC time, so ensure: | ||
3273 | 489 | |||
3274 | 490 | 1) The timestamp of the token created by the test is UTC time (i.e. | ||
3275 | 491 | utcnow() vs now()) | ||
3276 | 492 | |||
3277 | 493 | 2) The expiration check in the dummy memcache client properly | ||
3278 | 494 | accounts for UTC (i.e. utctimetuple() vs timetuple()) | ||
3279 | 495 | |||
3280 | 496 | Change-Id: Ie7356456f79ab5a8070a79771bb7d210b1cedd47 | ||
3281 | 497 | |||
3282 | 498 | tests/test_backend.py | 2 +- | ||
3283 | 499 | tests/test_backend_memcache.py | 2 +- | ||
3284 | 500 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
3285 | 501 | |||
3286 | 502 | commit aa7e7b96e7bd05819c899906091b9121385dc125 | ||
3287 | 503 | Author: Dan Prince <dprince@redhat.com> | ||
3288 | 504 | Date: Wed Apr 11 10:57:56 2012 -0400 | ||
3289 | 505 | |||
3290 | 506 | Add ChangeLog to tarball. | ||
3291 | 507 | |||
3292 | 508 | Fixes LP Bug #978981. | ||
3293 | 509 | |||
3294 | 510 | Change-Id: I5b98df88673422cfc39c471fd77eecd77fa0cf2c | ||
3295 | 511 | |||
3296 | 512 | MANIFEST.in | 1 + | ||
3297 | 513 | 1 file changed, 1 insertion(+) | ||
3298 | 514 | |||
3299 | 515 | commit d0a73669369d86ff4c7b9de715fa4eec9bc58b59 | ||
3300 | 516 | Author: Adam Gandelman <adamg@canonical.com> | ||
3301 | 517 | Date: Mon Jun 11 10:35:16 2012 -0700 | ||
3302 | 518 | |||
3303 | 519 | Flush tenant membership deletion before user | ||
3304 | 520 | |||
3305 | 521 | Ensure user tenant membership is *actually* removed before deleting | ||
3306 | 522 | user. | ||
3307 | 523 | |||
3308 | 524 | Applied to 'stable/essex', originally committed to trunk via | ||
3309 | 525 | https://review.openstack.org/#/c/7353/ | ||
3310 | 526 | |||
3311 | 527 | Fixes bug 998137. | ||
3312 | 528 | |||
3313 | 529 | Change-Id: Ib52970d68f288b8742c3e060c7040838a1c738c2 | ||
3314 | 530 | |||
3315 | 531 | keystone/identity/backends/sql.py | 1 + | ||
3316 | 532 | 1 file changed, 1 insertion(+) | ||
3317 | 533 | |||
3318 | 534 | commit 426549934e323a9bc435b9ec58163e88f5e74a32 | ||
3319 | 535 | Author: Sam Morrison <sorrison@gmail.com> | ||
3320 | 536 | Date: Mon May 7 09:09:57 2012 +1000 | ||
3321 | 537 | |||
3322 | 538 | Corrects url conversion in export_legacy_catalog | ||
3323 | 539 | |||
3324 | 540 | Fixes bug 994936 | ||
3325 | 541 | |||
3326 | 542 | Change-Id: Ia63fdae7d0bcd7f8b0b587da588404765e22fb8f | ||
3327 | 543 | |||
3328 | 544 | AUTHORS | 1 + | ||
3329 | 545 | keystone/common/sql/legacy.py | 2 +- | ||
3330 | 546 | tests/test_import_legacy.py | 2 +- | ||
3331 | 547 | 3 files changed, 3 insertions(+), 2 deletions(-) | ||
3332 | 548 | |||
3333 | 549 | commit 7715d6cd72477af83d95563b69a5f0273bdb719b | ||
3334 | 550 | Author: Alan Pevec <apevec@redhat.com> | ||
3335 | 551 | Date: Mon Jun 11 20:19:50 2012 +0200 | ||
3336 | 552 | |||
3337 | 553 | Fix test env for the stable branch | ||
3338 | 554 | |||
3339 | 555 | Need both changes in one commit to pass the gate! | ||
3340 | 556 | |||
3341 | 557 | * Nail pep8 dependencies to 1.0.1. | ||
3342 | 558 | |||
3343 | 559 | Nails the pep8 deps for tox and test-requires to 1.0.1. | ||
3344 | 560 | Fixes an issues causing pep8 failures due to a new pep8 release. | ||
3345 | 561 | |||
3346 | 562 | (cherry picked from Nova stable) | ||
3347 | 563 | |||
3348 | 564 | * Switch to 1000 rounds during unit tests | ||
3349 | 565 | |||
3350 | 566 | Fixes bug 992918 | ||
3351 | 567 | |||
3352 | 568 | passlib 1.6 introduced a minimum number of rounds for sha512_crypt. As | ||
3353 | 569 | a result, increase the rounds used during testing to the minimum | ||
3354 | 570 | |||
3355 | 571 | Change-Id: Ic0c635e92b4f13180a047904a6efa490ab599012 | ||
3356 | 572 | |||
3357 | 573 | tests/test_overrides.conf | 2 +- | ||
3358 | 574 | tools/test-requires | 2 +- | ||
3359 | 575 | tox.ini | 2 +- | ||
3360 | 576 | 3 files changed, 3 insertions(+), 3 deletions(-) | ||
3361 | 577 | |||
3362 | 578 | commit aff45d69a73033241531f5e3542a8d1782ddd859 | ||
3363 | 579 | Author: Mark McLoughlin <markmc@redhat.com> | ||
3364 | 580 | Date: Fri Mar 30 12:17:48 2012 +0100 | ||
3365 | 581 | |||
3366 | 582 | Make import_nova_auth only create roles which don't already exist | ||
3367 | 583 | |||
3368 | 584 | Fixes bug #969088 | ||
3369 | 585 | |||
3370 | 586 | If a role already exists, there's no particular need for import_nova_auth | ||
3371 | 587 | to barf. Instead, we should just use the existing role. | ||
3372 | 588 | |||
3373 | 589 | Change-Id: I18ae38af62b4c2b2423e20e436611fc30f844ae1 | ||
3374 | 590 | |||
3375 | 591 | keystone/common/sql/nova.py | 5 ++++- | ||
3376 | 592 | tests/test_migrate_nova_auth.py | 9 +++++++++ | ||
3377 | 593 | 2 files changed, 13 insertions(+), 1 deletion(-) | ||
3378 | 594 | |||
3379 | 595 | commit 7d08d12cea96910145f05499ba7d124603d7c4f6 | ||
3380 | 596 | Author: Adam Gandelman <adamg@canonical.com> | ||
3381 | 597 | Date: Mon Apr 2 14:21:43 2012 -0700 | ||
3382 | 598 | |||
3383 | 599 | Remove tenant membership during user deletion | ||
3384 | 600 | |||
3385 | 601 | Remove users' tenant membership on user deletion. Resolves a FK constraint | ||
3386 | 602 | issue that previously went unnoticed due to testing against database | ||
3387 | 603 | configurations that do not support FK constraints (MyISAM). | ||
3388 | 604 | |||
3389 | 605 | Fixes LP bug 959294. | ||
3390 | 606 | |||
3391 | 607 | Update: * Move tenant membership cleanup to the sql identity backend | ||
3392 | 608 | * Add a test case to test_backend_sql | ||
3393 | 609 | |||
3394 | 610 | Change-Id: Ib4f5da03033f7886b36d1ab3b8b4ac37f08b2e0e | ||
3395 | 611 | |||
3396 | 612 | keystone/identity/backends/sql.py | 8 ++++++++ | ||
3397 | 613 | tests/test_backend_sql.py | 11 +++++++++++ | ||
3398 | 614 | 2 files changed, 19 insertions(+) | ||
3399 | 615 | |||
3400 | 616 | commit aa542c420aa283968a0154a29038ec0bb1be9326 | ||
3401 | 617 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
3402 | 618 | Date: Mon Apr 2 17:15:47 2012 +0200 | ||
3403 | 619 | |||
3404 | 620 | Add a _ at the end of reseller_prefix default. | ||
3405 | 621 | |||
3406 | 622 | - Fixes bug 971592. | ||
3407 | 623 | |||
3408 | 624 | Change-Id: Ic9edb2b8b0043413e4ec16de9c669646ae4230a6 | ||
3409 | 625 | |||
3410 | 626 | keystone/middleware/swift_auth.py | 11 ++++++++++- | ||
3411 | 627 | 1 file changed, 10 insertions(+), 1 deletion(-) | ||
3412 | 628 | |||
3413 | 629 | commit 0a0513d9fb1b84d5b998ff47088aee7f121dc794 | ||
3414 | 630 | Merge: a05daf5 89e8dc0 | ||
3415 | 631 | Author: Jenkins <jenkins@review.openstack.org> | ||
3416 | 632 | Date: Tue Apr 3 19:39:43 2012 +0000 | ||
3417 | 633 | |||
3418 | 634 | Merge "Add support to swift_auth for tokenless authz" into milestone-proposed | ||
3419 | 635 | |||
3420 | 636 | commit a05daf5f53fbf0084e0f19ed4a8b686ff60bcb90 | ||
3421 | 637 | Merge: bc153d5 4314ae6 | ||
3422 | 638 | Author: Jenkins <jenkins@review.openstack.org> | ||
3423 | 639 | Date: Tue Apr 3 19:29:19 2012 +0000 | ||
3424 | 640 | |||
3425 | 641 | Merge "additional logging to support debugging auth issue" into milestone-proposed | ||
3426 | 642 | |||
3427 | 643 | commit 89e8dc075151acc85d8c4f8972d3910c7f33bd25 | ||
3428 | 644 | Author: Maru Newby <mnewby@internap.com> | ||
3429 | 645 | Date: Tue Mar 20 22:19:36 2012 -0700 | ||
3430 | 646 | |||
3431 | 647 | Add support to swift_auth for tokenless authz | ||
3432 | 648 | |||
3433 | 649 | * Updates keystone.middleware.swift_auth to allow token-less | ||
3434 | 650 | (unauthenticated) access for container sync (bug 954030) and | ||
3435 | 651 | permitted referrers (bug 924578). | ||
3436 | 652 | |||
3437 | 653 | Change-Id: Ieccf458c44dfe55f546dc15c79704800dad59ac0 | ||
3438 | 654 | |||
3439 | 655 | doc/source/configuringservices.rst | 3 + | ||
3440 | 656 | keystone/middleware/swift_auth.py | 106 +++++++++++++++++++++++++---------- | ||
3441 | 657 | tests/test_swift_auth_middleware.py | 56 +++++++++--------- | ||
3442 | 658 | 3 files changed, 104 insertions(+), 61 deletions(-) | ||
3443 | 659 | |||
3444 | 660 | commit 4314ae6c038b96c080dfd13938678e358e5574e7 | ||
3445 | 661 | Author: Joe Heck <heckj@mac.com> | ||
3446 | 662 | Date: Fri Mar 30 22:04:16 2012 -0700 | ||
3447 | 663 | |||
3448 | 664 | additional logging to support debugging auth issue | ||
3449 | 665 | |||
3450 | 666 | fixes bug 969801 | ||
3451 | 667 | |||
3452 | 668 | Change-Id: Iaf752e5f3692c91030cfd8575114f2c3293d1dba | ||
3453 | 669 | |||
3454 | 670 | keystone/middleware/auth_token.py | 8 +++++++- | ||
3455 | 671 | 1 file changed, 7 insertions(+), 1 deletion(-) | ||
3456 | 672 | |||
3457 | 673 | commit bc153d5ad9b32737dd55c33fd12468e89189eded | ||
3458 | 674 | Author: Maru Newby <mnewby@internap.com> | ||
3459 | 675 | Date: Mon Mar 26 16:08:56 2012 -0700 | ||
3460 | 676 | |||
3461 | 677 | Fixed misc errors in configuration.rst | ||
3462 | 678 | |||
3463 | 679 | * Addresses bug 965788 | ||
3464 | 680 | |||
3465 | 681 | Change-Id: I5aa276589a9818c7f523e6da9531af363139adbb | ||
3466 | 682 | |||
3467 | 683 | doc/source/configuration.rst | 10 ++++++---- | ||
3468 | 684 | 1 file changed, 6 insertions(+), 4 deletions(-) | ||
3469 | 685 | |||
3470 | 686 | commit ada402155acf5bda83d1b0fbedfbb0d7e4144b58 | ||
3471 | 687 | Author: termie <github@anarkystic.com> | ||
3472 | 688 | Date: Thu Mar 29 16:03:17 2012 -0700 | ||
3473 | 689 | |||
3474 | 690 | don't duplicate the extra dict in extra | ||
3475 | 691 | |||
3476 | 692 | fixes bug 929815 | ||
3477 | 693 | |||
3478 | 694 | Change-Id: Icfbe9a4b0eb2ef9b24bcf41113a6ec8e636210a9 | ||
3479 | 695 | |||
3480 | 696 | keystone/catalog/backends/sql.py | 4 ++-- | ||
3481 | 697 | keystone/identity/backends/sql.py | 4 ++-- | ||
3482 | 698 | 2 files changed, 4 insertions(+), 4 deletions(-) | ||
3483 | 699 | |||
3484 | 700 | commit 1b7aa15ae425e68c15588ba738e9b701b62d995a | ||
3485 | 701 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3486 | 702 | Date: Tue Mar 27 10:57:04 2012 -0700 | ||
3487 | 703 | |||
3488 | 704 | Raise keystone.exception for HTTP 401 (bug 962563) | ||
3489 | 705 | |||
3490 | 706 | Change-Id: I22e3b6769c69ef5917028980007d3295fed99fb7 | ||
3491 | 707 | |||
3492 | 708 | keystone/contrib/s3/core.py | 3 ++- | ||
3493 | 709 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
3494 | 710 | |||
3495 | 711 | commit b1336b0a3921621741ff8ba2adbc44113357e175 | ||
3496 | 712 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3497 | 713 | Date: Fri Mar 23 10:46:16 2012 -0500 | ||
3498 | 714 | |||
3499 | 715 | Validate object refs (return 404 instead of 500) | ||
3500 | 716 | |||
3501 | 717 | Combined fix for bug 963056: | ||
3502 | 718 | user-crud 404 | ||
3503 | 719 | service-crud 404 | ||
3504 | 720 | ec2-credential-crud 404 | ||
3505 | 721 | user-role-crud 404 | ||
3506 | 722 | endpoint-crud 404 | ||
3507 | 723 | |||
3508 | 724 | Change-Id: I7762aaaae9817ea7426039e4700e16b59e18cba1 | ||
3509 | 725 | |||
3510 | 726 | keystone/catalog/core.py | 5 +- | ||
3511 | 727 | keystone/contrib/ec2/core.py | 2 + | ||
3512 | 728 | keystone/exception.py | 2 +- | ||
3513 | 729 | keystone/identity/backends/kvs.py | 4 + | ||
3514 | 730 | keystone/identity/backends/sql.py | 4 + | ||
3515 | 731 | keystone/identity/core.py | 26 +++++- | ||
3516 | 732 | tests/test_keystoneclient.py | 175 +++++++++++++++++++++++++++++++++++++ | ||
3517 | 733 | tests/test_keystoneclient_sql.py | 7 ++ | ||
3518 | 734 | 8 files changed, 222 insertions(+), 3 deletions(-) | ||
3519 | 735 | |||
3520 | 736 | commit 80afa04f6e031207e6a7003843852b37c81eacc6 | ||
3521 | 737 | Merge: f745dae d9959d8 | ||
3522 | 738 | Author: Jenkins <jenkins@review.openstack.org> | ||
3523 | 739 | Date: Tue Apr 3 14:45:36 2012 +0000 | ||
3524 | 740 | |||
3525 | 741 | Merge "tenant-crud 404 (bug 963056)" into milestone-proposed | ||
3526 | 742 | |||
3527 | 743 | commit f745dae9a6d9c68140476daa8403d0efc09826ab | ||
3528 | 744 | Merge: 8037722 b56e326 | ||
3529 | 745 | Author: Jenkins <jenkins@review.openstack.org> | ||
3530 | 746 | Date: Tue Apr 3 13:30:07 2012 +0000 | ||
3531 | 747 | |||
3532 | 748 | Merge "role-crud 404 (bug 963056)" into milestone-proposed | ||
3533 | 749 | |||
3534 | 750 | commit d9959d85a759b4acdff52c25f20a9462d66b185d | ||
3535 | 751 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3536 | 752 | Date: Fri Mar 23 10:23:06 2012 -0500 | ||
3537 | 753 | |||
3538 | 754 | tenant-crud 404 (bug 963056) | ||
3539 | 755 | |||
3540 | 756 | tenant-get | ||
3541 | 757 | tenant-update | ||
3542 | 758 | tenant-delete | ||
3543 | 759 | |||
3544 | 760 | Change-Id: I9e67cea985f546c9ddf6ce6d82a11486099bd524 | ||
3545 | 761 | |||
3546 | 762 | keystone/identity/core.py | 10 +++++++++- | ||
3547 | 763 | tests/test_keystoneclient.py | 21 +++++++++++++++++++++ | ||
3548 | 764 | 2 files changed, 30 insertions(+), 1 deletion(-) | ||
3549 | 765 | |||
3550 | 766 | commit b56e32645fa88cd21f4b5289cfb68d51fcbf740c | ||
3551 | 767 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3552 | 768 | Date: Fri Mar 23 09:10:59 2012 -0500 | ||
3553 | 769 | |||
3554 | 770 | role-crud 404 (bug 963056) | ||
3555 | 771 | |||
3556 | 772 | role-get | ||
3557 | 773 | role-delete | ||
3558 | 774 | role-list | ||
3559 | 775 | |||
3560 | 776 | Change-Id: I099b1e1e5bd2cd77a2ea3b72fb0f14b88a3af26e | ||
3561 | 777 | |||
3562 | 778 | keystone/identity/backends/kvs.py | 3 +-- | ||
3563 | 779 | keystone/identity/backends/sql.py | 3 +-- | ||
3564 | 780 | keystone/identity/core.py | 13 ++++++++++-- | ||
3565 | 781 | tests/test_keystoneclient.py | 41 +++++++++++++++++++++++++++++++++++-- | ||
3566 | 782 | 4 files changed, 52 insertions(+), 8 deletions(-) | ||
3567 | 783 | |||
3568 | 784 | commit 8037722264668d9b66326cdfac25f6cf84d2b7d4 | ||
3569 | 785 | Author: Maru Newby <mnewby@internap.com> | ||
3570 | 786 | Date: Tue Mar 20 18:47:19 2012 -0700 | ||
3571 | 787 | |||
3572 | 788 | Improve swift_auth test coverage + Minor fixes | ||
3573 | 789 | |||
3574 | 790 | * Isolates authorize() tests from wsgi tests | ||
3575 | 791 | * Adds coverage for authorize() | ||
3576 | 792 | * Adds support for a blank reseller_prefix | ||
3577 | 793 | * Adds swift_auth test dependencies to tools/test-requires | ||
3578 | 794 | * Cleans up authorize()'s use of tenant_id/tenant_name | ||
3579 | 795 | (addresses bug 963546) | ||
3580 | 796 | |||
3581 | 797 | Change-Id: I603b89ab4fe8559b0f5d72528afd659ee0f0bce1 | ||
3582 | 798 | |||
3583 | 799 | AUTHORS | 1 + | ||
3584 | 800 | keystone/middleware/swift_auth.py | 18 +-- | ||
3585 | 801 | tests/test_swift_auth_middleware.py | 281 ++++++++++++++++++----------------- | ||
3586 | 802 | tools/test-requires | 4 + | ||
3587 | 803 | 4 files changed, 158 insertions(+), 146 deletions(-) | ||
3588 | 804 | |||
3589 | 805 | commit f3ce326a8c9ab85f60145e6a198e061fd9ccf431 | ||
3590 | 806 | Merge: 7abe0aa 1904228 | ||
3591 | 807 | Author: Jenkins <jenkins@review.openstack.org> | ||
3592 | 808 | Date: Fri Mar 23 17:59:24 2012 +0000 | ||
3593 | 809 | |||
3594 | 810 | Merge "Check values for EC2." | ||
3595 | 811 | |||
3596 | 812 | commit 7abe0aa3845459b95a7d4e401e51d4ab8c4c0280 | ||
3597 | 813 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
3598 | 814 | Date: Wed Mar 21 16:59:15 2012 +0000 | ||
3599 | 815 | |||
3600 | 816 | S3 tokens cleanups. | ||
3601 | 817 | |||
3602 | 818 | - Cleanups. | ||
3603 | 819 | - Remove reference about config admin_username/password/token. | ||
3604 | 820 | - Return proper http error on errors. | ||
3605 | 821 | - Add unittests (skip them for now when swift is not installed). | ||
3606 | 822 | - Fixes bug 956983. | ||
3607 | 823 | |||
3608 | 824 | Change-Id: I392fc274f3b01a5a0b5779dd13f9cd3b819ee65a | ||
3609 | 825 | |||
3610 | 826 | doc/source/configuringservices.rst | 6 +- | ||
3611 | 827 | keystone/middleware/s3_token.py | 124 ++++++++++++++++++++++------------ | ||
3612 | 828 | tests/test_s3_token_middleware.py | 130 ++++++++++++++++++++++++++++++++++++ | ||
3613 | 829 | 3 files changed, 213 insertions(+), 47 deletions(-) | ||
3614 | 830 | |||
3615 | 831 | commit 1904228a5a3fef549c5b9294eba5c39f9f6f72bd | ||
3616 | 832 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
3617 | 833 | Date: Thu Mar 22 21:34:39 2012 +0000 | ||
3618 | 834 | |||
3619 | 835 | Check values for EC2. | ||
3620 | 836 | |||
3621 | 837 | - Add multiple check to methods to make sure we have a proper | ||
3622 | 838 | tenant_id/user_id/credentials. | ||
3623 | 839 | - Fixes bug 958135. | ||
3624 | 840 | |||
3625 | 841 | Change-Id: I4dd171e3db32d6ebdc70bb1a83492c8ecd09c21c | ||
3626 | 842 | |||
3627 | 843 | keystone/contrib/ec2/core.py | 61 +++++++++++++++++++++++++++++++++++++----- | ||
3628 | 844 | 1 file changed, 55 insertions(+), 6 deletions(-) | ||
3629 | 845 | |||
3630 | 846 | commit 9feb00085f75ea2697fd2225e6003c2384904d08 | ||
3631 | 847 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3632 | 848 | Date: Wed Mar 21 13:11:31 2012 -0500 | ||
3633 | 849 | |||
3634 | 850 | Fix critical typo in endpoint_create (bug 961412) | ||
3635 | 851 | |||
3636 | 852 | It looks like catalog crud was previously untested. | ||
3637 | 853 | |||
3638 | 854 | Change-Id: I8e3060b6d6c737d3d97a5bd9076e9a5fdf9945e2 | ||
3639 | 855 | |||
3640 | 856 | keystone/catalog/core.py | 2 +- | ||
3641 | 857 | tests/test_keystoneclient_sql.py | 43 ++++++++++++++++++++++++++++++++++++++ | ||
3642 | 858 | 2 files changed, 44 insertions(+), 1 deletion(-) | ||
3643 | 859 | |||
3644 | 860 | commit 885f8d5950f8441e857d860b4e1cd4fd996440cd | ||
3645 | 861 | Merge: d61aeda 94904e4 | ||
3646 | 862 | Author: Jenkins <jenkins@review.openstack.org> | ||
3647 | 863 | Date: Tue Mar 20 23:59:16 2012 +0000 | ||
3648 | 864 | |||
3649 | 865 | Merge "Rename tokenauth to authtoken." | ||
3650 | 866 | |||
3651 | 867 | commit d61aedaf868d984f1c317a73b362a2e7a366ef89 | ||
3652 | 868 | Author: Yong Sheng Gong <gongysh@cn.ibm.com> | ||
3653 | 869 | Date: Sun Mar 18 23:56:35 2012 +0800 | ||
3654 | 870 | |||
3655 | 871 | unique role name constraint | ||
3656 | 872 | |||
3657 | 873 | For SQL identity backend, add unique constraint with column definition; | ||
3658 | 874 | for kvs and ldap backend, use python code to apply this constraint. | ||
3659 | 875 | Test cases test_create_duplicate_role_name_fails and test_rename_duplicate_role_name_fails are added to guard it. | ||
3660 | 876 | python run_tests.py test_backend_ldap test_backend_kvs test_backend_sql pass. | ||
3661 | 877 | |||
3662 | 878 | bug 932258. | ||
3663 | 879 | |||
3664 | 880 | Change-Id: I990f17a270e84d35c078f215c587a81d6784c192 | ||
3665 | 881 | |||
3666 | 882 | AUTHORS | 1 + | ||
3667 | 883 | keystone/identity/backends/kvs.py | 23 +++++++++++++++++++- | ||
3668 | 884 | keystone/identity/backends/ldap/core.py | 14 ++++++++++++- | ||
3669 | 885 | keystone/identity/backends/sql.py | 2 +- | ||
3670 | 886 | tests/test_backend.py | 35 +++++++++++++++++++++++++------ | ||
3671 | 887 | 5 files changed, 66 insertions(+), 9 deletions(-) | ||
3672 | 888 | |||
3673 | 889 | commit f98cd4f27d68c47a003b529bbcfeffa9140e090d | ||
3674 | 890 | Merge: 53b3d44 3a296a4 | ||
3675 | 891 | Author: Jenkins <jenkins@review.openstack.org> | ||
3676 | 892 | Date: Tue Mar 20 23:17:30 2012 +0000 | ||
3677 | 893 | |||
3678 | 894 | Merge "Spring cleaning, fix PEP8 violations." | ||
3679 | 895 | |||
3680 | 896 | commit 53b3d4498848ae2fff58751f9a791a9ebc00b742 | ||
3681 | 897 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
3682 | 898 | Date: Sat Feb 25 11:37:17 2012 +0100 | ||
3683 | 899 | |||
3684 | 900 | Add test for swift middleware. | ||
3685 | 901 | |||
3686 | 902 | - skip the tests if we don't have swift installed. | ||
3687 | 903 | |||
3688 | 904 | Change-Id: I3647538f3e7a32cbfce97b181c532371cef963da | ||
3689 | 905 | |||
3690 | 906 | tests/test_swift_auth_middleware.py | 203 +++++++++++++++++++++++++++++++++++ | ||
3691 | 907 | 1 file changed, 203 insertions(+) | ||
3692 | 908 | |||
3693 | 909 | commit 3a296a458c4e2f9465ddc0330d03c3e7ec0e3c50 | ||
3694 | 910 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
3695 | 911 | Date: Tue Mar 20 10:09:25 2012 +0000 | ||
3696 | 912 | |||
3697 | 913 | Spring cleaning, fix PEP8 violations. | ||
3698 | 914 | |||
3699 | 915 | Change-Id: Ide832cd64c9b285213e23901eaf81946d504e726 | ||
3700 | 916 | |||
3701 | 917 | doc/source/conf.py | 33 +++++++++++-------- | ||
3702 | 918 | run_tests.py | 1 - | ||
3703 | 919 | tests/default_fixtures.py | 6 ++-- | ||
3704 | 920 | tests/test_auth_token_middleware.py | 6 ++-- | ||
3705 | 921 | tests/test_backend.py | 61 +++++++++++++++++------------------ | ||
3706 | 922 | tests/test_backend_kvs.py | 58 ++++++++++++++++----------------- | ||
3707 | 923 | tests/test_backend_sql.py | 30 ++++++++--------- | ||
3708 | 924 | tests/test_content_types.py | 6 ++-- | ||
3709 | 925 | tests/test_import_legacy.py | 2 -- | ||
3710 | 926 | tests/test_keystoneclient.py | 6 ++-- | ||
3711 | 927 | tests/test_middleware.py | 3 +- | ||
3712 | 928 | 11 files changed, 108 insertions(+), 104 deletions(-) | ||
3713 | 929 | |||
3714 | 930 | commit 5ea232a09f88d621980cbd5ef4655f9c9a2e2da1 | ||
3715 | 931 | Merge: da04fc0 009d661 | ||
3716 | 932 | Author: Jenkins <jenkins@review.openstack.org> | ||
3717 | 933 | Date: Tue Mar 20 22:40:51 2012 +0000 | ||
3718 | 934 | |||
3719 | 935 | Merge "Wrapped unexpected exceptions (bug 955411)" | ||
3720 | 936 | |||
3721 | 937 | commit da04fc0de4b7f46a5559f3c81e54b5402e4876e3 | ||
3722 | 938 | Merge: 57f1cb2 e677327 | ||
3723 | 939 | Author: Jenkins <jenkins@review.openstack.org> | ||
3724 | 940 | Date: Tue Mar 20 22:34:37 2012 +0000 | ||
3725 | 941 | |||
3726 | 942 | Merge "Support PyPAM in pam backend, update to latest API" | ||
3727 | 943 | |||
3728 | 944 | commit 94904e45e3276e1c274a25c785c0143cd6d6fec1 | ||
3729 | 945 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
3730 | 946 | Date: Tue Mar 20 17:08:46 2012 +0000 | ||
3731 | 947 | |||
3732 | 948 | Rename tokenauth to authtoken. | ||
3733 | 949 | |||
3734 | 950 | - Avoid confusing by using the authtoken name for auth_token middleware. | ||
3735 | 951 | - Improve swift_auth middleware doc. | ||
3736 | 952 | |||
3737 | 953 | Change-Id: I287860eba067b99a1d89f8f17200820340836ff9 | ||
3738 | 954 | |||
3739 | 955 | doc/source/configuringservices.rst | 10 +++++----- | ||
3740 | 956 | keystone/middleware/swift_auth.py | 9 +++++++-- | ||
3741 | 957 | 2 files changed, 12 insertions(+), 7 deletions(-) | ||
3742 | 958 | |||
3743 | 959 | commit 57f1cb2c4a37ef0040321732fb64fc6cde02126d | ||
3744 | 960 | Merge: 80c7936 3e4653a | ||
3745 | 961 | Author: Jenkins <jenkins@review.openstack.org> | ||
3746 | 962 | Date: Tue Mar 20 18:04:22 2012 +0000 | ||
3747 | 963 | |||
3748 | 964 | Merge "fix keystone-all's usage of options vs conf" | ||
3749 | 965 | |||
3750 | 966 | commit 80c7936b3147d53659025a76ac232de986f5ce64 | ||
3751 | 967 | Author: termie <github@anarkystic.com> | ||
3752 | 968 | Date: Tue Mar 20 10:41:03 2012 -0700 | ||
3753 | 969 | |||
3754 | 970 | pass the arguments in when starting keystone-all | ||
3755 | 971 | |||
3756 | 972 | fixes bug 942793 | ||
3757 | 973 | |||
3758 | 974 | Change-Id: I044a56c1eedae2ecef04dd3aa60b91414b7abc14 | ||
3759 | 975 | |||
3760 | 976 | bin/keystone-all | 2 +- | ||
3761 | 977 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
3762 | 978 | |||
3763 | 979 | commit 3e4653a3914e84aec72ba159c4d23edba8ced48f | ||
3764 | 980 | Author: termie <github@anarkystic.com> | ||
3765 | 981 | Date: Tue Mar 20 10:47:31 2012 -0700 | ||
3766 | 982 | |||
3767 | 983 | fix keystone-all's usage of options vs conf | ||
3768 | 984 | |||
3769 | 985 | we shouldn't be using options at all, that was a leftover piece of code | ||
3770 | 986 | from a long time ago. | ||
3771 | 987 | |||
3772 | 988 | invalidates bug 949373 | ||
3773 | 989 | |||
3774 | 990 | Change-Id: I29fcbd5f641464bda985900172b55bca45843f81 | ||
3775 | 991 | |||
3776 | 992 | bin/keystone-all | 8 ++++---- | ||
3777 | 993 | etc/keystone.conf | 2 +- | ||
3778 | 994 | 2 files changed, 5 insertions(+), 5 deletions(-) | ||
3779 | 995 | |||
3780 | 996 | commit 9c823977baca9944074c62cedf32f5107a95a443 | ||
3781 | 997 | Merge: 3263f45 6f8752b | ||
3782 | 998 | Author: Jenkins <jenkins@review.openstack.org> | ||
3783 | 999 | Date: Tue Mar 20 17:19:51 2012 +0000 | ||
3784 | 1000 | |||
3785 | 1001 | Merge "Clean up sql connection args" | ||
3786 | 1002 | |||
3787 | 1003 | commit 3263f45926f054c759caa10e391777e7372e73a1 | ||
3788 | 1004 | Merge: 5d07cdf ee57716 | ||
3789 | 1005 | Author: Jenkins <jenkins@review.openstack.org> | ||
3790 | 1006 | Date: Tue Mar 20 16:59:17 2012 +0000 | ||
3791 | 1007 | |||
3792 | 1008 | Merge "Improved file logging example (bug 959610)" | ||
3793 | 1009 | |||
3794 | 1010 | commit 009d661a7e06ad72ab39b93433839bf567755ece | ||
3795 | 1011 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3796 | 1012 | Date: Wed Mar 14 15:06:16 2012 -0500 | ||
3797 | 1013 | |||
3798 | 1014 | Wrapped unexpected exceptions (bug 955411) | ||
3799 | 1015 | |||
3800 | 1016 | - Replaced all webob.exc's (outside of middleware) with | ||
3801 | 1017 | keystone.exception's | ||
3802 | 1018 | - Raised 409 Conflict when creating/updating existing | ||
3803 | 1019 | user/tenant ID/names (bug 955464) | ||
3804 | 1020 | - Raised 501 Not Implemented for user-role-add w/o tenant_id | ||
3805 | 1021 | (bug 955548) | ||
3806 | 1022 | |||
3807 | 1023 | Change-Id: I9f16cac502c20dd35a6b8da778e85bf3d9cfae49 | ||
3808 | 1024 | |||
3809 | 1025 | keystone/catalog/backends/sql.py | 2 +- | ||
3810 | 1026 | keystone/catalog/core.py | 11 ++----- | ||
3811 | 1027 | keystone/common/ldap/core.py | 11 ++++--- | ||
3812 | 1028 | keystone/common/sql/core.py | 1 + | ||
3813 | 1029 | keystone/common/wsgi.py | 3 ++ | ||
3814 | 1030 | keystone/contrib/ec2/core.py | 20 +++++-------- | ||
3815 | 1031 | keystone/exception.py | 50 +++++++++++++++++++++++++++---- | ||
3816 | 1032 | keystone/identity/backends/kvs.py | 19 ++++++++---- | ||
3817 | 1033 | keystone/identity/backends/ldap/core.py | 2 +- | ||
3818 | 1034 | keystone/identity/backends/sql.py | 23 ++++++++++++++ | ||
3819 | 1035 | keystone/identity/core.py | 24 ++++++++------- | ||
3820 | 1036 | keystone/policy/backends/rules.py | 2 +- | ||
3821 | 1037 | keystone/service.py | 4 +-- | ||
3822 | 1038 | tests/test_exception.py | 4 +-- | ||
3823 | 1039 | 14 files changed, 121 insertions(+), 55 deletions(-) | ||
3824 | 1040 | |||
3825 | 1041 | commit 5d07cdf438b97ec2fdc4685b2f1559f3258da102 | ||
3826 | 1042 | Author: Michael Basnight <mbasnight@gmail.com> | ||
3827 | 1043 | Date: Tue Mar 20 08:53:31 2012 -0500 | ||
3828 | 1044 | |||
3829 | 1045 | Changing belongsTo validation back to ID | ||
3830 | 1046 | |||
3831 | 1047 | * Fixes lp#960218 | ||
3832 | 1048 | |||
3833 | 1049 | Change-Id: I6296413c211da92a4d0e07a544ca812d3544cb73 | ||
3834 | 1050 | |||
3835 | 1051 | keystone/service.py | 2 +- | ||
3836 | 1052 | tests/test_content_types.py | 2 +- | ||
3837 | 1053 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
3838 | 1054 | |||
3839 | 1055 | commit 3a70a2f9281fdfec6f770cfb60fcd2dce5a77c5f | ||
3840 | 1056 | Merge: 632fb0a 193374a | ||
3841 | 1057 | Author: Jenkins <jenkins@review.openstack.org> | ||
3842 | 1058 | Date: Tue Mar 20 04:55:46 2012 +0000 | ||
3843 | 1059 | |||
3844 | 1060 | Merge "Fixes LP #954089 - Service list templated catalog" | ||
3845 | 1061 | |||
3846 | 1062 | commit 632fb0a8cb4eddf76ce0695472601d69115149a9 | ||
3847 | 1063 | Merge: 4f3dade 2324247 | ||
3848 | 1064 | Author: Jenkins <jenkins@review.openstack.org> | ||
3849 | 1065 | Date: Tue Mar 20 04:49:56 2012 +0000 | ||
3850 | 1066 | |||
3851 | 1067 | Merge "Swift middleware doc update." | ||
3852 | 1068 | |||
3853 | 1069 | commit 4f3dade2367270442b685426befd6d6de665797b | ||
3854 | 1070 | Merge: ed231ff 678dcad | ||
3855 | 1071 | Author: Jenkins <jenkins@review.openstack.org> | ||
3856 | 1072 | Date: Tue Mar 20 04:44:01 2012 +0000 | ||
3857 | 1073 | |||
3858 | 1074 | Merge "Refactor keystone.common.logging use (bug 948224)" | ||
3859 | 1075 | |||
3860 | 1076 | commit ed231ffa8c3e90125bc73c528d1db8b46f3f5381 | ||
3861 | 1077 | Merge: 36b2b22 00a2392 | ||
3862 | 1078 | Author: Jenkins <jenkins@review.openstack.org> | ||
3863 | 1079 | Date: Tue Mar 20 04:37:59 2012 +0000 | ||
3864 | 1080 | |||
3865 | 1081 | Merge "Installing keystone docs" | ||
3866 | 1082 | |||
3867 | 1083 | commit 6f8752bf6ea74fb8841dac1a1d6b62af019b48e5 | ||
3868 | 1084 | Author: Brian Waldon <bcwaldon@gmail.com> | ||
3869 | 1085 | Date: Mon Mar 19 14:21:02 2012 -0700 | ||
3870 | 1086 | |||
3871 | 1087 | Clean up sql connection args | ||
3872 | 1088 | |||
3873 | 1089 | * Convert idle_timeout (pool_recycle) to integer | ||
3874 | 1090 | * Drop min_pool_size, max_pool_size, pool_timeout | ||
3875 | 1091 | * Fixes bug 959916 | ||
3876 | 1092 | |||
3877 | 1093 | Change-Id: Ie124b3abdf00358d6b722e1c2e2a2fb22967ca5a | ||
3878 | 1094 | |||
3879 | 1095 | doc/source/configuration.rst | 3 --- | ||
3880 | 1096 | etc/keystone.conf | 3 --- | ||
3881 | 1097 | keystone/config.py | 5 +---- | ||
3882 | 1098 | tests/backend_sql.conf | 3 --- | ||
3883 | 1099 | 4 files changed, 1 insertion(+), 13 deletions(-) | ||
3884 | 1100 | |||
3885 | 1101 | commit 36b2b228daabd07e185e70800863991cbde6ba95 | ||
3886 | 1102 | Merge: 83bc8c0 6f2c858 | ||
3887 | 1103 | Author: Jenkins <jenkins@review.openstack.org> | ||
3888 | 1104 | Date: Tue Mar 20 04:15:44 2012 +0000 | ||
3889 | 1105 | |||
3890 | 1106 | Merge "Update get_metadata to return {}" | ||
3891 | 1107 | |||
3892 | 1108 | commit ee577163e32b88ca1345124c96ae3113d9a5ccdd | ||
3893 | 1109 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
3894 | 1110 | Date: Mon Mar 19 14:49:18 2012 -0500 | ||
3895 | 1111 | |||
3896 | 1112 | Improved file logging example (bug 959610) | ||
3897 | 1113 | |||
3898 | 1114 | - Root logger w/ file handler will log WARNING, ERROR, CRITICAL by default | ||
3899 | 1115 | |||
3900 | 1116 | Change-Id: I36cd07cec85712640daa013563401a3bc52f290c | ||
3901 | 1117 | |||
3902 | 1118 | .gitignore | 2 +- | ||
3903 | 1119 | etc/keystone.conf | 2 +- | ||
3904 | 1120 | etc/logging.conf.sample | 23 ++++------------------- | ||
3905 | 1121 | 3 files changed, 6 insertions(+), 21 deletions(-) | ||
3906 | 1122 | |||
3907 | 1123 | commit 83bc8c088ec66a858afce9a889a4407c59b9d48e | ||
3908 | 1124 | Merge: 5027c9d 773f0f8 | ||
3909 | 1125 | Author: Jenkins <jenkins@review.openstack.org> | ||
3910 | 1126 | Date: Mon Mar 19 18:07:20 2012 +0000 | ||
3911 | 1127 | |||
3912 | 1128 | Merge "Fix default port for identity.internalURL" | ||
3913 | 1129 | |||
3914 | 1130 | commit 5027c9d7150815abe1dde7e4d85d41eb2d0fad4d | ||
3915 | 1131 | Merge: 7c1e32b 56e4103 | ||
3916 | 1132 | Author: Jenkins <jenkins@review.openstack.org> | ||
3917 | 1133 | Date: Mon Mar 19 18:01:19 2012 +0000 | ||
3918 | 1134 | |||
3919 | 1135 | Merge "docstring cleanup to remove sphinx warnings" | ||
3920 | 1136 | |||
3921 | 1137 | commit 2324247baac2ba620da1f6cdc540462e6f0b6a5f | ||
3922 | 1138 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
3923 | 1139 | Date: Mon Mar 19 14:53:36 2012 +0000 | ||
3924 | 1140 | |||
3925 | 1141 | Swift middleware doc update. | ||
3926 | 1142 | |||
3927 | 1143 | Change-Id: I01ecc4d602b5e887f66d32676f11a92d022f693f | ||
3928 | 1144 | |||
3929 | 1145 | doc/source/configuringservices.rst | 13 ++++++++----- | ||
3930 | 1146 | 1 file changed, 8 insertions(+), 5 deletions(-) | ||
3931 | 1147 | |||
3932 | 1148 | commit 7c1e32bba6837eb0937e6e7567aa5e7981db7fec | ||
3933 | 1149 | Merge: 43a84e3 2146119 | ||
3934 | 1150 | Author: Jenkins <jenkins@review.openstack.org> | ||
3935 | 1151 | Date: Mon Mar 19 16:26:45 2012 +0000 | ||
3936 | 1152 | |||
3937 | 1153 | Merge "Remove nova-specific middlewares" | ||
3938 | 1154 | |||
3939 | 1155 | commit 43a84e3b96450d29b7f3139a6e830583038c1d24 | ||
3940 | 1156 | Merge: 2c6a232 239e4f6 | ||
3941 | 1157 | Author: Jenkins <jenkins@review.openstack.org> | ||
3942 | 1158 | Date: Mon Mar 19 16:20:55 2012 +0000 | ||
3943 | 1159 | |||
3944 | 1160 | Merge "Add check for MAX_PASSWORD_LENGTH to utils." | ||
3945 | 1161 | |||
3946 | 1162 | commit 193374af3860e17ed03bb0431d823046079ae444 | ||
3947 | 1163 | Author: Jay Pipes <jaypipes@gmail.com> | ||
3948 | 1164 | Date: Tue Mar 13 17:30:07 2012 -0400 | ||
3949 | 1165 | |||
3950 | 1166 | Fixes LP #954089 - Service list templated catalog | ||
3951 | 1167 | |||
3952 | 1168 | * Adds missing test cases for the TemplatedCatalog | ||
3953 | 1169 | * Adds a base CatalogTest that different backends | ||
3954 | 1170 | can use | ||
3955 | 1171 | * Updates kvs.Catalog to raise ServiceNotFound where | ||
3956 | 1172 | appropriate | ||
3957 | 1173 | * Updates the tests.test_keystoneclient_sql to actually | ||
3958 | 1174 | test the SQL catalog backend | ||
3959 | 1175 | * Removes old test for incorrect endpoints listing | ||
3960 | 1176 | * Removes the keystone.catalog.core.Driver.service_exists | ||
3961 | 1177 | method since it was only implemented in the SQL driver | ||
3962 | 1178 | and wasn't required now that get_service and delete_service | ||
3963 | 1179 | properly raise ServiceNotFound exception. | ||
3964 | 1180 | |||
3965 | 1181 | Change-Id: I35690cc147e56007be27bacf94eeff360e727e5d | ||
3966 | 1182 | |||
3967 | 1183 | keystone/catalog/backends/kvs.py | 9 +++- | ||
3968 | 1184 | keystone/catalog/backends/sql.py | 10 ++--- | ||
3969 | 1185 | keystone/catalog/backends/templated.py | 3 ++ | ||
3970 | 1186 | keystone/catalog/core.py | 12 ++--- | ||
3971 | 1187 | keystone/exception.py | 4 ++ | ||
3972 | 1188 | keystone/test.py | 75 ++++++++++++++++++++------------ | ||
3973 | 1189 | tests/backend_sql.conf | 3 ++ | ||
3974 | 1190 | tests/default_fixtures.py | 21 +++++++++ | ||
3975 | 1191 | tests/test_backend.py | 20 +++++++++ | ||
3976 | 1192 | tests/test_backend_kvs.py | 7 +-- | ||
3977 | 1193 | tests/test_backend_templated.py | 57 ++++++++++++++++++++++++ | ||
3978 | 1194 | tests/test_keystoneclient.py | 8 ---- | ||
3979 | 1195 | 12 files changed, 174 insertions(+), 55 deletions(-) | ||
3980 | 1196 | |||
3981 | 1197 | commit 2146119eaddaa5b3e375fef6590458a77932a58b | ||
3982 | 1198 | Author: Brian Waldon <bcwaldon@gmail.com> | ||
3983 | 1199 | Date: Mon Mar 19 08:31:26 2012 -0700 | ||
3984 | 1200 | |||
3985 | 1201 | Remove nova-specific middlewares | ||
3986 | 1202 | |||
3987 | 1203 | * Nova now ships with nova.api.auth.NovaKeystoneContext | ||
3988 | 1204 | * Nova does not depend on either of the middlewares being removed | ||
3989 | 1205 | |||
3990 | 1206 | Change-Id: I9546e5c84ea1453f5dfd2dd7bf9924ccda57f87a | ||
3991 | 1207 | |||
3992 | 1208 | doc/source/configuringservices.rst | 11 +- | ||
3993 | 1209 | doc/source/nova-api-paste.rst | 143 -------------------------- | ||
3994 | 1210 | keystone/middleware/nova_auth_token.py | 103 ------------------- | ||
3995 | 1211 | keystone/middleware/nova_keystone_context.py | 71 ------------- | ||
3996 | 1212 | 4 files changed, 1 insertion(+), 327 deletions(-) | ||
3997 | 1213 | |||
3998 | 1214 | commit 239e4f64c2134338b32ffd6d42c0b6ff70cd040c | ||
3999 | 1215 | Author: Dan Prince <dprince@redhat.com> | ||
4000 | 1216 | Date: Fri Mar 16 21:46:31 2012 -0400 | ||
4001 | 1217 | |||
4002 | 1218 | Add check for MAX_PASSWORD_LENGTH to utils. | ||
4003 | 1219 | |||
4004 | 1220 | Updates to keystone password hashing and checking functions so | ||
4005 | 1221 | that a max password length is enforced. | ||
4006 | 1222 | |||
4007 | 1223 | Fixes LP Bug #959288. | ||
4008 | 1224 | |||
4009 | 1225 | Change-Id: Id3048f3c916e92c59ac5b063d09c3d612d51c97c | ||
4010 | 1226 | |||
4011 | 1227 | keystone/common/utils.py | 17 +++++++++++++---- | ||
4012 | 1228 | tests/test_utils.py | 5 +++++ | ||
4013 | 1229 | 2 files changed, 18 insertions(+), 4 deletions(-) | ||
4014 | 1230 | |||
4015 | 1231 | commit 2c6a232c38cf6bbd969421b2fe2fe7d410da327a | ||
4016 | 1232 | Author: Brian Waldon <bcwaldon@gmail.com> | ||
4017 | 1233 | Date: Fri Mar 16 15:55:22 2012 -0700 | ||
4018 | 1234 | |||
4019 | 1235 | Remove glance_auth_token middleware | ||
4020 | 1236 | |||
4021 | 1237 | * Fixes bug 957501 | ||
4022 | 1238 | |||
4023 | 1239 | Change-Id: I2ae6ec7b391dd41587f2246940a8d392c12c91fe | ||
4024 | 1240 | |||
4025 | 1241 | keystone/middleware/glance_auth_token.py | 78 ------------------------------ | ||
4026 | 1242 | 1 file changed, 78 deletions(-) | ||
4027 | 1243 | |||
4028 | 1244 | commit e67732748c7ad4656f6ef5d9da3ff4789199bf9a | ||
4029 | 1245 | Author: Russell Bryant <rbryant@redhat.com> | ||
4030 | 1246 | Date: Wed Mar 14 16:55:24 2012 -0400 | ||
4031 | 1247 | |||
4032 | 1248 | Support PyPAM in pam backend, update to latest API | ||
4033 | 1249 | |||
4034 | 1250 | Fix bug 938801. | ||
4035 | 1251 | |||
4036 | 1252 | This bug pointed out that some distros don't have the same pam Python | ||
4037 | 1253 | module packaged that this backend was expecting. In my case, on Fedora, | ||
4038 | 1254 | it's PAM and the API is not compatible with the pam module that was | ||
4039 | 1255 | used. This patch makes the backend support PyPAM, as well as the | ||
4040 | 1256 | original pam module that was used. | ||
4041 | 1257 | |||
4042 | 1258 | In order to test this, I updated the pam backend to the latest backend | ||
4043 | 1259 | API. Even though the base class will raise NotImplementedError, I | ||
4044 | 1260 | included all functions here to make it more clear all of the things | ||
4045 | 1261 | this backend does not do. | ||
4046 | 1262 | |||
4047 | 1263 | Change-Id: I74144f4e63b6830c8224bc87e1662eb5df8728a0 | ||
4048 | 1264 | |||
4049 | 1265 | keystone/identity/backends/pam.py | 137 +++++++++++++++++++++++++++++++++---- | ||
4050 | 1266 | 1 file changed, 125 insertions(+), 12 deletions(-) | ||
4051 | 1267 | |||
4052 | 1268 | commit 88ac1edec0b62fe5b18b2b0ffce3798f63f21351 | ||
4053 | 1269 | Merge: c93f663 f8cbd61 | ||
4054 | 1270 | Author: Jenkins <jenkins@review.openstack.org> | ||
4055 | 1271 | Date: Fri Mar 16 02:34:15 2012 +0000 | ||
4056 | 1272 | |||
4057 | 1273 | Merge "sample_data.sh: check file paths for packaged installations" | ||
4058 | 1274 | |||
4059 | 1275 | commit c93f6633cdcde89c346054a478fa17b12940b395 | ||
4060 | 1276 | Merge: 2415b17 9363d5f | ||
4061 | 1277 | Author: Jenkins <jenkins@review.openstack.org> | ||
4062 | 1278 | Date: Thu Mar 15 22:34:02 2012 +0000 | ||
4063 | 1279 | |||
4064 | 1280 | Merge "Properly return 501 for unsupported Catalog calls" | ||
4065 | 1281 | |||
4066 | 1282 | commit 2415b171b113aea4f4fbec5856b92cec36d44709 | ||
4067 | 1283 | Merge: 096300d e7bb737 | ||
4068 | 1284 | Author: Jenkins <jenkins@review.openstack.org> | ||
4069 | 1285 | Date: Thu Mar 15 17:23:52 2012 +0000 | ||
4070 | 1286 | |||
4071 | 1287 | Merge "Add automatically generated code docs." | ||
4072 | 1288 | |||
4073 | 1289 | commit 096300d072d8545f899586af44968c9ba43d380b | ||
4074 | 1290 | Merge: fdca62c ab6be05 | ||
4075 | 1291 | Author: Jenkins <jenkins@review.openstack.org> | ||
4076 | 1292 | Date: Thu Mar 15 14:46:48 2012 +0000 | ||
4077 | 1293 | |||
4078 | 1294 | Merge "Update username -> name in token response." | ||
4079 | 1295 | |||
4080 | 1296 | commit 773f0f84af282cd3e53650ccbb99284c37677b6a | ||
4081 | 1297 | Author: Julien Danjou <julien.danjou@enovance.com> | ||
4082 | 1298 | Date: Thu Mar 15 11:38:29 2012 +0100 | ||
4083 | 1299 | |||
4084 | 1300 | Fix default port for identity.internalURL | ||
4085 | 1301 | |||
4086 | 1302 | This should be the public_port and not the admin one. | ||
4087 | 1303 | |||
4088 | 1304 | Change-Id: Ib09e7479c0507797532e6bb91d76b7d3083cc761 | ||
4089 | 1305 | Signed-off-by: Julien Danjou <julien.danjou@enovance.com> | ||
4090 | 1306 | |||
4091 | 1307 | etc/default_catalog.templates | 2 +- | ||
4092 | 1308 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
4093 | 1309 | |||
4094 | 1310 | commit fdca62c93858e5bac09e5e20e0818585946a598d | ||
4095 | 1311 | Merge: 9a2010b d2c6e88 | ||
4096 | 1312 | Author: Jenkins <jenkins@review.openstack.org> | ||
4097 | 1313 | Date: Thu Mar 15 07:49:17 2012 +0000 | ||
4098 | 1314 | |||
4099 | 1315 | Merge "Raising unauthorized instead of 500 (bug 954547)" | ||
4100 | 1316 | |||
4101 | 1317 | commit 00a239278553fd357e56da35b559ec329dc9796a | ||
4102 | 1318 | Author: Joe Heck <heckj@mac.com> | ||
4103 | 1319 | Date: Wed Mar 14 19:03:59 2012 -0700 | ||
4104 | 1320 | |||
4105 | 1321 | Installing keystone docs | ||
4106 | 1322 | |||
4107 | 1323 | fixes bug 954217 | ||
4108 | 1324 | |||
4109 | 1325 | Change-Id: Iba79d2d5bae836037d5b0e10169d9bbdba8603dc | ||
4110 | 1326 | |||
4111 | 1327 | doc/source/index.rst | 5 +- | ||
4112 | 1328 | doc/source/installing.rst | 115 +++++++++++++++++++++++++++++++++++++++++++++ | ||
4113 | 1329 | 2 files changed, 118 insertions(+), 2 deletions(-) | ||
4114 | 1330 | |||
4115 | 1331 | commit ab6be05068068b0902db44b1d60f56eea4fe1215 | ||
4116 | 1332 | Author: Brian Lamar <brian.lamar@rackspace.com> | ||
4117 | 1333 | Date: Wed Mar 14 18:30:13 2012 -0400 | ||
4118 | 1334 | |||
4119 | 1335 | Update username -> name in token response. | ||
4120 | 1336 | |||
4121 | 1337 | Tokens validation responses contain user information. The API docs | ||
4122 | 1338 | seem to indicate token["user"]["name"] contains the username but | ||
4123 | 1339 | currently the auth_token.py middleware checks for | ||
4124 | 1340 | token["user"]["username"]. This updates that check and the tests. | ||
4125 | 1341 | |||
4126 | 1342 | Fixes bug 955563 | ||
4127 | 1343 | |||
4128 | 1344 | Change-Id: Ib2fbf6fcea87f7066394cf14c18158f1e5eeaf06 | ||
4129 | 1345 | |||
4130 | 1346 | keystone/middleware/auth_token.py | 2 +- | ||
4131 | 1347 | tests/test_auth_token_middleware.py | 8 ++++---- | ||
4132 | 1348 | 2 files changed, 5 insertions(+), 5 deletions(-) | ||
4133 | 1349 | |||
4134 | 1350 | commit 678dcad410b2496eb1ed34bb91c0d0914a9c6b0d | ||
4135 | 1351 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
4136 | 1352 | Date: Wed Mar 14 14:28:04 2012 -0500 | ||
4137 | 1353 | |||
4138 | 1354 | Refactor keystone.common.logging use (bug 948224) | ||
4139 | 1355 | |||
4140 | 1356 | Change-Id: I01b2b5748a2524273bb8c2b734ab22415652f739 | ||
4141 | 1357 | |||
4142 | 1358 | HACKING.rst | 20 ++++++++++++++++ | ||
4143 | 1359 | keystone/catalog/backends/templated.py | 2 +- | ||
4144 | 1360 | keystone/common/bufferedhttp.py | 8 +++++-- | ||
4145 | 1361 | keystone/common/ldap/core.py | 5 ++-- | ||
4146 | 1362 | keystone/common/ldap/fakeldap.py | 4 ++-- | ||
4147 | 1363 | keystone/common/sql/nova.py | 16 ++++++------- | ||
4148 | 1364 | keystone/common/utils.py | 15 ++++++------ | ||
4149 | 1365 | keystone/common/wsgi.py | 37 +++++++++++++++-------------- | ||
4150 | 1366 | keystone/middleware/auth_token.py | 40 ++++++++++++++++---------------- | ||
4151 | 1367 | keystone/policy/backends/rules.py | 2 +- | ||
4152 | 1368 | keystone/test.py | 3 ++- | ||
4153 | 1369 | 11 files changed, 90 insertions(+), 62 deletions(-) | ||
4154 | 1370 | |||
4155 | 1371 | commit 9a2010bfe81a386610a294d0b29c31e12db79773 | ||
4156 | 1372 | Merge: acc9f89 f4915af | ||
4157 | 1373 | Author: Jenkins <jenkins@review.openstack.org> | ||
4158 | 1374 | Date: Wed Mar 14 20:45:40 2012 +0000 | ||
4159 | 1375 | |||
4160 | 1376 | Merge "Allow connect to another tenant." | ||
4161 | 1377 | |||
4162 | 1378 | commit e7bb73767ba9b538bdab85cdb4edb2549c02427f | ||
4163 | 1379 | Author: Russell Bryant <rbryant@redhat.com> | ||
4164 | 1380 | Date: Wed Mar 14 16:05:46 2012 -0400 | ||
4165 | 1381 | |||
4166 | 1382 | Add automatically generated code docs. | ||
4167 | 1383 | |||
4168 | 1384 | Fix bug 954734. | ||
4169 | 1385 | |||
4170 | 1386 | Fix "python setup.py build_sphinx" to build the code documentation via | ||
4171 | 1387 | sphinx-apidoc. | ||
4172 | 1388 | |||
4173 | 1389 | Change-Id: I18eced31aab424b7c808697324cbf6cfede442a7 | ||
4174 | 1390 | |||
4175 | 1391 | setup.py | 3 +++ | ||
4176 | 1392 | 1 file changed, 3 insertions(+) | ||
4177 | 1393 | |||
4178 | 1394 | commit 9363d5fea676e1e083c5afe5287ef30c806046bf | ||
4179 | 1395 | Author: Adam Gandelman <adamg@canonical.com> | ||
4180 | 1396 | Date: Tue Mar 13 16:23:45 2012 -0700 | ||
4181 | 1397 | |||
4182 | 1398 | Properly return 501 for unsupported Catalog calls | ||
4183 | 1399 | |||
4184 | 1400 | Similar to the other APIs, this creates a Driver class that describes | ||
4185 | 1401 | expected functionality of the catalog driver and raises NotImplemented | ||
4186 | 1402 | accordingly. NotImplementedError()'s are caught and returned as proper | ||
4187 | 1403 | 501s instead of AttributeErrors. | ||
4188 | 1404 | |||
4189 | 1405 | Also fixes some inconsistent paramters names in the sql backend. | ||
4190 | 1406 | |||
4191 | 1407 | Fixes bug 954087 | ||
4192 | 1408 | |||
4193 | 1409 | Update: Convert usage of NotImplementedError() to new | ||
4194 | 1410 | keystone.exception.NotImplemented() for all | ||
4195 | 1411 | unimplemented driver actions. | ||
4196 | 1412 | |||
4197 | 1413 | Change-Id: I69d8e21a6f651e69b724ec5ed5784645bad80c00 | ||
4198 | 1414 | |||
4199 | 1415 | doc/source/architecture.rst | 2 +- | ||
4200 | 1416 | keystone/catalog/backends/kvs.py | 3 +- | ||
4201 | 1417 | keystone/catalog/backends/sql.py | 6 +-- | ||
4202 | 1418 | keystone/catalog/core.py | 79 ++++++++++++++++++++++++++++++++++++++ | ||
4203 | 1419 | keystone/exception.py | 6 +++ | ||
4204 | 1420 | keystone/identity/core.py | 56 +++++++++++++-------------- | ||
4205 | 1421 | keystone/policy/core.py | 3 +- | ||
4206 | 1422 | keystone/service.py | 4 +- | ||
4207 | 1423 | keystone/token/core.py | 7 ++-- | ||
4208 | 1424 | 9 files changed, 127 insertions(+), 39 deletions(-) | ||
4209 | 1425 | |||
4210 | 1426 | commit acc9f892b36aa7315ac84d1e7f6506a6fea9fbad | ||
4211 | 1427 | Merge: b03c204 a1e0174 | ||
4212 | 1428 | Author: Jenkins <jenkins@review.openstack.org> | ||
4213 | 1429 | Date: Wed Mar 14 18:22:30 2012 +0000 | ||
4214 | 1430 | |||
4215 | 1431 | Merge "Update docs for keystone client cli args" | ||
4216 | 1432 | |||
4217 | 1433 | commit 56e41037ba41b2507722dcbc54157cfe4cf4535f | ||
4218 | 1434 | Author: Joe Heck <heckj@mac.com> | ||
4219 | 1435 | Date: Wed Mar 14 17:19:37 2012 +0000 | ||
4220 | 1436 | |||
4221 | 1437 | docstring cleanup to remove sphinx warnings | ||
4222 | 1438 | |||
4223 | 1439 | Change-Id: Icfc273f2466f48307d2addd22b70f1759d23fd97 | ||
4224 | 1440 | |||
4225 | 1441 | keystone/common/policy.py | 17 ++++++++++------- | ||
4226 | 1442 | keystone/policy/backends/rules.py | 6 ++++-- | ||
4227 | 1443 | 2 files changed, 14 insertions(+), 9 deletions(-) | ||
4228 | 1444 | |||
4229 | 1445 | commit b03c2047815ff341547d2d9792dfd392148d277a | ||
4230 | 1446 | Author: Joe Heck <heckj@mac.com> | ||
4231 | 1447 | Date: Wed Mar 14 05:08:58 2012 +0000 | ||
4232 | 1448 | |||
4233 | 1449 | updating documentation for rewrite of auth_token. | ||
4234 | 1450 | |||
4235 | 1451 | fixes bug 944372 | ||
4236 | 1452 | |||
4237 | 1453 | Change-Id: Ifac365a6eb141e0ca4701cf139d6ea66a0b3ffbc | ||
4238 | 1454 | |||
4239 | 1455 | doc/source/configuringservices.rst | 3 +- | ||
4240 | 1456 | doc/source/images/graphs_305.svg | 41 -- | ||
4241 | 1457 | doc/source/images/graphs_both.svg | 36 -- | ||
4242 | 1458 | .../images/graphs_delegate_forbiden_basic.svg | 53 -- | ||
4243 | 1459 | .../images/graphs_delegate_forbiden_proxy.svg | 52 -- | ||
4244 | 1460 | doc/source/images/graphs_delegate_reject_basic.svg | 55 -- | ||
4245 | 1461 | doc/source/images/graphs_delegate_reject_oauth.svg | 56 -- | ||
4246 | 1462 | .../images/graphs_delegate_unimplemented.svg | 53 -- | ||
4247 | 1463 | doc/source/images/graphs_mapper.svg | 73 --- | ||
4248 | 1464 | doc/source/images/graphs_proxyAuth.svg | 51 -- | ||
4249 | 1465 | doc/source/images/images_layouts.svg | 200 ------- | ||
4250 | 1466 | doc/source/index.rst | 3 +- | ||
4251 | 1467 | doc/source/middleware_architecture.rst | 555 +++++--------------- | ||
4252 | 1468 | doc/source/old/middleware.rst | 169 ------ | ||
4253 | 1469 | doc/source/setup.rst | 28 +- | ||
4254 | 1470 | 15 files changed, 148 insertions(+), 1280 deletions(-) | ||
4255 | 1471 | |||
4256 | 1472 | commit f4915afc5af0d1252e7779fcc30ffff892a69d91 | ||
4257 | 1473 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
4258 | 1474 | Date: Wed Mar 14 16:19:12 2012 +0000 | ||
4259 | 1475 | |||
4260 | 1476 | Allow connect to another tenant. | ||
4261 | 1477 | |||
4262 | 1478 | - Works with nova s3_affix_tenant. | ||
4263 | 1479 | - This would only be allowed for user who has reselleradmin rights. | ||
4264 | 1480 | - Fixes bug 954505. | ||
4265 | 1481 | |||
4266 | 1482 | Change-Id: Iea84f1c61f6c725982c8bee95889ce084d9ffd82 | ||
4267 | 1483 | |||
4268 | 1484 | keystone/middleware/s3_token.py | 26 +++++++++++++++++++++----- | ||
4269 | 1485 | 1 file changed, 21 insertions(+), 5 deletions(-) | ||
4270 | 1486 | |||
4271 | 1487 | commit fb4cbe9d3766ac0ccbe746114d5c6745bc91e002 | ||
4272 | 1488 | Merge: 5b3e05b dc41cb5 | ||
4273 | 1489 | Author: Jenkins <jenkins@review.openstack.org> | ||
4274 | 1490 | Date: Wed Mar 14 06:08:00 2012 +0000 | ||
4275 | 1491 | |||
4276 | 1492 | Merge "Failing to update tenants (bug 953678, bug 954673)" | ||
4277 | 1493 | |||
4278 | 1494 | commit a1e01747ea81fc128d08c02d449b477f52003680 | ||
4279 | 1495 | Author: Dean Troyer <dtroyer@gmail.com> | ||
4280 | 1496 | Date: Wed Mar 14 00:35:47 2012 -0500 | ||
4281 | 1497 | |||
4282 | 1498 | Update docs for keystone client cli args | ||
4283 | 1499 | |||
4284 | 1500 | Changes CLI args in keystone command per updated http://wiki.openstack.org/CLIAuth | ||
4285 | 1501 | |||
4286 | 1502 | Change-Id: I097181c418f6cc2226fceb5c79d87fde36026594 | ||
4287 | 1503 | |||
4288 | 1504 | doc/source/configuration.rst | 12 ++++++------ | ||
4289 | 1505 | 1 file changed, 6 insertions(+), 6 deletions(-) | ||
4290 | 1506 | |||
4291 | 1507 | commit d2c6e88200bb33708a0861da4d1a10c0f7984895 | ||
4292 | 1508 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
4293 | 1509 | Date: Tue Mar 13 22:06:34 2012 -0500 | ||
4294 | 1510 | |||
4295 | 1511 | Raising unauthorized instead of 500 (bug 954547) | ||
4296 | 1512 | |||
4297 | 1513 | Change-Id: I557ff1ca51261edf0824aeb4565816216c59c76e | ||
4298 | 1514 | |||
4299 | 1515 | keystone/common/wsgi.py | 21 +++++++++++++++------ | ||
4300 | 1516 | 1 file changed, 15 insertions(+), 6 deletions(-) | ||
4301 | 1517 | |||
4302 | 1518 | commit dc41cb5c11951b416d3e379bc944ac85737b979a | ||
4303 | 1519 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
4304 | 1520 | Date: Tue Mar 13 16:11:27 2012 -0500 | ||
4305 | 1521 | |||
4306 | 1522 | Failing to update tenants (bug 953678, bug 954673) | ||
4307 | 1523 | |||
4308 | 1524 | - GET /tenants: Enabled attribute was being overridden | ||
4309 | 1525 | - "POST" /tenants/{tenant_id}: was failing to update KVS | ||
4310 | 1526 | |||
4311 | 1527 | Change-Id: Icc1efef52d35777d73e6010bdfc0409e24570aa2 | ||
4312 | 1528 | |||
4313 | 1529 | keystone/identity/backends/kvs.py | 3 +- | ||
4314 | 1530 | keystone/identity/core.py | 3 +- | ||
4315 | 1531 | tests/test_keystoneclient.py | 56 ++++++++++++++++++++++++++++--------- | ||
4316 | 1532 | 3 files changed, 47 insertions(+), 15 deletions(-) | ||
4317 | 1533 | |||
4318 | 1534 | commit 5b3e05bbabd5366461630327e4498fe582ff8ab7 | ||
4319 | 1535 | Author: Adam Young <ayoung@redhat.com> | ||
4320 | 1536 | Date: Wed Mar 7 16:04:32 2012 -0500 | ||
4321 | 1537 | |||
4322 | 1538 | added LDAP section to architecture and architecture | ||
4323 | 1539 | |||
4324 | 1540 | https://bugs.launchpad.net/keystone/+bug/949521 | ||
4325 | 1541 | |||
4326 | 1542 | Bug 949521 | ||
4327 | 1543 | |||
4328 | 1544 | Change-Id: I2e37c0d946e3d97a2c4bc4bf4a50bd94466f70c2 | ||
4329 | 1545 | |||
4330 | 1546 | doc/source/architecture.rst | 6 ++++++ | ||
4331 | 1547 | doc/source/configuration.rst | 42 +++++++++++++++++++++++++++++++++++++++--- | ||
4332 | 1548 | 2 files changed, 45 insertions(+), 3 deletions(-) | ||
4333 | 1549 | |||
4334 | 1550 | commit e65a22c43a7fe44621080cee01f394c90b54320d | ||
4335 | 1551 | Author: Peng Yong <ppyy@pubyun.com> | ||
4336 | 1552 | Date: Sun Mar 11 10:35:15 2012 +0800 | ||
4337 | 1553 | |||
4338 | 1554 | Bug #943031 MySQL Server has gone away | ||
4339 | 1555 | added docnotes of error messages caught for mysql and reference | ||
4340 | 1556 | |||
4341 | 1557 | Change-Id: I147b32193436be891e54e36c6adc1b16fda886d3 | ||
4342 | 1558 | |||
4343 | 1559 | AUTHORS | 1 + | ||
4344 | 1560 | keystone/common/sql/core.py | 43 +++++++++++++++++++++++++++++++++++++++---- | ||
4345 | 1561 | 2 files changed, 40 insertions(+), 4 deletions(-) | ||
4346 | 1562 | |||
4347 | 1563 | commit 97460ef70b7a8008a27f73384c389c2b4c23dded | ||
4348 | 1564 | Merge: dee8153 73af033 | ||
4349 | 1565 | Author: Jenkins <jenkins@review.openstack.org> | ||
4350 | 1566 | Date: Tue Mar 13 21:28:39 2012 +0000 | ||
4351 | 1567 | |||
4352 | 1568 | Merge "Improved legacy tenancy resolution (bug 951933)" | ||
4353 | 1569 | |||
4354 | 1570 | commit dee81534cb2743262e2287da35e9b5970bd9cc12 | ||
4355 | 1571 | Author: Joe Heck <heckj@mac.com> | ||
4356 | 1572 | Date: Tue Mar 13 13:53:40 2012 -0700 | ||
4357 | 1573 | |||
4358 | 1574 | making all use of time follow datetime.utcnow() | ||
4359 | 1575 | fixes bug 954057 | ||
4360 | 1576 | |||
4361 | 1577 | Change-Id: I14fa475dc03410b8843ab028d30fbc8802c4be30 | ||
4362 | 1578 | |||
4363 | 1579 | keystone/token/backends/kvs.py | 2 +- | ||
4364 | 1580 | keystone/token/backends/sql.py | 2 +- | ||
4365 | 1581 | keystone/token/core.py | 4 ++-- | ||
4366 | 1582 | tests/test_backend_memcache.py | 2 +- | ||
4367 | 1583 | 4 files changed, 5 insertions(+), 5 deletions(-) | ||
4368 | 1584 | |||
4369 | 1585 | commit 73af033ded8fe9ba54c37ab4f2a7553b3be1e450 | ||
4370 | 1586 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
4371 | 1587 | Date: Tue Mar 13 12:27:53 2012 -0500 | ||
4372 | 1588 | |||
4373 | 1589 | Improved legacy tenancy resolution (bug 951933) | ||
4374 | 1590 | |||
4375 | 1591 | Change-Id: Ia6fd5eb57e8d7f90328117351f7b814b1b4495dc | ||
4376 | 1592 | |||
4377 | 1593 | keystone/middleware/auth_token.py | 33 ++++-- | ||
4378 | 1594 | tests/test_auth_token_middleware.py | 201 ++++++++++++++++++++++++++--------- | ||
4379 | 1595 | 2 files changed, 174 insertions(+), 60 deletions(-) | ||
4380 | 1596 | |||
4381 | 1597 | commit f8cbd611cfa258f75051e41ebd83501cfec06630 | ||
4382 | 1598 | Author: Alan Pevec <apevec@redhat.com> | ||
4383 | 1599 | Date: Mon Feb 27 17:59:33 2012 +0100 | ||
4384 | 1600 | |||
4385 | 1601 | sample_data.sh: check file paths for packaged installations | ||
4386 | 1602 | |||
4387 | 1603 | v4: try to use system-wide configuration first | ||
4388 | 1604 | then fallback to assuming git checkout | ||
4389 | 1605 | |||
4390 | 1606 | Change-Id: I6916f554cb9848fcb2d090e142b8915ad19a7486 | ||
4391 | 1607 | |||
4392 | 1608 | tools/sample_data.sh | 19 +++++++++++++++---- | ||
4393 | 1609 | 1 file changed, 15 insertions(+), 4 deletions(-) | ||
4394 | 1610 | |||
4395 | 1611 | commit 1e07b98d77a6ccb254e6f4411682235a47dab137 | ||
4396 | 1612 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
4397 | 1613 | Date: Sat Mar 10 17:22:06 2012 +0100 | ||
4398 | 1614 | |||
4399 | 1615 | Fix iso8601 import/use and date comparaison. | ||
4400 | 1616 | |||
4401 | 1617 | - Store the unix time from iso8601.parse_date to compare against | ||
4402 | 1618 | time.time. | ||
4403 | 1619 | - on a WSGI environement the import don't get passed to the methods from | ||
4404 | 1620 | __init__ use a self. variable. | ||
4405 | 1621 | - Fixes bug 951603. | ||
4406 | 1622 | - Add unit tests. | ||
4407 | 1623 | - Add iso8601 to test-requires. | ||
4408 | 1624 | |||
4409 | 1625 | Change-Id: Ia8af8b203d1310d5ae6868c3a14dfdf68d6e5331 | ||
4410 | 1626 | |||
4411 | 1627 | keystone/middleware/auth_token.py | 6 ++- | ||
4412 | 1628 | tests/test_auth_token_middleware.py | 93 ++++++++++++++++++++++++++++------- | ||
4413 | 1629 | tools/test-requires | 1 + | ||
4414 | 1630 | 3 files changed, 79 insertions(+), 21 deletions(-) | ||
4415 | 1631 | |||
4416 | 1632 | commit a036b3f77ba39301d0a5d44afe6c4253c0db8b15 | ||
4417 | 1633 | Author: Dean Troyer <dtroyer@gmail.com> | ||
4418 | 1634 | Date: Mon Mar 12 14:45:34 2012 -0500 | ||
4419 | 1635 | |||
4420 | 1636 | Fix double-quoted service names | ||
4421 | 1637 | |||
4422 | 1638 | The Keystone service template parser doesn't do any quote interpolation, | ||
4423 | 1639 | it just splits on ' = ' and passes the two parts on. So we just remove | ||
4424 | 1640 | the quotes for now. | ||
4425 | 1641 | |||
4426 | 1642 | Fixes bug 943523 | ||
4427 | 1643 | |||
4428 | 1644 | Change-Id: Ib9e17e70926339ab67f9c50a52a5036eeb7bfb65 | ||
4429 | 1645 | |||
4430 | 1646 | etc/default_catalog.templates | 10 +++++----- | ||
4431 | 1647 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
4432 | 1648 | |||
4433 | 1649 | commit f6fd0c79219e0b4f8108aba73553b120f763af54 | ||
4434 | 1650 | Merge: 0c3c27c 1b64c84 | ||
4435 | 1651 | Author: Jenkins <jenkins@review.openstack.org> | ||
4436 | 1652 | Date: Sun Mar 11 06:42:37 2012 +0000 | ||
4437 | 1653 | |||
4438 | 1654 | Merge "Remove Nova Diablo reference from migrate docs" | ||
4439 | 1655 | |||
4440 | 1656 | commit 1b64c8405381000b8738195b265c6c81690d8e9e | ||
4441 | 1657 | Author: Brian Waldon <bcwaldon@gmail.com> | ||
4442 | 1658 | Date: Sat Mar 10 20:59:40 2012 -0800 | ||
4443 | 1659 | |||
4444 | 1660 | Remove Nova Diablo reference from migrate docs | ||
4445 | 1661 | |||
4446 | 1662 | Change-Id: Ic8e07197db0b926c2ac7ee0ad6fcc936314ffe6f | ||
4447 | 1663 | |||
4448 | 1664 | doc/source/configuration.rst | 2 +- | ||
4449 | 1665 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
4450 | 1666 | |||
4451 | 1667 | commit 0c3c27c7dbf8a4d359e8cae7f80fcaad5d8582e9 | ||
4452 | 1668 | Author: Deepak Garg <deepakgarg.iitg@gmail.com> | ||
4453 | 1669 | Date: Thu Mar 8 09:16:26 2012 +0530 | ||
4454 | 1670 | |||
4455 | 1671 | Fixes the cli documentation of user/tenant/roles | ||
4456 | 1672 | |||
4457 | 1673 | Fixed the subcommands and basic misconfiguration mentioned in bug #948211 | ||
4458 | 1674 | |||
4459 | 1675 | Note: deleted the old commands after the review comments. | ||
4460 | 1676 | |||
4461 | 1677 | Change-Id: I2a8491c35f346d120581156ae1743d07c3c11fd0 | ||
4462 | 1678 | |||
4463 | 1679 | AUTHORS | 1 + | ||
4464 | 1680 | doc/source/configuration.rst | 103 +++++++++++++----------------------------- | ||
4465 | 1681 | 2 files changed, 32 insertions(+), 72 deletions(-) | ||
4466 | 1682 | |||
4467 | 1683 | commit 9d245f8b6867bb7cb2b1230055de1230a483f0cb | ||
4468 | 1684 | Merge: a863c13 2f4fb46 | ||
4469 | 1685 | Author: Jenkins <jenkins@review.openstack.org> | ||
4470 | 1686 | Date: Sun Mar 11 01:54:48 2012 +0000 | ||
4471 | 1687 | |||
4472 | 1688 | Merge "create service endpoints in sample data" | ||
4473 | 1689 | |||
4474 | 1690 | commit a863c136720a1e3ddc098588afd171dc10ffb308 | ||
4475 | 1691 | Author: Brian Waldon <bcwaldon@gmail.com> | ||
4476 | 1692 | Date: Sat Mar 10 13:59:44 2012 -0800 | ||
4477 | 1693 | |||
4478 | 1694 | Add simple set of tests for auth_token middleware | ||
4479 | 1695 | |||
4480 | 1696 | Change-Id: Ie959e91dc555e35b8e5ba4b01c68a3f232efc115 | ||
4481 | 1697 | |||
4482 | 1698 | keystone/middleware/auth_token.py | 7 +- | ||
4483 | 1699 | tests/test_auth_token_middleware.py | 162 +++++++++++++++++++++++++++++++++++ | ||
4484 | 1700 | 2 files changed, 168 insertions(+), 1 deletion(-) | ||
4485 | 1701 | |||
4486 | 1702 | commit 7ee2a4618314217c1b5bae15e9346be4d9cb8107 | ||
4487 | 1703 | Merge: c373132 d6631d8 | ||
4488 | 1704 | Author: Jenkins <jenkins@review.openstack.org> | ||
4489 | 1705 | Date: Sat Mar 10 19:21:04 2012 +0000 | ||
4490 | 1706 | |||
4491 | 1707 | Merge "update documention on changing user password" | ||
4492 | 1708 | |||
4493 | 1709 | commit c373132e7fc720690d0f7531e1f5871632984c4f | ||
4494 | 1710 | Merge: 6db0067 259d938 | ||
4495 | 1711 | Author: Jenkins <jenkins@review.openstack.org> | ||
4496 | 1712 | Date: Sat Mar 10 19:01:34 2012 +0000 | ||
4497 | 1713 | |||
4498 | 1714 | Merge "enables run_test option to skip integration" | ||
4499 | 1715 | |||
4500 | 1716 | commit 6db00670ea33c39c408d657525ebd778c8932ce1 | ||
4501 | 1717 | Merge: ee5083d 48f2c7d | ||
4502 | 1718 | Author: Jenkins <jenkins@review.openstack.org> | ||
4503 | 1719 | Date: Sat Mar 10 11:29:31 2012 +0000 | ||
4504 | 1720 | |||
4505 | 1721 | Merge "Add AUTHORS to the tarball." | ||
4506 | 1722 | |||
4507 | 1723 | commit d6631d81d5f469415aed2023367adccb529ea656 | ||
4508 | 1724 | Author: Yaguang Tang <heut2008@gmail.com> | ||
4509 | 1725 | Date: Sat Mar 10 15:51:56 2012 +0800 | ||
4510 | 1726 | |||
4511 | 1727 | update documention on changing user password | ||
4512 | 1728 | |||
4513 | 1729 | Change-Id: I73be30eed4d2eed7a53c9dbdb5f29ec9c8f6eb6f | ||
4514 | 1730 | |||
4515 | 1731 | doc/source/configuration.rst | 4 ++-- | ||
4516 | 1732 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
4517 | 1733 | |||
4518 | 1734 | commit ee5083d7b4d7c9f3d687ccba6fe652af0966b9e0 | ||
4519 | 1735 | Merge: b5c8b3a 94abc7e | ||
4520 | 1736 | Author: Jenkins <jenkins@review.openstack.org> | ||
4521 | 1737 | Date: Sat Mar 10 07:35:54 2012 +0000 | ||
4522 | 1738 | |||
4523 | 1739 | Merge "Make sure we have a port number before int it." | ||
4524 | 1740 | |||
4525 | 1741 | commit 259d9380e835d03d7358e4d953404b8207b8e8d7 | ||
4526 | 1742 | Author: Joe Heck <heckj@mac.com> | ||
4527 | 1743 | Date: Fri Mar 9 22:41:47 2012 -0800 | ||
4528 | 1744 | |||
4529 | 1745 | enables run_test option to skip integration | ||
4530 | 1746 | |||
4531 | 1747 | * fixes bug 948495 | ||
4532 | 1748 | |||
4533 | 1749 | Change-Id: I274bfe9611d677c44117a0d9ff67394790794fc4 | ||
4534 | 1750 | |||
4535 | 1751 | run_tests.sh | 8 ++++++++ | ||
4536 | 1752 | 1 file changed, 8 insertions(+) | ||
4537 | 1753 | |||
4538 | 1754 | commit b5c8b3a81911491c97ee95e741c75ffd269f382a | ||
4539 | 1755 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
4540 | 1756 | Date: Fri Mar 2 15:31:54 2012 +0000 | ||
4541 | 1757 | |||
4542 | 1758 | Add token caching via memcache. | ||
4543 | 1759 | |||
4544 | 1760 | - Fixes bug 938253 | ||
4545 | 1761 | - caching requires both python-memcache and iso8601 | ||
4546 | 1762 | |||
4547 | 1763 | Change-Id: I23d5849aad4c6a2333b903eaca6d4f00be8615d3 | ||
4548 | 1764 | |||
4549 | 1765 | doc/source/nova-api-paste.rst | 2 +- | ||
4550 | 1766 | doc/source/old/middleware.rst | 2 +- | ||
4551 | 1767 | keystone/middleware/auth_token.py | 70 +++++++++++++++++++++++++++++++++++++ | ||
4552 | 1768 | 3 files changed, 72 insertions(+), 2 deletions(-) | ||
4553 | 1769 | |||
4554 | 1770 | commit 6f2c858f4382395bd4b4232e7ba3dd509327e4c6 | ||
4555 | 1771 | Author: Brian Lamar <brian.lamar@rackspace.com> | ||
4556 | 1772 | Date: Fri Mar 9 15:24:25 2012 -0500 | ||
4557 | 1773 | |||
4558 | 1774 | Update get_metadata to return {} | ||
4559 | 1775 | |||
4560 | 1776 | Fixes bug 951093 | ||
4561 | 1777 | |||
4562 | 1778 | While the actual issue was encountered in keystone/service.py, | ||
4563 | 1779 | the underlying issue is that all identity backends seems to be | ||
4564 | 1780 | returning None when no metadata is found for a user. I would argue | ||
4565 | 1781 | that returning {} makes it easier on clients. | ||
4566 | 1782 | |||
4567 | 1783 | Change-Id: I06faf755cc0dbe45b5d0a0f86c6235b27c856047 | ||
4568 | 1784 | |||
4569 | 1785 | keystone/identity/backends/kvs.py | 2 +- | ||
4570 | 1786 | keystone/identity/backends/ldap/core.py | 8 +++----- | ||
4571 | 1787 | keystone/identity/backends/sql.py | 2 +- | ||
4572 | 1788 | tests/default_fixtures.py | 4 ++++ | ||
4573 | 1789 | tests/test_backend.py | 19 +++++++++++++++++-- | ||
4574 | 1790 | 5 files changed, 26 insertions(+), 9 deletions(-) | ||
4575 | 1791 | |||
4576 | 1792 | commit e05bc6a6edeee5e1430e6c36fb38c911821800f5 | ||
4577 | 1793 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
4578 | 1794 | Date: Thu Mar 1 12:31:53 2012 -0600 | ||
4579 | 1795 | |||
4580 | 1796 | Diablo to Essex migration docs (bug 934328) | ||
4581 | 1797 | |||
4582 | 1798 | - Also includes notes to address bug 947060 | ||
4583 | 1799 | |||
4584 | 1800 | Change-Id: I2756457861f3e84334a7d37aed31372a3b02dd40 | ||
4585 | 1801 | |||
4586 | 1802 | doc/source/configuration.rst | 408 ++++++++++++++++++++++-------------- | ||
4587 | 1803 | doc/source/man/keystone-manage.rst | 9 +- | ||
4588 | 1804 | 2 files changed, 260 insertions(+), 157 deletions(-) | ||
4589 | 1805 | |||
4590 | 1806 | commit 5720730c2e55259f1894368e766256cded51a1df | ||
4591 | 1807 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
4592 | 1808 | Date: Fri Mar 2 13:38:39 2012 -0600 | ||
4593 | 1809 | |||
4594 | 1810 | Added license header (bug 929663) | ||
4595 | 1811 | |||
4596 | 1812 | Change-Id: Ia36a22f2d6bba411e4fad81ea2d6fa1f0465a733 | ||
4597 | 1813 | |||
4598 | 1814 | keystone/catalog/__init__.py | 16 ++++++++++++++++ | ||
4599 | 1815 | keystone/common/kvs.py | 14 ++++++++++++++ | ||
4600 | 1816 | keystone/common/ldap/__init__.py | 16 ++++++++++++++++ | ||
4601 | 1817 | keystone/common/ldap/core.py | 14 ++++++++++++++ | ||
4602 | 1818 | keystone/common/logging.py | 14 ++++++++++++++ | ||
4603 | 1819 | keystone/common/manager.py | 14 ++++++++++++++ | ||
4604 | 1820 | keystone/common/serializer.py | 16 ++++++++++++++++ | ||
4605 | 1821 | keystone/common/sql/__init__.py | 16 ++++++++++++++++ | ||
4606 | 1822 | keystone/common/sql/core.py | 14 ++++++++++++++ | ||
4607 | 1823 | keystone/common/sql/legacy.py | 14 ++++++++++++++ | ||
4608 | 1824 | keystone/common/sql/nova.py | 14 ++++++++++++++ | ||
4609 | 1825 | keystone/common/sql/util.py | 14 ++++++++++++++ | ||
4610 | 1826 | keystone/contrib/admin_crud/__init__.py | 16 ++++++++++++++++ | ||
4611 | 1827 | keystone/contrib/ec2/__init__.py | 16 ++++++++++++++++ | ||
4612 | 1828 | keystone/contrib/s3/__init__.py | 16 ++++++++++++++++ | ||
4613 | 1829 | keystone/identity/__init__.py | 16 ++++++++++++++++ | ||
4614 | 1830 | keystone/identity/backends/ldap/__init__.py | 16 ++++++++++++++++ | ||
4615 | 1831 | keystone/identity/backends/ldap/core.py | 14 ++++++++++++++ | ||
4616 | 1832 | keystone/middleware/__init__.py | 16 ++++++++++++++++ | ||
4617 | 1833 | keystone/policy/__init__.py | 16 ++++++++++++++++ | ||
4618 | 1834 | keystone/token/__init__.py | 16 ++++++++++++++++ | ||
4619 | 1835 | run_tests.sh | 14 ++++++++++++++ | ||
4620 | 1836 | setup.py | 3 +-- | ||
4621 | 1837 | tests/_ldap_livetest.py | 14 ++++++++++++++ | ||
4622 | 1838 | tests/default_fixtures.py | 16 ++++++++++++++++ | ||
4623 | 1839 | tests/test_backend_ldap.py | 14 ++++++++++++++ | ||
4624 | 1840 | tests/test_content_types.py | 14 ++++++++++++++ | ||
4625 | 1841 | tests/test_serializer.py | 14 ++++++++++++++ | ||
4626 | 1842 | tools/sample_data.sh | 14 ++++++++++++++ | ||
4627 | 1843 | 29 files changed, 419 insertions(+), 2 deletions(-) | ||
4628 | 1844 | |||
4629 | 1845 | commit 48f2c7d4efb5e4691802fa5124523590b6321975 | ||
4630 | 1846 | Author: Dan Prince <dprince@redhat.com> | ||
4631 | 1847 | Date: Fri Mar 9 12:54:06 2012 -0500 | ||
4632 | 1848 | |||
4633 | 1849 | Add AUTHORS to the tarball. | ||
4634 | 1850 | |||
4635 | 1851 | Fixes LP Bug #950998. | ||
4636 | 1852 | |||
4637 | 1853 | Change-Id: Ia521a9d013ef4fb332df4dc5576cc3e5f13651bc | ||
4638 | 1854 | |||
4639 | 1855 | MANIFEST.in | 1 + | ||
4640 | 1856 | 1 file changed, 1 insertion(+) | ||
4641 | 1857 | |||
4642 | 1858 | commit 2f4fb46159e8b73c8aba231ec2239b41bb53183c | ||
4643 | 1859 | Author: Alan Pevec <apevec@redhat.com> | ||
4644 | 1860 | Date: Wed Mar 7 21:31:37 2012 +0100 | ||
4645 | 1861 | |||
4646 | 1862 | create service endpoints in sample data | ||
4647 | 1863 | |||
4648 | 1864 | Enable creation of endpoints by setting ENABLE_ENDPOINTS environment | ||
4649 | 1865 | variable. Works with Catalog SQL backend. | ||
4650 | 1866 | |||
4651 | 1867 | Change-Id: I9ba0ea1b3cf35720fb338e91f48fcbddc326971b | ||
4652 | 1868 | |||
4653 | 1869 | keystone/catalog/backends/sql.py | 8 +++++- | ||
4654 | 1870 | tools/sample_data.sh | 51 +++++++++++++++++++++++++++++++++----- | ||
4655 | 1871 | 2 files changed, 52 insertions(+), 7 deletions(-) | ||
4656 | 1872 | |||
4657 | 1873 | commit 303a10b9460c506455a74e890567031cf4c9cdef | ||
4658 | 1874 | Author: Dean Troyer <dtroyer@gmail.com> | ||
4659 | 1875 | Date: Fri Mar 9 00:03:46 2012 -0600 | ||
4660 | 1876 | |||
4661 | 1877 | Fix EC2 credentials crud after policy backend change | ||
4662 | 1878 | |||
4663 | 1879 | https://review.openstack.org/4659 implemented the common policy code | ||
4664 | 1880 | but made a change to the exception thrown by wsgi.Application.assert_admin() | ||
4665 | 1881 | and Ec2Controller._is_admin() needed updating. | ||
4666 | 1882 | |||
4667 | 1883 | Fixes bug 950557 | ||
4668 | 1884 | |||
4669 | 1885 | Change-Id: I0e27aeeabd1be5a6012e34aa71efdfc2f2d5a726 | ||
4670 | 1886 | |||
4671 | 1887 | keystone/contrib/ec2/core.py | 2 +- | ||
4672 | 1888 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
4673 | 1889 | |||
4674 | 1890 | commit 0a124fa6a114ba357f6aec9ba4da5eb503483a95 | ||
4675 | 1891 | Merge: a2f2274 524cbd5 | ||
4676 | 1892 | Author: Jenkins <jenkins@review.openstack.org> | ||
4677 | 1893 | Date: Thu Mar 8 22:29:04 2012 +0000 | ||
4678 | 1894 | |||
4679 | 1895 | Merge "add more default catalog templates" | ||
4680 | 1896 | |||
4681 | 1897 | commit a2f2274c69df2ca5b040a69173f3eb7eb030c561 | ||
4682 | 1898 | Author: termie <github@anarkystic.com> | ||
4683 | 1899 | Date: Tue Feb 28 16:50:48 2012 -0800 | ||
4684 | 1900 | |||
4685 | 1901 | port common policy code to keystone | ||
4686 | 1902 | |||
4687 | 1903 | keystone.common.policy is copied from nova | ||
4688 | 1904 | |||
4689 | 1905 | leave simple backend in as a shim until devstack stops referencing it | ||
4690 | 1906 | |||
4691 | 1907 | Change-Id: Ibd579cfeb99465706d525b6565818a2d8f5f3b7c | ||
4692 | 1908 | |||
4693 | 1909 | etc/keystone.conf | 2 +- | ||
4694 | 1910 | etc/policy.json | 3 + | ||
4695 | 1911 | keystone/common/policy.py | 207 ++++++++++++++++++++++++++++++++++++ | ||
4696 | 1912 | keystone/common/utils.py | 43 ++++++++ | ||
4697 | 1913 | keystone/common/wsgi.py | 7 +- | ||
4698 | 1914 | keystone/policy/backends/rules.py | 104 ++++++++++++++++++ | ||
4699 | 1915 | keystone/policy/backends/simple.py | 22 +--- | ||
4700 | 1916 | keystone/policy/core.py | 10 ++ | ||
4701 | 1917 | keystone/test.py | 22 ++-- | ||
4702 | 1918 | tests/policy.json | 3 + | ||
4703 | 1919 | tests/test_policy.py | 180 +++++++++++++++++++++++++++++++ | ||
4704 | 1920 | 11 files changed, 575 insertions(+), 28 deletions(-) | ||
4705 | 1921 | |||
4706 | 1922 | commit e5254d48b133f3ec9798cc8eb48a03cb69ff2d97 | ||
4707 | 1923 | Merge: e422567 71aa1db | ||
4708 | 1924 | Author: Jenkins <jenkins@review.openstack.org> | ||
4709 | 1925 | Date: Thu Mar 8 21:38:24 2012 +0000 | ||
4710 | 1926 | |||
4711 | 1927 | Merge "fix Nova Volume Service in sample data" | ||
4712 | 1928 | |||
4713 | 1929 | commit e4225671cf9c5f3bac5a0f061fa90ad73a6ee673 | ||
4714 | 1930 | Author: Michael Basnight <mbasnight@gmail.com> | ||
4715 | 1931 | Date: Wed Mar 7 22:32:23 2012 -0600 | ||
4716 | 1932 | |||
4717 | 1933 | rename belongs_to to belongsTo as per the API spec. | ||
4718 | 1934 | |||
4719 | 1935 | fixes lp#949554 | ||
4720 | 1936 | |||
4721 | 1937 | Change-Id: Ia24dda7e9aa8e075861029dd5edeafd01c9d89c2 | ||
4722 | 1938 | |||
4723 | 1939 | keystone/service.py | 4 ++-- | ||
4724 | 1940 | tests/test_content_types.py | 2 +- | ||
4725 | 1941 | 2 files changed, 3 insertions(+), 3 deletions(-) | ||
4726 | 1942 | |||
4727 | 1943 | commit 5231d3cc022d7a894e41f03a53eadd9ec4f16220 | ||
4728 | 1944 | Merge: 5c6bccf a7472f1 | ||
4729 | 1945 | Author: Jenkins <jenkins@review.openstack.org> | ||
4730 | 1946 | Date: Thu Mar 8 20:26:21 2012 +0000 | ||
4731 | 1947 | |||
4732 | 1948 | Merge "HTTP_AUTHORIZATION was used in proxy mode" | ||
4733 | 1949 | |||
4734 | 1950 | commit 94abc7ed3e8105cf80ad60558d01fc0839adc027 | ||
4735 | 1951 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
4736 | 1952 | Date: Fri Mar 2 11:34:16 2012 +0000 | ||
4737 | 1953 | |||
4738 | 1954 | Make sure we have a port number before int it. | ||
4739 | 1955 | |||
4740 | 1956 | - Remove unused auth_location in s3_token along the way. | ||
4741 | 1957 | - Fixes bug 944720. | ||
4742 | 1958 | |||
4743 | 1959 | Change-Id: Ib6e48511d09798868c5ca3fa00472525bc9f8823 | ||
4744 | 1960 | |||
4745 | 1961 | keystone/middleware/auth_token.py | 3 +-- | ||
4746 | 1962 | keystone/middleware/s3_token.py | 9 +-------- | ||
4747 | 1963 | 2 files changed, 2 insertions(+), 10 deletions(-) | ||
4748 | 1964 | |||
4749 | 1965 | commit 5c6bccf1c57b06a19845c696c19274ae9f080104 | ||
4750 | 1966 | Author: Michael Basnight <mbasnight@gmail.com> | ||
4751 | 1967 | Date: Wed Mar 7 22:32:23 2012 -0600 | ||
4752 | 1968 | |||
4753 | 1969 | fixes lp#949648 change belongsTo validate to name | ||
4754 | 1970 | |||
4755 | 1971 | Change-Id: I3d36290ad95a0440c006e2daff5b831be62957ae | ||
4756 | 1972 | |||
4757 | 1973 | keystone/service.py | 2 +- | ||
4758 | 1974 | tests/test_content_types.py | 2 +- | ||
4759 | 1975 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
4760 | 1976 | |||
4761 | 1977 | commit 4e4f793e0becb19d77cf137587adb9944a15f5f8 | ||
4762 | 1978 | Merge: 161c658 5c7f3cf | ||
4763 | 1979 | Author: Jenkins <jenkins@review.openstack.org> | ||
4764 | 1980 | Date: Thu Mar 8 04:00:28 2012 +0000 | ||
4765 | 1981 | |||
4766 | 1982 | Merge "Set default identity driver to sql (bug 934332)" | ||
4767 | 1983 | |||
4768 | 1984 | commit 161c6587af3908a1e6f23c398bc2221395e4466c | ||
4769 | 1985 | Merge: 07985e4 989d62f | ||
4770 | 1986 | Author: Jenkins <jenkins@review.openstack.org> | ||
4771 | 1987 | Date: Thu Mar 8 03:54:52 2012 +0000 | ||
4772 | 1988 | |||
4773 | 1989 | Merge "Improve auth_str_equal()." | ||
4774 | 1990 | |||
4775 | 1991 | commit 07985e4349dcead9f5487910020f5dec07351e5e | ||
4776 | 1992 | Merge: d0429ea 98170a7 | ||
4777 | 1993 | Author: Jenkins <jenkins@review.openstack.org> | ||
4778 | 1994 | Date: Thu Mar 8 00:34:28 2012 +0000 | ||
4779 | 1995 | |||
4780 | 1996 | Merge "fixes bug lp#948439 belongs_to and serviceCatalog behavior * removing belongs_to as a kwarg and getting from the context * adding a serviceCatalog for belongs_to calls to tokens * adding test to validate belongs_to behavior in tokens" | ||
4781 | 1997 | |||
4782 | 1998 | commit a7472f139d7f1c4b40906e66302db720efdb19a7 | ||
4783 | 1999 | Author: Jesse Andrews <anotherjesse@gmail.com> | ||
4784 | 2000 | Date: Wed Mar 7 16:00:45 2012 -0800 | ||
4785 | 2001 | |||
4786 | 2002 | HTTP_AUTHORIZATION was used in proxy mode | ||
4787 | 2003 | |||
4788 | 2004 | Change-Id: I72eae79bd1991321eac224777fb186c5022f2c12 | ||
4789 | 2005 | |||
4790 | 2006 | keystone/middleware/auth_token.py | 6 ------ | ||
4791 | 2007 | 1 file changed, 6 deletions(-) | ||
4792 | 2008 | |||
4793 | 2009 | commit 71aa1db60ff4f83599819f1d86aea411bfc9f4ae | ||
4794 | 2010 | Author: Alan Pevec <apevec@redhat.com> | ||
4795 | 2011 | Date: Wed Mar 7 13:52:36 2012 +0100 | ||
4796 | 2012 | |||
4797 | 2013 | fix Nova Volume Service in sample data | ||
4798 | 2014 | |||
4799 | 2015 | Change-Id: Ic6bb8ddea1ab894076d1580f5dbbe535aa668a8a | ||
4800 | 2016 | |||
4801 | 2017 | tools/sample_data.sh | 4 ++-- | ||
4802 | 2018 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
4803 | 2019 | |||
4804 | 2020 | commit 98170a73dd28cebf9737c012d03554ffce5fd1f5 | ||
4805 | 2021 | Author: Michael Basnight <mbasnight@gmail.com> | ||
4806 | 2022 | Date: Tue Mar 6 21:36:01 2012 -0600 | ||
4807 | 2023 | |||
4808 | 2024 | fixes bug lp#948439 belongs_to and serviceCatalog behavior | ||
4809 | 2025 | * removing belongs_to as a kwarg and getting from the context | ||
4810 | 2026 | * adding a serviceCatalog for belongs_to calls to tokens | ||
4811 | 2027 | * adding test to validate belongs_to behavior in tokens | ||
4812 | 2028 | |||
4813 | 2029 | Change-Id: If6f6a7007a6830c57a5ac71aef0090e57a064232 | ||
4814 | 2030 | |||
4815 | 2031 | AUTHORS | 1 + | ||
4816 | 2032 | keystone/service.py | 22 ++++++++++++++++++---- | ||
4817 | 2033 | tests/test_content_types.py | 22 +++++++++++++++++++--- | ||
4818 | 2034 | 3 files changed, 38 insertions(+), 7 deletions(-) | ||
4819 | 2035 | |||
4820 | 2036 | commit d0429ea9b8849f99aa170cd09aef7776e2651dbf | ||
4821 | 2037 | Author: Devin Carlen <devin.carlen@gmail.com> | ||
4822 | 2038 | Date: Sat Mar 3 14:01:46 2012 -0800 | ||
4823 | 2039 | |||
4824 | 2040 | Make bind host configurable | ||
4825 | 2041 | |||
4826 | 2042 | * fixes bug 945868 | ||
4827 | 2043 | |||
4828 | 2044 | Change-Id: Ib33dc9ad1878a9215c1a1ab10814fa7d0905cbdb | ||
4829 | 2045 | |||
4830 | 2046 | bin/keystone-all | 6 ++++-- | ||
4831 | 2047 | etc/keystone.conf | 1 + | ||
4832 | 2048 | keystone/common/wsgi.py | 11 ++++++----- | ||
4833 | 2049 | keystone/config.py | 1 + | ||
4834 | 2050 | 4 files changed, 12 insertions(+), 7 deletions(-) | ||
4835 | 2051 | |||
4836 | 2052 | commit fe6414c8c1f769e6cc87fc001b6c52c5fea0f160 | ||
4837 | 2053 | Merge: 358ecca ec35ea8 | ||
4838 | 2054 | Author: Jenkins <jenkins@review.openstack.org> | ||
4839 | 2055 | Date: Wed Mar 7 18:11:04 2012 +0000 | ||
4840 | 2056 | |||
4841 | 2057 | Merge "Fix coverage jobs for Jenkins." | ||
4842 | 2058 | |||
4843 | 2059 | commit 358eccac110f0ae315382043386296f27a871a73 | ||
4844 | 2060 | Merge: b68051c fd4e961 | ||
4845 | 2061 | Author: Jenkins <jenkins@review.openstack.org> | ||
4846 | 2062 | Date: Wed Mar 7 18:05:42 2012 +0000 | ||
4847 | 2063 | |||
4848 | 2064 | Merge "Isolating backtraces to DEBUG (bug 947060)" | ||
4849 | 2065 | |||
4850 | 2066 | commit 524cbd58acd0c47664e164f72f25524cb95b09f0 | ||
4851 | 2067 | Author: Alan Pevec <apevec@redhat.com> | ||
4852 | 2068 | Date: Tue Mar 6 21:46:52 2012 +0100 | ||
4853 | 2069 | |||
4854 | 2070 | add more default catalog templates | ||
4855 | 2071 | |||
4856 | 2072 | Image, Volume and Ec2 services were missing | ||
4857 | 2073 | |||
4858 | 2074 | Change-Id: I409b0b587b0019dc97bf46760e8f732aa13b88de | ||
4859 | 2075 | |||
4860 | 2076 | etc/default_catalog.templates | 15 +++++++++++++++ | ||
4861 | 2077 | 1 file changed, 15 insertions(+) | ||
4862 | 2078 | |||
4863 | 2079 | commit ec35ea8b9e3b9ef3422ca8119e743de974099a68 | ||
4864 | 2080 | Author: Monty Taylor <mordred@inaugust.com> | ||
4865 | 2081 | Date: Tue Mar 6 22:11:38 2012 -0800 | ||
4866 | 2082 | |||
4867 | 2083 | Fix coverage jobs for Jenkins. | ||
4868 | 2084 | |||
4869 | 2085 | Change-Id: I9a97ac7b997f531d05d4a6beab7d6c16ced7016a | ||
4870 | 2086 | |||
4871 | 2087 | tox.ini | 4 ++-- | ||
4872 | 2088 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
4873 | 2089 | |||
4874 | 2090 | commit 989d62fe8f606cb4fecaaaf1395e1cd9c3d81d67 | ||
4875 | 2091 | Author: Russell Bryant <rbryant@redhat.com> | ||
4876 | 2092 | Date: Tue Mar 6 13:18:58 2012 -0500 | ||
4877 | 2093 | |||
4878 | 2094 | Improve auth_str_equal(). | ||
4879 | 2095 | |||
4880 | 2096 | This patch is to improve auth_str_equal() a bit. The whole point of | ||
4881 | 2097 | this function is to do a string comparison in constant time to help | ||
4882 | 2098 | protect against timing attacks. The original implementation had a bit | ||
4883 | 2099 | of a silly property in that it would exit early if the strings were not | ||
4884 | 2100 | of the same length. This would theoretically still allow someone to | ||
4885 | 2101 | discover the proper length of a password. | ||
4886 | 2102 | |||
4887 | 2103 | This patch moves the length verification to the end. It also makes it | ||
4888 | 2104 | so the main loop time to run is a function of the provided password | ||
4889 | 2105 | length instead of the length of the shorter of the two strings. | ||
4890 | 2106 | |||
4891 | 2107 | Change-Id: I6dbe076818b7e3e8a313544ebd5c5734b5a025e5 | ||
4892 | 2108 | |||
4893 | 2109 | keystone/common/utils.py | 22 +++++++++++++--------- | ||
4894 | 2110 | keystone/contrib/ec2/core.py | 4 ++-- | ||
4895 | 2111 | tests/test_utils.py | 1 + | ||
4896 | 2112 | 3 files changed, 16 insertions(+), 11 deletions(-) | ||
4897 | 2113 | |||
4898 | 2114 | commit 5c7f3cff8d489fefbc34dadbefea6dc9604c4a4a | ||
4899 | 2115 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
4900 | 2116 | Date: Fri Mar 2 11:26:29 2012 -0600 | ||
4901 | 2117 | |||
4902 | 2118 | Set default identity driver to sql (bug 934332) | ||
4903 | 2119 | |||
4904 | 2120 | Change-Id: Ibc5502f0feb2bcc9583ccd1aa9bf9bd94fef43ca | ||
4905 | 2121 | |||
4906 | 2122 | etc/keystone.conf | 2 +- | ||
4907 | 2123 | tests/test_overrides.conf | 3 +++ | ||
4908 | 2124 | 2 files changed, 4 insertions(+), 1 deletion(-) | ||
4909 | 2125 | |||
4910 | 2126 | commit b68051cd13cc71ebd15cd478afedf0c5d07ebd4e | ||
4911 | 2127 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
4912 | 2128 | Date: Fri Mar 2 10:50:57 2012 -0600 | ||
4913 | 2129 | |||
4914 | 2130 | Renamed sqlite files (bug 944951) | ||
4915 | 2131 | |||
4916 | 2132 | Change-Id: Iae7aa34de0bf68da9e422719605753634cc0d113 | ||
4917 | 2133 | |||
4918 | 2134 | etc/keystone.conf | 2 +- | ||
4919 | 2135 | keystone/common/sql/util.py | 2 +- | ||
4920 | 2136 | tests/backend_sql.conf | 2 +- | ||
4921 | 2137 | 3 files changed, 3 insertions(+), 3 deletions(-) | ||
4922 | 2138 | |||
4923 | 2139 | commit 6621c79b06fc2848072e59d22d1224ae3a0c593a | ||
4924 | 2140 | Merge: a18b3f2 e8fb989 | ||
4925 | 2141 | Author: Jenkins <jenkins@review.openstack.org> | ||
4926 | 2142 | Date: Tue Mar 6 17:07:45 2012 +0000 | ||
4927 | 2143 | |||
4928 | 2144 | Merge "Add reseller admin capability." | ||
4929 | 2145 | |||
4930 | 2146 | commit fd4e9616ddca4dbd0c4f0545c376167b966eae8d | ||
4931 | 2147 | Author: Dolph Mathews <dolph.mathews@gmail.com> | ||
4932 | 2148 | Date: Mon Mar 5 16:47:58 2012 -0600 | ||
4933 | 2149 | |||
4934 | 2150 | Isolating backtraces to DEBUG (bug 947060) | ||
4935 | 2151 | |||
4936 | 2152 | Debug mode on: http://pastie.org/3529520 | ||
4937 | 2153 | (full backtrace to stdout) | ||
4938 | 2154 | |||
4939 | 2155 | Debug mode off: http://pastie.org/3529526 | ||
4940 | 2156 | (Just an error message to stdout) | ||
4941 | 2157 | |||
4942 | 2158 | Change-Id: I1d4e17cf73e7777c3cbaef7c5d7fd18a4f6e53dc | ||
4943 | 2159 | |||
4944 | 2160 | keystone/catalog/backends/templated.py | 8 +++++++- | ||
4945 | 2161 | keystone/common/logging.py | 18 ++++++++++++++++++ | ||
4946 | 2162 | keystone/service.py | 4 ++++ | ||
4947 | 2163 | 3 files changed, 29 insertions(+), 1 deletion(-) | ||
4948 | 2164 | |||
4949 | 2165 | commit a18b3f29c4a977977e6bf29d1edcba43d5e6005b | ||
4950 | 2166 | Merge: f8d7bbd 460c3f3 | ||
4951 | 2167 | Author: Jenkins <jenkins@review.openstack.org> | ||
4952 | 2168 | Date: Mon Mar 5 20:45:05 2012 +0000 | ||
4953 | 2169 | |||
4954 | 2170 | Merge "Remove trailing whitespaces in regular file" | ||
4955 | 2171 | |||
4956 | 2172 | commit f8d7bbd45b3e4d4fb3a77a74b1bd54f196dacda0 | ||
4957 | 2173 | Merge: fad1a38 bc34635 | ||
4958 | 2174 | Author: Jenkins <jenkins@review.openstack.org> | ||
4959 | 2175 | Date: Mon Mar 5 20:39:47 2012 +0000 | ||
4960 | 2176 | |||
4961 | 2177 | Merge "LDAP get_user_by_name" | ||
4962 | 2178 | |||
4963 | 2179 | commit fad1a388f89681a0f487ad5bb1aba2a58ea14b47 | ||
4964 | 2180 | Author: Joe Heck <heckj@mac.com> | ||
4965 | 2181 | Date: Fri Mar 2 16:39:10 2012 -0800 | ||
4966 | 2182 | |||
4967 | 2183 | updating readme to point to developer setup docs | ||
4968 | 2184 | * fixes bug 945274 | ||
4969 | 2185 | |||
4970 | 2186 | Change-Id: I6caf8da9fd0bd5647ae913efd752dd6651abcb85 | ||
4971 | 2187 | |||
4972 | 2188 | README.rst | 7 +++++++ | ||
4973 | 2189 | 1 file changed, 7 insertions(+) | ||
4974 | 2190 | |||
4975 | 2191 | commit e8fb989b8b07f3209300ecba043bdf14c94d497f | ||
4976 | 2192 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
4977 | 2193 | Date: Mon Feb 13 23:29:49 2012 +0000 | ||
4978 | 2194 | |||
4979 | 2195 | Add reseller admin capability. | ||
4980 | 2196 | |||
4981 | 2197 | - A user with the reseller admin role will be able to access to every | ||
4982 | 2198 | other accounts. | ||
4983 | 2199 | - Rename name groups to roles. | ||
4984 | 2200 | |||
4985 | 2201 | Change-Id: I8e86d8280a8fcdefbd4f9386bec11afdad797167 | ||
4986 | 2202 | |||
4987 | 2203 | keystone/middleware/swift_auth.py | 45 ++++++++++++++++++++++++------------- | ||
4988 | 2204 | 1 file changed, 29 insertions(+), 16 deletions(-) | ||
4989 | 2205 | |||
4990 | 2206 | commit 460c3f389185f352c36ccbe5e9f11579de334643 | ||
4991 | 2207 | Author: Hengqing Hu <hudayou@hotmail.com> | ||
4992 | 2208 | Date: Sat Mar 3 13:10:06 2012 +0800 | ||
4993 | 2209 | |||
4994 | 2210 | Remove trailing whitespaces in regular file | ||
4995 | 2211 | |||
4996 | 2212 | Change-Id: I8d05fbb7a372bf9a813da9165cd40af71a1ae4c2 | ||
4997 | 2213 | |||
4998 | 2214 | AUTHORS | 1 + | ||
4999 | 2215 | doc/source/index.rst | 2 +- | ||
5000 | 2216 | doc/source/man/keystone-manage.rst | 2 +- |
Yolanda
Minor nitpick; this branch drops an empty line from the changelog;
Other than that builds OK.