Merge lp:~zulcss/keystone/keystone-cloud-g2 into lp:~ubuntu-cloud-archive/ubuntu/precise/keystone/trunk
- keystone-cloud-g2
- Merge into trunk
Proposed by
Chuck Short
Status: | Merged |
---|---|
Approved by: | Adam Gandelman |
Approved revision: | 38 |
Merged at revision: | 38 |
Proposed branch: | lp:~zulcss/keystone/keystone-cloud-g2 |
Merge into: | lp:~ubuntu-cloud-archive/ubuntu/precise/keystone/trunk |
Diff against target: |
14128 lines (+7542/-3798) 123 files modified
AUTHORS (+7/-0) ChangeLog (+1002/-0) HACKING.rst (+1/-1) MANIFEST.in (+1/-1) README.rst (+7/-0) bin/keystone-all (+8/-1) debian/changelog (+33/-0) debian/control (+5/-5) debian/keystone.config (+0/-19) debian/keystone.manpages (+1/-1) debian/keystone.postinst (+3/-25) debian/keystone.postrm (+0/-14) debian/keystone.prerm (+0/-17) debian/keystone.templates (+1/-1) debian/keystone.upstart (+4/-2) debian/man/keystone-admin.8 (+0/-63) debian/man/keystone-auth.8 (+0/-63) debian/man/keystone-control.8 (+0/-63) debian/man/keystone-import.8 (+0/-12) debian/man/keystone.8 (+0/-64) debian/patches/fix-ubuntu-tests.patch (+38/-3) debian/po/POTFILES.in (+1/-0) debian/po/templates.pot (+58/-0) debian/rules (+1/-1) debian/tests/test_overrides.conf (+3/-3) doc/source/configuration.rst (+10/-10) doc/source/configuringservices.rst (+2/-145) doc/source/external-auth.rst (+117/-0) doc/source/index.rst (+1/-0) doc/source/setup.rst (+1/-1) keystone.egg-info/SOURCES.txt (+26/-4) keystone.egg-info/requires.txt (+1/-1) keystone/catalog/__init__.py (+2/-0) keystone/catalog/backends/sql.py (+31/-23) keystone/catalog/backends/templated.py (+1/-1) keystone/catalog/controllers.py (+184/-0) keystone/catalog/core.py (+11/-143) keystone/catalog/routers.py (+25/-0) keystone/clean.py (+11/-6) keystone/cli.py (+62/-85) keystone/common/bufferedhttp.py (+2/-2) keystone/common/cms.py (+2/-2) keystone/common/controller.py (+15/-15) keystone/common/dependency.py (+67/-0) keystone/common/ldap/core.py (+18/-15) keystone/common/ldap/fakeldap.py (+28/-26) keystone/common/models.py (+18/-1) keystone/common/router.py (+56/-0) keystone/common/sql/core.py (+2/-1) keystone/common/sql/legacy.py (+1/-1) keystone/common/sql/migrate_repo/versions/001_add_initial_tables.py (+8/-2) keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql (+0/-1) keystone/common/sql/migrate_repo/versions/003_token_valid.py (+0/-4) keystone/common/sql/migrate_repo/versions/006_add_policy_table.py (+5/-2) keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py (+5/-1) keystone/common/sql/migrate_repo/versions/008_normalize_identity.py (+58/-0) keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql (+5/-0) keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py (+145/-0) keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py (+53/-0) keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py (+96/-0) keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py (+50/-0) keystone/common/sql/migrate_repo/versions/013_add_group_tables.py (+93/-0) keystone/common/sql/migration.py (+1/-1) keystone/common/sql/nova.py (+7/-7) keystone/common/utils.py (+34/-11) keystone/common/wsgi.py (+4/-4) keystone/config.py (+19/-3) keystone/contrib/admin_crud/core.py (+5/-6) keystone/contrib/ec2/core.py (+6/-16) keystone/contrib/user_crud/core.py (+5/-12) keystone/controllers.py (+144/-0) keystone/exception.py (+4/-0) keystone/identity/__init__.py (+2/-0) keystone/identity/backends/kvs.py (+192/-15) keystone/identity/backends/ldap/core.py (+113/-3) keystone/identity/backends/pam.py (+0/-3) keystone/identity/backends/sql.py (+317/-61) keystone/identity/controllers.py (+644/-0) keystone/identity/core.py (+114/-629) keystone/identity/routers.py (+179/-0) keystone/locale/hu/LC_MESSAGES/keystone.po (+313/-0) keystone/locale/keystone.pot (+279/-9) keystone/middleware/swift_auth.py (+0/-295) keystone/openstack/common/cfg.py (+298/-173) keystone/policy/__init__.py (+2/-0) keystone/policy/backends/rules.py (+1/-1) keystone/policy/controllers.py (+48/-0) keystone/policy/core.py (+3/-33) keystone/policy/routers.py (+22/-0) keystone/routers.py (+69/-0) keystone/service.py (+28/-974) keystone/test.py (+23/-10) keystone/token/__init__.py (+2/-0) keystone/token/backends/kvs.py (+7/-7) keystone/token/backends/memcache.py (+4/-4) keystone/token/backends/sql.py (+4/-4) keystone/token/controllers.py (+606/-0) keystone/token/core.py (+28/-20) keystone/token/routers.py (+57/-0) run_tests.sh (+2/-2) setup.py (+0/-1) tests/_ldap_livetest.py (+0/-1) tests/default_fixtures.py (+8/-0) tests/test_auth.py (+389/-0) tests/test_backend.py (+326/-17) tests/test_backend_ldap.py (+47/-0) tests/test_backend_sql.py (+34/-46) tests/test_cert_setup.py (+9/-7) tests/test_content_types.py (+29/-2) tests/test_contrib_s3_core.py (+54/-0) tests/test_drivers.py (+52/-0) tests/test_import_legacy.py (+5/-3) tests/test_injection.py (+141/-0) tests/test_s3_token_middleware.py (+4/-4) tests/test_service.py (+0/-298) tests/test_sql_upgrade.py (+236/-12) tests/test_swift_auth_middleware.py (+0/-249) tests/test_v3.py (+9/-0) tests/test_v3_identity.py (+198/-3) tools/flakes.py (+22/-0) tools/pip-requires (+1/-1) tools/test-requires (+2/-0) tox.ini (+4/-0) |
To merge this branch: | bzr merge lp:~zulcss/keystone/keystone-cloud-g2 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Adam Gandelman (community) | Needs Fixing | ||
Review via email: mp+144557@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
- 38. By Chuck Short
-
Fix changelog
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'AUTHORS' | |||
2 | --- AUTHORS 2012-11-23 09:01:53 +0000 | |||
3 | +++ AUTHORS 2013-01-25 16:27:23 +0000 | |||
4 | @@ -40,6 +40,7 @@ | |||
5 | 40 | Doug Hellmann <doug.hellmann@dreamhost.com> | 40 | Doug Hellmann <doug.hellmann@dreamhost.com> |
6 | 41 | Ed Leafe <ed@leafe.com> | 41 | Ed Leafe <ed@leafe.com> |
7 | 42 | Édouard Thuleau <edouard1.thuleau@orange.com> | 42 | Édouard Thuleau <edouard1.thuleau@orange.com> |
8 | 43 | Eduardo Patrocinio <epatro@gmail.com> | ||
9 | 43 | Eoghan Glynn <eglynn@redhat.com> | 44 | Eoghan Glynn <eglynn@redhat.com> |
10 | 44 | Everett Toews <everett.toews@gmail.com> | 45 | Everett Toews <everett.toews@gmail.com> |
11 | 45 | Ewan Mellor <ewan.mellor@citrix.com> | 46 | Ewan Mellor <ewan.mellor@citrix.com> |
12 | @@ -64,6 +65,7 @@ | |||
13 | 64 | Joe Heck <heckj@mac.com> | 65 | Joe Heck <heckj@mac.com> |
14 | 65 | Joe Savak <joe.savak@rackspace.com> | 66 | Joe Savak <joe.savak@rackspace.com> |
15 | 66 | Johannes Erdfelt <johannes.erdfelt@rackspace.com> | 67 | Johannes Erdfelt <johannes.erdfelt@rackspace.com> |
16 | 68 | John Bresnahan <jbresnah@redhat.com> | ||
17 | 67 | John Dickinson <me@not.mn> | 69 | John Dickinson <me@not.mn> |
18 | 68 | John Eo <john.eo@rackspace.com> | 70 | John Eo <john.eo@rackspace.com> |
19 | 69 | John Eo <joon.eo@gmail.com> | 71 | John Eo <joon.eo@gmail.com> |
20 | @@ -85,6 +87,7 @@ | |||
21 | 85 | Lin Hua Cheng <lin-hua.cheng@hp.com> | 87 | Lin Hua Cheng <lin-hua.cheng@hp.com> |
22 | 86 | long-wang <long.wang@bj.cs2c.com.cn> | 88 | long-wang <long.wang@bj.cs2c.com.cn> |
23 | 87 | Mark Gius <mgius7096@gmail.com> | 89 | Mark Gius <mgius7096@gmail.com> |
24 | 90 | Mark J. Washenberger <mark.washenberger@markwash.net> | ||
25 | 88 | Mark McLoughlin <markmc@redhat.com> | 91 | Mark McLoughlin <markmc@redhat.com> |
26 | 89 | Maru Newby <mnewby@internap.com> | 92 | Maru Newby <mnewby@internap.com> |
27 | 90 | Michael Basnight <mbasnight@gmail.com> | 93 | Michael Basnight <mbasnight@gmail.com> |
28 | @@ -92,6 +95,7 @@ | |||
29 | 92 | Mohammed Naser <mnaser@vexxhost.com> | 95 | Mohammed Naser <mnaser@vexxhost.com> |
30 | 93 | monsterxx03 <xyj.asmy@gmail.com> | 96 | monsterxx03 <xyj.asmy@gmail.com> |
31 | 94 | Monty Taylor <mordred@inaugust.com> | 97 | Monty Taylor <mordred@inaugust.com> |
32 | 98 | Nachiappan VR N <nachiappan.veerappan-nachiappan@hp.com> | ||
33 | 95 | OpenStack Jenkins <jenkins@openstack.org> | 99 | OpenStack Jenkins <jenkins@openstack.org> |
34 | 96 | Pádraig Brady <pbrady@redhat.com> | 100 | Pádraig Brady <pbrady@redhat.com> |
35 | 97 | Pádraig Brady <P@draigBrady.com> | 101 | Pádraig Brady <P@draigBrady.com> |
36 | @@ -121,11 +125,13 @@ | |||
37 | 121 | Sirish Bitra <sirish.bitra@gmail.com> | 125 | Sirish Bitra <sirish.bitra@gmail.com> |
38 | 122 | Sony K. Philip <sony@hcleai.com> | 126 | Sony K. Philip <sony@hcleai.com> |
39 | 123 | Stef T <stelford@internap.com> | 127 | Stef T <stelford@internap.com> |
40 | 128 | Steve Martinelli <stevemar@ca.ibm.com> | ||
41 | 124 | Syed Armani <dce3062@gmail.com> | 129 | Syed Armani <dce3062@gmail.com> |
42 | 125 | termie <github@anarkystic.com> | 130 | termie <github@anarkystic.com> |
43 | 126 | Thierry Carrez <thierry@openstack.org> | 131 | Thierry Carrez <thierry@openstack.org> |
44 | 127 | Tim Simpson <tim.simpson@rackspace.com> | 132 | Tim Simpson <tim.simpson@rackspace.com> |
45 | 128 | Todd Willey <xtoddx@gmail.com> | 133 | Todd Willey <xtoddx@gmail.com> |
46 | 134 | Tom Fifield <fifieldt@unimelb.edu.au> | ||
47 | 129 | Unmesh Gurjar <unmesh.gurjar@nttdata.com> | 135 | Unmesh Gurjar <unmesh.gurjar@nttdata.com> |
48 | 130 | Unmesh Gurjar <unmesh.gurjar@vertex.co.in> | 136 | Unmesh Gurjar <unmesh.gurjar@vertex.co.in> |
49 | 131 | Vincent Hou <sbhou@cn.ibm.com> | 137 | Vincent Hou <sbhou@cn.ibm.com> |
50 | @@ -134,6 +140,7 @@ | |||
51 | 134 | vishvananda <vishvananda@gmail.com> | 140 | vishvananda <vishvananda@gmail.com> |
52 | 135 | wanglong <wl3617@qq.com> | 141 | wanglong <wl3617@qq.com> |
53 | 136 | Will Kelly <the.william.kelly@gmail.com> | 142 | Will Kelly <the.william.kelly@gmail.com> |
54 | 143 | Wu Wenxiang <wu.wenxiang@99cloud.net> | ||
55 | 137 | Yaguang Tang <heut2008@gmail.com> | 144 | Yaguang Tang <heut2008@gmail.com> |
56 | 138 | Yogeshwar Srikrishnan <yoga80@yahoo.com> | 145 | Yogeshwar Srikrishnan <yoga80@yahoo.com> |
57 | 139 | Yong Sheng Gong <gongysh@cn.ibm.com> | 146 | Yong Sheng Gong <gongysh@cn.ibm.com> |
58 | 140 | 147 | ||
59 | === modified file 'ChangeLog' | |||
60 | --- ChangeLog 2012-11-23 09:01:53 +0000 | |||
61 | +++ ChangeLog 2013-01-25 16:27:23 +0000 | |||
62 | @@ -1,3 +1,1005 @@ | |||
63 | 1 | commit 788f6c5ee60bea0146ae0f86a7aec9430654be8d | ||
64 | 2 | Merge: 4fae928 3244451 | ||
65 | 3 | Author: Jenkins <jenkins@review.openstack.org> | ||
66 | 4 | Date: Wed Jan 9 05:38:12 2013 +0000 | ||
67 | 5 | |||
68 | 6 | Merge "Add missing .po files to tarball" | ||
69 | 7 | |||
70 | 8 | commit 4fae928c59beaa558306a5aa3a3aa5c6f4945b70 | ||
71 | 9 | Author: Henry Nash <henryn@linux.vnet.ibm.com> | ||
72 | 10 | Date: Thu Dec 13 16:48:13 2012 +0000 | ||
73 | 11 | |||
74 | 12 | Keystone server support for user groups | ||
75 | 13 | |||
76 | 14 | This implements the server side of groups of users. This | ||
77 | 15 | set of code provides all the crud functionality for groups as | ||
78 | 16 | well as the corresponding support for role assignments. | ||
79 | 17 | |||
80 | 18 | blueprint user-groups | ||
81 | 19 | |||
82 | 20 | The following deficiencies existing with the current version and | ||
83 | 21 | will be corrected ahead of the final Grizzly release: | ||
84 | 22 | |||
85 | 23 | 1) There is only placeholder support for LDAP (Bug #1092187) | ||
86 | 24 | 2) Domain role grants are accepted but not yet honored (Bug #1093248) | ||
87 | 25 | 3) Token invalidation does not occur with group changes (Bug #1093493) | ||
88 | 26 | |||
89 | 27 | This update also fills in missing v3 grant unit testing and v3 grant | ||
90 | 28 | support within the kvs backend. In addition, there is a fix for | ||
91 | 29 | Bug #1092200 (uncaught exception when listing grants) | ||
92 | 30 | |||
93 | 31 | DocImpact | ||
94 | 32 | |||
95 | 33 | Change-Id: Ibd1783b04b2d7804eff90312e5ef591dca4d0695 | ||
96 | 34 | |||
97 | 35 | keystone/clean.py | 4 + | ||
98 | 36 | keystone/common/models.py | 17 + | ||
99 | 37 | .../migrate_repo/versions/013_add_group_tables.py | 93 +++++ | ||
100 | 38 | keystone/config.py | 11 + | ||
101 | 39 | keystone/exception.py | 4 + | ||
102 | 40 | keystone/identity/backends/kvs.py | 201 ++++++++++- | ||
103 | 41 | keystone/identity/backends/ldap/core.py | 109 ++++++ | ||
104 | 42 | keystone/identity/backends/pam.py | 3 - | ||
105 | 43 | keystone/identity/backends/sql.py | 362 +++++++++++++++++--- | ||
106 | 44 | keystone/identity/controllers.py | 103 ++++-- | ||
107 | 45 | keystone/identity/core.py | 113 +++++- | ||
108 | 46 | keystone/identity/routers.py | 67 +++- | ||
109 | 47 | keystone/service.py | 1 + | ||
110 | 48 | keystone/token/controllers.py | 70 +++- | ||
111 | 49 | tests/test_auth.py | 39 +++ | ||
112 | 50 | tests/test_backend.py | 306 +++++++++++++++++ | ||
113 | 51 | tests/test_backend_ldap.py | 47 +++ | ||
114 | 52 | tests/test_sql_upgrade.py | 18 +- | ||
115 | 53 | tests/test_v3.py | 8 + | ||
116 | 54 | tests/test_v3_identity.py | 199 ++++++++++- | ||
117 | 55 | 20 files changed, 1669 insertions(+), 106 deletions(-) | ||
118 | 56 | |||
119 | 57 | commit 3244451c1beb2236c99e1bace5925e4953b6771e | ||
120 | 58 | Author: Thierry Carrez <thierry@openstack.org> | ||
121 | 59 | Date: Mon Jan 7 14:37:53 2013 +0100 | ||
122 | 60 | |||
123 | 61 | Add missing .po files to tarball | ||
124 | 62 | |||
125 | 63 | Fix MANIFEST.in to include .po files in keystone/locale. | ||
126 | 64 | Fixes bug 1096063. | ||
127 | 65 | |||
128 | 66 | Change-Id: I4cf06a0777b5f22344ff18321bbf155f574b1e49 | ||
129 | 67 | |||
130 | 68 | MANIFEST.in | 2 +- | ||
131 | 69 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
132 | 70 | |||
133 | 71 | commit 9460ff5c35809f4911cb5a1ee5f68d6351e797f4 | ||
134 | 72 | Merge: 2162e4b 64672bd | ||
135 | 73 | Author: Jenkins <jenkins@review.openstack.org> | ||
136 | 74 | Date: Sat Jan 5 23:33:29 2013 +0000 | ||
137 | 75 | |||
138 | 76 | Merge "Upgrade WebOb to 1.2.3" | ||
139 | 77 | |||
140 | 78 | commit 2162e4b3b54f99095aa0f5f6fc3cbcad20436cc4 | ||
141 | 79 | Merge: 2b08994 5a81be3 | ||
142 | 80 | Author: Jenkins <jenkins@review.openstack.org> | ||
143 | 81 | Date: Sat Jan 5 23:25:14 2013 +0000 | ||
144 | 82 | |||
145 | 83 | Merge "Removed unused imports" | ||
146 | 84 | |||
147 | 85 | commit 2b08994e1f9d4ea7d7659faa014f541ed9a82e0e | ||
148 | 86 | Merge: 863acc7 0e5533e | ||
149 | 87 | Author: Jenkins <jenkins@review.openstack.org> | ||
150 | 88 | Date: Fri Jan 4 22:29:31 2013 +0000 | ||
151 | 89 | |||
152 | 90 | Merge "il8n some strings" | ||
153 | 91 | |||
154 | 92 | commit 863acc7b6d39de3596e2bf767397774053156f45 | ||
155 | 93 | Merge: 76af49f 1f01d30 | ||
156 | 94 | Author: Jenkins <jenkins@review.openstack.org> | ||
157 | 95 | Date: Thu Jan 3 19:30:53 2013 +0000 | ||
158 | 96 | |||
159 | 97 | Merge "shorten pep8 output" | ||
160 | 98 | |||
161 | 99 | commit 64672bdeb13097285af8dec16b6cacbef4495bab | ||
162 | 100 | Author: Doug Hellmann <doug.hellmann@dreamhost.com> | ||
163 | 101 | Date: Thu Jan 3 11:08:15 2013 -0500 | ||
164 | 102 | |||
165 | 103 | Upgrade WebOb to 1.2.3 | ||
166 | 104 | |||
167 | 105 | The version of WebOb being used in OpenStack was more than | ||
168 | 106 | 1 year old. This change updates to the latest stable release. | ||
169 | 107 | |||
170 | 108 | Upgrading WebOb resolves a version conflict between OpenStack | ||
171 | 109 | and Pecan, the web framework used by the Ceilometer team for | ||
172 | 110 | version 2 of the ceilometer API. | ||
173 | 111 | |||
174 | 112 | Refer to http://docs.webob.org/en/latest/news.html | ||
175 | 113 | for the list of changes between 1.0.8 and 1.2.3. | ||
176 | 114 | |||
177 | 115 | bug 1092227 | ||
178 | 116 | |||
179 | 117 | Change-Id: If68866122e6c492b03887af5953ab7cad01787ba | ||
180 | 118 | Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com> | ||
181 | 119 | |||
182 | 120 | tools/pip-requires | 4 ++-- | ||
183 | 121 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
184 | 122 | |||
185 | 123 | commit 0e5533eb6f828cffac1cdd98a524f69503332cec | ||
186 | 124 | Author: Chuck Short <chuck.short@canonical.com> | ||
187 | 125 | Date: Thu Jan 3 08:32:34 2013 -0600 | ||
188 | 126 | |||
189 | 127 | il8n some strings | ||
190 | 128 | |||
191 | 129 | il8n some more missing strings. | ||
192 | 130 | |||
193 | 131 | Change-Id: I56d1d83093c8a5e895571e2d2db41c7600662754 | ||
194 | 132 | Signed-off-by: Chuck Short <chuck.short@canonical.com> | ||
195 | 133 | |||
196 | 134 | keystone/common/controller.py | 14 +++++++------- | ||
197 | 135 | keystone/common/ldap/core.py | 16 ++++++++-------- | ||
198 | 136 | keystone/common/sql/migration.py | 2 +- | ||
199 | 137 | keystone/common/utils.py | 4 ++-- | ||
200 | 138 | keystone/identity/backends/ldap/core.py | 2 +- | ||
201 | 139 | 5 files changed, 19 insertions(+), 19 deletions(-) | ||
202 | 140 | |||
203 | 141 | commit 76af49f11a5cd2ef7be93c5cbe3244fe48cc6b31 | ||
204 | 142 | Author: OpenStack Jenkins <jenkins@openstack.org> | ||
205 | 143 | Date: Wed Jan 2 00:00:46 2013 +0000 | ||
206 | 144 | |||
207 | 145 | Imported Translations from Transifex | ||
208 | 146 | |||
209 | 147 | Change-Id: I94d6360ce6f6ca8150a83c12af887452bc4a41f6 | ||
210 | 148 | |||
211 | 149 | keystone/locale/hu/LC_MESSAGES/keystone.po | 313 ++++++++++++++++++++++++++++ | ||
212 | 150 | keystone/locale/keystone.pot | 18 +- | ||
213 | 151 | 2 files changed, 324 insertions(+), 7 deletions(-) | ||
214 | 152 | |||
215 | 153 | commit 5a81be30de7c756716aef06a361a88f553be9b76 | ||
216 | 154 | Author: Chuck Short <chuck.short@canonical.com> | ||
217 | 155 | Date: Fri Dec 28 10:39:33 2012 -0600 | ||
218 | 156 | |||
219 | 157 | Removed unused imports | ||
220 | 158 | |||
221 | 159 | Removed unused imports | ||
222 | 160 | |||
223 | 161 | Change-Id: I646d79849731b87ce6c1eeb80f42c77dd789ecff | ||
224 | 162 | Signed-off-by: Chuck Short <chuck.short@canonical.com> | ||
225 | 163 | |||
226 | 164 | keystone/cli.py | 4 ---- | ||
227 | 165 | keystone/common/router.py | 1 - | ||
228 | 166 | .../versions/001_add_initial_tables.py | 1 - | ||
229 | 167 | .../sql/migrate_repo/versions/003_token_valid.py | 4 ---- | ||
230 | 168 | .../migrate_repo/versions/006_add_policy_table.py | 1 - | ||
231 | 169 | .../migrate_repo/versions/007_add_domain_tables.py | 1 - | ||
232 | 170 | .../versions/008_normalize_identity.py | 3 --- | ||
233 | 171 | .../versions/009_normalize_identity_migration.py | 3 +-- | ||
234 | 172 | .../sql/migrate_repo/versions/010_endpoints_v3.py | 1 - | ||
235 | 173 | .../versions/012_drop_legacy_endpoints.py | 1 - | ||
236 | 174 | setup.py | 1 - | ||
237 | 175 | tests/_ldap_livetest.py | 1 - | ||
238 | 176 | 12 files changed, 1 insertion(+), 21 deletions(-) | ||
239 | 177 | |||
240 | 178 | commit a0e06a8e96ccfeee1de0030da0a1a2ac9e6e5aad | ||
241 | 179 | Author: Chuck Short <chuck.short@canonical.com> | ||
242 | 180 | Date: Sat Dec 22 15:36:34 2012 -0600 | ||
243 | 181 | |||
244 | 182 | Add pyflakes to tox.ini | ||
245 | 183 | |||
246 | 184 | Add the ability to use pyflakes. | ||
247 | 185 | |||
248 | 186 | Change-Id: I1c0a652258fd494bf6754b5b83c47166582a85d0 | ||
249 | 187 | Signed-off-by: Chuck Short <chuck.short@canonical.com> | ||
250 | 188 | |||
251 | 189 | tools/flakes.py | 22 ++++++++++++++++++++++ | ||
252 | 190 | tox.ini | 4 ++++ | ||
253 | 191 | 2 files changed, 26 insertions(+) | ||
254 | 192 | |||
255 | 193 | commit daf3bdae226a76926a8a877e1ed4bd7046f9192d | ||
256 | 194 | Merge: 1b3b642 0f22574 | ||
257 | 195 | Author: Jenkins <jenkins@review.openstack.org> | ||
258 | 196 | Date: Mon Dec 24 03:46:16 2012 +0000 | ||
259 | 197 | |||
260 | 198 | Merge "Adding a means to connect back to a pydevd debugger." | ||
261 | 199 | |||
262 | 200 | commit 1b3b6428225d16162bcb9d44ab628bccd9f219b4 | ||
263 | 201 | Author: Chuck Short <chuck.short@canonical.com> | ||
264 | 202 | Date: Sat Dec 22 18:09:13 2012 -0600 | ||
265 | 203 | |||
266 | 204 | Fix spelling typo | ||
267 | 205 | |||
268 | 206 | Fixes spelling typo should be role_id instead of roll_id. | ||
269 | 207 | |||
270 | 208 | Change-Id: I45a994f7cbe3528ef5a9a667a67237c2a896db9c | ||
271 | 209 | Signed-off-by: Chuck Short <chuck.short@canonical.com> | ||
272 | 210 | |||
273 | 211 | keystone/identity/backends/ldap/core.py | 2 +- | ||
274 | 212 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
275 | 213 | |||
276 | 214 | commit 469ff6571e49f70662107a1db393b856214eea3c | ||
277 | 215 | Merge: 4fb7ef4 e577cd6 | ||
278 | 216 | Author: Jenkins <jenkins@review.openstack.org> | ||
279 | 217 | Date: Sat Dec 22 20:39:42 2012 +0000 | ||
280 | 218 | |||
281 | 219 | Merge "Remove swift auth." | ||
282 | 220 | |||
283 | 221 | commit 4fb7ef4faf0b0ef3077c0175d158df3ab601e4bf | ||
284 | 222 | Merge: b5581fe 03eb280 | ||
285 | 223 | Author: Jenkins <jenkins@review.openstack.org> | ||
286 | 224 | Date: Sat Dec 22 09:43:05 2012 +0000 | ||
287 | 225 | |||
288 | 226 | Merge "Driver registry" | ||
289 | 227 | |||
290 | 228 | commit 1f01d30983e3a67a146308ff8766f057bc5b7958 | ||
291 | 229 | Author: Adam Young <ayoung@redhat.com> | ||
292 | 230 | Date: Thu Dec 20 21:43:41 2012 -0500 | ||
293 | 231 | |||
294 | 232 | shorten pep8 output | ||
295 | 233 | |||
296 | 234 | This removes the PEP8 output that describes in detail how to fix each | ||
297 | 235 | problem. It makes pep8 review so long that the earliest lines scroll | ||
298 | 236 | out of the scrollback buffer before they can even be read. | ||
299 | 237 | |||
300 | 238 | With this change, each violation is on line long, which is | ||
301 | 239 | much more readable. | ||
302 | 240 | |||
303 | 241 | Change-Id: I0d8cc64fd6027419754732e314c047b3775a121c | ||
304 | 242 | |||
305 | 243 | run_tests.sh | 2 +- | ||
306 | 244 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
307 | 245 | |||
308 | 246 | commit 03eb2801a3ad38a39e9cf127c05ab710bf38ee1d | ||
309 | 247 | Author: Dolph Mathews <dolph.mathews@rackspace.com> | ||
310 | 248 | Date: Wed Dec 19 10:04:21 2012 -0600 | ||
311 | 249 | |||
312 | 250 | Driver registry | ||
313 | 251 | |||
314 | 252 | Uses automatic dependency injection to provide controllers with driver | ||
315 | 253 | interfaces (identity_api, token_api, etc). | ||
316 | 254 | |||
317 | 255 | See tests/test_injection.py for a self-contained example. | ||
318 | 256 | |||
319 | 257 | Change-Id: I255087de534292fbf57a45b19f97488f831f607c | ||
320 | 258 | |||
321 | 259 | keystone/catalog/controllers.py | 11 ++- | ||
322 | 260 | keystone/catalog/core.py | 2 + | ||
323 | 261 | keystone/catalog/routers.py | 8 +- | ||
324 | 262 | keystone/common/controller.py | 10 +-- | ||
325 | 263 | keystone/common/dependency.py | 67 +++++++++++++++++ | ||
326 | 264 | keystone/contrib/admin_crud/core.py | 17 ++--- | ||
327 | 265 | keystone/contrib/ec2/core.py | 17 ++--- | ||
328 | 266 | keystone/contrib/user_crud/core.py | 11 +-- | ||
329 | 267 | keystone/identity/controllers.py | 4 - | ||
330 | 268 | keystone/identity/core.py | 8 +- | ||
331 | 269 | keystone/identity/routers.py | 28 +++---- | ||
332 | 270 | keystone/policy/core.py | 2 + | ||
333 | 271 | keystone/policy/routers.py | 4 +- | ||
334 | 272 | keystone/routers.py | 13 ++-- | ||
335 | 273 | keystone/service.py | 32 ++++---- | ||
336 | 274 | keystone/test.py | 22 ++++-- | ||
337 | 275 | keystone/token/controllers.py | 2 + | ||
338 | 276 | keystone/token/core.py | 4 +- | ||
339 | 277 | keystone/token/routers.py | 6 +- | ||
340 | 278 | tests/test_auth.py | 14 +--- | ||
341 | 279 | tests/test_injection.py | 141 +++++++++++++++++++++++++++++++++++ | ||
342 | 280 | 21 files changed, 297 insertions(+), 126 deletions(-) | ||
343 | 281 | |||
344 | 282 | commit 0f225743e8644416df2f200d710912c40b7acd47 | ||
345 | 283 | Author: John Bresnahan <jbresnah@redhat.com> | ||
346 | 284 | Date: Wed Dec 19 07:13:24 2012 -1000 | ||
347 | 285 | |||
348 | 286 | Adding a means to connect back to a pydevd debugger. | ||
349 | 287 | |||
350 | 288 | That patch allows a developer to remotely run a pydev debugger and have the | ||
351 | 289 | keystone-all process connect back to it. Two command line options are | ||
352 | 290 | introduced: | ||
353 | 291 | --pydev-debug-host <host> | ||
354 | 292 | --pydev-debug-port <port> | ||
355 | 293 | both of the above options are required to enable this behavior. | ||
356 | 294 | |||
357 | 295 | This patch only enables this behavior when the service is started with | ||
358 | 296 | keystone-all. In the future parts of this patch can be used to enable | ||
359 | 297 | this behavior when running in Apache. | ||
360 | 298 | |||
361 | 299 | Change-Id: I92f99fa34112336a96e42e8261b7313f23ee994e | ||
362 | 300 | |||
363 | 301 | bin/keystone-all | 7 +++++++ | ||
364 | 302 | keystone/common/utils.py | 19 +++++++++++++++++++ | ||
365 | 303 | keystone/config.py | 3 +++ | ||
366 | 304 | 3 files changed, 29 insertions(+) | ||
367 | 305 | |||
368 | 306 | commit b5581fea95f96dc7e43abe2b28c99678b5219238 | ||
369 | 307 | Merge: ac2d92c a591b30 | ||
370 | 308 | Author: Jenkins <jenkins@review.openstack.org> | ||
371 | 309 | Date: Fri Dec 21 03:29:40 2012 +0000 | ||
372 | 310 | |||
373 | 311 | Merge "add in pip requires for requests" | ||
374 | 312 | |||
375 | 313 | commit a591b3010c37f19924775f52c8076778888f1ade | ||
376 | 314 | Author: Adam Young <ayoung@redhat.com> | ||
377 | 315 | Date: Thu Dec 20 16:40:20 2012 -0500 | ||
378 | 316 | |||
379 | 317 | add in pip requires for requests | ||
380 | 318 | |||
381 | 319 | Change-Id: I0f5ac9a4008dc471cefea7a6ffe44d4c51950538 | ||
382 | 320 | |||
383 | 321 | tools/pip-requires | 2 +- | ||
384 | 322 | tools/test-requires | 2 ++ | ||
385 | 323 | 2 files changed, 3 insertions(+), 1 deletion(-) | ||
386 | 324 | |||
387 | 325 | commit ac2d92ca2eea1070f765be320acb62fd5bef6dd3 | ||
388 | 326 | Merge: 1a0d30b 2f85134 | ||
389 | 327 | Author: Jenkins <jenkins@review.openstack.org> | ||
390 | 328 | Date: Tue Dec 18 18:01:40 2012 +0000 | ||
391 | 329 | |||
392 | 330 | Merge "Split endpoint records in SQL by interface" | ||
393 | 331 | |||
394 | 332 | commit 2f851340ee8969193b9dcc1913401aa9b33c5d97 | ||
395 | 333 | Author: Dolph Mathews <dolph.mathews@rackspace.com> | ||
396 | 334 | Date: Fri Nov 30 12:52:26 2012 -0600 | ||
397 | 335 | |||
398 | 336 | Split endpoint records in SQL by interface | ||
399 | 337 | |||
400 | 338 | This migrates the SQL backend such that v2 endpoints containing up to 3 | ||
401 | 339 | URL's (public, internal and admin) stored in 'extra' are split into | ||
402 | 340 | unique endpoints. | ||
403 | 341 | |||
404 | 342 | Because legacy "endpoints" (each having publicUrl, internalUrl and | ||
405 | 343 | adminUrl) are no longer conceptually identical to v3's "endpoints" (each | ||
406 | 344 | having an interface and a url), new ID's are assigned to each entity and | ||
407 | 345 | each API continues to operate using with independent sets of endpoint | ||
408 | 346 | ID's. | ||
409 | 347 | |||
410 | 348 | Endpoints created on the v3 API are not exposed on the v2 API. | ||
411 | 349 | |||
412 | 350 | Change-Id: I2ba59d55907313ae65e908585fc49be0c4ce899a | ||
413 | 351 | |||
414 | 352 | keystone/catalog/backends/sql.py | 54 +++--- | ||
415 | 353 | keystone/catalog/controllers.py | 65 ++++++- | ||
416 | 354 | .../sql/migrate_repo/versions/010_endpoints_v3.py | 54 ++++++ | ||
417 | 355 | .../versions/011_populate_endpoint_type.py | 96 ++++++++++ | ||
418 | 356 | .../versions/012_drop_legacy_endpoints.py | 51 ++++++ | ||
419 | 357 | tests/test_backend.py | 3 + | ||
420 | 358 | tests/test_backend_sql.py | 78 ++++---- | ||
421 | 359 | tests/test_sql_upgrade.py | 191 +++++++++++++++++--- | ||
422 | 360 | tests/test_v3.py | 1 + | ||
423 | 361 | 9 files changed, 487 insertions(+), 106 deletions(-) | ||
424 | 362 | |||
425 | 363 | commit 1a0d30bf0173f8e03abeac4bda2e807bd4f29412 | ||
426 | 364 | Merge: 4f4b4a7 5b3a74d | ||
427 | 365 | Author: Jenkins <jenkins@review.openstack.org> | ||
428 | 366 | Date: Tue Dec 18 16:56:10 2012 +0000 | ||
429 | 367 | |||
430 | 368 | Merge "Support non-default role_id_attribute" | ||
431 | 369 | |||
432 | 370 | commit 4f4b4a7b5b0d846e308f2ce693d3c6e69f944d1e | ||
433 | 371 | Merge: 7db702c f74aab2 | ||
434 | 372 | Author: Jenkins <jenkins@review.openstack.org> | ||
435 | 373 | Date: Tue Dec 18 16:55:48 2012 +0000 | ||
436 | 374 | |||
437 | 375 | Merge "Expand default time delta (bug 1089988)" | ||
438 | 376 | |||
439 | 377 | commit 7db702cab1f2cad8160aeadc8c1ae27853b8a34c | ||
440 | 378 | Merge: ede7e20 fb963a5 | ||
441 | 379 | Author: Jenkins <jenkins@review.openstack.org> | ||
442 | 380 | Date: Tue Dec 18 14:43:26 2012 +0000 | ||
443 | 381 | |||
444 | 382 | Merge "module refactoring" | ||
445 | 383 | |||
446 | 384 | commit ede7e209bded5494a2453485e619b7b81f23cf3a | ||
447 | 385 | Merge: 96d2ff7 23ba963 | ||
448 | 386 | Author: Jenkins <jenkins@review.openstack.org> | ||
449 | 387 | Date: Mon Dec 17 23:54:12 2012 +0000 | ||
450 | 388 | |||
451 | 389 | Merge "Fix typo s/interalurl/internalurl/" | ||
452 | 390 | |||
453 | 391 | commit 96d2ff71ad01d53232cdc128df9d3b6109a04f67 | ||
454 | 392 | Merge: 7093c55 8e2a183 | ||
455 | 393 | Author: Jenkins <jenkins@review.openstack.org> | ||
456 | 394 | Date: Mon Dec 17 21:45:00 2012 +0000 | ||
457 | 395 | |||
458 | 396 | Merge "Test drivers return HTTP 501 Not Implemented" | ||
459 | 397 | |||
460 | 398 | commit 7093c55d2e4722fc8ffdcef594cc5705b586a2d9 | ||
461 | 399 | Merge: 44e3c3e d17dfe6 | ||
462 | 400 | Author: Jenkins <jenkins@review.openstack.org> | ||
463 | 401 | Date: Mon Dec 17 21:44:38 2012 +0000 | ||
464 | 402 | |||
465 | 403 | Merge "Import pysqlite2 if sqlite3 is not available." | ||
466 | 404 | |||
467 | 405 | commit 23ba963af45c0243d817ae38a84f9e3c830415eb | ||
468 | 406 | Author: Mark J. Washenberger <mark.washenberger@markwash.net> | ||
469 | 407 | Date: Mon Dec 17 13:41:39 2012 -0800 | ||
470 | 408 | |||
471 | 409 | Fix typo s/interalurl/internalurl/ | ||
472 | 410 | |||
473 | 411 | Change-Id: I9e9209731e5d13b21a7aff6127d932d69c457135 | ||
474 | 412 | |||
475 | 413 | keystone/common/models.py | 2 +- | ||
476 | 414 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
477 | 415 | |||
478 | 416 | commit fb963a560939e6be8c98d74e5555de7283173e32 | ||
479 | 417 | Author: Adam Young <ayoung@redhat.com> | ||
480 | 418 | Date: Wed Dec 12 13:17:54 2012 -0500 | ||
481 | 419 | |||
482 | 420 | module refactoring | ||
483 | 421 | |||
484 | 422 | Distributes the functionality of service.py into the modules. | ||
485 | 423 | Moves ComposableRouters into the modules. | ||
486 | 424 | The routers and controllers now have short names. | ||
487 | 425 | The controllers get their APIs via the base class. | ||
488 | 426 | |||
489 | 427 | Change-Id: I87404b80ea9800d6792f97a7a3a64fe839065c1c | ||
490 | 428 | |||
491 | 429 | keystone/catalog/__init__.py | 1 + | ||
492 | 430 | keystone/catalog/controllers.py | 20 +- | ||
493 | 431 | keystone/catalog/routers.py | 25 ++ | ||
494 | 432 | keystone/common/router.py | 57 +++++ | ||
495 | 433 | keystone/contrib/admin_crud/core.py | 18 +- | ||
496 | 434 | keystone/contrib/user_crud/core.py | 23 +- | ||
497 | 435 | keystone/controllers.py | 144 +++++++++++ | ||
498 | 436 | keystone/identity/controllers.py | 24 +- | ||
499 | 437 | keystone/identity/routers.py | 73 +++++- | ||
500 | 438 | keystone/policy/__init__.py | 1 + | ||
501 | 439 | keystone/policy/routers.py | 22 ++ | ||
502 | 440 | keystone/routers.py | 68 +++++ | ||
503 | 441 | keystone/service.py | 472 ++--------------------------------- | ||
504 | 442 | keystone/token/__init__.py | 1 + | ||
505 | 443 | keystone/token/routers.py | 61 +++++ | ||
506 | 444 | 15 files changed, 503 insertions(+), 507 deletions(-) | ||
507 | 445 | |||
508 | 446 | commit 44e3c3ece3f6e8a596dbec37476d8fb5c85d6f6c | ||
509 | 447 | Merge: ebfbd6c e093e81 | ||
510 | 448 | Author: OpenStack Jenkins <jenkins@openstack.org> | ||
511 | 449 | Date: Fri Dec 14 20:13:31 2012 +0000 | ||
512 | 450 | |||
513 | 451 | Merge "Imported Translations from Transifex" | ||
514 | 452 | |||
515 | 453 | commit ebfbd6c0844f9ab3e9a864112672164cf8b3696f | ||
516 | 454 | Merge: d939d16 be3dcf9 | ||
517 | 455 | Author: Jenkins <jenkins@review.openstack.org> | ||
518 | 456 | Date: Fri Dec 14 20:13:10 2012 +0000 | ||
519 | 457 | |||
520 | 458 | Merge "Test for content-type appropriate 404 (bug 1089987)" | ||
521 | 459 | |||
522 | 460 | commit d939d16e747b4a2c5db1f1fdda93a01b79fe6e83 | ||
523 | 461 | Merge: f5d26ea 18a49ae | ||
524 | 462 | Author: Jenkins <jenkins@review.openstack.org> | ||
525 | 463 | Date: Fri Dec 14 15:20:07 2012 +0000 | ||
526 | 464 | |||
527 | 465 | Merge "syncing run_tests to match tox" | ||
528 | 466 | |||
529 | 467 | commit f5d26ea9c67e2bb812f0e7a36512538b9f3e18ff | ||
530 | 468 | Merge: 5b7160c 6ceb066 | ||
531 | 469 | Author: Jenkins <jenkins@review.openstack.org> | ||
532 | 470 | Date: Fri Dec 14 15:04:46 2012 +0000 | ||
533 | 471 | |||
534 | 472 | Merge "fixing bug 1046862" | ||
535 | 473 | |||
536 | 474 | commit be3dcf9873fb84bbb5c2cd3ed8f36444f353757e | ||
537 | 475 | Author: Dolph Mathews <dolph.mathews@rackspace.com> | ||
538 | 476 | Date: Thu Dec 13 10:01:21 2012 -0600 | ||
539 | 477 | |||
540 | 478 | Test for content-type appropriate 404 (bug 1089987) | ||
541 | 479 | |||
542 | 480 | Change-Id: Idfba75f90e38de315ec50e660932beb8243f76f8 | ||
543 | 481 | |||
544 | 482 | keystone/common/wsgi.py | 2 +- | ||
545 | 483 | tests/test_content_types.py | 12 ++++++++++++ | ||
546 | 484 | 2 files changed, 13 insertions(+), 1 deletion(-) | ||
547 | 485 | |||
548 | 486 | commit e093e81c750408478d74fafac2cb0cc7eb221d5f | ||
549 | 487 | Author: OpenStack Jenkins <jenkins@openstack.org> | ||
550 | 488 | Date: Fri Dec 14 00:01:05 2012 +0000 | ||
551 | 489 | |||
552 | 490 | Imported Translations from Transifex | ||
553 | 491 | |||
554 | 492 | Change-Id: Ib2cb912443034b4d9855441ca83d103e2a9bdbe8 | ||
555 | 493 | |||
556 | 494 | keystone/locale/keystone.pot | 276 +++++++++++++++++++++++++++++++++++++++++- | ||
557 | 495 | 1 file changed, 275 insertions(+), 1 deletion(-) | ||
558 | 496 | |||
559 | 497 | commit 5b7160cd536f0a86cf33bc294679bd19a2e90549 | ||
560 | 498 | Merge: 4e2be8a e4d61ac | ||
561 | 499 | Author: Jenkins <jenkins@review.openstack.org> | ||
562 | 500 | Date: Thu Dec 13 22:11:33 2012 +0000 | ||
563 | 501 | |||
564 | 502 | Merge "Add tests for contrib.s3.core." | ||
565 | 503 | |||
566 | 504 | commit 6ceb06689f5f1da26584192ae9f46a5248277565 | ||
567 | 505 | Author: Steve Martinelli <stevemar@ca.ibm.com> | ||
568 | 506 | Date: Thu Dec 13 11:35:01 2012 -0500 | ||
569 | 507 | |||
570 | 508 | fixing bug 1046862 | ||
571 | 509 | |||
572 | 510 | adding message to readme.rst to include openSSL dependency | ||
573 | 511 | |||
574 | 512 | fixing bug 1046862 | ||
575 | 513 | |||
576 | 514 | Change-Id: Iff1fbc95e804f9e4ddc74ea38c553426c4eabb33 | ||
577 | 515 | |||
578 | 516 | README.rst | 7 +++++++ | ||
579 | 517 | 1 file changed, 7 insertions(+) | ||
580 | 518 | |||
581 | 519 | commit f74aab2463ccc9549c07175ed82015f23ad2694c | ||
582 | 520 | Author: Dolph Mathews <dolph.mathews@rackspace.com> | ||
583 | 521 | Date: Thu Dec 13 09:42:32 2012 -0600 | ||
584 | 522 | |||
585 | 523 | Expand default time delta (bug 1089988) | ||
586 | 524 | |||
587 | 525 | Change-Id: I3d08092bf5248f75b238591586443a4daea02a20 | ||
588 | 526 | |||
589 | 527 | keystone/test.py | 9 ++++++--- | ||
590 | 528 | 1 file changed, 6 insertions(+), 3 deletions(-) | ||
591 | 529 | |||
592 | 530 | commit e4d61ac6a7893743ff47c0a69529c5f21f249127 | ||
593 | 531 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
594 | 532 | Date: Wed Dec 12 19:04:23 2012 +0100 | ||
595 | 533 | |||
596 | 534 | Add tests for contrib.s3.core. | ||
597 | 535 | |||
598 | 536 | Change-Id: I0a5ea82dcbcf29f6581d8c69e8961138fa019145 | ||
599 | 537 | |||
600 | 538 | tests/test_contrib_s3_core.py | 54 +++++++++++++++++++++++++++++++++++++++++ | ||
601 | 539 | 1 file changed, 54 insertions(+) | ||
602 | 540 | |||
603 | 541 | commit 8e2a183992311fe005abbfaa40d68dd7ce1fffd3 | ||
604 | 542 | Author: Dolph Mathews <dolph.mathews@rackspace.com> | ||
605 | 543 | Date: Mon Dec 10 10:10:22 2012 -0600 | ||
606 | 544 | |||
607 | 545 | Test drivers return HTTP 501 Not Implemented | ||
608 | 546 | |||
609 | 547 | Change-Id: I4cd21022593e6b4c3965edd00ecea01a00584516 | ||
610 | 548 | |||
611 | 549 | keystone/policy/core.py | 2 +- | ||
612 | 550 | keystone/token/backends/kvs.py | 14 +++++----- | ||
613 | 551 | keystone/token/backends/memcache.py | 8 +++--- | ||
614 | 552 | keystone/token/backends/sql.py | 8 +++--- | ||
615 | 553 | keystone/token/controllers.py | 5 ++-- | ||
616 | 554 | keystone/token/core.py | 44 ++++++++++++++++------------- | ||
617 | 555 | tests/test_drivers.py | 52 +++++++++++++++++++++++++++++++++++ | ||
618 | 556 | 7 files changed, 96 insertions(+), 37 deletions(-) | ||
619 | 557 | |||
620 | 558 | commit 5b3a74d56a376afed64dd2515c4aa59995187433 | ||
621 | 559 | Author: Dolph Mathews <dolph.mathews@rackspace.com> | ||
622 | 560 | Date: Wed Dec 12 15:01:04 2012 -0600 | ||
623 | 561 | |||
624 | 562 | Support non-default role_id_attribute | ||
625 | 563 | |||
626 | 564 | As is, a default value of 'cn' is hardcoded as the attribute name (which | ||
627 | 565 | also happens to be the default value in keystone.config) used for role | ||
628 | 566 | grants, revokes, etc. | ||
629 | 567 | |||
630 | 568 | Change-Id: Ic36e6d726e2dc48714703c2dd7a433f3d34b78b1 | ||
631 | 569 | |||
632 | 570 | keystone/identity/backends/ldap/core.py | 3 ++- | ||
633 | 571 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
634 | 572 | |||
635 | 573 | commit e577cd60871e1810b45236d3642d60e460dc4858 | ||
636 | 574 | Author: Chmouel Boudjnah <chmouel@chmouel.com> | ||
637 | 575 | Date: Sat Dec 8 13:38:45 2012 +0100 | ||
638 | 576 | |||
639 | 577 | Remove swift auth. | ||
640 | 578 | |||
641 | 579 | - This has been moved since last release to swift main repository. | ||
642 | 580 | |||
643 | 581 | Change-Id: I11fc4001fbc4a1d78823d41450cdfcc97677c420 | ||
644 | 582 | |||
645 | 583 | doc/source/configuringservices.rst | 147 +---------------- | ||
646 | 584 | keystone/middleware/swift_auth.py | 295 ----------------------------------- | ||
647 | 585 | tests/test_swift_auth_middleware.py | 249 ----------------------------- | ||
648 | 586 | 3 files changed, 2 insertions(+), 689 deletions(-) | ||
649 | 587 | |||
650 | 588 | commit 4e2be8a8880f03b1c6d1dc663d7259dbb45ddf67 | ||
651 | 589 | Author: Dolph Mathews <dolph.mathews@rackspace.com> | ||
652 | 590 | Date: Tue Dec 11 14:40:27 2012 -0600 | ||
653 | 591 | |||
654 | 592 | Move token controller into keystone.token | ||
655 | 593 | |||
656 | 594 | Change-Id: Ie8277529185f645854e0aebaafa173c06a7c5164 | ||
657 | 595 | |||
658 | 596 | keystone/common/controller.py | 12 +- | ||
659 | 597 | keystone/contrib/ec2/core.py | 5 +- | ||
660 | 598 | keystone/service.py | 556 ++--------------------------------------- | ||
661 | 599 | keystone/token/__init__.py | 1 + | ||
662 | 600 | keystone/token/controllers.py | 545 ++++++++++++++++++++++++++++++++++++++++ | ||
663 | 601 | tests/test_auth.py | 358 ++++++++++++++++++++++++++ | ||
664 | 602 | tests/test_service.py | 355 -------------------------- | ||
665 | 603 | 7 files changed, 927 insertions(+), 905 deletions(-) | ||
666 | 604 | |||
667 | 605 | commit 6397580a52be5288b4cb5e0a86a8c340fe4fd0ae | ||
668 | 606 | Merge: bf4b9f4 0ea864b | ||
669 | 607 | Author: Jenkins <jenkins@review.openstack.org> | ||
670 | 608 | Date: Tue Dec 11 14:03:52 2012 +0000 | ||
671 | 609 | |||
672 | 610 | Merge "Adding downgrade steps for migration scripts." | ||
673 | 611 | |||
674 | 612 | commit d17dfe65550d393739dc50a1eedfe65903a81d28 | ||
675 | 613 | Author: Yuriy Taraday <yorik.sar@gmail.com> | ||
676 | 614 | Date: Fri Dec 7 22:32:52 2012 +0400 | ||
677 | 615 | |||
678 | 616 | Import pysqlite2 if sqlite3 is not available. | ||
679 | 617 | |||
680 | 618 | Otherwise test_import_legacy fails on import. | ||
681 | 619 | |||
682 | 620 | Change-Id: I902493f5b726f5bc9e23e776598b8938c85e622c | ||
683 | 621 | |||
684 | 622 | tests/test_import_legacy.py | 8 +++++--- | ||
685 | 623 | 1 file changed, 5 insertions(+), 3 deletions(-) | ||
686 | 624 | |||
687 | 625 | commit bf4b9f49878e85000b197ea9c2627cc67fda5cdb | ||
688 | 626 | Merge: d159c61 aaf61a4 | ||
689 | 627 | Author: Jenkins <jenkins@review.openstack.org> | ||
690 | 628 | Date: Mon Dec 10 22:14:15 2012 +0000 | ||
691 | 629 | |||
692 | 630 | Merge "Remove mentions of essex in docs (bug 1085247)" | ||
693 | 631 | |||
694 | 632 | commit d159c616fd52436760242d3254c8bdb54810bcb4 | ||
695 | 633 | Merge: a800fae 847d591 | ||
696 | 634 | Author: Jenkins <jenkins@review.openstack.org> | ||
697 | 635 | Date: Mon Dec 10 21:44:54 2012 +0000 | ||
698 | 636 | |||
699 | 637 | Merge "Port to argparse based cfg" | ||
700 | 638 | |||
701 | 639 | commit aaf61a4fc9d07a73d2a31abb097a2d862598c4e5 | ||
702 | 640 | Author: Eduardo Patrocinio <epatro@gmail.com> | ||
703 | 641 | Date: Tue Dec 4 15:11:16 2012 -0500 | ||
704 | 642 | |||
705 | 643 | Remove mentions of essex in docs (bug 1085247) | ||
706 | 644 | |||
707 | 645 | Change-Id: I663e9317c2b5eb5fe7190ea6c656fcebff7078fd | ||
708 | 646 | |||
709 | 647 | doc/source/configuration.rst | 20 ++++++++++---------- | ||
710 | 648 | 1 file changed, 10 insertions(+), 10 deletions(-) | ||
711 | 649 | |||
712 | 650 | commit a800fae22c627e89a09ffc35b95dd072416da14a | ||
713 | 651 | Author: Brian Waldon <brian.waldon@rackspace.com> | ||
714 | 652 | Date: Thu Dec 6 12:31:51 2012 -0800 | ||
715 | 653 | |||
716 | 654 | Ensure serviceCatalog is list when empty, not dict | ||
717 | 655 | |||
718 | 656 | Fixes bug 1087405. | ||
719 | 657 | |||
720 | 658 | Change-Id: I152c7f418a66ccfe541e26efe75b59bffa6c3849 | ||
721 | 659 | |||
722 | 660 | keystone/service.py | 2 +- | ||
723 | 661 | tests/test_content_types.py | 19 +++++++++++++++++-- | ||
724 | 662 | 2 files changed, 18 insertions(+), 3 deletions(-) | ||
725 | 663 | |||
726 | 664 | commit 0ea864b26e6e2e9be44785af61fd90a9b13b5265 | ||
727 | 665 | Author: Justin Shepherd <jshepher@rackspace.com> | ||
728 | 666 | Date: Mon Nov 26 17:37:02 2012 +0000 | ||
729 | 667 | |||
730 | 668 | Adding downgrade steps for migration scripts. | ||
731 | 669 | |||
732 | 670 | Also updated test_sql_upgrade to check the actions from 007_add_domain_tables. | ||
733 | 671 | |||
734 | 672 | Fixes: bug #1081167 | ||
735 | 673 | |||
736 | 674 | Change-Id: I194c7de9ae8a3bb8f2f9f37d3a91f4fac2fe2913 | ||
737 | 675 | |||
738 | 676 | .../versions/001_add_initial_tables.py | 9 +++++++- | ||
739 | 677 | .../migrate_repo/versions/003_sqlite_downgrade.sql | 1 - | ||
740 | 678 | .../migrate_repo/versions/006_add_policy_table.py | 6 ++++- | ||
741 | 679 | .../migrate_repo/versions/007_add_domain_tables.py | 5 ++++ | ||
742 | 680 | tests/test_sql_upgrade.py | 24 ++++++++++++++++++++ | ||
743 | 681 | 5 files changed, 42 insertions(+), 3 deletions(-) | ||
744 | 682 | |||
745 | 683 | commit 7978bb271bf0e978a095aa088e4bb2bdb1d684f8 | ||
746 | 684 | Merge: 3583946 84a0b2d | ||
747 | 685 | Author: Jenkins <jenkins@review.openstack.org> | ||
748 | 686 | Date: Wed Dec 5 21:21:39 2012 +0000 | ||
749 | 687 | |||
750 | 688 | Merge "Bug 1075090 -- Fixing log messages in python source code to support internationalization." | ||
751 | 689 | |||
752 | 690 | commit 3583946d933b989b14c25daa9d6c462142eb400f | ||
753 | 691 | Merge: 9b529c8 c858c1b | ||
754 | 692 | Author: Jenkins <jenkins@review.openstack.org> | ||
755 | 693 | Date: Wed Dec 5 21:08:07 2012 +0000 | ||
756 | 694 | |||
757 | 695 | Merge "Only 'import *' from 'core' modules" | ||
758 | 696 | |||
759 | 697 | commit 9b529c8c00fc344d5a5e33170e95ba5f1bee0fed | ||
760 | 698 | Merge: 8c15e3e 77dee93 | ||
761 | 699 | Author: Jenkins <jenkins@review.openstack.org> | ||
762 | 700 | Date: Wed Dec 5 21:07:51 2012 +0000 | ||
763 | 701 | |||
764 | 702 | Merge "use keystone test and change config during setUp" | ||
765 | 703 | |||
766 | 704 | commit 847d5912d383072e3c38d6d19fce15981ca3110a | ||
767 | 705 | Author: Mark McLoughlin <markmc@redhat.com> | ||
768 | 706 | Date: Mon Nov 26 14:39:49 2012 +0000 | ||
769 | 707 | |||
770 | 708 | Port to argparse based cfg | ||
771 | 709 | |||
772 | 710 | Sync the following changes from oslo-incubator: | ||
773 | 711 | |||
774 | 712 | 3557d84 Fix ListOpt to trim whitespace | ||
775 | 713 | 01ab910 Fix set_default() with boolean CLI options | ||
776 | 714 | af18eaa Improve cfg's argparse sub-parsers support | ||
777 | 715 | f21e1d9 Fix regression with cfg CLI arguments | ||
778 | 716 | ceb4aa7 Fix broken --help with CommonConfigOpts | ||
779 | 717 | 5e9503b Hide the GroupAttr conf and group attributes | ||
780 | 718 | b6d24bb updating sphinx documentation | ||
781 | 719 | 403509e Don't reference argparse._StoreAction | ||
782 | 720 | e17deb8 Fix minor coding style issue | ||
783 | 721 | 0c29e1d Remove ConfigCliParser class | ||
784 | 722 | 5b9cb41 Add support for positional arguments | ||
785 | 723 | dbc72a6 Use stock argparse behaviour for optional args | ||
786 | 724 | 768a147 Use stock argparse --usage behaviour | ||
787 | 725 | ac180b9 Use stock argparse --version behaviour | ||
788 | 726 | 0787e38 Remove add_option() method | ||
789 | 727 | 5afead0 Completely remove cfg's disable_interspersed_args() | ||
790 | 728 | 5f564b2 argparse support for cfg | ||
791 | 729 | d7b6397 Add a missing comma in a docstring. | ||
792 | 730 | aca1805 cfg: fix required if option has a dash | ||
793 | 731 | |||
794 | 732 | The main API change affecting keystone is that CONF() no longer returns | ||
795 | 733 | unparsed arguments. The keystone-manage command is updated to use | ||
796 | 734 | argparse sub-parsers to achieve the same effect. | ||
797 | 735 | |||
798 | 736 | Change-Id: Ie8972ce851f1247d8710e9e0611bb3e2f843cb45 | ||
799 | 737 | |||
800 | 738 | keystone/cli.py | 133 +++++------ | ||
801 | 739 | keystone/openstack/common/cfg.py | 451 ++++++++++++++++++++++++-------------- | ||
802 | 740 | 2 files changed, 345 insertions(+), 239 deletions(-) | ||
803 | 741 | |||
804 | 742 | commit c858c1b304cae6310f08a220cf54c763f684fc42 | ||
805 | 743 | Author: Dolph Mathews <dolph.mathews@rackspace.com> | ||
806 | 744 | Date: Wed Dec 5 09:58:54 2012 -0600 | ||
807 | 745 | |||
808 | 746 | Only 'import *' from 'core' modules | ||
809 | 747 | |||
810 | 748 | - Renamed identity.controllers.* and identity.routers.* since they | ||
811 | 749 | now occopy unique namespaces (thanks ayoung!) | ||
812 | 750 | - Moved catalog and policy controllers into their own respective modules | ||
813 | 751 | |||
814 | 752 | Change-Id: Ib9e277355e0eac15d4d218785c816b718b493b5b | ||
815 | 753 | |||
816 | 754 | HACKING.rst | 2 +- | ||
817 | 755 | keystone/catalog/__init__.py | 1 + | ||
818 | 756 | keystone/catalog/controllers.py | 154 +++++++++++++++++++++++++++++++++++ | ||
819 | 757 | keystone/catalog/core.py | 136 ------------------------------- | ||
820 | 758 | keystone/contrib/admin_crud/core.py | 10 +-- | ||
821 | 759 | keystone/contrib/user_crud/core.py | 11 ++- | ||
822 | 760 | keystone/identity/__init__.py | 4 +- | ||
823 | 761 | keystone/identity/controllers.py | 28 +++---- | ||
824 | 762 | keystone/identity/routers.py | 25 ++---- | ||
825 | 763 | keystone/policy/__init__.py | 1 + | ||
826 | 764 | keystone/policy/controllers.py | 48 +++++++++++ | ||
827 | 765 | keystone/policy/core.py | 32 -------- | ||
828 | 766 | keystone/service.py | 20 ++--- | ||
829 | 767 | 13 files changed, 246 insertions(+), 226 deletions(-) | ||
830 | 768 | |||
831 | 769 | commit 77dee93763e4941b07f628c1c67d925503a5df51 | ||
832 | 770 | Author: Ionuț Arțăriși <iartarisi@suse.cz> | ||
833 | 771 | Date: Mon Dec 3 11:59:20 2012 +0100 | ||
834 | 772 | |||
835 | 773 | use keystone test and change config during setUp | ||
836 | 774 | |||
837 | 775 | Also fixes this traceback which I keep getting on devstack: | ||
838 | 776 | |||
839 | 777 | ERROR: test_create_certs (tests.test_cert_setup.CertSetupTestCase) | ||
840 | 778 | ---------------------------------------------------------------------- | ||
841 | 779 | Traceback (most recent call last): | ||
842 | 780 | File "/opt/stack/keystone/tests/test_cert_setup.py", line 52, in tearDown | ||
843 | 781 | shutil.rmtree(rootdir(SSLDIR)) | ||
844 | 782 | File "/usr/lib/python2.7/shutil.py", line 237, in rmtree | ||
845 | 783 | onerror(os.listdir, path, sys.exc_info()) | ||
846 | 784 | File "/usr/lib/python2.7/shutil.py", line 235, in rmtree | ||
847 | 785 | names = os.listdir(path) | ||
848 | 786 | OSError: [Errno 2] No such file or directory: '/opt/stack/keystone/tests/ssl/' | ||
849 | 787 | |||
850 | 788 | Fixes bug 1086812 | ||
851 | 789 | |||
852 | 790 | Change-Id: Iba10822aaf1284549d610bb1172df03ffc48f363 | ||
853 | 791 | |||
854 | 792 | tests/test_cert_setup.py | 16 +++++++++------- | ||
855 | 793 | 1 file changed, 9 insertions(+), 7 deletions(-) | ||
856 | 794 | |||
857 | 795 | commit 84a0b2df5932fabb0cdaaaddeb86d1f55a7ac06e | ||
858 | 796 | Author: Nachiappan VR N <nachiappan.veerappan-nachiappan@hp.com> | ||
859 | 797 | Date: Wed Nov 14 10:01:59 2012 -0800 | ||
860 | 798 | |||
861 | 799 | Bug 1075090 -- Fixing log messages in python source code to support internationalization. | ||
862 | 800 | |||
863 | 801 | Change-Id: I6b50abaa82effad8feaaac8d85086ca8b5d42590 | ||
864 | 802 | |||
865 | 803 | keystone/catalog/backends/templated.py | 2 +- | ||
866 | 804 | keystone/catalog/core.py | 16 +++++----- | ||
867 | 805 | keystone/clean.py | 13 ++++---- | ||
868 | 806 | keystone/common/bufferedhttp.py | 4 +-- | ||
869 | 807 | keystone/common/cms.py | 4 +-- | ||
870 | 808 | keystone/common/ldap/core.py | 17 +++++----- | ||
871 | 809 | keystone/common/ldap/fakeldap.py | 54 +++++++++++++++++--------------- | ||
872 | 810 | keystone/common/sql/core.py | 2 +- | ||
873 | 811 | keystone/common/sql/legacy.py | 2 +- | ||
874 | 812 | keystone/common/sql/nova.py | 14 ++++----- | ||
875 | 813 | keystone/common/utils.py | 10 +++--- | ||
876 | 814 | keystone/common/wsgi.py | 6 ++-- | ||
877 | 815 | keystone/config.py | 4 +-- | ||
878 | 816 | keystone/policy/backends/rules.py | 2 +- | ||
879 | 817 | keystone/test.py | 2 +- | ||
880 | 818 | 15 files changed, 80 insertions(+), 72 deletions(-) | ||
881 | 819 | |||
882 | 820 | commit 8c15e3eba68d4af655eacee3d1ec46e98911d119 | ||
883 | 821 | Author: Alvaro Lopez Garcia <aloga@ifca.unican.es> | ||
884 | 822 | Date: Mon Dec 3 10:12:06 2012 +0100 | ||
885 | 823 | |||
886 | 824 | Added documentation for the external auth support | ||
887 | 825 | |||
888 | 826 | This covers given authentication using REMOTE_USER and also the way to | ||
889 | 827 | implement custom auth with WSGI middleware. | ||
890 | 828 | |||
891 | 829 | DocImpact | ||
892 | 830 | blueprint: pluggable-identity-authentication-handlers | ||
893 | 831 | Change-Id: Idbac8c38d1f0be1febbbc8056c929bada6bbb07e | ||
894 | 832 | |||
895 | 833 | doc/source/external-auth.rst | 117 ++++++++++++++++++++++++++++++++++++++++++ | ||
896 | 834 | doc/source/index.rst | 1 + | ||
897 | 835 | 2 files changed, 118 insertions(+) | ||
898 | 836 | |||
899 | 837 | commit 75277cf1ae496145369e929702005ef2304e6942 | ||
900 | 838 | Merge: 5b73757 af8761d | ||
901 | 839 | Author: Jenkins <jenkins@review.openstack.org> | ||
902 | 840 | Date: Mon Dec 3 09:57:36 2012 +0000 | ||
903 | 841 | |||
904 | 842 | Merge "check the redirected path on the request, not the response" | ||
905 | 843 | |||
906 | 844 | commit af8761d9e0add62a83604b77ab015f5a8b3120a9 | ||
907 | 845 | Author: Ionuț Arțăriși <iartarisi@suse.cz> | ||
908 | 846 | Date: Fri Nov 30 14:04:04 2012 +0100 | ||
909 | 847 | |||
910 | 848 | check the redirected path on the request, not the response | ||
911 | 849 | |||
912 | 850 | The request object's path changes when it gets redirected. This | ||
913 | 851 | behaviour is in tune with the latest WebOb code as well as the | ||
914 | 852 | old. The response environ defaults to None in WebOb >= 1.2b1 | ||
915 | 853 | http://docs.webob.org/en/latest/news.html#b1 | ||
916 | 854 | |||
917 | 855 | Change-Id: I557563ce5407a8ef1b5dae680e456e589285be25 | ||
918 | 856 | |||
919 | 857 | tests/test_s3_token_middleware.py | 8 ++++---- | ||
920 | 858 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
921 | 859 | |||
922 | 860 | commit 5b73757de94a30b7cc8566e2bf429c1aecd5c320 | ||
923 | 861 | Author: Wu Wenxiang <wu.wenxiang@99cloud.net> | ||
924 | 862 | Date: Thu Nov 29 23:58:04 2012 +0800 | ||
925 | 863 | |||
926 | 864 | Validate password type (bug 1081861) | ||
927 | 865 | |||
928 | 866 | Raise keystone.exception.ValidationError when password type was not string | ||
929 | 867 | |||
930 | 868 | Change-Id: Ib7538806777db0fe3a3cf9f22bf06a1d505c232f | ||
931 | 869 | |||
932 | 870 | keystone/common/utils.py | 12 ++++++++---- | ||
933 | 871 | 1 file changed, 8 insertions(+), 4 deletions(-) | ||
934 | 872 | |||
935 | 873 | commit f57098df8e50fae95c2c532407ec5bc6a10205e1 | ||
936 | 874 | Author: Adam Young <ayoung@redhat.com> | ||
937 | 875 | Date: Wed Nov 28 17:27:43 2012 -0500 | ||
938 | 876 | |||
939 | 877 | split identities module into logical parts | ||
940 | 878 | remove unneeded imports from core | ||
941 | 879 | |||
942 | 880 | Change-Id: I02fc2439cc115878d8081e052faf9ff96d20f6ec | ||
943 | 881 | |||
944 | 882 | keystone/identity/__init__.py | 2 + | ||
945 | 883 | keystone/identity/controllers.py | 607 +++++++++++++++++++++++++++++++++++++ | ||
946 | 884 | keystone/identity/core.py | 614 -------------------------------------- | ||
947 | 885 | keystone/identity/routers.py | 72 +++++ | ||
948 | 886 | 4 files changed, 681 insertions(+), 614 deletions(-) | ||
949 | 887 | |||
950 | 888 | commit 38c7e46a640a94da4da89a39a5a1ea9c081f1eb5 | ||
951 | 889 | Author: Dolph Mathews <dolph.mathews@rackspace.com> | ||
952 | 890 | Date: Wed Nov 28 10:28:07 2012 -0500 | ||
953 | 891 | |||
954 | 892 | Ensure token expiration is maintained (bug 1079216) | ||
955 | 893 | |||
956 | 894 | Change-Id: I95853ec36e9c4cd937cfac7e08b648e830f9efd0 | ||
957 | 895 | |||
958 | 896 | keystone/service.py | 1 + | ||
959 | 897 | tests/test_service.py | 57 +++++++++++++++++++++++++++++++++++++++++++++++++ | ||
960 | 898 | 2 files changed, 58 insertions(+) | ||
961 | 899 | |||
962 | 900 | commit ede63fbfe504cffb4b29f7394b1bf4872d093588 | ||
963 | 901 | Merge: d970e5f 1012bd4 | ||
964 | 902 | Author: Jenkins <jenkins@review.openstack.org> | ||
965 | 903 | Date: Tue Nov 27 19:49:22 2012 +0000 | ||
966 | 904 | |||
967 | 905 | Merge "normalize identity" | ||
968 | 906 | |||
969 | 907 | commit 1012bd42df5906bca67a82663f23b5c8a4eafe68 | ||
970 | 908 | Author: Adam Young <ayoung@redhat.com> | ||
971 | 909 | Date: Tue Nov 6 17:16:56 2012 -0500 | ||
972 | 910 | |||
973 | 911 | normalize identity | ||
974 | 912 | |||
975 | 913 | modify tables by adding columns, and modify entities | ||
976 | 914 | by adding attributes for password, description and enabled | ||
977 | 915 | |||
978 | 916 | update tests to deal with change from 'False' and 'True' to the | ||
979 | 917 | python values False and True | ||
980 | 918 | |||
981 | 919 | Added a Text type from SQL Alchemy | ||
982 | 920 | |||
983 | 921 | Bug 1070351 | ||
984 | 922 | Bug 1023544 | ||
985 | 923 | |||
986 | 924 | Change-Id: I066c788b5d08a8f42a9b5412ea9e29e4fe9ba205 | ||
987 | 925 | |||
988 | 926 | keystone/common/sql/core.py | 1 + | ||
989 | 927 | .../versions/008_normalize_identity.py | 61 ++++++++ | ||
990 | 928 | .../migrate_repo/versions/008_sqlite_downgrade.sql | 5 + | ||
991 | 929 | .../versions/009_normalize_identity_migration.py | 146 ++++++++++++++++++++ | ||
992 | 930 | keystone/identity/backends/sql.py | 8 +- | ||
993 | 931 | tests/default_fixtures.py | 8 ++ | ||
994 | 932 | tests/test_backend.py | 18 +-- | ||
995 | 933 | tests/test_backend_sql.py | 2 + | ||
996 | 934 | tests/test_sql_upgrade.py | 53 ++++++- | ||
997 | 935 | 9 files changed, 290 insertions(+), 12 deletions(-) | ||
998 | 936 | |||
999 | 937 | commit d970e5f815558706e5be642d814d08c93b0dd42a | ||
1000 | 938 | Merge: 3779c67 d4c4cf0 | ||
1001 | 939 | Author: Jenkins <jenkins@review.openstack.org> | ||
1002 | 940 | Date: Tue Nov 27 04:22:51 2012 +0000 | ||
1003 | 941 | |||
1004 | 942 | Merge "Fixes typo in keystone setup doc" | ||
1005 | 943 | |||
1006 | 944 | commit d4c4cf035120c22c222b16c963abb1b82c33a707 | ||
1007 | 945 | Author: Tom Fifield <fifieldt@unimelb.edu.au> | ||
1008 | 946 | Date: Tue Nov 27 12:38:07 2012 +1000 | ||
1009 | 947 | |||
1010 | 948 | Fixes typo in keystone setup doc | ||
1011 | 949 | |||
1012 | 950 | fixes bug 1083391 | ||
1013 | 951 | |||
1014 | 952 | A one character change to fix a typo in setup doc, reported | ||
1015 | 953 | by a user :s | ||
1016 | 954 | |||
1017 | 955 | Change-Id: I4fefec089c9ded4b773f4b3641e30162a4faa2f8 | ||
1018 | 956 | |||
1019 | 957 | doc/source/setup.rst | 2 +- | ||
1020 | 958 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
1021 | 959 | |||
1022 | 960 | commit 3779c675c54fbc2be9d341e2a2a77b520f0f3a59 | ||
1023 | 961 | Author: OpenStack Jenkins <jenkins@openstack.org> | ||
1024 | 962 | Date: Tue Nov 27 00:01:43 2012 +0000 | ||
1025 | 963 | |||
1026 | 964 | Imported Translations from Transifex | ||
1027 | 965 | |||
1028 | 966 | Change-Id: I2cb4f8bd3891b474413eef11aae62188b358d359 | ||
1029 | 967 | |||
1030 | 968 | keystone/locale/keystone.pot | 10 +--------- | ||
1031 | 969 | 1 file changed, 1 insertion(+), 9 deletions(-) | ||
1032 | 970 | |||
1033 | 971 | commit 904af119d2b84a93e416b7b297eda3b321840669 | ||
1034 | 972 | Author: Mark McLoughlin <markmc@redhat.com> | ||
1035 | 973 | Date: Mon Nov 26 16:16:54 2012 +0000 | ||
1036 | 974 | |||
1037 | 975 | Stop using cfg's internal implementation details | ||
1038 | 976 | |||
1039 | 977 | The fact that a cfg opt register using register_opt() is available via | ||
1040 | 978 | the command line is actually a bug (see bug #1082279). | ||
1041 | 979 | |||
1042 | 980 | Also, using the _cli_values attribute is clearly poking into private | ||
1043 | 981 | implementation details. | ||
1044 | 982 | |||
1045 | 983 | Fix both issues by registering the opt using register_cli_opt() and | ||
1046 | 984 | accessing its value the normal way. | ||
1047 | 985 | |||
1048 | 986 | Change-Id: If170dcd96daae5b4c3d7cdebed914df417c2209b | ||
1049 | 987 | |||
1050 | 988 | bin/keystone-all | 2 +- | ||
1051 | 989 | keystone/config.py | 4 +++- | ||
1052 | 990 | 2 files changed, 4 insertions(+), 2 deletions(-) | ||
1053 | 991 | |||
1054 | 992 | commit 18a49ae5767cc9cf0f81d3bb9616aba4f076178a | ||
1055 | 993 | Author: Joe Heck <heckj@mac.com> | ||
1056 | 994 | Date: Wed Nov 21 22:02:19 2012 +0000 | ||
1057 | 995 | |||
1058 | 996 | syncing run_tests to match tox | ||
1059 | 997 | |||
1060 | 998 | Change-Id: Ide81b1ea9230ceb2ad463d4f253eb7021fc683da | ||
1061 | 999 | |||
1062 | 1000 | run_tests.sh | 2 +- | ||
1063 | 1001 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
1064 | 1002 | |||
1065 | 1 | commit 07c1aafdf20db6d6d7c0d3e15074bc02e2f1d2aa | 1003 | commit 07c1aafdf20db6d6d7c0d3e15074bc02e2f1d2aa |
1066 | 2 | Merge: d8aa7fd 01fccdb | 1004 | Merge: d8aa7fd 01fccdb |
1067 | 3 | Author: Jenkins <jenkins@review.openstack.org> | 1005 | Author: Jenkins <jenkins@review.openstack.org> |
1068 | 4 | 1006 | ||
1069 | === modified file 'HACKING.rst' | |||
1070 | --- HACKING.rst 2012-11-02 13:48:49 +0000 | |||
1071 | +++ HACKING.rst 2013-01-25 16:27:23 +0000 | |||
1072 | @@ -44,7 +44,7 @@ | |||
1073 | 44 | Imports | 44 | Imports |
1074 | 45 | ------- | 45 | ------- |
1075 | 46 | 46 | ||
1077 | 47 | - Do not import objects, only modules | 47 | - Import modules, not module attributes |
1078 | 48 | - Do not import more than one module per line | 48 | - Do not import more than one module per line |
1079 | 49 | - Do not make relative imports | 49 | - Do not make relative imports |
1080 | 50 | - Order your imports by the full module path | 50 | - Order your imports by the full module path |
1081 | 51 | 51 | ||
1082 | === modified file 'MANIFEST.in' | |||
1083 | --- MANIFEST.in 2012-08-16 13:59:29 +0000 | |||
1084 | +++ MANIFEST.in 2013-01-25 16:27:23 +0000 | |||
1085 | @@ -18,5 +18,5 @@ | |||
1086 | 18 | graft tests | 18 | graft tests |
1087 | 19 | graft tools | 19 | graft tools |
1088 | 20 | graft examples | 20 | graft examples |
1090 | 21 | recursive-include keystone *.json *.xml *.cfg *.pem README *.pot *.sql | 21 | recursive-include keystone *.json *.xml *.cfg *.pem README *.po *.pot *.sql |
1091 | 22 | global-exclude *.pyc *.sdx *.log *.db *.swp | 22 | global-exclude *.pyc *.sdx *.log *.db *.swp |
1092 | 23 | 23 | ||
1093 | === modified file 'README.rst' | |||
1094 | --- README.rst 2012-05-24 14:04:20 +0000 | |||
1095 | +++ README.rst 2013-01-25 16:27:23 +0000 | |||
1096 | @@ -212,3 +212,10 @@ | |||
1097 | 212 | 212 | ||
1098 | 213 | In the backend this would look up the policy for 'action:nova:add_network' and | 213 | In the backend this would look up the policy for 'action:nova:add_network' and |
1099 | 214 | then do what is effectively a 'Simple Match' style match against the creds. | 214 | then do what is effectively a 'Simple Match' style match against the creds. |
1100 | 215 | |||
1101 | 216 | |||
1102 | 217 | ---------------------------------- | ||
1103 | 218 | Dependencies | ||
1104 | 219 | ---------------------------------- | ||
1105 | 220 | |||
1106 | 221 | Ensure an OpenSSL version of 1.0+ is installed. | ||
1107 | 215 | \ No newline at end of file | 222 | \ No newline at end of file |
1108 | 216 | 223 | ||
1109 | === modified file 'bin/keystone-all' | |||
1110 | --- bin/keystone-all 2012-11-02 13:48:49 +0000 | |||
1111 | +++ bin/keystone-all 2013-01-25 16:27:23 +0000 | |||
1112 | @@ -90,7 +90,14 @@ | |||
1113 | 90 | CONF.print_help() | 90 | CONF.print_help() |
1114 | 91 | sys.exit(1) | 91 | sys.exit(1) |
1115 | 92 | 92 | ||
1117 | 93 | monkeypatch_thread = not CONF._cli_values['standard_threads'] | 93 | monkeypatch_thread = not CONF.standard_threads |
1118 | 94 | pydev_debug_url = utils.setup_remote_pydev_debug() | ||
1119 | 95 | if pydev_debug_url: | ||
1120 | 96 | # in order to work around errors caused by monkey patching we have to | ||
1121 | 97 | # set the thread to False. An explanation is here: | ||
1122 | 98 | # http://lists.openstack.org/pipermail/openstack-dev/2012-August/ | ||
1123 | 99 | # 000794.html | ||
1124 | 100 | monkeypatch_thread = False | ||
1125 | 94 | eventlet.patcher.monkey_patch(all=False, socket=True, time=True, | 101 | eventlet.patcher.monkey_patch(all=False, socket=True, time=True, |
1126 | 95 | thread=monkeypatch_thread) | 102 | thread=monkeypatch_thread) |
1127 | 96 | 103 | ||
1128 | 97 | 104 | ||
1129 | === modified file 'debian/changelog' | |||
1130 | --- debian/changelog 2012-11-26 19:24:17 +0000 | |||
1131 | +++ debian/changelog 2013-01-25 16:27:23 +0000 | |||
1132 | @@ -1,3 +1,36 @@ | |||
1133 | 1 | keystone (2013.1~g2-0ubuntu1~cloud0) precise-grizzly; urgency=low | ||
1134 | 2 | |||
1135 | 3 | * New upstream release for the Ubuntu Cloud Archive. | ||
1136 | 4 | |||
1137 | 5 | -- Chuck Short <zulcss@ubuntu.com> Wed, 23 Jan 2013 12:27:47 -0600 | ||
1138 | 6 | |||
1139 | 7 | keystone (2013.1~g2-0ubuntu1) raring; urgency=low | ||
1140 | 8 | |||
1141 | 9 | [ James Page ] | ||
1142 | 10 | * Re-enable gating of package build based on successful unit testing: | ||
1143 | 11 | - d/tests/test_overrides.conf: Fixup test configuration to use | ||
1144 | 12 | correct certificate locations. | ||
1145 | 13 | - d/p/fix-ubuntu-tests.patch: Skip tests for older versions of | ||
1146 | 14 | keystoneclient based on checkouts of upstream git repo. | ||
1147 | 15 | - d/rules: Re-enable package build failure on test failure. | ||
1148 | 16 | * d/control: Bump dependencies on python-keystoneclient to >= 1:0.2. | ||
1149 | 17 | * d/control: Update Vcs-Bzr location to point to correct branch. | ||
1150 | 18 | * d/control,d/po/*: Setup package templates for translation. | ||
1151 | 19 | * d/man/*: Corrected spellings in man pages. | ||
1152 | 20 | * d/keystone.upstart: Tweak 'stop on' to be triggered on all | ||
1153 | 21 | appropriate runlevel transitions, use start-stop-daemon to startup | ||
1154 | 22 | keystone daemon. | ||
1155 | 23 | |||
1156 | 24 | [ Adam Gandelman ] | ||
1157 | 25 | * debian/keystone.manpages: Install sphinx-generated manpages instead | ||
1158 | 26 | of our own outdated and unneeded versions. (LP: #1082050) | ||
1159 | 27 | |||
1160 | 28 | [ Chuck Short ] | ||
1161 | 29 | * New upstream release. | ||
1162 | 30 | * Remove incomplete/broken dbconfig-common scripts. | ||
1163 | 31 | |||
1164 | 32 | -- Chuck Short <zulcss@ubuntu.com> Fri, 11 Jan 2013 08:47:26 -0600 | ||
1165 | 33 | |||
1166 | 1 | keystone (2013.1~g1-0ubuntu1~cloud0) precise-grizzly; urgency=low | 34 | keystone (2013.1~g1-0ubuntu1~cloud0) precise-grizzly; urgency=low |
1167 | 2 | 35 | ||
1168 | 3 | * New upstream release for the Ubuntu Cloud Archive. | 36 | * New upstream release for the Ubuntu Cloud Archive. |
1169 | 4 | 37 | ||
1170 | === modified file 'debian/control' | |||
1171 | --- debian/control 2012-11-02 13:48:49 +0000 | |||
1172 | +++ debian/control 2013-01-25 16:27:23 +0000 | |||
1173 | @@ -6,11 +6,12 @@ | |||
1174 | 6 | Uploaders: Soren Hansen <soren@ubuntu.com> | 6 | Uploaders: Soren Hansen <soren@ubuntu.com> |
1175 | 7 | Build-Depends: debhelper (>= 7.0.50), | 7 | Build-Depends: debhelper (>= 7.0.50), |
1176 | 8 | pep8, | 8 | pep8, |
1177 | 9 | po-debconf, | ||
1178 | 9 | pylint, | 10 | pylint, |
1179 | 10 | python-all (>= 2.6), | 11 | python-all (>= 2.6), |
1180 | 11 | python-all-dev (>= 2.6.6-3~) | python-support, | 12 | python-all-dev (>= 2.6.6-3~) | python-support, |
1181 | 12 | python-eventlet, | 13 | python-eventlet, |
1183 | 13 | python-keystoneclient ( >= 1:0.1.3 ), | 14 | python-keystoneclient ( >= 1:0.2 ), |
1184 | 14 | python-ldap, | 15 | python-ldap, |
1185 | 15 | python-lxml, | 16 | python-lxml, |
1186 | 16 | python-memcache, | 17 | python-memcache, |
1187 | @@ -33,7 +34,7 @@ | |||
1188 | 33 | Standards-Version: 3.9.3 | 34 | Standards-Version: 3.9.3 |
1189 | 34 | XS-Python-Version: >= 2.6 | 35 | XS-Python-Version: >= 2.6 |
1190 | 35 | Homepage: http://launchpad.net/keystone | 36 | Homepage: http://launchpad.net/keystone |
1192 | 36 | Vcs-Bzr: https://code.launchpad.net/~ubuntu-server-dev/keystone/essex | 37 | Vcs-Bzr: https://code.launchpad.net/~openstack-ubuntu-testing/keystone/grizzly |
1193 | 37 | 38 | ||
1194 | 38 | Package: python-keystone | 39 | Package: python-keystone |
1195 | 39 | Architecture: all | 40 | Architecture: all |
1196 | @@ -52,7 +53,7 @@ | |||
1197 | 52 | python-sqlalchemy, | 53 | python-sqlalchemy, |
1198 | 53 | python-migrate, | 54 | python-migrate, |
1199 | 54 | python-prettytable, | 55 | python-prettytable, |
1201 | 55 | python-keystoneclient ( >= 1:0.1.3 ), | 56 | python-keystoneclient ( >= 1:0.2 ), |
1202 | 56 | python-webob, | 57 | python-webob, |
1203 | 57 | python-iso8601 | 58 | python-iso8601 |
1204 | 58 | Suggests: python-memcache | 59 | Suggests: python-memcache |
1205 | @@ -76,8 +77,7 @@ | |||
1206 | 76 | Depends: ${python:Depends}, ${misc:Depends}, | 77 | Depends: ${python:Depends}, ${misc:Depends}, |
1207 | 77 | python-keystone (= ${source:Version}), | 78 | python-keystone (= ${source:Version}), |
1208 | 78 | adduser, | 79 | adduser, |
1211 | 79 | ssl-cert (>= 1.0.12), | 80 | ssl-cert (>= 1.0.12) |
1210 | 80 | dbconfig-common | ||
1212 | 81 | Description: OpenStack identity service - Daemons | 81 | Description: OpenStack identity service - Daemons |
1213 | 82 | Keystone is a proposed independent authentication service for OpenStack. | 82 | Keystone is a proposed independent authentication service for OpenStack. |
1214 | 83 | . | 83 | . |
1215 | 84 | 84 | ||
1216 | === removed file 'debian/keystone.config' | |||
1217 | --- debian/keystone.config 2012-06-22 12:27:50 +0000 | |||
1218 | +++ debian/keystone.config 1970-01-01 00:00:00 +0000 | |||
1219 | @@ -1,19 +0,0 @@ | |||
1220 | 1 | #!/bin/sh | ||
1221 | 2 | set -e | ||
1222 | 3 | |||
1223 | 4 | . /usr/share/debconf/confmodule | ||
1224 | 5 | |||
1225 | 6 | |||
1226 | 7 | db_input low keystone/configure_db || true | ||
1227 | 8 | db_go | ||
1228 | 9 | db_get keystone/configure_db | ||
1229 | 10 | if [ "$RET" = "true" ]; then | ||
1230 | 11 | if [ -f /usr/share/dbconfig-common/dpkg/config ]; | ||
1231 | 12 | then | ||
1232 | 13 | dbc_dbtypes="sqlite3, mysql, pgsql" | ||
1233 | 14 | db_authmethod_user="password" | ||
1234 | 15 | dbc_basepath="/var/lib/keystone" | ||
1235 | 16 | . /usr/share/dbconfig-common/dpkg/config | ||
1236 | 17 | dbc_go keystone $@ | ||
1237 | 18 | fi | ||
1238 | 19 | fi | ||
1239 | 20 | 0 | ||
1240 | === modified file 'debian/keystone.manpages' | |||
1241 | --- debian/keystone.manpages 2011-12-16 15:38:05 +0000 | |||
1242 | +++ debian/keystone.manpages 2013-01-25 16:27:23 +0000 | |||
1243 | @@ -1,1 +1,1 @@ | |||
1245 | 1 | debian/man/* | 1 | doc/build/man/* |
1246 | 2 | 2 | ||
1247 | === modified file 'debian/keystone.postinst' | |||
1248 | --- debian/keystone.postinst 2012-03-02 09:55:24 +0000 | |||
1249 | +++ debian/keystone.postinst 2013-01-25 16:27:23 +0000 | |||
1250 | @@ -2,8 +2,6 @@ | |||
1251 | 2 | 2 | ||
1252 | 3 | set -e | 3 | set -e |
1253 | 4 | 4 | ||
1254 | 5 | . /usr/share/debconf/confmodule | ||
1255 | 6 | . /usr/share/dbconfig-common/dpkg/postinst | ||
1256 | 7 | 5 | ||
1257 | 8 | # summary of how this script can be called: | 6 | # summary of how this script can be called: |
1258 | 9 | # * <new-preinst> `install' | 7 | # * <new-preinst> `install' |
1259 | @@ -19,30 +17,10 @@ | |||
1260 | 19 | #su -s /bin/sh -c 'exec keystone database sync' keystone | 17 | #su -s /bin/sh -c 'exec keystone database sync' keystone |
1261 | 20 | ;; | 18 | ;; |
1262 | 21 | configure) | 19 | configure) |
1285 | 22 | db_get keystone/configure_db | 20 | if ! grep -q sql_connection /etc/keystone/keystone.conf |
1286 | 23 | if [ "$RET" = "true" ]; then | 21 | then |
1287 | 24 | dbc_go keystone $@ | 22 | su -s /bin/sh -c 'exec keystone-manage db_sync' keystone |
1266 | 25 | |||
1267 | 26 | case "$dbc_dbtype" in | ||
1268 | 27 | sqlite3) | ||
1269 | 28 | SQL_CONNECTION="sqlite:///$dbc_basepath/$dbc_dbname.db" | ||
1270 | 29 | ;; | ||
1271 | 30 | mysql) | ||
1272 | 31 | [ -n "$dbc_dbport" ] && dbport=:$dbc_dbport | ||
1273 | 32 | SQL_CONNECTION="mysql://$dbc_dbuser:$dbc_dbpass@${dbc_dbserver:-localhost}$dbport/$dbc_dbname" | ||
1274 | 33 | ;; | ||
1275 | 34 | pgsql) | ||
1276 | 35 | [ -n "$dbc_dbport" ] && dbport=:$dbc_dbport | ||
1277 | 36 | SQL_CONNECTION="pgsql://$dbc_dbuser:$dbc_dbpass@${dbc_dbserver:-localhost}$dbport/$dbc_dbname" | ||
1278 | 37 | ;; | ||
1279 | 38 | *) | ||
1280 | 39 | SQL_CONNECTION="sqlite:////var/lib/keystone/keystone.db" | ||
1281 | 40 | ;; | ||
1282 | 41 | esac | ||
1283 | 42 | [ -z "$2" -o "$dbc_install" = "true" ] \ | ||
1284 | 43 | && sed -e "s,_DBC_URL_,$SQL_CONNECTION," -i /etc/keystone/keystone.conf | ||
1288 | 44 | fi | 23 | fi |
1289 | 45 | su -s /bin/sh -c 'exec keystone-manage db_sync' keystone | ||
1290 | 46 | ;; | 24 | ;; |
1291 | 47 | abort-upgrade) | 25 | abort-upgrade) |
1292 | 48 | echo "aport upgrade called" | 26 | echo "aport upgrade called" |
1293 | 49 | 27 | ||
1294 | === modified file 'debian/keystone.postrm' | |||
1295 | --- debian/keystone.postrm 2012-06-22 12:27:50 +0000 | |||
1296 | +++ debian/keystone.postrm 2013-01-25 16:27:23 +0000 | |||
1297 | @@ -2,20 +2,6 @@ | |||
1298 | 2 | 2 | ||
1299 | 3 | set -e | 3 | set -e |
1300 | 4 | 4 | ||
1301 | 5 | if [ -f /usr/share/debconf/confmodule ] | ||
1302 | 6 | then | ||
1303 | 7 | . /usr/share/debconf/confmodule | ||
1304 | 8 | fi | ||
1305 | 9 | |||
1306 | 10 | if [ -f /etc/dbconfig-common/keystone.conf ] | ||
1307 | 11 | then | ||
1308 | 12 | if [ -f /usr/share/dbconfig-common/dpkg/postrm ] | ||
1309 | 13 | then | ||
1310 | 14 | . /usr/share/dbconfig-common/dpkg/postrm | ||
1311 | 15 | dbc_go keystone $@ | ||
1312 | 16 | fi | ||
1313 | 17 | fi | ||
1314 | 18 | |||
1315 | 19 | case "$1" in | 5 | case "$1" in |
1316 | 20 | purge) | 6 | purge) |
1317 | 21 | rm -rf /var/log/keystone | 7 | rm -rf /var/log/keystone |
1318 | 22 | 8 | ||
1319 | === removed file 'debian/keystone.prerm' | |||
1320 | --- debian/keystone.prerm 2012-06-22 12:27:50 +0000 | |||
1321 | +++ debian/keystone.prerm 1970-01-01 00:00:00 +0000 | |||
1322 | @@ -1,17 +0,0 @@ | |||
1323 | 1 | #!/bin/sh | ||
1324 | 2 | |||
1325 | 3 | set -e | ||
1326 | 4 | |||
1327 | 5 | . /usr/share/debconf/confmodule | ||
1328 | 6 | . /usr/share/dbconfig-common/dpkg/prerm | ||
1329 | 7 | |||
1330 | 8 | |||
1331 | 9 | db_get keystone/configure_db | ||
1332 | 10 | if [ "$RET" = "true" ]; then | ||
1333 | 11 | # Only cleanup with dbconfig if it was used during | ||
1334 | 12 | # installation (LP: #948719) | ||
1335 | 13 | dbc_go keystone $@ | ||
1336 | 14 | fi | ||
1337 | 15 | |||
1338 | 16 | #DEBHELPER# | ||
1339 | 17 | |||
1340 | 18 | 0 | ||
1341 | === modified file 'debian/keystone.templates' | |||
1342 | --- debian/keystone.templates 2012-06-22 12:27:50 +0000 | |||
1343 | +++ debian/keystone.templates 2013-01-25 16:27:23 +0000 | |||
1344 | @@ -1,7 +1,7 @@ | |||
1345 | 1 | Template: keystone/configure_db | 1 | Template: keystone/configure_db |
1346 | 2 | Type: boolean | 2 | Type: boolean |
1347 | 3 | Default: false | 3 | Default: false |
1349 | 4 | Description: Set up a database for keystone? | 4 | _Description: Set up a database for keystone? |
1350 | 5 | No database has been set up for keystone to use. Before continuing, | 5 | No database has been set up for keystone to use. Before continuing, |
1351 | 6 | you should make sure you have: | 6 | you should make sure you have: |
1352 | 7 | . | 7 | . |
1353 | 8 | 8 | ||
1354 | === modified file 'debian/keystone.upstart' | |||
1355 | --- debian/keystone.upstart 2012-06-22 12:27:50 +0000 | |||
1356 | +++ debian/keystone.upstart 2013-01-25 16:27:23 +0000 | |||
1357 | @@ -2,8 +2,10 @@ | |||
1358 | 2 | author "Soren Hansen <soren@linux2go.dk>" | 2 | author "Soren Hansen <soren@linux2go.dk>" |
1359 | 3 | 3 | ||
1360 | 4 | start on (local-filesystems and net-device-up IFACE!=lo) | 4 | start on (local-filesystems and net-device-up IFACE!=lo) |
1362 | 5 | stop on runlevel [016] | 5 | stop on runlevel [!2345] |
1363 | 6 | 6 | ||
1364 | 7 | respawn | 7 | respawn |
1365 | 8 | 8 | ||
1367 | 9 | exec su -s /bin/sh -c "exec keystone-all" keystone | 9 | exec start-stop-daemon --start --chuid keystone \ |
1368 | 10 | --chdir /var/lib/keystone --name keystone \ | ||
1369 | 11 | --exec /usr/bin/keystone-all | ||
1370 | 10 | 12 | ||
1371 | === removed directory 'debian/man' | |||
1372 | === removed file 'debian/man/keystone-admin.8' | |||
1373 | --- debian/man/keystone-admin.8 2012-06-22 12:27:50 +0000 | |||
1374 | +++ debian/man/keystone-admin.8 1970-01-01 00:00:00 +0000 | |||
1375 | @@ -1,63 +0,0 @@ | |||
1376 | 1 | .TH keystone 8 | ||
1377 | 2 | .SH NAME | ||
1378 | 3 | keystone-admin \- provides HTTP for administrators. | ||
1379 | 4 | .SH SYNOPSIS | ||
1380 | 5 | .I [OPTION]... | ||
1381 | 6 | .SH DESCRIPTION | ||
1382 | 7 | .BR keystone is a Python implementation of the Openstack | ||
1383 | 8 | identity service. | ||
1384 | 9 | .TP | ||
1385 | 10 | .B --version | ||
1386 | 11 | show program's version number and exit | ||
1387 | 12 | .TP | ||
1388 | 13 | .B \-h, --help | ||
1389 | 14 | show help messag and exit | ||
1390 | 15 | .TP | ||
1391 | 16 | .B \-v, --verbose | ||
1392 | 17 | Print more verbose output | ||
1393 | 18 | .TP | ||
1394 | 19 | .B \-d, --debug | ||
1395 | 20 | Prrint debugging output to console. | ||
1396 | 21 | .TP | ||
1397 | 22 | .B \-c PATH, --config-file=PATH | ||
1398 | 23 | Path to the config file to use. When not specified (the default), | ||
1399 | 24 | we generally look at the first arguement specified to be a config file, | ||
1400 | 25 | and if that is also missing, we search standard directories for a config | ||
1401 | 26 | file. | ||
1402 | 27 | .TP | ||
1403 | 28 | .B \-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT | ||
1404 | 29 | Specifies port to listen on. | ||
1405 | 30 | .TP | ||
1406 | 31 | .B --host=BIND_HOST, --bind-host=BIND_HOST | ||
1407 | 32 | Specifies host address to listen on (default is all or 0.0.0.0) | ||
1408 | 33 | .TP | ||
1409 | 34 | .B \-t, --trace-calls | ||
1410 | 35 | Turns on call tracing for troubleshooting | ||
1411 | 36 | .TP | ||
1412 | 37 | .B \-a PORT, --admin-port=PORT | ||
1413 | 38 | Specifies port for Admin API to listen on (default is | ||
1414 | 39 | 35357) | ||
1415 | 40 | .TP | ||
1416 | 41 | .B --log-config=PATH | ||
1417 | 42 | If this opion is specified, the logging configuration | ||
1418 | 43 | file specified is used and overrides any other logging | ||
1419 | 44 | options specified. Please see the Python logging | ||
1420 | 45 | modules documentation for details on logging | ||
1421 | 46 | confgiuration files. | ||
1422 | 47 | .TP | ||
1423 | 48 | .B --log-date-format=FORMAT | ||
1424 | 49 | Format string for %(asctime)s in log records. | ||
1425 | 50 | Default: %Y-%m-%d %H:%M:%S | ||
1426 | 51 | .TP | ||
1427 | 52 | .B --log-file=PATH | ||
1428 | 53 | (Optional) Name of log file to output to. If not set, | ||
1429 | 54 | logging will go to stdout. | ||
1430 | 55 | .TP | ||
1431 | 56 | .B --log-didr=LOG_DIR | ||
1432 | 57 | (Optional) The directory to keep log files in (will | ||
1433 | 58 | be prepended to --logfile) | ||
1434 | 59 | |||
1435 | 60 | .SH FILES | ||
1436 | 61 | .IR /etc/keystone/keystone.conf | ||
1437 | 62 | .SH AUTHOR | ||
1438 | 63 | This manual page was written by Chuck Short <zulcss@ubuntu.com>. | ||
1439 | 64 | 0 | ||
1440 | === removed file 'debian/man/keystone-auth.8' | |||
1441 | --- debian/man/keystone-auth.8 2012-06-22 12:27:50 +0000 | |||
1442 | +++ debian/man/keystone-auth.8 1970-01-01 00:00:00 +0000 | |||
1443 | @@ -1,63 +0,0 @@ | |||
1444 | 1 | .TH keystone 8 | ||
1445 | 2 | .SH NAME | ||
1446 | 3 | keystone-auth \- provides HTTP for users. | ||
1447 | 4 | .SH SYNOPSIS | ||
1448 | 5 | .I [OPTION]... | ||
1449 | 6 | .SH DESCRIPTION | ||
1450 | 7 | .BR keystone is a Python implementation of the Openstack | ||
1451 | 8 | identity service. | ||
1452 | 9 | .TP | ||
1453 | 10 | .B --version | ||
1454 | 11 | show program's version number and exit | ||
1455 | 12 | .TP | ||
1456 | 13 | .B \-h, --help | ||
1457 | 14 | show help messag and exit | ||
1458 | 15 | .TP | ||
1459 | 16 | .B \-v, --verbose | ||
1460 | 17 | Print more verbose output | ||
1461 | 18 | .TP | ||
1462 | 19 | .B \-d, --debug | ||
1463 | 20 | Prrint debugging output to console. | ||
1464 | 21 | .TP | ||
1465 | 22 | .B \-c PATH, --config-file=PATH | ||
1466 | 23 | Path to the config file to use. When not specified (the default), | ||
1467 | 24 | we generally look at the first arguement specified to be a config file, | ||
1468 | 25 | and if that is also missing, we search standard directories for a config | ||
1469 | 26 | file. | ||
1470 | 27 | .TP | ||
1471 | 28 | .B \-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT | ||
1472 | 29 | Specifies port to listen on. | ||
1473 | 30 | .TP | ||
1474 | 31 | .B --host=BIND_HOST, --bind-host=BIND_HOST | ||
1475 | 32 | Specifies host address to listen on (default is all or 0.0.0.0) | ||
1476 | 33 | .TP | ||
1477 | 34 | .B \-t, --trace-calls | ||
1478 | 35 | Turns on call tracing for troubleshooting | ||
1479 | 36 | .TP | ||
1480 | 37 | .B \-a PORT, --admin-port=PORT | ||
1481 | 38 | Specifies port for Admin API to listen on (default is | ||
1482 | 39 | 35357) | ||
1483 | 40 | .TP | ||
1484 | 41 | .B --log-config=PATH | ||
1485 | 42 | If this opion is specified, the logging configuration | ||
1486 | 43 | file specified is used and overrides any other logging | ||
1487 | 44 | options specified. Please see the Python logging | ||
1488 | 45 | modules documentation for details on logging | ||
1489 | 46 | confgiuration files. | ||
1490 | 47 | .TP | ||
1491 | 48 | .B --log-date-format=FORMAT | ||
1492 | 49 | Format string for %(asctime)s in log records. | ||
1493 | 50 | Default: %Y-%m-%d %H:%M:%S | ||
1494 | 51 | .TP | ||
1495 | 52 | .B --log-file=PATH | ||
1496 | 53 | (Optional) Name of log file to output to. If not set, | ||
1497 | 54 | logging will go to stdout. | ||
1498 | 55 | .TP | ||
1499 | 56 | .B --log-didr=LOG_DIR | ||
1500 | 57 | (Optional) The directory to keep log files in (will | ||
1501 | 58 | be prepended to --logfile) | ||
1502 | 59 | |||
1503 | 60 | .SH FILES | ||
1504 | 61 | .IR /etc/keystone/keystone.conf | ||
1505 | 62 | .SH AUTHOR | ||
1506 | 63 | This manual page was written by Chuck Short <zulcss@ubuntu.com>. | ||
1507 | 64 | 0 | ||
1508 | === removed file 'debian/man/keystone-control.8' | |||
1509 | --- debian/man/keystone-control.8 2012-06-22 12:27:50 +0000 | |||
1510 | +++ debian/man/keystone-control.8 1970-01-01 00:00:00 +0000 | |||
1511 | @@ -1,63 +0,0 @@ | |||
1512 | 1 | .TH keystone 8 | ||
1513 | 2 | .SH NAME | ||
1514 | 3 | keystone \- Starts/Stops keystone server. | ||
1515 | 4 | .SH SYNOPSIS | ||
1516 | 5 | .I [OPTION]... | ||
1517 | 6 | .SH DESCRIPTION | ||
1518 | 7 | .BR keystone is a Python implementation of the Openstack | ||
1519 | 8 | identity service. | ||
1520 | 9 | .TP | ||
1521 | 10 | .B --version | ||
1522 | 11 | show program's version number and exit | ||
1523 | 12 | .TP | ||
1524 | 13 | .B \-h, --help | ||
1525 | 14 | show help messag and exit | ||
1526 | 15 | .TP | ||
1527 | 16 | .B \-v, --verbose | ||
1528 | 17 | Print more verbose output | ||
1529 | 18 | .TP | ||
1530 | 19 | .B \-d, --debug | ||
1531 | 20 | Prrint debugging output to console. | ||
1532 | 21 | .TP | ||
1533 | 22 | .B \-c PATH, --config-file=PATH | ||
1534 | 23 | Path to the config file to use. When not specified (the default), | ||
1535 | 24 | we generally look at the first arguement specified to be a config file, | ||
1536 | 25 | and if that is also missing, we search standard directories for a config | ||
1537 | 26 | file. | ||
1538 | 27 | .TP | ||
1539 | 28 | .B \-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT | ||
1540 | 29 | Specifies port to listen on. | ||
1541 | 30 | .TP | ||
1542 | 31 | .B --host=BIND_HOST, --bind-host=BIND_HOST | ||
1543 | 32 | Specifies host address to listen on (default is all or 0.0.0.0) | ||
1544 | 33 | .TP | ||
1545 | 34 | .B \-t, --trace-calls | ||
1546 | 35 | Turns on call tracing for troubleshooting | ||
1547 | 36 | .TP | ||
1548 | 37 | .B \-a PORT, --admin-port=PORT | ||
1549 | 38 | Specifies port for Admin API to listen on (default is | ||
1550 | 39 | 35357) | ||
1551 | 40 | .TP | ||
1552 | 41 | .B --log-config=PATH | ||
1553 | 42 | If this opion is specified, the logging configuration | ||
1554 | 43 | file specified is used and overrides any other logging | ||
1555 | 44 | options specified. Please see the Python logging | ||
1556 | 45 | modules documentation for details on logging | ||
1557 | 46 | confgiuration files. | ||
1558 | 47 | .TP | ||
1559 | 48 | .B --log-date-format=FORMAT | ||
1560 | 49 | Format string for %(asctime)s in log records. | ||
1561 | 50 | Default: %Y-%m-%d %H:%M:%S | ||
1562 | 51 | .TP | ||
1563 | 52 | .B --log-file=PATH | ||
1564 | 53 | (Optional) Name of log file to output to. If not set, | ||
1565 | 54 | logging will go to stdout. | ||
1566 | 55 | .TP | ||
1567 | 56 | .B --log-didr=LOG_DIR | ||
1568 | 57 | (Optional) The directory to keep log files in (will | ||
1569 | 58 | be prepended to --logfile) | ||
1570 | 59 | |||
1571 | 60 | .SH FILES | ||
1572 | 61 | .IR /etc/keystone/keystone.conf | ||
1573 | 62 | .SH AUTHOR | ||
1574 | 63 | This manual page was written by Chuck Short <zulcss@ubuntu.com>. | ||
1575 | 64 | 0 | ||
1576 | === removed file 'debian/man/keystone-import.8' | |||
1577 | --- debian/man/keystone-import.8 2012-06-22 12:27:50 +0000 | |||
1578 | +++ debian/man/keystone-import.8 1970-01-01 00:00:00 +0000 | |||
1579 | @@ -1,12 +0,0 @@ | |||
1580 | 1 | .TH keystone 8 | ||
1581 | 2 | .SH NAME | ||
1582 | 3 | keystone-import \- import users, tenants, and EC2 credentials from nova. | ||
1583 | 4 | .SH SYNOPSIS | ||
1584 | 5 | .I [OPTION]... | ||
1585 | 6 | .SH DESCRIPTION | ||
1586 | 7 | .BR keystone is a Python implementation of the Openstack | ||
1587 | 8 | identity service. | ||
1588 | 9 | .SH FILES | ||
1589 | 10 | .IR /etc/keystone/keystone.conf | ||
1590 | 11 | .SH AUTHOR | ||
1591 | 12 | This manual page was written by Chuck Short <zulcss@ubuntu.com>. | ||
1592 | 13 | 0 | ||
1593 | === removed file 'debian/man/keystone.8' | |||
1594 | --- debian/man/keystone.8 2012-06-22 12:27:50 +0000 | |||
1595 | +++ debian/man/keystone.8 1970-01-01 00:00:00 +0000 | |||
1596 | @@ -1,64 +0,0 @@ | |||
1597 | 1 | .TH keystone 8 | ||
1598 | 2 | .SH NAME | ||
1599 | 3 | keystone \- provides HTTP for administrators and users. | ||
1600 | 4 | .SH SYNOPSIS | ||
1601 | 5 | .I [OPTION]... | ||
1602 | 6 | .SH DESCRIPTION | ||
1603 | 7 | .B keystone is a Python implementation of the Openstack | ||
1604 | 8 | .B identity service. This version has a lack of SSL support. | ||
1605 | 9 | .B It should not be run on a trusted network. | ||
1606 | 10 | .TP | ||
1607 | 11 | .B --version | ||
1608 | 12 | show program's version number and exit | ||
1609 | 13 | .TP | ||
1610 | 14 | .B \-h, --help | ||
1611 | 15 | show help messag and exit | ||
1612 | 16 | .TP | ||
1613 | 17 | .B \-v, --verbose | ||
1614 | 18 | Print more verbose output | ||
1615 | 19 | .TP | ||
1616 | 20 | .B \-d, --debug | ||
1617 | 21 | Prrint debugging output to console. | ||
1618 | 22 | .TP | ||
1619 | 23 | .B \-c PATH, --config-file=PATH | ||
1620 | 24 | Path to the config file to use. When not specified (the default), | ||
1621 | 25 | we generally look at the first arguement specified to be a config file, | ||
1622 | 26 | and if that is also missing, we search standard directories for a config | ||
1623 | 27 | file. | ||
1624 | 28 | .TP | ||
1625 | 29 | .B \-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT | ||
1626 | 30 | Specifies port to listen on. | ||
1627 | 31 | .TP | ||
1628 | 32 | .B --host=BIND_HOST, --bind-host=BIND_HOST | ||
1629 | 33 | Specifies host address to listen on (default is all or 0.0.0.0) | ||
1630 | 34 | .TP | ||
1631 | 35 | .B \-t, --trace-calls | ||
1632 | 36 | Turns on call tracing for troubleshooting | ||
1633 | 37 | .TP | ||
1634 | 38 | .B \-a PORT, --admin-port=PORT | ||
1635 | 39 | Specifies port for Admin API to listen on (default is | ||
1636 | 40 | 35357) | ||
1637 | 41 | .TP | ||
1638 | 42 | .B --log-config=PATH | ||
1639 | 43 | If this opion is specified, the logging configuration | ||
1640 | 44 | file specified is used and overrides any other logging | ||
1641 | 45 | options specified. Please see the Python logging | ||
1642 | 46 | modules documentation for details on logging | ||
1643 | 47 | confgiuration files. | ||
1644 | 48 | .TP | ||
1645 | 49 | .B --log-date-format=FORMAT | ||
1646 | 50 | Format string for %(asctime)s in log records. | ||
1647 | 51 | Default: %Y-%m-%d %H:%M:%S | ||
1648 | 52 | .TP | ||
1649 | 53 | .B --log-file=PATH | ||
1650 | 54 | (Optional) Name of log file to output to. If not set, | ||
1651 | 55 | logging will go to stdout. | ||
1652 | 56 | .TP | ||
1653 | 57 | .B --log-didr=LOG_DIR | ||
1654 | 58 | (Optional) The directory to keep log files in (will | ||
1655 | 59 | be prepended to --logfile) | ||
1656 | 60 | |||
1657 | 61 | .SH FILES | ||
1658 | 62 | .IR /etc/keystone/keystone.conf | ||
1659 | 63 | .SH AUTHOR | ||
1660 | 64 | This manual page was written by Chuck Short <zulcss@ubuntu.com>. | ||
1661 | 65 | 0 | ||
1662 | === modified file 'debian/patches/fix-ubuntu-tests.patch' | |||
1663 | --- debian/patches/fix-ubuntu-tests.patch 2012-11-23 09:01:53 +0000 | |||
1664 | +++ debian/patches/fix-ubuntu-tests.patch 2013-01-25 16:27:23 +0000 | |||
1665 | @@ -1,6 +1,16 @@ | |||
1669 | 1 | diff -Naurp keystone-2013.1.orig/tests/test_keystoneclient.py keystone-2013.1/tests/test_keystoneclient.py | 1 | Description: Fix test execution during package build |
1670 | 2 | --- keystone-2013.1.orig/tests/test_keystoneclient.py 2012-11-22 03:19:01.000000000 -0600 | 2 | The keystoneclient testsuite includes a number of tests |
1671 | 3 | +++ keystone-2013.1/tests/test_keystoneclient.py 2012-11-22 10:24:20.729138227 -0600 | 3 | for older version of keystone which are retrieved from |
1672 | 4 | the upstream source repo during testing. | ||
1673 | 5 | . | ||
1674 | 6 | This is not possible during an offline package build so | ||
1675 | 7 | the checkout and tests are disabled/skipped. | ||
1676 | 8 | Author: Chuck Short <zulcss@ubuntu.com> | ||
1677 | 9 | Author: James Page <james.page@ubuntu.com> | ||
1678 | 10 | Forwarded: not-needed | ||
1679 | 11 | |||
1680 | 12 | --- a/tests/test_keystoneclient.py | ||
1681 | 13 | +++ b/tests/test_keystoneclient.py | ||
1682 | 4 | @@ -35,10 +35,6 @@ class CompatTestCase(test.TestCase): | 14 | @@ -35,10 +35,6 @@ class CompatTestCase(test.TestCase): |
1683 | 5 | def setUp(self): | 15 | def setUp(self): |
1684 | 6 | super(CompatTestCase, self).setUp() | 16 | super(CompatTestCase, self).setUp() |
1685 | @@ -12,3 +22,28 @@ | |||
1686 | 12 | self.load_backends() | 22 | self.load_backends() |
1687 | 13 | self.load_fixtures(default_fixtures) | 23 | self.load_fixtures(default_fixtures) |
1688 | 14 | 24 | ||
1689 | 25 | @@ -1003,6 +999,16 @@ class KcMasterTestCase(CompatTestCase, K | ||
1690 | 26 | client.tenants.list() | ||
1691 | 27 | |||
1692 | 28 | |||
1693 | 29 | +def skipped(func): | ||
1694 | 30 | + from nose.plugins.skip import SkipTest | ||
1695 | 31 | + | ||
1696 | 32 | + def _(): | ||
1697 | 33 | + raise SkipTest("Test %s is skipped" % func.__name__) | ||
1698 | 34 | + _.__name__ = func.__name__ | ||
1699 | 35 | + return _ | ||
1700 | 36 | + | ||
1701 | 37 | + | ||
1702 | 38 | +@skipped | ||
1703 | 39 | class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): | ||
1704 | 40 | def get_checkout(self): | ||
1705 | 41 | return KEYSTONECLIENT_REPO, 'essex-3' | ||
1706 | 42 | @@ -1101,6 +1107,7 @@ class KcEssex3TestCase(CompatTestCase, K | ||
1707 | 43 | raise nose.exc.SkipTest('N/A') | ||
1708 | 44 | |||
1709 | 45 | |||
1710 | 46 | +@skipped | ||
1711 | 47 | class Kc11TestCase(CompatTestCase, KeystoneClientTests): | ||
1712 | 48 | def get_checkout(self): | ||
1713 | 49 | return KEYSTONECLIENT_REPO, '0.1.1' | ||
1714 | 15 | 50 | ||
1715 | === added directory 'debian/po' | |||
1716 | === added file 'debian/po/POTFILES.in' | |||
1717 | --- debian/po/POTFILES.in 1970-01-01 00:00:00 +0000 | |||
1718 | +++ debian/po/POTFILES.in 2013-01-25 16:27:23 +0000 | |||
1719 | @@ -0,0 +1,1 @@ | |||
1720 | 1 | [type: gettext/rfc822deb] keystone.templates | ||
1721 | 0 | 2 | ||
1722 | === added file 'debian/po/templates.pot' | |||
1723 | --- debian/po/templates.pot 1970-01-01 00:00:00 +0000 | |||
1724 | +++ debian/po/templates.pot 2013-01-25 16:27:23 +0000 | |||
1725 | @@ -0,0 +1,58 @@ | |||
1726 | 1 | # SOME DESCRIPTIVE TITLE. | ||
1727 | 2 | # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER | ||
1728 | 3 | # This file is distributed under the same license as the PACKAGE package. | ||
1729 | 4 | # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. | ||
1730 | 5 | # | ||
1731 | 6 | #, fuzzy | ||
1732 | 7 | msgid "" | ||
1733 | 8 | msgstr "" | ||
1734 | 9 | "Project-Id-Version: keystone\n" | ||
1735 | 10 | "Report-Msgid-Bugs-To: keystone@packages.debian.org\n" | ||
1736 | 11 | "POT-Creation-Date: 2012-11-25 22:21+0000\n" | ||
1737 | 12 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" | ||
1738 | 13 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | ||
1739 | 14 | "Language-Team: LANGUAGE <LL@li.org>\n" | ||
1740 | 15 | "Language: \n" | ||
1741 | 16 | "MIME-Version: 1.0\n" | ||
1742 | 17 | "Content-Type: text/plain; charset=CHARSET\n" | ||
1743 | 18 | "Content-Transfer-Encoding: 8bit\n" | ||
1744 | 19 | |||
1745 | 20 | #. Type: boolean | ||
1746 | 21 | #. Description | ||
1747 | 22 | #: ../keystone.templates:1001 | ||
1748 | 23 | msgid "Set up a database for keystone?" | ||
1749 | 24 | msgstr "" | ||
1750 | 25 | |||
1751 | 26 | #. Type: boolean | ||
1752 | 27 | #. Description | ||
1753 | 28 | #: ../keystone.templates:1001 | ||
1754 | 29 | msgid "" | ||
1755 | 30 | "No database has been set up for keystone to use. Before continuing, you " | ||
1756 | 31 | "should make sure you have:" | ||
1757 | 32 | msgstr "" | ||
1758 | 33 | |||
1759 | 34 | #. Type: boolean | ||
1760 | 35 | #. Description | ||
1761 | 36 | #: ../keystone.templates:1001 | ||
1762 | 37 | msgid "" | ||
1763 | 38 | " - the server host name (that server must allow TCP connections\n" | ||
1764 | 39 | " from this machine);\n" | ||
1765 | 40 | " - a username and password to access the database.\n" | ||
1766 | 41 | " - A database type that you want to use." | ||
1767 | 42 | msgstr "" | ||
1768 | 43 | |||
1769 | 44 | #. Type: boolean | ||
1770 | 45 | #. Description | ||
1771 | 46 | #: ../keystone.templates:1001 | ||
1772 | 47 | msgid "" | ||
1773 | 48 | "If some of these requirements are missing, reject this option and run with " | ||
1774 | 49 | "regular sqlite support." | ||
1775 | 50 | msgstr "" | ||
1776 | 51 | |||
1777 | 52 | #. Type: boolean | ||
1778 | 53 | #. Description | ||
1779 | 54 | #: ../keystone.templates:1001 | ||
1780 | 55 | msgid "" | ||
1781 | 56 | "Database configuration can be reconfigured later by running 'dpkg-" | ||
1782 | 57 | "reconfigure -plow keystone'." | ||
1783 | 58 | msgstr "" | ||
1784 | 0 | 59 | ||
1785 | === modified file 'debian/rules' | |||
1786 | --- debian/rules 2012-11-23 09:01:53 +0000 | |||
1787 | +++ debian/rules 2013-01-25 16:27:23 +0000 | |||
1788 | @@ -26,7 +26,7 @@ | |||
1789 | 26 | cp tests/test_overrides.conf tests/test_overrides.conf.orig | 26 | cp tests/test_overrides.conf tests/test_overrides.conf.orig |
1790 | 27 | cp $(CURDIR)/debian/tests/test_overrides.conf $(CURDIR)/tests/test_overrides.conf | 27 | cp $(CURDIR)/debian/tests/test_overrides.conf $(CURDIR)/tests/test_overrides.conf |
1791 | 28 | sed -i 's|%CUR_DIR%|$(CURDIR)|g' $(CURDIR)/tests/test_overrides.conf | 28 | sed -i 's|%CUR_DIR%|$(CURDIR)|g' $(CURDIR)/tests/test_overrides.conf |
1793 | 29 | PYTHONPATH=$(CURDIR) bash run_tests.sh -N || true | 29 | PYTHONPATH=$(CURDIR) bash run_tests.sh -N |
1794 | 30 | mv $(CURDIR)/tests/test_overrides.conf.orig $(CURDIR)/tests/test_overrides.conf | 30 | mv $(CURDIR)/tests/test_overrides.conf.orig $(CURDIR)/tests/test_overrides.conf |
1795 | 31 | rm -rf $(CURDIR)/debian/tests/testing.db $(CURDIR)/debian/tests/keystone-signing | 31 | rm -rf $(CURDIR)/debian/tests/testing.db $(CURDIR)/debian/tests/keystone-signing |
1796 | 32 | endif | 32 | endif |
1797 | 33 | 33 | ||
1798 | === modified file 'debian/tests/test_overrides.conf' | |||
1799 | --- debian/tests/test_overrides.conf 2012-11-02 13:48:49 +0000 | |||
1800 | +++ debian/tests/test_overrides.conf 2013-01-25 16:27:23 +0000 | |||
1801 | @@ -13,6 +13,6 @@ | |||
1802 | 13 | idle_timeout = 200 | 13 | idle_timeout = 200 |
1803 | 14 | 14 | ||
1804 | 15 | [signing] | 15 | [signing] |
1808 | 16 | certfile = signing/signing_cert.pem | 16 | certfile = ../examples/pki/certs/signing_cert.pem |
1809 | 17 | keyfile = signing/private_key.pem | 17 | keyfile = ../examples/pki/private/signing_key.pem |
1810 | 18 | ca_certs = signing/cacert.pem | 18 | ca_certs = ../examples/pki/certs/cacert.pem |
1811 | 19 | 19 | ||
1812 | === modified file 'doc/source/configuration.rst' | |||
1813 | --- doc/source/configuration.rst 2012-11-23 09:01:53 +0000 | |||
1814 | +++ doc/source/configuration.rst 2013-01-25 16:27:23 +0000 | |||
1815 | @@ -388,10 +388,10 @@ | |||
1816 | 388 | * ``etc/logging.conf.sample`` | 388 | * ``etc/logging.conf.sample`` |
1817 | 389 | * ``etc/default_catalog.templates`` | 389 | * ``etc/default_catalog.templates`` |
1818 | 390 | 390 | ||
1820 | 391 | .. _`prepare your Essex deployment`: | 391 | .. _`prepare your deployment`: |
1821 | 392 | 392 | ||
1824 | 393 | Preparing your Essex deployment | 393 | Preparing your deployment |
1825 | 394 | =============================== | 394 | ========================= |
1826 | 395 | 395 | ||
1827 | 396 | Step 1: Configure keystone.conf | 396 | Step 1: Configure keystone.conf |
1828 | 397 | ------------------------------- | 397 | ------------------------------- |
1829 | @@ -450,9 +450,9 @@ | |||
1830 | 450 | .. NOTE:: | 450 | .. NOTE:: |
1831 | 451 | 451 | ||
1832 | 452 | Before you can import your legacy data, you must first | 452 | Before you can import your legacy data, you must first |
1834 | 453 | `prepare your Essex deployment`_. | 453 | `prepare your deployment`_. |
1835 | 454 | 454 | ||
1837 | 455 | Step 1: Ensure your Essex deployment can access your legacy database | 455 | Step 1: Ensure your deployment can access your legacy database |
1838 | 456 | -------------------------------------------------------------------- | 456 | -------------------------------------------------------------------- |
1839 | 457 | 457 | ||
1840 | 458 | Your legacy ``keystone.conf`` contains a SQL configuration section called | 458 | Your legacy ``keystone.conf`` contains a SQL configuration section called |
1841 | @@ -461,7 +461,7 @@ | |||
1842 | 461 | 461 | ||
1843 | 462 | sql_connection = sqlite:///keystone.db | 462 | sql_connection = sqlite:///keystone.db |
1844 | 463 | 463 | ||
1846 | 464 | This connection string needs to be accessible from your Essex deployment (e.g. | 464 | This connection string needs to be accessible from your deployment (e.g. |
1847 | 465 | you may need to copy your SQLite ``*.db`` file to a new server, adjust the | 465 | you may need to copy your SQLite ``*.db`` file to a new server, adjust the |
1848 | 466 | relative path as appropriate, or open a firewall for MySQL, etc). | 466 | relative path as appropriate, or open a firewall for MySQL, etc). |
1849 | 467 | 467 | ||
1850 | @@ -474,7 +474,7 @@ | |||
1851 | 474 | $ keystone-manage import_legacy <sql_connection> | 474 | $ keystone-manage import_legacy <sql_connection> |
1852 | 475 | 475 | ||
1853 | 476 | You should now be able to run the same command you used to test your new | 476 | You should now be able to run the same command you used to test your new |
1855 | 477 | database above, but now you'll see your legacy Keystone data in Essex:: | 477 | database above, but now you'll see your legacy Keystone data:: |
1856 | 478 | 478 | ||
1857 | 479 | $ keystone --token ADMIN --endpoint http://127.0.0.1:35357/v2.0/ tenant-list | 479 | $ keystone --token ADMIN --endpoint http://127.0.0.1:35357/v2.0/ tenant-list |
1858 | 480 | +----------------------------------+----------------+---------+ | 480 | +----------------------------------+----------------+---------+ |
1859 | @@ -491,7 +491,7 @@ | |||
1860 | 491 | =============================================================== | 491 | =============================================================== |
1861 | 492 | 492 | ||
1862 | 493 | While legacy Keystone deployments stored the service catalog in the database, | 493 | While legacy Keystone deployments stored the service catalog in the database, |
1864 | 494 | the service catalog in Essex is stored in a flat ``template_file``. An example | 494 | the service catalog is stored in a flat ``template_file``. An example |
1865 | 495 | service catalog template file may be found in | 495 | service catalog template file may be found in |
1866 | 496 | ``etc/default_catalog.templates``. You can change the path to your service | 496 | ``etc/default_catalog.templates``. You can change the path to your service |
1867 | 497 | catalog template in ``keystone.conf`` by changing the value of | 497 | catalog template in ``keystone.conf`` by changing the value of |
1868 | @@ -510,13 +510,13 @@ | |||
1869 | 510 | ======================== | 510 | ======================== |
1870 | 511 | 511 | ||
1871 | 512 | Migration of users, projects (aka tenants), roles and EC2 credentials | 512 | Migration of users, projects (aka tenants), roles and EC2 credentials |
1873 | 513 | is supported for the Essex release of Nova. To migrate your auth | 513 | is supported for the Essex and later releases of Nova. To migrate your auth |
1874 | 514 | data from Nova, use the following steps: | 514 | data from Nova, use the following steps: |
1875 | 515 | 515 | ||
1876 | 516 | .. NOTE:: | 516 | .. NOTE:: |
1877 | 517 | 517 | ||
1878 | 518 | Before you can migrate from nova auth, you must first | 518 | Before you can migrate from nova auth, you must first |
1880 | 519 | `prepare your Essex deployment`_. | 519 | `prepare your deployment`_. |
1881 | 520 | 520 | ||
1882 | 521 | Step 1: Export your data from Nova | 521 | Step 1: Export your data from Nova |
1883 | 522 | ---------------------------------- | 522 | ---------------------------------- |
1884 | 523 | 523 | ||
1885 | === modified file 'doc/source/configuringservices.rst' | |||
1886 | --- doc/source/configuringservices.rst 2012-09-07 13:04:01 +0000 | |||
1887 | +++ doc/source/configuringservices.rst 2013-01-25 16:27:23 +0000 | |||
1888 | @@ -176,151 +176,8 @@ | |||
1889 | 176 | --------------------------------- | 176 | --------------------------------- |
1890 | 177 | 177 | ||
1891 | 178 | Similar to Nova, swift can be configured to use Keystone for authentication | 178 | Similar to Nova, swift can be configured to use Keystone for authentication |
2037 | 179 | rather than its built in 'tempauth'. | 179 | rather than its built in 'tempauth'. Refer to the `overview_auth` documentation |
2038 | 180 | 180 | in Swift. | |
1894 | 181 | 1. Add a service endpoint for Swift to Keystone | ||
1895 | 182 | |||
1896 | 183 | 2. Configure the paste file for swift-proxy (`/etc/swift/swift-proxy.conf`) | ||
1897 | 184 | |||
1898 | 185 | 3. Reconfigure Swift's proxy server to use Keystone instead of TempAuth. | ||
1899 | 186 | Here's an example `/etc/swift/proxy-server.conf`:: | ||
1900 | 187 | |||
1901 | 188 | [DEFAULT] | ||
1902 | 189 | bind_port = 8888 | ||
1903 | 190 | user = <user> | ||
1904 | 191 | |||
1905 | 192 | [pipeline:main] | ||
1906 | 193 | pipeline = catch_errors healthcheck cache authtoken keystone proxy-server | ||
1907 | 194 | |||
1908 | 195 | [app:proxy-server] | ||
1909 | 196 | use = egg:swift#proxy | ||
1910 | 197 | account_autocreate = true | ||
1911 | 198 | |||
1912 | 199 | [filter:keystone] | ||
1913 | 200 | paste.filter_factory = keystone.middleware.swift_auth:filter_factory | ||
1914 | 201 | operator_roles = admin, swiftoperator | ||
1915 | 202 | |||
1916 | 203 | [filter:authtoken] | ||
1917 | 204 | paste.filter_factory = keystone.middleware.auth_token:filter_factory | ||
1918 | 205 | # Delaying the auth decision is required to support token-less | ||
1919 | 206 | # usage for anonymous referrers ('.r:*') or for tempurl/formpost | ||
1920 | 207 | # middleware. | ||
1921 | 208 | delay_auth_decision = 1 | ||
1922 | 209 | auth_port = 35357 | ||
1923 | 210 | auth_host = 127.0.0.1 | ||
1924 | 211 | auth_token = ADMIN | ||
1925 | 212 | admin_token = ADMIN | ||
1926 | 213 | |||
1927 | 214 | [filter:cache] | ||
1928 | 215 | use = egg:swift#memcache | ||
1929 | 216 | set log_name = cache | ||
1930 | 217 | |||
1931 | 218 | [filter:catch_errors] | ||
1932 | 219 | use = egg:swift#catch_errors | ||
1933 | 220 | |||
1934 | 221 | [filter:healthcheck] | ||
1935 | 222 | use = egg:swift#healthcheck | ||
1936 | 223 | |||
1937 | 224 | .. Note:: | ||
1938 | 225 | Your user needs to have the role swiftoperator or admin by default | ||
1939 | 226 | to be able to operate on an swift account or as specified by the | ||
1940 | 227 | variable `operator_roles`. | ||
1941 | 228 | |||
1942 | 229 | 4. Restart swift | ||
1943 | 230 | |||
1944 | 231 | 5. Verify that keystone is providing authentication to Swift | ||
1945 | 232 | |||
1946 | 233 | $ swift -V 2 -A http://localhost:5000/v2.0 -U admin:admin -K ADMIN stat | ||
1947 | 234 | |||
1948 | 235 | .. NOTE:: | ||
1949 | 236 | Instead of connecting to Swift here, as you would with other services, we | ||
1950 | 237 | are connecting directly to Keystone. | ||
1951 | 238 | |||
1952 | 239 | Configuring Swift with S3 emulation to use Keystone | ||
1953 | 240 | --------------------------------------------------- | ||
1954 | 241 | |||
1955 | 242 | Keystone supports validating S3 tokens using the same tokens as the | ||
1956 | 243 | generated EC2 tokens. When you have generated a pair of EC2 access | ||
1957 | 244 | token and secret you can access your swift cluster directly with the | ||
1958 | 245 | S3 API. | ||
1959 | 246 | |||
1960 | 247 | 1. Ensure you have defined the S3 service in your `keystone.conf`. First, define the filter as follows:: | ||
1961 | 248 | |||
1962 | 249 | [filter:s3_extension] | ||
1963 | 250 | paste.filter_factory = keystone.contrib.s3:S3Extension.factory | ||
1964 | 251 | |||
1965 | 252 | Then, ensure that the filter is being called by the admin_api pipeline, as follows:: | ||
1966 | 253 | |||
1967 | 254 | [pipeline:admin_api] | ||
1968 | 255 | pipeline = token_auth [....] ec2_extension s3_extension [...] | ||
1969 | 256 | |||
1970 | 257 | 2. Configure the paste file for swift-proxy | ||
1971 | 258 | (`/etc/swift/swift-proxy.conf` to use S3token and Swift3 | ||
1972 | 259 | middleware. | ||
1973 | 260 | |||
1974 | 261 | Here's an example that by default communicates with keystone via https :: | ||
1975 | 262 | |||
1976 | 263 | [DEFAULT] | ||
1977 | 264 | bind_port = 8080 | ||
1978 | 265 | user = <user> | ||
1979 | 266 | |||
1980 | 267 | [pipeline:main] | ||
1981 | 268 | pipeline = catch_errors healthcheck cache swift3 s3token authtoken keystone proxy-server | ||
1982 | 269 | |||
1983 | 270 | [app:proxy-server] | ||
1984 | 271 | use = egg:swift#proxy | ||
1985 | 272 | account_autocreate = true | ||
1986 | 273 | |||
1987 | 274 | [filter:catch_errors] | ||
1988 | 275 | use = egg:swift#catch_errors | ||
1989 | 276 | |||
1990 | 277 | [filter:healthcheck] | ||
1991 | 278 | use = egg:swift#healthcheck | ||
1992 | 279 | |||
1993 | 280 | [filter:cache] | ||
1994 | 281 | use = egg:swift#memcache | ||
1995 | 282 | |||
1996 | 283 | [filter:swift3] | ||
1997 | 284 | use = egg:swift#swift3 | ||
1998 | 285 | |||
1999 | 286 | [filter:keystone] | ||
2000 | 287 | paste.filter_factory = keystone.middleware.swift_auth:filter_factory | ||
2001 | 288 | operator_roles = admin, swiftoperator | ||
2002 | 289 | |||
2003 | 290 | [filter:s3token] | ||
2004 | 291 | paste.filter_factory = keystone.middleware.s3_token:filter_factory | ||
2005 | 292 | # uncomment the following line if you don't want to use SSL | ||
2006 | 293 | # auth_protocol = http | ||
2007 | 294 | auth_port = 35357 | ||
2008 | 295 | auth_host = 127.0.0.1 | ||
2009 | 296 | |||
2010 | 297 | [filter:authtoken] | ||
2011 | 298 | paste.filter_factory = keystone.middleware.auth_token:filter_factory | ||
2012 | 299 | # uncomment the following line if you don't want to use SSL | ||
2013 | 300 | # auth_protocol = http | ||
2014 | 301 | auth_port = 35357 | ||
2015 | 302 | auth_host = 127.0.0.1 | ||
2016 | 303 | auth_token = ADMIN | ||
2017 | 304 | admin_token = ADMIN | ||
2018 | 305 | |||
2019 | 306 | 3. You can then access directly your Swift via the S3 API, here's an | ||
2020 | 307 | example with the `boto` library:: | ||
2021 | 308 | |||
2022 | 309 | import boto | ||
2023 | 310 | import boto.s3.connection | ||
2024 | 311 | |||
2025 | 312 | connection = boto.connect_s3( | ||
2026 | 313 | aws_access_key_id='<ec2 access key for user>', | ||
2027 | 314 | aws_secret_access_key='<ec2 secret access key for user>', | ||
2028 | 315 | port=8080, | ||
2029 | 316 | host='localhost', | ||
2030 | 317 | is_secure=False, | ||
2031 | 318 | calling_format=boto.s3.connection.OrdinaryCallingFormat()) | ||
2032 | 319 | |||
2033 | 320 | |||
2034 | 321 | .. Note:: | ||
2035 | 322 | With the S3 middleware you are connecting to the `Swift` proxy and | ||
2036 | 323 | not to `keystone`. | ||
2039 | 324 | 181 | ||
2040 | 325 | Auth-Token Middleware with Username and Password | 182 | Auth-Token Middleware with Username and Password |
2041 | 326 | ------------------------------------------------ | 183 | ------------------------------------------------ |
2042 | 327 | 184 | ||
2043 | === added file 'doc/source/external-auth.rst' | |||
2044 | --- doc/source/external-auth.rst 1970-01-01 00:00:00 +0000 | |||
2045 | +++ doc/source/external-auth.rst 2013-01-25 16:27:23 +0000 | |||
2046 | @@ -0,0 +1,117 @@ | |||
2047 | 1 | =========================================== | ||
2048 | 2 | Using external authentication with Keystone | ||
2049 | 3 | =========================================== | ||
2050 | 4 | |||
2051 | 5 | When Keystone is executed in :doc:`HTTPD <apache-httpd>` it is possible to | ||
2052 | 6 | use external authentication methods different from the authentication | ||
2053 | 7 | provided by the identity store backend. For example, this makes possible to | ||
2054 | 8 | use a SQL identity backend together with X.509 authentication, Kerberos, etc. | ||
2055 | 9 | instead of using the username/password combination. | ||
2056 | 10 | |||
2057 | 11 | Using HTTPD authentication | ||
2058 | 12 | ========================== | ||
2059 | 13 | |||
2060 | 14 | Webservers like Apache HTTP support many methods of authentication. Keystone can | ||
2061 | 15 | profit from this feature and let the authentication be done in the webserver, | ||
2062 | 16 | that will pass down the authenticated user to Keystone using the ``REMOTE_USER`` | ||
2063 | 17 | environment variable. This user must exist in advance in the identity backend | ||
2064 | 18 | so as to get a token from the controller. | ||
2065 | 19 | |||
2066 | 20 | To use this method, Keystone should be running on :doc:`HTTPD <apache-httpd>`. | ||
2067 | 21 | |||
2068 | 22 | X.509 example | ||
2069 | 23 | ------------- | ||
2070 | 24 | |||
2071 | 25 | The following snippet for the Apache conf will authenticate the user based on | ||
2072 | 26 | a valid X.509 certificate from a known CA:: | ||
2073 | 27 | |||
2074 | 28 | <VirtualHost _default_:5000> | ||
2075 | 29 | SSLEngine on | ||
2076 | 30 | SSLCertificateFile /etc/ssl/certs/ssl.cert | ||
2077 | 31 | SSLCertificateKeyFile /etc/ssl/private/ssl.key | ||
2078 | 32 | |||
2079 | 33 | SSLCACertificatePath /etc/ssl/allowed_cas | ||
2080 | 34 | SSLCARevocationPath /etc/ssl/allowed_cas | ||
2081 | 35 | SSLUserName SSL_CLIENT_S_DN_CN | ||
2082 | 36 | SSLVerifyClient require | ||
2083 | 37 | SSLVerifyDepth 10 | ||
2084 | 38 | |||
2085 | 39 | (...) | ||
2086 | 40 | </VirtualHost> | ||
2087 | 41 | |||
2088 | 42 | Developing a WSGI middleware for authentication | ||
2089 | 43 | =============================================== | ||
2090 | 44 | |||
2091 | 45 | In addition to the method described above, it is possible to implement other | ||
2092 | 46 | custom authentication mechanisms using the ``REMOTE_USER`` WSGI environment | ||
2093 | 47 | variable. | ||
2094 | 48 | |||
2095 | 49 | .. ATTENTION:: | ||
2096 | 50 | Please note that even if it is possible to develop a custom authentication | ||
2097 | 51 | module, it is preferable to use the modules in the HTTPD server. Such | ||
2098 | 52 | authentication modules in webservers like Apache have normally undergone | ||
2099 | 53 | years of development and use in production systems and are actively maintained | ||
2100 | 54 | upstream. Developing a custom authentication module that implements the same | ||
2101 | 55 | authentication as an existing Apache module likely introduces a higher | ||
2102 | 56 | security risk. | ||
2103 | 57 | |||
2104 | 58 | If you find you must implement a custom authentication mechanism, you will need | ||
2105 | 59 | to develop a custom WSGI middleware pipeline component. This middleware should | ||
2106 | 60 | set the environment variable ``REMOTE_USER`` to the authenticated username. | ||
2107 | 61 | Keystone then will assume that the user has been already authenticated upstream | ||
2108 | 62 | and will not try to authenticate it. However, as with HTTPD authentication, the | ||
2109 | 63 | user must exist in advance in the identity backend so that a proper token can | ||
2110 | 64 | be issued. | ||
2111 | 65 | |||
2112 | 66 | Your code should set the ``REMOTE_USER`` if the user is properly authenticated, | ||
2113 | 67 | following the semantics below:: | ||
2114 | 68 | |||
2115 | 69 | class MyMiddlewareAuth(wsgi.Middleware): | ||
2116 | 70 | def __init__(self, *args, **kwargs): | ||
2117 | 71 | super(MyMiddlewareAuth, self).__init__(*args, **kwargs) | ||
2118 | 72 | |||
2119 | 73 | def process_request(self, request): | ||
2120 | 74 | if request.environ.get('REMOTE_USER', None) is not None: | ||
2121 | 75 | # Assume that it is authenticated upstream | ||
2122 | 76 | return self.application | ||
2123 | 77 | |||
2124 | 78 | if not self.is_auth_applicable(request): | ||
2125 | 79 | # Not applicable | ||
2126 | 80 | return self.application | ||
2127 | 81 | |||
2128 | 82 | username = self.do_auth(request): | ||
2129 | 83 | if username is not None: | ||
2130 | 84 | # User is authenticated | ||
2131 | 85 | request.environ['REMOTE_USER'] = username | ||
2132 | 86 | else: | ||
2133 | 87 | # User is not authenticated | ||
2134 | 88 | raise exception.Unauthorized("Invalid user") | ||
2135 | 89 | |||
2136 | 90 | |||
2137 | 91 | Pipeline configuration | ||
2138 | 92 | ---------------------- | ||
2139 | 93 | |||
2140 | 94 | Once you have your WSGI middleware component developed you have to add it to | ||
2141 | 95 | your pipeline. The first step is to add the middleware to your configuration file. | ||
2142 | 96 | Assuming that your middleware module is ``keystone.middleware.MyMiddlewareAuth``, | ||
2143 | 97 | you can configure it in your ``keystone.conf`` as:: | ||
2144 | 98 | |||
2145 | 99 | [filter:my_auth] | ||
2146 | 100 | paste.filter_factory = keystone.middleware.MyMiddlewareAuth.factory | ||
2147 | 101 | |||
2148 | 102 | The second step is to add your middleware to the pipeline. The exact place where | ||
2149 | 103 | you should place it will depend on your code (i.e. if you need for example that | ||
2150 | 104 | the request body is converted from JSON before perform the authentication you | ||
2151 | 105 | should place it after the ``json_body`` filter) but it should be set before the | ||
2152 | 106 | ``public_service`` (for the ``public_api`` pipeline) or ``admin_service`` (for | ||
2153 | 107 | the ``admin_api`` pipeline), since they consume authentication. | ||
2154 | 108 | |||
2155 | 109 | For example, if the original pipeline looks like this:: | ||
2156 | 110 | |||
2157 | 111 | [pipeline:public_api] | ||
2158 | 112 | pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service | ||
2159 | 113 | |||
2160 | 114 | Your modified pipeline might then look like this:: | ||
2161 | 115 | |||
2162 | 116 | [pipeline:public_api] | ||
2163 | 117 | pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body my_auth debug ec2_extension user_crud_extension public_service | ||
2164 | 0 | 118 | ||
2165 | === modified file 'doc/source/index.rst' | |||
2166 | --- doc/source/index.rst 2012-11-23 09:01:53 +0000 | |||
2167 | +++ doc/source/index.rst 2013-01-25 16:27:23 +0000 | |||
2168 | @@ -66,6 +66,7 @@ | |||
2169 | 66 | middlewarearchitecture | 66 | middlewarearchitecture |
2170 | 67 | api_curl_examples | 67 | api_curl_examples |
2171 | 68 | apache-httpd | 68 | apache-httpd |
2172 | 69 | external-auth | ||
2173 | 69 | 70 | ||
2174 | 70 | Code Documentation | 71 | Code Documentation |
2175 | 71 | ================== | 72 | ================== |
2176 | 72 | 73 | ||
2177 | === modified file 'doc/source/setup.rst' | |||
2178 | --- doc/source/setup.rst 2012-03-16 11:19:40 +0000 | |||
2179 | +++ doc/source/setup.rst 2013-01-25 16:27:23 +0000 | |||
2180 | @@ -70,7 +70,7 @@ | |||
2181 | 70 | 70 | ||
2182 | 71 | The first is the list of dependencies needed for running keystone, the second list includes dependencies used for active development and testing of keystone itself. | 71 | The first is the list of dependencies needed for running keystone, the second list includes dependencies used for active development and testing of keystone itself. |
2183 | 72 | 72 | ||
2185 | 73 | These depdendencies can be installed from PyPi_ using the python tool pip_. | 73 | These dependencies can be installed from PyPi_ using the python tool pip_. |
2186 | 74 | 74 | ||
2187 | 75 | .. _PyPi: http://pypi.python.org/ | 75 | .. _PyPi: http://pypi.python.org/ |
2188 | 76 | .. _pip: http://pypi.python.org/pypi/pip | 76 | .. _pip: http://pypi.python.org/pypi/pip |
2189 | 77 | 77 | ||
2190 | === modified file 'keystone.egg-info/SOURCES.txt' | |||
2191 | --- keystone.egg-info/SOURCES.txt 2012-11-23 09:01:53 +0000 | |||
2192 | +++ keystone.egg-info/SOURCES.txt 2013-01-25 16:27:23 +0000 | |||
2193 | @@ -26,6 +26,7 @@ | |||
2194 | 26 | doc/source/configuration.rst | 26 | doc/source/configuration.rst |
2195 | 27 | doc/source/configuringservices.rst | 27 | doc/source/configuringservices.rst |
2196 | 28 | doc/source/developing.rst | 28 | doc/source/developing.rst |
2197 | 29 | doc/source/external-auth.rst | ||
2198 | 29 | doc/source/index.rst | 30 | doc/source/index.rst |
2199 | 30 | doc/source/installing.rst | 31 | doc/source/installing.rst |
2200 | 31 | doc/source/middlewarearchitecture.rst | 32 | doc/source/middlewarearchitecture.rst |
2201 | @@ -81,7 +82,9 @@ | |||
2202 | 81 | keystone/clean.py | 82 | keystone/clean.py |
2203 | 82 | keystone/cli.py | 83 | keystone/cli.py |
2204 | 83 | keystone/config.py | 84 | keystone/config.py |
2205 | 85 | keystone/controllers.py | ||
2206 | 84 | keystone/exception.py | 86 | keystone/exception.py |
2207 | 87 | keystone/routers.py | ||
2208 | 85 | keystone/service.py | 88 | keystone/service.py |
2209 | 86 | keystone/test.py | 89 | keystone/test.py |
2210 | 87 | keystone.egg-info/PKG-INFO | 90 | keystone.egg-info/PKG-INFO |
2211 | @@ -91,7 +94,9 @@ | |||
2212 | 91 | keystone.egg-info/requires.txt | 94 | keystone.egg-info/requires.txt |
2213 | 92 | keystone.egg-info/top_level.txt | 95 | keystone.egg-info/top_level.txt |
2214 | 93 | keystone/catalog/__init__.py | 96 | keystone/catalog/__init__.py |
2215 | 97 | keystone/catalog/controllers.py | ||
2216 | 94 | keystone/catalog/core.py | 98 | keystone/catalog/core.py |
2217 | 99 | keystone/catalog/routers.py | ||
2218 | 95 | keystone/catalog/backends/__init__.py | 100 | keystone/catalog/backends/__init__.py |
2219 | 96 | keystone/catalog/backends/kvs.py | 101 | keystone/catalog/backends/kvs.py |
2220 | 97 | keystone/catalog/backends/sql.py | 102 | keystone/catalog/backends/sql.py |
2221 | @@ -100,12 +105,14 @@ | |||
2222 | 100 | keystone/common/bufferedhttp.py | 105 | keystone/common/bufferedhttp.py |
2223 | 101 | keystone/common/cms.py | 106 | keystone/common/cms.py |
2224 | 102 | keystone/common/controller.py | 107 | keystone/common/controller.py |
2225 | 108 | keystone/common/dependency.py | ||
2226 | 103 | keystone/common/kvs.py | 109 | keystone/common/kvs.py |
2227 | 104 | keystone/common/logging.py | 110 | keystone/common/logging.py |
2228 | 105 | keystone/common/manager.py | 111 | keystone/common/manager.py |
2229 | 106 | keystone/common/models.py | 112 | keystone/common/models.py |
2230 | 107 | keystone/common/openssl.py | 113 | keystone/common/openssl.py |
2231 | 108 | keystone/common/policy.py | 114 | keystone/common/policy.py |
2232 | 115 | keystone/common/router.py | ||
2233 | 109 | keystone/common/serializer.py | 116 | keystone/common/serializer.py |
2234 | 110 | keystone/common/systemd.py | 117 | keystone/common/systemd.py |
2235 | 111 | keystone/common/utils.py | 118 | keystone/common/utils.py |
2236 | @@ -127,13 +134,19 @@ | |||
2237 | 127 | keystone/common/sql/migrate_repo/versions/002_sqlite_downgrade.sql | 134 | keystone/common/sql/migrate_repo/versions/002_sqlite_downgrade.sql |
2238 | 128 | keystone/common/sql/migrate_repo/versions/002_sqlite_upgrade.sql | 135 | keystone/common/sql/migrate_repo/versions/002_sqlite_upgrade.sql |
2239 | 129 | keystone/common/sql/migrate_repo/versions/002_token_id_hash.py | 136 | keystone/common/sql/migrate_repo/versions/002_token_id_hash.py |
2240 | 130 | keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql | ||
2241 | 131 | keystone/common/sql/migrate_repo/versions/003_sqlite_upgrade.sql | 137 | keystone/common/sql/migrate_repo/versions/003_sqlite_upgrade.sql |
2242 | 132 | keystone/common/sql/migrate_repo/versions/003_token_valid.py | 138 | keystone/common/sql/migrate_repo/versions/003_token_valid.py |
2243 | 133 | keystone/common/sql/migrate_repo/versions/004_undo_token_id_hash.py | 139 | keystone/common/sql/migrate_repo/versions/004_undo_token_id_hash.py |
2244 | 134 | keystone/common/sql/migrate_repo/versions/005_set_utf8_character_set.py | 140 | keystone/common/sql/migrate_repo/versions/005_set_utf8_character_set.py |
2245 | 135 | keystone/common/sql/migrate_repo/versions/006_add_policy_table.py | 141 | keystone/common/sql/migrate_repo/versions/006_add_policy_table.py |
2246 | 136 | keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py | 142 | keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py |
2247 | 143 | keystone/common/sql/migrate_repo/versions/008_normalize_identity.py | ||
2248 | 144 | keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql | ||
2249 | 145 | keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py | ||
2250 | 146 | keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py | ||
2251 | 147 | keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py | ||
2252 | 148 | keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py | ||
2253 | 149 | keystone/common/sql/migrate_repo/versions/013_add_group_tables.py | ||
2254 | 137 | keystone/common/sql/migrate_repo/versions/__init__.py | 150 | keystone/common/sql/migrate_repo/versions/__init__.py |
2255 | 138 | keystone/contrib/__init__.py | 151 | keystone/contrib/__init__.py |
2256 | 139 | keystone/contrib/admin_crud/__init__.py | 152 | keystone/contrib/admin_crud/__init__.py |
2257 | @@ -152,7 +165,9 @@ | |||
2258 | 152 | keystone/contrib/user_crud/__init__.py | 165 | keystone/contrib/user_crud/__init__.py |
2259 | 153 | keystone/contrib/user_crud/core.py | 166 | keystone/contrib/user_crud/core.py |
2260 | 154 | keystone/identity/__init__.py | 167 | keystone/identity/__init__.py |
2261 | 168 | keystone/identity/controllers.py | ||
2262 | 155 | keystone/identity/core.py | 169 | keystone/identity/core.py |
2263 | 170 | keystone/identity/routers.py | ||
2264 | 156 | keystone/identity/backends/__init__.py | 171 | keystone/identity/backends/__init__.py |
2265 | 157 | keystone/identity/backends/kvs.py | 172 | keystone/identity/backends/kvs.py |
2266 | 158 | keystone/identity/backends/pam.py | 173 | keystone/identity/backends/pam.py |
2267 | @@ -161,13 +176,13 @@ | |||
2268 | 161 | keystone/identity/backends/ldap/core.py | 176 | keystone/identity/backends/ldap/core.py |
2269 | 162 | keystone/locale/keystone.pot | 177 | keystone/locale/keystone.pot |
2270 | 163 | keystone/locale/ca/LC_MESSAGES/keystone.po | 178 | keystone/locale/ca/LC_MESSAGES/keystone.po |
2271 | 179 | keystone/locale/hu/LC_MESSAGES/keystone.po | ||
2272 | 164 | keystone/locale/ja/LC_MESSAGES/keystone.po | 180 | keystone/locale/ja/LC_MESSAGES/keystone.po |
2273 | 165 | keystone/middleware/__init__.py | 181 | keystone/middleware/__init__.py |
2274 | 166 | keystone/middleware/auth_token.py | 182 | keystone/middleware/auth_token.py |
2275 | 167 | keystone/middleware/core.py | 183 | keystone/middleware/core.py |
2276 | 168 | keystone/middleware/ec2_token.py | 184 | keystone/middleware/ec2_token.py |
2277 | 169 | keystone/middleware/s3_token.py | 185 | keystone/middleware/s3_token.py |
2278 | 170 | keystone/middleware/swift_auth.py | ||
2279 | 171 | keystone/openstack/__init__.py | 186 | keystone/openstack/__init__.py |
2280 | 172 | keystone/openstack/common/README | 187 | keystone/openstack/common/README |
2281 | 173 | keystone/openstack/common/__init__.py | 188 | keystone/openstack/common/__init__.py |
2282 | @@ -178,12 +193,16 @@ | |||
2283 | 178 | keystone/openstack/common/setup.py | 193 | keystone/openstack/common/setup.py |
2284 | 179 | keystone/openstack/common/timeutils.py | 194 | keystone/openstack/common/timeutils.py |
2285 | 180 | keystone/policy/__init__.py | 195 | keystone/policy/__init__.py |
2286 | 196 | keystone/policy/controllers.py | ||
2287 | 181 | keystone/policy/core.py | 197 | keystone/policy/core.py |
2288 | 198 | keystone/policy/routers.py | ||
2289 | 182 | keystone/policy/backends/__init__.py | 199 | keystone/policy/backends/__init__.py |
2290 | 183 | keystone/policy/backends/rules.py | 200 | keystone/policy/backends/rules.py |
2291 | 184 | keystone/policy/backends/sql.py | 201 | keystone/policy/backends/sql.py |
2292 | 185 | keystone/token/__init__.py | 202 | keystone/token/__init__.py |
2293 | 203 | keystone/token/controllers.py | ||
2294 | 186 | keystone/token/core.py | 204 | keystone/token/core.py |
2295 | 205 | keystone/token/routers.py | ||
2296 | 187 | keystone/token/backends/__init__.py | 206 | keystone/token/backends/__init__.py |
2297 | 188 | keystone/token/backends/kvs.py | 207 | keystone/token/backends/kvs.py |
2298 | 189 | keystone/token/backends/memcache.py | 208 | keystone/token/backends/memcache.py |
2299 | @@ -203,6 +222,7 @@ | |||
2300 | 203 | tests/legacy_essex.mysql | 222 | tests/legacy_essex.mysql |
2301 | 204 | tests/legacy_essex.sqlite | 223 | tests/legacy_essex.sqlite |
2302 | 205 | tests/policy.json | 224 | tests/policy.json |
2303 | 225 | tests/test_auth.py | ||
2304 | 206 | tests/test_auth_token_middleware.py | 226 | tests/test_auth_token_middleware.py |
2305 | 207 | tests/test_backend.py | 227 | tests/test_backend.py |
2306 | 208 | tests/test_backend_kvs.py | 228 | tests/test_backend_kvs.py |
2307 | @@ -213,8 +233,11 @@ | |||
2308 | 213 | tests/test_backend_templated.py | 233 | tests/test_backend_templated.py |
2309 | 214 | tests/test_cert_setup.py | 234 | tests/test_cert_setup.py |
2310 | 215 | tests/test_content_types.py | 235 | tests/test_content_types.py |
2311 | 236 | tests/test_contrib_s3_core.py | ||
2312 | 237 | tests/test_drivers.py | ||
2313 | 216 | tests/test_exception.py | 238 | tests/test_exception.py |
2314 | 217 | tests/test_import_legacy.py | 239 | tests/test_import_legacy.py |
2315 | 240 | tests/test_injection.py | ||
2316 | 218 | tests/test_keystoneclient.py | 241 | tests/test_keystoneclient.py |
2317 | 219 | tests/test_keystoneclient_sql.py | 242 | tests/test_keystoneclient_sql.py |
2318 | 220 | tests/test_middleware.py | 243 | tests/test_middleware.py |
2319 | @@ -223,12 +246,10 @@ | |||
2320 | 223 | tests/test_policy.py | 246 | tests/test_policy.py |
2321 | 224 | tests/test_s3_token_middleware.py | 247 | tests/test_s3_token_middleware.py |
2322 | 225 | tests/test_serializer.py | 248 | tests/test_serializer.py |
2323 | 226 | tests/test_service.py | ||
2324 | 227 | tests/test_setup.py | 249 | tests/test_setup.py |
2325 | 228 | tests/test_singular_plural.py | 250 | tests/test_singular_plural.py |
2326 | 229 | tests/test_sql_upgrade.py | 251 | tests/test_sql_upgrade.py |
2327 | 230 | tests/test_ssl.py | 252 | tests/test_ssl.py |
2328 | 231 | tests/test_swift_auth_middleware.py | ||
2329 | 232 | tests/test_url_middleware.py | 253 | tests/test_url_middleware.py |
2330 | 233 | tests/test_utils.py | 254 | tests/test_utils.py |
2331 | 234 | tests/test_v3.py | 255 | tests/test_v3.py |
2332 | @@ -238,6 +259,7 @@ | |||
2333 | 238 | tests/test_versions.py | 259 | tests/test_versions.py |
2334 | 239 | tests/test_wsgi.py | 260 | tests/test_wsgi.py |
2335 | 240 | tools/convert_to_sqlite.sh | 261 | tools/convert_to_sqlite.sh |
2336 | 262 | tools/flakes.py | ||
2337 | 241 | tools/install_venv.py | 263 | tools/install_venv.py |
2338 | 242 | tools/pip-requires | 264 | tools/pip-requires |
2339 | 243 | tools/sample_data.sh | 265 | tools/sample_data.sh |
2340 | 244 | 266 | ||
2341 | === modified file 'keystone.egg-info/requires.txt' | |||
2342 | --- keystone.egg-info/requires.txt 2012-11-23 09:01:53 +0000 | |||
2343 | +++ keystone.egg-info/requires.txt 2013-01-25 16:27:23 +0000 | |||
2344 | @@ -1,5 +1,5 @@ | |||
2345 | 1 | pam==0.1.4 | 1 | pam==0.1.4 |
2347 | 2 | WebOb==1.0.8 | 2 | WebOb==1.2.3 |
2348 | 3 | eventlet | 3 | eventlet |
2349 | 4 | greenlet | 4 | greenlet |
2350 | 5 | PasteDeploy | 5 | PasteDeploy |
2351 | 6 | 6 | ||
2352 | === modified file 'keystone/catalog/__init__.py' | |||
2353 | --- keystone/catalog/__init__.py 2012-03-16 11:19:40 +0000 | |||
2354 | +++ keystone/catalog/__init__.py 2013-01-25 16:27:23 +0000 | |||
2355 | @@ -15,3 +15,5 @@ | |||
2356 | 15 | # under the License. | 15 | # under the License. |
2357 | 16 | 16 | ||
2358 | 17 | from keystone.catalog.core import * | 17 | from keystone.catalog.core import * |
2359 | 18 | from keystone.catalog import controllers | ||
2360 | 19 | from keystone.catalog import routers | ||
2361 | 18 | 20 | ||
2362 | === modified file 'keystone/catalog/backends/sql.py' | |||
2363 | --- keystone/catalog/backends/sql.py 2012-11-23 09:01:53 +0000 | |||
2364 | +++ keystone/catalog/backends/sql.py 2013-01-25 16:27:23 +0000 | |||
2365 | @@ -36,12 +36,14 @@ | |||
2366 | 36 | 36 | ||
2367 | 37 | class Endpoint(sql.ModelBase, sql.DictBase): | 37 | class Endpoint(sql.ModelBase, sql.DictBase): |
2368 | 38 | __tablename__ = 'endpoint' | 38 | __tablename__ = 'endpoint' |
2370 | 39 | attributes = ['id', 'region', 'service_id'] | 39 | attributes = ['id', 'interface', 'region', 'service_id', 'url'] |
2371 | 40 | id = sql.Column(sql.String(64), primary_key=True) | 40 | id = sql.Column(sql.String(64), primary_key=True) |
2372 | 41 | interface = sql.Column(sql.String(8), primary_key=True) | ||
2373 | 41 | region = sql.Column('region', sql.String(255)) | 42 | region = sql.Column('region', sql.String(255)) |
2374 | 42 | service_id = sql.Column(sql.String(64), | 43 | service_id = sql.Column(sql.String(64), |
2375 | 43 | sql.ForeignKey('service.id'), | 44 | sql.ForeignKey('service.id'), |
2376 | 44 | nullable=False) | 45 | nullable=False) |
2377 | 46 | url = sql.Column(sql.Text()) | ||
2378 | 45 | extra = sql.Column(sql.JsonBlob()) | 47 | extra = sql.Column(sql.JsonBlob()) |
2379 | 46 | 48 | ||
2380 | 47 | 49 | ||
2381 | @@ -88,7 +90,9 @@ | |||
2382 | 88 | old_dict = ref.to_dict() | 90 | old_dict = ref.to_dict() |
2383 | 89 | old_dict.update(service_ref) | 91 | old_dict.update(service_ref) |
2384 | 90 | new_service = Service.from_dict(old_dict) | 92 | new_service = Service.from_dict(old_dict) |
2386 | 91 | ref.type = new_service.type | 93 | for attr in Service.attributes: |
2387 | 94 | if attr != 'id': | ||
2388 | 95 | setattr(ref, attr, getattr(new_service, attr)) | ||
2389 | 92 | ref.extra = new_service.extra | 96 | ref.extra = new_service.extra |
2390 | 93 | session.flush() | 97 | session.flush() |
2391 | 94 | return ref.to_dict() | 98 | return ref.to_dict() |
2392 | @@ -132,8 +136,9 @@ | |||
2393 | 132 | old_dict = ref.to_dict() | 136 | old_dict = ref.to_dict() |
2394 | 133 | old_dict.update(endpoint_ref) | 137 | old_dict.update(endpoint_ref) |
2395 | 134 | new_endpoint = Endpoint.from_dict(old_dict) | 138 | new_endpoint = Endpoint.from_dict(old_dict) |
2398 | 135 | ref.service_id = new_endpoint.service_id | 139 | for attr in Endpoint.attributes: |
2399 | 136 | ref.region = new_endpoint.region | 140 | if attr != 'id': |
2400 | 141 | setattr(ref, attr, getattr(new_endpoint, attr)) | ||
2401 | 137 | ref.extra = new_endpoint.extra | 142 | ref.extra = new_endpoint.extra |
2402 | 138 | session.flush() | 143 | session.flush() |
2403 | 139 | return ref.to_dict() | 144 | return ref.to_dict() |
2404 | @@ -142,25 +147,28 @@ | |||
2405 | 142 | d = dict(CONF.iteritems()) | 147 | d = dict(CONF.iteritems()) |
2406 | 143 | d.update({'tenant_id': tenant_id, | 148 | d.update({'tenant_id': tenant_id, |
2407 | 144 | 'user_id': user_id}) | 149 | 'user_id': user_id}) |
2408 | 150 | |||
2409 | 145 | catalog = {} | 151 | catalog = {} |
2429 | 146 | 152 | services = {} | |
2430 | 147 | endpoints = self.list_endpoints() | 153 | for endpoint in self.list_endpoints(): |
2431 | 148 | for ep in endpoints: | 154 | # look up the service |
2432 | 149 | service = self.get_service(ep['service_id']) | 155 | services.setdefault( |
2433 | 150 | srv_type = service['type'] | 156 | endpoint['service_id'], |
2434 | 151 | srv_name = service['name'] | 157 | self.get_service(endpoint['service_id'])) |
2435 | 152 | region = ep['region'] | 158 | service = services[endpoint['service_id']] |
2436 | 153 | 159 | ||
2437 | 154 | if region not in catalog: | 160 | # add the endpoint to the catalog if it's not already there |
2438 | 155 | catalog[region] = {} | 161 | catalog.setdefault(endpoint['region'], {}) |
2439 | 156 | 162 | catalog[endpoint['region']].setdefault( | |
2440 | 157 | catalog[region][srv_type] = {} | 163 | service['type'], { |
2441 | 158 | 164 | 'id': endpoint['id'], | |
2442 | 159 | srv_type = catalog[region][srv_type] | 165 | 'name': service['name'], |
2443 | 160 | srv_type['id'] = ep['id'] | 166 | 'publicURL': '', # this may be overridden, but must exist |
2444 | 161 | srv_type['name'] = srv_name | 167 | }) |
2445 | 162 | srv_type['publicURL'] = core.format_url(ep.get('publicurl', ''), d) | 168 | |
2446 | 163 | srv_type['internalURL'] = core.format_url(ep.get('internalurl'), d) | 169 | # add the interface's url |
2447 | 164 | srv_type['adminURL'] = core.format_url(ep.get('adminurl'), d) | 170 | url = core.format_url(endpoint.get('url'), d) |
2448 | 171 | interface_url = '%sURL' % endpoint['interface'] | ||
2449 | 172 | catalog[endpoint['region']][service['type']][interface_url] = url | ||
2450 | 165 | 173 | ||
2451 | 166 | return catalog | 174 | return catalog |
2452 | 167 | 175 | ||
2453 | === modified file 'keystone/catalog/backends/templated.py' | |||
2454 | --- keystone/catalog/backends/templated.py 2012-11-02 13:48:49 +0000 | |||
2455 | +++ keystone/catalog/backends/templated.py 2013-01-25 16:27:23 +0000 | |||
2456 | @@ -106,7 +106,7 @@ | |||
2457 | 106 | try: | 106 | try: |
2458 | 107 | self.templates = parse_templates(open(template_file)) | 107 | self.templates = parse_templates(open(template_file)) |
2459 | 108 | except IOError: | 108 | except IOError: |
2461 | 109 | LOG.critical('Unable to open template file %s' % template_file) | 109 | LOG.critical(_('Unable to open template file %s') % template_file) |
2462 | 110 | raise | 110 | raise |
2463 | 111 | 111 | ||
2464 | 112 | def get_catalog(self, user_id, tenant_id, metadata=None): | 112 | def get_catalog(self, user_id, tenant_id, metadata=None): |
2465 | 113 | 113 | ||
2466 | === added file 'keystone/catalog/controllers.py' | |||
2467 | --- keystone/catalog/controllers.py 1970-01-01 00:00:00 +0000 | |||
2468 | +++ keystone/catalog/controllers.py 2013-01-25 16:27:23 +0000 | |||
2469 | @@ -0,0 +1,184 @@ | |||
2470 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
2471 | 2 | |||
2472 | 3 | # Copyright 2012 OpenStack LLC | ||
2473 | 4 | # Copyright 2012 Canonical Ltd. | ||
2474 | 5 | # | ||
2475 | 6 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
2476 | 7 | # not use this file except in compliance with the License. You may obtain | ||
2477 | 8 | # a copy of the License at | ||
2478 | 9 | # | ||
2479 | 10 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
2480 | 11 | # | ||
2481 | 12 | # Unless required by applicable law or agreed to in writing, software | ||
2482 | 13 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
2483 | 14 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
2484 | 15 | # License for the specific language governing permissions and limitations | ||
2485 | 16 | # under the License. | ||
2486 | 17 | |||
2487 | 18 | import uuid | ||
2488 | 19 | |||
2489 | 20 | from keystone.common import controller | ||
2490 | 21 | from keystone.common import dependency | ||
2491 | 22 | from keystone import exception | ||
2492 | 23 | |||
2493 | 24 | |||
2494 | 25 | INTERFACES = ['public', 'internal', 'admin'] | ||
2495 | 26 | |||
2496 | 27 | |||
2497 | 28 | @dependency.requires('catalog_api') | ||
2498 | 29 | class Service(controller.V2Controller): | ||
2499 | 30 | def get_services(self, context): | ||
2500 | 31 | self.assert_admin(context) | ||
2501 | 32 | service_list = self.catalog_api.list_services(context) | ||
2502 | 33 | return {'OS-KSADM:services': service_list} | ||
2503 | 34 | |||
2504 | 35 | def get_service(self, context, service_id): | ||
2505 | 36 | self.assert_admin(context) | ||
2506 | 37 | service_ref = self.catalog_api.get_service(context, service_id) | ||
2507 | 38 | return {'OS-KSADM:service': service_ref} | ||
2508 | 39 | |||
2509 | 40 | def delete_service(self, context, service_id): | ||
2510 | 41 | self.assert_admin(context) | ||
2511 | 42 | self.catalog_api.delete_service(context, service_id) | ||
2512 | 43 | |||
2513 | 44 | def create_service(self, context, OS_KSADM_service): | ||
2514 | 45 | self.assert_admin(context) | ||
2515 | 46 | service_id = uuid.uuid4().hex | ||
2516 | 47 | service_ref = OS_KSADM_service.copy() | ||
2517 | 48 | service_ref['id'] = service_id | ||
2518 | 49 | new_service_ref = self.catalog_api.create_service( | ||
2519 | 50 | context, service_id, service_ref) | ||
2520 | 51 | return {'OS-KSADM:service': new_service_ref} | ||
2521 | 52 | |||
2522 | 53 | |||
2523 | 54 | @dependency.requires('catalog_api') | ||
2524 | 55 | class Endpoint(controller.V2Controller): | ||
2525 | 56 | def get_endpoints(self, context): | ||
2526 | 57 | """Merge matching v3 endpoint refs into legacy refs.""" | ||
2527 | 58 | self.assert_admin(context) | ||
2528 | 59 | legacy_endpoints = {} | ||
2529 | 60 | for endpoint in self.catalog_api.list_endpoints(context): | ||
2530 | 61 | if not endpoint['legacy_endpoint_id']: | ||
2531 | 62 | # endpoints created in v3 should not appear on the v2 API | ||
2532 | 63 | continue | ||
2533 | 64 | |||
2534 | 65 | # is this is a legacy endpoint we haven't indexed yet? | ||
2535 | 66 | if endpoint['legacy_endpoint_id'] not in legacy_endpoints: | ||
2536 | 67 | legacy_ep = endpoint.copy() | ||
2537 | 68 | legacy_ep['id'] = legacy_ep.pop('legacy_endpoint_id') | ||
2538 | 69 | legacy_ep.pop('interface') | ||
2539 | 70 | legacy_ep.pop('url') | ||
2540 | 71 | |||
2541 | 72 | legacy_endpoints[endpoint['legacy_endpoint_id']] = legacy_ep | ||
2542 | 73 | else: | ||
2543 | 74 | legacy_ep = legacy_endpoints[endpoint['legacy_endpoint_id']] | ||
2544 | 75 | |||
2545 | 76 | # add the legacy endpoint with an interface url | ||
2546 | 77 | legacy_ep['%surl' % endpoint['interface']] = endpoint['url'] | ||
2547 | 78 | return {'endpoints': legacy_endpoints.values()} | ||
2548 | 79 | |||
2549 | 80 | def create_endpoint(self, context, endpoint): | ||
2550 | 81 | """Create three v3 endpoint refs based on a legacy ref.""" | ||
2551 | 82 | self.assert_admin(context) | ||
2552 | 83 | |||
2553 | 84 | legacy_endpoint_ref = endpoint.copy() | ||
2554 | 85 | |||
2555 | 86 | urls = dict((i, endpoint.pop('%surl' % i)) for i in INTERFACES) | ||
2556 | 87 | legacy_endpoint_id = uuid.uuid4().hex | ||
2557 | 88 | for interface, url in urls.iteritems(): | ||
2558 | 89 | endpoint_ref = endpoint.copy() | ||
2559 | 90 | endpoint_ref['id'] = uuid.uuid4().hex | ||
2560 | 91 | endpoint_ref['legacy_endpoint_id'] = legacy_endpoint_id | ||
2561 | 92 | endpoint_ref['interface'] = interface | ||
2562 | 93 | endpoint_ref['url'] = url | ||
2563 | 94 | |||
2564 | 95 | self.catalog_api.create_endpoint( | ||
2565 | 96 | context, endpoint_ref['id'], endpoint_ref) | ||
2566 | 97 | |||
2567 | 98 | legacy_endpoint_ref['id'] = legacy_endpoint_id | ||
2568 | 99 | return {'endpoint': legacy_endpoint_ref} | ||
2569 | 100 | |||
2570 | 101 | def delete_endpoint(self, context, endpoint_id): | ||
2571 | 102 | """Delete up to three v3 endpoint refs based on a legacy ref ID.""" | ||
2572 | 103 | self.assert_admin(context) | ||
2573 | 104 | |||
2574 | 105 | deleted_at_least_one = False | ||
2575 | 106 | for endpoint in self.catalog_api.list_endpoints(context): | ||
2576 | 107 | if endpoint['legacy_endpoint_id'] == endpoint_id: | ||
2577 | 108 | self.catalog_api.delete_endpoint(context, endpoint['id']) | ||
2578 | 109 | deleted_at_least_one = True | ||
2579 | 110 | |||
2580 | 111 | if not deleted_at_least_one: | ||
2581 | 112 | raise exception.EndpointNotFound(endpoint_id=endpoint_id) | ||
2582 | 113 | |||
2583 | 114 | |||
2584 | 115 | @dependency.requires('catalog_api') | ||
2585 | 116 | class ServiceV3(controller.V3Controller): | ||
2586 | 117 | @controller.protected | ||
2587 | 118 | def create_service(self, context, service): | ||
2588 | 119 | ref = self._assign_unique_id(self._normalize_dict(service)) | ||
2589 | 120 | self._require_attribute(ref, 'type') | ||
2590 | 121 | |||
2591 | 122 | ref = self.catalog_api.create_service(context, ref['id'], ref) | ||
2592 | 123 | return {'service': ref} | ||
2593 | 124 | |||
2594 | 125 | @controller.protected | ||
2595 | 126 | def list_services(self, context): | ||
2596 | 127 | refs = self.catalog_api.list_services(context) | ||
2597 | 128 | refs = self._filter_by_attribute(context, refs, 'type') | ||
2598 | 129 | return {'services': self._paginate(context, refs)} | ||
2599 | 130 | |||
2600 | 131 | @controller.protected | ||
2601 | 132 | def get_service(self, context, service_id): | ||
2602 | 133 | ref = self.catalog_api.get_service(context, service_id) | ||
2603 | 134 | return {'service': ref} | ||
2604 | 135 | |||
2605 | 136 | @controller.protected | ||
2606 | 137 | def update_service(self, context, service_id, service): | ||
2607 | 138 | self._require_matching_id(service_id, service) | ||
2608 | 139 | |||
2609 | 140 | ref = self.catalog_api.update_service(context, service_id, service) | ||
2610 | 141 | return {'service': ref} | ||
2611 | 142 | |||
2612 | 143 | @controller.protected | ||
2613 | 144 | def delete_service(self, context, service_id): | ||
2614 | 145 | return self.catalog_api.delete_service(context, service_id) | ||
2615 | 146 | |||
2616 | 147 | |||
2617 | 148 | @dependency.requires('catalog_api') | ||
2618 | 149 | class EndpointV3(controller.V3Controller): | ||
2619 | 150 | @controller.protected | ||
2620 | 151 | def create_endpoint(self, context, endpoint): | ||
2621 | 152 | ref = self._assign_unique_id(self._normalize_dict(endpoint)) | ||
2622 | 153 | self._require_attribute(ref, 'service_id') | ||
2623 | 154 | self._require_attribute(ref, 'interface') | ||
2624 | 155 | self.catalog_api.get_service(context, ref['service_id']) | ||
2625 | 156 | |||
2626 | 157 | ref = self.catalog_api.create_endpoint(context, ref['id'], ref) | ||
2627 | 158 | return {'endpoint': ref} | ||
2628 | 159 | |||
2629 | 160 | @controller.protected | ||
2630 | 161 | def list_endpoints(self, context): | ||
2631 | 162 | refs = self.catalog_api.list_endpoints(context) | ||
2632 | 163 | refs = self._filter_by_attribute(context, refs, 'service_id') | ||
2633 | 164 | refs = self._filter_by_attribute(context, refs, 'interface') | ||
2634 | 165 | return {'endpoints': self._paginate(context, refs)} | ||
2635 | 166 | |||
2636 | 167 | @controller.protected | ||
2637 | 168 | def get_endpoint(self, context, endpoint_id): | ||
2638 | 169 | ref = self.catalog_api.get_endpoint(context, endpoint_id) | ||
2639 | 170 | return {'endpoint': ref} | ||
2640 | 171 | |||
2641 | 172 | @controller.protected | ||
2642 | 173 | def update_endpoint(self, context, endpoint_id, endpoint): | ||
2643 | 174 | self._require_matching_id(endpoint_id, endpoint) | ||
2644 | 175 | |||
2645 | 176 | if 'service_id' in endpoint: | ||
2646 | 177 | self.catalog_api.get_service(context, endpoint['service_id']) | ||
2647 | 178 | |||
2648 | 179 | ref = self.catalog_api.update_endpoint(context, endpoint_id, endpoint) | ||
2649 | 180 | return {'endpoint': ref} | ||
2650 | 181 | |||
2651 | 182 | @controller.protected | ||
2652 | 183 | def delete_endpoint(self, context, endpoint_id): | ||
2653 | 184 | return self.catalog_api.delete_endpoint(context, endpoint_id) | ||
2654 | 0 | 185 | ||
2655 | === modified file 'keystone/catalog/core.py' | |||
2656 | --- keystone/catalog/core.py 2012-11-23 09:01:53 +0000 | |||
2657 | +++ keystone/catalog/core.py 2013-01-25 16:27:23 +0000 | |||
2658 | @@ -17,17 +17,11 @@ | |||
2659 | 17 | 17 | ||
2660 | 18 | """Main entry point into the Catalog service.""" | 18 | """Main entry point into the Catalog service.""" |
2661 | 19 | 19 | ||
2665 | 20 | import uuid | 20 | from keystone.common import dependency |
2663 | 21 | |||
2664 | 22 | from keystone.common import controller | ||
2666 | 23 | from keystone.common import logging | 21 | from keystone.common import logging |
2667 | 24 | from keystone.common import manager | 22 | from keystone.common import manager |
2668 | 25 | from keystone.common import wsgi | ||
2669 | 26 | from keystone import config | 23 | from keystone import config |
2670 | 27 | from keystone import exception | 24 | from keystone import exception |
2671 | 28 | from keystone import identity | ||
2672 | 29 | from keystone import policy | ||
2673 | 30 | from keystone import token | ||
2674 | 31 | 25 | ||
2675 | 32 | 26 | ||
2676 | 33 | CONF = config.CONF | 27 | CONF = config.CONF |
2677 | @@ -41,21 +35,24 @@ | |||
2678 | 41 | except AttributeError: | 35 | except AttributeError: |
2679 | 42 | return None | 36 | return None |
2680 | 43 | except KeyError as e: | 37 | except KeyError as e: |
2683 | 44 | LOG.error("Malformed endpoint %s - unknown key %s" % | 38 | LOG.error(_("Malformed endpoint %(url)s - unknown key %(keyerror)s") % |
2684 | 45 | (url, str(e))) | 39 | {"url": url, |
2685 | 40 | "keyerror": str(e)}) | ||
2686 | 46 | raise exception.MalformedEndpoint(endpoint=url) | 41 | raise exception.MalformedEndpoint(endpoint=url) |
2687 | 47 | except TypeError as e: | 42 | except TypeError as e: |
2691 | 48 | LOG.error("Malformed endpoint %s - type mismatch %s \ | 43 | LOG.error(_("Malformed endpoint %(url)s - unknown key %(keyerror)s" |
2692 | 49 | (are you missing brackets ?)" % | 44 | "(are you missing brackets ?)") % |
2693 | 50 | (url, str(e))) | 45 | {"url": url, |
2694 | 46 | "keyerror": str(e)}) | ||
2695 | 51 | raise exception.MalformedEndpoint(endpoint=url) | 47 | raise exception.MalformedEndpoint(endpoint=url) |
2696 | 52 | except ValueError as e: | 48 | except ValueError as e: |
2699 | 53 | LOG.error("Malformed endpoint %s - incomplete format \ | 49 | LOG.error(_("Malformed endpoint %s - incomplete format \ |
2700 | 54 | (are you missing a type notifier ?)" % url) | 50 | (are you missing a type notifier ?)") % url) |
2701 | 55 | raise exception.MalformedEndpoint(endpoint=url) | 51 | raise exception.MalformedEndpoint(endpoint=url) |
2702 | 56 | return result | 52 | return result |
2703 | 57 | 53 | ||
2704 | 58 | 54 | ||
2705 | 55 | @dependency.provider('catalog_api') | ||
2706 | 59 | class Manager(manager.Manager): | 56 | class Manager(manager.Manager): |
2707 | 60 | """Default pivot point for the Catalog backend. | 57 | """Default pivot point for the Catalog backend. |
2708 | 61 | 58 | ||
2709 | @@ -216,132 +213,3 @@ | |||
2710 | 216 | 213 | ||
2711 | 217 | """ | 214 | """ |
2712 | 218 | raise exception.NotImplemented() | 215 | raise exception.NotImplemented() |
2713 | 219 | |||
2714 | 220 | |||
2715 | 221 | class ServiceController(wsgi.Application): | ||
2716 | 222 | def __init__(self): | ||
2717 | 223 | self.catalog_api = Manager() | ||
2718 | 224 | self.identity_api = identity.Manager() | ||
2719 | 225 | self.policy_api = policy.Manager() | ||
2720 | 226 | self.token_api = token.Manager() | ||
2721 | 227 | super(ServiceController, self).__init__() | ||
2722 | 228 | |||
2723 | 229 | def get_services(self, context): | ||
2724 | 230 | self.assert_admin(context) | ||
2725 | 231 | service_list = self.catalog_api.list_services(context) | ||
2726 | 232 | return {'OS-KSADM:services': service_list} | ||
2727 | 233 | |||
2728 | 234 | def get_service(self, context, service_id): | ||
2729 | 235 | self.assert_admin(context) | ||
2730 | 236 | service_ref = self.catalog_api.get_service(context, service_id) | ||
2731 | 237 | return {'OS-KSADM:service': service_ref} | ||
2732 | 238 | |||
2733 | 239 | def delete_service(self, context, service_id): | ||
2734 | 240 | self.assert_admin(context) | ||
2735 | 241 | self.catalog_api.delete_service(context, service_id) | ||
2736 | 242 | |||
2737 | 243 | def create_service(self, context, OS_KSADM_service): | ||
2738 | 244 | self.assert_admin(context) | ||
2739 | 245 | service_id = uuid.uuid4().hex | ||
2740 | 246 | service_ref = OS_KSADM_service.copy() | ||
2741 | 247 | service_ref['id'] = service_id | ||
2742 | 248 | new_service_ref = self.catalog_api.create_service( | ||
2743 | 249 | context, service_id, service_ref) | ||
2744 | 250 | return {'OS-KSADM:service': new_service_ref} | ||
2745 | 251 | |||
2746 | 252 | |||
2747 | 253 | class EndpointController(wsgi.Application): | ||
2748 | 254 | def __init__(self): | ||
2749 | 255 | self.catalog_api = Manager() | ||
2750 | 256 | self.identity_api = identity.Manager() | ||
2751 | 257 | self.policy_api = policy.Manager() | ||
2752 | 258 | self.token_api = token.Manager() | ||
2753 | 259 | super(EndpointController, self).__init__() | ||
2754 | 260 | |||
2755 | 261 | def get_endpoints(self, context): | ||
2756 | 262 | self.assert_admin(context) | ||
2757 | 263 | endpoint_list = self.catalog_api.list_endpoints(context) | ||
2758 | 264 | return {'endpoints': endpoint_list} | ||
2759 | 265 | |||
2760 | 266 | def create_endpoint(self, context, endpoint): | ||
2761 | 267 | self.assert_admin(context) | ||
2762 | 268 | endpoint_id = uuid.uuid4().hex | ||
2763 | 269 | endpoint_ref = endpoint.copy() | ||
2764 | 270 | endpoint_ref['id'] = endpoint_id | ||
2765 | 271 | new_endpoint_ref = self.catalog_api.create_endpoint( | ||
2766 | 272 | context, endpoint_id, endpoint_ref) | ||
2767 | 273 | return {'endpoint': new_endpoint_ref} | ||
2768 | 274 | |||
2769 | 275 | def delete_endpoint(self, context, endpoint_id): | ||
2770 | 276 | self.assert_admin(context) | ||
2771 | 277 | self.catalog_api.delete_endpoint(context, endpoint_id) | ||
2772 | 278 | |||
2773 | 279 | |||
2774 | 280 | class ServiceControllerV3(controller.V3Controller): | ||
2775 | 281 | @controller.protected | ||
2776 | 282 | def create_service(self, context, service): | ||
2777 | 283 | ref = self._assign_unique_id(self._normalize_dict(service)) | ||
2778 | 284 | self._require_attribute(ref, 'type') | ||
2779 | 285 | |||
2780 | 286 | ref = self.catalog_api.create_service(context, ref['id'], ref) | ||
2781 | 287 | return {'service': ref} | ||
2782 | 288 | |||
2783 | 289 | @controller.protected | ||
2784 | 290 | def list_services(self, context): | ||
2785 | 291 | refs = self.catalog_api.list_services(context) | ||
2786 | 292 | refs = self._filter_by_attribute(context, refs, 'type') | ||
2787 | 293 | return {'services': self._paginate(context, refs)} | ||
2788 | 294 | |||
2789 | 295 | @controller.protected | ||
2790 | 296 | def get_service(self, context, service_id): | ||
2791 | 297 | ref = self.catalog_api.get_service(context, service_id) | ||
2792 | 298 | return {'service': ref} | ||
2793 | 299 | |||
2794 | 300 | @controller.protected | ||
2795 | 301 | def update_service(self, context, service_id, service): | ||
2796 | 302 | self._require_matching_id(service_id, service) | ||
2797 | 303 | |||
2798 | 304 | ref = self.catalog_api.update_service(context, service_id, service) | ||
2799 | 305 | return {'service': ref} | ||
2800 | 306 | |||
2801 | 307 | @controller.protected | ||
2802 | 308 | def delete_service(self, context, service_id): | ||
2803 | 309 | return self.catalog_api.delete_service(context, service_id) | ||
2804 | 310 | |||
2805 | 311 | |||
2806 | 312 | class EndpointControllerV3(controller.V3Controller): | ||
2807 | 313 | @controller.protected | ||
2808 | 314 | def create_endpoint(self, context, endpoint): | ||
2809 | 315 | ref = self._assign_unique_id(self._normalize_dict(endpoint)) | ||
2810 | 316 | self._require_attribute(ref, 'service_id') | ||
2811 | 317 | self._require_attribute(ref, 'interface') | ||
2812 | 318 | self.catalog_api.get_service(context, ref['service_id']) | ||
2813 | 319 | |||
2814 | 320 | ref = self.catalog_api.create_endpoint(context, ref['id'], ref) | ||
2815 | 321 | return {'endpoint': ref} | ||
2816 | 322 | |||
2817 | 323 | @controller.protected | ||
2818 | 324 | def list_endpoints(self, context): | ||
2819 | 325 | refs = self.catalog_api.list_endpoints(context) | ||
2820 | 326 | refs = self._filter_by_attribute(context, refs, 'service_id') | ||
2821 | 327 | refs = self._filter_by_attribute(context, refs, 'interface') | ||
2822 | 328 | return {'endpoints': self._paginate(context, refs)} | ||
2823 | 329 | |||
2824 | 330 | @controller.protected | ||
2825 | 331 | def get_endpoint(self, context, endpoint_id): | ||
2826 | 332 | ref = self.catalog_api.get_endpoint(context, endpoint_id) | ||
2827 | 333 | return {'endpoint': ref} | ||
2828 | 334 | |||
2829 | 335 | @controller.protected | ||
2830 | 336 | def update_endpoint(self, context, endpoint_id, endpoint): | ||
2831 | 337 | self._require_matching_id(endpoint_id, endpoint) | ||
2832 | 338 | |||
2833 | 339 | if 'service_id' in endpoint: | ||
2834 | 340 | self.catalog_api.get_service(context, endpoint['service_id']) | ||
2835 | 341 | |||
2836 | 342 | ref = self.catalog_api.update_endpoint(context, endpoint_id, endpoint) | ||
2837 | 343 | return {'endpoint': ref} | ||
2838 | 344 | |||
2839 | 345 | @controller.protected | ||
2840 | 346 | def delete_endpoint(self, context, endpoint_id): | ||
2841 | 347 | return self.catalog_api.delete_endpoint(context, endpoint_id) | ||
2842 | 348 | 216 | ||
2843 | === added file 'keystone/catalog/routers.py' | |||
2844 | --- keystone/catalog/routers.py 1970-01-01 00:00:00 +0000 | |||
2845 | +++ keystone/catalog/routers.py 2013-01-25 16:27:23 +0000 | |||
2846 | @@ -0,0 +1,25 @@ | |||
2847 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
2848 | 2 | |||
2849 | 3 | # Copyright 2012 OpenStack LLC | ||
2850 | 4 | # | ||
2851 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
2852 | 6 | # not use this file except in compliance with the License. You may obtain | ||
2853 | 7 | # a copy of the License at | ||
2854 | 8 | # | ||
2855 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
2856 | 10 | # | ||
2857 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
2858 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
2859 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
2860 | 14 | # License for the specific language governing permissions and limitations | ||
2861 | 15 | # under the License. | ||
2862 | 16 | |||
2863 | 17 | from keystone.catalog import controllers | ||
2864 | 18 | from keystone.common import router | ||
2865 | 19 | |||
2866 | 20 | |||
2867 | 21 | def append_v3_routers(mapper, routers): | ||
2868 | 22 | routers.append(router.Router(controllers.ServiceV3(), | ||
2869 | 23 | 'services', 'service')) | ||
2870 | 24 | routers.append(router.Router(controllers.EndpointV3(), | ||
2871 | 25 | 'endpoints', 'endpoint')) | ||
2872 | 0 | 26 | ||
2873 | === modified file 'keystone/clean.py' | |||
2874 | --- keystone/clean.py 2012-11-23 09:01:53 +0000 | |||
2875 | +++ keystone/clean.py 2013-01-25 16:27:23 +0000 | |||
2876 | @@ -20,20 +20,21 @@ | |||
2877 | 20 | def check_length(property_name, value, min_length=1, max_length=64): | 20 | def check_length(property_name, value, min_length=1, max_length=64): |
2878 | 21 | if len(value) < min_length: | 21 | if len(value) < min_length: |
2879 | 22 | if min_length == 1: | 22 | if min_length == 1: |
2881 | 23 | msg = "%s cannot be empty." % property_name | 23 | msg = _("%s cannot be empty.") % property_name |
2882 | 24 | else: | 24 | else: |
2885 | 25 | msg = ("%(property_name)s cannot be less than " | 25 | msg = (_("%(property_name)s cannot be less than " |
2886 | 26 | "%(min_length)s characters.") % locals() | 26 | "%(min_length)s characters.")) % locals() |
2887 | 27 | raise exception.ValidationError(msg) | 27 | raise exception.ValidationError(msg) |
2888 | 28 | if len(value) > max_length: | 28 | if len(value) > max_length: |
2891 | 29 | msg = ("%(property_name)s should not be greater than " | 29 | msg = (_("%(property_name)s should not be greater than " |
2892 | 30 | "%(max_length)s characters.") % locals() | 30 | "%(max_length)s characters.")) % locals() |
2893 | 31 | raise exception.ValidationError(msg) | 31 | raise exception.ValidationError(msg) |
2894 | 32 | 32 | ||
2895 | 33 | 33 | ||
2896 | 34 | def check_type(property_name, value, expected_type, display_expected_type): | 34 | def check_type(property_name, value, expected_type, display_expected_type): |
2897 | 35 | if not isinstance(value, expected_type): | 35 | if not isinstance(value, expected_type): |
2899 | 36 | msg = "%(property_name)s is not a %(display_expected_type)s" % locals() | 36 | msg = _("%(property_name)s is not a" |
2900 | 37 | "%(display_expected_type)s") % locals() | ||
2901 | 37 | raise exception.ValidationError(msg) | 38 | raise exception.ValidationError(msg) |
2902 | 38 | 39 | ||
2903 | 39 | 40 | ||
2904 | @@ -54,3 +55,7 @@ | |||
2905 | 54 | 55 | ||
2906 | 55 | def user_name(name): | 56 | def user_name(name): |
2907 | 56 | return check_name('User', name) | 57 | return check_name('User', name) |
2908 | 58 | |||
2909 | 59 | |||
2910 | 60 | def group_name(name): | ||
2911 | 61 | return check_name('Group', name) | ||
2912 | 57 | 62 | ||
2913 | === modified file 'keystone/cli.py' | |||
2914 | --- keystone/cli.py 2012-07-06 10:37:01 +0000 | |||
2915 | +++ keystone/cli.py 2013-01-25 16:27:23 +0000 | |||
2916 | @@ -16,11 +16,9 @@ | |||
2917 | 16 | 16 | ||
2918 | 17 | from __future__ import absolute_import | 17 | from __future__ import absolute_import |
2919 | 18 | 18 | ||
2920 | 19 | import sys | ||
2921 | 20 | import textwrap | ||
2922 | 21 | |||
2923 | 22 | from keystone import config | 19 | from keystone import config |
2924 | 23 | from keystone.common import openssl | 20 | from keystone.common import openssl |
2925 | 21 | from keystone.openstack.common import cfg | ||
2926 | 24 | from keystone.openstack.common import importutils | 22 | from keystone.openstack.common import importutils |
2927 | 25 | from keystone.openstack.common import jsonutils | 23 | from keystone.openstack.common import jsonutils |
2928 | 26 | 24 | ||
2929 | @@ -28,17 +26,14 @@ | |||
2930 | 28 | 26 | ||
2931 | 29 | 27 | ||
2932 | 30 | class BaseApp(object): | 28 | class BaseApp(object): |
2944 | 31 | def __init__(self, argv=None): | 29 | |
2945 | 32 | self.argv = argv | 30 | name = None |
2946 | 33 | 31 | ||
2947 | 34 | def run(self): | 32 | @classmethod |
2948 | 35 | return self.main() | 33 | def add_argument_parser(cls, subparsers): |
2949 | 36 | 34 | parser = subparsers.add_parser(cls.name, help=cls.__doc__) | |
2950 | 37 | def missing_param(self, param): | 35 | parser.set_defaults(cmd_class=cls) |
2951 | 38 | print 'Missing parameter: %s' % param | 36 | return parser |
2941 | 39 | CONF.print_help() | ||
2942 | 40 | print_commands(CMDS) | ||
2943 | 41 | sys.exit(1) | ||
2952 | 42 | 37 | ||
2953 | 43 | 38 | ||
2954 | 44 | class DbSync(BaseApp): | 39 | class DbSync(BaseApp): |
2955 | @@ -46,10 +41,8 @@ | |||
2956 | 46 | 41 | ||
2957 | 47 | name = 'db_sync' | 42 | name = 'db_sync' |
2958 | 48 | 43 | ||
2963 | 49 | def __init__(self, *args, **kw): | 44 | @staticmethod |
2964 | 50 | super(DbSync, self).__init__(*args, **kw) | 45 | def main(): |
2961 | 51 | |||
2962 | 52 | def main(self): | ||
2965 | 53 | for k in ['identity', 'catalog', 'policy', 'token']: | 46 | for k in ['identity', 'catalog', 'policy', 'token']: |
2966 | 54 | driver = importutils.import_object(getattr(CONF, k).driver) | 47 | driver = importutils.import_object(getattr(CONF, k).driver) |
2967 | 55 | if hasattr(driver, 'db_sync'): | 48 | if hasattr(driver, 'db_sync'): |
2968 | @@ -61,10 +54,8 @@ | |||
2969 | 61 | 54 | ||
2970 | 62 | name = 'pki_setup' | 55 | name = 'pki_setup' |
2971 | 63 | 56 | ||
2976 | 64 | def __init__(self, *args, **kw): | 57 | @staticmethod |
2977 | 65 | super(PKISetup, self).__init__(*args, **kw) | 58 | def main(): |
2974 | 66 | |||
2975 | 67 | def main(self): | ||
2978 | 68 | conf_ssl = openssl.ConfigurePKI() | 59 | conf_ssl = openssl.ConfigurePKI() |
2979 | 69 | conf_ssl.run() | 60 | conf_ssl.run() |
2980 | 70 | 61 | ||
2981 | @@ -74,15 +65,16 @@ | |||
2982 | 74 | 65 | ||
2983 | 75 | name = 'import_legacy' | 66 | name = 'import_legacy' |
2984 | 76 | 67 | ||
2987 | 77 | def __init__(self, *args, **kw): | 68 | @classmethod |
2988 | 78 | super(ImportLegacy, self).__init__(*args, **kw) | 69 | def add_argument_parser(cls, subparsers): |
2989 | 70 | parser = super(ImportLegacy, cls).add_argument_parser(subparsers) | ||
2990 | 71 | parser.add_argument('old_db') | ||
2991 | 72 | return parser | ||
2992 | 79 | 73 | ||
2994 | 80 | def main(self): | 74 | @staticmethod |
2995 | 75 | def main(): | ||
2996 | 81 | from keystone.common.sql import legacy | 76 | from keystone.common.sql import legacy |
3001 | 82 | if len(self.argv) < 2: | 77 | migration = legacy.LegacyMigration(CONF.command.old_db) |
2998 | 83 | return self.missing_param('old_db') | ||
2999 | 84 | old_db = self.argv[1] | ||
3000 | 85 | migration = legacy.LegacyMigration(old_db) | ||
3002 | 86 | migration.migrate_all() | 78 | migration.migrate_all() |
3003 | 87 | 79 | ||
3004 | 88 | 80 | ||
3005 | @@ -91,15 +83,17 @@ | |||
3006 | 91 | 83 | ||
3007 | 92 | name = 'export_legacy_catalog' | 84 | name = 'export_legacy_catalog' |
3008 | 93 | 85 | ||
3011 | 94 | def __init__(self, *args, **kw): | 86 | @classmethod |
3012 | 95 | super(ExportLegacyCatalog, self).__init__(*args, **kw) | 87 | def add_argument_parser(cls, subparsers): |
3013 | 88 | parser = super(ExportLegacyCatalog, | ||
3014 | 89 | cls).add_argument_parser(subparsers) | ||
3015 | 90 | parser.add_argument('old_db') | ||
3016 | 91 | return parser | ||
3017 | 96 | 92 | ||
3019 | 97 | def main(self): | 93 | @staticmethod |
3020 | 94 | def main(): | ||
3021 | 98 | from keystone.common.sql import legacy | 95 | from keystone.common.sql import legacy |
3026 | 99 | if len(self.argv) < 2: | 96 | migration = legacy.LegacyMigration(CONF.command.old_db) |
3023 | 100 | return self.missing_param('old_db') | ||
3024 | 101 | old_db = self.argv[1] | ||
3025 | 102 | migration = legacy.LegacyMigration(old_db) | ||
3027 | 103 | print '\n'.join(migration.dump_catalog()) | 97 | print '\n'.join(migration.dump_catalog()) |
3028 | 104 | 98 | ||
3029 | 105 | 99 | ||
3030 | @@ -108,60 +102,43 @@ | |||
3031 | 108 | 102 | ||
3032 | 109 | name = 'import_nova_auth' | 103 | name = 'import_nova_auth' |
3033 | 110 | 104 | ||
3036 | 111 | def __init__(self, *args, **kw): | 105 | @classmethod |
3037 | 112 | super(ImportNovaAuth, self).__init__(*args, **kw) | 106 | def add_argument_parser(cls, subparsers): |
3038 | 107 | parser = super(ImportNovaAuth, cls).add_argument_parser(subparsers) | ||
3039 | 108 | parser.add_argument('dump_file') | ||
3040 | 109 | return parser | ||
3041 | 113 | 110 | ||
3043 | 114 | def main(self): | 111 | @staticmethod |
3044 | 112 | def main(): | ||
3045 | 115 | from keystone.common.sql import nova | 113 | from keystone.common.sql import nova |
3050 | 116 | if len(self.argv) < 2: | 114 | dump_data = jsonutils.loads(open(CONF.command.dump_file).read()) |
3047 | 117 | return self.missing_param('dump_file') | ||
3048 | 118 | dump_file = self.argv[1] | ||
3049 | 119 | dump_data = jsonutils.loads(open(dump_file).read()) | ||
3051 | 120 | nova.import_auth(dump_data) | 115 | nova.import_auth(dump_data) |
3052 | 121 | 116 | ||
3053 | 122 | 117 | ||
3079 | 123 | CMDS = {'db_sync': DbSync, | 118 | CMDS = [ |
3080 | 124 | 'import_legacy': ImportLegacy, | 119 | DbSync, |
3081 | 125 | 'export_legacy_catalog': ExportLegacyCatalog, | 120 | ExportLegacyCatalog, |
3082 | 126 | 'import_nova_auth': ImportNovaAuth, | 121 | ImportLegacy, |
3083 | 127 | 'pki_setup': PKISetup, | 122 | ImportNovaAuth, |
3084 | 128 | } | 123 | PKISetup, |
3085 | 129 | 124 | ] | |
3086 | 130 | 125 | ||
3087 | 131 | def print_commands(cmds): | 126 | |
3088 | 132 | 127 | def add_command_parsers(subparsers): | |
3089 | 133 | print 'Available commands:' | 128 | for cmd in CMDS: |
3090 | 134 | o = [] | 129 | cmd.add_argument_parser(subparsers) |
3091 | 135 | max_length = max([len(k) for k in cmds]) + 2 | 130 | |
3092 | 136 | for k, cmd in sorted(cmds.iteritems()): | 131 | |
3093 | 137 | initial_indent = '%s%s: ' % (' ' * (max_length - len(k)), k) | 132 | command_opt = cfg.SubCommandOpt('command', |
3094 | 138 | tw = textwrap.TextWrapper(initial_indent=initial_indent, | 133 | title='Commands', |
3095 | 139 | subsequent_indent=' ' * (max_length + 2), | 134 | help='Available commands', |
3096 | 140 | width=80) | 135 | handler=add_command_parsers) |
3072 | 141 | o.extend(tw.wrap( | ||
3073 | 142 | (cmd.__doc__ and cmd.__doc__ or 'no docs').strip().split('\n')[0])) | ||
3074 | 143 | print '\n'.join(o) | ||
3075 | 144 | |||
3076 | 145 | |||
3077 | 146 | def run(cmd, args): | ||
3078 | 147 | return CMDS[cmd](argv=args).run() | ||
3097 | 148 | 136 | ||
3098 | 149 | 137 | ||
3099 | 150 | def main(argv=None, config_files=None): | 138 | def main(argv=None, config_files=None): |
3117 | 151 | CONF.reset() | 139 | CONF.register_cli_opt(command_opt) |
3118 | 152 | args = CONF(args=argv, | 140 | CONF(args=argv[1:], |
3119 | 153 | project='keystone', | 141 | project='keystone', |
3120 | 154 | usage='%prog COMMAND', | 142 | usage='%(prog)s [' + '|'.join([cmd.name for cmd in CMDS]) + ']', |
3121 | 155 | default_config_files=config_files) | 143 | default_config_files=config_files) |
3122 | 156 | 144 | CONF.command.cmd_class.main() | |
3106 | 157 | if len(args) < 2: | ||
3107 | 158 | CONF.print_help() | ||
3108 | 159 | print_commands(CMDS) | ||
3109 | 160 | sys.exit(1) | ||
3110 | 161 | |||
3111 | 162 | cmd = args[1] | ||
3112 | 163 | if cmd in CMDS: | ||
3113 | 164 | return run(cmd, (args[:1] + args[2:])) | ||
3114 | 165 | else: | ||
3115 | 166 | print_commands(CMDS) | ||
3116 | 167 | sys.exit("Unknown command: %s" % cmd) | ||
3123 | 168 | 145 | ||
3124 | === modified file 'keystone/common/bufferedhttp.py' | |||
3125 | --- keystone/common/bufferedhttp.py 2012-11-23 09:01:53 +0000 | |||
3126 | +++ keystone/common/bufferedhttp.py 2013-01-25 16:27:23 +0000 | |||
3127 | @@ -99,8 +99,8 @@ | |||
3128 | 99 | 99 | ||
3129 | 100 | def getresponse(self): | 100 | def getresponse(self): |
3130 | 101 | response = HTTPConnection.getresponse(self) | 101 | response = HTTPConnection.getresponse(self) |
3133 | 102 | LOG.debug('HTTP PERF: %(time).5f seconds to %(method)s ' | 102 | LOG.debug(_('HTTP PERF: %(time).5f seconds to %(method)s ' |
3134 | 103 | '%(host)s:%(port)s %(path)s)', | 103 | '%(host)s:%(port)s %(path)s)'), |
3135 | 104 | {'time': time.time() - self._connected_time, | 104 | {'time': time.time() - self._connected_time, |
3136 | 105 | 'method': self._method, | 105 | 'method': self._method, |
3137 | 106 | 'host': self.host, | 106 | 'host': self.host, |
3138 | 107 | 107 | ||
3139 | === modified file 'keystone/common/cms.py' | |||
3140 | --- keystone/common/cms.py 2012-11-23 09:01:53 +0000 | |||
3141 | +++ keystone/common/cms.py 2013-01-25 16:27:23 +0000 | |||
3142 | @@ -41,7 +41,7 @@ | |||
3143 | 41 | output, err = process.communicate(formatted) | 41 | output, err = process.communicate(formatted) |
3144 | 42 | retcode = process.poll() | 42 | retcode = process.poll() |
3145 | 43 | if retcode: | 43 | if retcode: |
3147 | 44 | LOG.error('Verify error: %s' % err) | 44 | LOG.error(_('Verify error: %s') % err) |
3148 | 45 | raise subprocess.CalledProcessError(retcode, "openssl", output=err) | 45 | raise subprocess.CalledProcessError(retcode, "openssl", output=err) |
3149 | 46 | return output | 46 | return output |
3150 | 47 | 47 | ||
3151 | @@ -131,7 +131,7 @@ | |||
3152 | 131 | output, err = process.communicate(text) | 131 | output, err = process.communicate(text) |
3153 | 132 | retcode = process.poll() | 132 | retcode = process.poll() |
3154 | 133 | if retcode or "Error" in err: | 133 | if retcode or "Error" in err: |
3156 | 134 | LOG.error('Signing error: %s' % err) | 134 | LOG.error(_('Signing error: %s') % err) |
3157 | 135 | raise subprocess.CalledProcessError(retcode, "openssl") | 135 | raise subprocess.CalledProcessError(retcode, "openssl") |
3158 | 136 | return output | 136 | return output |
3159 | 137 | 137 | ||
3160 | 138 | 138 | ||
3161 | === modified file 'keystone/common/controller.py' | |||
3162 | --- keystone/common/controller.py 2012-11-23 09:01:53 +0000 | |||
3163 | +++ keystone/common/controller.py 2013-01-25 16:27:23 +0000 | |||
3164 | @@ -1,6 +1,7 @@ | |||
3165 | 1 | import uuid | 1 | import uuid |
3166 | 2 | import functools | 2 | import functools |
3167 | 3 | 3 | ||
3168 | 4 | from keystone.common import dependency | ||
3169 | 4 | from keystone.common import logging | 5 | from keystone.common import logging |
3170 | 5 | from keystone.common import wsgi | 6 | from keystone.common import wsgi |
3171 | 6 | from keystone import exception | 7 | from keystone import exception |
3172 | @@ -17,15 +18,15 @@ | |||
3173 | 17 | if not context['is_admin']: | 18 | if not context['is_admin']: |
3174 | 18 | action = 'identity:%s' % f.__name__ | 19 | action = 'identity:%s' % f.__name__ |
3175 | 19 | 20 | ||
3177 | 20 | LOG.debug('RBAC: Authorizing %s(%s)' % ( | 21 | LOG.debug(_('RBAC: Authorizing %s(%s)' % ( |
3178 | 21 | action, | 22 | action, |
3180 | 22 | ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs]))) | 23 | ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])))) |
3181 | 23 | 24 | ||
3182 | 24 | try: | 25 | try: |
3183 | 25 | token_ref = self.token_api.get_token( | 26 | token_ref = self.token_api.get_token( |
3184 | 26 | context=context, token_id=context['token_id']) | 27 | context=context, token_id=context['token_id']) |
3185 | 27 | except exception.TokenNotFound: | 28 | except exception.TokenNotFound: |
3187 | 28 | LOG.warning('RBAC: Invalid token') | 29 | LOG.warning(_('RBAC: Invalid token')) |
3188 | 29 | raise exception.Unauthorized() | 30 | raise exception.Unauthorized() |
3189 | 30 | 31 | ||
3190 | 31 | creds = token_ref['metadata'].copy() | 32 | creds = token_ref['metadata'].copy() |
3191 | @@ -33,13 +34,13 @@ | |||
3192 | 33 | try: | 34 | try: |
3193 | 34 | creds['user_id'] = token_ref['user'].get('id') | 35 | creds['user_id'] = token_ref['user'].get('id') |
3194 | 35 | except AttributeError: | 36 | except AttributeError: |
3196 | 36 | LOG.warning('RBAC: Invalid user') | 37 | LOG.warning(_('RBAC: Invalid user')) |
3197 | 37 | raise exception.Unauthorized() | 38 | raise exception.Unauthorized() |
3198 | 38 | 39 | ||
3199 | 39 | try: | 40 | try: |
3200 | 40 | creds['tenant_id'] = token_ref['tenant'].get('id') | 41 | creds['tenant_id'] = token_ref['tenant'].get('id') |
3201 | 41 | except AttributeError: | 42 | except AttributeError: |
3203 | 42 | LOG.debug('RBAC: Proceeding without tenant') | 43 | LOG.debug(_('RBAC: Proceeding without tenant')) |
3204 | 43 | 44 | ||
3205 | 44 | # NOTE(vish): this is pretty inefficient | 45 | # NOTE(vish): this is pretty inefficient |
3206 | 45 | creds['roles'] = [self.identity_api.get_role(context, role)['name'] | 46 | creds['roles'] = [self.identity_api.get_role(context, role)['name'] |
3207 | @@ -47,24 +48,23 @@ | |||
3208 | 47 | 48 | ||
3209 | 48 | self.policy_api.enforce(context, creds, action, kwargs) | 49 | self.policy_api.enforce(context, creds, action, kwargs) |
3210 | 49 | 50 | ||
3212 | 50 | LOG.debug('RBAC: Authorization granted') | 51 | LOG.debug(_('RBAC: Authorization granted')) |
3213 | 51 | else: | 52 | else: |
3215 | 52 | LOG.warning('RBAC: Bypassing authorization') | 53 | LOG.warning(_('RBAC: Bypassing authorization')) |
3216 | 53 | 54 | ||
3217 | 54 | return f(self, context, **kwargs) | 55 | return f(self, context, **kwargs) |
3218 | 55 | return wrapper | 56 | return wrapper |
3219 | 56 | 57 | ||
3220 | 57 | 58 | ||
3222 | 58 | class V3Controller(wsgi.Application): | 59 | @dependency.requires('identity_api', 'policy_api', 'token_api') |
3223 | 60 | class V2Controller(wsgi.Application): | ||
3224 | 61 | """Base controller class for Identity API v2.""" | ||
3225 | 62 | pass | ||
3226 | 63 | |||
3227 | 64 | |||
3228 | 65 | class V3Controller(V2Controller): | ||
3229 | 59 | """Base controller class for Identity API v3.""" | 66 | """Base controller class for Identity API v3.""" |
3230 | 60 | 67 | ||
3231 | 61 | def __init__(self, catalog_api, identity_api, token_api, policy_api): | ||
3232 | 62 | self.catalog_api = catalog_api | ||
3233 | 63 | self.identity_api = identity_api | ||
3234 | 64 | self.policy_api = policy_api | ||
3235 | 65 | self.token_api = token_api | ||
3236 | 66 | super(V3Controller, self).__init__() | ||
3237 | 67 | |||
3238 | 68 | def _paginate(self, context, refs): | 68 | def _paginate(self, context, refs): |
3239 | 69 | """Paginates a list of references by page & per_page query strings.""" | 69 | """Paginates a list of references by page & per_page query strings.""" |
3240 | 70 | page = context['query_string'].get('page', 1) | 70 | page = context['query_string'].get('page', 1) |
3241 | 71 | 71 | ||
3242 | === added file 'keystone/common/dependency.py' | |||
3243 | --- keystone/common/dependency.py 1970-01-01 00:00:00 +0000 | |||
3244 | +++ keystone/common/dependency.py 2013-01-25 16:27:23 +0000 | |||
3245 | @@ -0,0 +1,67 @@ | |||
3246 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
3247 | 2 | |||
3248 | 3 | # Copyright 2012 OpenStack LLC | ||
3249 | 4 | # | ||
3250 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
3251 | 6 | # not use this file except in compliance with the License. You may obtain | ||
3252 | 7 | # a copy of the License at | ||
3253 | 8 | # | ||
3254 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
3255 | 10 | # | ||
3256 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
3257 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
3258 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
3259 | 14 | # License for the specific language governing permissions and limitations | ||
3260 | 15 | # under the License. | ||
3261 | 16 | |||
3262 | 17 | REGISTRY = {} | ||
3263 | 18 | |||
3264 | 19 | |||
3265 | 20 | class UnresolvableDependencyException(Exception): | ||
3266 | 21 | def __init__(self, name): | ||
3267 | 22 | msg = 'Unregistered dependency: %s' % name | ||
3268 | 23 | super(UnresolvableDependencyException, self).__init__(msg) | ||
3269 | 24 | |||
3270 | 25 | |||
3271 | 26 | def provider(name): | ||
3272 | 27 | """Register the wrapped dependency provider under the specified name.""" | ||
3273 | 28 | def wrapper(cls): | ||
3274 | 29 | def wrapped(init): | ||
3275 | 30 | def __wrapped_init__(self, *args, **kwargs): | ||
3276 | 31 | """Initialize the wrapped object and add it to the registry.""" | ||
3277 | 32 | init(self, *args, **kwargs) | ||
3278 | 33 | REGISTRY[name] = self | ||
3279 | 34 | |||
3280 | 35 | return __wrapped_init__ | ||
3281 | 36 | |||
3282 | 37 | cls.__init__ = wrapped(cls.__init__) | ||
3283 | 38 | return cls | ||
3284 | 39 | |||
3285 | 40 | return wrapper | ||
3286 | 41 | |||
3287 | 42 | |||
3288 | 43 | def requires(*dependencies): | ||
3289 | 44 | """Inject specified dependencies from the registry into the instance.""" | ||
3290 | 45 | def wrapper(self, *args, **kwargs): | ||
3291 | 46 | """Inject each dependency from the registry.""" | ||
3292 | 47 | self.__wrapped_init__(*args, **kwargs) | ||
3293 | 48 | |||
3294 | 49 | for dependency in self._dependencies: | ||
3295 | 50 | if dependency not in REGISTRY: | ||
3296 | 51 | raise UnresolvableDependencyException(dependency) | ||
3297 | 52 | setattr(self, dependency, REGISTRY[dependency]) | ||
3298 | 53 | |||
3299 | 54 | def wrapped(cls): | ||
3300 | 55 | """Note the required dependencies on the object for later injection. | ||
3301 | 56 | |||
3302 | 57 | The dependencies of the parent class are combined with that of the | ||
3303 | 58 | child class to create a new set of dependencies. | ||
3304 | 59 | """ | ||
3305 | 60 | existing_dependencies = getattr(cls, '_dependencies', set()) | ||
3306 | 61 | cls._dependencies = existing_dependencies.union(dependencies) | ||
3307 | 62 | if not hasattr(cls, '__wrapped_init__'): | ||
3308 | 63 | cls.__wrapped_init__ = cls.__init__ | ||
3309 | 64 | cls.__init__ = wrapper | ||
3310 | 65 | return cls | ||
3311 | 66 | |||
3312 | 67 | return wrapped | ||
3313 | 0 | 68 | ||
3314 | === modified file 'keystone/common/ldap/core.py' | |||
3315 | --- keystone/common/ldap/core.py 2012-11-23 09:01:53 +0000 | |||
3316 | +++ keystone/common/ldap/core.py 2013-01-25 16:27:23 +0000 | |||
3317 | @@ -168,8 +168,8 @@ | |||
3318 | 168 | pass | 168 | pass |
3319 | 169 | else: | 169 | else: |
3320 | 170 | raise exception.Conflict(type=self.options_name, | 170 | raise exception.Conflict(type=self.options_name, |
3323 | 171 | details='Duplicate name, %s.' % | 171 | details=_('Duplicate name, %s.') % |
3324 | 172 | values['name']) | 172 | values['name']) |
3325 | 173 | 173 | ||
3326 | 174 | if values.get('id') is not None: | 174 | if values.get('id') is not None: |
3327 | 175 | try: | 175 | try: |
3328 | @@ -178,12 +178,13 @@ | |||
3329 | 178 | pass | 178 | pass |
3330 | 179 | else: | 179 | else: |
3331 | 180 | raise exception.Conflict(type=self.options_name, | 180 | raise exception.Conflict(type=self.options_name, |
3334 | 181 | details='Duplicate ID, %s.' % | 181 | details=_('Duplicate ID, %s.') % |
3335 | 182 | values['id']) | 182 | values['id']) |
3336 | 183 | 183 | ||
3337 | 184 | def create(self, values): | 184 | def create(self, values): |
3338 | 185 | if not self.allow_create: | 185 | if not self.allow_create: |
3340 | 186 | msg = 'LDAP backend does not allow %s create' % self.options_name | 186 | msg = _('LDAP backend does not allow %s create') \ |
3341 | 187 | % self.options_name | ||
3342 | 187 | raise exception.ForbiddenAction(msg) | 188 | raise exception.ForbiddenAction(msg) |
3343 | 188 | 189 | ||
3344 | 189 | conn = self.get_connection() | 190 | conn = self.get_connection() |
3345 | @@ -289,7 +290,8 @@ | |||
3346 | 289 | 290 | ||
3347 | 290 | def update(self, id, values, old_obj=None): | 291 | def update(self, id, values, old_obj=None): |
3348 | 291 | if not self.allow_update: | 292 | if not self.allow_update: |
3350 | 292 | msg = 'LDAP backend does not allow %s update' % self.options_name | 293 | msg = _('LDAP backend does not allow %s update') \ |
3351 | 294 | % self.options_name | ||
3352 | 293 | raise exception.ForbiddenAction(msg) | 295 | raise exception.ForbiddenAction(msg) |
3353 | 294 | 296 | ||
3354 | 295 | if old_obj is None: | 297 | if old_obj is None: |
3355 | @@ -316,7 +318,8 @@ | |||
3356 | 316 | 318 | ||
3357 | 317 | def delete(self, id): | 319 | def delete(self, id): |
3358 | 318 | if not self.allow_delete: | 320 | if not self.allow_delete: |
3360 | 319 | msg = 'LDAP backend does not allow %s delete' % self.options_name | 321 | msg = _('LDAP backend does not allow %s delete') \ |
3361 | 322 | % self.options_name | ||
3362 | 320 | raise exception.ForbiddenAction(msg) | 323 | raise exception.ForbiddenAction(msg) |
3363 | 321 | 324 | ||
3364 | 322 | conn = self.get_connection() | 325 | conn = self.get_connection() |
3365 | @@ -333,11 +336,11 @@ | |||
3366 | 333 | 336 | ||
3367 | 334 | class LdapWrapper(object): | 337 | class LdapWrapper(object): |
3368 | 335 | def __init__(self, url): | 338 | def __init__(self, url): |
3370 | 336 | LOG.debug("LDAP init: url=%s", url) | 339 | LOG.debug(_("LDAP init: url=%s", url)) |
3371 | 337 | self.conn = ldap.initialize(url) | 340 | self.conn = ldap.initialize(url) |
3372 | 338 | 341 | ||
3373 | 339 | def simple_bind_s(self, user, password): | 342 | def simple_bind_s(self, user, password): |
3375 | 340 | LOG.debug("LDAP bind: dn=%s", user) | 343 | LOG.debug(_("LDAP bind: dn=%s", user)) |
3376 | 341 | return self.conn.simple_bind_s(user, password) | 344 | return self.conn.simple_bind_s(user, password) |
3377 | 342 | 345 | ||
3378 | 343 | def add_s(self, dn, attrs): | 346 | def add_s(self, dn, attrs): |
3379 | @@ -348,15 +351,15 @@ | |||
3380 | 348 | if kind != 'userPassword' | 351 | if kind != 'userPassword' |
3381 | 349 | else ['****']) | 352 | else ['****']) |
3382 | 350 | for kind, values in ldap_attrs] | 353 | for kind, values in ldap_attrs] |
3384 | 351 | LOG.debug('LDAP add: dn=%s, attrs=%s', dn, sane_attrs) | 354 | LOG.debug(_('LDAP add: dn=%s, attrs=%s', dn, sane_attrs)) |
3385 | 352 | return self.conn.add_s(dn, ldap_attrs) | 355 | return self.conn.add_s(dn, ldap_attrs) |
3386 | 353 | 356 | ||
3387 | 354 | def search_s(self, dn, scope, query): | 357 | def search_s(self, dn, scope, query): |
3388 | 355 | if LOG.isEnabledFor(logging.DEBUG): | 358 | if LOG.isEnabledFor(logging.DEBUG): |
3390 | 356 | LOG.debug('LDAP search: dn=%s, scope=%s, query=%s', | 359 | LOG.debug(_('LDAP search: dn=%s, scope=%s, query=%s', |
3391 | 357 | dn, | 360 | dn, |
3392 | 358 | scope, | 361 | scope, |
3394 | 359 | query) | 362 | query)) |
3395 | 360 | res = self.conn.search_s(dn, scope, query) | 363 | res = self.conn.search_s(dn, scope, query) |
3396 | 361 | 364 | ||
3397 | 362 | o = [] | 365 | o = [] |
3398 | @@ -376,14 +379,14 @@ | |||
3399 | 376 | sane_modlist = [(op, kind, (values if kind != 'userPassword' | 379 | sane_modlist = [(op, kind, (values if kind != 'userPassword' |
3400 | 377 | else ['****'])) | 380 | else ['****'])) |
3401 | 378 | for op, kind, values in ldap_modlist] | 381 | for op, kind, values in ldap_modlist] |
3403 | 379 | LOG.debug("LDAP modify: dn=%s, modlist=%s", dn, sane_modlist) | 382 | LOG.debug(_("LDAP modify: dn=%s, modlist=%s", dn, sane_modlist)) |
3404 | 380 | 383 | ||
3405 | 381 | return self.conn.modify_s(dn, ldap_modlist) | 384 | return self.conn.modify_s(dn, ldap_modlist) |
3406 | 382 | 385 | ||
3407 | 383 | def delete_s(self, dn): | 386 | def delete_s(self, dn): |
3409 | 384 | LOG.debug("LDAP delete: dn=%s", dn) | 387 | LOG.debug(_("LDAP delete: dn=%s", dn)) |
3410 | 385 | return self.conn.delete_s(dn) | 388 | return self.conn.delete_s(dn) |
3411 | 386 | 389 | ||
3412 | 387 | def delete_ext_s(self, dn, serverctrls): | 390 | def delete_ext_s(self, dn, serverctrls): |
3414 | 388 | LOG.debug("LDAP delete_ext: dn=%s, serverctrls=%s", dn, serverctrls) | 391 | LOG.debug(_("LDAP delete_ext: dn=%s, serverctrls=%s", dn, serverctrls)) |
3415 | 389 | return self.conn.delete_ext_s(dn, serverctrls) | 392 | return self.conn.delete_ext_s(dn, serverctrls) |
3416 | 390 | 393 | ||
3417 | === modified file 'keystone/common/ldap/fakeldap.py' | |||
3418 | --- keystone/common/ldap/fakeldap.py 2012-11-02 13:48:49 +0000 | |||
3419 | +++ keystone/common/ldap/fakeldap.py 2013-01-25 16:27:23 +0000 | |||
3420 | @@ -145,7 +145,7 @@ | |||
3421 | 145 | __prefix = 'ldap:' | 145 | __prefix = 'ldap:' |
3422 | 146 | 146 | ||
3423 | 147 | def __init__(self, url): | 147 | def __init__(self, url): |
3425 | 148 | LOG.debug('FakeLdap initialize url=%s', url) | 148 | LOG.debug(_('FakeLdap initialize url=%s'), url) |
3426 | 149 | if url == 'fake://memory': | 149 | if url == 'fake://memory': |
3427 | 150 | self.db = FakeShelve.get_instance() | 150 | self.db = FakeShelve.get_instance() |
3428 | 151 | else: | 151 | else: |
3429 | @@ -155,26 +155,27 @@ | |||
3430 | 155 | """This method is ignored, but provided for compatibility.""" | 155 | """This method is ignored, but provided for compatibility.""" |
3431 | 156 | if server_fail: | 156 | if server_fail: |
3432 | 157 | raise ldap.SERVER_DOWN | 157 | raise ldap.SERVER_DOWN |
3434 | 158 | LOG.debug('FakeLdap bind dn=%s', dn) | 158 | LOG.debug(_('FakeLdap bind dn=%s'), dn) |
3435 | 159 | if dn == 'cn=Admin' and password == 'password': | 159 | if dn == 'cn=Admin' and password == 'password': |
3436 | 160 | return | 160 | return |
3437 | 161 | 161 | ||
3438 | 162 | try: | 162 | try: |
3439 | 163 | attrs = self.db['%s%s' % (self.__prefix, dn)] | 163 | attrs = self.db['%s%s' % (self.__prefix, dn)] |
3440 | 164 | except KeyError: | 164 | except KeyError: |
3442 | 165 | LOG.error('FakeLdap bind fail: dn=%s not found', dn) | 165 | LOG.error(_('FakeLdap bind fail: dn=%s not found'), dn) |
3443 | 166 | raise ldap.NO_SUCH_OBJECT | 166 | raise ldap.NO_SUCH_OBJECT |
3444 | 167 | 167 | ||
3445 | 168 | db_password = None | 168 | db_password = None |
3446 | 169 | try: | 169 | try: |
3447 | 170 | db_password = attrs['userPassword'][0] | 170 | db_password = attrs['userPassword'][0] |
3448 | 171 | except (KeyError, IndexError): | 171 | except (KeyError, IndexError): |
3450 | 172 | LOG.error('FakeLdap bind fail: password for dn=%s not found', dn) | 172 | LOG.error(_('FakeLdap bind fail: password for dn=%s not found'), |
3451 | 173 | dn) | ||
3452 | 173 | raise ldap.INAPPROPRIATE_AUTH | 174 | raise ldap.INAPPROPRIATE_AUTH |
3453 | 174 | 175 | ||
3454 | 175 | if not utils.ldap_check_password(password, db_password): | 176 | if not utils.ldap_check_password(password, db_password): |
3457 | 176 | LOG.error('FakeLdap bind fail: password for dn=%s does' | 177 | LOG.error(_('FakeLdap bind fail: password for dn=%s does' |
3458 | 177 | ' not match' % dn) | 178 | ' not match') % dn) |
3459 | 178 | raise ldap.INVALID_CREDENTIALS | 179 | raise ldap.INVALID_CREDENTIALS |
3460 | 179 | 180 | ||
3461 | 180 | def unbind_s(self): | 181 | def unbind_s(self): |
3462 | @@ -188,10 +189,10 @@ | |||
3463 | 188 | raise ldap.SERVER_DOWN | 189 | raise ldap.SERVER_DOWN |
3464 | 189 | 190 | ||
3465 | 190 | key = '%s%s' % (self.__prefix, dn) | 191 | key = '%s%s' % (self.__prefix, dn) |
3467 | 191 | LOG.debug('FakeLdap add item: dn=%s, attrs=%s', dn, attrs) | 192 | LOG.debug(_('FakeLdap add item: dn=%s, attrs=%s'), dn, attrs) |
3468 | 192 | if key in self.db: | 193 | if key in self.db: |
3471 | 193 | LOG.error('FakeLdap add item failed: dn=%s is' | 194 | LOG.error(_('FakeLdap add item failed: dn=%s is' |
3472 | 194 | ' already in store.', dn) | 195 | ' already in store.'), dn) |
3473 | 195 | raise ldap.ALREADY_EXISTS(dn) | 196 | raise ldap.ALREADY_EXISTS(dn) |
3474 | 196 | 197 | ||
3475 | 197 | self.db[key] = dict([(k, v if isinstance(v, list) else [v]) | 198 | self.db[key] = dict([(k, v if isinstance(v, list) else [v]) |
3476 | @@ -204,11 +205,11 @@ | |||
3477 | 204 | raise ldap.SERVER_DOWN | 205 | raise ldap.SERVER_DOWN |
3478 | 205 | 206 | ||
3479 | 206 | key = '%s%s' % (self.__prefix, dn) | 207 | key = '%s%s' % (self.__prefix, dn) |
3481 | 207 | LOG.debug('FakeLdap delete item: dn=%s', dn) | 208 | LOG.debug(_('FakeLdap delete item: dn=%s'), dn) |
3482 | 208 | try: | 209 | try: |
3483 | 209 | del self.db[key] | 210 | del self.db[key] |
3484 | 210 | except KeyError: | 211 | except KeyError: |
3486 | 211 | LOG.error('FakeLdap delete item failed: dn=%s not found.', dn) | 212 | LOG.error(_('FakeLdap delete item failed: dn=%s not found.'), dn) |
3487 | 212 | raise ldap.NO_SUCH_OBJECT | 213 | raise ldap.NO_SUCH_OBJECT |
3488 | 213 | self.db.sync() | 214 | self.db.sync() |
3489 | 214 | 215 | ||
3490 | @@ -218,11 +219,11 @@ | |||
3491 | 218 | raise ldap.SERVER_DOWN | 219 | raise ldap.SERVER_DOWN |
3492 | 219 | 220 | ||
3493 | 220 | key = '%s%s' % (self.__prefix, dn) | 221 | key = '%s%s' % (self.__prefix, dn) |
3495 | 221 | LOG.debug('FakeLdap delete item: dn=%s', dn) | 222 | LOG.debug(_('FakeLdap delete item: dn=%s'), dn) |
3496 | 222 | try: | 223 | try: |
3497 | 223 | del self.db[key] | 224 | del self.db[key] |
3498 | 224 | except KeyError: | 225 | except KeyError: |
3500 | 225 | LOG.error('FakeLdap delete item failed: dn=%s not found.', dn) | 226 | LOG.error(_('FakeLdap delete item failed: dn=%s not found.'), dn) |
3501 | 226 | raise ldap.NO_SUCH_OBJECT | 227 | raise ldap.NO_SUCH_OBJECT |
3502 | 227 | self.db.sync() | 228 | self.db.sync() |
3503 | 228 | 229 | ||
3504 | @@ -237,11 +238,11 @@ | |||
3505 | 237 | raise ldap.SERVER_DOWN | 238 | raise ldap.SERVER_DOWN |
3506 | 238 | 239 | ||
3507 | 239 | key = '%s%s' % (self.__prefix, dn) | 240 | key = '%s%s' % (self.__prefix, dn) |
3509 | 240 | LOG.debug('FakeLdap modify item: dn=%s attrs=%s', dn, attrs) | 241 | LOG.debug(_('FakeLdap modify item: dn=%s attrs=%s'), dn, attrs) |
3510 | 241 | try: | 242 | try: |
3511 | 242 | entry = self.db[key] | 243 | entry = self.db[key] |
3512 | 243 | except KeyError: | 244 | except KeyError: |
3514 | 244 | LOG.error('FakeLdap modify item failed: dn=%s not found.', dn) | 245 | LOG.error(_('FakeLdap modify item failed: dn=%s not found.'), dn) |
3515 | 245 | raise ldap.NO_SUCH_OBJECT | 246 | raise ldap.NO_SUCH_OBJECT |
3516 | 246 | 247 | ||
3517 | 247 | for cmd, k, v in attrs: | 248 | for cmd, k, v in attrs: |
3518 | @@ -258,8 +259,8 @@ | |||
3519 | 258 | elif cmd == ldap.MOD_DELETE: | 259 | elif cmd == ldap.MOD_DELETE: |
3520 | 259 | if v is None: | 260 | if v is None: |
3521 | 260 | if len(values) == 0: | 261 | if len(values) == 0: |
3524 | 261 | LOG.error('FakeLdap modify item failed: ' | 262 | LOG.error(_('FakeLdap modify item failed: ' |
3525 | 262 | 'item has no attribute "%s" to delete', k) | 263 | 'item has no attribute "%s" to delete'), k) |
3526 | 263 | raise ldap.NO_SUCH_ATTRIBUTE | 264 | raise ldap.NO_SUCH_ATTRIBUTE |
3527 | 264 | values[:] = [] | 265 | values[:] = [] |
3528 | 265 | else: | 266 | else: |
3529 | @@ -269,15 +270,15 @@ | |||
3530 | 269 | try: | 270 | try: |
3531 | 270 | values.remove(val) | 271 | values.remove(val) |
3532 | 271 | except ValueError: | 272 | except ValueError: |
3534 | 272 | LOG.error('FakeLdap modify item failed:' | 273 | LOG.error(_('FakeLdap modify item failed:' |
3535 | 273 | ' item has no attribute "%s" with' | 274 | ' item has no attribute "%s" with' |
3537 | 274 | ' value "%s" to delete', k, val) | 275 | ' value "%s" to delete'), k, val) |
3538 | 275 | raise ldap.NO_SUCH_ATTRIBUTE | 276 | raise ldap.NO_SUCH_ATTRIBUTE |
3539 | 276 | else: | 277 | else: |
3544 | 277 | LOG.error('FakeLdap modify item failed: unknown' | 278 | LOG.error(_('FakeLdap modify item failed: unknown' |
3545 | 278 | ' command %s', cmd) | 279 | ' command %s'), cmd) |
3546 | 279 | raise NotImplementedError('modify_s action %s not implemented' | 280 | raise NotImplementedError(_('modify_s action %s not' |
3547 | 280 | % cmd) | 281 | ' implemented') % cmd) |
3548 | 281 | self.db[key] = entry | 282 | self.db[key] = entry |
3549 | 282 | self.db.sync() | 283 | self.db.sync() |
3550 | 283 | 284 | ||
3551 | @@ -294,13 +295,14 @@ | |||
3552 | 294 | if server_fail: | 295 | if server_fail: |
3553 | 295 | raise ldap.SERVER_DOWN | 296 | raise ldap.SERVER_DOWN |
3554 | 296 | 297 | ||
3556 | 297 | LOG.debug('FakeLdap search at dn=%s scope=%s query=%s', | 298 | LOG.debug(_('FakeLdap search at dn=%s scope=%s query=%s'), |
3557 | 298 | dn, SCOPE_NAMES.get(scope, scope), query) | 299 | dn, SCOPE_NAMES.get(scope, scope), query) |
3558 | 299 | if scope == ldap.SCOPE_BASE: | 300 | if scope == ldap.SCOPE_BASE: |
3559 | 300 | try: | 301 | try: |
3560 | 301 | item_dict = self.db['%s%s' % (self.__prefix, dn)] | 302 | item_dict = self.db['%s%s' % (self.__prefix, dn)] |
3561 | 302 | except KeyError: | 303 | except KeyError: |
3563 | 303 | LOG.debug('FakeLdap search fail: dn not found for SCOPE_BASE') | 304 | LOG.debug(_('FakeLdap search fail: dn not found for' |
3564 | 305 | ' SCOPE_BASE')) | ||
3565 | 304 | raise ldap.NO_SUCH_OBJECT | 306 | raise ldap.NO_SUCH_OBJECT |
3566 | 305 | results = [(dn, item_dict)] | 307 | results = [(dn, item_dict)] |
3567 | 306 | elif scope == ldap.SCOPE_SUBTREE: | 308 | elif scope == ldap.SCOPE_SUBTREE: |
3568 | @@ -313,7 +315,7 @@ | |||
3569 | 313 | if re.match('%s\w+=[^,]+,%s' % (self.__prefix, dn), k)] | 315 | if re.match('%s\w+=[^,]+,%s' % (self.__prefix, dn), k)] |
3570 | 314 | else: | 316 | else: |
3571 | 315 | LOG.error('FakeLdap search fail: unknown scope %s', scope) | 317 | LOG.error('FakeLdap search fail: unknown scope %s', scope) |
3573 | 316 | raise NotImplementedError('Search scope %s not implemented.' | 318 | raise NotImplementedError(_('Search scope %s not implemented.') |
3574 | 317 | % scope) | 319 | % scope) |
3575 | 318 | 320 | ||
3576 | 319 | objects = [] | 321 | objects = [] |
3577 | 320 | 322 | ||
3578 | === modified file 'keystone/common/models.py' | |||
3579 | --- keystone/common/models.py 2012-11-02 13:48:49 +0000 | |||
3580 | +++ keystone/common/models.py 2013-01-25 16:27:23 +0000 | |||
3581 | @@ -78,7 +78,7 @@ | |||
3582 | 78 | """ | 78 | """ |
3583 | 79 | 79 | ||
3584 | 80 | required_keys = ('id', 'region', 'service_id') | 80 | required_keys = ('id', 'region', 'service_id') |
3586 | 81 | optional_keys = ('interalurl', 'publicurl', 'adminurl') | 81 | optional_keys = ('internalurl', 'publicurl', 'adminurl') |
3587 | 82 | 82 | ||
3588 | 83 | 83 | ||
3589 | 84 | class User(Model): | 84 | class User(Model): |
3590 | @@ -99,6 +99,23 @@ | |||
3591 | 99 | optional_keys = ('password', 'description', 'email', 'enabled') | 99 | optional_keys = ('password', 'description', 'email', 'enabled') |
3592 | 100 | 100 | ||
3593 | 101 | 101 | ||
3594 | 102 | class Group(Model): | ||
3595 | 103 | """Group object. | ||
3596 | 104 | |||
3597 | 105 | Required keys: | ||
3598 | 106 | id | ||
3599 | 107 | name | ||
3600 | 108 | |||
3601 | 109 | Optional keys: | ||
3602 | 110 | domain_id | ||
3603 | 111 | description | ||
3604 | 112 | |||
3605 | 113 | """ | ||
3606 | 114 | |||
3607 | 115 | required_keys = ('id', 'name') | ||
3608 | 116 | optional_keys = ('domain_id', 'description') | ||
3609 | 117 | |||
3610 | 118 | |||
3611 | 102 | class Tenant(Model): | 119 | class Tenant(Model): |
3612 | 103 | """Tenant object. | 120 | """Tenant object. |
3613 | 104 | 121 | ||
3614 | 105 | 122 | ||
3615 | === added file 'keystone/common/router.py' | |||
3616 | --- keystone/common/router.py 1970-01-01 00:00:00 +0000 | |||
3617 | +++ keystone/common/router.py 2013-01-25 16:27:23 +0000 | |||
3618 | @@ -0,0 +1,56 @@ | |||
3619 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
3620 | 2 | |||
3621 | 3 | # Copyright 2012 OpenStack LLC | ||
3622 | 4 | # | ||
3623 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
3624 | 6 | # not use this file except in compliance with the License. You may obtain | ||
3625 | 7 | # a copy of the License at | ||
3626 | 8 | # | ||
3627 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
3628 | 10 | # | ||
3629 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
3630 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
3631 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
3632 | 14 | # License for the specific language governing permissions and limitations | ||
3633 | 15 | # under the License. | ||
3634 | 16 | from keystone.common import wsgi | ||
3635 | 17 | |||
3636 | 18 | |||
3637 | 19 | class Router(wsgi.ComposableRouter): | ||
3638 | 20 | def __init__(self, controller, collection_key, key): | ||
3639 | 21 | self.controller = controller | ||
3640 | 22 | self.key = key | ||
3641 | 23 | self.collection_key = collection_key | ||
3642 | 24 | |||
3643 | 25 | def add_routes(self, mapper): | ||
3644 | 26 | collection_path = '/%(collection_key)s' % { | ||
3645 | 27 | 'collection_key': self.collection_key} | ||
3646 | 28 | entity_path = '/%(collection_key)s/{%(key)s_id}' % { | ||
3647 | 29 | 'collection_key': self.collection_key, | ||
3648 | 30 | 'key': self.key} | ||
3649 | 31 | |||
3650 | 32 | mapper.connect( | ||
3651 | 33 | collection_path, | ||
3652 | 34 | controller=self.controller, | ||
3653 | 35 | action='create_%s' % self.key, | ||
3654 | 36 | conditions=dict(method=['POST'])) | ||
3655 | 37 | mapper.connect( | ||
3656 | 38 | collection_path, | ||
3657 | 39 | controller=self.controller, | ||
3658 | 40 | action='list_%s' % self.collection_key, | ||
3659 | 41 | conditions=dict(method=['GET'])) | ||
3660 | 42 | mapper.connect( | ||
3661 | 43 | entity_path, | ||
3662 | 44 | controller=self.controller, | ||
3663 | 45 | action='get_%s' % self.key, | ||
3664 | 46 | conditions=dict(method=['GET'])) | ||
3665 | 47 | mapper.connect( | ||
3666 | 48 | entity_path, | ||
3667 | 49 | controller=self.controller, | ||
3668 | 50 | action='update_%s' % self.key, | ||
3669 | 51 | conditions=dict(method=['PATCH'])) | ||
3670 | 52 | mapper.connect( | ||
3671 | 53 | entity_path, | ||
3672 | 54 | controller=self.controller, | ||
3673 | 55 | action='delete_%s' % self.key, | ||
3674 | 56 | conditions=dict(method=['DELETE'])) | ||
3675 | 0 | 57 | ||
3676 | === modified file 'keystone/common/sql/core.py' | |||
3677 | --- keystone/common/sql/core.py 2012-11-23 09:01:53 +0000 | |||
3678 | +++ keystone/common/sql/core.py 2013-01-25 16:27:23 +0000 | |||
3679 | @@ -46,6 +46,7 @@ | |||
3680 | 46 | IntegrityError = sql.exc.IntegrityError | 46 | IntegrityError = sql.exc.IntegrityError |
3681 | 47 | NotFound = sql.orm.exc.NoResultFound | 47 | NotFound = sql.orm.exc.NoResultFound |
3682 | 48 | Boolean = sql.Boolean | 48 | Boolean = sql.Boolean |
3683 | 49 | Text = sql.Text | ||
3684 | 49 | 50 | ||
3685 | 50 | 51 | ||
3686 | 51 | def set_global_engine(engine): | 52 | def set_global_engine(engine): |
3687 | @@ -159,7 +160,7 @@ | |||
3688 | 159 | dbapi_con.cursor().execute('select 1') | 160 | dbapi_con.cursor().execute('select 1') |
3689 | 160 | except dbapi_con.OperationalError as e: | 161 | except dbapi_con.OperationalError as e: |
3690 | 161 | if e.args[0] in (2006, 2013, 2014, 2045, 2055): | 162 | if e.args[0] in (2006, 2013, 2014, 2045, 2055): |
3692 | 162 | logging.warn('Got mysql server has gone away: %s', e) | 163 | logging.warn(_('Got mysql server has gone away: %s'), e) |
3693 | 163 | raise DisconnectionError("Database server went away") | 164 | raise DisconnectionError("Database server went away") |
3694 | 164 | else: | 165 | else: |
3695 | 165 | raise | 166 | raise |
3696 | 166 | 167 | ||
3697 | === modified file 'keystone/common/sql/legacy.py' | |||
3698 | --- keystone/common/sql/legacy.py 2012-08-16 13:59:29 +0000 | |||
3699 | +++ keystone/common/sql/legacy.py 2013-01-25 16:27:23 +0000 | |||
3700 | @@ -171,4 +171,4 @@ | |||
3701 | 171 | try: | 171 | try: |
3702 | 172 | self.ec2_driver.create_credential(None, new_dict) | 172 | self.ec2_driver.create_credential(None, new_dict) |
3703 | 173 | except exc.IntegrityError: | 173 | except exc.IntegrityError: |
3705 | 174 | LOG.exception('Cannot migrate EC2 credential: %s' % x) | 174 | LOG.exception(_('Cannot migrate EC2 credential: %s') % x) |
3706 | 175 | 175 | ||
3707 | === modified file 'keystone/common/sql/migrate_repo/versions/001_add_initial_tables.py' | |||
3708 | --- keystone/common/sql/migrate_repo/versions/001_add_initial_tables.py 2012-11-23 09:01:53 +0000 | |||
3709 | +++ keystone/common/sql/migrate_repo/versions/001_add_initial_tables.py 2013-01-25 16:27:23 +0000 | |||
3710 | @@ -14,7 +14,6 @@ | |||
3711 | 14 | # License for the specific language governing permissions and limitations | 14 | # License for the specific language governing permissions and limitations |
3712 | 15 | # under the License. | 15 | # under the License. |
3713 | 16 | 16 | ||
3714 | 17 | import migrate | ||
3715 | 18 | import sqlalchemy as sql | 17 | import sqlalchemy as sql |
3716 | 19 | 18 | ||
3717 | 20 | 19 | ||
3718 | @@ -116,4 +115,11 @@ | |||
3719 | 116 | 115 | ||
3720 | 117 | def downgrade(migrate_engine): | 116 | def downgrade(migrate_engine): |
3721 | 118 | # Operations to reverse the above upgrade go here. | 117 | # Operations to reverse the above upgrade go here. |
3723 | 119 | pass | 118 | meta = sql.MetaData() |
3724 | 119 | meta.bind = migrate_engine | ||
3725 | 120 | |||
3726 | 121 | tables = ['user_tenant_membership', 'token', 'user', 'tenant', 'role', | ||
3727 | 122 | 'metadata', 'ec2_credential', 'endpoint', 'service'] | ||
3728 | 123 | for t in tables: | ||
3729 | 124 | table = sql.Table(t, meta, autoload=True) | ||
3730 | 125 | table.drop(migrate_engine, checkfirst=True) | ||
3731 | 120 | 126 | ||
3732 | === removed file 'keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql' | |||
3733 | --- keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql 2012-09-07 13:04:01 +0000 | |||
3734 | +++ keystone/common/sql/migrate_repo/versions/003_sqlite_downgrade.sql 1970-01-01 00:00:00 +0000 | |||
3735 | @@ -1,1 +0,0 @@ | |||
3736 | 1 | alter TABLE token drop column valid; | ||
3737 | 2 | 0 | ||
3738 | === modified file 'keystone/common/sql/migrate_repo/versions/003_token_valid.py' | |||
3739 | --- keystone/common/sql/migrate_repo/versions/003_token_valid.py 2012-09-07 13:04:01 +0000 | |||
3740 | +++ keystone/common/sql/migrate_repo/versions/003_token_valid.py 2013-01-25 16:27:23 +0000 | |||
3741 | @@ -15,13 +15,9 @@ | |||
3742 | 15 | # under the License. | 15 | # under the License. |
3743 | 16 | 16 | ||
3744 | 17 | 17 | ||
3745 | 18 | from migrate import * | ||
3746 | 19 | from sqlalchemy import * | 18 | from sqlalchemy import * |
3747 | 20 | 19 | ||
3748 | 21 | 20 | ||
3749 | 22 | from keystone.common import sql | ||
3750 | 23 | |||
3751 | 24 | |||
3752 | 25 | def upgrade(migrate_engine): | 21 | def upgrade(migrate_engine): |
3753 | 26 | # Upgrade operations go here. Don't create your own engine; bind | 22 | # Upgrade operations go here. Don't create your own engine; bind |
3754 | 27 | 23 | ||
3755 | 28 | 24 | ||
3756 | === modified file 'keystone/common/sql/migrate_repo/versions/006_add_policy_table.py' | |||
3757 | --- keystone/common/sql/migrate_repo/versions/006_add_policy_table.py 2012-11-23 09:01:53 +0000 | |||
3758 | +++ keystone/common/sql/migrate_repo/versions/006_add_policy_table.py 2013-01-25 16:27:23 +0000 | |||
3759 | @@ -14,7 +14,6 @@ | |||
3760 | 14 | # License for the specific language governing permissions and limitations | 14 | # License for the specific language governing permissions and limitations |
3761 | 15 | # under the License. | 15 | # under the License. |
3762 | 16 | 16 | ||
3763 | 17 | import migrate | ||
3764 | 18 | import sqlalchemy as sql | 17 | import sqlalchemy as sql |
3765 | 19 | 18 | ||
3766 | 20 | 19 | ||
3767 | @@ -33,4 +32,8 @@ | |||
3768 | 33 | 32 | ||
3769 | 34 | 33 | ||
3770 | 35 | def downgrade(migrate_engine): | 34 | def downgrade(migrate_engine): |
3772 | 36 | pass | 35 | meta = sql.MetaData() |
3773 | 36 | meta.bind = migrate_engine | ||
3774 | 37 | |||
3775 | 38 | policy_table = sql.Table('policy', meta, autoload=True) | ||
3776 | 39 | policy_table.drop(migrate_engine, checkfirst=True) | ||
3777 | 37 | 40 | ||
3778 | === modified file 'keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py' | |||
3779 | --- keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py 2012-11-23 09:01:53 +0000 | |||
3780 | +++ keystone/common/sql/migrate_repo/versions/007_add_domain_tables.py 2013-01-25 16:27:23 +0000 | |||
3781 | @@ -14,7 +14,6 @@ | |||
3782 | 14 | # License for the specific language governing permissions and limitations | 14 | # License for the specific language governing permissions and limitations |
3783 | 15 | # under the License. | 15 | # under the License. |
3784 | 16 | 16 | ||
3785 | 17 | import migrate | ||
3786 | 18 | import sqlalchemy as sql | 17 | import sqlalchemy as sql |
3787 | 19 | 18 | ||
3788 | 20 | 19 | ||
3789 | @@ -77,3 +76,8 @@ | |||
3790 | 77 | 76 | ||
3791 | 78 | role = sql.Table('role', meta, autoload=True) | 77 | role = sql.Table('role', meta, autoload=True) |
3792 | 79 | role.drop_column('extra') | 78 | role.drop_column('extra') |
3793 | 79 | |||
3794 | 80 | tables = ['domain', 'user_domain_metadata', 'credential'] | ||
3795 | 81 | for t in tables: | ||
3796 | 82 | table = sql.Table(t, meta, autoload=True) | ||
3797 | 83 | table.drop(migrate_engine, checkfirst=True) | ||
3798 | 80 | 84 | ||
3799 | === added file 'keystone/common/sql/migrate_repo/versions/008_normalize_identity.py' | |||
3800 | --- keystone/common/sql/migrate_repo/versions/008_normalize_identity.py 1970-01-01 00:00:00 +0000 | |||
3801 | +++ keystone/common/sql/migrate_repo/versions/008_normalize_identity.py 2013-01-25 16:27:23 +0000 | |||
3802 | @@ -0,0 +1,58 @@ | |||
3803 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
3804 | 2 | |||
3805 | 3 | # Copyright 2012 OpenStack LLC | ||
3806 | 4 | # | ||
3807 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
3808 | 6 | # not use this file except in compliance with the License. You may obtain | ||
3809 | 7 | # a copy of the License at | ||
3810 | 8 | # | ||
3811 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
3812 | 10 | # | ||
3813 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
3814 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
3815 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
3816 | 14 | # License for the specific language governing permissions and limitations | ||
3817 | 15 | # under the License. | ||
3818 | 16 | |||
3819 | 17 | |||
3820 | 18 | from sqlalchemy import Column, MetaData, String, Table, Text, types | ||
3821 | 19 | |||
3822 | 20 | |||
3823 | 21 | #this won't work on sqlite. It doesn't support dropping columns | ||
3824 | 22 | def downgrade_user_table(meta, migrate_engine): | ||
3825 | 23 | user_table = Table('user', meta, autoload=True) | ||
3826 | 24 | user_table.columns["password"].drop() | ||
3827 | 25 | user_table.columns["enabled"].drop() | ||
3828 | 26 | |||
3829 | 27 | |||
3830 | 28 | def downgrade_tenant_table(meta, migrate_engine): | ||
3831 | 29 | tenant_table = Table('tenant', meta, autoload=True) | ||
3832 | 30 | tenant_table.columns["description"].drop() | ||
3833 | 31 | tenant_table.columns["enabled"].drop() | ||
3834 | 32 | |||
3835 | 33 | |||
3836 | 34 | def upgrade_user_table(meta, migrate_engine): | ||
3837 | 35 | user_table = Table('user', meta, autoload=True) | ||
3838 | 36 | user_table.create_column(Column("password", String(128))) | ||
3839 | 37 | user_table.create_column(Column("enabled", types.Boolean, | ||
3840 | 38 | default=True)) | ||
3841 | 39 | |||
3842 | 40 | |||
3843 | 41 | def upgrade_tenant_table(meta, migrate_engine): | ||
3844 | 42 | tenant_table = Table('tenant', meta, autoload=True) | ||
3845 | 43 | tenant_table.create_column(Column("description", Text())) | ||
3846 | 44 | tenant_table.create_column(Column("enabled", types.Boolean)) | ||
3847 | 45 | |||
3848 | 46 | |||
3849 | 47 | def upgrade(migrate_engine): | ||
3850 | 48 | meta = MetaData() | ||
3851 | 49 | meta.bind = migrate_engine | ||
3852 | 50 | upgrade_user_table(meta, migrate_engine) | ||
3853 | 51 | upgrade_tenant_table(meta, migrate_engine) | ||
3854 | 52 | |||
3855 | 53 | |||
3856 | 54 | def downgrade(migrate_engine): | ||
3857 | 55 | meta = MetaData() | ||
3858 | 56 | meta.bind = migrate_engine | ||
3859 | 57 | downgrade_user_table(meta, migrate_engine) | ||
3860 | 58 | downgrade_tenant_table(meta, migrate_engine) | ||
3861 | 0 | 59 | ||
3862 | === added file 'keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql' | |||
3863 | --- keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql 1970-01-01 00:00:00 +0000 | |||
3864 | +++ keystone/common/sql/migrate_repo/versions/008_sqlite_downgrade.sql 2013-01-25 16:27:23 +0000 | |||
3865 | @@ -0,0 +1,5 @@ | |||
3866 | 1 | -- not supported by sqlite, but should be: | ||
3867 | 2 | -- alter TABLE tenant drop column description; | ||
3868 | 3 | -- alter TABLE tenant drop column enabled; | ||
3869 | 4 | -- The downgrade process will fail without valid SQL in this file | ||
3870 | 5 | select count(*) from tenant; | ||
3871 | 0 | 6 | ||
3872 | === added file 'keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py' | |||
3873 | --- keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py 1970-01-01 00:00:00 +0000 | |||
3874 | +++ keystone/common/sql/migrate_repo/versions/009_normalize_identity_migration.py 2013-01-25 16:27:23 +0000 | |||
3875 | @@ -0,0 +1,145 @@ | |||
3876 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
3877 | 2 | |||
3878 | 3 | # Copyright 2012 OpenStack LLC | ||
3879 | 4 | # | ||
3880 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
3881 | 6 | # not use this file except in compliance with the License. You may obtain | ||
3882 | 7 | # a copy of the License at | ||
3883 | 8 | # | ||
3884 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
3885 | 10 | # | ||
3886 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
3887 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
3888 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
3889 | 14 | # License for the specific language governing permissions and limitations | ||
3890 | 15 | # under the License. | ||
3891 | 16 | |||
3892 | 17 | import json | ||
3893 | 18 | |||
3894 | 19 | from sqlalchemy import MetaData, Table | ||
3895 | 20 | from sqlalchemy.orm import sessionmaker | ||
3896 | 21 | |||
3897 | 22 | disabled_values = ['false', 'disabled', 'no', '0'] | ||
3898 | 23 | |||
3899 | 24 | |||
3900 | 25 | def is_enabled(enabled): | ||
3901 | 26 | #no explicit value means enabled | ||
3902 | 27 | if enabled is None: | ||
3903 | 28 | return 1 | ||
3904 | 29 | if enabled is str: | ||
3905 | 30 | if str(enabled).lower() in disabled_values: | ||
3906 | 31 | return 0 | ||
3907 | 32 | if enabled: | ||
3908 | 33 | return 1 | ||
3909 | 34 | else: | ||
3910 | 35 | return 0 | ||
3911 | 36 | |||
3912 | 37 | |||
3913 | 38 | def downgrade_user_table(meta, migrate_engine): | ||
3914 | 39 | user_table = Table('user', meta, autoload=True) | ||
3915 | 40 | maker = sessionmaker(bind=migrate_engine) | ||
3916 | 41 | session = maker() | ||
3917 | 42 | user_data = [] | ||
3918 | 43 | for a_user in session.query(user_table): | ||
3919 | 44 | id, name, extra, password, enabled = a_user | ||
3920 | 45 | extra_parsed = json.loads(extra) | ||
3921 | 46 | extra_parsed['password'] = password | ||
3922 | 47 | extra_parsed['enabled'] = "%r" % enabled | ||
3923 | 48 | user_data.append((password, | ||
3924 | 49 | json.dumps(extra_parsed), | ||
3925 | 50 | is_enabled(enabled), id)) | ||
3926 | 51 | for user in user_data: | ||
3927 | 52 | session.execute("update user " | ||
3928 | 53 | "set extra = '%s' " | ||
3929 | 54 | "where id = '%s'" % | ||
3930 | 55 | user) | ||
3931 | 56 | |||
3932 | 57 | session.commit() | ||
3933 | 58 | |||
3934 | 59 | |||
3935 | 60 | def downgrade_tenant_table(meta, migrate_engine): | ||
3936 | 61 | tenant_table = Table('tenant', meta, autoload=True) | ||
3937 | 62 | maker = sessionmaker(bind=migrate_engine) | ||
3938 | 63 | session = maker() | ||
3939 | 64 | tenant_data = [] | ||
3940 | 65 | for a_tenant in session.query(tenant_table): | ||
3941 | 66 | id, name, extra, password, enabled = a_tenant | ||
3942 | 67 | extra_parsed = json.loads(extra) | ||
3943 | 68 | extra_parsed['description'] = description | ||
3944 | 69 | extra_parsed['enabled'] = "%r" % enabled | ||
3945 | 70 | tenant_data.append((password, | ||
3946 | 71 | json.dumps(extra_parsed), | ||
3947 | 72 | is_enabled(enabled), id)) | ||
3948 | 73 | for tenant in tenant_data: | ||
3949 | 74 | session.execute("update tenant " | ||
3950 | 75 | "set extra = '%s' " | ||
3951 | 76 | "where id = '%s'" % | ||
3952 | 77 | tenant) | ||
3953 | 78 | |||
3954 | 79 | session.commit() | ||
3955 | 80 | |||
3956 | 81 | |||
3957 | 82 | def upgrade_user_table(meta, migrate_engine): | ||
3958 | 83 | user_table = Table('user', meta, autoload=True) | ||
3959 | 84 | maker = sessionmaker(bind=migrate_engine) | ||
3960 | 85 | session = maker() | ||
3961 | 86 | |||
3962 | 87 | new_user_data = [] | ||
3963 | 88 | for a_user in session.query(user_table): | ||
3964 | 89 | id, name, extra, password, enabled = a_user | ||
3965 | 90 | extra_parsed = json.loads(extra) | ||
3966 | 91 | if 'password' in extra_parsed: | ||
3967 | 92 | password = extra_parsed['password'] | ||
3968 | 93 | extra_parsed.pop('password') | ||
3969 | 94 | if 'enabled' in extra_parsed: | ||
3970 | 95 | enabled = extra_parsed['enabled'] | ||
3971 | 96 | extra_parsed.pop('enabled') | ||
3972 | 97 | new_user_data.append((password, | ||
3973 | 98 | json.dumps(extra_parsed), | ||
3974 | 99 | is_enabled(enabled), id)) | ||
3975 | 100 | for new_user in new_user_data: | ||
3976 | 101 | session.execute("update user " | ||
3977 | 102 | "set password = '%s', extra = '%s', enabled = '%s' " | ||
3978 | 103 | "where id = '%s'" % | ||
3979 | 104 | new_user) | ||
3980 | 105 | session.commit() | ||
3981 | 106 | |||
3982 | 107 | |||
3983 | 108 | def upgrade_tenant_table(meta, migrate_engine): | ||
3984 | 109 | tenant_table = Table('tenant', meta, autoload=True) | ||
3985 | 110 | |||
3986 | 111 | maker = sessionmaker(bind=migrate_engine) | ||
3987 | 112 | session = maker() | ||
3988 | 113 | new_tenant_data = [] | ||
3989 | 114 | for a_tenant in session.query(tenant_table): | ||
3990 | 115 | id, name, extra, description, enabled = a_tenant | ||
3991 | 116 | extra_parsed = json.loads(extra) | ||
3992 | 117 | if 'description' in extra_parsed: | ||
3993 | 118 | description = extra_parsed['description'] | ||
3994 | 119 | extra_parsed.pop('description') | ||
3995 | 120 | if 'enabled' in extra_parsed: | ||
3996 | 121 | enabled = extra_parsed['enabled'] | ||
3997 | 122 | extra_parsed.pop('enabled') | ||
3998 | 123 | new_tenant_data.append((description, | ||
3999 | 124 | json.dumps(extra_parsed), | ||
4000 | 125 | is_enabled(enabled), id)) | ||
4001 | 126 | for new_tenant in new_tenant_data: | ||
4002 | 127 | session.execute("update tenant " | ||
4003 | 128 | "set description = '%s', extra = '%s', enabled = '%s' " | ||
4004 | 129 | "where id = '%s'" % | ||
4005 | 130 | new_tenant) | ||
4006 | 131 | session.commit() | ||
4007 | 132 | |||
4008 | 133 | |||
4009 | 134 | def upgrade(migrate_engine): | ||
4010 | 135 | meta = MetaData() | ||
4011 | 136 | meta.bind = migrate_engine | ||
4012 | 137 | upgrade_user_table(meta, migrate_engine) | ||
4013 | 138 | upgrade_tenant_table(meta, migrate_engine) | ||
4014 | 139 | |||
4015 | 140 | |||
4016 | 141 | def downgrade(migrate_engine): | ||
4017 | 142 | meta = MetaData() | ||
4018 | 143 | meta.bind = migrate_engine | ||
4019 | 144 | downgrade_user_table(meta, migrate_engine) | ||
4020 | 145 | downgrade_tenant_table(meta, migrate_engine) | ||
4021 | 0 | 146 | ||
4022 | === added file 'keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py' | |||
4023 | --- keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py 1970-01-01 00:00:00 +0000 | |||
4024 | +++ keystone/common/sql/migrate_repo/versions/010_endpoints_v3.py 2013-01-25 16:27:23 +0000 | |||
4025 | @@ -0,0 +1,53 @@ | |||
4026 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
4027 | 2 | |||
4028 | 3 | # Copyright 2012 OpenStack LLC | ||
4029 | 4 | # | ||
4030 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
4031 | 6 | # not use this file except in compliance with the License. You may obtain | ||
4032 | 7 | # a copy of the License at | ||
4033 | 8 | # | ||
4034 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
4035 | 10 | # | ||
4036 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
4037 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
4038 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
4039 | 14 | # License for the specific language governing permissions and limitations | ||
4040 | 15 | # under the License. | ||
4041 | 16 | |||
4042 | 17 | import sqlalchemy as sql | ||
4043 | 18 | |||
4044 | 19 | |||
4045 | 20 | def upgrade(migrate_engine): | ||
4046 | 21 | """Create API-version specific endpoint tables.""" | ||
4047 | 22 | meta = sql.MetaData() | ||
4048 | 23 | meta.bind = migrate_engine | ||
4049 | 24 | |||
4050 | 25 | legacy_table = sql.Table('endpoint', meta, autoload=True) | ||
4051 | 26 | legacy_table.rename('endpoint_v2') | ||
4052 | 27 | |||
4053 | 28 | new_table = sql.Table( | ||
4054 | 29 | 'endpoint_v3', | ||
4055 | 30 | meta, | ||
4056 | 31 | sql.Column('id', sql.String(64), primary_key=True), | ||
4057 | 32 | sql.Column('legacy_endpoint_id', sql.String(64)), | ||
4058 | 33 | sql.Column('interface', sql.String(8), nullable=False), | ||
4059 | 34 | sql.Column('region', sql.String(255)), | ||
4060 | 35 | sql.Column('service_id', | ||
4061 | 36 | sql.String(64), | ||
4062 | 37 | sql.ForeignKey('service.id'), | ||
4063 | 38 | nullable=False), | ||
4064 | 39 | sql.Column('url', sql.Text(), nullable=False), | ||
4065 | 40 | sql.Column('extra', sql.Text())) | ||
4066 | 41 | new_table.create(migrate_engine, checkfirst=True) | ||
4067 | 42 | |||
4068 | 43 | |||
4069 | 44 | def downgrade(migrate_engine): | ||
4070 | 45 | """Replace API-version specific endpoint tables with one based on v2.""" | ||
4071 | 46 | meta = sql.MetaData() | ||
4072 | 47 | meta.bind = migrate_engine | ||
4073 | 48 | |||
4074 | 49 | new_table = sql.Table('endpoint_v3', meta, autoload=True) | ||
4075 | 50 | new_table.drop() | ||
4076 | 51 | |||
4077 | 52 | legacy_table = sql.Table('endpoint_v2', meta, autoload=True) | ||
4078 | 53 | legacy_table.rename('endpoint') | ||
4079 | 0 | 54 | ||
4080 | === added file 'keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py' | |||
4081 | --- keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py 1970-01-01 00:00:00 +0000 | |||
4082 | +++ keystone/common/sql/migrate_repo/versions/011_populate_endpoint_type.py 2013-01-25 16:27:23 +0000 | |||
4083 | @@ -0,0 +1,96 @@ | |||
4084 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
4085 | 2 | |||
4086 | 3 | # Copyright 2012 OpenStack LLC | ||
4087 | 4 | # | ||
4088 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
4089 | 6 | # not use this file except in compliance with the License. You may obtain | ||
4090 | 7 | # a copy of the License at | ||
4091 | 8 | # | ||
4092 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
4093 | 10 | # | ||
4094 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
4095 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
4096 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
4097 | 14 | # License for the specific language governing permissions and limitations | ||
4098 | 15 | # under the License. | ||
4099 | 16 | |||
4100 | 17 | import json | ||
4101 | 18 | import uuid | ||
4102 | 19 | |||
4103 | 20 | import sqlalchemy as sql | ||
4104 | 21 | from sqlalchemy import orm | ||
4105 | 22 | |||
4106 | 23 | |||
4107 | 24 | ENDPOINT_TYPES = ['public', 'internal', 'admin'] | ||
4108 | 25 | |||
4109 | 26 | |||
4110 | 27 | def upgrade(migrate_engine): | ||
4111 | 28 | """Split each legacy endpoint into seperate records for each interface.""" | ||
4112 | 29 | meta = sql.MetaData() | ||
4113 | 30 | meta.bind = migrate_engine | ||
4114 | 31 | |||
4115 | 32 | legacy_table = sql.Table('endpoint_v2', meta, autoload=True) | ||
4116 | 33 | new_table = sql.Table('endpoint_v3', meta, autoload=True) | ||
4117 | 34 | |||
4118 | 35 | session = orm.sessionmaker(bind=migrate_engine)() | ||
4119 | 36 | for ref in session.query(legacy_table).all(): | ||
4120 | 37 | # pull urls out of extra | ||
4121 | 38 | extra = json.loads(ref.extra) | ||
4122 | 39 | urls = dict((i, extra.pop('%surl' % i)) for i in ENDPOINT_TYPES) | ||
4123 | 40 | |||
4124 | 41 | for interface in ENDPOINT_TYPES: | ||
4125 | 42 | endpoint = { | ||
4126 | 43 | 'id': uuid.uuid4().hex, | ||
4127 | 44 | 'legacy_endpoint_id': ref.id, | ||
4128 | 45 | 'interface': interface, | ||
4129 | 46 | 'region': ref.region, | ||
4130 | 47 | 'service_id': ref.service_id, | ||
4131 | 48 | 'url': urls[interface], | ||
4132 | 49 | 'extra': json.dumps(extra), | ||
4133 | 50 | } | ||
4134 | 51 | session.execute( | ||
4135 | 52 | 'INSERT INTO `%s` (%s) VALUES (%s)' % ( | ||
4136 | 53 | new_table.name, | ||
4137 | 54 | ', '.join('%s' % k for k in endpoint.keys()), | ||
4138 | 55 | ', '.join("'%s'" % v for v in endpoint.values()))) | ||
4139 | 56 | session.commit() | ||
4140 | 57 | |||
4141 | 58 | |||
4142 | 59 | def downgrade(migrate_engine): | ||
4143 | 60 | """Re-create the v2 endpoints table based on v3 endpoints.""" | ||
4144 | 61 | meta = sql.MetaData() | ||
4145 | 62 | meta.bind = migrate_engine | ||
4146 | 63 | |||
4147 | 64 | legacy_table = sql.Table('endpoint_v2', meta, autoload=True) | ||
4148 | 65 | new_table = sql.Table('endpoint_v3', meta, autoload=True) | ||
4149 | 66 | |||
4150 | 67 | session = orm.sessionmaker(bind=migrate_engine)() | ||
4151 | 68 | for ref in session.query(new_table).all(): | ||
4152 | 69 | extra = json.loads(ref.extra) | ||
4153 | 70 | extra['%surl' % ref.interface] = ref.url | ||
4154 | 71 | endpoint = { | ||
4155 | 72 | 'id': ref.legacy_endpoint_id, | ||
4156 | 73 | 'region': ref.region, | ||
4157 | 74 | 'service_id': ref.service_id, | ||
4158 | 75 | 'extra': json.dumps(extra), | ||
4159 | 76 | } | ||
4160 | 77 | |||
4161 | 78 | try: | ||
4162 | 79 | session.execute( | ||
4163 | 80 | 'INSERT INTO `%s` (%s) VALUES (%s)' % ( | ||
4164 | 81 | legacy_table.name, | ||
4165 | 82 | ', '.join('%s' % k for k in endpoint.keys()), | ||
4166 | 83 | ', '.join("'%s'" % v for v in endpoint.values()))) | ||
4167 | 84 | except sql.exc.IntegrityError: | ||
4168 | 85 | q = session.query(legacy_table) | ||
4169 | 86 | q = q.filter_by(id=ref.legacy_endpoint_id) | ||
4170 | 87 | legacy_ref = q.one() | ||
4171 | 88 | extra = json.loads(legacy_ref.extra) | ||
4172 | 89 | extra['%surl' % ref.interface] = ref.url | ||
4173 | 90 | |||
4174 | 91 | session.execute( | ||
4175 | 92 | 'UPDATE `%s` SET extra=\'%s\' WHERE id="%s"' % ( | ||
4176 | 93 | legacy_table.name, | ||
4177 | 94 | json.dumps(extra), | ||
4178 | 95 | legacy_ref.id)) | ||
4179 | 96 | session.commit() | ||
4180 | 0 | 97 | ||
4181 | === added file 'keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py' | |||
4182 | --- keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py 1970-01-01 00:00:00 +0000 | |||
4183 | +++ keystone/common/sql/migrate_repo/versions/012_drop_legacy_endpoints.py 2013-01-25 16:27:23 +0000 | |||
4184 | @@ -0,0 +1,50 @@ | |||
4185 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
4186 | 2 | |||
4187 | 3 | # Copyright 2012 OpenStack LLC | ||
4188 | 4 | # | ||
4189 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
4190 | 6 | # not use this file except in compliance with the License. You may obtain | ||
4191 | 7 | # a copy of the License at | ||
4192 | 8 | # | ||
4193 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
4194 | 10 | # | ||
4195 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
4196 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
4197 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
4198 | 14 | # License for the specific language governing permissions and limitations | ||
4199 | 15 | # under the License. | ||
4200 | 16 | |||
4201 | 17 | import sqlalchemy as sql | ||
4202 | 18 | |||
4203 | 19 | |||
4204 | 20 | def upgrade(migrate_engine): | ||
4205 | 21 | """Replace API-version specific endpoint tables with one based on v3.""" | ||
4206 | 22 | meta = sql.MetaData() | ||
4207 | 23 | meta.bind = migrate_engine | ||
4208 | 24 | |||
4209 | 25 | legacy_table = sql.Table('endpoint_v2', meta, autoload=True) | ||
4210 | 26 | legacy_table.drop() | ||
4211 | 27 | |||
4212 | 28 | new_table = sql.Table('endpoint_v3', meta, autoload=True) | ||
4213 | 29 | new_table.rename('endpoint') | ||
4214 | 30 | |||
4215 | 31 | |||
4216 | 32 | def downgrade(migrate_engine): | ||
4217 | 33 | """Create API-version specific endpoint tables.""" | ||
4218 | 34 | meta = sql.MetaData() | ||
4219 | 35 | meta.bind = migrate_engine | ||
4220 | 36 | |||
4221 | 37 | new_table = sql.Table('endpoint', meta, autoload=True) | ||
4222 | 38 | new_table.rename('endpoint_v3') | ||
4223 | 39 | |||
4224 | 40 | legacy_table = sql.Table( | ||
4225 | 41 | 'endpoint_v2', | ||
4226 | 42 | meta, | ||
4227 | 43 | sql.Column('id', sql.String(64), primary_key=True), | ||
4228 | 44 | sql.Column('region', sql.String(255)), | ||
4229 | 45 | sql.Column('service_id', | ||
4230 | 46 | sql.String(64), | ||
4231 | 47 | sql.ForeignKey('service.id'), | ||
4232 | 48 | nullable=False), | ||
4233 | 49 | sql.Column('extra', sql.Text())) | ||
4234 | 50 | legacy_table.create(migrate_engine, checkfirst=True) | ||
4235 | 0 | 51 | ||
4236 | === added file 'keystone/common/sql/migrate_repo/versions/013_add_group_tables.py' | |||
4237 | --- keystone/common/sql/migrate_repo/versions/013_add_group_tables.py 1970-01-01 00:00:00 +0000 | |||
4238 | +++ keystone/common/sql/migrate_repo/versions/013_add_group_tables.py 2013-01-25 16:27:23 +0000 | |||
4239 | @@ -0,0 +1,93 @@ | |||
4240 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
4241 | 2 | |||
4242 | 3 | # Copyright 2012 OpenStack LLC | ||
4243 | 4 | # | ||
4244 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
4245 | 6 | # not use this file except in compliance with the License. You may obtain | ||
4246 | 7 | # a copy of the License at | ||
4247 | 8 | # | ||
4248 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
4249 | 10 | # | ||
4250 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
4251 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
4252 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
4253 | 14 | # License for the specific language governing permissions and limitations | ||
4254 | 15 | # under the License. | ||
4255 | 16 | |||
4256 | 17 | import sqlalchemy as sql | ||
4257 | 18 | |||
4258 | 19 | |||
4259 | 20 | def upgrade(migrate_engine): | ||
4260 | 21 | meta = sql.MetaData() | ||
4261 | 22 | meta.bind = migrate_engine | ||
4262 | 23 | |||
4263 | 24 | sql.Table('domain', meta, autoload=True) | ||
4264 | 25 | group_table = sql.Table( | ||
4265 | 26 | 'group', | ||
4266 | 27 | meta, | ||
4267 | 28 | sql.Column('id', sql.String(64), primary_key=True), | ||
4268 | 29 | sql.Column('domain_id', sql.String(64), sql.ForeignKey('domain.id')), | ||
4269 | 30 | sql.Column('name', sql.String(64), unique=True, nullable=False), | ||
4270 | 31 | sql.Column('description', sql.Text()), | ||
4271 | 32 | sql.Column('extra', sql.Text())) | ||
4272 | 33 | group_table.create(migrate_engine, checkfirst=True) | ||
4273 | 34 | |||
4274 | 35 | sql.Table('user', meta, autoload=True) | ||
4275 | 36 | user_group_membership_table = sql.Table( | ||
4276 | 37 | 'user_group_membership', | ||
4277 | 38 | meta, | ||
4278 | 39 | sql.Column( | ||
4279 | 40 | 'user_id', | ||
4280 | 41 | sql.String(64), | ||
4281 | 42 | sql.ForeignKey('user.id'), | ||
4282 | 43 | primary_key=True), | ||
4283 | 44 | sql.Column( | ||
4284 | 45 | 'group_id', | ||
4285 | 46 | sql.String(64), | ||
4286 | 47 | sql.ForeignKey('group.id'), | ||
4287 | 48 | primary_key=True)) | ||
4288 | 49 | user_group_membership_table.create(migrate_engine, checkfirst=True) | ||
4289 | 50 | |||
4290 | 51 | sql.Table('tenant', meta, autoload=True) | ||
4291 | 52 | group_project_metadata_table = sql.Table( | ||
4292 | 53 | 'group_project_metadata', | ||
4293 | 54 | meta, | ||
4294 | 55 | sql.Column( | ||
4295 | 56 | 'group_id', | ||
4296 | 57 | sql.String(64), | ||
4297 | 58 | sql.ForeignKey('group.id'), | ||
4298 | 59 | primary_key=True), | ||
4299 | 60 | sql.Column( | ||
4300 | 61 | 'project_id', | ||
4301 | 62 | sql.String(64), | ||
4302 | 63 | sql.ForeignKey('tenant.id'), | ||
4303 | 64 | primary_key=True), | ||
4304 | 65 | sql.Column('data', sql.Text())) | ||
4305 | 66 | group_project_metadata_table.create(migrate_engine, checkfirst=True) | ||
4306 | 67 | |||
4307 | 68 | group_domain_metadata_table = sql.Table( | ||
4308 | 69 | 'group_domain_metadata', | ||
4309 | 70 | meta, | ||
4310 | 71 | sql.Column( | ||
4311 | 72 | 'group_id', | ||
4312 | 73 | sql.String(64), | ||
4313 | 74 | sql.ForeignKey('group.id'), | ||
4314 | 75 | primary_key=True), | ||
4315 | 76 | sql.Column( | ||
4316 | 77 | 'domain_id', | ||
4317 | 78 | sql.String(64), | ||
4318 | 79 | sql.ForeignKey('domain.id'), | ||
4319 | 80 | primary_key=True), | ||
4320 | 81 | sql.Column('data', sql.Text())) | ||
4321 | 82 | group_domain_metadata_table.create(migrate_engine, checkfirst=True) | ||
4322 | 83 | |||
4323 | 84 | |||
4324 | 85 | def downgrade(migrate_engine): | ||
4325 | 86 | meta = sql.MetaData() | ||
4326 | 87 | meta.bind = migrate_engine | ||
4327 | 88 | |||
4328 | 89 | tables = ['user_group_membership', 'group_project_metadata', | ||
4329 | 90 | 'group_domain_metadata', 'group'] | ||
4330 | 91 | for t in tables: | ||
4331 | 92 | table = sql.Table(t, meta, autoload=True) | ||
4332 | 93 | table.drop(migrate_engine, checkfirst=True) | ||
4333 | 0 | 94 | ||
4334 | === modified file 'keystone/common/sql/migration.py' | |||
4335 | --- keystone/common/sql/migration.py 2012-06-22 12:27:50 +0000 | |||
4336 | +++ keystone/common/sql/migration.py 2013-01-25 16:27:23 +0000 | |||
4337 | @@ -44,7 +44,7 @@ | |||
4338 | 44 | try: | 44 | try: |
4339 | 45 | version = int(version) | 45 | version = int(version) |
4340 | 46 | except ValueError: | 46 | except ValueError: |
4342 | 47 | raise Exception('version should be an integer') | 47 | raise Exception(_('version should be an integer')) |
4343 | 48 | 48 | ||
4344 | 49 | current_version = db_version() | 49 | current_version = db_version() |
4345 | 50 | repo_path = _find_migrate_repo() | 50 | repo_path = _find_migrate_repo() |
4346 | 51 | 51 | ||
4347 | === modified file 'keystone/common/sql/nova.py' | |||
4348 | --- keystone/common/sql/nova.py 2012-06-22 12:27:50 +0000 | |||
4349 | +++ keystone/common/sql/nova.py 2013-01-25 16:27:23 +0000 | |||
4350 | @@ -55,7 +55,7 @@ | |||
4351 | 55 | 'enabled': True, | 55 | 'enabled': True, |
4352 | 56 | } | 56 | } |
4353 | 57 | tenant_map[tenant['id']] = tenant_dict['id'] | 57 | tenant_map[tenant['id']] = tenant_dict['id'] |
4355 | 58 | LOG.debug('Create tenant %s' % tenant_dict) | 58 | LOG.debug(_('Create tenant %s') % tenant_dict) |
4356 | 59 | api.create_tenant(tenant_dict['id'], tenant_dict) | 59 | api.create_tenant(tenant_dict['id'], tenant_dict) |
4357 | 60 | return tenant_map | 60 | return tenant_map |
4358 | 61 | 61 | ||
4359 | @@ -71,7 +71,7 @@ | |||
4360 | 71 | 'enabled': True, | 71 | 'enabled': True, |
4361 | 72 | } | 72 | } |
4362 | 73 | user_map[user['id']] = user_dict['id'] | 73 | user_map[user['id']] = user_dict['id'] |
4364 | 74 | LOG.debug('Create user %s' % user_dict) | 74 | LOG.debug(_('Create user %s') % user_dict) |
4365 | 75 | api.create_user(user_dict['id'], user_dict) | 75 | api.create_user(user_dict['id'], user_dict) |
4366 | 76 | return user_map | 76 | return user_map |
4367 | 77 | 77 | ||
4368 | @@ -80,7 +80,7 @@ | |||
4369 | 80 | for membership in memberships: | 80 | for membership in memberships: |
4370 | 81 | user_id = user_map[membership['user_id']] | 81 | user_id = user_map[membership['user_id']] |
4371 | 82 | tenant_id = tenant_map[membership['tenant_id']] | 82 | tenant_id = tenant_map[membership['tenant_id']] |
4373 | 83 | LOG.debug('Add user %s to tenant %s' % (user_id, tenant_id)) | 83 | LOG.debug(_('Add user %s to tenant %s') % (user_id, tenant_id)) |
4374 | 84 | api.add_user_to_tenant(tenant_id, user_id) | 84 | api.add_user_to_tenant(tenant_id, user_id) |
4375 | 85 | 85 | ||
4376 | 86 | 86 | ||
4377 | @@ -88,14 +88,14 @@ | |||
4378 | 88 | role_map = dict((r['name'], r['id']) for r in api.list_roles()) | 88 | role_map = dict((r['name'], r['id']) for r in api.list_roles()) |
4379 | 89 | for role in roles: | 89 | for role in roles: |
4380 | 90 | if role in role_map: | 90 | if role in role_map: |
4382 | 91 | LOG.debug('Ignoring existing role %s' % role) | 91 | LOG.debug(_('Ignoring existing role %s') % role) |
4383 | 92 | continue | 92 | continue |
4384 | 93 | role_dict = { | 93 | role_dict = { |
4385 | 94 | 'id': _generate_uuid(), | 94 | 'id': _generate_uuid(), |
4386 | 95 | 'name': role, | 95 | 'name': role, |
4387 | 96 | } | 96 | } |
4388 | 97 | role_map[role] = role_dict['id'] | 97 | role_map[role] = role_dict['id'] |
4390 | 98 | LOG.debug('Create role %s' % role_dict) | 98 | LOG.debug(_('Create role %s') % role_dict) |
4391 | 99 | api.create_role(role_dict['id'], role_dict) | 99 | api.create_role(role_dict['id'], role_dict) |
4392 | 100 | return role_map | 100 | return role_map |
4393 | 101 | 101 | ||
4394 | @@ -105,7 +105,7 @@ | |||
4395 | 105 | role_id = role_map[assignment['role']] | 105 | role_id = role_map[assignment['role']] |
4396 | 106 | user_id = user_map[assignment['user_id']] | 106 | user_id = user_map[assignment['user_id']] |
4397 | 107 | tenant_id = tenant_map[assignment['tenant_id']] | 107 | tenant_id = tenant_map[assignment['tenant_id']] |
4399 | 108 | LOG.debug('Assign role %s to user %s on tenant %s' % | 108 | LOG.debug(_('Assign role %s to user %s on tenant %s') % |
4400 | 109 | (role_id, user_id, tenant_id)) | 109 | (role_id, user_id, tenant_id)) |
4401 | 110 | api.add_role_to_user_and_tenant(user_id, tenant_id, role_id) | 110 | api.add_role_to_user_and_tenant(user_id, tenant_id, role_id) |
4402 | 111 | 111 | ||
4403 | @@ -120,6 +120,6 @@ | |||
4404 | 120 | 'user_id': user_id, | 120 | 'user_id': user_id, |
4405 | 121 | 'tenant_id': tenant_id, | 121 | 'tenant_id': tenant_id, |
4406 | 122 | } | 122 | } |
4408 | 123 | LOG.debug('Creating ec2 cred for user %s and tenant %s' % | 123 | LOG.debug(_('Creating ec2 cred for user %s and tenant %s') % |
4409 | 124 | (user_id, tenant_id)) | 124 | (user_id, tenant_id)) |
4410 | 125 | ec2_api.create_credential(None, cred_dict) | 125 | ec2_api.create_credential(None, cred_dict) |
4411 | 126 | 126 | ||
4412 | === modified file 'keystone/common/utils.py' | |||
4413 | --- keystone/common/utils.py 2012-11-02 13:48:49 +0000 | |||
4414 | +++ keystone/common/utils.py 2013-01-25 16:27:23 +0000 | |||
4415 | @@ -31,6 +31,7 @@ | |||
4416 | 31 | 31 | ||
4417 | 32 | from keystone.common import logging | 32 | from keystone.common import logging |
4418 | 33 | from keystone import config | 33 | from keystone import config |
4419 | 34 | from keystone import exception | ||
4420 | 34 | 35 | ||
4421 | 35 | 36 | ||
4422 | 36 | CONF = config.CONF | 37 | CONF = config.CONF |
4423 | @@ -89,8 +90,8 @@ | |||
4424 | 89 | credentials['verb'], | 90 | credentials['verb'], |
4425 | 90 | credentials['host'], | 91 | credentials['host'], |
4426 | 91 | credentials['path']) | 92 | credentials['path']) |
4429 | 92 | raise Exception('Unknown Signature Version: %s' % | 93 | raise Exception(_('Unknown Signature Version: %s' % |
4430 | 93 | credentials['params']['SignatureVersion']) | 94 | credentials['params']['SignatureVersion'])) |
4431 | 94 | 95 | ||
4432 | 95 | @staticmethod | 96 | @staticmethod |
4433 | 96 | def _get_utf8_value(value): | 97 | def _get_utf8_value(value): |
4434 | @@ -120,7 +121,7 @@ | |||
4435 | 120 | 121 | ||
4436 | 121 | def _calc_signature_2(self, params, verb, server_string, path): | 122 | def _calc_signature_2(self, params, verb, server_string, path): |
4437 | 122 | """Generate AWS signature version 2 string.""" | 123 | """Generate AWS signature version 2 string.""" |
4439 | 123 | LOG.debug('using _calc_signature_2') | 124 | LOG.debug(_('using _calc_signature_2')) |
4440 | 124 | string_to_sign = '%s\n%s\n%s\n' % (verb, server_string, path) | 125 | string_to_sign = '%s\n%s\n%s\n' % (verb, server_string, path) |
4441 | 125 | if self.hmac_256: | 126 | if self.hmac_256: |
4442 | 126 | current_hmac = self.hmac_256 | 127 | current_hmac = self.hmac_256 |
4443 | @@ -136,22 +137,25 @@ | |||
4444 | 136 | val = urllib.quote(val, safe='-_~') | 137 | val = urllib.quote(val, safe='-_~') |
4445 | 137 | pairs.append(urllib.quote(key, safe='') + '=' + val) | 138 | pairs.append(urllib.quote(key, safe='') + '=' + val) |
4446 | 138 | qs = '&'.join(pairs) | 139 | qs = '&'.join(pairs) |
4448 | 139 | LOG.debug('query string: %s', qs) | 140 | LOG.debug(_('query string: %s'), qs) |
4449 | 140 | string_to_sign += qs | 141 | string_to_sign += qs |
4451 | 141 | LOG.debug('string_to_sign: %s', string_to_sign) | 142 | LOG.debug(_('string_to_sign: %s'), string_to_sign) |
4452 | 142 | current_hmac.update(string_to_sign) | 143 | current_hmac.update(string_to_sign) |
4453 | 143 | b64 = base64.b64encode(current_hmac.digest()) | 144 | b64 = base64.b64encode(current_hmac.digest()) |
4456 | 144 | LOG.debug('len(b64)=%d', len(b64)) | 145 | LOG.debug(_('len(b64)=%d'), len(b64)) |
4457 | 145 | LOG.debug('base64 encoded digest: %s', b64) | 146 | LOG.debug(_('base64 encoded digest: %s'), b64) |
4458 | 146 | return b64 | 147 | return b64 |
4459 | 147 | 148 | ||
4460 | 148 | 149 | ||
4461 | 149 | def trunc_password(password): | 150 | def trunc_password(password): |
4462 | 150 | """Truncate passwords to the MAX_PASSWORD_LENGTH.""" | 151 | """Truncate passwords to the MAX_PASSWORD_LENGTH.""" |
4467 | 151 | if len(password) > MAX_PASSWORD_LENGTH: | 152 | try: |
4468 | 152 | return password[:MAX_PASSWORD_LENGTH] | 153 | if len(password) > MAX_PASSWORD_LENGTH: |
4469 | 153 | else: | 154 | return password[:MAX_PASSWORD_LENGTH] |
4470 | 154 | return password | 155 | else: |
4471 | 156 | return password | ||
4472 | 157 | except TypeError: | ||
4473 | 158 | raise exception.ValidationError(attribute='string', target='password') | ||
4474 | 155 | 159 | ||
4475 | 156 | 160 | ||
4476 | 157 | def hash_user_password(user): | 161 | def hash_user_password(user): |
4477 | @@ -288,3 +292,22 @@ | |||
4478 | 288 | hash_ = hashlib.md5() | 292 | hash_ = hashlib.md5() |
4479 | 289 | hash_.update(signed_text) | 293 | hash_.update(signed_text) |
4480 | 290 | return hash_.hexdigest() | 294 | return hash_.hexdigest() |
4481 | 295 | |||
4482 | 296 | |||
4483 | 297 | def setup_remote_pydev_debug(): | ||
4484 | 298 | if CONF.pydev_debug_host and CONF.pydev_debug_port: | ||
4485 | 299 | error_msg = ('Error setting up the debug environment. Verify that the' | ||
4486 | 300 | ' option --debug-url has the format <host>:<port> and ' | ||
4487 | 301 | 'that a debugger processes is listening on that port.') | ||
4488 | 302 | |||
4489 | 303 | try: | ||
4490 | 304 | from pydev import pydevd | ||
4491 | 305 | |||
4492 | 306 | pydevd.settrace(CONF.pydev_debug_host, | ||
4493 | 307 | port=CONF.pydev_debug_port, | ||
4494 | 308 | stdoutToServer=True, | ||
4495 | 309 | stderrToServer=True) | ||
4496 | 310 | return True | ||
4497 | 311 | except: | ||
4498 | 312 | LOG.exception(_(error_msg)) | ||
4499 | 313 | raise | ||
4500 | 291 | 314 | ||
4501 | === modified file 'keystone/common/wsgi.py' | |||
4502 | --- keystone/common/wsgi.py 2012-11-23 09:01:53 +0000 | |||
4503 | +++ keystone/common/wsgi.py 2013-01-25 16:27:23 +0000 | |||
4504 | @@ -70,7 +70,7 @@ | |||
4505 | 70 | 70 | ||
4506 | 71 | def start(self, key=None, backlog=128): | 71 | def start(self, key=None, backlog=128): |
4507 | 72 | """Run a WSGI server with the given application.""" | 72 | """Run a WSGI server with the given application.""" |
4509 | 73 | LOG.debug('Starting %(arg0)s on %(host)s:%(port)s' % | 73 | LOG.debug(_('Starting %(arg0)s on %(host)s:%(port)s') % |
4510 | 74 | {'arg0': sys.argv[0], | 74 | {'arg0': sys.argv[0], |
4511 | 75 | 'host': self.host, | 75 | 'host': self.host, |
4512 | 76 | 'port': self.port}) | 76 | 'port': self.port}) |
4513 | @@ -193,7 +193,7 @@ | |||
4514 | 193 | arg_dict = req.environ['wsgiorg.routing_args'][1] | 193 | arg_dict = req.environ['wsgiorg.routing_args'][1] |
4515 | 194 | action = arg_dict.pop('action') | 194 | action = arg_dict.pop('action') |
4516 | 195 | del arg_dict['controller'] | 195 | del arg_dict['controller'] |
4518 | 196 | LOG.debug('arg_dict: %s', arg_dict) | 196 | LOG.debug(_('arg_dict: %s'), arg_dict) |
4519 | 197 | 197 | ||
4520 | 198 | # allow middleware up the stack to provide context & params | 198 | # allow middleware up the stack to provide context & params |
4521 | 199 | context = req.environ.get(CONTEXT_ENV, {}) | 199 | context = req.environ.get(CONTEXT_ENV, {}) |
4522 | @@ -214,7 +214,7 @@ | |||
4523 | 214 | try: | 214 | try: |
4524 | 215 | result = method(context, **params) | 215 | result = method(context, **params) |
4525 | 216 | except exception.Unauthorized as e: | 216 | except exception.Unauthorized as e: |
4527 | 217 | LOG.warning("Authorization failed. %s from %s" | 217 | LOG.warning(_("Authorization failed. %s from %s") |
4528 | 218 | % (e, req.environ['REMOTE_ADDR'])) | 218 | % (e, req.environ['REMOTE_ADDR'])) |
4529 | 219 | return render_exception(e) | 219 | return render_exception(e) |
4530 | 220 | except exception.Error as e: | 220 | except exception.Error as e: |
4531 | @@ -427,7 +427,7 @@ | |||
4532 | 427 | match = req.environ['wsgiorg.routing_args'][1] | 427 | match = req.environ['wsgiorg.routing_args'][1] |
4533 | 428 | if not match: | 428 | if not match: |
4534 | 429 | return render_exception( | 429 | return render_exception( |
4536 | 430 | exception.NotFound(message='The resource could not be found.')) | 430 | exception.NotFound(_('The resource could not be found.'))) |
4537 | 431 | app = match['controller'] | 431 | app = match['controller'] |
4538 | 432 | return app | 432 | return app |
4539 | 433 | 433 | ||
4540 | 434 | 434 | ||
4541 | === modified file 'keystone/config.py' | |||
4542 | --- keystone/config.py 2012-11-23 09:01:53 +0000 | |||
4543 | +++ keystone/config.py 2013-01-25 16:27:23 +0000 | |||
4544 | @@ -41,8 +41,8 @@ | |||
4545 | 41 | logging.config.fileConfig(conf.log_config) | 41 | logging.config.fileConfig(conf.log_config) |
4546 | 42 | return | 42 | return |
4547 | 43 | else: | 43 | else: |
4550 | 44 | raise RuntimeError('Unable to locate specified logging ' | 44 | raise RuntimeError(_('Unable to locate specified logging ' |
4551 | 45 | 'config file: %s' % conf.log_config) | 45 | 'config file: %s') % conf.log_config) |
4552 | 46 | 46 | ||
4553 | 47 | root_logger = logging.root | 47 | root_logger = logging.root |
4554 | 48 | if conf.debug: | 48 | if conf.debug: |
4555 | @@ -122,6 +122,12 @@ | |||
4556 | 122 | group = kw.pop('group', None) | 122 | group = kw.pop('group', None) |
4557 | 123 | return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group) | 123 | return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group) |
4558 | 124 | 124 | ||
4559 | 125 | |||
4560 | 126 | register_cli_bool('standard-threads', default=False) | ||
4561 | 127 | |||
4562 | 128 | register_cli_str('pydev-debug-host', default=None) | ||
4563 | 129 | register_cli_int('pydev-debug-port', default=None) | ||
4564 | 130 | |||
4565 | 125 | register_str('admin_token', default='ADMIN') | 131 | register_str('admin_token', default='ADMIN') |
4566 | 126 | register_str('bind_host', default='0.0.0.0') | 132 | register_str('bind_host', default='0.0.0.0') |
4567 | 127 | register_str('compute_port', default=8774) | 133 | register_str('compute_port', default=8774) |
4568 | @@ -129,7 +135,6 @@ | |||
4569 | 129 | register_str('public_port', default=5000) | 135 | register_str('public_port', default=5000) |
4570 | 130 | register_str('onready') | 136 | register_str('onready') |
4571 | 131 | register_str('auth_admin_prefix', default='') | 137 | register_str('auth_admin_prefix', default='') |
4572 | 132 | register_bool('standard-threads', default=False) | ||
4573 | 133 | register_str('policy_file', default='policy.json') | 138 | register_str('policy_file', default='policy.json') |
4574 | 134 | register_str('policy_default_rule', default=None) | 139 | register_str('policy_default_rule', default=None) |
4575 | 135 | 140 | ||
4576 | @@ -221,6 +226,17 @@ | |||
4577 | 221 | register_bool('role_allow_update', group='ldap', default=True) | 226 | register_bool('role_allow_update', group='ldap', default=True) |
4578 | 222 | register_bool('role_allow_delete', group='ldap', default=True) | 227 | register_bool('role_allow_delete', group='ldap', default=True) |
4579 | 223 | 228 | ||
4580 | 229 | register_str('group_tree_dn', group='ldap', default=None) | ||
4581 | 230 | register_str('group_filter', group='ldap', default=None) | ||
4582 | 231 | register_str('group_objectclass', group='ldap', default='groupOfNames') | ||
4583 | 232 | register_str('group_id_attribute', group='ldap', default='cn') | ||
4584 | 233 | register_str('group_name_attribute', group='ldap', default='ou') | ||
4585 | 234 | register_str('group_member_attribute', group='ldap', default='member') | ||
4586 | 235 | register_str('group_desc_attribute', group='ldap', default='desc') | ||
4587 | 236 | register_list('group_attribute_ignore', group='ldap', default='') | ||
4588 | 237 | register_bool('group_allow_create', group='ldap', default=True) | ||
4589 | 238 | register_bool('group_allow_update', group='ldap', default=True) | ||
4590 | 239 | register_bool('group_allow_delete', group='ldap', default=True) | ||
4591 | 224 | #pam | 240 | #pam |
4592 | 225 | register_str('url', group='pam', default=None) | 241 | register_str('url', group='pam', default=None) |
4593 | 226 | register_str('userid', group='pam', default=None) | 242 | register_str('userid', group='pam', default=None) |
4594 | 227 | 243 | ||
4595 | === modified file 'keystone/contrib/admin_crud/core.py' | |||
4596 | --- keystone/contrib/admin_crud/core.py 2012-07-06 10:37:01 +0000 | |||
4597 | +++ keystone/contrib/admin_crud/core.py 2013-01-25 16:27:23 +0000 | |||
4598 | @@ -13,7 +13,6 @@ | |||
4599 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
4600 | 14 | # License for the specific language governing permissions and limitations | 14 | # License for the specific language governing permissions and limitations |
4601 | 15 | # under the License. | 15 | # under the License. |
4602 | 16 | |||
4603 | 17 | from keystone import catalog | 16 | from keystone import catalog |
4604 | 18 | from keystone.common import wsgi | 17 | from keystone.common import wsgi |
4605 | 19 | from keystone import identity | 18 | from keystone import identity |
4606 | @@ -27,11 +26,11 @@ | |||
4607 | 27 | """ | 26 | """ |
4608 | 28 | 27 | ||
4609 | 29 | def add_routes(self, mapper): | 28 | def add_routes(self, mapper): |
4615 | 30 | tenant_controller = identity.TenantController() | 29 | tenant_controller = identity.controllers.Tenant() |
4616 | 31 | user_controller = identity.UserController() | 30 | user_controller = identity.controllers.User() |
4617 | 32 | role_controller = identity.RoleController() | 31 | role_controller = identity.controllers.Role() |
4618 | 33 | service_controller = catalog.ServiceController() | 32 | service_controller = catalog.controllers.Service() |
4619 | 34 | endpoint_controller = catalog.EndpointController() | 33 | endpoint_controller = catalog.controllers.Endpoint() |
4620 | 35 | 34 | ||
4621 | 36 | # Tenant Operations | 35 | # Tenant Operations |
4622 | 37 | mapper.connect( | 36 | mapper.connect( |
4623 | 38 | 37 | ||
4624 | === modified file 'keystone/contrib/ec2/core.py' | |||
4625 | --- keystone/contrib/ec2/core.py 2012-11-23 09:01:53 +0000 | |||
4626 | +++ keystone/contrib/ec2/core.py 2013-01-25 16:27:23 +0000 | |||
4627 | @@ -36,21 +36,20 @@ | |||
4628 | 36 | 36 | ||
4629 | 37 | import uuid | 37 | import uuid |
4630 | 38 | 38 | ||
4632 | 39 | from keystone import catalog | 39 | from keystone.common import controller |
4633 | 40 | from keystone.common import dependency | ||
4634 | 40 | from keystone.common import manager | 41 | from keystone.common import manager |
4635 | 41 | from keystone.common import utils | 42 | from keystone.common import utils |
4636 | 42 | from keystone.common import wsgi | 43 | from keystone.common import wsgi |
4637 | 43 | from keystone import config | 44 | from keystone import config |
4638 | 44 | from keystone import exception | 45 | from keystone import exception |
4639 | 45 | from keystone import identity | ||
4640 | 46 | from keystone import policy | ||
4641 | 47 | from keystone import service | ||
4642 | 48 | from keystone import token | 46 | from keystone import token |
4643 | 49 | 47 | ||
4644 | 50 | 48 | ||
4645 | 51 | CONF = config.CONF | 49 | CONF = config.CONF |
4646 | 52 | 50 | ||
4647 | 53 | 51 | ||
4648 | 52 | @dependency.provider('ec2_api') | ||
4649 | 54 | class Manager(manager.Manager): | 53 | class Manager(manager.Manager): |
4650 | 55 | """Default pivot point for the EC2 Credentials backend. | 54 | """Default pivot point for the EC2 Credentials backend. |
4651 | 56 | 55 | ||
4652 | @@ -96,15 +95,8 @@ | |||
4653 | 96 | conditions=dict(method=['DELETE'])) | 95 | conditions=dict(method=['DELETE'])) |
4654 | 97 | 96 | ||
4655 | 98 | 97 | ||
4665 | 99 | class Ec2Controller(wsgi.Application): | 98 | @dependency.requires('catalog_api', 'ec2_api') |
4666 | 100 | def __init__(self): | 99 | class Ec2Controller(controller.V2Controller): |
4658 | 101 | self.catalog_api = catalog.Manager() | ||
4659 | 102 | self.identity_api = identity.Manager() | ||
4660 | 103 | self.token_api = token.Manager() | ||
4661 | 104 | self.policy_api = policy.Manager() | ||
4662 | 105 | self.ec2_api = Manager() | ||
4663 | 106 | super(Ec2Controller, self).__init__() | ||
4664 | 107 | |||
4667 | 108 | def check_signature(self, creds_ref, credentials): | 100 | def check_signature(self, creds_ref, credentials): |
4668 | 109 | signer = utils.Ec2Signer(creds_ref['secret']) | 101 | signer = utils.Ec2Signer(creds_ref['secret']) |
4669 | 110 | signature = signer.generate(credentials) | 102 | signature = signer.generate(credentials) |
4670 | @@ -190,12 +182,10 @@ | |||
4671 | 190 | tenant=tenant_ref, | 182 | tenant=tenant_ref, |
4672 | 191 | metadata=metadata_ref)) | 183 | metadata=metadata_ref)) |
4673 | 192 | 184 | ||
4674 | 193 | # TODO(termie): make this a util function or something | ||
4675 | 194 | # TODO(termie): i don't think the ec2 middleware currently expects a | 185 | # TODO(termie): i don't think the ec2 middleware currently expects a |
4676 | 195 | # full return, but it contains a note saying that it | 186 | # full return, but it contains a note saying that it |
4677 | 196 | # would be better to expect a full return | 187 | # would be better to expect a full return |
4680 | 197 | token_controller = service.TokenController() | 188 | return token.controllers.Auth.format_authenticate( |
4679 | 198 | return token_controller._format_authenticate( | ||
4681 | 199 | token_ref, roles_ref, catalog_ref) | 189 | token_ref, roles_ref, catalog_ref) |
4682 | 200 | 190 | ||
4683 | 201 | def create_credential(self, context, user_id, tenant_id): | 191 | def create_credential(self, context, user_id, tenant_id): |
4684 | 202 | 192 | ||
4685 | === modified file 'keystone/contrib/user_crud/core.py' | |||
4686 | --- keystone/contrib/user_crud/core.py 2012-11-23 09:01:53 +0000 | |||
4687 | +++ keystone/contrib/user_crud/core.py 2013-01-25 16:27:23 +0000 | |||
4688 | @@ -20,20 +20,13 @@ | |||
4689 | 20 | from keystone import exception | 20 | from keystone import exception |
4690 | 21 | from keystone.common import logging | 21 | from keystone.common import logging |
4691 | 22 | from keystone.common import wsgi | 22 | from keystone.common import wsgi |
4695 | 23 | from keystone.identity import Manager as IdentityManager | 23 | from keystone import identity |
4693 | 24 | from keystone.identity import UserController as UserManager | ||
4694 | 25 | from keystone.token import Manager as TokenManager | ||
4696 | 26 | 24 | ||
4697 | 27 | 25 | ||
4698 | 28 | LOG = logging.getLogger(__name__) | 26 | LOG = logging.getLogger(__name__) |
4699 | 29 | 27 | ||
4700 | 30 | 28 | ||
4707 | 31 | class UserController(wsgi.Application): | 29 | class UserController(identity.controllers.User): |
4702 | 32 | def __init__(self): | ||
4703 | 33 | self.identity_api = IdentityManager() | ||
4704 | 34 | self.token_api = TokenManager() | ||
4705 | 35 | self.user_controller = UserManager() | ||
4706 | 36 | |||
4708 | 37 | def set_user_password(self, context, user_id, user): | 30 | def set_user_password(self, context, user_id, user): |
4709 | 38 | token_id = context.get('token_id') | 31 | token_id = context.get('token_id') |
4710 | 39 | original_password = user.get('original_password') | 32 | original_password = user.get('original_password') |
4711 | @@ -63,9 +56,9 @@ | |||
4712 | 63 | 56 | ||
4713 | 64 | admin_context = copy.copy(context) | 57 | admin_context = copy.copy(context) |
4714 | 65 | admin_context['is_admin'] = True | 58 | admin_context['is_admin'] = True |
4718 | 66 | self.user_controller.set_user_password(admin_context, | 59 | super(UserController, self).set_user_password(admin_context, |
4719 | 67 | user_id, | 60 | user_id, |
4720 | 68 | update_dict) | 61 | update_dict) |
4721 | 69 | 62 | ||
4722 | 70 | token_id = uuid.uuid4().hex | 63 | token_id = uuid.uuid4().hex |
4723 | 71 | new_token_ref = copy.copy(token_ref) | 64 | new_token_ref = copy.copy(token_ref) |
4724 | 72 | 65 | ||
4725 | === added file 'keystone/controllers.py' | |||
4726 | --- keystone/controllers.py 1970-01-01 00:00:00 +0000 | |||
4727 | +++ keystone/controllers.py 2013-01-25 16:27:23 +0000 | |||
4728 | @@ -0,0 +1,144 @@ | |||
4729 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
4730 | 2 | |||
4731 | 3 | # Copyright 2012 OpenStack LLC | ||
4732 | 4 | # | ||
4733 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
4734 | 6 | # not use this file except in compliance with the License. You may obtain | ||
4735 | 7 | # a copy of the License at | ||
4736 | 8 | # | ||
4737 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
4738 | 10 | # | ||
4739 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
4740 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
4741 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
4742 | 14 | # License for the specific language governing permissions and limitations | ||
4743 | 15 | # under the License. | ||
4744 | 16 | |||
4745 | 17 | from keystone.common import wsgi | ||
4746 | 18 | from keystone import catalog | ||
4747 | 19 | from keystone import exception | ||
4748 | 20 | |||
4749 | 21 | |||
4750 | 22 | class Extensions(wsgi.Application): | ||
4751 | 23 | """Base extensions controller to be extended by public and admin API's.""" | ||
4752 | 24 | |||
4753 | 25 | def __init__(self, extensions=None): | ||
4754 | 26 | super(Extensions, self).__init__() | ||
4755 | 27 | |||
4756 | 28 | self.extensions = extensions or {} | ||
4757 | 29 | |||
4758 | 30 | def get_extensions_info(self, context): | ||
4759 | 31 | return {'extensions': {'values': self.extensions.values()}} | ||
4760 | 32 | |||
4761 | 33 | def get_extension_info(self, context, extension_alias): | ||
4762 | 34 | try: | ||
4763 | 35 | return {'extension': self.extensions[extension_alias]} | ||
4764 | 36 | except KeyError: | ||
4765 | 37 | raise exception.NotFound(target=extension_alias) | ||
4766 | 38 | |||
4767 | 39 | |||
4768 | 40 | class AdminExtensions(Extensions): | ||
4769 | 41 | def __init__(self, *args, **kwargs): | ||
4770 | 42 | super(AdminExtensions, self).__init__(*args, **kwargs) | ||
4771 | 43 | |||
4772 | 44 | # TODO(dolph): Extensions should obviously provide this information | ||
4773 | 45 | # themselves, but hardcoding it here allows us to match | ||
4774 | 46 | # the API spec in the short term with minimal complexity. | ||
4775 | 47 | self.extensions['OS-KSADM'] = { | ||
4776 | 48 | 'name': 'Openstack Keystone Admin', | ||
4777 | 49 | 'namespace': 'http://docs.openstack.org/identity/api/ext/' | ||
4778 | 50 | 'OS-KSADM/v1.0', | ||
4779 | 51 | 'alias': 'OS-KSADM', | ||
4780 | 52 | 'updated': '2011-08-19T13:25:27-06:00', | ||
4781 | 53 | 'description': 'Openstack extensions to Keystone v2.0 API ' | ||
4782 | 54 | 'enabling Admin Operations.', | ||
4783 | 55 | 'links': [ | ||
4784 | 56 | { | ||
4785 | 57 | 'rel': 'describedby', | ||
4786 | 58 | # TODO(dolph): link needs to be revised after | ||
4787 | 59 | # bug 928059 merges | ||
4788 | 60 | 'type': 'text/html', | ||
4789 | 61 | 'href': 'https://github.com/openstack/identity-api', | ||
4790 | 62 | } | ||
4791 | 63 | ] | ||
4792 | 64 | } | ||
4793 | 65 | |||
4794 | 66 | |||
4795 | 67 | class PublicExtensions(Extensions): | ||
4796 | 68 | pass | ||
4797 | 69 | |||
4798 | 70 | |||
4799 | 71 | class Version(wsgi.Application): | ||
4800 | 72 | def __init__(self, version_type): | ||
4801 | 73 | self.catalog_api = catalog.Manager() | ||
4802 | 74 | self.url_key = '%sURL' % version_type | ||
4803 | 75 | |||
4804 | 76 | super(Version, self).__init__() | ||
4805 | 77 | |||
4806 | 78 | def _get_identity_url(self, context): | ||
4807 | 79 | catalog_ref = self.catalog_api.get_catalog(context=context, | ||
4808 | 80 | user_id=None, | ||
4809 | 81 | tenant_id=None) | ||
4810 | 82 | for region, region_ref in catalog_ref.iteritems(): | ||
4811 | 83 | for service, service_ref in region_ref.iteritems(): | ||
4812 | 84 | if service == 'identity': | ||
4813 | 85 | return service_ref[self.url_key] | ||
4814 | 86 | |||
4815 | 87 | raise exception.NotImplemented() | ||
4816 | 88 | |||
4817 | 89 | def _get_versions_list(self, context): | ||
4818 | 90 | """The list of versions is dependent on the context.""" | ||
4819 | 91 | identity_url = self._get_identity_url(context) | ||
4820 | 92 | if not identity_url.endswith('/'): | ||
4821 | 93 | identity_url = identity_url + '/' | ||
4822 | 94 | |||
4823 | 95 | versions = {} | ||
4824 | 96 | versions['v2.0'] = { | ||
4825 | 97 | 'id': 'v2.0', | ||
4826 | 98 | 'status': 'beta', | ||
4827 | 99 | 'updated': '2011-11-19T00:00:00Z', | ||
4828 | 100 | 'links': [ | ||
4829 | 101 | { | ||
4830 | 102 | 'rel': 'self', | ||
4831 | 103 | 'href': identity_url, | ||
4832 | 104 | }, { | ||
4833 | 105 | 'rel': 'describedby', | ||
4834 | 106 | 'type': 'text/html', | ||
4835 | 107 | 'href': 'http://docs.openstack.org/api/openstack-' | ||
4836 | 108 | 'identity-service/2.0/content/' | ||
4837 | 109 | }, { | ||
4838 | 110 | 'rel': 'describedby', | ||
4839 | 111 | 'type': 'application/pdf', | ||
4840 | 112 | 'href': 'http://docs.openstack.org/api/openstack-' | ||
4841 | 113 | 'identity-service/2.0/identity-dev-guide-' | ||
4842 | 114 | '2.0.pdf' | ||
4843 | 115 | } | ||
4844 | 116 | ], | ||
4845 | 117 | 'media-types': [ | ||
4846 | 118 | { | ||
4847 | 119 | 'base': 'application/json', | ||
4848 | 120 | 'type': 'application/vnd.openstack.identity-v2.0' | ||
4849 | 121 | '+json' | ||
4850 | 122 | }, { | ||
4851 | 123 | 'base': 'application/xml', | ||
4852 | 124 | 'type': 'application/vnd.openstack.identity-v2.0' | ||
4853 | 125 | '+xml' | ||
4854 | 126 | } | ||
4855 | 127 | ] | ||
4856 | 128 | } | ||
4857 | 129 | |||
4858 | 130 | return versions | ||
4859 | 131 | |||
4860 | 132 | def get_versions(self, context): | ||
4861 | 133 | versions = self._get_versions_list(context) | ||
4862 | 134 | return wsgi.render_response(status=(300, 'Multiple Choices'), body={ | ||
4863 | 135 | 'versions': { | ||
4864 | 136 | 'values': versions.values() | ||
4865 | 137 | } | ||
4866 | 138 | }) | ||
4867 | 139 | |||
4868 | 140 | def get_version(self, context): | ||
4869 | 141 | versions = self._get_versions_list(context) | ||
4870 | 142 | return wsgi.render_response(body={ | ||
4871 | 143 | 'version': versions['v2.0'] | ||
4872 | 144 | }) | ||
4873 | 0 | 145 | ||
4874 | === modified file 'keystone/exception.py' | |||
4875 | --- keystone/exception.py 2012-11-23 09:01:53 +0000 | |||
4876 | +++ keystone/exception.py 2013-01-25 16:27:23 +0000 | |||
4877 | @@ -148,6 +148,10 @@ | |||
4878 | 148 | """Could not find user: %(user_id)s""" | 148 | """Could not find user: %(user_id)s""" |
4879 | 149 | 149 | ||
4880 | 150 | 150 | ||
4881 | 151 | class GroupNotFound(NotFound): | ||
4882 | 152 | """Could not find group: %(group_id)s""" | ||
4883 | 153 | |||
4884 | 154 | |||
4885 | 151 | class Conflict(Error): | 155 | class Conflict(Error): |
4886 | 152 | """Conflict occurred attempting to store %(type)s. | 156 | """Conflict occurred attempting to store %(type)s. |
4887 | 153 | 157 | ||
4888 | 154 | 158 | ||
4889 | === modified file 'keystone/identity/__init__.py' | |||
4890 | --- keystone/identity/__init__.py 2012-03-16 11:19:40 +0000 | |||
4891 | +++ keystone/identity/__init__.py 2013-01-25 16:27:23 +0000 | |||
4892 | @@ -15,3 +15,5 @@ | |||
4893 | 15 | # under the License. | 15 | # under the License. |
4894 | 16 | 16 | ||
4895 | 17 | from keystone.identity.core import * | 17 | from keystone.identity.core import * |
4896 | 18 | from keystone.identity import controllers | ||
4897 | 19 | from keystone.identity import routers | ||
4898 | 18 | 20 | ||
4899 | === modified file 'keystone/identity/backends/kvs.py' | |||
4900 | --- keystone/identity/backends/kvs.py 2012-11-23 09:01:53 +0000 | |||
4901 | +++ keystone/identity/backends/kvs.py 2013-01-25 16:27:23 +0000 | |||
4902 | @@ -97,9 +97,13 @@ | |||
4903 | 97 | def get_user_by_name(self, user_name): | 97 | def get_user_by_name(self, user_name): |
4904 | 98 | return identity.filter_user(self._get_user_by_name(user_name)) | 98 | return identity.filter_user(self._get_user_by_name(user_name)) |
4905 | 99 | 99 | ||
4907 | 100 | def get_metadata(self, user_id, tenant_id): | 100 | def get_metadata(self, user_id=None, tenant_id=None, |
4908 | 101 | domain_id=None, group_id=None): | ||
4909 | 101 | try: | 102 | try: |
4911 | 102 | return self.db.get('metadata-%s-%s' % (tenant_id, user_id)) | 103 | if user_id: |
4912 | 104 | return self.db.get('metadata-%s-%s' % (tenant_id, user_id)) | ||
4913 | 105 | else: | ||
4914 | 106 | return self.db.get('metadata-%s-%s' % (tenant_id, group_id)) | ||
4915 | 103 | except exception.NotFound: | 107 | except exception.NotFound: |
4916 | 104 | raise exception.MetadataNotFound() | 108 | raise exception.MetadataNotFound() |
4917 | 105 | 109 | ||
4918 | @@ -199,12 +203,16 @@ | |||
4919 | 199 | raise exception.Conflict(type='user', details=msg) | 203 | raise exception.Conflict(type='user', details=msg) |
4920 | 200 | 204 | ||
4921 | 201 | user = utils.hash_user_password(user) | 205 | user = utils.hash_user_password(user) |
4924 | 202 | self.db.set('user-%s' % user_id, user) | 206 | new_user = user.copy() |
4925 | 203 | self.db.set('user_name-%s' % user['name'], user) | 207 | |
4926 | 208 | new_user.setdefault('groups', []) | ||
4927 | 209 | |||
4928 | 210 | self.db.set('user-%s' % user_id, new_user) | ||
4929 | 211 | self.db.set('user_name-%s' % new_user['name'], new_user) | ||
4930 | 204 | user_list = set(self.db.get('user_list', [])) | 212 | user_list = set(self.db.get('user_list', [])) |
4931 | 205 | user_list.add(user_id) | 213 | user_list.add(user_id) |
4932 | 206 | self.db.set('user_list', list(user_list)) | 214 | self.db.set('user_list', list(user_list)) |
4934 | 207 | return identity.filter_user(user) | 215 | return identity.filter_user(new_user) |
4935 | 208 | 216 | ||
4936 | 209 | def update_user(self, user_id, user): | 217 | def update_user(self, user_id, user): |
4937 | 210 | if 'name' in user: | 218 | if 'name' in user: |
4938 | @@ -228,6 +236,42 @@ | |||
4939 | 228 | self.db.set('user_name-%s' % new_user['name'], new_user) | 236 | self.db.set('user_name-%s' % new_user['name'], new_user) |
4940 | 229 | return new_user | 237 | return new_user |
4941 | 230 | 238 | ||
4942 | 239 | def add_user_to_group(self, user_id, group_id): | ||
4943 | 240 | self.get_group(group_id) | ||
4944 | 241 | user_ref = self._get_user(user_id) | ||
4945 | 242 | groups = set(user_ref.get('groups', [])) | ||
4946 | 243 | groups.add(group_id) | ||
4947 | 244 | self.update_user(user_id, {'groups': list(groups)}) | ||
4948 | 245 | |||
4949 | 246 | def check_user_in_group(self, user_id, group_id): | ||
4950 | 247 | self.get_group(group_id) | ||
4951 | 248 | user_ref = self._get_user(user_id) | ||
4952 | 249 | if not group_id in set(user_ref.get('groups', [])): | ||
4953 | 250 | raise exception.NotFound(_('User not found in group')) | ||
4954 | 251 | |||
4955 | 252 | def remove_user_from_group(self, user_id, group_id): | ||
4956 | 253 | self.get_group(group_id) | ||
4957 | 254 | user_ref = self._get_user(user_id) | ||
4958 | 255 | groups = set(user_ref.get('groups', [])) | ||
4959 | 256 | try: | ||
4960 | 257 | groups.remove(group_id) | ||
4961 | 258 | except KeyError: | ||
4962 | 259 | raise exception.NotFound(_('User not found in group')) | ||
4963 | 260 | self.update_user(user_id, {'groups': list(groups)}) | ||
4964 | 261 | |||
4965 | 262 | def list_users_in_group(self, group_id): | ||
4966 | 263 | self.get_group(group_id) | ||
4967 | 264 | user_keys = filter(lambda x: x.startswith("user-"), self.db.keys()) | ||
4968 | 265 | user_refs = [self.db.get(key) for key in user_keys] | ||
4969 | 266 | user_refs_for_group = filter(lambda x: group_id in x['groups'], | ||
4970 | 267 | user_refs) | ||
4971 | 268 | return [identity.filter_user(x) for x in user_refs_for_group] | ||
4972 | 269 | |||
4973 | 270 | def list_groups_for_user(self, user_id): | ||
4974 | 271 | user_ref = self._get_user(user_id) | ||
4975 | 272 | group_ids = user_ref.get('groups', []) | ||
4976 | 273 | return [self.get_group(x) for x in group_ids] | ||
4977 | 274 | |||
4978 | 231 | def delete_user(self, user_id): | 275 | def delete_user(self, user_id): |
4979 | 232 | try: | 276 | try: |
4980 | 233 | old_user = self.db.get('user-%s' % user_id) | 277 | old_user = self.db.get('user-%s' % user_id) |
4981 | @@ -292,16 +336,21 @@ | |||
4982 | 292 | self.db.delete('tenant_name-%s' % old_tenant['name']) | 336 | self.db.delete('tenant_name-%s' % old_tenant['name']) |
4983 | 293 | self.db.delete('tenant-%s' % tenant_id) | 337 | self.db.delete('tenant-%s' % tenant_id) |
4984 | 294 | 338 | ||
4995 | 295 | def create_metadata(self, user_id, tenant_id, metadata): | 339 | def create_metadata(self, user_id, tenant_id, metadata, |
4996 | 296 | self.db.set('metadata-%s-%s' % (tenant_id, user_id), metadata) | 340 | domain_id=None, group_id=None): |
4997 | 297 | return metadata | 341 | if user_id: |
4998 | 298 | 342 | self.db.set('metadata-%s-%s' % (tenant_id, user_id), metadata) | |
4999 | 299 | def update_metadata(self, user_id, tenant_id, metadata): | 343 | else: |
5000 | 300 | self.db.set('metadata-%s-%s' % (tenant_id, user_id), metadata) | 344 | self.db.set('metadata-%s-%s' % (tenant_id, group_id), metadata) |
4991 | 301 | return metadata | ||
4992 | 302 | |||
4993 | 303 | def delete_metadata(self, user_id, tenant_id): | ||
4994 | 304 | self.db.delete('metadata-%s-%s' % (tenant_id, user_id)) |
The diff has been truncated for viewing.
Please maintain the 0ubuntuX versioning (2013.1~ g2-0ubuntu1~ cloud0)