Merge lp:~zulcss/keystone/keystone-cloud-g2 into lp:~ubuntu-cloud-archive/ubuntu/precise/keystone/trunk
- keystone-cloud-g2
- Merge into trunk
Proposed by
Chuck Short
Status: | Merged |
---|---|
Approved by: | Adam Gandelman |
Approved revision: | 38 |
Merged at revision: | 38 |
Proposed branch: | lp:~zulcss/keystone/keystone-cloud-g2 |
Merge into: | lp:~ubuntu-cloud-archive/ubuntu/precise/keystone/trunk |
Diff against target: |
14128 lines (+7542/-3798) 123 files modified
AUTHORS (+7/-0) ChangeLog (+1002/-0) HACKING.rst (+1/-1) MANIFEST.in (+1/-1) README.rst (+7/-0) bin/keystone-all (+8/-1) debian/changelog (+33/-0) debian/control (+5/-5) debian/keystone.config (+0/-19) debian/keystone.manpages (+1/-1) debian/keystone.postinst (+3/-25) debian/keystone.postrm (+0/-14) debian/keystone.prerm (+0/-17) debian/keystone.templates (+1/-1) debian/keystone.upstart (+4/-2) debian/man/keystone-admin.8 (+0/-63) debian/man/keystone-auth.8 (+0/-63) debian/man/keystone-control.8 (+0/-63) debian/man/keystone-import.8 (+0/-12) debian/man/keystone.8 (+0/-64) debian/patches/fix-ubuntu-tests.patch (+38/-3) debian/po/POTFILES.in (+1/-0) debian/po/templates.pot (+58/-0) debian/rules (+1/-1) debian/tests/test_overrides.conf (+3/-3) doc/source/configuration.rst (+10/-10) doc/source/configuringservices.rst (+2/-145) doc/source/external-auth.rst (+117/-0) doc/source/index.rst (+1/-0) doc/source/setup.rst (+1/-1) keystone.egg-info/SOURCES.txt (+26/-4) keystone.egg-info/requires.txt (+1/-1) keystone/catalog/__init__.py (+2/-0) keystone/catalog/backends/sql.py (+31/-23) keystone/catalog/backends/templated.py (+1/-1) keystone/catalog/controllers.py (+184/-0) keystone/catalog/core.py (+11/-143) keystone/catalog/routers.py (+25/-0) keystone/clean.py (+11/-6) keystone/cli.py (+62/-85) keystone/common/bufferedhttp.py (+2/-2) keystone/common/cms.py (+2/-2) keystone/common/controller.py (+15/-15) keystone/common/dependency.py (+67/-0) keystone/common/ldap/core.py (+18/-15) keystone/common/ldap/fakeldap.py (+28/-26) keystone/common/models.py (+18/-1) keystone/common/router.py (+56/-0) keystone/common/sql/core.py (+2/-1) keystone/common/sql/legacy.py (+1/-1) keystone/common/sql/migrate_repo/versions/001_add_initial_tables.py (+8/-2) keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql (+0/-1) keystone/common/sql/migrate_repo/versions/003_token_valid.py (+0/-4) keystone/common/sql/migrate_repo/versions/006_add_policy_table.py (+5/-2) keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py (+5/-1) keystone/common/sql/migrate_repo/versions/008_normalize_identity.py (+58/-0) keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql (+5/-0) keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py (+145/-0) keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py (+53/-0) keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py (+96/-0) keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py (+50/-0) keystone/common/sql/migrate_repo/versions/013_add_group_tables.py (+93/-0) keystone/common/sql/migration.py (+1/-1) keystone/common/sql/nova.py (+7/-7) keystone/common/utils.py (+34/-11) keystone/common/wsgi.py (+4/-4) keystone/config.py (+19/-3) keystone/contrib/admin_crud/core.py (+5/-6) keystone/contrib/ec2/core.py (+6/-16) keystone/contrib/user_crud/core.py (+5/-12) keystone/controllers.py (+144/-0) keystone/exception.py (+4/-0) keystone/identity/__init__.py (+2/-0) keystone/identity/backends/kvs.py (+192/-15) keystone/identity/backends/ldap/core.py (+113/-3) keystone/identity/backends/pam.py (+0/-3) keystone/identity/backends/sql.py (+317/-61) keystone/identity/controllers.py (+644/-0) keystone/identity/core.py (+114/-629) keystone/identity/routers.py (+179/-0) keystone/locale/hu/LC_MESSAGES/keystone.po (+313/-0) keystone/locale/keystone.pot (+279/-9) keystone/middleware/swift_auth.py (+0/-295) keystone/openstack/common/cfg.py (+298/-173) keystone/policy/__init__.py (+2/-0) keystone/policy/backends/rules.py (+1/-1) keystone/policy/controllers.py (+48/-0) keystone/policy/core.py (+3/-33) keystone/policy/routers.py (+22/-0) keystone/routers.py (+69/-0) keystone/service.py (+28/-974) keystone/test.py (+23/-10) keystone/token/__init__.py (+2/-0) keystone/token/backends/kvs.py (+7/-7) keystone/token/backends/memcache.py (+4/-4) keystone/token/backends/sql.py (+4/-4) keystone/token/controllers.py (+606/-0) keystone/token/core.py (+28/-20) keystone/token/routers.py (+57/-0) run_tests.sh (+2/-2) setup.py (+0/-1) tests/_ldap_livetest.py (+0/-1) tests/default_fixtures.py (+8/-0) tests/test_auth.py (+389/-0) tests/test_backend.py (+326/-17) tests/test_backend_ldap.py (+47/-0) tests/test_backend_sql.py (+34/-46) tests/test_cert_setup.py (+9/-7) tests/test_content_types.py (+29/-2) tests/test_contrib_s3_core.py (+54/-0) tests/test_drivers.py (+52/-0) tests/test_import_legacy.py (+5/-3) tests/test_injection.py (+141/-0) tests/test_s3_token_middleware.py (+4/-4) tests/test_service.py (+0/-298) tests/test_sql_upgrade.py (+236/-12) tests/test_swift_auth_middleware.py (+0/-249) tests/test_v3.py (+9/-0) tests/test_v3_identity.py (+198/-3) tools/flakes.py (+22/-0) tools/pip-requires (+1/-1) tools/test-requires (+2/-0) tox.ini (+4/-0) |
To merge this branch: | bzr merge lp:~zulcss/keystone/keystone-cloud-g2 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Adam Gandelman (community) | Needs Fixing | ||
Review via email: mp+144557@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
- 38. By Chuck Short
-
Fix changelog
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'AUTHORS' |
2 | --- AUTHORS 2012-11-23 09:01:53 +0000 |
3 | +++ AUTHORS 2013-01-25 16:27:23 +0000 |
4 | @@ -40,6 +40,7 @@ |
5 | Doug Hellmann <doug.hellmann@dreamhost.com> |
6 | Ed Leafe <ed@leafe.com> |
7 | Édouard Thuleau <edouard1.thuleau@orange.com> |
8 | +Eduardo Patrocinio <epatro@gmail.com> |
9 | Eoghan Glynn <eglynn@redhat.com> |
10 | Everett Toews <everett.toews@gmail.com> |
11 | Ewan Mellor <ewan.mellor@citrix.com> |
12 | @@ -64,6 +65,7 @@ |
13 | Joe Heck <heckj@mac.com> |
14 | Joe Savak <joe.savak@rackspace.com> |
15 | Johannes Erdfelt <johannes.erdfelt@rackspace.com> |
16 | +John Bresnahan <jbresnah@redhat.com> |
17 | John Dickinson <me@not.mn> |
18 | John Eo <john.eo@rackspace.com> |
19 | John Eo <joon.eo@gmail.com> |
20 | @@ -85,6 +87,7 @@ |
21 | Lin Hua Cheng <lin-hua.cheng@hp.com> |
22 | long-wang <long.wang@bj.cs2c.com.cn> |
23 | Mark Gius <mgius7096@gmail.com> |
24 | +Mark J. Washenberger <mark.washenberger@markwash.net> |
25 | Mark McLoughlin <markmc@redhat.com> |
26 | Maru Newby <mnewby@internap.com> |
27 | Michael Basnight <mbasnight@gmail.com> |
28 | @@ -92,6 +95,7 @@ |
29 | Mohammed Naser <mnaser@vexxhost.com> |
30 | monsterxx03 <xyj.asmy@gmail.com> |
31 | Monty Taylor <mordred@inaugust.com> |
32 | +Nachiappan VR N <nachiappan.veerappan-nachiappan@hp.com> |
33 | OpenStack Jenkins <jenkins@openstack.org> |
34 | Pádraig Brady <pbrady@redhat.com> |
35 | Pádraig Brady <P@draigBrady.com> |
36 | @@ -121,11 +125,13 @@ |
37 | Sirish Bitra <sirish.bitra@gmail.com> |
38 | Sony K. Philip <sony@hcleai.com> |
39 | Stef T <stelford@internap.com> |
40 | +Steve Martinelli <stevemar@ca.ibm.com> |
41 | Syed Armani <dce3062@gmail.com> |
42 | termie <github@anarkystic.com> |
43 | Thierry Carrez <thierry@openstack.org> |
44 | Tim Simpson <tim.simpson@rackspace.com> |
45 | Todd Willey <xtoddx@gmail.com> |
46 | +Tom Fifield <fifieldt@unimelb.edu.au> |
47 | Unmesh Gurjar <unmesh.gurjar@nttdata.com> |
48 | Unmesh Gurjar <unmesh.gurjar@vertex.co.in> |
49 | Vincent Hou <sbhou@cn.ibm.com> |
50 | @@ -134,6 +140,7 @@ |
51 | vishvananda <vishvananda@gmail.com> |
52 | wanglong <wl3617@qq.com> |
53 | Will Kelly <the.william.kelly@gmail.com> |
54 | +Wu Wenxiang <wu.wenxiang@99cloud.net> |
55 | Yaguang Tang <heut2008@gmail.com> |
56 | Yogeshwar Srikrishnan <yoga80@yahoo.com> |
57 | Yong Sheng Gong <gongysh@cn.ibm.com> |
58 | |
59 | === modified file 'ChangeLog' |
60 | --- ChangeLog 2012-11-23 09:01:53 +0000 |
61 | +++ ChangeLog 2013-01-25 16:27:23 +0000 |
62 | @@ -1,3 +1,1005 @@ |
63 | +commit 788f6c5ee60bea0146ae0f86a7aec9430654be8d |
64 | +Merge: 4fae928 3244451 |
65 | +Author: Jenkins <jenkins@review.openstack.org> |
66 | +Date: Wed Jan 9 05:38:12 2013 +0000 |
67 | + |
68 | + Merge "Add missing .po files to tarball" |
69 | + |
70 | +commit 4fae928c59beaa558306a5aa3a3aa5c6f4945b70 |
71 | +Author: Henry Nash <henryn@linux.vnet.ibm.com> |
72 | +Date: Thu Dec 13 16:48:13 2012 +0000 |
73 | + |
74 | + Keystone server support for user groups |
75 | + |
76 | + This implements the server side of groups of users. This |
77 | + set of code provides all the crud functionality for groups as |
78 | + well as the corresponding support for role assignments. |
79 | + |
80 | + blueprint user-groups |
81 | + |
82 | + The following deficiencies existing with the current version and |
83 | + will be corrected ahead of the final Grizzly release: |
84 | + |
85 | + 1) There is only placeholder support for LDAP (Bug #1092187) |
86 | + 2) Domain role grants are accepted but not yet honored (Bug #1093248) |
87 | + 3) Token invalidation does not occur with group changes (Bug #1093493) |
88 | + |
89 | + This update also fills in missing v3 grant unit testing and v3 grant |
90 | + support within the kvs backend. In addition, there is a fix for |
91 | + Bug #1092200 (uncaught exception when listing grants) |
92 | + |
93 | + DocImpact |
94 | + |
95 | + Change-Id: Ibd1783b04b2d7804eff90312e5ef591dca4d0695 |
96 | + |
97 | + keystone/clean.py | 4 + |
98 | + keystone/common/models.py | 17 + |
99 | + .../migrate_repo/versions/013_add_group_tables.py | 93 +++++ |
100 | + keystone/config.py | 11 + |
101 | + keystone/exception.py | 4 + |
102 | + keystone/identity/backends/kvs.py | 201 ++++++++++- |
103 | + keystone/identity/backends/ldap/core.py | 109 ++++++ |
104 | + keystone/identity/backends/pam.py | 3 - |
105 | + keystone/identity/backends/sql.py | 362 +++++++++++++++++--- |
106 | + keystone/identity/controllers.py | 103 ++++-- |
107 | + keystone/identity/core.py | 113 +++++- |
108 | + keystone/identity/routers.py | 67 +++- |
109 | + keystone/service.py | 1 + |
110 | + keystone/token/controllers.py | 70 +++- |
111 | + tests/test_auth.py | 39 +++ |
112 | + tests/test_backend.py | 306 +++++++++++++++++ |
113 | + tests/test_backend_ldap.py | 47 +++ |
114 | + tests/test_sql_upgrade.py | 18 +- |
115 | + tests/test_v3.py | 8 + |
116 | + tests/test_v3_identity.py | 199 ++++++++++- |
117 | + 20 files changed, 1669 insertions(+), 106 deletions(-) |
118 | + |
119 | +commit 3244451c1beb2236c99e1bace5925e4953b6771e |
120 | +Author: Thierry Carrez <thierry@openstack.org> |
121 | +Date: Mon Jan 7 14:37:53 2013 +0100 |
122 | + |
123 | + Add missing .po files to tarball |
124 | + |
125 | + Fix MANIFEST.in to include .po files in keystone/locale. |
126 | + Fixes bug 1096063. |
127 | + |
128 | + Change-Id: I4cf06a0777b5f22344ff18321bbf155f574b1e49 |
129 | + |
130 | + MANIFEST.in | 2 +- |
131 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
132 | + |
133 | +commit 9460ff5c35809f4911cb5a1ee5f68d6351e797f4 |
134 | +Merge: 2162e4b 64672bd |
135 | +Author: Jenkins <jenkins@review.openstack.org> |
136 | +Date: Sat Jan 5 23:33:29 2013 +0000 |
137 | + |
138 | + Merge "Upgrade WebOb to 1.2.3" |
139 | + |
140 | +commit 2162e4b3b54f99095aa0f5f6fc3cbcad20436cc4 |
141 | +Merge: 2b08994 5a81be3 |
142 | +Author: Jenkins <jenkins@review.openstack.org> |
143 | +Date: Sat Jan 5 23:25:14 2013 +0000 |
144 | + |
145 | + Merge "Removed unused imports" |
146 | + |
147 | +commit 2b08994e1f9d4ea7d7659faa014f541ed9a82e0e |
148 | +Merge: 863acc7 0e5533e |
149 | +Author: Jenkins <jenkins@review.openstack.org> |
150 | +Date: Fri Jan 4 22:29:31 2013 +0000 |
151 | + |
152 | + Merge "il8n some strings" |
153 | + |
154 | +commit 863acc7b6d39de3596e2bf767397774053156f45 |
155 | +Merge: 76af49f 1f01d30 |
156 | +Author: Jenkins <jenkins@review.openstack.org> |
157 | +Date: Thu Jan 3 19:30:53 2013 +0000 |
158 | + |
159 | + Merge "shorten pep8 output" |
160 | + |
161 | +commit 64672bdeb13097285af8dec16b6cacbef4495bab |
162 | +Author: Doug Hellmann <doug.hellmann@dreamhost.com> |
163 | +Date: Thu Jan 3 11:08:15 2013 -0500 |
164 | + |
165 | + Upgrade WebOb to 1.2.3 |
166 | + |
167 | + The version of WebOb being used in OpenStack was more than |
168 | + 1 year old. This change updates to the latest stable release. |
169 | + |
170 | + Upgrading WebOb resolves a version conflict between OpenStack |
171 | + and Pecan, the web framework used by the Ceilometer team for |
172 | + version 2 of the ceilometer API. |
173 | + |
174 | + Refer to http://docs.webob.org/en/latest/news.html |
175 | + for the list of changes between 1.0.8 and 1.2.3. |
176 | + |
177 | + bug 1092227 |
178 | + |
179 | + Change-Id: If68866122e6c492b03887af5953ab7cad01787ba |
180 | + Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com> |
181 | + |
182 | + tools/pip-requires | 4 ++-- |
183 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
184 | + |
185 | +commit 0e5533eb6f828cffac1cdd98a524f69503332cec |
186 | +Author: Chuck Short <chuck.short@canonical.com> |
187 | +Date: Thu Jan 3 08:32:34 2013 -0600 |
188 | + |
189 | + il8n some strings |
190 | + |
191 | + il8n some more missing strings. |
192 | + |
193 | + Change-Id: I56d1d83093c8a5e895571e2d2db41c7600662754 |
194 | + Signed-off-by: Chuck Short <chuck.short@canonical.com> |
195 | + |
196 | + keystone/common/controller.py | 14 +++++++------- |
197 | + keystone/common/ldap/core.py | 16 ++++++++-------- |
198 | + keystone/common/sql/migration.py | 2 +- |
199 | + keystone/common/utils.py | 4 ++-- |
200 | + keystone/identity/backends/ldap/core.py | 2 +- |
201 | + 5 files changed, 19 insertions(+), 19 deletions(-) |
202 | + |
203 | +commit 76af49f11a5cd2ef7be93c5cbe3244fe48cc6b31 |
204 | +Author: OpenStack Jenkins <jenkins@openstack.org> |
205 | +Date: Wed Jan 2 00:00:46 2013 +0000 |
206 | + |
207 | + Imported Translations from Transifex |
208 | + |
209 | + Change-Id: I94d6360ce6f6ca8150a83c12af887452bc4a41f6 |
210 | + |
211 | + keystone/locale/hu/LC_MESSAGES/keystone.po | 313 ++++++++++++++++++++++++++++ |
212 | + keystone/locale/keystone.pot | 18 +- |
213 | + 2 files changed, 324 insertions(+), 7 deletions(-) |
214 | + |
215 | +commit 5a81be30de7c756716aef06a361a88f553be9b76 |
216 | +Author: Chuck Short <chuck.short@canonical.com> |
217 | +Date: Fri Dec 28 10:39:33 2012 -0600 |
218 | + |
219 | + Removed unused imports |
220 | + |
221 | + Removed unused imports |
222 | + |
223 | + Change-Id: I646d79849731b87ce6c1eeb80f42c77dd789ecff |
224 | + Signed-off-by: Chuck Short <chuck.short@canonical.com> |
225 | + |
226 | + keystone/cli.py | 4 ---- |
227 | + keystone/common/router.py | 1 - |
228 | + .../versions/001_add_initial_tables.py | 1 - |
229 | + .../sql/migrate_repo/versions/003_token_valid.py | 4 ---- |
230 | + .../migrate_repo/versions/006_add_policy_table.py | 1 - |
231 | + .../migrate_repo/versions/007_add_domain_tables.py | 1 - |
232 | + .../versions/008_normalize_identity.py | 3 --- |
233 | + .../versions/009_normalize_identity_migration.py | 3 +-- |
234 | + .../sql/migrate_repo/versions/010_endpoints_v3.py | 1 - |
235 | + .../versions/012_drop_legacy_endpoints.py | 1 - |
236 | + setup.py | 1 - |
237 | + tests/_ldap_livetest.py | 1 - |
238 | + 12 files changed, 1 insertion(+), 21 deletions(-) |
239 | + |
240 | +commit a0e06a8e96ccfeee1de0030da0a1a2ac9e6e5aad |
241 | +Author: Chuck Short <chuck.short@canonical.com> |
242 | +Date: Sat Dec 22 15:36:34 2012 -0600 |
243 | + |
244 | + Add pyflakes to tox.ini |
245 | + |
246 | + Add the ability to use pyflakes. |
247 | + |
248 | + Change-Id: I1c0a652258fd494bf6754b5b83c47166582a85d0 |
249 | + Signed-off-by: Chuck Short <chuck.short@canonical.com> |
250 | + |
251 | + tools/flakes.py | 22 ++++++++++++++++++++++ |
252 | + tox.ini | 4 ++++ |
253 | + 2 files changed, 26 insertions(+) |
254 | + |
255 | +commit daf3bdae226a76926a8a877e1ed4bd7046f9192d |
256 | +Merge: 1b3b642 0f22574 |
257 | +Author: Jenkins <jenkins@review.openstack.org> |
258 | +Date: Mon Dec 24 03:46:16 2012 +0000 |
259 | + |
260 | + Merge "Adding a means to connect back to a pydevd debugger." |
261 | + |
262 | +commit 1b3b6428225d16162bcb9d44ab628bccd9f219b4 |
263 | +Author: Chuck Short <chuck.short@canonical.com> |
264 | +Date: Sat Dec 22 18:09:13 2012 -0600 |
265 | + |
266 | + Fix spelling typo |
267 | + |
268 | + Fixes spelling typo should be role_id instead of roll_id. |
269 | + |
270 | + Change-Id: I45a994f7cbe3528ef5a9a667a67237c2a896db9c |
271 | + Signed-off-by: Chuck Short <chuck.short@canonical.com> |
272 | + |
273 | + keystone/identity/backends/ldap/core.py | 2 +- |
274 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
275 | + |
276 | +commit 469ff6571e49f70662107a1db393b856214eea3c |
277 | +Merge: 4fb7ef4 e577cd6 |
278 | +Author: Jenkins <jenkins@review.openstack.org> |
279 | +Date: Sat Dec 22 20:39:42 2012 +0000 |
280 | + |
281 | + Merge "Remove swift auth." |
282 | + |
283 | +commit 4fb7ef4faf0b0ef3077c0175d158df3ab601e4bf |
284 | +Merge: b5581fe 03eb280 |
285 | +Author: Jenkins <jenkins@review.openstack.org> |
286 | +Date: Sat Dec 22 09:43:05 2012 +0000 |
287 | + |
288 | + Merge "Driver registry" |
289 | + |
290 | +commit 1f01d30983e3a67a146308ff8766f057bc5b7958 |
291 | +Author: Adam Young <ayoung@redhat.com> |
292 | +Date: Thu Dec 20 21:43:41 2012 -0500 |
293 | + |
294 | + shorten pep8 output |
295 | + |
296 | + This removes the PEP8 output that describes in detail how to fix each |
297 | + problem. It makes pep8 review so long that the earliest lines scroll |
298 | + out of the scrollback buffer before they can even be read. |
299 | + |
300 | + With this change, each violation is on line long, which is |
301 | + much more readable. |
302 | + |
303 | + Change-Id: I0d8cc64fd6027419754732e314c047b3775a121c |
304 | + |
305 | + run_tests.sh | 2 +- |
306 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
307 | + |
308 | +commit 03eb2801a3ad38a39e9cf127c05ab710bf38ee1d |
309 | +Author: Dolph Mathews <dolph.mathews@rackspace.com> |
310 | +Date: Wed Dec 19 10:04:21 2012 -0600 |
311 | + |
312 | + Driver registry |
313 | + |
314 | + Uses automatic dependency injection to provide controllers with driver |
315 | + interfaces (identity_api, token_api, etc). |
316 | + |
317 | + See tests/test_injection.py for a self-contained example. |
318 | + |
319 | + Change-Id: I255087de534292fbf57a45b19f97488f831f607c |
320 | + |
321 | + keystone/catalog/controllers.py | 11 ++- |
322 | + keystone/catalog/core.py | 2 + |
323 | + keystone/catalog/routers.py | 8 +- |
324 | + keystone/common/controller.py | 10 +-- |
325 | + keystone/common/dependency.py | 67 +++++++++++++++++ |
326 | + keystone/contrib/admin_crud/core.py | 17 ++--- |
327 | + keystone/contrib/ec2/core.py | 17 ++--- |
328 | + keystone/contrib/user_crud/core.py | 11 +-- |
329 | + keystone/identity/controllers.py | 4 - |
330 | + keystone/identity/core.py | 8 +- |
331 | + keystone/identity/routers.py | 28 +++---- |
332 | + keystone/policy/core.py | 2 + |
333 | + keystone/policy/routers.py | 4 +- |
334 | + keystone/routers.py | 13 ++-- |
335 | + keystone/service.py | 32 ++++---- |
336 | + keystone/test.py | 22 ++++-- |
337 | + keystone/token/controllers.py | 2 + |
338 | + keystone/token/core.py | 4 +- |
339 | + keystone/token/routers.py | 6 +- |
340 | + tests/test_auth.py | 14 +--- |
341 | + tests/test_injection.py | 141 +++++++++++++++++++++++++++++++++++ |
342 | + 21 files changed, 297 insertions(+), 126 deletions(-) |
343 | + |
344 | +commit 0f225743e8644416df2f200d710912c40b7acd47 |
345 | +Author: John Bresnahan <jbresnah@redhat.com> |
346 | +Date: Wed Dec 19 07:13:24 2012 -1000 |
347 | + |
348 | + Adding a means to connect back to a pydevd debugger. |
349 | + |
350 | + That patch allows a developer to remotely run a pydev debugger and have the |
351 | + keystone-all process connect back to it. Two command line options are |
352 | + introduced: |
353 | + --pydev-debug-host <host> |
354 | + --pydev-debug-port <port> |
355 | + both of the above options are required to enable this behavior. |
356 | + |
357 | + This patch only enables this behavior when the service is started with |
358 | + keystone-all. In the future parts of this patch can be used to enable |
359 | + this behavior when running in Apache. |
360 | + |
361 | + Change-Id: I92f99fa34112336a96e42e8261b7313f23ee994e |
362 | + |
363 | + bin/keystone-all | 7 +++++++ |
364 | + keystone/common/utils.py | 19 +++++++++++++++++++ |
365 | + keystone/config.py | 3 +++ |
366 | + 3 files changed, 29 insertions(+) |
367 | + |
368 | +commit b5581fea95f96dc7e43abe2b28c99678b5219238 |
369 | +Merge: ac2d92c a591b30 |
370 | +Author: Jenkins <jenkins@review.openstack.org> |
371 | +Date: Fri Dec 21 03:29:40 2012 +0000 |
372 | + |
373 | + Merge "add in pip requires for requests" |
374 | + |
375 | +commit a591b3010c37f19924775f52c8076778888f1ade |
376 | +Author: Adam Young <ayoung@redhat.com> |
377 | +Date: Thu Dec 20 16:40:20 2012 -0500 |
378 | + |
379 | + add in pip requires for requests |
380 | + |
381 | + Change-Id: I0f5ac9a4008dc471cefea7a6ffe44d4c51950538 |
382 | + |
383 | + tools/pip-requires | 2 +- |
384 | + tools/test-requires | 2 ++ |
385 | + 2 files changed, 3 insertions(+), 1 deletion(-) |
386 | + |
387 | +commit ac2d92ca2eea1070f765be320acb62fd5bef6dd3 |
388 | +Merge: 1a0d30b 2f85134 |
389 | +Author: Jenkins <jenkins@review.openstack.org> |
390 | +Date: Tue Dec 18 18:01:40 2012 +0000 |
391 | + |
392 | + Merge "Split endpoint records in SQL by interface" |
393 | + |
394 | +commit 2f851340ee8969193b9dcc1913401aa9b33c5d97 |
395 | +Author: Dolph Mathews <dolph.mathews@rackspace.com> |
396 | +Date: Fri Nov 30 12:52:26 2012 -0600 |
397 | + |
398 | + Split endpoint records in SQL by interface |
399 | + |
400 | + This migrates the SQL backend such that v2 endpoints containing up to 3 |
401 | + URL's (public, internal and admin) stored in 'extra' are split into |
402 | + unique endpoints. |
403 | + |
404 | + Because legacy "endpoints" (each having publicUrl, internalUrl and |
405 | + adminUrl) are no longer conceptually identical to v3's "endpoints" (each |
406 | + having an interface and a url), new ID's are assigned to each entity and |
407 | + each API continues to operate using with independent sets of endpoint |
408 | + ID's. |
409 | + |
410 | + Endpoints created on the v3 API are not exposed on the v2 API. |
411 | + |
412 | + Change-Id: I2ba59d55907313ae65e908585fc49be0c4ce899a |
413 | + |
414 | + keystone/catalog/backends/sql.py | 54 +++--- |
415 | + keystone/catalog/controllers.py | 65 ++++++- |
416 | + .../sql/migrate_repo/versions/010_endpoints_v3.py | 54 ++++++ |
417 | + .../versions/011_populate_endpoint_type.py | 96 ++++++++++ |
418 | + .../versions/012_drop_legacy_endpoints.py | 51 ++++++ |
419 | + tests/test_backend.py | 3 + |
420 | + tests/test_backend_sql.py | 78 ++++---- |
421 | + tests/test_sql_upgrade.py | 191 +++++++++++++++++--- |
422 | + tests/test_v3.py | 1 + |
423 | + 9 files changed, 487 insertions(+), 106 deletions(-) |
424 | + |
425 | +commit 1a0d30bf0173f8e03abeac4bda2e807bd4f29412 |
426 | +Merge: 4f4b4a7 5b3a74d |
427 | +Author: Jenkins <jenkins@review.openstack.org> |
428 | +Date: Tue Dec 18 16:56:10 2012 +0000 |
429 | + |
430 | + Merge "Support non-default role_id_attribute" |
431 | + |
432 | +commit 4f4b4a7b5b0d846e308f2ce693d3c6e69f944d1e |
433 | +Merge: 7db702c f74aab2 |
434 | +Author: Jenkins <jenkins@review.openstack.org> |
435 | +Date: Tue Dec 18 16:55:48 2012 +0000 |
436 | + |
437 | + Merge "Expand default time delta (bug 1089988)" |
438 | + |
439 | +commit 7db702cab1f2cad8160aeadc8c1ae27853b8a34c |
440 | +Merge: ede7e20 fb963a5 |
441 | +Author: Jenkins <jenkins@review.openstack.org> |
442 | +Date: Tue Dec 18 14:43:26 2012 +0000 |
443 | + |
444 | + Merge "module refactoring" |
445 | + |
446 | +commit ede7e209bded5494a2453485e619b7b81f23cf3a |
447 | +Merge: 96d2ff7 23ba963 |
448 | +Author: Jenkins <jenkins@review.openstack.org> |
449 | +Date: Mon Dec 17 23:54:12 2012 +0000 |
450 | + |
451 | + Merge "Fix typo s/interalurl/internalurl/" |
452 | + |
453 | +commit 96d2ff71ad01d53232cdc128df9d3b6109a04f67 |
454 | +Merge: 7093c55 8e2a183 |
455 | +Author: Jenkins <jenkins@review.openstack.org> |
456 | +Date: Mon Dec 17 21:45:00 2012 +0000 |
457 | + |
458 | + Merge "Test drivers return HTTP 501 Not Implemented" |
459 | + |
460 | +commit 7093c55d2e4722fc8ffdcef594cc5705b586a2d9 |
461 | +Merge: 44e3c3e d17dfe6 |
462 | +Author: Jenkins <jenkins@review.openstack.org> |
463 | +Date: Mon Dec 17 21:44:38 2012 +0000 |
464 | + |
465 | + Merge "Import pysqlite2 if sqlite3 is not available." |
466 | + |
467 | +commit 23ba963af45c0243d817ae38a84f9e3c830415eb |
468 | +Author: Mark J. Washenberger <mark.washenberger@markwash.net> |
469 | +Date: Mon Dec 17 13:41:39 2012 -0800 |
470 | + |
471 | + Fix typo s/interalurl/internalurl/ |
472 | + |
473 | + Change-Id: I9e9209731e5d13b21a7aff6127d932d69c457135 |
474 | + |
475 | + keystone/common/models.py | 2 +- |
476 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
477 | + |
478 | +commit fb963a560939e6be8c98d74e5555de7283173e32 |
479 | +Author: Adam Young <ayoung@redhat.com> |
480 | +Date: Wed Dec 12 13:17:54 2012 -0500 |
481 | + |
482 | + module refactoring |
483 | + |
484 | + Distributes the functionality of service.py into the modules. |
485 | + Moves ComposableRouters into the modules. |
486 | + The routers and controllers now have short names. |
487 | + The controllers get their APIs via the base class. |
488 | + |
489 | + Change-Id: I87404b80ea9800d6792f97a7a3a64fe839065c1c |
490 | + |
491 | + keystone/catalog/__init__.py | 1 + |
492 | + keystone/catalog/controllers.py | 20 +- |
493 | + keystone/catalog/routers.py | 25 ++ |
494 | + keystone/common/router.py | 57 +++++ |
495 | + keystone/contrib/admin_crud/core.py | 18 +- |
496 | + keystone/contrib/user_crud/core.py | 23 +- |
497 | + keystone/controllers.py | 144 +++++++++++ |
498 | + keystone/identity/controllers.py | 24 +- |
499 | + keystone/identity/routers.py | 73 +++++- |
500 | + keystone/policy/__init__.py | 1 + |
501 | + keystone/policy/routers.py | 22 ++ |
502 | + keystone/routers.py | 68 +++++ |
503 | + keystone/service.py | 472 ++--------------------------------- |
504 | + keystone/token/__init__.py | 1 + |
505 | + keystone/token/routers.py | 61 +++++ |
506 | + 15 files changed, 503 insertions(+), 507 deletions(-) |
507 | + |
508 | +commit 44e3c3ece3f6e8a596dbec37476d8fb5c85d6f6c |
509 | +Merge: ebfbd6c e093e81 |
510 | +Author: OpenStack Jenkins <jenkins@openstack.org> |
511 | +Date: Fri Dec 14 20:13:31 2012 +0000 |
512 | + |
513 | + Merge "Imported Translations from Transifex" |
514 | + |
515 | +commit ebfbd6c0844f9ab3e9a864112672164cf8b3696f |
516 | +Merge: d939d16 be3dcf9 |
517 | +Author: Jenkins <jenkins@review.openstack.org> |
518 | +Date: Fri Dec 14 20:13:10 2012 +0000 |
519 | + |
520 | + Merge "Test for content-type appropriate 404 (bug 1089987)" |
521 | + |
522 | +commit d939d16e747b4a2c5db1f1fdda93a01b79fe6e83 |
523 | +Merge: f5d26ea 18a49ae |
524 | +Author: Jenkins <jenkins@review.openstack.org> |
525 | +Date: Fri Dec 14 15:20:07 2012 +0000 |
526 | + |
527 | + Merge "syncing run_tests to match tox" |
528 | + |
529 | +commit f5d26ea9c67e2bb812f0e7a36512538b9f3e18ff |
530 | +Merge: 5b7160c 6ceb066 |
531 | +Author: Jenkins <jenkins@review.openstack.org> |
532 | +Date: Fri Dec 14 15:04:46 2012 +0000 |
533 | + |
534 | + Merge "fixing bug 1046862" |
535 | + |
536 | +commit be3dcf9873fb84bbb5c2cd3ed8f36444f353757e |
537 | +Author: Dolph Mathews <dolph.mathews@rackspace.com> |
538 | +Date: Thu Dec 13 10:01:21 2012 -0600 |
539 | + |
540 | + Test for content-type appropriate 404 (bug 1089987) |
541 | + |
542 | + Change-Id: Idfba75f90e38de315ec50e660932beb8243f76f8 |
543 | + |
544 | + keystone/common/wsgi.py | 2 +- |
545 | + tests/test_content_types.py | 12 ++++++++++++ |
546 | + 2 files changed, 13 insertions(+), 1 deletion(-) |
547 | + |
548 | +commit e093e81c750408478d74fafac2cb0cc7eb221d5f |
549 | +Author: OpenStack Jenkins <jenkins@openstack.org> |
550 | +Date: Fri Dec 14 00:01:05 2012 +0000 |
551 | + |
552 | + Imported Translations from Transifex |
553 | + |
554 | + Change-Id: Ib2cb912443034b4d9855441ca83d103e2a9bdbe8 |
555 | + |
556 | + keystone/locale/keystone.pot | 276 +++++++++++++++++++++++++++++++++++++++++- |
557 | + 1 file changed, 275 insertions(+), 1 deletion(-) |
558 | + |
559 | +commit 5b7160cd536f0a86cf33bc294679bd19a2e90549 |
560 | +Merge: 4e2be8a e4d61ac |
561 | +Author: Jenkins <jenkins@review.openstack.org> |
562 | +Date: Thu Dec 13 22:11:33 2012 +0000 |
563 | + |
564 | + Merge "Add tests for contrib.s3.core." |
565 | + |
566 | +commit 6ceb06689f5f1da26584192ae9f46a5248277565 |
567 | +Author: Steve Martinelli <stevemar@ca.ibm.com> |
568 | +Date: Thu Dec 13 11:35:01 2012 -0500 |
569 | + |
570 | + fixing bug 1046862 |
571 | + |
572 | + adding message to readme.rst to include openSSL dependency |
573 | + |
574 | + fixing bug 1046862 |
575 | + |
576 | + Change-Id: Iff1fbc95e804f9e4ddc74ea38c553426c4eabb33 |
577 | + |
578 | + README.rst | 7 +++++++ |
579 | + 1 file changed, 7 insertions(+) |
580 | + |
581 | +commit f74aab2463ccc9549c07175ed82015f23ad2694c |
582 | +Author: Dolph Mathews <dolph.mathews@rackspace.com> |
583 | +Date: Thu Dec 13 09:42:32 2012 -0600 |
584 | + |
585 | + Expand default time delta (bug 1089988) |
586 | + |
587 | + Change-Id: I3d08092bf5248f75b238591586443a4daea02a20 |
588 | + |
589 | + keystone/test.py | 9 ++++++--- |
590 | + 1 file changed, 6 insertions(+), 3 deletions(-) |
591 | + |
592 | +commit e4d61ac6a7893743ff47c0a69529c5f21f249127 |
593 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
594 | +Date: Wed Dec 12 19:04:23 2012 +0100 |
595 | + |
596 | + Add tests for contrib.s3.core. |
597 | + |
598 | + Change-Id: I0a5ea82dcbcf29f6581d8c69e8961138fa019145 |
599 | + |
600 | + tests/test_contrib_s3_core.py | 54 +++++++++++++++++++++++++++++++++++++++++ |
601 | + 1 file changed, 54 insertions(+) |
602 | + |
603 | +commit 8e2a183992311fe005abbfaa40d68dd7ce1fffd3 |
604 | +Author: Dolph Mathews <dolph.mathews@rackspace.com> |
605 | +Date: Mon Dec 10 10:10:22 2012 -0600 |
606 | + |
607 | + Test drivers return HTTP 501 Not Implemented |
608 | + |
609 | + Change-Id: I4cd21022593e6b4c3965edd00ecea01a00584516 |
610 | + |
611 | + keystone/policy/core.py | 2 +- |
612 | + keystone/token/backends/kvs.py | 14 +++++----- |
613 | + keystone/token/backends/memcache.py | 8 +++--- |
614 | + keystone/token/backends/sql.py | 8 +++--- |
615 | + keystone/token/controllers.py | 5 ++-- |
616 | + keystone/token/core.py | 44 ++++++++++++++++------------- |
617 | + tests/test_drivers.py | 52 +++++++++++++++++++++++++++++++++++ |
618 | + 7 files changed, 96 insertions(+), 37 deletions(-) |
619 | + |
620 | +commit 5b3a74d56a376afed64dd2515c4aa59995187433 |
621 | +Author: Dolph Mathews <dolph.mathews@rackspace.com> |
622 | +Date: Wed Dec 12 15:01:04 2012 -0600 |
623 | + |
624 | + Support non-default role_id_attribute |
625 | + |
626 | + As is, a default value of 'cn' is hardcoded as the attribute name (which |
627 | + also happens to be the default value in keystone.config) used for role |
628 | + grants, revokes, etc. |
629 | + |
630 | + Change-Id: Ic36e6d726e2dc48714703c2dd7a433f3d34b78b1 |
631 | + |
632 | + keystone/identity/backends/ldap/core.py | 3 ++- |
633 | + 1 file changed, 2 insertions(+), 1 deletion(-) |
634 | + |
635 | +commit e577cd60871e1810b45236d3642d60e460dc4858 |
636 | +Author: Chmouel Boudjnah <chmouel@chmouel.com> |
637 | +Date: Sat Dec 8 13:38:45 2012 +0100 |
638 | + |
639 | + Remove swift auth. |
640 | + |
641 | + - This has been moved since last release to swift main repository. |
642 | + |
643 | + Change-Id: I11fc4001fbc4a1d78823d41450cdfcc97677c420 |
644 | + |
645 | + doc/source/configuringservices.rst | 147 +---------------- |
646 | + keystone/middleware/swift_auth.py | 295 ----------------------------------- |
647 | + tests/test_swift_auth_middleware.py | 249 ----------------------------- |
648 | + 3 files changed, 2 insertions(+), 689 deletions(-) |
649 | + |
650 | +commit 4e2be8a8880f03b1c6d1dc663d7259dbb45ddf67 |
651 | +Author: Dolph Mathews <dolph.mathews@rackspace.com> |
652 | +Date: Tue Dec 11 14:40:27 2012 -0600 |
653 | + |
654 | + Move token controller into keystone.token |
655 | + |
656 | + Change-Id: Ie8277529185f645854e0aebaafa173c06a7c5164 |
657 | + |
658 | + keystone/common/controller.py | 12 +- |
659 | + keystone/contrib/ec2/core.py | 5 +- |
660 | + keystone/service.py | 556 ++--------------------------------------- |
661 | + keystone/token/__init__.py | 1 + |
662 | + keystone/token/controllers.py | 545 ++++++++++++++++++++++++++++++++++++++++ |
663 | + tests/test_auth.py | 358 ++++++++++++++++++++++++++ |
664 | + tests/test_service.py | 355 -------------------------- |
665 | + 7 files changed, 927 insertions(+), 905 deletions(-) |
666 | + |
667 | +commit 6397580a52be5288b4cb5e0a86a8c340fe4fd0ae |
668 | +Merge: bf4b9f4 0ea864b |
669 | +Author: Jenkins <jenkins@review.openstack.org> |
670 | +Date: Tue Dec 11 14:03:52 2012 +0000 |
671 | + |
672 | + Merge "Adding downgrade steps for migration scripts." |
673 | + |
674 | +commit d17dfe65550d393739dc50a1eedfe65903a81d28 |
675 | +Author: Yuriy Taraday <yorik.sar@gmail.com> |
676 | +Date: Fri Dec 7 22:32:52 2012 +0400 |
677 | + |
678 | + Import pysqlite2 if sqlite3 is not available. |
679 | + |
680 | + Otherwise test_import_legacy fails on import. |
681 | + |
682 | + Change-Id: I902493f5b726f5bc9e23e776598b8938c85e622c |
683 | + |
684 | + tests/test_import_legacy.py | 8 +++++--- |
685 | + 1 file changed, 5 insertions(+), 3 deletions(-) |
686 | + |
687 | +commit bf4b9f49878e85000b197ea9c2627cc67fda5cdb |
688 | +Merge: d159c61 aaf61a4 |
689 | +Author: Jenkins <jenkins@review.openstack.org> |
690 | +Date: Mon Dec 10 22:14:15 2012 +0000 |
691 | + |
692 | + Merge "Remove mentions of essex in docs (bug 1085247)" |
693 | + |
694 | +commit d159c616fd52436760242d3254c8bdb54810bcb4 |
695 | +Merge: a800fae 847d591 |
696 | +Author: Jenkins <jenkins@review.openstack.org> |
697 | +Date: Mon Dec 10 21:44:54 2012 +0000 |
698 | + |
699 | + Merge "Port to argparse based cfg" |
700 | + |
701 | +commit aaf61a4fc9d07a73d2a31abb097a2d862598c4e5 |
702 | +Author: Eduardo Patrocinio <epatro@gmail.com> |
703 | +Date: Tue Dec 4 15:11:16 2012 -0500 |
704 | + |
705 | + Remove mentions of essex in docs (bug 1085247) |
706 | + |
707 | + Change-Id: I663e9317c2b5eb5fe7190ea6c656fcebff7078fd |
708 | + |
709 | + doc/source/configuration.rst | 20 ++++++++++---------- |
710 | + 1 file changed, 10 insertions(+), 10 deletions(-) |
711 | + |
712 | +commit a800fae22c627e89a09ffc35b95dd072416da14a |
713 | +Author: Brian Waldon <brian.waldon@rackspace.com> |
714 | +Date: Thu Dec 6 12:31:51 2012 -0800 |
715 | + |
716 | + Ensure serviceCatalog is list when empty, not dict |
717 | + |
718 | + Fixes bug 1087405. |
719 | + |
720 | + Change-Id: I152c7f418a66ccfe541e26efe75b59bffa6c3849 |
721 | + |
722 | + keystone/service.py | 2 +- |
723 | + tests/test_content_types.py | 19 +++++++++++++++++-- |
724 | + 2 files changed, 18 insertions(+), 3 deletions(-) |
725 | + |
726 | +commit 0ea864b26e6e2e9be44785af61fd90a9b13b5265 |
727 | +Author: Justin Shepherd <jshepher@rackspace.com> |
728 | +Date: Mon Nov 26 17:37:02 2012 +0000 |
729 | + |
730 | + Adding downgrade steps for migration scripts. |
731 | + |
732 | + Also updated test_sql_upgrade to check the actions from 007_add_domain_tables. |
733 | + |
734 | + Fixes: bug #1081167 |
735 | + |
736 | + Change-Id: I194c7de9ae8a3bb8f2f9f37d3a91f4fac2fe2913 |
737 | + |
738 | + .../versions/001_add_initial_tables.py | 9 +++++++- |
739 | + .../migrate_repo/versions/003_sqlite_downgrade.sql | 1 - |
740 | + .../migrate_repo/versions/006_add_policy_table.py | 6 ++++- |
741 | + .../migrate_repo/versions/007_add_domain_tables.py | 5 ++++ |
742 | + tests/test_sql_upgrade.py | 24 ++++++++++++++++++++ |
743 | + 5 files changed, 42 insertions(+), 3 deletions(-) |
744 | + |
745 | +commit 7978bb271bf0e978a095aa088e4bb2bdb1d684f8 |
746 | +Merge: 3583946 84a0b2d |
747 | +Author: Jenkins <jenkins@review.openstack.org> |
748 | +Date: Wed Dec 5 21:21:39 2012 +0000 |
749 | + |
750 | + Merge "Bug 1075090 -- Fixing log messages in python source code to support internationalization." |
751 | + |
752 | +commit 3583946d933b989b14c25daa9d6c462142eb400f |
753 | +Merge: 9b529c8 c858c1b |
754 | +Author: Jenkins <jenkins@review.openstack.org> |
755 | +Date: Wed Dec 5 21:08:07 2012 +0000 |
756 | + |
757 | + Merge "Only 'import *' from 'core' modules" |
758 | + |
759 | +commit 9b529c8c00fc344d5a5e33170e95ba5f1bee0fed |
760 | +Merge: 8c15e3e 77dee93 |
761 | +Author: Jenkins <jenkins@review.openstack.org> |
762 | +Date: Wed Dec 5 21:07:51 2012 +0000 |
763 | + |
764 | + Merge "use keystone test and change config during setUp" |
765 | + |
766 | +commit 847d5912d383072e3c38d6d19fce15981ca3110a |
767 | +Author: Mark McLoughlin <markmc@redhat.com> |
768 | +Date: Mon Nov 26 14:39:49 2012 +0000 |
769 | + |
770 | + Port to argparse based cfg |
771 | + |
772 | + Sync the following changes from oslo-incubator: |
773 | + |
774 | + 3557d84 Fix ListOpt to trim whitespace |
775 | + 01ab910 Fix set_default() with boolean CLI options |
776 | + af18eaa Improve cfg's argparse sub-parsers support |
777 | + f21e1d9 Fix regression with cfg CLI arguments |
778 | + ceb4aa7 Fix broken --help with CommonConfigOpts |
779 | + 5e9503b Hide the GroupAttr conf and group attributes |
780 | + b6d24bb updating sphinx documentation |
781 | + 403509e Don't reference argparse._StoreAction |
782 | + e17deb8 Fix minor coding style issue |
783 | + 0c29e1d Remove ConfigCliParser class |
784 | + 5b9cb41 Add support for positional arguments |
785 | + dbc72a6 Use stock argparse behaviour for optional args |
786 | + 768a147 Use stock argparse --usage behaviour |
787 | + ac180b9 Use stock argparse --version behaviour |
788 | + 0787e38 Remove add_option() method |
789 | + 5afead0 Completely remove cfg's disable_interspersed_args() |
790 | + 5f564b2 argparse support for cfg |
791 | + d7b6397 Add a missing comma in a docstring. |
792 | + aca1805 cfg: fix required if option has a dash |
793 | + |
794 | + The main API change affecting keystone is that CONF() no longer returns |
795 | + unparsed arguments. The keystone-manage command is updated to use |
796 | + argparse sub-parsers to achieve the same effect. |
797 | + |
798 | + Change-Id: Ie8972ce851f1247d8710e9e0611bb3e2f843cb45 |
799 | + |
800 | + keystone/cli.py | 133 +++++------ |
801 | + keystone/openstack/common/cfg.py | 451 ++++++++++++++++++++++++-------------- |
802 | + 2 files changed, 345 insertions(+), 239 deletions(-) |
803 | + |
804 | +commit c858c1b304cae6310f08a220cf54c763f684fc42 |
805 | +Author: Dolph Mathews <dolph.mathews@rackspace.com> |
806 | +Date: Wed Dec 5 09:58:54 2012 -0600 |
807 | + |
808 | + Only 'import *' from 'core' modules |
809 | + |
810 | + - Renamed identity.controllers.* and identity.routers.* since they |
811 | + now occopy unique namespaces (thanks ayoung!) |
812 | + - Moved catalog and policy controllers into their own respective modules |
813 | + |
814 | + Change-Id: Ib9e277355e0eac15d4d218785c816b718b493b5b |
815 | + |
816 | + HACKING.rst | 2 +- |
817 | + keystone/catalog/__init__.py | 1 + |
818 | + keystone/catalog/controllers.py | 154 +++++++++++++++++++++++++++++++++++ |
819 | + keystone/catalog/core.py | 136 ------------------------------- |
820 | + keystone/contrib/admin_crud/core.py | 10 +-- |
821 | + keystone/contrib/user_crud/core.py | 11 ++- |
822 | + keystone/identity/__init__.py | 4 +- |
823 | + keystone/identity/controllers.py | 28 +++---- |
824 | + keystone/identity/routers.py | 25 ++---- |
825 | + keystone/policy/__init__.py | 1 + |
826 | + keystone/policy/controllers.py | 48 +++++++++++ |
827 | + keystone/policy/core.py | 32 -------- |
828 | + keystone/service.py | 20 ++--- |
829 | + 13 files changed, 246 insertions(+), 226 deletions(-) |
830 | + |
831 | +commit 77dee93763e4941b07f628c1c67d925503a5df51 |
832 | +Author: Ionuț Arțăriși <iartarisi@suse.cz> |
833 | +Date: Mon Dec 3 11:59:20 2012 +0100 |
834 | + |
835 | + use keystone test and change config during setUp |
836 | + |
837 | + Also fixes this traceback which I keep getting on devstack: |
838 | + |
839 | + ERROR: test_create_certs (tests.test_cert_setup.CertSetupTestCase) |
840 | + ---------------------------------------------------------------------- |
841 | + Traceback (most recent call last): |
842 | + File "/opt/stack/keystone/tests/test_cert_setup.py", line 52, in tearDown |
843 | + shutil.rmtree(rootdir(SSLDIR)) |
844 | + File "/usr/lib/python2.7/shutil.py", line 237, in rmtree |
845 | + onerror(os.listdir, path, sys.exc_info()) |
846 | + File "/usr/lib/python2.7/shutil.py", line 235, in rmtree |
847 | + names = os.listdir(path) |
848 | + OSError: [Errno 2] No such file or directory: '/opt/stack/keystone/tests/ssl/' |
849 | + |
850 | + Fixes bug 1086812 |
851 | + |
852 | + Change-Id: Iba10822aaf1284549d610bb1172df03ffc48f363 |
853 | + |
854 | + tests/test_cert_setup.py | 16 +++++++++------- |
855 | + 1 file changed, 9 insertions(+), 7 deletions(-) |
856 | + |
857 | +commit 84a0b2df5932fabb0cdaaaddeb86d1f55a7ac06e |
858 | +Author: Nachiappan VR N <nachiappan.veerappan-nachiappan@hp.com> |
859 | +Date: Wed Nov 14 10:01:59 2012 -0800 |
860 | + |
861 | + Bug 1075090 -- Fixing log messages in python source code to support internationalization. |
862 | + |
863 | + Change-Id: I6b50abaa82effad8feaaac8d85086ca8b5d42590 |
864 | + |
865 | + keystone/catalog/backends/templated.py | 2 +- |
866 | + keystone/catalog/core.py | 16 +++++----- |
867 | + keystone/clean.py | 13 ++++---- |
868 | + keystone/common/bufferedhttp.py | 4 +-- |
869 | + keystone/common/cms.py | 4 +-- |
870 | + keystone/common/ldap/core.py | 17 +++++----- |
871 | + keystone/common/ldap/fakeldap.py | 54 +++++++++++++++++--------------- |
872 | + keystone/common/sql/core.py | 2 +- |
873 | + keystone/common/sql/legacy.py | 2 +- |
874 | + keystone/common/sql/nova.py | 14 ++++----- |
875 | + keystone/common/utils.py | 10 +++--- |
876 | + keystone/common/wsgi.py | 6 ++-- |
877 | + keystone/config.py | 4 +-- |
878 | + keystone/policy/backends/rules.py | 2 +- |
879 | + keystone/test.py | 2 +- |
880 | + 15 files changed, 80 insertions(+), 72 deletions(-) |
881 | + |
882 | +commit 8c15e3eba68d4af655eacee3d1ec46e98911d119 |
883 | +Author: Alvaro Lopez Garcia <aloga@ifca.unican.es> |
884 | +Date: Mon Dec 3 10:12:06 2012 +0100 |
885 | + |
886 | + Added documentation for the external auth support |
887 | + |
888 | + This covers given authentication using REMOTE_USER and also the way to |
889 | + implement custom auth with WSGI middleware. |
890 | + |
891 | + DocImpact |
892 | + blueprint: pluggable-identity-authentication-handlers |
893 | + Change-Id: Idbac8c38d1f0be1febbbc8056c929bada6bbb07e |
894 | + |
895 | + doc/source/external-auth.rst | 117 ++++++++++++++++++++++++++++++++++++++++++ |
896 | + doc/source/index.rst | 1 + |
897 | + 2 files changed, 118 insertions(+) |
898 | + |
899 | +commit 75277cf1ae496145369e929702005ef2304e6942 |
900 | +Merge: 5b73757 af8761d |
901 | +Author: Jenkins <jenkins@review.openstack.org> |
902 | +Date: Mon Dec 3 09:57:36 2012 +0000 |
903 | + |
904 | + Merge "check the redirected path on the request, not the response" |
905 | + |
906 | +commit af8761d9e0add62a83604b77ab015f5a8b3120a9 |
907 | +Author: Ionuț Arțăriși <iartarisi@suse.cz> |
908 | +Date: Fri Nov 30 14:04:04 2012 +0100 |
909 | + |
910 | + check the redirected path on the request, not the response |
911 | + |
912 | + The request object's path changes when it gets redirected. This |
913 | + behaviour is in tune with the latest WebOb code as well as the |
914 | + old. The response environ defaults to None in WebOb >= 1.2b1 |
915 | + http://docs.webob.org/en/latest/news.html#b1 |
916 | + |
917 | + Change-Id: I557563ce5407a8ef1b5dae680e456e589285be25 |
918 | + |
919 | + tests/test_s3_token_middleware.py | 8 ++++---- |
920 | + 1 file changed, 4 insertions(+), 4 deletions(-) |
921 | + |
922 | +commit 5b73757de94a30b7cc8566e2bf429c1aecd5c320 |
923 | +Author: Wu Wenxiang <wu.wenxiang@99cloud.net> |
924 | +Date: Thu Nov 29 23:58:04 2012 +0800 |
925 | + |
926 | + Validate password type (bug 1081861) |
927 | + |
928 | + Raise keystone.exception.ValidationError when password type was not string |
929 | + |
930 | + Change-Id: Ib7538806777db0fe3a3cf9f22bf06a1d505c232f |
931 | + |
932 | + keystone/common/utils.py | 12 ++++++++---- |
933 | + 1 file changed, 8 insertions(+), 4 deletions(-) |
934 | + |
935 | +commit f57098df8e50fae95c2c532407ec5bc6a10205e1 |
936 | +Author: Adam Young <ayoung@redhat.com> |
937 | +Date: Wed Nov 28 17:27:43 2012 -0500 |
938 | + |
939 | + split identities module into logical parts |
940 | + remove unneeded imports from core |
941 | + |
942 | + Change-Id: I02fc2439cc115878d8081e052faf9ff96d20f6ec |
943 | + |
944 | + keystone/identity/__init__.py | 2 + |
945 | + keystone/identity/controllers.py | 607 +++++++++++++++++++++++++++++++++++++ |
946 | + keystone/identity/core.py | 614 -------------------------------------- |
947 | + keystone/identity/routers.py | 72 +++++ |
948 | + 4 files changed, 681 insertions(+), 614 deletions(-) |
949 | + |
950 | +commit 38c7e46a640a94da4da89a39a5a1ea9c081f1eb5 |
951 | +Author: Dolph Mathews <dolph.mathews@rackspace.com> |
952 | +Date: Wed Nov 28 10:28:07 2012 -0500 |
953 | + |
954 | + Ensure token expiration is maintained (bug 1079216) |
955 | + |
956 | + Change-Id: I95853ec36e9c4cd937cfac7e08b648e830f9efd0 |
957 | + |
958 | + keystone/service.py | 1 + |
959 | + tests/test_service.py | 57 +++++++++++++++++++++++++++++++++++++++++++++++++ |
960 | + 2 files changed, 58 insertions(+) |
961 | + |
962 | +commit ede63fbfe504cffb4b29f7394b1bf4872d093588 |
963 | +Merge: d970e5f 1012bd4 |
964 | +Author: Jenkins <jenkins@review.openstack.org> |
965 | +Date: Tue Nov 27 19:49:22 2012 +0000 |
966 | + |
967 | + Merge "normalize identity" |
968 | + |
969 | +commit 1012bd42df5906bca67a82663f23b5c8a4eafe68 |
970 | +Author: Adam Young <ayoung@redhat.com> |
971 | +Date: Tue Nov 6 17:16:56 2012 -0500 |
972 | + |
973 | + normalize identity |
974 | + |
975 | + modify tables by adding columns, and modify entities |
976 | + by adding attributes for password, description and enabled |
977 | + |
978 | + update tests to deal with change from 'False' and 'True' to the |
979 | + python values False and True |
980 | + |
981 | + Added a Text type from SQL Alchemy |
982 | + |
983 | + Bug 1070351 |
984 | + Bug 1023544 |
985 | + |
986 | + Change-Id: I066c788b5d08a8f42a9b5412ea9e29e4fe9ba205 |
987 | + |
988 | + keystone/common/sql/core.py | 1 + |
989 | + .../versions/008_normalize_identity.py | 61 ++++++++ |
990 | + .../migrate_repo/versions/008_sqlite_downgrade.sql | 5 + |
991 | + .../versions/009_normalize_identity_migration.py | 146 ++++++++++++++++++++ |
992 | + keystone/identity/backends/sql.py | 8 +- |
993 | + tests/default_fixtures.py | 8 ++ |
994 | + tests/test_backend.py | 18 +-- |
995 | + tests/test_backend_sql.py | 2 + |
996 | + tests/test_sql_upgrade.py | 53 ++++++- |
997 | + 9 files changed, 290 insertions(+), 12 deletions(-) |
998 | + |
999 | +commit d970e5f815558706e5be642d814d08c93b0dd42a |
1000 | +Merge: 3779c67 d4c4cf0 |
1001 | +Author: Jenkins <jenkins@review.openstack.org> |
1002 | +Date: Tue Nov 27 04:22:51 2012 +0000 |
1003 | + |
1004 | + Merge "Fixes typo in keystone setup doc" |
1005 | + |
1006 | +commit d4c4cf035120c22c222b16c963abb1b82c33a707 |
1007 | +Author: Tom Fifield <fifieldt@unimelb.edu.au> |
1008 | +Date: Tue Nov 27 12:38:07 2012 +1000 |
1009 | + |
1010 | + Fixes typo in keystone setup doc |
1011 | + |
1012 | + fixes bug 1083391 |
1013 | + |
1014 | + A one character change to fix a typo in setup doc, reported |
1015 | + by a user :s |
1016 | + |
1017 | + Change-Id: I4fefec089c9ded4b773f4b3641e30162a4faa2f8 |
1018 | + |
1019 | + doc/source/setup.rst | 2 +- |
1020 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
1021 | + |
1022 | +commit 3779c675c54fbc2be9d341e2a2a77b520f0f3a59 |
1023 | +Author: OpenStack Jenkins <jenkins@openstack.org> |
1024 | +Date: Tue Nov 27 00:01:43 2012 +0000 |
1025 | + |
1026 | + Imported Translations from Transifex |
1027 | + |
1028 | + Change-Id: I2cb4f8bd3891b474413eef11aae62188b358d359 |
1029 | + |
1030 | + keystone/locale/keystone.pot | 10 +--------- |
1031 | + 1 file changed, 1 insertion(+), 9 deletions(-) |
1032 | + |
1033 | +commit 904af119d2b84a93e416b7b297eda3b321840669 |
1034 | +Author: Mark McLoughlin <markmc@redhat.com> |
1035 | +Date: Mon Nov 26 16:16:54 2012 +0000 |
1036 | + |
1037 | + Stop using cfg's internal implementation details |
1038 | + |
1039 | + The fact that a cfg opt register using register_opt() is available via |
1040 | + the command line is actually a bug (see bug #1082279). |
1041 | + |
1042 | + Also, using the _cli_values attribute is clearly poking into private |
1043 | + implementation details. |
1044 | + |
1045 | + Fix both issues by registering the opt using register_cli_opt() and |
1046 | + accessing its value the normal way. |
1047 | + |
1048 | + Change-Id: If170dcd96daae5b4c3d7cdebed914df417c2209b |
1049 | + |
1050 | + bin/keystone-all | 2 +- |
1051 | + keystone/config.py | 4 +++- |
1052 | + 2 files changed, 4 insertions(+), 2 deletions(-) |
1053 | + |
1054 | +commit 18a49ae5767cc9cf0f81d3bb9616aba4f076178a |
1055 | +Author: Joe Heck <heckj@mac.com> |
1056 | +Date: Wed Nov 21 22:02:19 2012 +0000 |
1057 | + |
1058 | + syncing run_tests to match tox |
1059 | + |
1060 | + Change-Id: Ide81b1ea9230ceb2ad463d4f253eb7021fc683da |
1061 | + |
1062 | + run_tests.sh | 2 +- |
1063 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
1064 | + |
1065 | commit 07c1aafdf20db6d6d7c0d3e15074bc02e2f1d2aa |
1066 | Merge: d8aa7fd 01fccdb |
1067 | Author: Jenkins <jenkins@review.openstack.org> |
1068 | |
1069 | === modified file 'HACKING.rst' |
1070 | --- HACKING.rst 2012-11-02 13:48:49 +0000 |
1071 | +++ HACKING.rst 2013-01-25 16:27:23 +0000 |
1072 | @@ -44,7 +44,7 @@ |
1073 | Imports |
1074 | ------- |
1075 | |
1076 | -- Do not import objects, only modules |
1077 | +- Import modules, not module attributes |
1078 | - Do not import more than one module per line |
1079 | - Do not make relative imports |
1080 | - Order your imports by the full module path |
1081 | |
1082 | === modified file 'MANIFEST.in' |
1083 | --- MANIFEST.in 2012-08-16 13:59:29 +0000 |
1084 | +++ MANIFEST.in 2013-01-25 16:27:23 +0000 |
1085 | @@ -18,5 +18,5 @@ |
1086 | graft tests |
1087 | graft tools |
1088 | graft examples |
1089 | -recursive-include keystone *.json *.xml *.cfg *.pem README *.pot *.sql |
1090 | +recursive-include keystone *.json *.xml *.cfg *.pem README *.po *.pot *.sql |
1091 | global-exclude *.pyc *.sdx *.log *.db *.swp |
1092 | |
1093 | === modified file 'README.rst' |
1094 | --- README.rst 2012-05-24 14:04:20 +0000 |
1095 | +++ README.rst 2013-01-25 16:27:23 +0000 |
1096 | @@ -212,3 +212,10 @@ |
1097 | |
1098 | In the backend this would look up the policy for 'action:nova:add_network' and |
1099 | then do what is effectively a 'Simple Match' style match against the creds. |
1100 | + |
1101 | + |
1102 | +---------------------------------- |
1103 | +Dependencies |
1104 | +---------------------------------- |
1105 | + |
1106 | +Ensure an OpenSSL version of 1.0+ is installed. |
1107 | \ No newline at end of file |
1108 | |
1109 | === modified file 'bin/keystone-all' |
1110 | --- bin/keystone-all 2012-11-02 13:48:49 +0000 |
1111 | +++ bin/keystone-all 2013-01-25 16:27:23 +0000 |
1112 | @@ -90,7 +90,14 @@ |
1113 | CONF.print_help() |
1114 | sys.exit(1) |
1115 | |
1116 | - monkeypatch_thread = not CONF._cli_values['standard_threads'] |
1117 | + monkeypatch_thread = not CONF.standard_threads |
1118 | + pydev_debug_url = utils.setup_remote_pydev_debug() |
1119 | + if pydev_debug_url: |
1120 | + # in order to work around errors caused by monkey patching we have to |
1121 | + # set the thread to False. An explanation is here: |
1122 | + # http://lists.openstack.org/pipermail/openstack-dev/2012-August/ |
1123 | + # 000794.html |
1124 | + monkeypatch_thread = False |
1125 | eventlet.patcher.monkey_patch(all=False, socket=True, time=True, |
1126 | thread=monkeypatch_thread) |
1127 | |
1128 | |
1129 | === modified file 'debian/changelog' |
1130 | --- debian/changelog 2012-11-26 19:24:17 +0000 |
1131 | +++ debian/changelog 2013-01-25 16:27:23 +0000 |
1132 | @@ -1,3 +1,36 @@ |
1133 | +keystone (2013.1~g2-0ubuntu1~cloud0) precise-grizzly; urgency=low |
1134 | + |
1135 | + * New upstream release for the Ubuntu Cloud Archive. |
1136 | + |
1137 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 23 Jan 2013 12:27:47 -0600 |
1138 | + |
1139 | +keystone (2013.1~g2-0ubuntu1) raring; urgency=low |
1140 | + |
1141 | + [ James Page ] |
1142 | + * Re-enable gating of package build based on successful unit testing: |
1143 | + - d/tests/test_overrides.conf: Fixup test configuration to use |
1144 | + correct certificate locations. |
1145 | + - d/p/fix-ubuntu-tests.patch: Skip tests for older versions of |
1146 | + keystoneclient based on checkouts of upstream git repo. |
1147 | + - d/rules: Re-enable package build failure on test failure. |
1148 | + * d/control: Bump dependencies on python-keystoneclient to >= 1:0.2. |
1149 | + * d/control: Update Vcs-Bzr location to point to correct branch. |
1150 | + * d/control,d/po/*: Setup package templates for translation. |
1151 | + * d/man/*: Corrected spellings in man pages. |
1152 | + * d/keystone.upstart: Tweak 'stop on' to be triggered on all |
1153 | + appropriate runlevel transitions, use start-stop-daemon to startup |
1154 | + keystone daemon. |
1155 | + |
1156 | + [ Adam Gandelman ] |
1157 | + * debian/keystone.manpages: Install sphinx-generated manpages instead |
1158 | + of our own outdated and unneeded versions. (LP: #1082050) |
1159 | + |
1160 | + [ Chuck Short ] |
1161 | + * New upstream release. |
1162 | + * Remove incomplete/broken dbconfig-common scripts. |
1163 | + |
1164 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 11 Jan 2013 08:47:26 -0600 |
1165 | + |
1166 | keystone (2013.1~g1-0ubuntu1~cloud0) precise-grizzly; urgency=low |
1167 | |
1168 | * New upstream release for the Ubuntu Cloud Archive. |
1169 | |
1170 | === modified file 'debian/control' |
1171 | --- debian/control 2012-11-02 13:48:49 +0000 |
1172 | +++ debian/control 2013-01-25 16:27:23 +0000 |
1173 | @@ -6,11 +6,12 @@ |
1174 | Uploaders: Soren Hansen <soren@ubuntu.com> |
1175 | Build-Depends: debhelper (>= 7.0.50), |
1176 | pep8, |
1177 | + po-debconf, |
1178 | pylint, |
1179 | python-all (>= 2.6), |
1180 | python-all-dev (>= 2.6.6-3~) | python-support, |
1181 | python-eventlet, |
1182 | - python-keystoneclient ( >= 1:0.1.3 ), |
1183 | + python-keystoneclient ( >= 1:0.2 ), |
1184 | python-ldap, |
1185 | python-lxml, |
1186 | python-memcache, |
1187 | @@ -33,7 +34,7 @@ |
1188 | Standards-Version: 3.9.3 |
1189 | XS-Python-Version: >= 2.6 |
1190 | Homepage: http://launchpad.net/keystone |
1191 | -Vcs-Bzr: https://code.launchpad.net/~ubuntu-server-dev/keystone/essex |
1192 | +Vcs-Bzr: https://code.launchpad.net/~openstack-ubuntu-testing/keystone/grizzly |
1193 | |
1194 | Package: python-keystone |
1195 | Architecture: all |
1196 | @@ -52,7 +53,7 @@ |
1197 | python-sqlalchemy, |
1198 | python-migrate, |
1199 | python-prettytable, |
1200 | - python-keystoneclient ( >= 1:0.1.3 ), |
1201 | + python-keystoneclient ( >= 1:0.2 ), |
1202 | python-webob, |
1203 | python-iso8601 |
1204 | Suggests: python-memcache |
1205 | @@ -76,8 +77,7 @@ |
1206 | Depends: ${python:Depends}, ${misc:Depends}, |
1207 | python-keystone (= ${source:Version}), |
1208 | adduser, |
1209 | - ssl-cert (>= 1.0.12), |
1210 | - dbconfig-common |
1211 | + ssl-cert (>= 1.0.12) |
1212 | Description: OpenStack identity service - Daemons |
1213 | Keystone is a proposed independent authentication service for OpenStack. |
1214 | . |
1215 | |
1216 | === removed file 'debian/keystone.config' |
1217 | --- debian/keystone.config 2012-06-22 12:27:50 +0000 |
1218 | +++ debian/keystone.config 1970-01-01 00:00:00 +0000 |
1219 | @@ -1,19 +0,0 @@ |
1220 | -#!/bin/sh |
1221 | -set -e |
1222 | - |
1223 | -. /usr/share/debconf/confmodule |
1224 | - |
1225 | - |
1226 | -db_input low keystone/configure_db || true |
1227 | -db_go |
1228 | -db_get keystone/configure_db |
1229 | -if [ "$RET" = "true" ]; then |
1230 | - if [ -f /usr/share/dbconfig-common/dpkg/config ]; |
1231 | - then |
1232 | - dbc_dbtypes="sqlite3, mysql, pgsql" |
1233 | - db_authmethod_user="password" |
1234 | - dbc_basepath="/var/lib/keystone" |
1235 | - . /usr/share/dbconfig-common/dpkg/config |
1236 | - dbc_go keystone $@ |
1237 | - fi |
1238 | -fi |
1239 | |
1240 | === modified file 'debian/keystone.manpages' |
1241 | --- debian/keystone.manpages 2011-12-16 15:38:05 +0000 |
1242 | +++ debian/keystone.manpages 2013-01-25 16:27:23 +0000 |
1243 | @@ -1,1 +1,1 @@ |
1244 | -debian/man/* |
1245 | +doc/build/man/* |
1246 | |
1247 | === modified file 'debian/keystone.postinst' |
1248 | --- debian/keystone.postinst 2012-03-02 09:55:24 +0000 |
1249 | +++ debian/keystone.postinst 2013-01-25 16:27:23 +0000 |
1250 | @@ -2,8 +2,6 @@ |
1251 | |
1252 | set -e |
1253 | |
1254 | -. /usr/share/debconf/confmodule |
1255 | -. /usr/share/dbconfig-common/dpkg/postinst |
1256 | |
1257 | # summary of how this script can be called: |
1258 | # * <new-preinst> `install' |
1259 | @@ -19,30 +17,10 @@ |
1260 | #su -s /bin/sh -c 'exec keystone database sync' keystone |
1261 | ;; |
1262 | configure) |
1263 | - db_get keystone/configure_db |
1264 | - if [ "$RET" = "true" ]; then |
1265 | - dbc_go keystone $@ |
1266 | - |
1267 | - case "$dbc_dbtype" in |
1268 | - sqlite3) |
1269 | - SQL_CONNECTION="sqlite:///$dbc_basepath/$dbc_dbname.db" |
1270 | - ;; |
1271 | - mysql) |
1272 | - [ -n "$dbc_dbport" ] && dbport=:$dbc_dbport |
1273 | - SQL_CONNECTION="mysql://$dbc_dbuser:$dbc_dbpass@${dbc_dbserver:-localhost}$dbport/$dbc_dbname" |
1274 | - ;; |
1275 | - pgsql) |
1276 | - [ -n "$dbc_dbport" ] && dbport=:$dbc_dbport |
1277 | - SQL_CONNECTION="pgsql://$dbc_dbuser:$dbc_dbpass@${dbc_dbserver:-localhost}$dbport/$dbc_dbname" |
1278 | - ;; |
1279 | - *) |
1280 | - SQL_CONNECTION="sqlite:////var/lib/keystone/keystone.db" |
1281 | - ;; |
1282 | - esac |
1283 | - [ -z "$2" -o "$dbc_install" = "true" ] \ |
1284 | - && sed -e "s,_DBC_URL_,$SQL_CONNECTION," -i /etc/keystone/keystone.conf |
1285 | + if ! grep -q sql_connection /etc/keystone/keystone.conf |
1286 | + then |
1287 | + su -s /bin/sh -c 'exec keystone-manage db_sync' keystone |
1288 | fi |
1289 | - su -s /bin/sh -c 'exec keystone-manage db_sync' keystone |
1290 | ;; |
1291 | abort-upgrade) |
1292 | echo "aport upgrade called" |
1293 | |
1294 | === modified file 'debian/keystone.postrm' |
1295 | --- debian/keystone.postrm 2012-06-22 12:27:50 +0000 |
1296 | +++ debian/keystone.postrm 2013-01-25 16:27:23 +0000 |
1297 | @@ -2,20 +2,6 @@ |
1298 | |
1299 | set -e |
1300 | |
1301 | -if [ -f /usr/share/debconf/confmodule ] |
1302 | -then |
1303 | - . /usr/share/debconf/confmodule |
1304 | -fi |
1305 | - |
1306 | -if [ -f /etc/dbconfig-common/keystone.conf ] |
1307 | -then |
1308 | - if [ -f /usr/share/dbconfig-common/dpkg/postrm ] |
1309 | - then |
1310 | - . /usr/share/dbconfig-common/dpkg/postrm |
1311 | - dbc_go keystone $@ |
1312 | - fi |
1313 | -fi |
1314 | - |
1315 | case "$1" in |
1316 | purge) |
1317 | rm -rf /var/log/keystone |
1318 | |
1319 | === removed file 'debian/keystone.prerm' |
1320 | --- debian/keystone.prerm 2012-06-22 12:27:50 +0000 |
1321 | +++ debian/keystone.prerm 1970-01-01 00:00:00 +0000 |
1322 | @@ -1,17 +0,0 @@ |
1323 | -#!/bin/sh |
1324 | - |
1325 | -set -e |
1326 | - |
1327 | -. /usr/share/debconf/confmodule |
1328 | -. /usr/share/dbconfig-common/dpkg/prerm |
1329 | - |
1330 | - |
1331 | -db_get keystone/configure_db |
1332 | -if [ "$RET" = "true" ]; then |
1333 | - # Only cleanup with dbconfig if it was used during |
1334 | - # installation (LP: #948719) |
1335 | - dbc_go keystone $@ |
1336 | -fi |
1337 | - |
1338 | -#DEBHELPER# |
1339 | - |
1340 | |
1341 | === modified file 'debian/keystone.templates' |
1342 | --- debian/keystone.templates 2012-06-22 12:27:50 +0000 |
1343 | +++ debian/keystone.templates 2013-01-25 16:27:23 +0000 |
1344 | @@ -1,7 +1,7 @@ |
1345 | Template: keystone/configure_db |
1346 | Type: boolean |
1347 | Default: false |
1348 | -Description: Set up a database for keystone? |
1349 | +_Description: Set up a database for keystone? |
1350 | No database has been set up for keystone to use. Before continuing, |
1351 | you should make sure you have: |
1352 | . |
1353 | |
1354 | === modified file 'debian/keystone.upstart' |
1355 | --- debian/keystone.upstart 2012-06-22 12:27:50 +0000 |
1356 | +++ debian/keystone.upstart 2013-01-25 16:27:23 +0000 |
1357 | @@ -2,8 +2,10 @@ |
1358 | author "Soren Hansen <soren@linux2go.dk>" |
1359 | |
1360 | start on (local-filesystems and net-device-up IFACE!=lo) |
1361 | -stop on runlevel [016] |
1362 | +stop on runlevel [!2345] |
1363 | |
1364 | respawn |
1365 | |
1366 | -exec su -s /bin/sh -c "exec keystone-all" keystone |
1367 | +exec start-stop-daemon --start --chuid keystone \ |
1368 | + --chdir /var/lib/keystone --name keystone \ |
1369 | + --exec /usr/bin/keystone-all |
1370 | |
1371 | === removed directory 'debian/man' |
1372 | === removed file 'debian/man/keystone-admin.8' |
1373 | --- debian/man/keystone-admin.8 2012-06-22 12:27:50 +0000 |
1374 | +++ debian/man/keystone-admin.8 1970-01-01 00:00:00 +0000 |
1375 | @@ -1,63 +0,0 @@ |
1376 | -.TH keystone 8 |
1377 | -.SH NAME |
1378 | -keystone-admin \- provides HTTP for administrators. |
1379 | -.SH SYNOPSIS |
1380 | -.I [OPTION]... |
1381 | -.SH DESCRIPTION |
1382 | -.BR keystone is a Python implementation of the Openstack |
1383 | -identity service. |
1384 | -.TP |
1385 | -.B --version |
1386 | -show program's version number and exit |
1387 | -.TP |
1388 | -.B \-h, --help |
1389 | -show help messag and exit |
1390 | -.TP |
1391 | -.B \-v, --verbose |
1392 | -Print more verbose output |
1393 | -.TP |
1394 | -.B \-d, --debug |
1395 | -Prrint debugging output to console. |
1396 | -.TP |
1397 | -.B \-c PATH, --config-file=PATH |
1398 | -Path to the config file to use. When not specified (the default), |
1399 | -we generally look at the first arguement specified to be a config file, |
1400 | -and if that is also missing, we search standard directories for a config |
1401 | -file. |
1402 | -.TP |
1403 | -.B \-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT |
1404 | -Specifies port to listen on. |
1405 | -.TP |
1406 | -.B --host=BIND_HOST, --bind-host=BIND_HOST |
1407 | -Specifies host address to listen on (default is all or 0.0.0.0) |
1408 | -.TP |
1409 | -.B \-t, --trace-calls |
1410 | -Turns on call tracing for troubleshooting |
1411 | -.TP |
1412 | -.B \-a PORT, --admin-port=PORT |
1413 | -Specifies port for Admin API to listen on (default is |
1414 | -35357) |
1415 | -.TP |
1416 | -.B --log-config=PATH |
1417 | -If this opion is specified, the logging configuration |
1418 | -file specified is used and overrides any other logging |
1419 | -options specified. Please see the Python logging |
1420 | -modules documentation for details on logging |
1421 | -confgiuration files. |
1422 | -.TP |
1423 | -.B --log-date-format=FORMAT |
1424 | -Format string for %(asctime)s in log records. |
1425 | -Default: %Y-%m-%d %H:%M:%S |
1426 | -.TP |
1427 | -.B --log-file=PATH |
1428 | -(Optional) Name of log file to output to. If not set, |
1429 | -logging will go to stdout. |
1430 | -.TP |
1431 | -.B --log-didr=LOG_DIR |
1432 | -(Optional) The directory to keep log files in (will |
1433 | -be prepended to --logfile) |
1434 | - |
1435 | -.SH FILES |
1436 | -.IR /etc/keystone/keystone.conf |
1437 | -.SH AUTHOR |
1438 | -This manual page was written by Chuck Short <zulcss@ubuntu.com>. |
1439 | |
1440 | === removed file 'debian/man/keystone-auth.8' |
1441 | --- debian/man/keystone-auth.8 2012-06-22 12:27:50 +0000 |
1442 | +++ debian/man/keystone-auth.8 1970-01-01 00:00:00 +0000 |
1443 | @@ -1,63 +0,0 @@ |
1444 | -.TH keystone 8 |
1445 | -.SH NAME |
1446 | -keystone-auth \- provides HTTP for users. |
1447 | -.SH SYNOPSIS |
1448 | -.I [OPTION]... |
1449 | -.SH DESCRIPTION |
1450 | -.BR keystone is a Python implementation of the Openstack |
1451 | -identity service. |
1452 | -.TP |
1453 | -.B --version |
1454 | -show program's version number and exit |
1455 | -.TP |
1456 | -.B \-h, --help |
1457 | -show help messag and exit |
1458 | -.TP |
1459 | -.B \-v, --verbose |
1460 | -Print more verbose output |
1461 | -.TP |
1462 | -.B \-d, --debug |
1463 | -Prrint debugging output to console. |
1464 | -.TP |
1465 | -.B \-c PATH, --config-file=PATH |
1466 | -Path to the config file to use. When not specified (the default), |
1467 | -we generally look at the first arguement specified to be a config file, |
1468 | -and if that is also missing, we search standard directories for a config |
1469 | -file. |
1470 | -.TP |
1471 | -.B \-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT |
1472 | -Specifies port to listen on. |
1473 | -.TP |
1474 | -.B --host=BIND_HOST, --bind-host=BIND_HOST |
1475 | -Specifies host address to listen on (default is all or 0.0.0.0) |
1476 | -.TP |
1477 | -.B \-t, --trace-calls |
1478 | -Turns on call tracing for troubleshooting |
1479 | -.TP |
1480 | -.B \-a PORT, --admin-port=PORT |
1481 | -Specifies port for Admin API to listen on (default is |
1482 | -35357) |
1483 | -.TP |
1484 | -.B --log-config=PATH |
1485 | -If this opion is specified, the logging configuration |
1486 | -file specified is used and overrides any other logging |
1487 | -options specified. Please see the Python logging |
1488 | -modules documentation for details on logging |
1489 | -confgiuration files. |
1490 | -.TP |
1491 | -.B --log-date-format=FORMAT |
1492 | -Format string for %(asctime)s in log records. |
1493 | -Default: %Y-%m-%d %H:%M:%S |
1494 | -.TP |
1495 | -.B --log-file=PATH |
1496 | -(Optional) Name of log file to output to. If not set, |
1497 | -logging will go to stdout. |
1498 | -.TP |
1499 | -.B --log-didr=LOG_DIR |
1500 | -(Optional) The directory to keep log files in (will |
1501 | -be prepended to --logfile) |
1502 | - |
1503 | -.SH FILES |
1504 | -.IR /etc/keystone/keystone.conf |
1505 | -.SH AUTHOR |
1506 | -This manual page was written by Chuck Short <zulcss@ubuntu.com>. |
1507 | |
1508 | === removed file 'debian/man/keystone-control.8' |
1509 | --- debian/man/keystone-control.8 2012-06-22 12:27:50 +0000 |
1510 | +++ debian/man/keystone-control.8 1970-01-01 00:00:00 +0000 |
1511 | @@ -1,63 +0,0 @@ |
1512 | -.TH keystone 8 |
1513 | -.SH NAME |
1514 | -keystone \- Starts/Stops keystone server. |
1515 | -.SH SYNOPSIS |
1516 | -.I [OPTION]... |
1517 | -.SH DESCRIPTION |
1518 | -.BR keystone is a Python implementation of the Openstack |
1519 | -identity service. |
1520 | -.TP |
1521 | -.B --version |
1522 | -show program's version number and exit |
1523 | -.TP |
1524 | -.B \-h, --help |
1525 | -show help messag and exit |
1526 | -.TP |
1527 | -.B \-v, --verbose |
1528 | -Print more verbose output |
1529 | -.TP |
1530 | -.B \-d, --debug |
1531 | -Prrint debugging output to console. |
1532 | -.TP |
1533 | -.B \-c PATH, --config-file=PATH |
1534 | -Path to the config file to use. When not specified (the default), |
1535 | -we generally look at the first arguement specified to be a config file, |
1536 | -and if that is also missing, we search standard directories for a config |
1537 | -file. |
1538 | -.TP |
1539 | -.B \-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT |
1540 | -Specifies port to listen on. |
1541 | -.TP |
1542 | -.B --host=BIND_HOST, --bind-host=BIND_HOST |
1543 | -Specifies host address to listen on (default is all or 0.0.0.0) |
1544 | -.TP |
1545 | -.B \-t, --trace-calls |
1546 | -Turns on call tracing for troubleshooting |
1547 | -.TP |
1548 | -.B \-a PORT, --admin-port=PORT |
1549 | -Specifies port for Admin API to listen on (default is |
1550 | -35357) |
1551 | -.TP |
1552 | -.B --log-config=PATH |
1553 | -If this opion is specified, the logging configuration |
1554 | -file specified is used and overrides any other logging |
1555 | -options specified. Please see the Python logging |
1556 | -modules documentation for details on logging |
1557 | -confgiuration files. |
1558 | -.TP |
1559 | -.B --log-date-format=FORMAT |
1560 | -Format string for %(asctime)s in log records. |
1561 | -Default: %Y-%m-%d %H:%M:%S |
1562 | -.TP |
1563 | -.B --log-file=PATH |
1564 | -(Optional) Name of log file to output to. If not set, |
1565 | -logging will go to stdout. |
1566 | -.TP |
1567 | -.B --log-didr=LOG_DIR |
1568 | -(Optional) The directory to keep log files in (will |
1569 | -be prepended to --logfile) |
1570 | - |
1571 | -.SH FILES |
1572 | -.IR /etc/keystone/keystone.conf |
1573 | -.SH AUTHOR |
1574 | -This manual page was written by Chuck Short <zulcss@ubuntu.com>. |
1575 | |
1576 | === removed file 'debian/man/keystone-import.8' |
1577 | --- debian/man/keystone-import.8 2012-06-22 12:27:50 +0000 |
1578 | +++ debian/man/keystone-import.8 1970-01-01 00:00:00 +0000 |
1579 | @@ -1,12 +0,0 @@ |
1580 | -.TH keystone 8 |
1581 | -.SH NAME |
1582 | -keystone-import \- import users, tenants, and EC2 credentials from nova. |
1583 | -.SH SYNOPSIS |
1584 | -.I [OPTION]... |
1585 | -.SH DESCRIPTION |
1586 | -.BR keystone is a Python implementation of the Openstack |
1587 | -identity service. |
1588 | -.SH FILES |
1589 | -.IR /etc/keystone/keystone.conf |
1590 | -.SH AUTHOR |
1591 | -This manual page was written by Chuck Short <zulcss@ubuntu.com>. |
1592 | |
1593 | === removed file 'debian/man/keystone.8' |
1594 | --- debian/man/keystone.8 2012-06-22 12:27:50 +0000 |
1595 | +++ debian/man/keystone.8 1970-01-01 00:00:00 +0000 |
1596 | @@ -1,64 +0,0 @@ |
1597 | -.TH keystone 8 |
1598 | -.SH NAME |
1599 | -keystone \- provides HTTP for administrators and users. |
1600 | -.SH SYNOPSIS |
1601 | -.I [OPTION]... |
1602 | -.SH DESCRIPTION |
1603 | -.B keystone is a Python implementation of the Openstack |
1604 | -.B identity service. This version has a lack of SSL support. |
1605 | -.B It should not be run on a trusted network. |
1606 | -.TP |
1607 | -.B --version |
1608 | -show program's version number and exit |
1609 | -.TP |
1610 | -.B \-h, --help |
1611 | -show help messag and exit |
1612 | -.TP |
1613 | -.B \-v, --verbose |
1614 | -Print more verbose output |
1615 | -.TP |
1616 | -.B \-d, --debug |
1617 | -Prrint debugging output to console. |
1618 | -.TP |
1619 | -.B \-c PATH, --config-file=PATH |
1620 | -Path to the config file to use. When not specified (the default), |
1621 | -we generally look at the first arguement specified to be a config file, |
1622 | -and if that is also missing, we search standard directories for a config |
1623 | -file. |
1624 | -.TP |
1625 | -.B \-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT |
1626 | -Specifies port to listen on. |
1627 | -.TP |
1628 | -.B --host=BIND_HOST, --bind-host=BIND_HOST |
1629 | -Specifies host address to listen on (default is all or 0.0.0.0) |
1630 | -.TP |
1631 | -.B \-t, --trace-calls |
1632 | -Turns on call tracing for troubleshooting |
1633 | -.TP |
1634 | -.B \-a PORT, --admin-port=PORT |
1635 | -Specifies port for Admin API to listen on (default is |
1636 | -35357) |
1637 | -.TP |
1638 | -.B --log-config=PATH |
1639 | -If this opion is specified, the logging configuration |
1640 | -file specified is used and overrides any other logging |
1641 | -options specified. Please see the Python logging |
1642 | -modules documentation for details on logging |
1643 | -confgiuration files. |
1644 | -.TP |
1645 | -.B --log-date-format=FORMAT |
1646 | -Format string for %(asctime)s in log records. |
1647 | -Default: %Y-%m-%d %H:%M:%S |
1648 | -.TP |
1649 | -.B --log-file=PATH |
1650 | -(Optional) Name of log file to output to. If not set, |
1651 | -logging will go to stdout. |
1652 | -.TP |
1653 | -.B --log-didr=LOG_DIR |
1654 | -(Optional) The directory to keep log files in (will |
1655 | -be prepended to --logfile) |
1656 | - |
1657 | -.SH FILES |
1658 | -.IR /etc/keystone/keystone.conf |
1659 | -.SH AUTHOR |
1660 | -This manual page was written by Chuck Short <zulcss@ubuntu.com>. |
1661 | |
1662 | === modified file 'debian/patches/fix-ubuntu-tests.patch' |
1663 | --- debian/patches/fix-ubuntu-tests.patch 2012-11-23 09:01:53 +0000 |
1664 | +++ debian/patches/fix-ubuntu-tests.patch 2013-01-25 16:27:23 +0000 |
1665 | @@ -1,6 +1,16 @@ |
1666 | -diff -Naurp keystone-2013.1.orig/tests/test_keystoneclient.py keystone-2013.1/tests/test_keystoneclient.py |
1667 | ---- keystone-2013.1.orig/tests/test_keystoneclient.py 2012-11-22 03:19:01.000000000 -0600 |
1668 | -+++ keystone-2013.1/tests/test_keystoneclient.py 2012-11-22 10:24:20.729138227 -0600 |
1669 | +Description: Fix test execution during package build |
1670 | + The keystoneclient testsuite includes a number of tests |
1671 | + for older version of keystone which are retrieved from |
1672 | + the upstream source repo during testing. |
1673 | + . |
1674 | + This is not possible during an offline package build so |
1675 | + the checkout and tests are disabled/skipped. |
1676 | +Author: Chuck Short <zulcss@ubuntu.com> |
1677 | +Author: James Page <james.page@ubuntu.com> |
1678 | +Forwarded: not-needed |
1679 | + |
1680 | +--- a/tests/test_keystoneclient.py |
1681 | ++++ b/tests/test_keystoneclient.py |
1682 | @@ -35,10 +35,6 @@ class CompatTestCase(test.TestCase): |
1683 | def setUp(self): |
1684 | super(CompatTestCase, self).setUp() |
1685 | @@ -12,3 +22,28 @@ |
1686 | self.load_backends() |
1687 | self.load_fixtures(default_fixtures) |
1688 | |
1689 | +@@ -1003,6 +999,16 @@ class KcMasterTestCase(CompatTestCase, K |
1690 | + client.tenants.list() |
1691 | + |
1692 | + |
1693 | ++def skipped(func): |
1694 | ++ from nose.plugins.skip import SkipTest |
1695 | ++ |
1696 | ++ def _(): |
1697 | ++ raise SkipTest("Test %s is skipped" % func.__name__) |
1698 | ++ _.__name__ = func.__name__ |
1699 | ++ return _ |
1700 | ++ |
1701 | ++ |
1702 | ++@skipped |
1703 | + class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): |
1704 | + def get_checkout(self): |
1705 | + return KEYSTONECLIENT_REPO, 'essex-3' |
1706 | +@@ -1101,6 +1107,7 @@ class KcEssex3TestCase(CompatTestCase, K |
1707 | + raise nose.exc.SkipTest('N/A') |
1708 | + |
1709 | + |
1710 | ++@skipped |
1711 | + class Kc11TestCase(CompatTestCase, KeystoneClientTests): |
1712 | + def get_checkout(self): |
1713 | + return KEYSTONECLIENT_REPO, '0.1.1' |
1714 | |
1715 | === added directory 'debian/po' |
1716 | === added file 'debian/po/POTFILES.in' |
1717 | --- debian/po/POTFILES.in 1970-01-01 00:00:00 +0000 |
1718 | +++ debian/po/POTFILES.in 2013-01-25 16:27:23 +0000 |
1719 | @@ -0,0 +1,1 @@ |
1720 | +[type: gettext/rfc822deb] keystone.templates |
1721 | |
1722 | === added file 'debian/po/templates.pot' |
1723 | --- debian/po/templates.pot 1970-01-01 00:00:00 +0000 |
1724 | +++ debian/po/templates.pot 2013-01-25 16:27:23 +0000 |
1725 | @@ -0,0 +1,58 @@ |
1726 | +# SOME DESCRIPTIVE TITLE. |
1727 | +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER |
1728 | +# This file is distributed under the same license as the PACKAGE package. |
1729 | +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. |
1730 | +# |
1731 | +#, fuzzy |
1732 | +msgid "" |
1733 | +msgstr "" |
1734 | +"Project-Id-Version: keystone\n" |
1735 | +"Report-Msgid-Bugs-To: keystone@packages.debian.org\n" |
1736 | +"POT-Creation-Date: 2012-11-25 22:21+0000\n" |
1737 | +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" |
1738 | +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" |
1739 | +"Language-Team: LANGUAGE <LL@li.org>\n" |
1740 | +"Language: \n" |
1741 | +"MIME-Version: 1.0\n" |
1742 | +"Content-Type: text/plain; charset=CHARSET\n" |
1743 | +"Content-Transfer-Encoding: 8bit\n" |
1744 | + |
1745 | +#. Type: boolean |
1746 | +#. Description |
1747 | +#: ../keystone.templates:1001 |
1748 | +msgid "Set up a database for keystone?" |
1749 | +msgstr "" |
1750 | + |
1751 | +#. Type: boolean |
1752 | +#. Description |
1753 | +#: ../keystone.templates:1001 |
1754 | +msgid "" |
1755 | +"No database has been set up for keystone to use. Before continuing, you " |
1756 | +"should make sure you have:" |
1757 | +msgstr "" |
1758 | + |
1759 | +#. Type: boolean |
1760 | +#. Description |
1761 | +#: ../keystone.templates:1001 |
1762 | +msgid "" |
1763 | +" - the server host name (that server must allow TCP connections\n" |
1764 | +" from this machine);\n" |
1765 | +" - a username and password to access the database.\n" |
1766 | +" - A database type that you want to use." |
1767 | +msgstr "" |
1768 | + |
1769 | +#. Type: boolean |
1770 | +#. Description |
1771 | +#: ../keystone.templates:1001 |
1772 | +msgid "" |
1773 | +"If some of these requirements are missing, reject this option and run with " |
1774 | +"regular sqlite support." |
1775 | +msgstr "" |
1776 | + |
1777 | +#. Type: boolean |
1778 | +#. Description |
1779 | +#: ../keystone.templates:1001 |
1780 | +msgid "" |
1781 | +"Database configuration can be reconfigured later by running 'dpkg-" |
1782 | +"reconfigure -plow keystone'." |
1783 | +msgstr "" |
1784 | |
1785 | === modified file 'debian/rules' |
1786 | --- debian/rules 2012-11-23 09:01:53 +0000 |
1787 | +++ debian/rules 2013-01-25 16:27:23 +0000 |
1788 | @@ -26,7 +26,7 @@ |
1789 | cp tests/test_overrides.conf tests/test_overrides.conf.orig |
1790 | cp $(CURDIR)/debian/tests/test_overrides.conf $(CURDIR)/tests/test_overrides.conf |
1791 | sed -i 's|%CUR_DIR%|$(CURDIR)|g' $(CURDIR)/tests/test_overrides.conf |
1792 | - PYTHONPATH=$(CURDIR) bash run_tests.sh -N || true |
1793 | + PYTHONPATH=$(CURDIR) bash run_tests.sh -N |
1794 | mv $(CURDIR)/tests/test_overrides.conf.orig $(CURDIR)/tests/test_overrides.conf |
1795 | rm -rf $(CURDIR)/debian/tests/testing.db $(CURDIR)/debian/tests/keystone-signing |
1796 | endif |
1797 | |
1798 | === modified file 'debian/tests/test_overrides.conf' |
1799 | --- debian/tests/test_overrides.conf 2012-11-02 13:48:49 +0000 |
1800 | +++ debian/tests/test_overrides.conf 2013-01-25 16:27:23 +0000 |
1801 | @@ -13,6 +13,6 @@ |
1802 | idle_timeout = 200 |
1803 | |
1804 | [signing] |
1805 | -certfile = signing/signing_cert.pem |
1806 | -keyfile = signing/private_key.pem |
1807 | -ca_certs = signing/cacert.pem |
1808 | +certfile = ../examples/pki/certs/signing_cert.pem |
1809 | +keyfile = ../examples/pki/private/signing_key.pem |
1810 | +ca_certs = ../examples/pki/certs/cacert.pem |
1811 | |
1812 | === modified file 'doc/source/configuration.rst' |
1813 | --- doc/source/configuration.rst 2012-11-23 09:01:53 +0000 |
1814 | +++ doc/source/configuration.rst 2013-01-25 16:27:23 +0000 |
1815 | @@ -388,10 +388,10 @@ |
1816 | * ``etc/logging.conf.sample`` |
1817 | * ``etc/default_catalog.templates`` |
1818 | |
1819 | -.. _`prepare your Essex deployment`: |
1820 | +.. _`prepare your deployment`: |
1821 | |
1822 | -Preparing your Essex deployment |
1823 | -=============================== |
1824 | +Preparing your deployment |
1825 | +========================= |
1826 | |
1827 | Step 1: Configure keystone.conf |
1828 | ------------------------------- |
1829 | @@ -450,9 +450,9 @@ |
1830 | .. NOTE:: |
1831 | |
1832 | Before you can import your legacy data, you must first |
1833 | - `prepare your Essex deployment`_. |
1834 | + `prepare your deployment`_. |
1835 | |
1836 | -Step 1: Ensure your Essex deployment can access your legacy database |
1837 | +Step 1: Ensure your deployment can access your legacy database |
1838 | -------------------------------------------------------------------- |
1839 | |
1840 | Your legacy ``keystone.conf`` contains a SQL configuration section called |
1841 | @@ -461,7 +461,7 @@ |
1842 | |
1843 | sql_connection = sqlite:///keystone.db |
1844 | |
1845 | -This connection string needs to be accessible from your Essex deployment (e.g. |
1846 | +This connection string needs to be accessible from your deployment (e.g. |
1847 | you may need to copy your SQLite ``*.db`` file to a new server, adjust the |
1848 | relative path as appropriate, or open a firewall for MySQL, etc). |
1849 | |
1850 | @@ -474,7 +474,7 @@ |
1851 | $ keystone-manage import_legacy <sql_connection> |
1852 | |
1853 | You should now be able to run the same command you used to test your new |
1854 | -database above, but now you'll see your legacy Keystone data in Essex:: |
1855 | +database above, but now you'll see your legacy Keystone data:: |
1856 | |
1857 | $ keystone --token ADMIN --endpoint http://127.0.0.1:35357/v2.0/ tenant-list |
1858 | +----------------------------------+----------------+---------+ |
1859 | @@ -491,7 +491,7 @@ |
1860 | =============================================================== |
1861 | |
1862 | While legacy Keystone deployments stored the service catalog in the database, |
1863 | -the service catalog in Essex is stored in a flat ``template_file``. An example |
1864 | +the service catalog is stored in a flat ``template_file``. An example |
1865 | service catalog template file may be found in |
1866 | ``etc/default_catalog.templates``. You can change the path to your service |
1867 | catalog template in ``keystone.conf`` by changing the value of |
1868 | @@ -510,13 +510,13 @@ |
1869 | ======================== |
1870 | |
1871 | Migration of users, projects (aka tenants), roles and EC2 credentials |
1872 | -is supported for the Essex release of Nova. To migrate your auth |
1873 | +is supported for the Essex and later releases of Nova. To migrate your auth |
1874 | data from Nova, use the following steps: |
1875 | |
1876 | .. NOTE:: |
1877 | |
1878 | Before you can migrate from nova auth, you must first |
1879 | - `prepare your Essex deployment`_. |
1880 | + `prepare your deployment`_. |
1881 | |
1882 | Step 1: Export your data from Nova |
1883 | ---------------------------------- |
1884 | |
1885 | === modified file 'doc/source/configuringservices.rst' |
1886 | --- doc/source/configuringservices.rst 2012-09-07 13:04:01 +0000 |
1887 | +++ doc/source/configuringservices.rst 2013-01-25 16:27:23 +0000 |
1888 | @@ -176,151 +176,8 @@ |
1889 | --------------------------------- |
1890 | |
1891 | Similar to Nova, swift can be configured to use Keystone for authentication |
1892 | -rather than its built in 'tempauth'. |
1893 | - |
1894 | -1. Add a service endpoint for Swift to Keystone |
1895 | - |
1896 | -2. Configure the paste file for swift-proxy (`/etc/swift/swift-proxy.conf`) |
1897 | - |
1898 | -3. Reconfigure Swift's proxy server to use Keystone instead of TempAuth. |
1899 | - Here's an example `/etc/swift/proxy-server.conf`:: |
1900 | - |
1901 | - [DEFAULT] |
1902 | - bind_port = 8888 |
1903 | - user = <user> |
1904 | - |
1905 | - [pipeline:main] |
1906 | - pipeline = catch_errors healthcheck cache authtoken keystone proxy-server |
1907 | - |
1908 | - [app:proxy-server] |
1909 | - use = egg:swift#proxy |
1910 | - account_autocreate = true |
1911 | - |
1912 | - [filter:keystone] |
1913 | - paste.filter_factory = keystone.middleware.swift_auth:filter_factory |
1914 | - operator_roles = admin, swiftoperator |
1915 | - |
1916 | - [filter:authtoken] |
1917 | - paste.filter_factory = keystone.middleware.auth_token:filter_factory |
1918 | - # Delaying the auth decision is required to support token-less |
1919 | - # usage for anonymous referrers ('.r:*') or for tempurl/formpost |
1920 | - # middleware. |
1921 | - delay_auth_decision = 1 |
1922 | - auth_port = 35357 |
1923 | - auth_host = 127.0.0.1 |
1924 | - auth_token = ADMIN |
1925 | - admin_token = ADMIN |
1926 | - |
1927 | - [filter:cache] |
1928 | - use = egg:swift#memcache |
1929 | - set log_name = cache |
1930 | - |
1931 | - [filter:catch_errors] |
1932 | - use = egg:swift#catch_errors |
1933 | - |
1934 | - [filter:healthcheck] |
1935 | - use = egg:swift#healthcheck |
1936 | - |
1937 | -.. Note:: |
1938 | - Your user needs to have the role swiftoperator or admin by default |
1939 | - to be able to operate on an swift account or as specified by the |
1940 | - variable `operator_roles`. |
1941 | - |
1942 | -4. Restart swift |
1943 | - |
1944 | -5. Verify that keystone is providing authentication to Swift |
1945 | - |
1946 | - $ swift -V 2 -A http://localhost:5000/v2.0 -U admin:admin -K ADMIN stat |
1947 | - |
1948 | -.. NOTE:: |
1949 | - Instead of connecting to Swift here, as you would with other services, we |
1950 | - are connecting directly to Keystone. |
1951 | - |
1952 | -Configuring Swift with S3 emulation to use Keystone |
1953 | ---------------------------------------------------- |
1954 | - |
1955 | -Keystone supports validating S3 tokens using the same tokens as the |
1956 | -generated EC2 tokens. When you have generated a pair of EC2 access |
1957 | -token and secret you can access your swift cluster directly with the |
1958 | -S3 API. |
1959 | - |
1960 | -1. Ensure you have defined the S3 service in your `keystone.conf`. First, define the filter as follows:: |
1961 | - |
1962 | - [filter:s3_extension] |
1963 | - paste.filter_factory = keystone.contrib.s3:S3Extension.factory |
1964 | - |
1965 | -Then, ensure that the filter is being called by the admin_api pipeline, as follows:: |
1966 | - |
1967 | - [pipeline:admin_api] |
1968 | - pipeline = token_auth [....] ec2_extension s3_extension [...] |
1969 | - |
1970 | -2. Configure the paste file for swift-proxy |
1971 | - (`/etc/swift/swift-proxy.conf` to use S3token and Swift3 |
1972 | - middleware. |
1973 | - |
1974 | - Here's an example that by default communicates with keystone via https :: |
1975 | - |
1976 | - [DEFAULT] |
1977 | - bind_port = 8080 |
1978 | - user = <user> |
1979 | - |
1980 | - [pipeline:main] |
1981 | - pipeline = catch_errors healthcheck cache swift3 s3token authtoken keystone proxy-server |
1982 | - |
1983 | - [app:proxy-server] |
1984 | - use = egg:swift#proxy |
1985 | - account_autocreate = true |
1986 | - |
1987 | - [filter:catch_errors] |
1988 | - use = egg:swift#catch_errors |
1989 | - |
1990 | - [filter:healthcheck] |
1991 | - use = egg:swift#healthcheck |
1992 | - |
1993 | - [filter:cache] |
1994 | - use = egg:swift#memcache |
1995 | - |
1996 | - [filter:swift3] |
1997 | - use = egg:swift#swift3 |
1998 | - |
1999 | - [filter:keystone] |
2000 | - paste.filter_factory = keystone.middleware.swift_auth:filter_factory |
2001 | - operator_roles = admin, swiftoperator |
2002 | - |
2003 | - [filter:s3token] |
2004 | - paste.filter_factory = keystone.middleware.s3_token:filter_factory |
2005 | - # uncomment the following line if you don't want to use SSL |
2006 | - # auth_protocol = http |
2007 | - auth_port = 35357 |
2008 | - auth_host = 127.0.0.1 |
2009 | - |
2010 | - [filter:authtoken] |
2011 | - paste.filter_factory = keystone.middleware.auth_token:filter_factory |
2012 | - # uncomment the following line if you don't want to use SSL |
2013 | - # auth_protocol = http |
2014 | - auth_port = 35357 |
2015 | - auth_host = 127.0.0.1 |
2016 | - auth_token = ADMIN |
2017 | - admin_token = ADMIN |
2018 | - |
2019 | -3. You can then access directly your Swift via the S3 API, here's an |
2020 | - example with the `boto` library:: |
2021 | - |
2022 | - import boto |
2023 | - import boto.s3.connection |
2024 | - |
2025 | - connection = boto.connect_s3( |
2026 | - aws_access_key_id='<ec2 access key for user>', |
2027 | - aws_secret_access_key='<ec2 secret access key for user>', |
2028 | - port=8080, |
2029 | - host='localhost', |
2030 | - is_secure=False, |
2031 | - calling_format=boto.s3.connection.OrdinaryCallingFormat()) |
2032 | - |
2033 | - |
2034 | -.. Note:: |
2035 | - With the S3 middleware you are connecting to the `Swift` proxy and |
2036 | - not to `keystone`. |
2037 | +rather than its built in 'tempauth'. Refer to the `overview_auth` documentation |
2038 | +in Swift. |
2039 | |
2040 | Auth-Token Middleware with Username and Password |
2041 | ------------------------------------------------ |
2042 | |
2043 | === added file 'doc/source/external-auth.rst' |
2044 | --- doc/source/external-auth.rst 1970-01-01 00:00:00 +0000 |
2045 | +++ doc/source/external-auth.rst 2013-01-25 16:27:23 +0000 |
2046 | @@ -0,0 +1,117 @@ |
2047 | +=========================================== |
2048 | +Using external authentication with Keystone |
2049 | +=========================================== |
2050 | + |
2051 | +When Keystone is executed in :doc:`HTTPD <apache-httpd>` it is possible to |
2052 | +use external authentication methods different from the authentication |
2053 | +provided by the identity store backend. For example, this makes possible to |
2054 | +use a SQL identity backend together with X.509 authentication, Kerberos, etc. |
2055 | +instead of using the username/password combination. |
2056 | + |
2057 | +Using HTTPD authentication |
2058 | +========================== |
2059 | + |
2060 | +Webservers like Apache HTTP support many methods of authentication. Keystone can |
2061 | +profit from this feature and let the authentication be done in the webserver, |
2062 | +that will pass down the authenticated user to Keystone using the ``REMOTE_USER`` |
2063 | +environment variable. This user must exist in advance in the identity backend |
2064 | +so as to get a token from the controller. |
2065 | + |
2066 | +To use this method, Keystone should be running on :doc:`HTTPD <apache-httpd>`. |
2067 | + |
2068 | +X.509 example |
2069 | +------------- |
2070 | + |
2071 | +The following snippet for the Apache conf will authenticate the user based on |
2072 | +a valid X.509 certificate from a known CA:: |
2073 | + |
2074 | + <VirtualHost _default_:5000> |
2075 | + SSLEngine on |
2076 | + SSLCertificateFile /etc/ssl/certs/ssl.cert |
2077 | + SSLCertificateKeyFile /etc/ssl/private/ssl.key |
2078 | + |
2079 | + SSLCACertificatePath /etc/ssl/allowed_cas |
2080 | + SSLCARevocationPath /etc/ssl/allowed_cas |
2081 | + SSLUserName SSL_CLIENT_S_DN_CN |
2082 | + SSLVerifyClient require |
2083 | + SSLVerifyDepth 10 |
2084 | + |
2085 | + (...) |
2086 | + </VirtualHost> |
2087 | + |
2088 | +Developing a WSGI middleware for authentication |
2089 | +=============================================== |
2090 | + |
2091 | +In addition to the method described above, it is possible to implement other |
2092 | +custom authentication mechanisms using the ``REMOTE_USER`` WSGI environment |
2093 | +variable. |
2094 | + |
2095 | +.. ATTENTION:: |
2096 | + Please note that even if it is possible to develop a custom authentication |
2097 | + module, it is preferable to use the modules in the HTTPD server. Such |
2098 | + authentication modules in webservers like Apache have normally undergone |
2099 | + years of development and use in production systems and are actively maintained |
2100 | + upstream. Developing a custom authentication module that implements the same |
2101 | + authentication as an existing Apache module likely introduces a higher |
2102 | + security risk. |
2103 | + |
2104 | +If you find you must implement a custom authentication mechanism, you will need |
2105 | +to develop a custom WSGI middleware pipeline component. This middleware should |
2106 | +set the environment variable ``REMOTE_USER`` to the authenticated username. |
2107 | +Keystone then will assume that the user has been already authenticated upstream |
2108 | +and will not try to authenticate it. However, as with HTTPD authentication, the |
2109 | +user must exist in advance in the identity backend so that a proper token can |
2110 | +be issued. |
2111 | + |
2112 | +Your code should set the ``REMOTE_USER`` if the user is properly authenticated, |
2113 | +following the semantics below:: |
2114 | + |
2115 | + class MyMiddlewareAuth(wsgi.Middleware): |
2116 | + def __init__(self, *args, **kwargs): |
2117 | + super(MyMiddlewareAuth, self).__init__(*args, **kwargs) |
2118 | + |
2119 | + def process_request(self, request): |
2120 | + if request.environ.get('REMOTE_USER', None) is not None: |
2121 | + # Assume that it is authenticated upstream |
2122 | + return self.application |
2123 | + |
2124 | + if not self.is_auth_applicable(request): |
2125 | + # Not applicable |
2126 | + return self.application |
2127 | + |
2128 | + username = self.do_auth(request): |
2129 | + if username is not None: |
2130 | + # User is authenticated |
2131 | + request.environ['REMOTE_USER'] = username |
2132 | + else: |
2133 | + # User is not authenticated |
2134 | + raise exception.Unauthorized("Invalid user") |
2135 | + |
2136 | + |
2137 | +Pipeline configuration |
2138 | +---------------------- |
2139 | + |
2140 | +Once you have your WSGI middleware component developed you have to add it to |
2141 | +your pipeline. The first step is to add the middleware to your configuration file. |
2142 | +Assuming that your middleware module is ``keystone.middleware.MyMiddlewareAuth``, |
2143 | +you can configure it in your ``keystone.conf`` as:: |
2144 | + |
2145 | + [filter:my_auth] |
2146 | + paste.filter_factory = keystone.middleware.MyMiddlewareAuth.factory |
2147 | + |
2148 | +The second step is to add your middleware to the pipeline. The exact place where |
2149 | +you should place it will depend on your code (i.e. if you need for example that |
2150 | +the request body is converted from JSON before perform the authentication you |
2151 | +should place it after the ``json_body`` filter) but it should be set before the |
2152 | +``public_service`` (for the ``public_api`` pipeline) or ``admin_service`` (for |
2153 | +the ``admin_api`` pipeline), since they consume authentication. |
2154 | + |
2155 | +For example, if the original pipeline looks like this:: |
2156 | + |
2157 | + [pipeline:public_api] |
2158 | + pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service |
2159 | + |
2160 | +Your modified pipeline might then look like this:: |
2161 | + |
2162 | + [pipeline:public_api] |
2163 | + pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body my_auth debug ec2_extension user_crud_extension public_service |
2164 | |
2165 | === modified file 'doc/source/index.rst' |
2166 | --- doc/source/index.rst 2012-11-23 09:01:53 +0000 |
2167 | +++ doc/source/index.rst 2013-01-25 16:27:23 +0000 |
2168 | @@ -66,6 +66,7 @@ |
2169 | middlewarearchitecture |
2170 | api_curl_examples |
2171 | apache-httpd |
2172 | + external-auth |
2173 | |
2174 | Code Documentation |
2175 | ================== |
2176 | |
2177 | === modified file 'doc/source/setup.rst' |
2178 | --- doc/source/setup.rst 2012-03-16 11:19:40 +0000 |
2179 | +++ doc/source/setup.rst 2013-01-25 16:27:23 +0000 |
2180 | @@ -70,7 +70,7 @@ |
2181 | |
2182 | The first is the list of dependencies needed for running keystone, the second list includes dependencies used for active development and testing of keystone itself. |
2183 | |
2184 | -These depdendencies can be installed from PyPi_ using the python tool pip_. |
2185 | +These dependencies can be installed from PyPi_ using the python tool pip_. |
2186 | |
2187 | .. _PyPi: http://pypi.python.org/ |
2188 | .. _pip: http://pypi.python.org/pypi/pip |
2189 | |
2190 | === modified file 'keystone.egg-info/SOURCES.txt' |
2191 | --- keystone.egg-info/SOURCES.txt 2012-11-23 09:01:53 +0000 |
2192 | +++ keystone.egg-info/SOURCES.txt 2013-01-25 16:27:23 +0000 |
2193 | @@ -26,6 +26,7 @@ |
2194 | doc/source/configuration.rst |
2195 | doc/source/configuringservices.rst |
2196 | doc/source/developing.rst |
2197 | +doc/source/external-auth.rst |
2198 | doc/source/index.rst |
2199 | doc/source/installing.rst |
2200 | doc/source/middlewarearchitecture.rst |
2201 | @@ -81,7 +82,9 @@ |
2202 | keystone/clean.py |
2203 | keystone/cli.py |
2204 | keystone/config.py |
2205 | +keystone/controllers.py |
2206 | keystone/exception.py |
2207 | +keystone/routers.py |
2208 | keystone/service.py |
2209 | keystone/test.py |
2210 | keystone.egg-info/PKG-INFO |
2211 | @@ -91,7 +94,9 @@ |
2212 | keystone.egg-info/requires.txt |
2213 | keystone.egg-info/top_level.txt |
2214 | keystone/catalog/__init__.py |
2215 | +keystone/catalog/controllers.py |
2216 | keystone/catalog/core.py |
2217 | +keystone/catalog/routers.py |
2218 | keystone/catalog/backends/__init__.py |
2219 | keystone/catalog/backends/kvs.py |
2220 | keystone/catalog/backends/sql.py |
2221 | @@ -100,12 +105,14 @@ |
2222 | keystone/common/bufferedhttp.py |
2223 | keystone/common/cms.py |
2224 | keystone/common/controller.py |
2225 | +keystone/common/dependency.py |
2226 | keystone/common/kvs.py |
2227 | keystone/common/logging.py |
2228 | keystone/common/manager.py |
2229 | keystone/common/models.py |
2230 | keystone/common/openssl.py |
2231 | keystone/common/policy.py |
2232 | +keystone/common/router.py |
2233 | keystone/common/serializer.py |
2234 | keystone/common/systemd.py |
2235 | keystone/common/utils.py |
2236 | @@ -127,13 +134,19 @@ |
2237 | keystone/common/sql/migrate_repo/versions/002_sqlite_downgrade.sql |
2238 | keystone/common/sql/migrate_repo/versions/002_sqlite_upgrade.sql |
2239 | keystone/common/sql/migrate_repo/versions/002_token_id_hash.py |
2240 | -keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql |
2241 | keystone/common/sql/migrate_repo/versions/003_sqlite_upgrade.sql |
2242 | keystone/common/sql/migrate_repo/versions/003_token_valid.py |
2243 | keystone/common/sql/migrate_repo/versions/004_undo_token_id_hash.py |
2244 | keystone/common/sql/migrate_repo/versions/005_set_utf8_character_set.py |
2245 | keystone/common/sql/migrate_repo/versions/006_add_policy_table.py |
2246 | keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py |
2247 | +keystone/common/sql/migrate_repo/versions/008_normalize_identity.py |
2248 | +keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql |
2249 | +keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py |
2250 | +keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py |
2251 | +keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py |
2252 | +keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py |
2253 | +keystone/common/sql/migrate_repo/versions/013_add_group_tables.py |
2254 | keystone/common/sql/migrate_repo/versions/__init__.py |
2255 | keystone/contrib/__init__.py |
2256 | keystone/contrib/admin_crud/__init__.py |
2257 | @@ -152,7 +165,9 @@ |
2258 | keystone/contrib/user_crud/__init__.py |
2259 | keystone/contrib/user_crud/core.py |
2260 | keystone/identity/__init__.py |
2261 | +keystone/identity/controllers.py |
2262 | keystone/identity/core.py |
2263 | +keystone/identity/routers.py |
2264 | keystone/identity/backends/__init__.py |
2265 | keystone/identity/backends/kvs.py |
2266 | keystone/identity/backends/pam.py |
2267 | @@ -161,13 +176,13 @@ |
2268 | keystone/identity/backends/ldap/core.py |
2269 | keystone/locale/keystone.pot |
2270 | keystone/locale/ca/LC_MESSAGES/keystone.po |
2271 | +keystone/locale/hu/LC_MESSAGES/keystone.po |
2272 | keystone/locale/ja/LC_MESSAGES/keystone.po |
2273 | keystone/middleware/__init__.py |
2274 | keystone/middleware/auth_token.py |
2275 | keystone/middleware/core.py |
2276 | keystone/middleware/ec2_token.py |
2277 | keystone/middleware/s3_token.py |
2278 | -keystone/middleware/swift_auth.py |
2279 | keystone/openstack/__init__.py |
2280 | keystone/openstack/common/README |
2281 | keystone/openstack/common/__init__.py |
2282 | @@ -178,12 +193,16 @@ |
2283 | keystone/openstack/common/setup.py |
2284 | keystone/openstack/common/timeutils.py |
2285 | keystone/policy/__init__.py |
2286 | +keystone/policy/controllers.py |
2287 | keystone/policy/core.py |
2288 | +keystone/policy/routers.py |
2289 | keystone/policy/backends/__init__.py |
2290 | keystone/policy/backends/rules.py |
2291 | keystone/policy/backends/sql.py |
2292 | keystone/token/__init__.py |
2293 | +keystone/token/controllers.py |
2294 | keystone/token/core.py |
2295 | +keystone/token/routers.py |
2296 | keystone/token/backends/__init__.py |
2297 | keystone/token/backends/kvs.py |
2298 | keystone/token/backends/memcache.py |
2299 | @@ -203,6 +222,7 @@ |
2300 | tests/legacy_essex.mysql |
2301 | tests/legacy_essex.sqlite |
2302 | tests/policy.json |
2303 | +tests/test_auth.py |
2304 | tests/test_auth_token_middleware.py |
2305 | tests/test_backend.py |
2306 | tests/test_backend_kvs.py |
2307 | @@ -213,8 +233,11 @@ |
2308 | tests/test_backend_templated.py |
2309 | tests/test_cert_setup.py |
2310 | tests/test_content_types.py |
2311 | +tests/test_contrib_s3_core.py |
2312 | +tests/test_drivers.py |
2313 | tests/test_exception.py |
2314 | tests/test_import_legacy.py |
2315 | +tests/test_injection.py |
2316 | tests/test_keystoneclient.py |
2317 | tests/test_keystoneclient_sql.py |
2318 | tests/test_middleware.py |
2319 | @@ -223,12 +246,10 @@ |
2320 | tests/test_policy.py |
2321 | tests/test_s3_token_middleware.py |
2322 | tests/test_serializer.py |
2323 | -tests/test_service.py |
2324 | tests/test_setup.py |
2325 | tests/test_singular_plural.py |
2326 | tests/test_sql_upgrade.py |
2327 | tests/test_ssl.py |
2328 | -tests/test_swift_auth_middleware.py |
2329 | tests/test_url_middleware.py |
2330 | tests/test_utils.py |
2331 | tests/test_v3.py |
2332 | @@ -238,6 +259,7 @@ |
2333 | tests/test_versions.py |
2334 | tests/test_wsgi.py |
2335 | tools/convert_to_sqlite.sh |
2336 | +tools/flakes.py |
2337 | tools/install_venv.py |
2338 | tools/pip-requires |
2339 | tools/sample_data.sh |
2340 | |
2341 | === modified file 'keystone.egg-info/requires.txt' |
2342 | --- keystone.egg-info/requires.txt 2012-11-23 09:01:53 +0000 |
2343 | +++ keystone.egg-info/requires.txt 2013-01-25 16:27:23 +0000 |
2344 | @@ -1,5 +1,5 @@ |
2345 | pam==0.1.4 |
2346 | -WebOb==1.0.8 |
2347 | +WebOb==1.2.3 |
2348 | eventlet |
2349 | greenlet |
2350 | PasteDeploy |
2351 | |
2352 | === modified file 'keystone/catalog/__init__.py' |
2353 | --- keystone/catalog/__init__.py 2012-03-16 11:19:40 +0000 |
2354 | +++ keystone/catalog/__init__.py 2013-01-25 16:27:23 +0000 |
2355 | @@ -15,3 +15,5 @@ |
2356 | # under the License. |
2357 | |
2358 | from keystone.catalog.core import * |
2359 | +from keystone.catalog import controllers |
2360 | +from keystone.catalog import routers |
2361 | |
2362 | === modified file 'keystone/catalog/backends/sql.py' |
2363 | --- keystone/catalog/backends/sql.py 2012-11-23 09:01:53 +0000 |
2364 | +++ keystone/catalog/backends/sql.py 2013-01-25 16:27:23 +0000 |
2365 | @@ -36,12 +36,14 @@ |
2366 | |
2367 | class Endpoint(sql.ModelBase, sql.DictBase): |
2368 | __tablename__ = 'endpoint' |
2369 | - attributes = ['id', 'region', 'service_id'] |
2370 | + attributes = ['id', 'interface', 'region', 'service_id', 'url'] |
2371 | id = sql.Column(sql.String(64), primary_key=True) |
2372 | + interface = sql.Column(sql.String(8), primary_key=True) |
2373 | region = sql.Column('region', sql.String(255)) |
2374 | service_id = sql.Column(sql.String(64), |
2375 | sql.ForeignKey('service.id'), |
2376 | nullable=False) |
2377 | + url = sql.Column(sql.Text()) |
2378 | extra = sql.Column(sql.JsonBlob()) |
2379 | |
2380 | |
2381 | @@ -88,7 +90,9 @@ |
2382 | old_dict = ref.to_dict() |
2383 | old_dict.update(service_ref) |
2384 | new_service = Service.from_dict(old_dict) |
2385 | - ref.type = new_service.type |
2386 | + for attr in Service.attributes: |
2387 | + if attr != 'id': |
2388 | + setattr(ref, attr, getattr(new_service, attr)) |
2389 | ref.extra = new_service.extra |
2390 | session.flush() |
2391 | return ref.to_dict() |
2392 | @@ -132,8 +136,9 @@ |
2393 | old_dict = ref.to_dict() |
2394 | old_dict.update(endpoint_ref) |
2395 | new_endpoint = Endpoint.from_dict(old_dict) |
2396 | - ref.service_id = new_endpoint.service_id |
2397 | - ref.region = new_endpoint.region |
2398 | + for attr in Endpoint.attributes: |
2399 | + if attr != 'id': |
2400 | + setattr(ref, attr, getattr(new_endpoint, attr)) |
2401 | ref.extra = new_endpoint.extra |
2402 | session.flush() |
2403 | return ref.to_dict() |
2404 | @@ -142,25 +147,28 @@ |
2405 | d = dict(CONF.iteritems()) |
2406 | d.update({'tenant_id': tenant_id, |
2407 | 'user_id': user_id}) |
2408 | + |
2409 | catalog = {} |
2410 | - |
2411 | - endpoints = self.list_endpoints() |
2412 | - for ep in endpoints: |
2413 | - service = self.get_service(ep['service_id']) |
2414 | - srv_type = service['type'] |
2415 | - srv_name = service['name'] |
2416 | - region = ep['region'] |
2417 | - |
2418 | - if region not in catalog: |
2419 | - catalog[region] = {} |
2420 | - |
2421 | - catalog[region][srv_type] = {} |
2422 | - |
2423 | - srv_type = catalog[region][srv_type] |
2424 | - srv_type['id'] = ep['id'] |
2425 | - srv_type['name'] = srv_name |
2426 | - srv_type['publicURL'] = core.format_url(ep.get('publicurl', ''), d) |
2427 | - srv_type['internalURL'] = core.format_url(ep.get('internalurl'), d) |
2428 | - srv_type['adminURL'] = core.format_url(ep.get('adminurl'), d) |
2429 | + services = {} |
2430 | + for endpoint in self.list_endpoints(): |
2431 | + # look up the service |
2432 | + services.setdefault( |
2433 | + endpoint['service_id'], |
2434 | + self.get_service(endpoint['service_id'])) |
2435 | + service = services[endpoint['service_id']] |
2436 | + |
2437 | + # add the endpoint to the catalog if it's not already there |
2438 | + catalog.setdefault(endpoint['region'], {}) |
2439 | + catalog[endpoint['region']].setdefault( |
2440 | + service['type'], { |
2441 | + 'id': endpoint['id'], |
2442 | + 'name': service['name'], |
2443 | + 'publicURL': '', # this may be overridden, but must exist |
2444 | + }) |
2445 | + |
2446 | + # add the interface's url |
2447 | + url = core.format_url(endpoint.get('url'), d) |
2448 | + interface_url = '%sURL' % endpoint['interface'] |
2449 | + catalog[endpoint['region']][service['type']][interface_url] = url |
2450 | |
2451 | return catalog |
2452 | |
2453 | === modified file 'keystone/catalog/backends/templated.py' |
2454 | --- keystone/catalog/backends/templated.py 2012-11-02 13:48:49 +0000 |
2455 | +++ keystone/catalog/backends/templated.py 2013-01-25 16:27:23 +0000 |
2456 | @@ -106,7 +106,7 @@ |
2457 | try: |
2458 | self.templates = parse_templates(open(template_file)) |
2459 | except IOError: |
2460 | - LOG.critical('Unable to open template file %s' % template_file) |
2461 | + LOG.critical(_('Unable to open template file %s') % template_file) |
2462 | raise |
2463 | |
2464 | def get_catalog(self, user_id, tenant_id, metadata=None): |
2465 | |
2466 | === added file 'keystone/catalog/controllers.py' |
2467 | --- keystone/catalog/controllers.py 1970-01-01 00:00:00 +0000 |
2468 | +++ keystone/catalog/controllers.py 2013-01-25 16:27:23 +0000 |
2469 | @@ -0,0 +1,184 @@ |
2470 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
2471 | + |
2472 | +# Copyright 2012 OpenStack LLC |
2473 | +# Copyright 2012 Canonical Ltd. |
2474 | +# |
2475 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
2476 | +# not use this file except in compliance with the License. You may obtain |
2477 | +# a copy of the License at |
2478 | +# |
2479 | +# http://www.apache.org/licenses/LICENSE-2.0 |
2480 | +# |
2481 | +# Unless required by applicable law or agreed to in writing, software |
2482 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
2483 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
2484 | +# License for the specific language governing permissions and limitations |
2485 | +# under the License. |
2486 | + |
2487 | +import uuid |
2488 | + |
2489 | +from keystone.common import controller |
2490 | +from keystone.common import dependency |
2491 | +from keystone import exception |
2492 | + |
2493 | + |
2494 | +INTERFACES = ['public', 'internal', 'admin'] |
2495 | + |
2496 | + |
2497 | +@dependency.requires('catalog_api') |
2498 | +class Service(controller.V2Controller): |
2499 | + def get_services(self, context): |
2500 | + self.assert_admin(context) |
2501 | + service_list = self.catalog_api.list_services(context) |
2502 | + return {'OS-KSADM:services': service_list} |
2503 | + |
2504 | + def get_service(self, context, service_id): |
2505 | + self.assert_admin(context) |
2506 | + service_ref = self.catalog_api.get_service(context, service_id) |
2507 | + return {'OS-KSADM:service': service_ref} |
2508 | + |
2509 | + def delete_service(self, context, service_id): |
2510 | + self.assert_admin(context) |
2511 | + self.catalog_api.delete_service(context, service_id) |
2512 | + |
2513 | + def create_service(self, context, OS_KSADM_service): |
2514 | + self.assert_admin(context) |
2515 | + service_id = uuid.uuid4().hex |
2516 | + service_ref = OS_KSADM_service.copy() |
2517 | + service_ref['id'] = service_id |
2518 | + new_service_ref = self.catalog_api.create_service( |
2519 | + context, service_id, service_ref) |
2520 | + return {'OS-KSADM:service': new_service_ref} |
2521 | + |
2522 | + |
2523 | +@dependency.requires('catalog_api') |
2524 | +class Endpoint(controller.V2Controller): |
2525 | + def get_endpoints(self, context): |
2526 | + """Merge matching v3 endpoint refs into legacy refs.""" |
2527 | + self.assert_admin(context) |
2528 | + legacy_endpoints = {} |
2529 | + for endpoint in self.catalog_api.list_endpoints(context): |
2530 | + if not endpoint['legacy_endpoint_id']: |
2531 | + # endpoints created in v3 should not appear on the v2 API |
2532 | + continue |
2533 | + |
2534 | + # is this is a legacy endpoint we haven't indexed yet? |
2535 | + if endpoint['legacy_endpoint_id'] not in legacy_endpoints: |
2536 | + legacy_ep = endpoint.copy() |
2537 | + legacy_ep['id'] = legacy_ep.pop('legacy_endpoint_id') |
2538 | + legacy_ep.pop('interface') |
2539 | + legacy_ep.pop('url') |
2540 | + |
2541 | + legacy_endpoints[endpoint['legacy_endpoint_id']] = legacy_ep |
2542 | + else: |
2543 | + legacy_ep = legacy_endpoints[endpoint['legacy_endpoint_id']] |
2544 | + |
2545 | + # add the legacy endpoint with an interface url |
2546 | + legacy_ep['%surl' % endpoint['interface']] = endpoint['url'] |
2547 | + return {'endpoints': legacy_endpoints.values()} |
2548 | + |
2549 | + def create_endpoint(self, context, endpoint): |
2550 | + """Create three v3 endpoint refs based on a legacy ref.""" |
2551 | + self.assert_admin(context) |
2552 | + |
2553 | + legacy_endpoint_ref = endpoint.copy() |
2554 | + |
2555 | + urls = dict((i, endpoint.pop('%surl' % i)) for i in INTERFACES) |
2556 | + legacy_endpoint_id = uuid.uuid4().hex |
2557 | + for interface, url in urls.iteritems(): |
2558 | + endpoint_ref = endpoint.copy() |
2559 | + endpoint_ref['id'] = uuid.uuid4().hex |
2560 | + endpoint_ref['legacy_endpoint_id'] = legacy_endpoint_id |
2561 | + endpoint_ref['interface'] = interface |
2562 | + endpoint_ref['url'] = url |
2563 | + |
2564 | + self.catalog_api.create_endpoint( |
2565 | + context, endpoint_ref['id'], endpoint_ref) |
2566 | + |
2567 | + legacy_endpoint_ref['id'] = legacy_endpoint_id |
2568 | + return {'endpoint': legacy_endpoint_ref} |
2569 | + |
2570 | + def delete_endpoint(self, context, endpoint_id): |
2571 | + """Delete up to three v3 endpoint refs based on a legacy ref ID.""" |
2572 | + self.assert_admin(context) |
2573 | + |
2574 | + deleted_at_least_one = False |
2575 | + for endpoint in self.catalog_api.list_endpoints(context): |
2576 | + if endpoint['legacy_endpoint_id'] == endpoint_id: |
2577 | + self.catalog_api.delete_endpoint(context, endpoint['id']) |
2578 | + deleted_at_least_one = True |
2579 | + |
2580 | + if not deleted_at_least_one: |
2581 | + raise exception.EndpointNotFound(endpoint_id=endpoint_id) |
2582 | + |
2583 | + |
2584 | +@dependency.requires('catalog_api') |
2585 | +class ServiceV3(controller.V3Controller): |
2586 | + @controller.protected |
2587 | + def create_service(self, context, service): |
2588 | + ref = self._assign_unique_id(self._normalize_dict(service)) |
2589 | + self._require_attribute(ref, 'type') |
2590 | + |
2591 | + ref = self.catalog_api.create_service(context, ref['id'], ref) |
2592 | + return {'service': ref} |
2593 | + |
2594 | + @controller.protected |
2595 | + def list_services(self, context): |
2596 | + refs = self.catalog_api.list_services(context) |
2597 | + refs = self._filter_by_attribute(context, refs, 'type') |
2598 | + return {'services': self._paginate(context, refs)} |
2599 | + |
2600 | + @controller.protected |
2601 | + def get_service(self, context, service_id): |
2602 | + ref = self.catalog_api.get_service(context, service_id) |
2603 | + return {'service': ref} |
2604 | + |
2605 | + @controller.protected |
2606 | + def update_service(self, context, service_id, service): |
2607 | + self._require_matching_id(service_id, service) |
2608 | + |
2609 | + ref = self.catalog_api.update_service(context, service_id, service) |
2610 | + return {'service': ref} |
2611 | + |
2612 | + @controller.protected |
2613 | + def delete_service(self, context, service_id): |
2614 | + return self.catalog_api.delete_service(context, service_id) |
2615 | + |
2616 | + |
2617 | +@dependency.requires('catalog_api') |
2618 | +class EndpointV3(controller.V3Controller): |
2619 | + @controller.protected |
2620 | + def create_endpoint(self, context, endpoint): |
2621 | + ref = self._assign_unique_id(self._normalize_dict(endpoint)) |
2622 | + self._require_attribute(ref, 'service_id') |
2623 | + self._require_attribute(ref, 'interface') |
2624 | + self.catalog_api.get_service(context, ref['service_id']) |
2625 | + |
2626 | + ref = self.catalog_api.create_endpoint(context, ref['id'], ref) |
2627 | + return {'endpoint': ref} |
2628 | + |
2629 | + @controller.protected |
2630 | + def list_endpoints(self, context): |
2631 | + refs = self.catalog_api.list_endpoints(context) |
2632 | + refs = self._filter_by_attribute(context, refs, 'service_id') |
2633 | + refs = self._filter_by_attribute(context, refs, 'interface') |
2634 | + return {'endpoints': self._paginate(context, refs)} |
2635 | + |
2636 | + @controller.protected |
2637 | + def get_endpoint(self, context, endpoint_id): |
2638 | + ref = self.catalog_api.get_endpoint(context, endpoint_id) |
2639 | + return {'endpoint': ref} |
2640 | + |
2641 | + @controller.protected |
2642 | + def update_endpoint(self, context, endpoint_id, endpoint): |
2643 | + self._require_matching_id(endpoint_id, endpoint) |
2644 | + |
2645 | + if 'service_id' in endpoint: |
2646 | + self.catalog_api.get_service(context, endpoint['service_id']) |
2647 | + |
2648 | + ref = self.catalog_api.update_endpoint(context, endpoint_id, endpoint) |
2649 | + return {'endpoint': ref} |
2650 | + |
2651 | + @controller.protected |
2652 | + def delete_endpoint(self, context, endpoint_id): |
2653 | + return self.catalog_api.delete_endpoint(context, endpoint_id) |
2654 | |
2655 | === modified file 'keystone/catalog/core.py' |
2656 | --- keystone/catalog/core.py 2012-11-23 09:01:53 +0000 |
2657 | +++ keystone/catalog/core.py 2013-01-25 16:27:23 +0000 |
2658 | @@ -17,17 +17,11 @@ |
2659 | |
2660 | """Main entry point into the Catalog service.""" |
2661 | |
2662 | -import uuid |
2663 | - |
2664 | -from keystone.common import controller |
2665 | +from keystone.common import dependency |
2666 | from keystone.common import logging |
2667 | from keystone.common import manager |
2668 | -from keystone.common import wsgi |
2669 | from keystone import config |
2670 | from keystone import exception |
2671 | -from keystone import identity |
2672 | -from keystone import policy |
2673 | -from keystone import token |
2674 | |
2675 | |
2676 | CONF = config.CONF |
2677 | @@ -41,21 +35,24 @@ |
2678 | except AttributeError: |
2679 | return None |
2680 | except KeyError as e: |
2681 | - LOG.error("Malformed endpoint %s - unknown key %s" % |
2682 | - (url, str(e))) |
2683 | + LOG.error(_("Malformed endpoint %(url)s - unknown key %(keyerror)s") % |
2684 | + {"url": url, |
2685 | + "keyerror": str(e)}) |
2686 | raise exception.MalformedEndpoint(endpoint=url) |
2687 | except TypeError as e: |
2688 | - LOG.error("Malformed endpoint %s - type mismatch %s \ |
2689 | - (are you missing brackets ?)" % |
2690 | - (url, str(e))) |
2691 | + LOG.error(_("Malformed endpoint %(url)s - unknown key %(keyerror)s" |
2692 | + "(are you missing brackets ?)") % |
2693 | + {"url": url, |
2694 | + "keyerror": str(e)}) |
2695 | raise exception.MalformedEndpoint(endpoint=url) |
2696 | except ValueError as e: |
2697 | - LOG.error("Malformed endpoint %s - incomplete format \ |
2698 | - (are you missing a type notifier ?)" % url) |
2699 | + LOG.error(_("Malformed endpoint %s - incomplete format \ |
2700 | + (are you missing a type notifier ?)") % url) |
2701 | raise exception.MalformedEndpoint(endpoint=url) |
2702 | return result |
2703 | |
2704 | |
2705 | +@dependency.provider('catalog_api') |
2706 | class Manager(manager.Manager): |
2707 | """Default pivot point for the Catalog backend. |
2708 | |
2709 | @@ -216,132 +213,3 @@ |
2710 | |
2711 | """ |
2712 | raise exception.NotImplemented() |
2713 | - |
2714 | - |
2715 | -class ServiceController(wsgi.Application): |
2716 | - def __init__(self): |
2717 | - self.catalog_api = Manager() |
2718 | - self.identity_api = identity.Manager() |
2719 | - self.policy_api = policy.Manager() |
2720 | - self.token_api = token.Manager() |
2721 | - super(ServiceController, self).__init__() |
2722 | - |
2723 | - def get_services(self, context): |
2724 | - self.assert_admin(context) |
2725 | - service_list = self.catalog_api.list_services(context) |
2726 | - return {'OS-KSADM:services': service_list} |
2727 | - |
2728 | - def get_service(self, context, service_id): |
2729 | - self.assert_admin(context) |
2730 | - service_ref = self.catalog_api.get_service(context, service_id) |
2731 | - return {'OS-KSADM:service': service_ref} |
2732 | - |
2733 | - def delete_service(self, context, service_id): |
2734 | - self.assert_admin(context) |
2735 | - self.catalog_api.delete_service(context, service_id) |
2736 | - |
2737 | - def create_service(self, context, OS_KSADM_service): |
2738 | - self.assert_admin(context) |
2739 | - service_id = uuid.uuid4().hex |
2740 | - service_ref = OS_KSADM_service.copy() |
2741 | - service_ref['id'] = service_id |
2742 | - new_service_ref = self.catalog_api.create_service( |
2743 | - context, service_id, service_ref) |
2744 | - return {'OS-KSADM:service': new_service_ref} |
2745 | - |
2746 | - |
2747 | -class EndpointController(wsgi.Application): |
2748 | - def __init__(self): |
2749 | - self.catalog_api = Manager() |
2750 | - self.identity_api = identity.Manager() |
2751 | - self.policy_api = policy.Manager() |
2752 | - self.token_api = token.Manager() |
2753 | - super(EndpointController, self).__init__() |
2754 | - |
2755 | - def get_endpoints(self, context): |
2756 | - self.assert_admin(context) |
2757 | - endpoint_list = self.catalog_api.list_endpoints(context) |
2758 | - return {'endpoints': endpoint_list} |
2759 | - |
2760 | - def create_endpoint(self, context, endpoint): |
2761 | - self.assert_admin(context) |
2762 | - endpoint_id = uuid.uuid4().hex |
2763 | - endpoint_ref = endpoint.copy() |
2764 | - endpoint_ref['id'] = endpoint_id |
2765 | - new_endpoint_ref = self.catalog_api.create_endpoint( |
2766 | - context, endpoint_id, endpoint_ref) |
2767 | - return {'endpoint': new_endpoint_ref} |
2768 | - |
2769 | - def delete_endpoint(self, context, endpoint_id): |
2770 | - self.assert_admin(context) |
2771 | - self.catalog_api.delete_endpoint(context, endpoint_id) |
2772 | - |
2773 | - |
2774 | -class ServiceControllerV3(controller.V3Controller): |
2775 | - @controller.protected |
2776 | - def create_service(self, context, service): |
2777 | - ref = self._assign_unique_id(self._normalize_dict(service)) |
2778 | - self._require_attribute(ref, 'type') |
2779 | - |
2780 | - ref = self.catalog_api.create_service(context, ref['id'], ref) |
2781 | - return {'service': ref} |
2782 | - |
2783 | - @controller.protected |
2784 | - def list_services(self, context): |
2785 | - refs = self.catalog_api.list_services(context) |
2786 | - refs = self._filter_by_attribute(context, refs, 'type') |
2787 | - return {'services': self._paginate(context, refs)} |
2788 | - |
2789 | - @controller.protected |
2790 | - def get_service(self, context, service_id): |
2791 | - ref = self.catalog_api.get_service(context, service_id) |
2792 | - return {'service': ref} |
2793 | - |
2794 | - @controller.protected |
2795 | - def update_service(self, context, service_id, service): |
2796 | - self._require_matching_id(service_id, service) |
2797 | - |
2798 | - ref = self.catalog_api.update_service(context, service_id, service) |
2799 | - return {'service': ref} |
2800 | - |
2801 | - @controller.protected |
2802 | - def delete_service(self, context, service_id): |
2803 | - return self.catalog_api.delete_service(context, service_id) |
2804 | - |
2805 | - |
2806 | -class EndpointControllerV3(controller.V3Controller): |
2807 | - @controller.protected |
2808 | - def create_endpoint(self, context, endpoint): |
2809 | - ref = self._assign_unique_id(self._normalize_dict(endpoint)) |
2810 | - self._require_attribute(ref, 'service_id') |
2811 | - self._require_attribute(ref, 'interface') |
2812 | - self.catalog_api.get_service(context, ref['service_id']) |
2813 | - |
2814 | - ref = self.catalog_api.create_endpoint(context, ref['id'], ref) |
2815 | - return {'endpoint': ref} |
2816 | - |
2817 | - @controller.protected |
2818 | - def list_endpoints(self, context): |
2819 | - refs = self.catalog_api.list_endpoints(context) |
2820 | - refs = self._filter_by_attribute(context, refs, 'service_id') |
2821 | - refs = self._filter_by_attribute(context, refs, 'interface') |
2822 | - return {'endpoints': self._paginate(context, refs)} |
2823 | - |
2824 | - @controller.protected |
2825 | - def get_endpoint(self, context, endpoint_id): |
2826 | - ref = self.catalog_api.get_endpoint(context, endpoint_id) |
2827 | - return {'endpoint': ref} |
2828 | - |
2829 | - @controller.protected |
2830 | - def update_endpoint(self, context, endpoint_id, endpoint): |
2831 | - self._require_matching_id(endpoint_id, endpoint) |
2832 | - |
2833 | - if 'service_id' in endpoint: |
2834 | - self.catalog_api.get_service(context, endpoint['service_id']) |
2835 | - |
2836 | - ref = self.catalog_api.update_endpoint(context, endpoint_id, endpoint) |
2837 | - return {'endpoint': ref} |
2838 | - |
2839 | - @controller.protected |
2840 | - def delete_endpoint(self, context, endpoint_id): |
2841 | - return self.catalog_api.delete_endpoint(context, endpoint_id) |
2842 | |
2843 | === added file 'keystone/catalog/routers.py' |
2844 | --- keystone/catalog/routers.py 1970-01-01 00:00:00 +0000 |
2845 | +++ keystone/catalog/routers.py 2013-01-25 16:27:23 +0000 |
2846 | @@ -0,0 +1,25 @@ |
2847 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
2848 | + |
2849 | +# Copyright 2012 OpenStack LLC |
2850 | +# |
2851 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
2852 | +# not use this file except in compliance with the License. You may obtain |
2853 | +# a copy of the License at |
2854 | +# |
2855 | +# http://www.apache.org/licenses/LICENSE-2.0 |
2856 | +# |
2857 | +# Unless required by applicable law or agreed to in writing, software |
2858 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
2859 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
2860 | +# License for the specific language governing permissions and limitations |
2861 | +# under the License. |
2862 | + |
2863 | +from keystone.catalog import controllers |
2864 | +from keystone.common import router |
2865 | + |
2866 | + |
2867 | +def append_v3_routers(mapper, routers): |
2868 | + routers.append(router.Router(controllers.ServiceV3(), |
2869 | + 'services', 'service')) |
2870 | + routers.append(router.Router(controllers.EndpointV3(), |
2871 | + 'endpoints', 'endpoint')) |
2872 | |
2873 | === modified file 'keystone/clean.py' |
2874 | --- keystone/clean.py 2012-11-23 09:01:53 +0000 |
2875 | +++ keystone/clean.py 2013-01-25 16:27:23 +0000 |
2876 | @@ -20,20 +20,21 @@ |
2877 | def check_length(property_name, value, min_length=1, max_length=64): |
2878 | if len(value) < min_length: |
2879 | if min_length == 1: |
2880 | - msg = "%s cannot be empty." % property_name |
2881 | + msg = _("%s cannot be empty.") % property_name |
2882 | else: |
2883 | - msg = ("%(property_name)s cannot be less than " |
2884 | - "%(min_length)s characters.") % locals() |
2885 | + msg = (_("%(property_name)s cannot be less than " |
2886 | + "%(min_length)s characters.")) % locals() |
2887 | raise exception.ValidationError(msg) |
2888 | if len(value) > max_length: |
2889 | - msg = ("%(property_name)s should not be greater than " |
2890 | - "%(max_length)s characters.") % locals() |
2891 | + msg = (_("%(property_name)s should not be greater than " |
2892 | + "%(max_length)s characters.")) % locals() |
2893 | raise exception.ValidationError(msg) |
2894 | |
2895 | |
2896 | def check_type(property_name, value, expected_type, display_expected_type): |
2897 | if not isinstance(value, expected_type): |
2898 | - msg = "%(property_name)s is not a %(display_expected_type)s" % locals() |
2899 | + msg = _("%(property_name)s is not a" |
2900 | + "%(display_expected_type)s") % locals() |
2901 | raise exception.ValidationError(msg) |
2902 | |
2903 | |
2904 | @@ -54,3 +55,7 @@ |
2905 | |
2906 | def user_name(name): |
2907 | return check_name('User', name) |
2908 | + |
2909 | + |
2910 | +def group_name(name): |
2911 | + return check_name('Group', name) |
2912 | |
2913 | === modified file 'keystone/cli.py' |
2914 | --- keystone/cli.py 2012-07-06 10:37:01 +0000 |
2915 | +++ keystone/cli.py 2013-01-25 16:27:23 +0000 |
2916 | @@ -16,11 +16,9 @@ |
2917 | |
2918 | from __future__ import absolute_import |
2919 | |
2920 | -import sys |
2921 | -import textwrap |
2922 | - |
2923 | from keystone import config |
2924 | from keystone.common import openssl |
2925 | +from keystone.openstack.common import cfg |
2926 | from keystone.openstack.common import importutils |
2927 | from keystone.openstack.common import jsonutils |
2928 | |
2929 | @@ -28,17 +26,14 @@ |
2930 | |
2931 | |
2932 | class BaseApp(object): |
2933 | - def __init__(self, argv=None): |
2934 | - self.argv = argv |
2935 | - |
2936 | - def run(self): |
2937 | - return self.main() |
2938 | - |
2939 | - def missing_param(self, param): |
2940 | - print 'Missing parameter: %s' % param |
2941 | - CONF.print_help() |
2942 | - print_commands(CMDS) |
2943 | - sys.exit(1) |
2944 | + |
2945 | + name = None |
2946 | + |
2947 | + @classmethod |
2948 | + def add_argument_parser(cls, subparsers): |
2949 | + parser = subparsers.add_parser(cls.name, help=cls.__doc__) |
2950 | + parser.set_defaults(cmd_class=cls) |
2951 | + return parser |
2952 | |
2953 | |
2954 | class DbSync(BaseApp): |
2955 | @@ -46,10 +41,8 @@ |
2956 | |
2957 | name = 'db_sync' |
2958 | |
2959 | - def __init__(self, *args, **kw): |
2960 | - super(DbSync, self).__init__(*args, **kw) |
2961 | - |
2962 | - def main(self): |
2963 | + @staticmethod |
2964 | + def main(): |
2965 | for k in ['identity', 'catalog', 'policy', 'token']: |
2966 | driver = importutils.import_object(getattr(CONF, k).driver) |
2967 | if hasattr(driver, 'db_sync'): |
2968 | @@ -61,10 +54,8 @@ |
2969 | |
2970 | name = 'pki_setup' |
2971 | |
2972 | - def __init__(self, *args, **kw): |
2973 | - super(PKISetup, self).__init__(*args, **kw) |
2974 | - |
2975 | - def main(self): |
2976 | + @staticmethod |
2977 | + def main(): |
2978 | conf_ssl = openssl.ConfigurePKI() |
2979 | conf_ssl.run() |
2980 | |
2981 | @@ -74,15 +65,16 @@ |
2982 | |
2983 | name = 'import_legacy' |
2984 | |
2985 | - def __init__(self, *args, **kw): |
2986 | - super(ImportLegacy, self).__init__(*args, **kw) |
2987 | + @classmethod |
2988 | + def add_argument_parser(cls, subparsers): |
2989 | + parser = super(ImportLegacy, cls).add_argument_parser(subparsers) |
2990 | + parser.add_argument('old_db') |
2991 | + return parser |
2992 | |
2993 | - def main(self): |
2994 | + @staticmethod |
2995 | + def main(): |
2996 | from keystone.common.sql import legacy |
2997 | - if len(self.argv) < 2: |
2998 | - return self.missing_param('old_db') |
2999 | - old_db = self.argv[1] |
3000 | - migration = legacy.LegacyMigration(old_db) |
3001 | + migration = legacy.LegacyMigration(CONF.command.old_db) |
3002 | migration.migrate_all() |
3003 | |
3004 | |
3005 | @@ -91,15 +83,17 @@ |
3006 | |
3007 | name = 'export_legacy_catalog' |
3008 | |
3009 | - def __init__(self, *args, **kw): |
3010 | - super(ExportLegacyCatalog, self).__init__(*args, **kw) |
3011 | + @classmethod |
3012 | + def add_argument_parser(cls, subparsers): |
3013 | + parser = super(ExportLegacyCatalog, |
3014 | + cls).add_argument_parser(subparsers) |
3015 | + parser.add_argument('old_db') |
3016 | + return parser |
3017 | |
3018 | - def main(self): |
3019 | + @staticmethod |
3020 | + def main(): |
3021 | from keystone.common.sql import legacy |
3022 | - if len(self.argv) < 2: |
3023 | - return self.missing_param('old_db') |
3024 | - old_db = self.argv[1] |
3025 | - migration = legacy.LegacyMigration(old_db) |
3026 | + migration = legacy.LegacyMigration(CONF.command.old_db) |
3027 | print '\n'.join(migration.dump_catalog()) |
3028 | |
3029 | |
3030 | @@ -108,60 +102,43 @@ |
3031 | |
3032 | name = 'import_nova_auth' |
3033 | |
3034 | - def __init__(self, *args, **kw): |
3035 | - super(ImportNovaAuth, self).__init__(*args, **kw) |
3036 | + @classmethod |
3037 | + def add_argument_parser(cls, subparsers): |
3038 | + parser = super(ImportNovaAuth, cls).add_argument_parser(subparsers) |
3039 | + parser.add_argument('dump_file') |
3040 | + return parser |
3041 | |
3042 | - def main(self): |
3043 | + @staticmethod |
3044 | + def main(): |
3045 | from keystone.common.sql import nova |
3046 | - if len(self.argv) < 2: |
3047 | - return self.missing_param('dump_file') |
3048 | - dump_file = self.argv[1] |
3049 | - dump_data = jsonutils.loads(open(dump_file).read()) |
3050 | + dump_data = jsonutils.loads(open(CONF.command.dump_file).read()) |
3051 | nova.import_auth(dump_data) |
3052 | |
3053 | |
3054 | -CMDS = {'db_sync': DbSync, |
3055 | - 'import_legacy': ImportLegacy, |
3056 | - 'export_legacy_catalog': ExportLegacyCatalog, |
3057 | - 'import_nova_auth': ImportNovaAuth, |
3058 | - 'pki_setup': PKISetup, |
3059 | - } |
3060 | - |
3061 | - |
3062 | -def print_commands(cmds): |
3063 | |
3064 | - print 'Available commands:' |
3065 | - o = [] |
3066 | - max_length = max([len(k) for k in cmds]) + 2 |
3067 | - for k, cmd in sorted(cmds.iteritems()): |
3068 | - initial_indent = '%s%s: ' % (' ' * (max_length - len(k)), k) |
3069 | - tw = textwrap.TextWrapper(initial_indent=initial_indent, |
3070 | - subsequent_indent=' ' * (max_length + 2), |
3071 | - width=80) |
3072 | - o.extend(tw.wrap( |
3073 | - (cmd.__doc__ and cmd.__doc__ or 'no docs').strip().split('\n')[0])) |
3074 | - print '\n'.join(o) |
3075 | - |
3076 | - |
3077 | -def run(cmd, args): |
3078 | - return CMDS[cmd](argv=args).run() |
3079 | +CMDS = [ |
3080 | + DbSync, |
3081 | + ExportLegacyCatalog, |
3082 | + ImportLegacy, |
3083 | + ImportNovaAuth, |
3084 | + PKISetup, |
3085 | +] |
3086 | + |
3087 | + |
3088 | +def add_command_parsers(subparsers): |
3089 | + for cmd in CMDS: |
3090 | + cmd.add_argument_parser(subparsers) |
3091 | + |
3092 | + |
3093 | +command_opt = cfg.SubCommandOpt('command', |
3094 | + title='Commands', |
3095 | + help='Available commands', |
3096 | + handler=add_command_parsers) |
3097 | |
3098 | |
3099 | def main(argv=None, config_files=None): |
3100 | - CONF.reset() |
3101 | - args = CONF(args=argv, |
3102 | - project='keystone', |
3103 | - usage='%prog COMMAND', |
3104 | - default_config_files=config_files) |
3105 | - |
3106 | - if len(args) < 2: |
3107 | - CONF.print_help() |
3108 | - print_commands(CMDS) |
3109 | - sys.exit(1) |
3110 | - |
3111 | - cmd = args[1] |
3112 | - if cmd in CMDS: |
3113 | - return run(cmd, (args[:1] + args[2:])) |
3114 | - else: |
3115 | - print_commands(CMDS) |
3116 | - sys.exit("Unknown command: %s" % cmd) |
3117 | + CONF.register_cli_opt(command_opt) |
3118 | + CONF(args=argv[1:], |
3119 | + project='keystone', |
3120 | + usage='%(prog)s [' + '|'.join([cmd.name for cmd in CMDS]) + ']', |
3121 | + default_config_files=config_files) |
3122 | + CONF.command.cmd_class.main() |
3123 | |
3124 | === modified file 'keystone/common/bufferedhttp.py' |
3125 | --- keystone/common/bufferedhttp.py 2012-11-23 09:01:53 +0000 |
3126 | +++ keystone/common/bufferedhttp.py 2013-01-25 16:27:23 +0000 |
3127 | @@ -99,8 +99,8 @@ |
3128 | |
3129 | def getresponse(self): |
3130 | response = HTTPConnection.getresponse(self) |
3131 | - LOG.debug('HTTP PERF: %(time).5f seconds to %(method)s ' |
3132 | - '%(host)s:%(port)s %(path)s)', |
3133 | + LOG.debug(_('HTTP PERF: %(time).5f seconds to %(method)s ' |
3134 | + '%(host)s:%(port)s %(path)s)'), |
3135 | {'time': time.time() - self._connected_time, |
3136 | 'method': self._method, |
3137 | 'host': self.host, |
3138 | |
3139 | === modified file 'keystone/common/cms.py' |
3140 | --- keystone/common/cms.py 2012-11-23 09:01:53 +0000 |
3141 | +++ keystone/common/cms.py 2013-01-25 16:27:23 +0000 |
3142 | @@ -41,7 +41,7 @@ |
3143 | output, err = process.communicate(formatted) |
3144 | retcode = process.poll() |
3145 | if retcode: |
3146 | - LOG.error('Verify error: %s' % err) |
3147 | + LOG.error(_('Verify error: %s') % err) |
3148 | raise subprocess.CalledProcessError(retcode, "openssl", output=err) |
3149 | return output |
3150 | |
3151 | @@ -131,7 +131,7 @@ |
3152 | output, err = process.communicate(text) |
3153 | retcode = process.poll() |
3154 | if retcode or "Error" in err: |
3155 | - LOG.error('Signing error: %s' % err) |
3156 | + LOG.error(_('Signing error: %s') % err) |
3157 | raise subprocess.CalledProcessError(retcode, "openssl") |
3158 | return output |
3159 | |
3160 | |
3161 | === modified file 'keystone/common/controller.py' |
3162 | --- keystone/common/controller.py 2012-11-23 09:01:53 +0000 |
3163 | +++ keystone/common/controller.py 2013-01-25 16:27:23 +0000 |
3164 | @@ -1,6 +1,7 @@ |
3165 | import uuid |
3166 | import functools |
3167 | |
3168 | +from keystone.common import dependency |
3169 | from keystone.common import logging |
3170 | from keystone.common import wsgi |
3171 | from keystone import exception |
3172 | @@ -17,15 +18,15 @@ |
3173 | if not context['is_admin']: |
3174 | action = 'identity:%s' % f.__name__ |
3175 | |
3176 | - LOG.debug('RBAC: Authorizing %s(%s)' % ( |
3177 | + LOG.debug(_('RBAC: Authorizing %s(%s)' % ( |
3178 | action, |
3179 | - ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs]))) |
3180 | + ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])))) |
3181 | |
3182 | try: |
3183 | token_ref = self.token_api.get_token( |
3184 | context=context, token_id=context['token_id']) |
3185 | except exception.TokenNotFound: |
3186 | - LOG.warning('RBAC: Invalid token') |
3187 | + LOG.warning(_('RBAC: Invalid token')) |
3188 | raise exception.Unauthorized() |
3189 | |
3190 | creds = token_ref['metadata'].copy() |
3191 | @@ -33,13 +34,13 @@ |
3192 | try: |
3193 | creds['user_id'] = token_ref['user'].get('id') |
3194 | except AttributeError: |
3195 | - LOG.warning('RBAC: Invalid user') |
3196 | + LOG.warning(_('RBAC: Invalid user')) |
3197 | raise exception.Unauthorized() |
3198 | |
3199 | try: |
3200 | creds['tenant_id'] = token_ref['tenant'].get('id') |
3201 | except AttributeError: |
3202 | - LOG.debug('RBAC: Proceeding without tenant') |
3203 | + LOG.debug(_('RBAC: Proceeding without tenant')) |
3204 | |
3205 | # NOTE(vish): this is pretty inefficient |
3206 | creds['roles'] = [self.identity_api.get_role(context, role)['name'] |
3207 | @@ -47,24 +48,23 @@ |
3208 | |
3209 | self.policy_api.enforce(context, creds, action, kwargs) |
3210 | |
3211 | - LOG.debug('RBAC: Authorization granted') |
3212 | + LOG.debug(_('RBAC: Authorization granted')) |
3213 | else: |
3214 | - LOG.warning('RBAC: Bypassing authorization') |
3215 | + LOG.warning(_('RBAC: Bypassing authorization')) |
3216 | |
3217 | return f(self, context, **kwargs) |
3218 | return wrapper |
3219 | |
3220 | |
3221 | -class V3Controller(wsgi.Application): |
3222 | +@dependency.requires('identity_api', 'policy_api', 'token_api') |
3223 | +class V2Controller(wsgi.Application): |
3224 | + """Base controller class for Identity API v2.""" |
3225 | + pass |
3226 | + |
3227 | + |
3228 | +class V3Controller(V2Controller): |
3229 | """Base controller class for Identity API v3.""" |
3230 | |
3231 | - def __init__(self, catalog_api, identity_api, token_api, policy_api): |
3232 | - self.catalog_api = catalog_api |
3233 | - self.identity_api = identity_api |
3234 | - self.policy_api = policy_api |
3235 | - self.token_api = token_api |
3236 | - super(V3Controller, self).__init__() |
3237 | - |
3238 | def _paginate(self, context, refs): |
3239 | """Paginates a list of references by page & per_page query strings.""" |
3240 | page = context['query_string'].get('page', 1) |
3241 | |
3242 | === added file 'keystone/common/dependency.py' |
3243 | --- keystone/common/dependency.py 1970-01-01 00:00:00 +0000 |
3244 | +++ keystone/common/dependency.py 2013-01-25 16:27:23 +0000 |
3245 | @@ -0,0 +1,67 @@ |
3246 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
3247 | + |
3248 | +# Copyright 2012 OpenStack LLC |
3249 | +# |
3250 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
3251 | +# not use this file except in compliance with the License. You may obtain |
3252 | +# a copy of the License at |
3253 | +# |
3254 | +# http://www.apache.org/licenses/LICENSE-2.0 |
3255 | +# |
3256 | +# Unless required by applicable law or agreed to in writing, software |
3257 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
3258 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
3259 | +# License for the specific language governing permissions and limitations |
3260 | +# under the License. |
3261 | + |
3262 | +REGISTRY = {} |
3263 | + |
3264 | + |
3265 | +class UnresolvableDependencyException(Exception): |
3266 | + def __init__(self, name): |
3267 | + msg = 'Unregistered dependency: %s' % name |
3268 | + super(UnresolvableDependencyException, self).__init__(msg) |
3269 | + |
3270 | + |
3271 | +def provider(name): |
3272 | + """Register the wrapped dependency provider under the specified name.""" |
3273 | + def wrapper(cls): |
3274 | + def wrapped(init): |
3275 | + def __wrapped_init__(self, *args, **kwargs): |
3276 | + """Initialize the wrapped object and add it to the registry.""" |
3277 | + init(self, *args, **kwargs) |
3278 | + REGISTRY[name] = self |
3279 | + |
3280 | + return __wrapped_init__ |
3281 | + |
3282 | + cls.__init__ = wrapped(cls.__init__) |
3283 | + return cls |
3284 | + |
3285 | + return wrapper |
3286 | + |
3287 | + |
3288 | +def requires(*dependencies): |
3289 | + """Inject specified dependencies from the registry into the instance.""" |
3290 | + def wrapper(self, *args, **kwargs): |
3291 | + """Inject each dependency from the registry.""" |
3292 | + self.__wrapped_init__(*args, **kwargs) |
3293 | + |
3294 | + for dependency in self._dependencies: |
3295 | + if dependency not in REGISTRY: |
3296 | + raise UnresolvableDependencyException(dependency) |
3297 | + setattr(self, dependency, REGISTRY[dependency]) |
3298 | + |
3299 | + def wrapped(cls): |
3300 | + """Note the required dependencies on the object for later injection. |
3301 | + |
3302 | + The dependencies of the parent class are combined with that of the |
3303 | + child class to create a new set of dependencies. |
3304 | + """ |
3305 | + existing_dependencies = getattr(cls, '_dependencies', set()) |
3306 | + cls._dependencies = existing_dependencies.union(dependencies) |
3307 | + if not hasattr(cls, '__wrapped_init__'): |
3308 | + cls.__wrapped_init__ = cls.__init__ |
3309 | + cls.__init__ = wrapper |
3310 | + return cls |
3311 | + |
3312 | + return wrapped |
3313 | |
3314 | === modified file 'keystone/common/ldap/core.py' |
3315 | --- keystone/common/ldap/core.py 2012-11-23 09:01:53 +0000 |
3316 | +++ keystone/common/ldap/core.py 2013-01-25 16:27:23 +0000 |
3317 | @@ -168,8 +168,8 @@ |
3318 | pass |
3319 | else: |
3320 | raise exception.Conflict(type=self.options_name, |
3321 | - details='Duplicate name, %s.' % |
3322 | - values['name']) |
3323 | + details=_('Duplicate name, %s.') % |
3324 | + values['name']) |
3325 | |
3326 | if values.get('id') is not None: |
3327 | try: |
3328 | @@ -178,12 +178,13 @@ |
3329 | pass |
3330 | else: |
3331 | raise exception.Conflict(type=self.options_name, |
3332 | - details='Duplicate ID, %s.' % |
3333 | - values['id']) |
3334 | + details=_('Duplicate ID, %s.') % |
3335 | + values['id']) |
3336 | |
3337 | def create(self, values): |
3338 | if not self.allow_create: |
3339 | - msg = 'LDAP backend does not allow %s create' % self.options_name |
3340 | + msg = _('LDAP backend does not allow %s create') \ |
3341 | + % self.options_name |
3342 | raise exception.ForbiddenAction(msg) |
3343 | |
3344 | conn = self.get_connection() |
3345 | @@ -289,7 +290,8 @@ |
3346 | |
3347 | def update(self, id, values, old_obj=None): |
3348 | if not self.allow_update: |
3349 | - msg = 'LDAP backend does not allow %s update' % self.options_name |
3350 | + msg = _('LDAP backend does not allow %s update') \ |
3351 | + % self.options_name |
3352 | raise exception.ForbiddenAction(msg) |
3353 | |
3354 | if old_obj is None: |
3355 | @@ -316,7 +318,8 @@ |
3356 | |
3357 | def delete(self, id): |
3358 | if not self.allow_delete: |
3359 | - msg = 'LDAP backend does not allow %s delete' % self.options_name |
3360 | + msg = _('LDAP backend does not allow %s delete') \ |
3361 | + % self.options_name |
3362 | raise exception.ForbiddenAction(msg) |
3363 | |
3364 | conn = self.get_connection() |
3365 | @@ -333,11 +336,11 @@ |
3366 | |
3367 | class LdapWrapper(object): |
3368 | def __init__(self, url): |
3369 | - LOG.debug("LDAP init: url=%s", url) |
3370 | + LOG.debug(_("LDAP init: url=%s", url)) |
3371 | self.conn = ldap.initialize(url) |
3372 | |
3373 | def simple_bind_s(self, user, password): |
3374 | - LOG.debug("LDAP bind: dn=%s", user) |
3375 | + LOG.debug(_("LDAP bind: dn=%s", user)) |
3376 | return self.conn.simple_bind_s(user, password) |
3377 | |
3378 | def add_s(self, dn, attrs): |
3379 | @@ -348,15 +351,15 @@ |
3380 | if kind != 'userPassword' |
3381 | else ['****']) |
3382 | for kind, values in ldap_attrs] |
3383 | - LOG.debug('LDAP add: dn=%s, attrs=%s', dn, sane_attrs) |
3384 | + LOG.debug(_('LDAP add: dn=%s, attrs=%s', dn, sane_attrs)) |
3385 | return self.conn.add_s(dn, ldap_attrs) |
3386 | |
3387 | def search_s(self, dn, scope, query): |
3388 | if LOG.isEnabledFor(logging.DEBUG): |
3389 | - LOG.debug('LDAP search: dn=%s, scope=%s, query=%s', |
3390 | + LOG.debug(_('LDAP search: dn=%s, scope=%s, query=%s', |
3391 | dn, |
3392 | scope, |
3393 | - query) |
3394 | + query)) |
3395 | res = self.conn.search_s(dn, scope, query) |
3396 | |
3397 | o = [] |
3398 | @@ -376,14 +379,14 @@ |
3399 | sane_modlist = [(op, kind, (values if kind != 'userPassword' |
3400 | else ['****'])) |
3401 | for op, kind, values in ldap_modlist] |
3402 | - LOG.debug("LDAP modify: dn=%s, modlist=%s", dn, sane_modlist) |
3403 | + LOG.debug(_("LDAP modify: dn=%s, modlist=%s", dn, sane_modlist)) |
3404 | |
3405 | return self.conn.modify_s(dn, ldap_modlist) |
3406 | |
3407 | def delete_s(self, dn): |
3408 | - LOG.debug("LDAP delete: dn=%s", dn) |
3409 | + LOG.debug(_("LDAP delete: dn=%s", dn)) |
3410 | return self.conn.delete_s(dn) |
3411 | |
3412 | def delete_ext_s(self, dn, serverctrls): |
3413 | - LOG.debug("LDAP delete_ext: dn=%s, serverctrls=%s", dn, serverctrls) |
3414 | + LOG.debug(_("LDAP delete_ext: dn=%s, serverctrls=%s", dn, serverctrls)) |
3415 | return self.conn.delete_ext_s(dn, serverctrls) |
3416 | |
3417 | === modified file 'keystone/common/ldap/fakeldap.py' |
3418 | --- keystone/common/ldap/fakeldap.py 2012-11-02 13:48:49 +0000 |
3419 | +++ keystone/common/ldap/fakeldap.py 2013-01-25 16:27:23 +0000 |
3420 | @@ -145,7 +145,7 @@ |
3421 | __prefix = 'ldap:' |
3422 | |
3423 | def __init__(self, url): |
3424 | - LOG.debug('FakeLdap initialize url=%s', url) |
3425 | + LOG.debug(_('FakeLdap initialize url=%s'), url) |
3426 | if url == 'fake://memory': |
3427 | self.db = FakeShelve.get_instance() |
3428 | else: |
3429 | @@ -155,26 +155,27 @@ |
3430 | """This method is ignored, but provided for compatibility.""" |
3431 | if server_fail: |
3432 | raise ldap.SERVER_DOWN |
3433 | - LOG.debug('FakeLdap bind dn=%s', dn) |
3434 | + LOG.debug(_('FakeLdap bind dn=%s'), dn) |
3435 | if dn == 'cn=Admin' and password == 'password': |
3436 | return |
3437 | |
3438 | try: |
3439 | attrs = self.db['%s%s' % (self.__prefix, dn)] |
3440 | except KeyError: |
3441 | - LOG.error('FakeLdap bind fail: dn=%s not found', dn) |
3442 | + LOG.error(_('FakeLdap bind fail: dn=%s not found'), dn) |
3443 | raise ldap.NO_SUCH_OBJECT |
3444 | |
3445 | db_password = None |
3446 | try: |
3447 | db_password = attrs['userPassword'][0] |
3448 | except (KeyError, IndexError): |
3449 | - LOG.error('FakeLdap bind fail: password for dn=%s not found', dn) |
3450 | + LOG.error(_('FakeLdap bind fail: password for dn=%s not found'), |
3451 | + dn) |
3452 | raise ldap.INAPPROPRIATE_AUTH |
3453 | |
3454 | if not utils.ldap_check_password(password, db_password): |
3455 | - LOG.error('FakeLdap bind fail: password for dn=%s does' |
3456 | - ' not match' % dn) |
3457 | + LOG.error(_('FakeLdap bind fail: password for dn=%s does' |
3458 | + ' not match') % dn) |
3459 | raise ldap.INVALID_CREDENTIALS |
3460 | |
3461 | def unbind_s(self): |
3462 | @@ -188,10 +189,10 @@ |
3463 | raise ldap.SERVER_DOWN |
3464 | |
3465 | key = '%s%s' % (self.__prefix, dn) |
3466 | - LOG.debug('FakeLdap add item: dn=%s, attrs=%s', dn, attrs) |
3467 | + LOG.debug(_('FakeLdap add item: dn=%s, attrs=%s'), dn, attrs) |
3468 | if key in self.db: |
3469 | - LOG.error('FakeLdap add item failed: dn=%s is' |
3470 | - ' already in store.', dn) |
3471 | + LOG.error(_('FakeLdap add item failed: dn=%s is' |
3472 | + ' already in store.'), dn) |
3473 | raise ldap.ALREADY_EXISTS(dn) |
3474 | |
3475 | self.db[key] = dict([(k, v if isinstance(v, list) else [v]) |
3476 | @@ -204,11 +205,11 @@ |
3477 | raise ldap.SERVER_DOWN |
3478 | |
3479 | key = '%s%s' % (self.__prefix, dn) |
3480 | - LOG.debug('FakeLdap delete item: dn=%s', dn) |
3481 | + LOG.debug(_('FakeLdap delete item: dn=%s'), dn) |
3482 | try: |
3483 | del self.db[key] |
3484 | except KeyError: |
3485 | - LOG.error('FakeLdap delete item failed: dn=%s not found.', dn) |
3486 | + LOG.error(_('FakeLdap delete item failed: dn=%s not found.'), dn) |
3487 | raise ldap.NO_SUCH_OBJECT |
3488 | self.db.sync() |
3489 | |
3490 | @@ -218,11 +219,11 @@ |
3491 | raise ldap.SERVER_DOWN |
3492 | |
3493 | key = '%s%s' % (self.__prefix, dn) |
3494 | - LOG.debug('FakeLdap delete item: dn=%s', dn) |
3495 | + LOG.debug(_('FakeLdap delete item: dn=%s'), dn) |
3496 | try: |
3497 | del self.db[key] |
3498 | except KeyError: |
3499 | - LOG.error('FakeLdap delete item failed: dn=%s not found.', dn) |
3500 | + LOG.error(_('FakeLdap delete item failed: dn=%s not found.'), dn) |
3501 | raise ldap.NO_SUCH_OBJECT |
3502 | self.db.sync() |
3503 | |
3504 | @@ -237,11 +238,11 @@ |
3505 | raise ldap.SERVER_DOWN |
3506 | |
3507 | key = '%s%s' % (self.__prefix, dn) |
3508 | - LOG.debug('FakeLdap modify item: dn=%s attrs=%s', dn, attrs) |
3509 | + LOG.debug(_('FakeLdap modify item: dn=%s attrs=%s'), dn, attrs) |
3510 | try: |
3511 | entry = self.db[key] |
3512 | except KeyError: |
3513 | - LOG.error('FakeLdap modify item failed: dn=%s not found.', dn) |
3514 | + LOG.error(_('FakeLdap modify item failed: dn=%s not found.'), dn) |
3515 | raise ldap.NO_SUCH_OBJECT |
3516 | |
3517 | for cmd, k, v in attrs: |
3518 | @@ -258,8 +259,8 @@ |
3519 | elif cmd == ldap.MOD_DELETE: |
3520 | if v is None: |
3521 | if len(values) == 0: |
3522 | - LOG.error('FakeLdap modify item failed: ' |
3523 | - 'item has no attribute "%s" to delete', k) |
3524 | + LOG.error(_('FakeLdap modify item failed: ' |
3525 | + 'item has no attribute "%s" to delete'), k) |
3526 | raise ldap.NO_SUCH_ATTRIBUTE |
3527 | values[:] = [] |
3528 | else: |
3529 | @@ -269,15 +270,15 @@ |
3530 | try: |
3531 | values.remove(val) |
3532 | except ValueError: |
3533 | - LOG.error('FakeLdap modify item failed:' |
3534 | + LOG.error(_('FakeLdap modify item failed:' |
3535 | ' item has no attribute "%s" with' |
3536 | - ' value "%s" to delete', k, val) |
3537 | + ' value "%s" to delete'), k, val) |
3538 | raise ldap.NO_SUCH_ATTRIBUTE |
3539 | else: |
3540 | - LOG.error('FakeLdap modify item failed: unknown' |
3541 | - ' command %s', cmd) |
3542 | - raise NotImplementedError('modify_s action %s not implemented' |
3543 | - % cmd) |
3544 | + LOG.error(_('FakeLdap modify item failed: unknown' |
3545 | + ' command %s'), cmd) |
3546 | + raise NotImplementedError(_('modify_s action %s not' |
3547 | + ' implemented') % cmd) |
3548 | self.db[key] = entry |
3549 | self.db.sync() |
3550 | |
3551 | @@ -294,13 +295,14 @@ |
3552 | if server_fail: |
3553 | raise ldap.SERVER_DOWN |
3554 | |
3555 | - LOG.debug('FakeLdap search at dn=%s scope=%s query=%s', |
3556 | + LOG.debug(_('FakeLdap search at dn=%s scope=%s query=%s'), |
3557 | dn, SCOPE_NAMES.get(scope, scope), query) |
3558 | if scope == ldap.SCOPE_BASE: |
3559 | try: |
3560 | item_dict = self.db['%s%s' % (self.__prefix, dn)] |
3561 | except KeyError: |
3562 | - LOG.debug('FakeLdap search fail: dn not found for SCOPE_BASE') |
3563 | + LOG.debug(_('FakeLdap search fail: dn not found for' |
3564 | + ' SCOPE_BASE')) |
3565 | raise ldap.NO_SUCH_OBJECT |
3566 | results = [(dn, item_dict)] |
3567 | elif scope == ldap.SCOPE_SUBTREE: |
3568 | @@ -313,7 +315,7 @@ |
3569 | if re.match('%s\w+=[^,]+,%s' % (self.__prefix, dn), k)] |
3570 | else: |
3571 | LOG.error('FakeLdap search fail: unknown scope %s', scope) |
3572 | - raise NotImplementedError('Search scope %s not implemented.' |
3573 | + raise NotImplementedError(_('Search scope %s not implemented.') |
3574 | % scope) |
3575 | |
3576 | objects = [] |
3577 | |
3578 | === modified file 'keystone/common/models.py' |
3579 | --- keystone/common/models.py 2012-11-02 13:48:49 +0000 |
3580 | +++ keystone/common/models.py 2013-01-25 16:27:23 +0000 |
3581 | @@ -78,7 +78,7 @@ |
3582 | """ |
3583 | |
3584 | required_keys = ('id', 'region', 'service_id') |
3585 | - optional_keys = ('interalurl', 'publicurl', 'adminurl') |
3586 | + optional_keys = ('internalurl', 'publicurl', 'adminurl') |
3587 | |
3588 | |
3589 | class User(Model): |
3590 | @@ -99,6 +99,23 @@ |
3591 | optional_keys = ('password', 'description', 'email', 'enabled') |
3592 | |
3593 | |
3594 | +class Group(Model): |
3595 | + """Group object. |
3596 | + |
3597 | + Required keys: |
3598 | + id |
3599 | + name |
3600 | + |
3601 | + Optional keys: |
3602 | + domain_id |
3603 | + description |
3604 | + |
3605 | + """ |
3606 | + |
3607 | + required_keys = ('id', 'name') |
3608 | + optional_keys = ('domain_id', 'description') |
3609 | + |
3610 | + |
3611 | class Tenant(Model): |
3612 | """Tenant object. |
3613 | |
3614 | |
3615 | === added file 'keystone/common/router.py' |
3616 | --- keystone/common/router.py 1970-01-01 00:00:00 +0000 |
3617 | +++ keystone/common/router.py 2013-01-25 16:27:23 +0000 |
3618 | @@ -0,0 +1,56 @@ |
3619 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
3620 | + |
3621 | +# Copyright 2012 OpenStack LLC |
3622 | +# |
3623 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
3624 | +# not use this file except in compliance with the License. You may obtain |
3625 | +# a copy of the License at |
3626 | +# |
3627 | +# http://www.apache.org/licenses/LICENSE-2.0 |
3628 | +# |
3629 | +# Unless required by applicable law or agreed to in writing, software |
3630 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
3631 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
3632 | +# License for the specific language governing permissions and limitations |
3633 | +# under the License. |
3634 | +from keystone.common import wsgi |
3635 | + |
3636 | + |
3637 | +class Router(wsgi.ComposableRouter): |
3638 | + def __init__(self, controller, collection_key, key): |
3639 | + self.controller = controller |
3640 | + self.key = key |
3641 | + self.collection_key = collection_key |
3642 | + |
3643 | + def add_routes(self, mapper): |
3644 | + collection_path = '/%(collection_key)s' % { |
3645 | + 'collection_key': self.collection_key} |
3646 | + entity_path = '/%(collection_key)s/{%(key)s_id}' % { |
3647 | + 'collection_key': self.collection_key, |
3648 | + 'key': self.key} |
3649 | + |
3650 | + mapper.connect( |
3651 | + collection_path, |
3652 | + controller=self.controller, |
3653 | + action='create_%s' % self.key, |
3654 | + conditions=dict(method=['POST'])) |
3655 | + mapper.connect( |
3656 | + collection_path, |
3657 | + controller=self.controller, |
3658 | + action='list_%s' % self.collection_key, |
3659 | + conditions=dict(method=['GET'])) |
3660 | + mapper.connect( |
3661 | + entity_path, |
3662 | + controller=self.controller, |
3663 | + action='get_%s' % self.key, |
3664 | + conditions=dict(method=['GET'])) |
3665 | + mapper.connect( |
3666 | + entity_path, |
3667 | + controller=self.controller, |
3668 | + action='update_%s' % self.key, |
3669 | + conditions=dict(method=['PATCH'])) |
3670 | + mapper.connect( |
3671 | + entity_path, |
3672 | + controller=self.controller, |
3673 | + action='delete_%s' % self.key, |
3674 | + conditions=dict(method=['DELETE'])) |
3675 | |
3676 | === modified file 'keystone/common/sql/core.py' |
3677 | --- keystone/common/sql/core.py 2012-11-23 09:01:53 +0000 |
3678 | +++ keystone/common/sql/core.py 2013-01-25 16:27:23 +0000 |
3679 | @@ -46,6 +46,7 @@ |
3680 | IntegrityError = sql.exc.IntegrityError |
3681 | NotFound = sql.orm.exc.NoResultFound |
3682 | Boolean = sql.Boolean |
3683 | +Text = sql.Text |
3684 | |
3685 | |
3686 | def set_global_engine(engine): |
3687 | @@ -159,7 +160,7 @@ |
3688 | dbapi_con.cursor().execute('select 1') |
3689 | except dbapi_con.OperationalError as e: |
3690 | if e.args[0] in (2006, 2013, 2014, 2045, 2055): |
3691 | - logging.warn('Got mysql server has gone away: %s', e) |
3692 | + logging.warn(_('Got mysql server has gone away: %s'), e) |
3693 | raise DisconnectionError("Database server went away") |
3694 | else: |
3695 | raise |
3696 | |
3697 | === modified file 'keystone/common/sql/legacy.py' |
3698 | --- keystone/common/sql/legacy.py 2012-08-16 13:59:29 +0000 |
3699 | +++ keystone/common/sql/legacy.py 2013-01-25 16:27:23 +0000 |
3700 | @@ -171,4 +171,4 @@ |
3701 | try: |
3702 | self.ec2_driver.create_credential(None, new_dict) |
3703 | except exc.IntegrityError: |
3704 | - LOG.exception('Cannot migrate EC2 credential: %s' % x) |
3705 | + LOG.exception(_('Cannot migrate EC2 credential: %s') % x) |
3706 | |
3707 | === modified file 'keystone/common/sql/migrate_repo/versions/001_add_initial_tables.py' |
3708 | --- keystone/common/sql/migrate_repo/versions/001_add_initial_tables.py 2012-11-23 09:01:53 +0000 |
3709 | +++ keystone/common/sql/migrate_repo/versions/001_add_initial_tables.py 2013-01-25 16:27:23 +0000 |
3710 | @@ -14,7 +14,6 @@ |
3711 | # License for the specific language governing permissions and limitations |
3712 | # under the License. |
3713 | |
3714 | -import migrate |
3715 | import sqlalchemy as sql |
3716 | |
3717 | |
3718 | @@ -116,4 +115,11 @@ |
3719 | |
3720 | def downgrade(migrate_engine): |
3721 | # Operations to reverse the above upgrade go here. |
3722 | - pass |
3723 | + meta = sql.MetaData() |
3724 | + meta.bind = migrate_engine |
3725 | + |
3726 | + tables = ['user_tenant_membership', 'token', 'user', 'tenant', 'role', |
3727 | + 'metadata', 'ec2_credential', 'endpoint', 'service'] |
3728 | + for t in tables: |
3729 | + table = sql.Table(t, meta, autoload=True) |
3730 | + table.drop(migrate_engine, checkfirst=True) |
3731 | |
3732 | === removed file 'keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql' |
3733 | --- keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql 2012-09-07 13:04:01 +0000 |
3734 | +++ keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql 1970-01-01 00:00:00 +0000 |
3735 | @@ -1,1 +0,0 @@ |
3736 | -alter TABLE token drop column valid; |
3737 | |
3738 | === modified file 'keystone/common/sql/migrate_repo/versions/003_token_valid.py' |
3739 | --- keystone/common/sql/migrate_repo/versions/003_token_valid.py 2012-09-07 13:04:01 +0000 |
3740 | +++ keystone/common/sql/migrate_repo/versions/003_token_valid.py 2013-01-25 16:27:23 +0000 |
3741 | @@ -15,13 +15,9 @@ |
3742 | # under the License. |
3743 | |
3744 | |
3745 | -from migrate import * |
3746 | from sqlalchemy import * |
3747 | |
3748 | |
3749 | -from keystone.common import sql |
3750 | - |
3751 | - |
3752 | def upgrade(migrate_engine): |
3753 | # Upgrade operations go here. Don't create your own engine; bind |
3754 | |
3755 | |
3756 | === modified file 'keystone/common/sql/migrate_repo/versions/006_add_policy_table.py' |
3757 | --- keystone/common/sql/migrate_repo/versions/006_add_policy_table.py 2012-11-23 09:01:53 +0000 |
3758 | +++ keystone/common/sql/migrate_repo/versions/006_add_policy_table.py 2013-01-25 16:27:23 +0000 |
3759 | @@ -14,7 +14,6 @@ |
3760 | # License for the specific language governing permissions and limitations |
3761 | # under the License. |
3762 | |
3763 | -import migrate |
3764 | import sqlalchemy as sql |
3765 | |
3766 | |
3767 | @@ -33,4 +32,8 @@ |
3768 | |
3769 | |
3770 | def downgrade(migrate_engine): |
3771 | - pass |
3772 | + meta = sql.MetaData() |
3773 | + meta.bind = migrate_engine |
3774 | + |
3775 | + policy_table = sql.Table('policy', meta, autoload=True) |
3776 | + policy_table.drop(migrate_engine, checkfirst=True) |
3777 | |
3778 | === modified file 'keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py' |
3779 | --- keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py 2012-11-23 09:01:53 +0000 |
3780 | +++ keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py 2013-01-25 16:27:23 +0000 |
3781 | @@ -14,7 +14,6 @@ |
3782 | # License for the specific language governing permissions and limitations |
3783 | # under the License. |
3784 | |
3785 | -import migrate |
3786 | import sqlalchemy as sql |
3787 | |
3788 | |
3789 | @@ -77,3 +76,8 @@ |
3790 | |
3791 | role = sql.Table('role', meta, autoload=True) |
3792 | role.drop_column('extra') |
3793 | + |
3794 | + tables = ['domain', 'user_domain_metadata', 'credential'] |
3795 | + for t in tables: |
3796 | + table = sql.Table(t, meta, autoload=True) |
3797 | + table.drop(migrate_engine, checkfirst=True) |
3798 | |
3799 | === added file 'keystone/common/sql/migrate_repo/versions/008_normalize_identity.py' |
3800 | --- keystone/common/sql/migrate_repo/versions/008_normalize_identity.py 1970-01-01 00:00:00 +0000 |
3801 | +++ keystone/common/sql/migrate_repo/versions/008_normalize_identity.py 2013-01-25 16:27:23 +0000 |
3802 | @@ -0,0 +1,58 @@ |
3803 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
3804 | + |
3805 | +# Copyright 2012 OpenStack LLC |
3806 | +# |
3807 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
3808 | +# not use this file except in compliance with the License. You may obtain |
3809 | +# a copy of the License at |
3810 | +# |
3811 | +# http://www.apache.org/licenses/LICENSE-2.0 |
3812 | +# |
3813 | +# Unless required by applicable law or agreed to in writing, software |
3814 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
3815 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
3816 | +# License for the specific language governing permissions and limitations |
3817 | +# under the License. |
3818 | + |
3819 | + |
3820 | +from sqlalchemy import Column, MetaData, String, Table, Text, types |
3821 | + |
3822 | + |
3823 | +#this won't work on sqlite. It doesn't support dropping columns |
3824 | +def downgrade_user_table(meta, migrate_engine): |
3825 | + user_table = Table('user', meta, autoload=True) |
3826 | + user_table.columns["password"].drop() |
3827 | + user_table.columns["enabled"].drop() |
3828 | + |
3829 | + |
3830 | +def downgrade_tenant_table(meta, migrate_engine): |
3831 | + tenant_table = Table('tenant', meta, autoload=True) |
3832 | + tenant_table.columns["description"].drop() |
3833 | + tenant_table.columns["enabled"].drop() |
3834 | + |
3835 | + |
3836 | +def upgrade_user_table(meta, migrate_engine): |
3837 | + user_table = Table('user', meta, autoload=True) |
3838 | + user_table.create_column(Column("password", String(128))) |
3839 | + user_table.create_column(Column("enabled", types.Boolean, |
3840 | + default=True)) |
3841 | + |
3842 | + |
3843 | +def upgrade_tenant_table(meta, migrate_engine): |
3844 | + tenant_table = Table('tenant', meta, autoload=True) |
3845 | + tenant_table.create_column(Column("description", Text())) |
3846 | + tenant_table.create_column(Column("enabled", types.Boolean)) |
3847 | + |
3848 | + |
3849 | +def upgrade(migrate_engine): |
3850 | + meta = MetaData() |
3851 | + meta.bind = migrate_engine |
3852 | + upgrade_user_table(meta, migrate_engine) |
3853 | + upgrade_tenant_table(meta, migrate_engine) |
3854 | + |
3855 | + |
3856 | +def downgrade(migrate_engine): |
3857 | + meta = MetaData() |
3858 | + meta.bind = migrate_engine |
3859 | + downgrade_user_table(meta, migrate_engine) |
3860 | + downgrade_tenant_table(meta, migrate_engine) |
3861 | |
3862 | === added file 'keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql' |
3863 | --- keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql 1970-01-01 00:00:00 +0000 |
3864 | +++ keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql 2013-01-25 16:27:23 +0000 |
3865 | @@ -0,0 +1,5 @@ |
3866 | +-- not supported by sqlite, but should be: |
3867 | +-- alter TABLE tenant drop column description; |
3868 | +-- alter TABLE tenant drop column enabled; |
3869 | +-- The downgrade process will fail without valid SQL in this file |
3870 | +select count(*) from tenant; |
3871 | |
3872 | === added file 'keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py' |
3873 | --- keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py 1970-01-01 00:00:00 +0000 |
3874 | +++ keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py 2013-01-25 16:27:23 +0000 |
3875 | @@ -0,0 +1,145 @@ |
3876 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
3877 | + |
3878 | +# Copyright 2012 OpenStack LLC |
3879 | +# |
3880 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
3881 | +# not use this file except in compliance with the License. You may obtain |
3882 | +# a copy of the License at |
3883 | +# |
3884 | +# http://www.apache.org/licenses/LICENSE-2.0 |
3885 | +# |
3886 | +# Unless required by applicable law or agreed to in writing, software |
3887 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
3888 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
3889 | +# License for the specific language governing permissions and limitations |
3890 | +# under the License. |
3891 | + |
3892 | +import json |
3893 | + |
3894 | +from sqlalchemy import MetaData, Table |
3895 | +from sqlalchemy.orm import sessionmaker |
3896 | + |
3897 | +disabled_values = ['false', 'disabled', 'no', '0'] |
3898 | + |
3899 | + |
3900 | +def is_enabled(enabled): |
3901 | + #no explicit value means enabled |
3902 | + if enabled is None: |
3903 | + return 1 |
3904 | + if enabled is str: |
3905 | + if str(enabled).lower() in disabled_values: |
3906 | + return 0 |
3907 | + if enabled: |
3908 | + return 1 |
3909 | + else: |
3910 | + return 0 |
3911 | + |
3912 | + |
3913 | +def downgrade_user_table(meta, migrate_engine): |
3914 | + user_table = Table('user', meta, autoload=True) |
3915 | + maker = sessionmaker(bind=migrate_engine) |
3916 | + session = maker() |
3917 | + user_data = [] |
3918 | + for a_user in session.query(user_table): |
3919 | + id, name, extra, password, enabled = a_user |
3920 | + extra_parsed = json.loads(extra) |
3921 | + extra_parsed['password'] = password |
3922 | + extra_parsed['enabled'] = "%r" % enabled |
3923 | + user_data.append((password, |
3924 | + json.dumps(extra_parsed), |
3925 | + is_enabled(enabled), id)) |
3926 | + for user in user_data: |
3927 | + session.execute("update user " |
3928 | + "set extra = '%s' " |
3929 | + "where id = '%s'" % |
3930 | + user) |
3931 | + |
3932 | + session.commit() |
3933 | + |
3934 | + |
3935 | +def downgrade_tenant_table(meta, migrate_engine): |
3936 | + tenant_table = Table('tenant', meta, autoload=True) |
3937 | + maker = sessionmaker(bind=migrate_engine) |
3938 | + session = maker() |
3939 | + tenant_data = [] |
3940 | + for a_tenant in session.query(tenant_table): |
3941 | + id, name, extra, password, enabled = a_tenant |
3942 | + extra_parsed = json.loads(extra) |
3943 | + extra_parsed['description'] = description |
3944 | + extra_parsed['enabled'] = "%r" % enabled |
3945 | + tenant_data.append((password, |
3946 | + json.dumps(extra_parsed), |
3947 | + is_enabled(enabled), id)) |
3948 | + for tenant in tenant_data: |
3949 | + session.execute("update tenant " |
3950 | + "set extra = '%s' " |
3951 | + "where id = '%s'" % |
3952 | + tenant) |
3953 | + |
3954 | + session.commit() |
3955 | + |
3956 | + |
3957 | +def upgrade_user_table(meta, migrate_engine): |
3958 | + user_table = Table('user', meta, autoload=True) |
3959 | + maker = sessionmaker(bind=migrate_engine) |
3960 | + session = maker() |
3961 | + |
3962 | + new_user_data = [] |
3963 | + for a_user in session.query(user_table): |
3964 | + id, name, extra, password, enabled = a_user |
3965 | + extra_parsed = json.loads(extra) |
3966 | + if 'password' in extra_parsed: |
3967 | + password = extra_parsed['password'] |
3968 | + extra_parsed.pop('password') |
3969 | + if 'enabled' in extra_parsed: |
3970 | + enabled = extra_parsed['enabled'] |
3971 | + extra_parsed.pop('enabled') |
3972 | + new_user_data.append((password, |
3973 | + json.dumps(extra_parsed), |
3974 | + is_enabled(enabled), id)) |
3975 | + for new_user in new_user_data: |
3976 | + session.execute("update user " |
3977 | + "set password = '%s', extra = '%s', enabled = '%s' " |
3978 | + "where id = '%s'" % |
3979 | + new_user) |
3980 | + session.commit() |
3981 | + |
3982 | + |
3983 | +def upgrade_tenant_table(meta, migrate_engine): |
3984 | + tenant_table = Table('tenant', meta, autoload=True) |
3985 | + |
3986 | + maker = sessionmaker(bind=migrate_engine) |
3987 | + session = maker() |
3988 | + new_tenant_data = [] |
3989 | + for a_tenant in session.query(tenant_table): |
3990 | + id, name, extra, description, enabled = a_tenant |
3991 | + extra_parsed = json.loads(extra) |
3992 | + if 'description' in extra_parsed: |
3993 | + description = extra_parsed['description'] |
3994 | + extra_parsed.pop('description') |
3995 | + if 'enabled' in extra_parsed: |
3996 | + enabled = extra_parsed['enabled'] |
3997 | + extra_parsed.pop('enabled') |
3998 | + new_tenant_data.append((description, |
3999 | + json.dumps(extra_parsed), |
4000 | + is_enabled(enabled), id)) |
4001 | + for new_tenant in new_tenant_data: |
4002 | + session.execute("update tenant " |
4003 | + "set description = '%s', extra = '%s', enabled = '%s' " |
4004 | + "where id = '%s'" % |
4005 | + new_tenant) |
4006 | + session.commit() |
4007 | + |
4008 | + |
4009 | +def upgrade(migrate_engine): |
4010 | + meta = MetaData() |
4011 | + meta.bind = migrate_engine |
4012 | + upgrade_user_table(meta, migrate_engine) |
4013 | + upgrade_tenant_table(meta, migrate_engine) |
4014 | + |
4015 | + |
4016 | +def downgrade(migrate_engine): |
4017 | + meta = MetaData() |
4018 | + meta.bind = migrate_engine |
4019 | + downgrade_user_table(meta, migrate_engine) |
4020 | + downgrade_tenant_table(meta, migrate_engine) |
4021 | |
4022 | === added file 'keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py' |
4023 | --- keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py 1970-01-01 00:00:00 +0000 |
4024 | +++ keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py 2013-01-25 16:27:23 +0000 |
4025 | @@ -0,0 +1,53 @@ |
4026 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
4027 | + |
4028 | +# Copyright 2012 OpenStack LLC |
4029 | +# |
4030 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
4031 | +# not use this file except in compliance with the License. You may obtain |
4032 | +# a copy of the License at |
4033 | +# |
4034 | +# http://www.apache.org/licenses/LICENSE-2.0 |
4035 | +# |
4036 | +# Unless required by applicable law or agreed to in writing, software |
4037 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
4038 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
4039 | +# License for the specific language governing permissions and limitations |
4040 | +# under the License. |
4041 | + |
4042 | +import sqlalchemy as sql |
4043 | + |
4044 | + |
4045 | +def upgrade(migrate_engine): |
4046 | + """Create API-version specific endpoint tables.""" |
4047 | + meta = sql.MetaData() |
4048 | + meta.bind = migrate_engine |
4049 | + |
4050 | + legacy_table = sql.Table('endpoint', meta, autoload=True) |
4051 | + legacy_table.rename('endpoint_v2') |
4052 | + |
4053 | + new_table = sql.Table( |
4054 | + 'endpoint_v3', |
4055 | + meta, |
4056 | + sql.Column('id', sql.String(64), primary_key=True), |
4057 | + sql.Column('legacy_endpoint_id', sql.String(64)), |
4058 | + sql.Column('interface', sql.String(8), nullable=False), |
4059 | + sql.Column('region', sql.String(255)), |
4060 | + sql.Column('service_id', |
4061 | + sql.String(64), |
4062 | + sql.ForeignKey('service.id'), |
4063 | + nullable=False), |
4064 | + sql.Column('url', sql.Text(), nullable=False), |
4065 | + sql.Column('extra', sql.Text())) |
4066 | + new_table.create(migrate_engine, checkfirst=True) |
4067 | + |
4068 | + |
4069 | +def downgrade(migrate_engine): |
4070 | + """Replace API-version specific endpoint tables with one based on v2.""" |
4071 | + meta = sql.MetaData() |
4072 | + meta.bind = migrate_engine |
4073 | + |
4074 | + new_table = sql.Table('endpoint_v3', meta, autoload=True) |
4075 | + new_table.drop() |
4076 | + |
4077 | + legacy_table = sql.Table('endpoint_v2', meta, autoload=True) |
4078 | + legacy_table.rename('endpoint') |
4079 | |
4080 | === added file 'keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py' |
4081 | --- keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py 1970-01-01 00:00:00 +0000 |
4082 | +++ keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py 2013-01-25 16:27:23 +0000 |
4083 | @@ -0,0 +1,96 @@ |
4084 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
4085 | + |
4086 | +# Copyright 2012 OpenStack LLC |
4087 | +# |
4088 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
4089 | +# not use this file except in compliance with the License. You may obtain |
4090 | +# a copy of the License at |
4091 | +# |
4092 | +# http://www.apache.org/licenses/LICENSE-2.0 |
4093 | +# |
4094 | +# Unless required by applicable law or agreed to in writing, software |
4095 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
4096 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
4097 | +# License for the specific language governing permissions and limitations |
4098 | +# under the License. |
4099 | + |
4100 | +import json |
4101 | +import uuid |
4102 | + |
4103 | +import sqlalchemy as sql |
4104 | +from sqlalchemy import orm |
4105 | + |
4106 | + |
4107 | +ENDPOINT_TYPES = ['public', 'internal', 'admin'] |
4108 | + |
4109 | + |
4110 | +def upgrade(migrate_engine): |
4111 | + """Split each legacy endpoint into seperate records for each interface.""" |
4112 | + meta = sql.MetaData() |
4113 | + meta.bind = migrate_engine |
4114 | + |
4115 | + legacy_table = sql.Table('endpoint_v2', meta, autoload=True) |
4116 | + new_table = sql.Table('endpoint_v3', meta, autoload=True) |
4117 | + |
4118 | + session = orm.sessionmaker(bind=migrate_engine)() |
4119 | + for ref in session.query(legacy_table).all(): |
4120 | + # pull urls out of extra |
4121 | + extra = json.loads(ref.extra) |
4122 | + urls = dict((i, extra.pop('%surl' % i)) for i in ENDPOINT_TYPES) |
4123 | + |
4124 | + for interface in ENDPOINT_TYPES: |
4125 | + endpoint = { |
4126 | + 'id': uuid.uuid4().hex, |
4127 | + 'legacy_endpoint_id': ref.id, |
4128 | + 'interface': interface, |
4129 | + 'region': ref.region, |
4130 | + 'service_id': ref.service_id, |
4131 | + 'url': urls[interface], |
4132 | + 'extra': json.dumps(extra), |
4133 | + } |
4134 | + session.execute( |
4135 | + 'INSERT INTO `%s` (%s) VALUES (%s)' % ( |
4136 | + new_table.name, |
4137 | + ', '.join('%s' % k for k in endpoint.keys()), |
4138 | + ', '.join("'%s'" % v for v in endpoint.values()))) |
4139 | + session.commit() |
4140 | + |
4141 | + |
4142 | +def downgrade(migrate_engine): |
4143 | + """Re-create the v2 endpoints table based on v3 endpoints.""" |
4144 | + meta = sql.MetaData() |
4145 | + meta.bind = migrate_engine |
4146 | + |
4147 | + legacy_table = sql.Table('endpoint_v2', meta, autoload=True) |
4148 | + new_table = sql.Table('endpoint_v3', meta, autoload=True) |
4149 | + |
4150 | + session = orm.sessionmaker(bind=migrate_engine)() |
4151 | + for ref in session.query(new_table).all(): |
4152 | + extra = json.loads(ref.extra) |
4153 | + extra['%surl' % ref.interface] = ref.url |
4154 | + endpoint = { |
4155 | + 'id': ref.legacy_endpoint_id, |
4156 | + 'region': ref.region, |
4157 | + 'service_id': ref.service_id, |
4158 | + 'extra': json.dumps(extra), |
4159 | + } |
4160 | + |
4161 | + try: |
4162 | + session.execute( |
4163 | + 'INSERT INTO `%s` (%s) VALUES (%s)' % ( |
4164 | + legacy_table.name, |
4165 | + ', '.join('%s' % k for k in endpoint.keys()), |
4166 | + ', '.join("'%s'" % v for v in endpoint.values()))) |
4167 | + except sql.exc.IntegrityError: |
4168 | + q = session.query(legacy_table) |
4169 | + q = q.filter_by(id=ref.legacy_endpoint_id) |
4170 | + legacy_ref = q.one() |
4171 | + extra = json.loads(legacy_ref.extra) |
4172 | + extra['%surl' % ref.interface] = ref.url |
4173 | + |
4174 | + session.execute( |
4175 | + 'UPDATE `%s` SET extra=\'%s\' WHERE id="%s"' % ( |
4176 | + legacy_table.name, |
4177 | + json.dumps(extra), |
4178 | + legacy_ref.id)) |
4179 | + session.commit() |
4180 | |
4181 | === added file 'keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py' |
4182 | --- keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py 1970-01-01 00:00:00 +0000 |
4183 | +++ keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py 2013-01-25 16:27:23 +0000 |
4184 | @@ -0,0 +1,50 @@ |
4185 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
4186 | + |
4187 | +# Copyright 2012 OpenStack LLC |
4188 | +# |
4189 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
4190 | +# not use this file except in compliance with the License. You may obtain |
4191 | +# a copy of the License at |
4192 | +# |
4193 | +# http://www.apache.org/licenses/LICENSE-2.0 |
4194 | +# |
4195 | +# Unless required by applicable law or agreed to in writing, software |
4196 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
4197 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
4198 | +# License for the specific language governing permissions and limitations |
4199 | +# under the License. |
4200 | + |
4201 | +import sqlalchemy as sql |
4202 | + |
4203 | + |
4204 | +def upgrade(migrate_engine): |
4205 | + """Replace API-version specific endpoint tables with one based on v3.""" |
4206 | + meta = sql.MetaData() |
4207 | + meta.bind = migrate_engine |
4208 | + |
4209 | + legacy_table = sql.Table('endpoint_v2', meta, autoload=True) |
4210 | + legacy_table.drop() |
4211 | + |
4212 | + new_table = sql.Table('endpoint_v3', meta, autoload=True) |
4213 | + new_table.rename('endpoint') |
4214 | + |
4215 | + |
4216 | +def downgrade(migrate_engine): |
4217 | + """Create API-version specific endpoint tables.""" |
4218 | + meta = sql.MetaData() |
4219 | + meta.bind = migrate_engine |
4220 | + |
4221 | + new_table = sql.Table('endpoint', meta, autoload=True) |
4222 | + new_table.rename('endpoint_v3') |
4223 | + |
4224 | + legacy_table = sql.Table( |
4225 | + 'endpoint_v2', |
4226 | + meta, |
4227 | + sql.Column('id', sql.String(64), primary_key=True), |
4228 | + sql.Column('region', sql.String(255)), |
4229 | + sql.Column('service_id', |
4230 | + sql.String(64), |
4231 | + sql.ForeignKey('service.id'), |
4232 | + nullable=False), |
4233 | + sql.Column('extra', sql.Text())) |
4234 | + legacy_table.create(migrate_engine, checkfirst=True) |
4235 | |
4236 | === added file 'keystone/common/sql/migrate_repo/versions/013_add_group_tables.py' |
4237 | --- keystone/common/sql/migrate_repo/versions/013_add_group_tables.py 1970-01-01 00:00:00 +0000 |
4238 | +++ keystone/common/sql/migrate_repo/versions/013_add_group_tables.py 2013-01-25 16:27:23 +0000 |
4239 | @@ -0,0 +1,93 @@ |
4240 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
4241 | + |
4242 | +# Copyright 2012 OpenStack LLC |
4243 | +# |
4244 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
4245 | +# not use this file except in compliance with the License. You may obtain |
4246 | +# a copy of the License at |
4247 | +# |
4248 | +# http://www.apache.org/licenses/LICENSE-2.0 |
4249 | +# |
4250 | +# Unless required by applicable law or agreed to in writing, software |
4251 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
4252 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
4253 | +# License for the specific language governing permissions and limitations |
4254 | +# under the License. |
4255 | + |
4256 | +import sqlalchemy as sql |
4257 | + |
4258 | + |
4259 | +def upgrade(migrate_engine): |
4260 | + meta = sql.MetaData() |
4261 | + meta.bind = migrate_engine |
4262 | + |
4263 | + sql.Table('domain', meta, autoload=True) |
4264 | + group_table = sql.Table( |
4265 | + 'group', |
4266 | + meta, |
4267 | + sql.Column('id', sql.String(64), primary_key=True), |
4268 | + sql.Column('domain_id', sql.String(64), sql.ForeignKey('domain.id')), |
4269 | + sql.Column('name', sql.String(64), unique=True, nullable=False), |
4270 | + sql.Column('description', sql.Text()), |
4271 | + sql.Column('extra', sql.Text())) |
4272 | + group_table.create(migrate_engine, checkfirst=True) |
4273 | + |
4274 | + sql.Table('user', meta, autoload=True) |
4275 | + user_group_membership_table = sql.Table( |
4276 | + 'user_group_membership', |
4277 | + meta, |
4278 | + sql.Column( |
4279 | + 'user_id', |
4280 | + sql.String(64), |
4281 | + sql.ForeignKey('user.id'), |
4282 | + primary_key=True), |
4283 | + sql.Column( |
4284 | + 'group_id', |
4285 | + sql.String(64), |
4286 | + sql.ForeignKey('group.id'), |
4287 | + primary_key=True)) |
4288 | + user_group_membership_table.create(migrate_engine, checkfirst=True) |
4289 | + |
4290 | + sql.Table('tenant', meta, autoload=True) |
4291 | + group_project_metadata_table = sql.Table( |
4292 | + 'group_project_metadata', |
4293 | + meta, |
4294 | + sql.Column( |
4295 | + 'group_id', |
4296 | + sql.String(64), |
4297 | + sql.ForeignKey('group.id'), |
4298 | + primary_key=True), |
4299 | + sql.Column( |
4300 | + 'project_id', |
4301 | + sql.String(64), |
4302 | + sql.ForeignKey('tenant.id'), |
4303 | + primary_key=True), |
4304 | + sql.Column('data', sql.Text())) |
4305 | + group_project_metadata_table.create(migrate_engine, checkfirst=True) |
4306 | + |
4307 | + group_domain_metadata_table = sql.Table( |
4308 | + 'group_domain_metadata', |
4309 | + meta, |
4310 | + sql.Column( |
4311 | + 'group_id', |
4312 | + sql.String(64), |
4313 | + sql.ForeignKey('group.id'), |
4314 | + primary_key=True), |
4315 | + sql.Column( |
4316 | + 'domain_id', |
4317 | + sql.String(64), |
4318 | + sql.ForeignKey('domain.id'), |
4319 | + primary_key=True), |
4320 | + sql.Column('data', sql.Text())) |
4321 | + group_domain_metadata_table.create(migrate_engine, checkfirst=True) |
4322 | + |
4323 | + |
4324 | +def downgrade(migrate_engine): |
4325 | + meta = sql.MetaData() |
4326 | + meta.bind = migrate_engine |
4327 | + |
4328 | + tables = ['user_group_membership', 'group_project_metadata', |
4329 | + 'group_domain_metadata', 'group'] |
4330 | + for t in tables: |
4331 | + table = sql.Table(t, meta, autoload=True) |
4332 | + table.drop(migrate_engine, checkfirst=True) |
4333 | |
4334 | === modified file 'keystone/common/sql/migration.py' |
4335 | --- keystone/common/sql/migration.py 2012-06-22 12:27:50 +0000 |
4336 | +++ keystone/common/sql/migration.py 2013-01-25 16:27:23 +0000 |
4337 | @@ -44,7 +44,7 @@ |
4338 | try: |
4339 | version = int(version) |
4340 | except ValueError: |
4341 | - raise Exception('version should be an integer') |
4342 | + raise Exception(_('version should be an integer')) |
4343 | |
4344 | current_version = db_version() |
4345 | repo_path = _find_migrate_repo() |
4346 | |
4347 | === modified file 'keystone/common/sql/nova.py' |
4348 | --- keystone/common/sql/nova.py 2012-06-22 12:27:50 +0000 |
4349 | +++ keystone/common/sql/nova.py 2013-01-25 16:27:23 +0000 |
4350 | @@ -55,7 +55,7 @@ |
4351 | 'enabled': True, |
4352 | } |
4353 | tenant_map[tenant['id']] = tenant_dict['id'] |
4354 | - LOG.debug('Create tenant %s' % tenant_dict) |
4355 | + LOG.debug(_('Create tenant %s') % tenant_dict) |
4356 | api.create_tenant(tenant_dict['id'], tenant_dict) |
4357 | return tenant_map |
4358 | |
4359 | @@ -71,7 +71,7 @@ |
4360 | 'enabled': True, |
4361 | } |
4362 | user_map[user['id']] = user_dict['id'] |
4363 | - LOG.debug('Create user %s' % user_dict) |
4364 | + LOG.debug(_('Create user %s') % user_dict) |
4365 | api.create_user(user_dict['id'], user_dict) |
4366 | return user_map |
4367 | |
4368 | @@ -80,7 +80,7 @@ |
4369 | for membership in memberships: |
4370 | user_id = user_map[membership['user_id']] |
4371 | tenant_id = tenant_map[membership['tenant_id']] |
4372 | - LOG.debug('Add user %s to tenant %s' % (user_id, tenant_id)) |
4373 | + LOG.debug(_('Add user %s to tenant %s') % (user_id, tenant_id)) |
4374 | api.add_user_to_tenant(tenant_id, user_id) |
4375 | |
4376 | |
4377 | @@ -88,14 +88,14 @@ |
4378 | role_map = dict((r['name'], r['id']) for r in api.list_roles()) |
4379 | for role in roles: |
4380 | if role in role_map: |
4381 | - LOG.debug('Ignoring existing role %s' % role) |
4382 | + LOG.debug(_('Ignoring existing role %s') % role) |
4383 | continue |
4384 | role_dict = { |
4385 | 'id': _generate_uuid(), |
4386 | 'name': role, |
4387 | } |
4388 | role_map[role] = role_dict['id'] |
4389 | - LOG.debug('Create role %s' % role_dict) |
4390 | + LOG.debug(_('Create role %s') % role_dict) |
4391 | api.create_role(role_dict['id'], role_dict) |
4392 | return role_map |
4393 | |
4394 | @@ -105,7 +105,7 @@ |
4395 | role_id = role_map[assignment['role']] |
4396 | user_id = user_map[assignment['user_id']] |
4397 | tenant_id = tenant_map[assignment['tenant_id']] |
4398 | - LOG.debug('Assign role %s to user %s on tenant %s' % |
4399 | + LOG.debug(_('Assign role %s to user %s on tenant %s') % |
4400 | (role_id, user_id, tenant_id)) |
4401 | api.add_role_to_user_and_tenant(user_id, tenant_id, role_id) |
4402 | |
4403 | @@ -120,6 +120,6 @@ |
4404 | 'user_id': user_id, |
4405 | 'tenant_id': tenant_id, |
4406 | } |
4407 | - LOG.debug('Creating ec2 cred for user %s and tenant %s' % |
4408 | + LOG.debug(_('Creating ec2 cred for user %s and tenant %s') % |
4409 | (user_id, tenant_id)) |
4410 | ec2_api.create_credential(None, cred_dict) |
4411 | |
4412 | === modified file 'keystone/common/utils.py' |
4413 | --- keystone/common/utils.py 2012-11-02 13:48:49 +0000 |
4414 | +++ keystone/common/utils.py 2013-01-25 16:27:23 +0000 |
4415 | @@ -31,6 +31,7 @@ |
4416 | |
4417 | from keystone.common import logging |
4418 | from keystone import config |
4419 | +from keystone import exception |
4420 | |
4421 | |
4422 | CONF = config.CONF |
4423 | @@ -89,8 +90,8 @@ |
4424 | credentials['verb'], |
4425 | credentials['host'], |
4426 | credentials['path']) |
4427 | - raise Exception('Unknown Signature Version: %s' % |
4428 | - credentials['params']['SignatureVersion']) |
4429 | + raise Exception(_('Unknown Signature Version: %s' % |
4430 | + credentials['params']['SignatureVersion'])) |
4431 | |
4432 | @staticmethod |
4433 | def _get_utf8_value(value): |
4434 | @@ -120,7 +121,7 @@ |
4435 | |
4436 | def _calc_signature_2(self, params, verb, server_string, path): |
4437 | """Generate AWS signature version 2 string.""" |
4438 | - LOG.debug('using _calc_signature_2') |
4439 | + LOG.debug(_('using _calc_signature_2')) |
4440 | string_to_sign = '%s\n%s\n%s\n' % (verb, server_string, path) |
4441 | if self.hmac_256: |
4442 | current_hmac = self.hmac_256 |
4443 | @@ -136,22 +137,25 @@ |
4444 | val = urllib.quote(val, safe='-_~') |
4445 | pairs.append(urllib.quote(key, safe='') + '=' + val) |
4446 | qs = '&'.join(pairs) |
4447 | - LOG.debug('query string: %s', qs) |
4448 | + LOG.debug(_('query string: %s'), qs) |
4449 | string_to_sign += qs |
4450 | - LOG.debug('string_to_sign: %s', string_to_sign) |
4451 | + LOG.debug(_('string_to_sign: %s'), string_to_sign) |
4452 | current_hmac.update(string_to_sign) |
4453 | b64 = base64.b64encode(current_hmac.digest()) |
4454 | - LOG.debug('len(b64)=%d', len(b64)) |
4455 | - LOG.debug('base64 encoded digest: %s', b64) |
4456 | + LOG.debug(_('len(b64)=%d'), len(b64)) |
4457 | + LOG.debug(_('base64 encoded digest: %s'), b64) |
4458 | return b64 |
4459 | |
4460 | |
4461 | def trunc_password(password): |
4462 | """Truncate passwords to the MAX_PASSWORD_LENGTH.""" |
4463 | - if len(password) > MAX_PASSWORD_LENGTH: |
4464 | - return password[:MAX_PASSWORD_LENGTH] |
4465 | - else: |
4466 | - return password |
4467 | + try: |
4468 | + if len(password) > MAX_PASSWORD_LENGTH: |
4469 | + return password[:MAX_PASSWORD_LENGTH] |
4470 | + else: |
4471 | + return password |
4472 | + except TypeError: |
4473 | + raise exception.ValidationError(attribute='string', target='password') |
4474 | |
4475 | |
4476 | def hash_user_password(user): |
4477 | @@ -288,3 +292,22 @@ |
4478 | hash_ = hashlib.md5() |
4479 | hash_.update(signed_text) |
4480 | return hash_.hexdigest() |
4481 | + |
4482 | + |
4483 | +def setup_remote_pydev_debug(): |
4484 | + if CONF.pydev_debug_host and CONF.pydev_debug_port: |
4485 | + error_msg = ('Error setting up the debug environment. Verify that the' |
4486 | + ' option --debug-url has the format <host>:<port> and ' |
4487 | + 'that a debugger processes is listening on that port.') |
4488 | + |
4489 | + try: |
4490 | + from pydev import pydevd |
4491 | + |
4492 | + pydevd.settrace(CONF.pydev_debug_host, |
4493 | + port=CONF.pydev_debug_port, |
4494 | + stdoutToServer=True, |
4495 | + stderrToServer=True) |
4496 | + return True |
4497 | + except: |
4498 | + LOG.exception(_(error_msg)) |
4499 | + raise |
4500 | |
4501 | === modified file 'keystone/common/wsgi.py' |
4502 | --- keystone/common/wsgi.py 2012-11-23 09:01:53 +0000 |
4503 | +++ keystone/common/wsgi.py 2013-01-25 16:27:23 +0000 |
4504 | @@ -70,7 +70,7 @@ |
4505 | |
4506 | def start(self, key=None, backlog=128): |
4507 | """Run a WSGI server with the given application.""" |
4508 | - LOG.debug('Starting %(arg0)s on %(host)s:%(port)s' % |
4509 | + LOG.debug(_('Starting %(arg0)s on %(host)s:%(port)s') % |
4510 | {'arg0': sys.argv[0], |
4511 | 'host': self.host, |
4512 | 'port': self.port}) |
4513 | @@ -193,7 +193,7 @@ |
4514 | arg_dict = req.environ['wsgiorg.routing_args'][1] |
4515 | action = arg_dict.pop('action') |
4516 | del arg_dict['controller'] |
4517 | - LOG.debug('arg_dict: %s', arg_dict) |
4518 | + LOG.debug(_('arg_dict: %s'), arg_dict) |
4519 | |
4520 | # allow middleware up the stack to provide context & params |
4521 | context = req.environ.get(CONTEXT_ENV, {}) |
4522 | @@ -214,7 +214,7 @@ |
4523 | try: |
4524 | result = method(context, **params) |
4525 | except exception.Unauthorized as e: |
4526 | - LOG.warning("Authorization failed. %s from %s" |
4527 | + LOG.warning(_("Authorization failed. %s from %s") |
4528 | % (e, req.environ['REMOTE_ADDR'])) |
4529 | return render_exception(e) |
4530 | except exception.Error as e: |
4531 | @@ -427,7 +427,7 @@ |
4532 | match = req.environ['wsgiorg.routing_args'][1] |
4533 | if not match: |
4534 | return render_exception( |
4535 | - exception.NotFound(message='The resource could not be found.')) |
4536 | + exception.NotFound(_('The resource could not be found.'))) |
4537 | app = match['controller'] |
4538 | return app |
4539 | |
4540 | |
4541 | === modified file 'keystone/config.py' |
4542 | --- keystone/config.py 2012-11-23 09:01:53 +0000 |
4543 | +++ keystone/config.py 2013-01-25 16:27:23 +0000 |
4544 | @@ -41,8 +41,8 @@ |
4545 | logging.config.fileConfig(conf.log_config) |
4546 | return |
4547 | else: |
4548 | - raise RuntimeError('Unable to locate specified logging ' |
4549 | - 'config file: %s' % conf.log_config) |
4550 | + raise RuntimeError(_('Unable to locate specified logging ' |
4551 | + 'config file: %s') % conf.log_config) |
4552 | |
4553 | root_logger = logging.root |
4554 | if conf.debug: |
4555 | @@ -122,6 +122,12 @@ |
4556 | group = kw.pop('group', None) |
4557 | return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group) |
4558 | |
4559 | + |
4560 | +register_cli_bool('standard-threads', default=False) |
4561 | + |
4562 | +register_cli_str('pydev-debug-host', default=None) |
4563 | +register_cli_int('pydev-debug-port', default=None) |
4564 | + |
4565 | register_str('admin_token', default='ADMIN') |
4566 | register_str('bind_host', default='0.0.0.0') |
4567 | register_str('compute_port', default=8774) |
4568 | @@ -129,7 +135,6 @@ |
4569 | register_str('public_port', default=5000) |
4570 | register_str('onready') |
4571 | register_str('auth_admin_prefix', default='') |
4572 | -register_bool('standard-threads', default=False) |
4573 | register_str('policy_file', default='policy.json') |
4574 | register_str('policy_default_rule', default=None) |
4575 | |
4576 | @@ -221,6 +226,17 @@ |
4577 | register_bool('role_allow_update', group='ldap', default=True) |
4578 | register_bool('role_allow_delete', group='ldap', default=True) |
4579 | |
4580 | +register_str('group_tree_dn', group='ldap', default=None) |
4581 | +register_str('group_filter', group='ldap', default=None) |
4582 | +register_str('group_objectclass', group='ldap', default='groupOfNames') |
4583 | +register_str('group_id_attribute', group='ldap', default='cn') |
4584 | +register_str('group_name_attribute', group='ldap', default='ou') |
4585 | +register_str('group_member_attribute', group='ldap', default='member') |
4586 | +register_str('group_desc_attribute', group='ldap', default='desc') |
4587 | +register_list('group_attribute_ignore', group='ldap', default='') |
4588 | +register_bool('group_allow_create', group='ldap', default=True) |
4589 | +register_bool('group_allow_update', group='ldap', default=True) |
4590 | +register_bool('group_allow_delete', group='ldap', default=True) |
4591 | #pam |
4592 | register_str('url', group='pam', default=None) |
4593 | register_str('userid', group='pam', default=None) |
4594 | |
4595 | === modified file 'keystone/contrib/admin_crud/core.py' |
4596 | --- keystone/contrib/admin_crud/core.py 2012-07-06 10:37:01 +0000 |
4597 | +++ keystone/contrib/admin_crud/core.py 2013-01-25 16:27:23 +0000 |
4598 | @@ -13,7 +13,6 @@ |
4599 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
4600 | # License for the specific language governing permissions and limitations |
4601 | # under the License. |
4602 | - |
4603 | from keystone import catalog |
4604 | from keystone.common import wsgi |
4605 | from keystone import identity |
4606 | @@ -27,11 +26,11 @@ |
4607 | """ |
4608 | |
4609 | def add_routes(self, mapper): |
4610 | - tenant_controller = identity.TenantController() |
4611 | - user_controller = identity.UserController() |
4612 | - role_controller = identity.RoleController() |
4613 | - service_controller = catalog.ServiceController() |
4614 | - endpoint_controller = catalog.EndpointController() |
4615 | + tenant_controller = identity.controllers.Tenant() |
4616 | + user_controller = identity.controllers.User() |
4617 | + role_controller = identity.controllers.Role() |
4618 | + service_controller = catalog.controllers.Service() |
4619 | + endpoint_controller = catalog.controllers.Endpoint() |
4620 | |
4621 | # Tenant Operations |
4622 | mapper.connect( |
4623 | |
4624 | === modified file 'keystone/contrib/ec2/core.py' |
4625 | --- keystone/contrib/ec2/core.py 2012-11-23 09:01:53 +0000 |
4626 | +++ keystone/contrib/ec2/core.py 2013-01-25 16:27:23 +0000 |
4627 | @@ -36,21 +36,20 @@ |
4628 | |
4629 | import uuid |
4630 | |
4631 | -from keystone import catalog |
4632 | +from keystone.common import controller |
4633 | +from keystone.common import dependency |
4634 | from keystone.common import manager |
4635 | from keystone.common import utils |
4636 | from keystone.common import wsgi |
4637 | from keystone import config |
4638 | from keystone import exception |
4639 | -from keystone import identity |
4640 | -from keystone import policy |
4641 | -from keystone import service |
4642 | from keystone import token |
4643 | |
4644 | |
4645 | CONF = config.CONF |
4646 | |
4647 | |
4648 | +@dependency.provider('ec2_api') |
4649 | class Manager(manager.Manager): |
4650 | """Default pivot point for the EC2 Credentials backend. |
4651 | |
4652 | @@ -96,15 +95,8 @@ |
4653 | conditions=dict(method=['DELETE'])) |
4654 | |
4655 | |
4656 | -class Ec2Controller(wsgi.Application): |
4657 | - def __init__(self): |
4658 | - self.catalog_api = catalog.Manager() |
4659 | - self.identity_api = identity.Manager() |
4660 | - self.token_api = token.Manager() |
4661 | - self.policy_api = policy.Manager() |
4662 | - self.ec2_api = Manager() |
4663 | - super(Ec2Controller, self).__init__() |
4664 | - |
4665 | +@dependency.requires('catalog_api', 'ec2_api') |
4666 | +class Ec2Controller(controller.V2Controller): |
4667 | def check_signature(self, creds_ref, credentials): |
4668 | signer = utils.Ec2Signer(creds_ref['secret']) |
4669 | signature = signer.generate(credentials) |
4670 | @@ -190,12 +182,10 @@ |
4671 | tenant=tenant_ref, |
4672 | metadata=metadata_ref)) |
4673 | |
4674 | - # TODO(termie): make this a util function or something |
4675 | # TODO(termie): i don't think the ec2 middleware currently expects a |
4676 | # full return, but it contains a note saying that it |
4677 | # would be better to expect a full return |
4678 | - token_controller = service.TokenController() |
4679 | - return token_controller._format_authenticate( |
4680 | + return token.controllers.Auth.format_authenticate( |
4681 | token_ref, roles_ref, catalog_ref) |
4682 | |
4683 | def create_credential(self, context, user_id, tenant_id): |
4684 | |
4685 | === modified file 'keystone/contrib/user_crud/core.py' |
4686 | --- keystone/contrib/user_crud/core.py 2012-11-23 09:01:53 +0000 |
4687 | +++ keystone/contrib/user_crud/core.py 2013-01-25 16:27:23 +0000 |
4688 | @@ -20,20 +20,13 @@ |
4689 | from keystone import exception |
4690 | from keystone.common import logging |
4691 | from keystone.common import wsgi |
4692 | -from keystone.identity import Manager as IdentityManager |
4693 | -from keystone.identity import UserController as UserManager |
4694 | -from keystone.token import Manager as TokenManager |
4695 | +from keystone import identity |
4696 | |
4697 | |
4698 | LOG = logging.getLogger(__name__) |
4699 | |
4700 | |
4701 | -class UserController(wsgi.Application): |
4702 | - def __init__(self): |
4703 | - self.identity_api = IdentityManager() |
4704 | - self.token_api = TokenManager() |
4705 | - self.user_controller = UserManager() |
4706 | - |
4707 | +class UserController(identity.controllers.User): |
4708 | def set_user_password(self, context, user_id, user): |
4709 | token_id = context.get('token_id') |
4710 | original_password = user.get('original_password') |
4711 | @@ -63,9 +56,9 @@ |
4712 | |
4713 | admin_context = copy.copy(context) |
4714 | admin_context['is_admin'] = True |
4715 | - self.user_controller.set_user_password(admin_context, |
4716 | - user_id, |
4717 | - update_dict) |
4718 | + super(UserController, self).set_user_password(admin_context, |
4719 | + user_id, |
4720 | + update_dict) |
4721 | |
4722 | token_id = uuid.uuid4().hex |
4723 | new_token_ref = copy.copy(token_ref) |
4724 | |
4725 | === added file 'keystone/controllers.py' |
4726 | --- keystone/controllers.py 1970-01-01 00:00:00 +0000 |
4727 | +++ keystone/controllers.py 2013-01-25 16:27:23 +0000 |
4728 | @@ -0,0 +1,144 @@ |
4729 | +# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
4730 | + |
4731 | +# Copyright 2012 OpenStack LLC |
4732 | +# |
4733 | +# Licensed under the Apache License, Version 2.0 (the "License"); you may |
4734 | +# not use this file except in compliance with the License. You may obtain |
4735 | +# a copy of the License at |
4736 | +# |
4737 | +# http://www.apache.org/licenses/LICENSE-2.0 |
4738 | +# |
4739 | +# Unless required by applicable law or agreed to in writing, software |
4740 | +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
4741 | +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
4742 | +# License for the specific language governing permissions and limitations |
4743 | +# under the License. |
4744 | + |
4745 | +from keystone.common import wsgi |
4746 | +from keystone import catalog |
4747 | +from keystone import exception |
4748 | + |
4749 | + |
4750 | +class Extensions(wsgi.Application): |
4751 | + """Base extensions controller to be extended by public and admin API's.""" |
4752 | + |
4753 | + def __init__(self, extensions=None): |
4754 | + super(Extensions, self).__init__() |
4755 | + |
4756 | + self.extensions = extensions or {} |
4757 | + |
4758 | + def get_extensions_info(self, context): |
4759 | + return {'extensions': {'values': self.extensions.values()}} |
4760 | + |
4761 | + def get_extension_info(self, context, extension_alias): |
4762 | + try: |
4763 | + return {'extension': self.extensions[extension_alias]} |
4764 | + except KeyError: |
4765 | + raise exception.NotFound(target=extension_alias) |
4766 | + |
4767 | + |
4768 | +class AdminExtensions(Extensions): |
4769 | + def __init__(self, *args, **kwargs): |
4770 | + super(AdminExtensions, self).__init__(*args, **kwargs) |
4771 | + |
4772 | + # TODO(dolph): Extensions should obviously provide this information |
4773 | + # themselves, but hardcoding it here allows us to match |
4774 | + # the API spec in the short term with minimal complexity. |
4775 | + self.extensions['OS-KSADM'] = { |
4776 | + 'name': 'Openstack Keystone Admin', |
4777 | + 'namespace': 'http://docs.openstack.org/identity/api/ext/' |
4778 | + 'OS-KSADM/v1.0', |
4779 | + 'alias': 'OS-KSADM', |
4780 | + 'updated': '2011-08-19T13:25:27-06:00', |
4781 | + 'description': 'Openstack extensions to Keystone v2.0 API ' |
4782 | + 'enabling Admin Operations.', |
4783 | + 'links': [ |
4784 | + { |
4785 | + 'rel': 'describedby', |
4786 | + # TODO(dolph): link needs to be revised after |
4787 | + # bug 928059 merges |
4788 | + 'type': 'text/html', |
4789 | + 'href': 'https://github.com/openstack/identity-api', |
4790 | + } |
4791 | + ] |
4792 | + } |
4793 | + |
4794 | + |
4795 | +class PublicExtensions(Extensions): |
4796 | + pass |
4797 | + |
4798 | + |
4799 | +class Version(wsgi.Application): |
4800 | + def __init__(self, version_type): |
4801 | + self.catalog_api = catalog.Manager() |
4802 | + self.url_key = '%sURL' % version_type |
4803 | + |
4804 | + super(Version, self).__init__() |
4805 | + |
4806 | + def _get_identity_url(self, context): |
4807 | + catalog_ref = self.catalog_api.get_catalog(context=context, |
4808 | + user_id=None, |
4809 | + tenant_id=None) |
4810 | + for region, region_ref in catalog_ref.iteritems(): |
4811 | + for service, service_ref in region_ref.iteritems(): |
4812 | + if service == 'identity': |
4813 | + return service_ref[self.url_key] |
4814 | + |
4815 | + raise exception.NotImplemented() |
4816 | + |
4817 | + def _get_versions_list(self, context): |
4818 | + """The list of versions is dependent on the context.""" |
4819 | + identity_url = self._get_identity_url(context) |
4820 | + if not identity_url.endswith('/'): |
4821 | + identity_url = identity_url + '/' |
4822 | + |
4823 | + versions = {} |
4824 | + versions['v2.0'] = { |
4825 | + 'id': 'v2.0', |
4826 | + 'status': 'beta', |
4827 | + 'updated': '2011-11-19T00:00:00Z', |
4828 | + 'links': [ |
4829 | + { |
4830 | + 'rel': 'self', |
4831 | + 'href': identity_url, |
4832 | + }, { |
4833 | + 'rel': 'describedby', |
4834 | + 'type': 'text/html', |
4835 | + 'href': 'http://docs.openstack.org/api/openstack-' |
4836 | + 'identity-service/2.0/content/' |
4837 | + }, { |
4838 | + 'rel': 'describedby', |
4839 | + 'type': 'application/pdf', |
4840 | + 'href': 'http://docs.openstack.org/api/openstack-' |
4841 | + 'identity-service/2.0/identity-dev-guide-' |
4842 | + '2.0.pdf' |
4843 | + } |
4844 | + ], |
4845 | + 'media-types': [ |
4846 | + { |
4847 | + 'base': 'application/json', |
4848 | + 'type': 'application/vnd.openstack.identity-v2.0' |
4849 | + '+json' |
4850 | + }, { |
4851 | + 'base': 'application/xml', |
4852 | + 'type': 'application/vnd.openstack.identity-v2.0' |
4853 | + '+xml' |
4854 | + } |
4855 | + ] |
4856 | + } |
4857 | + |
4858 | + return versions |
4859 | + |
4860 | + def get_versions(self, context): |
4861 | + versions = self._get_versions_list(context) |
4862 | + return wsgi.render_response(status=(300, 'Multiple Choices'), body={ |
4863 | + 'versions': { |
4864 | + 'values': versions.values() |
4865 | + } |
4866 | + }) |
4867 | + |
4868 | + def get_version(self, context): |
4869 | + versions = self._get_versions_list(context) |
4870 | + return wsgi.render_response(body={ |
4871 | + 'version': versions['v2.0'] |
4872 | + }) |
4873 | |
4874 | === modified file 'keystone/exception.py' |
4875 | --- keystone/exception.py 2012-11-23 09:01:53 +0000 |
4876 | +++ keystone/exception.py 2013-01-25 16:27:23 +0000 |
4877 | @@ -148,6 +148,10 @@ |
4878 | """Could not find user: %(user_id)s""" |
4879 | |
4880 | |
4881 | +class GroupNotFound(NotFound): |
4882 | + """Could not find group: %(group_id)s""" |
4883 | + |
4884 | + |
4885 | class Conflict(Error): |
4886 | """Conflict occurred attempting to store %(type)s. |
4887 | |
4888 | |
4889 | === modified file 'keystone/identity/__init__.py' |
4890 | --- keystone/identity/__init__.py 2012-03-16 11:19:40 +0000 |
4891 | +++ keystone/identity/__init__.py 2013-01-25 16:27:23 +0000 |
4892 | @@ -15,3 +15,5 @@ |
4893 | # under the License. |
4894 | |
4895 | from keystone.identity.core import * |
4896 | +from keystone.identity import controllers |
4897 | +from keystone.identity import routers |
4898 | |
4899 | === modified file 'keystone/identity/backends/kvs.py' |
4900 | --- keystone/identity/backends/kvs.py 2012-11-23 09:01:53 +0000 |
4901 | +++ keystone/identity/backends/kvs.py 2013-01-25 16:27:23 +0000 |
4902 | @@ -97,9 +97,13 @@ |
4903 | def get_user_by_name(self, user_name): |
4904 | return identity.filter_user(self._get_user_by_name(user_name)) |
4905 | |
4906 | - def get_metadata(self, user_id, tenant_id): |
4907 | + def get_metadata(self, user_id=None, tenant_id=None, |
4908 | + domain_id=None, group_id=None): |
4909 | try: |
4910 | - return self.db.get('metadata-%s-%s' % (tenant_id, user_id)) |
4911 | + if user_id: |
4912 | + return self.db.get('metadata-%s-%s' % (tenant_id, user_id)) |
4913 | + else: |
4914 | + return self.db.get('metadata-%s-%s' % (tenant_id, group_id)) |
4915 | except exception.NotFound: |
4916 | raise exception.MetadataNotFound() |
4917 | |
4918 | @@ -199,12 +203,16 @@ |
4919 | raise exception.Conflict(type='user', details=msg) |
4920 | |
4921 | user = utils.hash_user_password(user) |
4922 | - self.db.set('user-%s' % user_id, user) |
4923 | - self.db.set('user_name-%s' % user['name'], user) |
4924 | + new_user = user.copy() |
4925 | + |
4926 | + new_user.setdefault('groups', []) |
4927 | + |
4928 | + self.db.set('user-%s' % user_id, new_user) |
4929 | + self.db.set('user_name-%s' % new_user['name'], new_user) |
4930 | user_list = set(self.db.get('user_list', [])) |
4931 | user_list.add(user_id) |
4932 | self.db.set('user_list', list(user_list)) |
4933 | - return identity.filter_user(user) |
4934 | + return identity.filter_user(new_user) |
4935 | |
4936 | def update_user(self, user_id, user): |
4937 | if 'name' in user: |
4938 | @@ -228,6 +236,42 @@ |
4939 | self.db.set('user_name-%s' % new_user['name'], new_user) |
4940 | return new_user |
4941 | |
4942 | + def add_user_to_group(self, user_id, group_id): |
4943 | + self.get_group(group_id) |
4944 | + user_ref = self._get_user(user_id) |
4945 | + groups = set(user_ref.get('groups', [])) |
4946 | + groups.add(group_id) |
4947 | + self.update_user(user_id, {'groups': list(groups)}) |
4948 | + |
4949 | + def check_user_in_group(self, user_id, group_id): |
4950 | + self.get_group(group_id) |
4951 | + user_ref = self._get_user(user_id) |
4952 | + if not group_id in set(user_ref.get('groups', [])): |
4953 | + raise exception.NotFound(_('User not found in group')) |
4954 | + |
4955 | + def remove_user_from_group(self, user_id, group_id): |
4956 | + self.get_group(group_id) |
4957 | + user_ref = self._get_user(user_id) |
4958 | + groups = set(user_ref.get('groups', [])) |
4959 | + try: |
4960 | + groups.remove(group_id) |
4961 | + except KeyError: |
4962 | + raise exception.NotFound(_('User not found in group')) |
4963 | + self.update_user(user_id, {'groups': list(groups)}) |
4964 | + |
4965 | + def list_users_in_group(self, group_id): |
4966 | + self.get_group(group_id) |
4967 | + user_keys = filter(lambda x: x.startswith("user-"), self.db.keys()) |
4968 | + user_refs = [self.db.get(key) for key in user_keys] |
4969 | + user_refs_for_group = filter(lambda x: group_id in x['groups'], |
4970 | + user_refs) |
4971 | + return [identity.filter_user(x) for x in user_refs_for_group] |
4972 | + |
4973 | + def list_groups_for_user(self, user_id): |
4974 | + user_ref = self._get_user(user_id) |
4975 | + group_ids = user_ref.get('groups', []) |
4976 | + return [self.get_group(x) for x in group_ids] |
4977 | + |
4978 | def delete_user(self, user_id): |
4979 | try: |
4980 | old_user = self.db.get('user-%s' % user_id) |
4981 | @@ -292,16 +336,21 @@ |
4982 | self.db.delete('tenant_name-%s' % old_tenant['name']) |
4983 | self.db.delete('tenant-%s' % tenant_id) |
4984 | |
4985 | - def create_metadata(self, user_id, tenant_id, metadata): |
4986 | - self.db.set('metadata-%s-%s' % (tenant_id, user_id), metadata) |
4987 | - return metadata |
4988 | - |
4989 | - def update_metadata(self, user_id, tenant_id, metadata): |
4990 | - self.db.set('metadata-%s-%s' % (tenant_id, user_id), metadata) |
4991 | - return metadata |
4992 | - |
4993 | - def delete_metadata(self, user_id, tenant_id): |
4994 | - self.db.delete('metadata-%s-%s' % (tenant_id, user_id)) |
4995 | + def create_metadata(self, user_id, tenant_id, metadata, |
4996 | + domain_id=None, group_id=None): |
4997 | + if user_id: |
4998 | + self.db.set('metadata-%s-%s' % (tenant_id, user_id), metadata) |
4999 | + else: |
5000 | + self.db.set('metadata-%s-%s' % (tenant_id, group_id), metadata) |
The diff has been truncated for viewing.
Please maintain the 0ubuntuX versioning (2013.1~ g2-0ubuntu1~ cloud0)