Merge lp:~zulcss/ubuntu/precise/python-keystoneclient/new into lp:~ubuntu-cloud-archive/ubuntu/precise/python-keystoneclient/trunk
- Precise (12.04)
- new
- Merge into trunk
Proposed by
Chuck Short
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Merged at revision: | 26 | ||||||||
Proposed branch: | lp:~zulcss/ubuntu/precise/python-keystoneclient/new | ||||||||
Merge into: | lp:~ubuntu-cloud-archive/ubuntu/precise/python-keystoneclient/trunk | ||||||||
Diff against target: |
11180 lines (+8589/-754) 109 files modified
.gitignore (+2/-0) AUTHORS (+11/-0) PKG-INFO (+93/-64) README.rst (+90/-62) babel.cfg (+1/-0) debian/changelog (+23/-0) debian/control (+3/-3) doc/source/_theme/layout.html (+83/-0) doc/source/_theme/theme.conf (+4/-0) doc/source/conf.py (+22/-11) doc/source/index.rst (+11/-10) doc/source/ref/client.rst (+0/-8) doc/source/ref/endpoints.rst (+0/-11) doc/source/ref/exceptions.rst (+0/-8) doc/source/ref/generic-client.rst (+0/-12) doc/source/ref/index.rst (+0/-16) doc/source/ref/roles.rst (+0/-9) doc/source/ref/services.rst (+0/-11) doc/source/ref/tenants.rst (+0/-11) doc/source/ref/users.rst (+0/-9) doc/source/releases.rst (+28/-101) doc/source/shell.rst (+34/-13) doc/source/static/basic.css (+416/-0) doc/source/static/default.css (+230/-0) doc/source/static/jquery.tweet.js (+154/-0) doc/source/static/nature.css (+245/-0) doc/source/static/tweaks.css (+94/-0) doc/source/using-api.rst (+19/-15) examples/pki/certs/cacert.pem (+18/-0) examples/pki/certs/middleware.pem (+33/-0) examples/pki/certs/signing_cert.pem (+17/-0) examples/pki/certs/ssl_cert.pem (+17/-0) examples/pki/cms/auth_token_revoked.json (+1/-0) examples/pki/cms/auth_token_revoked.pem (+42/-0) examples/pki/cms/auth_token_scoped.json (+1/-0) examples/pki/cms/auth_token_scoped.pem (+41/-0) examples/pki/cms/auth_token_unscoped.json (+1/-0) examples/pki/cms/auth_token_unscoped.pem (+17/-0) examples/pki/cms/revocation_list.json (+1/-0) examples/pki/cms/revocation_list.pem (+12/-0) examples/pki/gen_pki.sh (+222/-0) examples/pki/private/cakey.pem (+16/-0) examples/pki/private/signing_key.pem (+16/-0) examples/pki/private/ssl_key.pem (+16/-0) keystoneclient/access.py (+144/-0) keystoneclient/base.py (+126/-4) keystoneclient/client.py (+72/-41) keystoneclient/common/cms.py (+169/-0) keystoneclient/contrib/bootstrap/shell.py (+28/-0) keystoneclient/exceptions.py (+19/-1) keystoneclient/generic/shell.py (+9/-7) keystoneclient/locale/keystoneclient.pot (+20/-0) keystoneclient/middleware/auth_token.py (+864/-0) keystoneclient/middleware/test.py (+67/-0) keystoneclient/openstack/common/cfg.py (+1653/-0) keystoneclient/openstack/common/iniparser.py (+130/-0) keystoneclient/openstack/common/jsonutils.py (+148/-0) keystoneclient/openstack/common/setup.py (+63/-39) keystoneclient/openstack/common/timeutils.py (+137/-0) keystoneclient/service_catalog.py (+17/-3) keystoneclient/shell.py (+97/-75) keystoneclient/utils.py (+25/-4) keystoneclient/v2_0/client.py (+135/-37) keystoneclient/v2_0/shell.py (+28/-7) keystoneclient/v2_0/tenants.py (+15/-3) keystoneclient/v2_0/tokens.py (+9/-1) keystoneclient/v3/__init__.py (+1/-0) keystoneclient/v3/client.py (+85/-0) keystoneclient/v3/credentials.py (+57/-0) keystoneclient/v3/domains.py (+55/-0) keystoneclient/v3/endpoints.py (+86/-0) keystoneclient/v3/policies.py (+77/-0) keystoneclient/v3/projects.py (+82/-0) keystoneclient/v3/roles.py (+110/-0) keystoneclient/v3/services.py (+60/-0) keystoneclient/v3/users.py (+70/-0) keystoneclient/versioninfo (+1/-1) openstack-common.conf (+1/-1) python_keystoneclient.egg-info/PKG-INFO (+93/-64) python_keystoneclient.egg-info/SOURCES.txt (+66/-9) python_keystoneclient.egg-info/requires.txt (+1/-1) run_tests.sh (+6/-1) setup.cfg (+14/-0) setup.py (+2/-1) tests/client_fixtures.py (+72/-0) tests/test_access.py (+56/-0) tests/test_auth_token_middleware.py (+670/-0) tests/test_client.py (+37/-0) tests/test_http.py (+31/-19) tests/test_https.py (+10/-16) tests/v2_0/test_auth.py (+0/-6) tests/v2_0/test_ec2.py (+1/-1) tests/v2_0/test_endpoints.py (+1/-1) tests/v2_0/test_roles.py (+15/-17) tests/v2_0/test_tenants.py (+55/-17) tests/v2_0/test_tokens.py (+1/-1) tests/v2_0/test_users.py (+1/-1) tests/v3/test_credentials.py (+22/-0) tests/v3/test_domains.py (+20/-0) tests/v3/test_endpoints.py (+78/-0) tests/v3/test_policies.py (+21/-0) tests/v3/test_projects.py (+69/-0) tests/v3/test_roles.py (+252/-0) tests/v3/test_services.py (+21/-0) tests/v3/test_users.py (+23/-0) tests/v3/utils.py (+227/-0) tools/install_venv.py (+25/-0) tools/pip-requires (+1/-1) tools/test-requires (+4/-0) |
||||||||
To merge this branch: | bzr merge lp:~zulcss/ubuntu/precise/python-keystoneclient/new | ||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
James Page | Approve | ||
Review via email: mp+137202@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file '.gitignore' | |||
2 | --- .gitignore 2012-08-16 12:34:22 +0000 | |||
3 | +++ .gitignore 2012-11-30 14:11:19 +0000 | |||
4 | @@ -6,8 +6,10 @@ | |||
5 | 6 | .idea | 6 | .idea |
6 | 7 | *.swp | 7 | *.swp |
7 | 8 | *~ | 8 | *~ |
8 | 9 | .tox | ||
9 | 9 | AUTHORS | 10 | AUTHORS |
10 | 10 | build | 11 | build |
11 | 11 | dist | 12 | dist |
12 | 12 | python_keystoneclient.egg-info | 13 | python_keystoneclient.egg-info |
13 | 13 | keystoneclient/versioninfo | 14 | keystoneclient/versioninfo |
14 | 15 | doc/source/api | ||
15 | 14 | 16 | ||
16 | === modified file 'AUTHORS' | |||
17 | --- AUTHORS 2012-09-07 13:13:18 +0000 | |||
18 | +++ AUTHORS 2012-11-30 14:11:19 +0000 | |||
19 | @@ -1,5 +1,7 @@ | |||
20 | 1 | Adam Gandelman <adamg@canonical.com> | 1 | Adam Gandelman <adamg@canonical.com> |
21 | 2 | Adam Young <ayoung@redhat.com> | ||
22 | 2 | Alan Pevec <apevec@redhat.com> | 3 | Alan Pevec <apevec@redhat.com> |
23 | 4 | Alex Meade <alex.meade@rackspace.com> | ||
24 | 3 | Anthony Young <sleepsonthefloor@gmail.com> | 5 | Anthony Young <sleepsonthefloor@gmail.com> |
25 | 4 | Bhuvan Arumugam <bhuvan@apache.org> | 6 | Bhuvan Arumugam <bhuvan@apache.org> |
26 | 5 | Brian Waldon <bcwaldon@gmail.com> | 7 | Brian Waldon <bcwaldon@gmail.com> |
27 | @@ -8,20 +10,29 @@ | |||
28 | 8 | Dean Troyer <dtroyer@gmail.com> | 10 | Dean Troyer <dtroyer@gmail.com> |
29 | 9 | Dolph Mathews <dolph.mathews@gmail.com> | 11 | Dolph Mathews <dolph.mathews@gmail.com> |
30 | 10 | Dominik Heidler <dheidler@suse.de> | 12 | Dominik Heidler <dheidler@suse.de> |
31 | 13 | Doug Hellmann <doug.hellmann@dreamhost.com> | ||
32 | 11 | Everett Toews <everett.toews@gmail.com> | 14 | Everett Toews <everett.toews@gmail.com> |
33 | 12 | Gabriel Hurley <gabriel@strikeawe.com> | 15 | Gabriel Hurley <gabriel@strikeawe.com> |
34 | 13 | Ghe Rivero <ghe@debian.org> | 16 | Ghe Rivero <ghe@debian.org> |
35 | 14 | Hengqing Hu <hudayou@hotmail.com> | 17 | Hengqing Hu <hudayou@hotmail.com> |
36 | 18 | Henry Nash <henryn@linux.vnet.ibm.com> | ||
37 | 19 | Ionuț Arțăriși <iartarisi@suse.cz> | ||
38 | 15 | jakedahn <jake@ansolabs.com> | 20 | jakedahn <jake@ansolabs.com> |
39 | 21 | Jay Pipes <jaypipes@gmail.com> | ||
40 | 16 | Jesse Andrews <anotherjesse@gmail.com> | 22 | Jesse Andrews <anotherjesse@gmail.com> |
41 | 23 | Joe Gordon <jogo@cloudscaling.com> | ||
42 | 17 | Joe Heck <heckj@mac.com> | 24 | Joe Heck <heckj@mac.com> |
43 | 25 | Joseph W. Breu <breu@breu.org> | ||
44 | 18 | Josh Kearney <josh@jk0.org> | 26 | Josh Kearney <josh@jk0.org> |
45 | 19 | Ken Thomas <krt@yahoo-inc.com> | 27 | Ken Thomas <krt@yahoo-inc.com> |
46 | 28 | Kevin L. Mitchell <kevin.mitchell@rackspace.com> | ||
47 | 29 | Laurence Miao <laurence.miao@gmail.com> | ||
48 | 20 | Liem Nguyen <liem.m.nguyen@gmail.com> | 30 | Liem Nguyen <liem.m.nguyen@gmail.com> |
49 | 21 | Lorin Hochstein <lorin@nimbisservices.com> | 31 | Lorin Hochstein <lorin@nimbisservices.com> |
50 | 22 | lrqrun <lrqrun@gmail.com> | 32 | lrqrun <lrqrun@gmail.com> |
51 | 23 | Monty Taylor <mordred@inaugust.com> | 33 | Monty Taylor <mordred@inaugust.com> |
52 | 24 | Peng Yong <ppyy@pubyun.com> | 34 | Peng Yong <ppyy@pubyun.com> |
53 | 35 | Sam Morrison <sorrison@gmail.com> | ||
54 | 25 | Sascha Peilicke <saschpe@suse.de> | 36 | Sascha Peilicke <saschpe@suse.de> |
55 | 26 | termie <github@anarkystic.com> | 37 | termie <github@anarkystic.com> |
56 | 27 | Thierry Carrez <thierry@openstack.org> | 38 | Thierry Carrez <thierry@openstack.org> |
57 | 28 | 39 | ||
58 | === modified file 'PKG-INFO' | |||
59 | --- PKG-INFO 2012-09-07 13:13:18 +0000 | |||
60 | +++ PKG-INFO 2012-11-30 14:11:19 +0000 | |||
61 | @@ -1,28 +1,27 @@ | |||
62 | 1 | Metadata-Version: 1.1 | 1 | Metadata-Version: 1.1 |
63 | 2 | Name: python-keystoneclient | 2 | Name: python-keystoneclient |
66 | 3 | Version: 0.1.3 | 3 | Version: 0.2.0 |
67 | 4 | Summary: Client library for OpenStack Keystone API | 4 | Summary: Client library for OpenStack Identity API (Keystone) |
68 | 5 | Home-page: https://github.com/openstack/python-keystoneclient | 5 | Home-page: https://github.com/openstack/python-keystoneclient |
69 | 6 | Author: Nebula Inc, based on work by Rackspace and Jacob Kaplan-Moss | 6 | Author: Nebula Inc, based on work by Rackspace and Jacob Kaplan-Moss |
70 | 7 | Author-email: gabriel.hurley@nebula.com | 7 | Author-email: gabriel.hurley@nebula.com |
71 | 8 | License: Apache | 8 | License: Apache |
82 | 9 | Description: Python bindings to the OpenStack Keystone API | 9 | Description: Python bindings to the OpenStack Identity API (Keystone) |
83 | 10 | ============================================= | 10 | ======================================================== |
84 | 11 | 11 | ||
85 | 12 | This is a client for the OpenStack Keystone API. There's a Python API (the | 12 | This is a client for the OpenStack Identity API, implemented by Keystone. |
86 | 13 | ``keystoneclient`` module), and a command-line script (``keystone``). The | 13 | There's a Python API (the ``keystoneclient`` module), and a command-line script |
87 | 14 | Keystone 2.0 API is still a moving target, so this module will remain in | 14 | (``keystone``). |
88 | 15 | "Beta" status until the API is finalized and fully implemented. | 15 | |
89 | 16 | 16 | Development takes place via the usual OpenStack processes as outlined in the | |
90 | 17 | Development takes place via the usual OpenStack processes as outlined in | 17 | `OpenStack wiki`_. The master repository is on GitHub__. |
81 | 18 | the `OpenStack wiki`_. The master repository is on GitHub__. | ||
91 | 19 | 18 | ||
92 | 20 | __ http://wiki.openstack.org/HowToContribute | 19 | __ http://wiki.openstack.org/HowToContribute |
93 | 21 | __ http://github.com/openstack/python-keystoneclient | 20 | __ http://github.com/openstack/python-keystoneclient |
94 | 22 | 21 | ||
98 | 23 | This code a fork of `Rackspace's python-novaclient`__ which is in turn a fork of | 22 | This code a fork of `Rackspace's python-novaclient`__ which is in turn a fork |
99 | 24 | `Jacobian's python-cloudservers`__. The python-keystoneclient is licensed under | 23 | of `Jacobian's python-cloudservers`__. The python-keystoneclient is licensed |
100 | 25 | the Apache License like the rest of OpenStack. | 24 | under the Apache License like the rest of OpenStack. |
101 | 26 | 25 | ||
102 | 27 | __ http://github.com/rackspace/python-novaclient | 26 | __ http://github.com/rackspace/python-novaclient |
103 | 28 | __ http://github.com/jacobian/python-cloudservers | 27 | __ http://github.com/jacobian/python-cloudservers |
104 | @@ -35,7 +34,7 @@ | |||
105 | 35 | 34 | ||
106 | 36 | By way of a quick-start:: | 35 | By way of a quick-start:: |
107 | 37 | 36 | ||
109 | 38 | # use v2.0 auth with http://example.com:5000/v2.0") | 37 | # use v2.0 auth with http://example.com:5000/v2.0 |
110 | 39 | >>> from keystoneclient.v2_0 import client | 38 | >>> from keystoneclient.v2_0 import client |
111 | 40 | >>> keystone = client.Client(username=USERNAME, password=PASSWORD, tenant_name=TENANT, auth_url=AUTH_URL) | 39 | >>> keystone = client.Client(username=USERNAME, password=PASSWORD, tenant_name=TENANT, auth_url=AUTH_URL) |
112 | 41 | >>> keystone.tenants.list() | 40 | >>> keystone.tenants.list() |
113 | @@ -46,40 +45,45 @@ | |||
114 | 46 | Command-line API | 45 | Command-line API |
115 | 47 | ---------------- | 46 | ---------------- |
116 | 48 | 47 | ||
119 | 49 | Installing this package gets you a shell command, ``keystone``, that you | 48 | Installing this package gets you a shell command, ``keystone``, that you can |
120 | 50 | can use to interact with Keystone's Identity API. | 49 | use to interact with OpenStack's Identity API. |
121 | 51 | 50 | ||
124 | 52 | You'll need to provide your OpenStack tenant, username and password. You can | 51 | You'll need to provide your OpenStack tenant, username and password. You can do |
125 | 53 | do this with the ``--os-tenant-name``, ``--os-username`` and ``--os-password`` | 52 | this with the ``--os-tenant-name``, ``--os-username`` and ``--os-password`` |
126 | 54 | params, but it's easier to just set them as environment variables:: | 53 | params, but it's easier to just set them as environment variables:: |
127 | 55 | 54 | ||
128 | 56 | export OS_TENANT_NAME=project | 55 | export OS_TENANT_NAME=project |
129 | 57 | export OS_USERNAME=user | 56 | export OS_USERNAME=user |
130 | 58 | export OS_PASSWORD=pass | 57 | export OS_PASSWORD=pass |
131 | 59 | 58 | ||
135 | 60 | You will also need to define the authentication url with ``--os-auth-url`` and the | 59 | You will also need to define the authentication url with ``--os-auth-url`` and |
136 | 61 | version of the API with ``--os-identity-api-version``. Or set them as an environment | 60 | the version of the API with ``--os-identity-api-version``. Or set them as an |
137 | 62 | variables as well:: | 61 | environment variables as well:: |
138 | 63 | 62 | ||
139 | 64 | export OS_AUTH_URL=http://example.com:5000/v2.0 | 63 | export OS_AUTH_URL=http://example.com:5000/v2.0 |
140 | 65 | export OS_IDENTITY_API_VERSION=2.0 | 64 | export OS_IDENTITY_API_VERSION=2.0 |
141 | 66 | 65 | ||
158 | 67 | Alternatively, to authenticate to Keystone without a username/password, | 66 | Alternatively, to bypass username/password authentication, you can provide a |
159 | 68 | such as when there are no users in the database yet, use the service | 67 | pre-established token. In Keystone, this approach is necessary to bootstrap the |
160 | 69 | token and endpoint arguemnts. The service token is set in keystone.conf as | 68 | service with an administrative user, tenant & role (to do so, provide the |
161 | 70 | ``admin_token``; set it with ``service_token``. Note: keep the service token | 69 | client with the value of your ``admin_token`` defined in ``keystone.conf`` in |
162 | 71 | secret as it allows total access to Keystone's database. The admin endpoint is set | 70 | addition to the URL of your admin API deployment, typically on port 35357):: |
163 | 72 | with ``--endpoint`` or ``SERVICE_ENDPOINT``:: | 71 | |
164 | 73 | 72 | export OS_SERVICE_TOKEN=thequickbrownfox-jumpsover-thelazydog | |
165 | 74 | export SERVICE_TOKEN=thequickbrownfox-jumpsover-thelazydog | 73 | export OS_SERVICE_ENDPOINT=http://example.com:35357/v2.0 |
166 | 75 | export SERVICE_ENDPOINT=http://example.com:35357/v2.0 | 74 | |
167 | 76 | 75 | Since the Identity service can return multiple regions in the service catalog, | |
168 | 77 | Since Keystone can return multiple regions in the Service Catalog, you | 76 | you can specify the one you want with ``--os-region-name`` (or ``export |
169 | 78 | can specify the one you want with ``--region_name`` (or | 77 | OS_REGION_NAME``):: |
170 | 79 | ``export OS_REGION_NAME``). It defaults to the first in the list returned. | 78 | |
171 | 80 | 79 | export OS_REGION_NAME=north | |
172 | 81 | You'll find complete documentation on the shell by running | 80 | |
173 | 82 | ``keystone help``:: | 81 | .. WARNING:: |
174 | 82 | |||
175 | 83 | If a region is not specified and multiple regions are returned by the | ||
176 | 84 | Identity service, the client may not access the same region consistently. | ||
177 | 85 | |||
178 | 86 | You'll find complete documentation on the shell by running ``keystone help``:: | ||
179 | 83 | 87 | ||
180 | 84 | usage: keystone [--os-username <auth-user-name>] | 88 | usage: keystone [--os-username <auth-user-name>] |
181 | 85 | [--os-password <auth-password>] | 89 | [--os-password <auth-password>] |
182 | @@ -87,14 +91,17 @@ | |||
183 | 87 | [--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>] | 91 | [--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>] |
184 | 88 | [--os-region-name <region-name>] | 92 | [--os-region-name <region-name>] |
185 | 89 | [--os-identity-api-version <identity-api-version>] | 93 | [--os-identity-api-version <identity-api-version>] |
187 | 90 | [--token <service-token>] [--endpoint <service-endpoint>] | 94 | [--os-token <service-token>] |
188 | 95 | [--os-endpoint <service-endpoint>] | ||
189 | 96 | [--os-cacert <ca-certificate>] [--os-cert <certificate>] | ||
190 | 97 | [--os-key <key>] [--insecure] | ||
191 | 91 | <subcommand> ... | 98 | <subcommand> ... |
192 | 92 | 99 | ||
193 | 93 | Command-line interface to the OpenStack Identity API. | 100 | Command-line interface to the OpenStack Identity API. |
194 | 94 | 101 | ||
195 | 95 | Positional arguments: | 102 | Positional arguments: |
198 | 96 | <subcommand> | 103 | <subcommand> |
199 | 97 | catalog List service catalog, possibly filtered by service. | 104 | catalog |
200 | 98 | ec2-credentials-create | 105 | ec2-credentials-create |
201 | 99 | Create EC2-compatibile credentials for user per tenant | 106 | Create EC2-compatibile credentials for user per tenant |
202 | 100 | ec2-credentials-delete | 107 | ec2-credentials-delete |
203 | @@ -105,13 +112,12 @@ | |||
204 | 105 | List EC2-compatibile credentials for a user | 112 | List EC2-compatibile credentials for a user |
205 | 106 | endpoint-create Create a new endpoint associated with a service | 113 | endpoint-create Create a new endpoint associated with a service |
206 | 107 | endpoint-delete Delete a service endpoint | 114 | endpoint-delete Delete a service endpoint |
209 | 108 | endpoint-get Find endpoint filtered by a specific attribute or | 115 | endpoint-get |
208 | 109 | service type | ||
210 | 110 | endpoint-list List configured service endpoints | 116 | endpoint-list List configured service endpoints |
211 | 111 | role-create Create new role | 117 | role-create Create new role |
212 | 112 | role-delete Delete role | 118 | role-delete Delete role |
213 | 113 | role-get Display role details | 119 | role-get Display role details |
215 | 114 | role-list List all available roles | 120 | role-list List all roles |
216 | 115 | service-create Add service to Service Catalog | 121 | service-create Add service to Service Catalog |
217 | 116 | service-delete Delete service from Service Catalog | 122 | service-delete Delete service from Service Catalog |
218 | 117 | service-get Display service from Service Catalog | 123 | service-get Display service from Service Catalog |
219 | @@ -121,46 +127,69 @@ | |||
220 | 121 | tenant-get Display tenant details | 127 | tenant-get Display tenant details |
221 | 122 | tenant-list List all tenants | 128 | tenant-list List all tenants |
222 | 123 | tenant-update Update tenant name, description, enabled status | 129 | tenant-update Update tenant name, description, enabled status |
224 | 124 | token-get Display the current user token | 130 | token-get |
225 | 125 | user-create Create new user | 131 | user-create Create new user |
226 | 126 | user-delete Delete user | 132 | user-delete Delete user |
227 | 133 | user-get Display user details. | ||
228 | 127 | user-list List users | 134 | user-list List users |
229 | 128 | user-password-update | 135 | user-password-update |
230 | 129 | Update user password | 136 | Update user password |
231 | 130 | user-role-add Add role to user | 137 | user-role-add Add role to user |
232 | 138 | user-role-list List roles granted to a user | ||
233 | 131 | user-role-remove Remove role from user | 139 | user-role-remove Remove role from user |
234 | 132 | user-role-list List roles for user | ||
235 | 133 | user-update Update user's name, email, and enabled status | 140 | user-update Update user's name, email, and enabled status |
236 | 134 | discover Discover Keystone servers and show authentication | 141 | discover Discover Keystone servers and show authentication |
237 | 135 | protocols and | 142 | protocols and |
238 | 143 | bootstrap Grants a new role to a new user on a new tenant, after | ||
239 | 144 | creating each. | ||
240 | 145 | bash-completion Prints all of the commands and options to stdout. | ||
241 | 136 | help Display help about this program or one of its | 146 | help Display help about this program or one of its |
242 | 137 | subcommands. | 147 | subcommands. |
243 | 138 | 148 | ||
244 | 139 | Optional arguments: | 149 | Optional arguments: |
256 | 140 | --os-username <auth-user-name> | 150 | --os-username <auth-user-name> |
257 | 141 | Defaults to env[OS_USERNAME] | 151 | Name used for authentication with the OpenStack |
258 | 142 | --os-password <auth-password> | 152 | Identity service. Defaults to env[OS_USERNAME] |
259 | 143 | Defaults to env[OS_PASSWORD] | 153 | --os-password <auth-password> |
260 | 144 | --os-tenant-name <auth-tenant-name> | 154 | Password used for authentication with the OpenStack |
261 | 145 | Defaults to env[OS_TENANT_NAME] | 155 | Identity service. Defaults to env[OS_PASSWORD] |
262 | 146 | --os-tenant-id <tenant-id> | 156 | --os-tenant-name <auth-tenant-name> |
263 | 147 | Defaults to env[OS_TENANT_ID] | 157 | Tenant to request authorization on. Defaults to |
264 | 148 | --os-auth-url <auth-url> | 158 | env[OS_TENANT_NAME] |
265 | 149 | Defaults to env[OS_AUTH_URL] | 159 | --os-tenant-id <tenant-id> |
266 | 150 | --os-region-name <region-name> | 160 | Tenant to request authorization on. Defaults to |
267 | 161 | env[OS_TENANT_ID] | ||
268 | 162 | --os-auth-url <auth-url> | ||
269 | 163 | Specify the Identity endpoint to use for | ||
270 | 164 | authentication. Defaults to env[OS_AUTH_URL] | ||
271 | 165 | --os-region-name <region-name> | ||
272 | 151 | Defaults to env[OS_REGION_NAME] | 166 | Defaults to env[OS_REGION_NAME] |
274 | 152 | --os-identity-api-version <identity-api-version> | 167 | --os-identity-api-version <identity-api-version> |
275 | 153 | Defaults to env[OS_IDENTITY_API_VERSION] or 2.0 | 168 | Defaults to env[OS_IDENTITY_API_VERSION] or 2.0 |
280 | 154 | --token <service-token> | 169 | --os-token <service-token> |
281 | 155 | Defaults to env[SERVICE_TOKEN] | 170 | Specify an existing token to use instead of retrieving |
282 | 156 | --endpoint <service-endpoint> | 171 | one via authentication (e.g. with username & |
283 | 157 | Defaults to env[SERVICE_ENDPOINT] | 172 | password). Defaults to env[OS_SERVICE_TOKEN] |
284 | 173 | --os-endpoint <service-endpoint> | ||
285 | 174 | Specify an endpoint to use instead of retrieving one | ||
286 | 175 | from the service catalog (via authentication). | ||
287 | 176 | Defaults to env[OS_SERVICE_ENDPOINT] | ||
288 | 177 | --os-cacert <ca-certificate> | ||
289 | 178 | Defaults to env[OS_CACERT] | ||
290 | 179 | --os-cert <certificate> | ||
291 | 180 | Defaults to env[OS_CERT] | ||
292 | 181 | --os-key <key> Defaults to env[OS_KEY] | ||
293 | 182 | --insecure Explicitly allow keystoneclient to perform "insecure" | ||
294 | 183 | SSL (https) requests. The server's certificate will | ||
295 | 184 | not be verified against any certificate authorities. | ||
296 | 185 | This option should be used with caution. | ||
297 | 158 | 186 | ||
299 | 159 | See "keystone help COMMAND" for help on a specific command. | 187 | See "keystone help COMMAND" for help on a specific command. |
300 | 160 | 188 | ||
301 | 161 | Platform: UNKNOWN | 189 | Platform: UNKNOWN |
302 | 162 | Classifier: Development Status :: 4 - Beta | 190 | Classifier: Development Status :: 4 - Beta |
303 | 163 | Classifier: Environment :: Console | 191 | Classifier: Environment :: Console |
304 | 192 | Classifier: Environment :: OpenStack | ||
305 | 164 | Classifier: Intended Audience :: Developers | 193 | Classifier: Intended Audience :: Developers |
306 | 165 | Classifier: Intended Audience :: Information Technology | 194 | Classifier: Intended Audience :: Information Technology |
307 | 166 | Classifier: License :: OSI Approved :: Apache Software License | 195 | Classifier: License :: OSI Approved :: Apache Software License |
308 | 167 | 196 | ||
309 | === modified file 'README.rst' | |||
310 | --- README.rst 2012-08-16 12:34:22 +0000 | |||
311 | +++ README.rst 2012-11-30 14:11:19 +0000 | |||
312 | @@ -1,20 +1,19 @@ | |||
323 | 1 | Python bindings to the OpenStack Keystone API | 1 | Python bindings to the OpenStack Identity API (Keystone) |
324 | 2 | ============================================= | 2 | ======================================================== |
325 | 3 | 3 | ||
326 | 4 | This is a client for the OpenStack Keystone API. There's a Python API (the | 4 | This is a client for the OpenStack Identity API, implemented by Keystone. |
327 | 5 | ``keystoneclient`` module), and a command-line script (``keystone``). The | 5 | There's a Python API (the ``keystoneclient`` module), and a command-line script |
328 | 6 | Keystone 2.0 API is still a moving target, so this module will remain in | 6 | (``keystone``). |
329 | 7 | "Beta" status until the API is finalized and fully implemented. | 7 | |
330 | 8 | 8 | Development takes place via the usual OpenStack processes as outlined in the | |
331 | 9 | Development takes place via the usual OpenStack processes as outlined in | 9 | `OpenStack wiki`_. The master repository is on GitHub__. |
322 | 10 | the `OpenStack wiki`_. The master repository is on GitHub__. | ||
332 | 11 | 10 | ||
333 | 12 | __ http://wiki.openstack.org/HowToContribute | 11 | __ http://wiki.openstack.org/HowToContribute |
334 | 13 | __ http://github.com/openstack/python-keystoneclient | 12 | __ http://github.com/openstack/python-keystoneclient |
335 | 14 | 13 | ||
339 | 15 | This code a fork of `Rackspace's python-novaclient`__ which is in turn a fork of | 14 | This code a fork of `Rackspace's python-novaclient`__ which is in turn a fork |
340 | 16 | `Jacobian's python-cloudservers`__. The python-keystoneclient is licensed under | 15 | of `Jacobian's python-cloudservers`__. The python-keystoneclient is licensed |
341 | 17 | the Apache License like the rest of OpenStack. | 16 | under the Apache License like the rest of OpenStack. |
342 | 18 | 17 | ||
343 | 19 | __ http://github.com/rackspace/python-novaclient | 18 | __ http://github.com/rackspace/python-novaclient |
344 | 20 | __ http://github.com/jacobian/python-cloudservers | 19 | __ http://github.com/jacobian/python-cloudservers |
345 | @@ -27,7 +26,7 @@ | |||
346 | 27 | 26 | ||
347 | 28 | By way of a quick-start:: | 27 | By way of a quick-start:: |
348 | 29 | 28 | ||
350 | 30 | # use v2.0 auth with http://example.com:5000/v2.0") | 29 | # use v2.0 auth with http://example.com:5000/v2.0 |
351 | 31 | >>> from keystoneclient.v2_0 import client | 30 | >>> from keystoneclient.v2_0 import client |
352 | 32 | >>> keystone = client.Client(username=USERNAME, password=PASSWORD, tenant_name=TENANT, auth_url=AUTH_URL) | 31 | >>> keystone = client.Client(username=USERNAME, password=PASSWORD, tenant_name=TENANT, auth_url=AUTH_URL) |
353 | 33 | >>> keystone.tenants.list() | 32 | >>> keystone.tenants.list() |
354 | @@ -38,40 +37,45 @@ | |||
355 | 38 | Command-line API | 37 | Command-line API |
356 | 39 | ---------------- | 38 | ---------------- |
357 | 40 | 39 | ||
360 | 41 | Installing this package gets you a shell command, ``keystone``, that you | 40 | Installing this package gets you a shell command, ``keystone``, that you can |
361 | 42 | can use to interact with Keystone's Identity API. | 41 | use to interact with OpenStack's Identity API. |
362 | 43 | 42 | ||
365 | 44 | You'll need to provide your OpenStack tenant, username and password. You can | 43 | You'll need to provide your OpenStack tenant, username and password. You can do |
366 | 45 | do this with the ``--os-tenant-name``, ``--os-username`` and ``--os-password`` | 44 | this with the ``--os-tenant-name``, ``--os-username`` and ``--os-password`` |
367 | 46 | params, but it's easier to just set them as environment variables:: | 45 | params, but it's easier to just set them as environment variables:: |
368 | 47 | 46 | ||
369 | 48 | export OS_TENANT_NAME=project | 47 | export OS_TENANT_NAME=project |
370 | 49 | export OS_USERNAME=user | 48 | export OS_USERNAME=user |
371 | 50 | export OS_PASSWORD=pass | 49 | export OS_PASSWORD=pass |
372 | 51 | 50 | ||
376 | 52 | You will also need to define the authentication url with ``--os-auth-url`` and the | 51 | You will also need to define the authentication url with ``--os-auth-url`` and |
377 | 53 | version of the API with ``--os-identity-api-version``. Or set them as an environment | 52 | the version of the API with ``--os-identity-api-version``. Or set them as an |
378 | 54 | variables as well:: | 53 | environment variables as well:: |
379 | 55 | 54 | ||
380 | 56 | export OS_AUTH_URL=http://example.com:5000/v2.0 | 55 | export OS_AUTH_URL=http://example.com:5000/v2.0 |
381 | 57 | export OS_IDENTITY_API_VERSION=2.0 | 56 | export OS_IDENTITY_API_VERSION=2.0 |
382 | 58 | 57 | ||
399 | 59 | Alternatively, to authenticate to Keystone without a username/password, | 58 | Alternatively, to bypass username/password authentication, you can provide a |
400 | 60 | such as when there are no users in the database yet, use the service | 59 | pre-established token. In Keystone, this approach is necessary to bootstrap the |
401 | 61 | token and endpoint arguemnts. The service token is set in keystone.conf as | 60 | service with an administrative user, tenant & role (to do so, provide the |
402 | 62 | ``admin_token``; set it with ``service_token``. Note: keep the service token | 61 | client with the value of your ``admin_token`` defined in ``keystone.conf`` in |
403 | 63 | secret as it allows total access to Keystone's database. The admin endpoint is set | 62 | addition to the URL of your admin API deployment, typically on port 35357):: |
404 | 64 | with ``--endpoint`` or ``SERVICE_ENDPOINT``:: | 63 | |
405 | 65 | 64 | export OS_SERVICE_TOKEN=thequickbrownfox-jumpsover-thelazydog | |
406 | 66 | export SERVICE_TOKEN=thequickbrownfox-jumpsover-thelazydog | 65 | export OS_SERVICE_ENDPOINT=http://example.com:35357/v2.0 |
407 | 67 | export SERVICE_ENDPOINT=http://example.com:35357/v2.0 | 66 | |
408 | 68 | 67 | Since the Identity service can return multiple regions in the service catalog, | |
409 | 69 | Since Keystone can return multiple regions in the Service Catalog, you | 68 | you can specify the one you want with ``--os-region-name`` (or ``export |
410 | 70 | can specify the one you want with ``--region_name`` (or | 69 | OS_REGION_NAME``):: |
411 | 71 | ``export OS_REGION_NAME``). It defaults to the first in the list returned. | 70 | |
412 | 72 | 71 | export OS_REGION_NAME=north | |
413 | 73 | You'll find complete documentation on the shell by running | 72 | |
414 | 74 | ``keystone help``:: | 73 | .. WARNING:: |
415 | 74 | |||
416 | 75 | If a region is not specified and multiple regions are returned by the | ||
417 | 76 | Identity service, the client may not access the same region consistently. | ||
418 | 77 | |||
419 | 78 | You'll find complete documentation on the shell by running ``keystone help``:: | ||
420 | 75 | 79 | ||
421 | 76 | usage: keystone [--os-username <auth-user-name>] | 80 | usage: keystone [--os-username <auth-user-name>] |
422 | 77 | [--os-password <auth-password>] | 81 | [--os-password <auth-password>] |
423 | @@ -79,14 +83,17 @@ | |||
424 | 79 | [--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>] | 83 | [--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>] |
425 | 80 | [--os-region-name <region-name>] | 84 | [--os-region-name <region-name>] |
426 | 81 | [--os-identity-api-version <identity-api-version>] | 85 | [--os-identity-api-version <identity-api-version>] |
428 | 82 | [--token <service-token>] [--endpoint <service-endpoint>] | 86 | [--os-token <service-token>] |
429 | 87 | [--os-endpoint <service-endpoint>] | ||
430 | 88 | [--os-cacert <ca-certificate>] [--os-cert <certificate>] | ||
431 | 89 | [--os-key <key>] [--insecure] | ||
432 | 83 | <subcommand> ... | 90 | <subcommand> ... |
433 | 84 | 91 | ||
434 | 85 | Command-line interface to the OpenStack Identity API. | 92 | Command-line interface to the OpenStack Identity API. |
435 | 86 | 93 | ||
436 | 87 | Positional arguments: | 94 | Positional arguments: |
439 | 88 | <subcommand> | 95 | <subcommand> |
440 | 89 | catalog List service catalog, possibly filtered by service. | 96 | catalog |
441 | 90 | ec2-credentials-create | 97 | ec2-credentials-create |
442 | 91 | Create EC2-compatibile credentials for user per tenant | 98 | Create EC2-compatibile credentials for user per tenant |
443 | 92 | ec2-credentials-delete | 99 | ec2-credentials-delete |
444 | @@ -97,13 +104,12 @@ | |||
445 | 97 | List EC2-compatibile credentials for a user | 104 | List EC2-compatibile credentials for a user |
446 | 98 | endpoint-create Create a new endpoint associated with a service | 105 | endpoint-create Create a new endpoint associated with a service |
447 | 99 | endpoint-delete Delete a service endpoint | 106 | endpoint-delete Delete a service endpoint |
450 | 100 | endpoint-get Find endpoint filtered by a specific attribute or | 107 | endpoint-get |
449 | 101 | service type | ||
451 | 102 | endpoint-list List configured service endpoints | 108 | endpoint-list List configured service endpoints |
452 | 103 | role-create Create new role | 109 | role-create Create new role |
453 | 104 | role-delete Delete role | 110 | role-delete Delete role |
454 | 105 | role-get Display role details | 111 | role-get Display role details |
456 | 106 | role-list List all available roles | 112 | role-list List all roles |
457 | 107 | service-create Add service to Service Catalog | 113 | service-create Add service to Service Catalog |
458 | 108 | service-delete Delete service from Service Catalog | 114 | service-delete Delete service from Service Catalog |
459 | 109 | service-get Display service from Service Catalog | 115 | service-get Display service from Service Catalog |
460 | @@ -113,39 +119,61 @@ | |||
461 | 113 | tenant-get Display tenant details | 119 | tenant-get Display tenant details |
462 | 114 | tenant-list List all tenants | 120 | tenant-list List all tenants |
463 | 115 | tenant-update Update tenant name, description, enabled status | 121 | tenant-update Update tenant name, description, enabled status |
465 | 116 | token-get Display the current user token | 122 | token-get |
466 | 117 | user-create Create new user | 123 | user-create Create new user |
467 | 118 | user-delete Delete user | 124 | user-delete Delete user |
468 | 125 | user-get Display user details. | ||
469 | 119 | user-list List users | 126 | user-list List users |
470 | 120 | user-password-update | 127 | user-password-update |
471 | 121 | Update user password | 128 | Update user password |
472 | 122 | user-role-add Add role to user | 129 | user-role-add Add role to user |
473 | 130 | user-role-list List roles granted to a user | ||
474 | 123 | user-role-remove Remove role from user | 131 | user-role-remove Remove role from user |
475 | 124 | user-role-list List roles for user | ||
476 | 125 | user-update Update user's name, email, and enabled status | 132 | user-update Update user's name, email, and enabled status |
477 | 126 | discover Discover Keystone servers and show authentication | 133 | discover Discover Keystone servers and show authentication |
478 | 127 | protocols and | 134 | protocols and |
479 | 135 | bootstrap Grants a new role to a new user on a new tenant, after | ||
480 | 136 | creating each. | ||
481 | 137 | bash-completion Prints all of the commands and options to stdout. | ||
482 | 128 | help Display help about this program or one of its | 138 | help Display help about this program or one of its |
483 | 129 | subcommands. | 139 | subcommands. |
484 | 130 | 140 | ||
485 | 131 | Optional arguments: | 141 | Optional arguments: |
497 | 132 | --os-username <auth-user-name> | 142 | --os-username <auth-user-name> |
498 | 133 | Defaults to env[OS_USERNAME] | 143 | Name used for authentication with the OpenStack |
499 | 134 | --os-password <auth-password> | 144 | Identity service. Defaults to env[OS_USERNAME] |
500 | 135 | Defaults to env[OS_PASSWORD] | 145 | --os-password <auth-password> |
501 | 136 | --os-tenant-name <auth-tenant-name> | 146 | Password used for authentication with the OpenStack |
502 | 137 | Defaults to env[OS_TENANT_NAME] | 147 | Identity service. Defaults to env[OS_PASSWORD] |
503 | 138 | --os-tenant-id <tenant-id> | 148 | --os-tenant-name <auth-tenant-name> |
504 | 139 | Defaults to env[OS_TENANT_ID] | 149 | Tenant to request authorization on. Defaults to |
505 | 140 | --os-auth-url <auth-url> | 150 | env[OS_TENANT_NAME] |
506 | 141 | Defaults to env[OS_AUTH_URL] | 151 | --os-tenant-id <tenant-id> |
507 | 142 | --os-region-name <region-name> | 152 | Tenant to request authorization on. Defaults to |
508 | 153 | env[OS_TENANT_ID] | ||
509 | 154 | --os-auth-url <auth-url> | ||
510 | 155 | Specify the Identity endpoint to use for | ||
511 | 156 | authentication. Defaults to env[OS_AUTH_URL] | ||
512 | 157 | --os-region-name <region-name> | ||
513 | 143 | Defaults to env[OS_REGION_NAME] | 158 | Defaults to env[OS_REGION_NAME] |
515 | 144 | --os-identity-api-version <identity-api-version> | 159 | --os-identity-api-version <identity-api-version> |
516 | 145 | Defaults to env[OS_IDENTITY_API_VERSION] or 2.0 | 160 | Defaults to env[OS_IDENTITY_API_VERSION] or 2.0 |
521 | 146 | --token <service-token> | 161 | --os-token <service-token> |
522 | 147 | Defaults to env[SERVICE_TOKEN] | 162 | Specify an existing token to use instead of retrieving |
523 | 148 | --endpoint <service-endpoint> | 163 | one via authentication (e.g. with username & |
524 | 149 | Defaults to env[SERVICE_ENDPOINT] | 164 | password). Defaults to env[OS_SERVICE_TOKEN] |
525 | 165 | --os-endpoint <service-endpoint> | ||
526 | 166 | Specify an endpoint to use instead of retrieving one | ||
527 | 167 | from the service catalog (via authentication). | ||
528 | 168 | Defaults to env[OS_SERVICE_ENDPOINT] | ||
529 | 169 | --os-cacert <ca-certificate> | ||
530 | 170 | Defaults to env[OS_CACERT] | ||
531 | 171 | --os-cert <certificate> | ||
532 | 172 | Defaults to env[OS_CERT] | ||
533 | 173 | --os-key <key> Defaults to env[OS_KEY] | ||
534 | 174 | --insecure Explicitly allow keystoneclient to perform "insecure" | ||
535 | 175 | SSL (https) requests. The server's certificate will | ||
536 | 176 | not be verified against any certificate authorities. | ||
537 | 177 | This option should be used with caution. | ||
538 | 150 | 178 | ||
540 | 151 | See "keystone help COMMAND" for help on a specific command. | 179 | See "keystone help COMMAND" for help on a specific command. |
541 | 152 | 180 | ||
542 | === added file 'babel.cfg' | |||
543 | --- babel.cfg 1970-01-01 00:00:00 +0000 | |||
544 | +++ babel.cfg 2012-11-30 14:11:19 +0000 | |||
545 | @@ -0,0 +1,1 @@ | |||
546 | 1 | [python: **.py] | ||
547 | 0 | 2 | ||
548 | === modified file 'debian/changelog' | |||
549 | --- debian/changelog 2012-10-10 18:40:31 +0000 | |||
550 | +++ debian/changelog 2012-11-30 14:11:19 +0000 | |||
551 | @@ -1,3 +1,26 @@ | |||
552 | 1 | python-keystoneclient (1:0.2.0-0ubuntu1~cloud0) precise-grizzly; urgency=low | ||
553 | 2 | |||
554 | 3 | * New upstream release for the Ubuntu Cloud Archive. | ||
555 | 4 | |||
556 | 5 | -- Chuck Short <zulcss@ubuntu.com> Fri, 30 Nov 2012 08:07:06 -0600 | ||
557 | 6 | |||
558 | 7 | python-keystoneclient (1:0.2.0-0ubuntu1) raring; urgency=low | ||
559 | 8 | |||
560 | 9 | * New upstream release. | ||
561 | 10 | * debian/control: Add python-pkg-resources. (LP: #1071032) | ||
562 | 11 | |||
563 | 12 | -- Chuck Short <zulcss@ubuntu.com> Thu, 29 Nov 2012 12:46:21 -0600 | ||
564 | 13 | |||
565 | 14 | python-keystoneclient (1:0.1.3.37-0ubuntu1) raring-proposed; urgency=low | ||
566 | 15 | |||
567 | 16 | [ Adam Gandelman ] | ||
568 | 17 | * New upstream release. | ||
569 | 18 | |||
570 | 19 | [ Adrien Cunin ] | ||
571 | 20 | * Typo and cosmetic fixes to package description (LP: #960350) | ||
572 | 21 | |||
573 | 22 | -- Adam Gandelman <adamg@canonical.com> Wed, 31 Oct 2012 09:17:26 +0100 | ||
574 | 23 | |||
575 | 1 | python-keystoneclient (1:0.1.3-0ubuntu1~cloud0) precise-folsom; urgency=low | 24 | python-keystoneclient (1:0.1.3-0ubuntu1~cloud0) precise-folsom; urgency=low |
576 | 2 | 25 | ||
577 | 3 | * New upstream snapshot for the Ubuntu Cloud Archive. | 26 | * New upstream snapshot for the Ubuntu Cloud Archive. |
578 | 4 | 27 | ||
579 | === modified file 'debian/control' | |||
580 | --- debian/control 2012-03-02 10:31:44 +0000 | |||
581 | +++ debian/control 2012-11-30 14:11:19 +0000 | |||
582 | @@ -8,7 +8,7 @@ | |||
583 | 8 | 8 | ||
584 | 9 | Package: python-keystoneclient | 9 | Package: python-keystoneclient |
585 | 10 | Architecture: all | 10 | Architecture: all |
589 | 11 | Depends: ${python:Depends}, ${misc:Depends}, python-httplib2 | 11 | Depends: ${python:Depends}, ${misc:Depends}, python-pkg-resources |
590 | 12 | Description: Client libary for Openstack Keystone API | 12 | Description: Client library for OpenStack Identity API |
591 | 13 | This is a client for the OpenStack Keystone API. There's a Python API | 13 | This is a client for the OpenStack Identity API. There's a Python API |
592 | 14 | (the ``keystoneclient`` module), and a command-line script (``keystone``). | 14 | (the ``keystoneclient`` module), and a command-line script (``keystone``). |
593 | 15 | 15 | ||
594 | === added directory 'doc/source/_templates' | |||
595 | === added file 'doc/source/_templates/.placeholder' | |||
596 | === added directory 'doc/source/_theme' | |||
597 | === added file 'doc/source/_theme/layout.html' | |||
598 | --- doc/source/_theme/layout.html 1970-01-01 00:00:00 +0000 | |||
599 | +++ doc/source/_theme/layout.html 2012-11-30 14:11:19 +0000 | |||
600 | @@ -0,0 +1,83 @@ | |||
601 | 1 | {% extends "basic/layout.html" %} | ||
602 | 2 | {% set css_files = css_files + ['_static/tweaks.css'] %} | ||
603 | 3 | {% set script_files = script_files + ['_static/jquery.tweet.js'] %} | ||
604 | 4 | |||
605 | 5 | {%- macro sidebar() %} | ||
606 | 6 | {%- if not embedded %}{% if not theme_nosidebar|tobool %} | ||
607 | 7 | <div class="sphinxsidebar"> | ||
608 | 8 | <div class="sphinxsidebarwrapper"> | ||
609 | 9 | {%- block sidebarlogo %} | ||
610 | 10 | {%- if logo %} | ||
611 | 11 | <p class="logo"><a href="{{ pathto(master_doc) }}"> | ||
612 | 12 | <img class="logo" src="{{ pathto('_static/' + logo, 1) }}" alt="Logo"/> | ||
613 | 13 | </a></p> | ||
614 | 14 | {%- endif %} | ||
615 | 15 | {%- endblock %} | ||
616 | 16 | {%- block sidebartoc %} | ||
617 | 17 | {%- if display_toc %} | ||
618 | 18 | <h3><a href="{{ pathto(master_doc) }}">{{ _('Table Of Contents') }}</a></h3> | ||
619 | 19 | {{ toc }} | ||
620 | 20 | {%- endif %} | ||
621 | 21 | {%- endblock %} | ||
622 | 22 | {%- block sidebarrel %} | ||
623 | 23 | {%- if prev %} | ||
624 | 24 | <h4>{{ _('Previous topic') }}</h4> | ||
625 | 25 | <p class="topless"><a href="{{ prev.link|e }}" | ||
626 | 26 | title="{{ _('previous chapter') }}">{{ prev.title }}</a></p> | ||
627 | 27 | {%- endif %} | ||
628 | 28 | {%- if next %} | ||
629 | 29 | <h4>{{ _('Next topic') }}</h4> | ||
630 | 30 | <p class="topless"><a href="{{ next.link|e }}" | ||
631 | 31 | title="{{ _('next chapter') }}">{{ next.title }}</a></p> | ||
632 | 32 | {%- endif %} | ||
633 | 33 | {%- endblock %} | ||
634 | 34 | {%- block sidebarsourcelink %} | ||
635 | 35 | {%- if show_source and has_source and sourcename %} | ||
636 | 36 | <h3>{{ _('This Page') }}</h3> | ||
637 | 37 | <ul class="this-page-menu"> | ||
638 | 38 | <li><a href="{{ pathto('_sources/' + sourcename, true)|e }}" | ||
639 | 39 | rel="nofollow">{{ _('Show Source') }}</a></li> | ||
640 | 40 | </ul> | ||
641 | 41 | {%- endif %} | ||
642 | 42 | {%- endblock %} | ||
643 | 43 | {%- if customsidebar %} | ||
644 | 44 | {% include customsidebar %} | ||
645 | 45 | {%- endif %} | ||
646 | 46 | {%- block sidebarsearch %} | ||
647 | 47 | {%- if pagename != "search" %} | ||
648 | 48 | <div id="searchbox" style="display: none"> | ||
649 | 49 | <h3>{{ _('Quick search') }}</h3> | ||
650 | 50 | <form class="search" action="{{ pathto('search') }}" method="get"> | ||
651 | 51 | <input type="text" name="q" size="18" /> | ||
652 | 52 | <input type="submit" value="{{ _('Go') }}" /> | ||
653 | 53 | <input type="hidden" name="check_keywords" value="yes" /> | ||
654 | 54 | <input type="hidden" name="area" value="default" /> | ||
655 | 55 | </form> | ||
656 | 56 | <p class="searchtip" style="font-size: 90%"> | ||
657 | 57 | {{ _('Enter search terms or a module, class or function name.') }} | ||
658 | 58 | </p> | ||
659 | 59 | </div> | ||
660 | 60 | <script type="text/javascript">$('#searchbox').show(0);</script> | ||
661 | 61 | {%- endif %} | ||
662 | 62 | {%- endblock %} | ||
663 | 63 | </div> | ||
664 | 64 | </div> | ||
665 | 65 | {%- endif %}{% endif %} | ||
666 | 66 | {%- endmacro %} | ||
667 | 67 | |||
668 | 68 | {% block relbar1 %}{% endblock relbar1 %} | ||
669 | 69 | |||
670 | 70 | {% block header %} | ||
671 | 71 | <div id="header"> | ||
672 | 72 | <h1 id="logo"><a href="http://www.openstack.org/">OpenStack</a></h1> | ||
673 | 73 | <ul id="navigation"> | ||
674 | 74 | <li><a href="http://www.openstack.org/" title="Go to the Home page" class="link">Home</a></li> | ||
675 | 75 | <li><a href="http://www.openstack.org/projects/" title="Go to the OpenStack Projects page">Projects</a></li> | ||
676 | 76 | <li><a href="http://www.openstack.org/user-stories/" title="Go to the User Stories page" class="link">User Stories</a></li> | ||
677 | 77 | <li><a href="http://www.openstack.org/community/" title="Go to the Community page" class="link">Community</a></li> | ||
678 | 78 | <li><a href="http://www.openstack.org/blog/" title="Go to the OpenStack Blog">Blog</a></li> | ||
679 | 79 | <li><a href="http://wiki.openstack.org/" title="Go to the OpenStack Wiki">Wiki</a></li> | ||
680 | 80 | <li><a href="http://docs.openstack.org/" title="Go to OpenStack Documentation" class="current">Documentation</a></li> | ||
681 | 81 | </ul> | ||
682 | 82 | </div> | ||
683 | 83 | {% endblock %} | ||
684 | 0 | \ No newline at end of file | 84 | \ No newline at end of file |
685 | 1 | 85 | ||
686 | === added file 'doc/source/_theme/theme.conf' | |||
687 | --- doc/source/_theme/theme.conf 1970-01-01 00:00:00 +0000 | |||
688 | +++ doc/source/_theme/theme.conf 2012-11-30 14:11:19 +0000 | |||
689 | @@ -0,0 +1,4 @@ | |||
690 | 1 | [theme] | ||
691 | 2 | inherit = basic | ||
692 | 3 | stylesheet = nature.css | ||
693 | 4 | pygments_style = tango | ||
694 | 0 | 5 | ||
695 | === modified file 'doc/source/conf.py' | |||
696 | --- doc/source/conf.py 2012-09-07 13:13:18 +0000 | |||
697 | +++ doc/source/conf.py 2012-11-30 14:11:19 +0000 | |||
698 | @@ -16,7 +16,7 @@ | |||
699 | 16 | import sys | 16 | import sys |
700 | 17 | 17 | ||
701 | 18 | sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), | 18 | sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), |
703 | 19 | "..", ".."))) | 19 | '..', '..'))) |
704 | 20 | 20 | ||
705 | 21 | # If extensions (or modules to document with autodoc) are in another directory, | 21 | # If extensions (or modules to document with autodoc) are in another directory, |
706 | 22 | # add these directories to sys.path here. If the directory is relative to the | 22 | # add these directories to sys.path here. If the directory is relative to the |
707 | @@ -28,7 +28,12 @@ | |||
708 | 28 | # Add any Sphinx extension module names here, as strings. They can be | 28 | # Add any Sphinx extension module names here, as strings. They can be |
709 | 29 | # extensions | 29 | # extensions |
710 | 30 | # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. | 30 | # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. |
712 | 31 | extensions = ['sphinx.ext.autodoc', 'sphinx.ext.intersphinx'] | 31 | extensions = ['sphinx.ext.autodoc', |
713 | 32 | 'sphinx.ext.todo', | ||
714 | 33 | 'sphinx.ext.coverage', | ||
715 | 34 | 'sphinx.ext.intersphinx'] | ||
716 | 35 | |||
717 | 36 | todo_include_todos = True | ||
718 | 32 | 37 | ||
719 | 33 | # Add any paths that contain templates here, relative to this directory. | 38 | # Add any paths that contain templates here, relative to this directory. |
720 | 34 | templates_path = ['_templates'] | 39 | templates_path = ['_templates'] |
721 | @@ -50,10 +55,10 @@ | |||
722 | 50 | # |version| and |release|, also used in various other places throughout the | 55 | # |version| and |release|, also used in various other places throughout the |
723 | 51 | # built documents. | 56 | # built documents. |
724 | 52 | # | 57 | # |
727 | 53 | # The short X.Y version. | 58 | # The short XXXX.Y version. |
728 | 54 | version = '2.7' | 59 | version = '2012.3' |
729 | 55 | # The full version, including alpha/beta/rc tags. | 60 | # The full version, including alpha/beta/rc tags. |
731 | 56 | release = '2.7.0' | 61 | release = '2012.3-dev' |
732 | 57 | 62 | ||
733 | 58 | # The language for content autogenerated by Sphinx. Refer to documentation | 63 | # The language for content autogenerated by Sphinx. Refer to documentation |
734 | 59 | # for a list of supported languages. | 64 | # for a list of supported languages. |
735 | @@ -98,7 +103,8 @@ | |||
736 | 98 | 103 | ||
737 | 99 | # The theme to use for HTML and HTML Help pages. Major themes that come with | 104 | # The theme to use for HTML and HTML Help pages. Major themes that come with |
738 | 100 | # Sphinx are currently 'default' and 'sphinxdoc'. | 105 | # Sphinx are currently 'default' and 'sphinxdoc'. |
740 | 101 | html_theme = 'nature' | 106 | html_theme_path = ["."] |
741 | 107 | html_theme = '_theme' | ||
742 | 102 | 108 | ||
743 | 103 | # Theme options are theme-specific and customize the look and feel of a theme | 109 | # Theme options are theme-specific and customize the look and feel of a theme |
744 | 104 | # further. For a list of options available for each theme, see the | 110 | # further. For a list of options available for each theme, see the |
745 | @@ -127,11 +133,12 @@ | |||
746 | 127 | # Add any paths that contain custom static files (such as style sheets) here, | 133 | # Add any paths that contain custom static files (such as style sheets) here, |
747 | 128 | # relative to this directory. They are copied after the builtin static files, | 134 | # relative to this directory. They are copied after the builtin static files, |
748 | 129 | # so a file named "default.css" will overwrite the builtin "default.css". | 135 | # so a file named "default.css" will overwrite the builtin "default.css". |
750 | 130 | html_static_path = ['_static'] | 136 | html_static_path = ['static'] |
751 | 131 | 137 | ||
752 | 132 | # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, | 138 | # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, |
753 | 133 | # using the given strftime format. | 139 | # using the given strftime format. |
755 | 134 | #html_last_updated_fmt = '%b %d, %Y' | 140 | git_cmd = "git log --pretty=format:'%ad, commit %h' --date=local -n1" |
756 | 141 | html_last_updated_fmt = os.popen(git_cmd).read() | ||
757 | 135 | 142 | ||
758 | 136 | # If true, SmartyPants will be used to convert quotes and dashes to | 143 | # If true, SmartyPants will be used to convert quotes and dashes to |
759 | 137 | # typographically correct entities. | 144 | # typographically correct entities. |
760 | @@ -181,8 +188,9 @@ | |||
761 | 181 | # . | 188 | # . |
762 | 182 | latex_documents = [ | 189 | latex_documents = [ |
763 | 183 | ('index', 'python-keystoneclient.tex', | 190 | ('index', 'python-keystoneclient.tex', |
766 | 184 | u'python-keystoneclient Documentation', | 191 | u'python-keystoneclient Documentation', |
767 | 185 | u'Nebula Inc, based on work by Rackspace and Jacob Kaplan-Moss', 'manual'), | 192 | u'Nebula Inc, based on work by Rackspace and Jacob Kaplan-Moss', |
768 | 193 | 'manual'), | ||
769 | 186 | ] | 194 | ] |
770 | 187 | 195 | ||
771 | 188 | # The name of an image file (relative to this directory) to place at the top of | 196 | # The name of an image file (relative to this directory) to place at the top of |
772 | @@ -204,4 +212,7 @@ | |||
773 | 204 | 212 | ||
774 | 205 | 213 | ||
775 | 206 | # Example configuration for intersphinx: refer to the Python standard library. | 214 | # Example configuration for intersphinx: refer to the Python standard library. |
777 | 207 | intersphinx_mapping = {'http://docs.python.org/': None} | 215 | intersphinx_mapping = {'python': ('http://docs.python.org/', None), |
778 | 216 | 'nova': ('http://nova.openstack.org', None), | ||
779 | 217 | 'swift': ('http://swift.openstack.org', None), | ||
780 | 218 | 'glance': ('http://glance.openstack.org', None)} | ||
781 | 208 | 219 | ||
782 | === modified file 'doc/source/index.rst' | |||
783 | --- doc/source/index.rst 2012-06-22 12:58:18 +0000 | |||
784 | +++ doc/source/index.rst 2012-11-30 14:11:19 +0000 | |||
785 | @@ -1,7 +1,7 @@ | |||
788 | 1 | Python bindings to the OpenStack Keystone API | 1 | Python bindings to the OpenStack Identity API (Keystone) |
789 | 2 | ================================================== | 2 | ======================================================== |
790 | 3 | 3 | ||
792 | 4 | This is a client for OpenStack Keystone API. There's :doc:`a Python API | 4 | This is a client for OpenStack Identity API. There's :doc:`a Python API |
793 | 5 | <using-api>` (the :mod:`keystoneclient` module), and a :doc:`command-line script | 5 | <using-api>` (the :mod:`keystoneclient` module), and a :doc:`command-line script |
794 | 6 | <shell>` (installed as :program:`keystone`). | 6 | <shell>` (installed as :program:`keystone`). |
795 | 7 | 7 | ||
796 | @@ -10,20 +10,21 @@ | |||
797 | 10 | .. toctree:: | 10 | .. toctree:: |
798 | 11 | :maxdepth: 1 | 11 | :maxdepth: 1 |
799 | 12 | 12 | ||
800 | 13 | releases | ||
801 | 14 | shell | ||
802 | 13 | using-api | 15 | using-api |
806 | 14 | shell | 16 | |
807 | 15 | ref/index | 17 | api/autoindex |
805 | 16 | releases | ||
808 | 17 | 18 | ||
809 | 18 | Contributing | 19 | Contributing |
810 | 19 | ============ | 20 | ============ |
811 | 20 | 21 | ||
815 | 21 | Code is hosted `on GitHub`_. Submit bugs to the Keystone project on | 22 | Code is hosted `on GitHub`_. Submit bugs to the Keystone project on |
816 | 22 | `Launchpad`_. Submit code to the openstack/python-keystoneclient project using | 23 | `Launchpad`_. Submit code to the ``openstack/python-keystoneclient`` project |
817 | 23 | `Gerrit`_. | 24 | using `Gerrit`_. |
818 | 24 | 25 | ||
819 | 25 | .. _on GitHub: https://github.com/openstack/python-keystoneclient | 26 | .. _on GitHub: https://github.com/openstack/python-keystoneclient |
821 | 26 | .. _Launchpad: https://launchpad.net/keystone | 27 | .. _Launchpad: https://launchpad.net/python-keystoneclient |
822 | 27 | .. _Gerrit: http://wiki.openstack.org/GerritWorkflow | 28 | .. _Gerrit: http://wiki.openstack.org/GerritWorkflow |
823 | 28 | 29 | ||
824 | 29 | Run tests with ``python setup.py test``. | 30 | Run tests with ``python setup.py test``. |
825 | 30 | 31 | ||
826 | === removed directory 'doc/source/ref' | |||
827 | === removed file 'doc/source/ref/client.rst' | |||
828 | --- doc/source/ref/client.rst 2012-06-22 12:58:18 +0000 | |||
829 | +++ doc/source/ref/client.rst 1970-01-01 00:00:00 +0000 | |||
830 | @@ -1,8 +0,0 @@ | |||
831 | 1 | Client | ||
832 | 2 | ====== | ||
833 | 3 | |||
834 | 4 | .. currentmodule:: keystoneclient.v2_0.client | ||
835 | 5 | |||
836 | 6 | .. autoclass:: Client | ||
837 | 7 | |||
838 | 8 | .. automethod:: authenticate | ||
839 | 9 | 0 | ||
840 | === removed file 'doc/source/ref/endpoints.rst' | |||
841 | --- doc/source/ref/endpoints.rst 2012-06-22 12:58:18 +0000 | |||
842 | +++ doc/source/ref/endpoints.rst 1970-01-01 00:00:00 +0000 | |||
843 | @@ -1,11 +0,0 @@ | |||
844 | 1 | ============================== | ||
845 | 2 | Endpoint Manager and Endpoints | ||
846 | 3 | ============================== | ||
847 | 4 | |||
848 | 5 | |||
849 | 6 | |||
850 | 7 | .. currentmodule:: keystoneclient.v2_0.endpoints | ||
851 | 8 | |||
852 | 9 | .. automodule:: keystoneclient.v2_0.endpoints | ||
853 | 10 | :members: | ||
854 | 11 | |||
855 | 12 | 0 | ||
856 | === removed file 'doc/source/ref/exceptions.rst' | |||
857 | --- doc/source/ref/exceptions.rst 2012-06-22 12:58:18 +0000 | |||
858 | +++ doc/source/ref/exceptions.rst 1970-01-01 00:00:00 +0000 | |||
859 | @@ -1,8 +0,0 @@ | |||
860 | 1 | Exceptions | ||
861 | 2 | ========== | ||
862 | 3 | |||
863 | 4 | .. currentmodule:: keystoneclient.exceptions | ||
864 | 5 | |||
865 | 6 | .. automodule:: keystoneclient.exceptions | ||
866 | 7 | :members: | ||
867 | 8 | |||
868 | 9 | 0 | ||
869 | === removed file 'doc/source/ref/generic-client.rst' | |||
870 | --- doc/source/ref/generic-client.rst 2012-06-22 12:58:18 +0000 | |||
871 | +++ doc/source/ref/generic-client.rst 1970-01-01 00:00:00 +0000 | |||
872 | @@ -1,12 +0,0 @@ | |||
873 | 1 | Generic client | ||
874 | 2 | ============== | ||
875 | 3 | |||
876 | 4 | Use the generic client to obtain access to a specific endpoint version. | ||
877 | 5 | |||
878 | 6 | |||
879 | 7 | .. currentmodule:: keystoneclient.generic.client | ||
880 | 8 | |||
881 | 9 | .. autoclass:: Client | ||
882 | 10 | |||
883 | 11 | .. automethod:: discover | ||
884 | 12 | |||
885 | 13 | 0 | ||
886 | === removed file 'doc/source/ref/index.rst' | |||
887 | --- doc/source/ref/index.rst 2012-06-22 12:58:18 +0000 | |||
888 | +++ doc/source/ref/index.rst 1970-01-01 00:00:00 +0000 | |||
889 | @@ -1,16 +0,0 @@ | |||
890 | 1 | API Reference | ||
891 | 2 | ============= | ||
892 | 3 | |||
893 | 4 | The following API reference documents are available: | ||
894 | 5 | |||
895 | 6 | .. toctree:: | ||
896 | 7 | :maxdepth: 1 | ||
897 | 8 | |||
898 | 9 | client | ||
899 | 10 | generic-client | ||
900 | 11 | tenants | ||
901 | 12 | users | ||
902 | 13 | roles | ||
903 | 14 | services | ||
904 | 15 | endpoints | ||
905 | 16 | exceptions | ||
906 | 17 | 0 | ||
907 | === removed file 'doc/source/ref/roles.rst' | |||
908 | --- doc/source/ref/roles.rst 2012-06-22 12:58:18 +0000 | |||
909 | +++ doc/source/ref/roles.rst 1970-01-01 00:00:00 +0000 | |||
910 | @@ -1,9 +0,0 @@ | |||
911 | 1 | ====================== | ||
912 | 2 | Role Manager and Roles | ||
913 | 3 | ====================== | ||
914 | 4 | |||
915 | 5 | .. currentmodule:: keystoneclient.v2_0.roles | ||
916 | 6 | |||
917 | 7 | .. automodule:: keystoneclient.v2_0.roles | ||
918 | 8 | :members: | ||
919 | 9 | |||
920 | 10 | 0 | ||
921 | === removed file 'doc/source/ref/services.rst' | |||
922 | --- doc/source/ref/services.rst 2012-06-22 12:58:18 +0000 | |||
923 | +++ doc/source/ref/services.rst 1970-01-01 00:00:00 +0000 | |||
924 | @@ -1,11 +0,0 @@ | |||
925 | 1 | ============================ | ||
926 | 2 | Service Manager and Services | ||
927 | 3 | ============================ | ||
928 | 4 | |||
929 | 5 | |||
930 | 6 | |||
931 | 7 | .. currentmodule:: keystoneclient.v2_0.services | ||
932 | 8 | |||
933 | 9 | .. automodule:: keystoneclient.v2_0.services | ||
934 | 10 | :members: | ||
935 | 11 | |||
936 | 12 | 0 | ||
937 | === removed file 'doc/source/ref/tenants.rst' | |||
938 | --- doc/source/ref/tenants.rst 2012-06-22 12:58:18 +0000 | |||
939 | +++ doc/source/ref/tenants.rst 1970-01-01 00:00:00 +0000 | |||
940 | @@ -1,11 +0,0 @@ | |||
941 | 1 | ========================== | ||
942 | 2 | Tenant Manager and Tenants | ||
943 | 3 | ========================== | ||
944 | 4 | |||
945 | 5 | |||
946 | 6 | |||
947 | 7 | .. currentmodule:: keystoneclient.v2_0.tenants | ||
948 | 8 | |||
949 | 9 | .. automodule:: keystoneclient.v2_0.tenants | ||
950 | 10 | :members: | ||
951 | 11 | |||
952 | 12 | 0 | ||
953 | === removed file 'doc/source/ref/users.rst' | |||
954 | --- doc/source/ref/users.rst 2012-06-22 12:58:18 +0000 | |||
955 | +++ doc/source/ref/users.rst 1970-01-01 00:00:00 +0000 | |||
956 | @@ -1,9 +0,0 @@ | |||
957 | 1 | ====================== | ||
958 | 2 | User Manager and Users | ||
959 | 3 | ====================== | ||
960 | 4 | |||
961 | 5 | .. currentmodule:: keystoneclient.v2_0.users | ||
962 | 6 | |||
963 | 7 | .. automodule:: keystoneclient.v2_0.users | ||
964 | 8 | :members: | ||
965 | 9 | |||
966 | 10 | 0 | ||
967 | === modified file 'doc/source/releases.rst' | |||
968 | --- doc/source/releases.rst 2012-06-22 12:58:18 +0000 | |||
969 | +++ doc/source/releases.rst 2012-11-30 14:11:19 +0000 | |||
970 | @@ -2,105 +2,32 @@ | |||
971 | 2 | Release notes | 2 | Release notes |
972 | 3 | ============= | 3 | ============= |
973 | 4 | 4 | ||
979 | 5 | 2.7.0 (October 21, 2011) | 5 | 0.1.3 (August 31, 2012) |
980 | 6 | ======================== | 6 | ======================= |
981 | 7 | * Forked from http://github.com/rackspace/python-novaclient | 7 | * changed logging to report request and response independently in --debug mode |
982 | 8 | * Rebranded to python-keystoneclient | 8 | * changed options to use hyphens instead of underscores |
983 | 9 | * Refactored to support Keystone API (auth, tokens, services, roles, tenants, | 9 | * added support for PKI signed tokens with Keystone |
984 | 10 | |||
985 | 11 | |||
986 | 12 | 0.1.2 (July 9, 2012) | ||
987 | 13 | ==================== | ||
988 | 14 | * added support for two-way SSL and --insecure option to allow for self-signed | ||
989 | 15 | certificates | ||
990 | 16 | * added support for password prompting if not provided | ||
991 | 17 | * added support for bash completion for keystone | ||
992 | 18 | * updated CLI options to use dashes instead of underscores | ||
993 | 19 | |||
994 | 20 | 0.1.1 (June 25, 2012) | ||
995 | 21 | ===================== | ||
996 | 22 | * corrected versioning | ||
997 | 23 | |||
998 | 24 | 0.1.0 (March 29, 2012) | ||
999 | 25 | ====================== | ||
1000 | 26 | * released with OpenStack Essex and Diablo compatibility | ||
1001 | 27 | * forked from http://github.com/rackspace/python-novaclient | ||
1002 | 28 | * refactored to support Identity API (auth, tokens, services, roles, tenants, | ||
1003 | 10 | users, etc.) | 29 | users, etc.) |
1100 | 11 | 30 | * removed legacy arguments of --username, --password, etc in migration to | |
1101 | 12 | 2.5.8 (July 11, 2011) | 31 | support a cross-openstack unified CLI convention defined at |
1102 | 13 | ===================== | 32 | http://wiki.openstack.org/UnifiedCLI |
1103 | 14 | * returns all public/private ips, not just first one | 33 | * required service ID for listing endpoints |
1008 | 15 | * better 'nova list' search options | ||
1009 | 16 | |||
1010 | 17 | 2.5.7 - 2.5.6 = minor tweaks | ||
1011 | 18 | |||
1012 | 19 | 2.5.5 (June 21, 2011) | ||
1013 | 20 | ===================== | ||
1014 | 21 | * zone-boot min/max instance count added thanks to comstud | ||
1015 | 22 | * create for user added thanks to cerberus | ||
1016 | 23 | * fixed tests | ||
1017 | 24 | |||
1018 | 25 | 2.5.3 (June 15, 2011) | ||
1019 | 26 | ===================== | ||
1020 | 27 | * ProjectID can be None for backwards compatability. | ||
1021 | 28 | * README/docs updated for projectId thanks to usrleon | ||
1022 | 29 | |||
1023 | 30 | 2.5.1 (June 10, 2011) | ||
1024 | 31 | ===================== | ||
1025 | 32 | * ProjectID now part of authentication | ||
1026 | 33 | |||
1027 | 34 | 2.5.0 (June 3, 2011) | ||
1028 | 35 | ==================== | ||
1029 | 36 | |||
1030 | 37 | * better logging thanks to GridDynamics | ||
1031 | 38 | |||
1032 | 39 | 2.4.4 (June 1, 2011) | ||
1033 | 40 | ==================== | ||
1034 | 41 | |||
1035 | 42 | * added support for GET /servers with reservation_id (and /servers/detail) | ||
1036 | 43 | |||
1037 | 44 | 2.4.3 (May 27, 2011) | ||
1038 | 45 | ==================== | ||
1039 | 46 | |||
1040 | 47 | * added support for POST /zones/select (client only, not cmdline) | ||
1041 | 48 | |||
1042 | 49 | 2.4 (March 7, 2011) | ||
1043 | 50 | =================== | ||
1044 | 51 | |||
1045 | 52 | * added Jacob Kaplan-Moss copyright notices to older/untouched files. | ||
1046 | 53 | |||
1047 | 54 | |||
1048 | 55 | 2.3 (March 2, 2011) | ||
1049 | 56 | =================== | ||
1050 | 57 | |||
1051 | 58 | * package renamed to python-novaclient. Module to novaclient | ||
1052 | 59 | |||
1053 | 60 | |||
1054 | 61 | 2.2 (March 1, 2011) | ||
1055 | 62 | =================== | ||
1056 | 63 | |||
1057 | 64 | * removed some license/copywrite notices from source that wasn't | ||
1058 | 65 | significantly changed. | ||
1059 | 66 | |||
1060 | 67 | |||
1061 | 68 | 2.1 (Feb 28, 2011) | ||
1062 | 69 | ================== | ||
1063 | 70 | |||
1064 | 71 | * shell renamed to nova from novatools | ||
1065 | 72 | |||
1066 | 73 | * license changed from BSD to Apache | ||
1067 | 74 | |||
1068 | 75 | 2.0 (Feb 7, 2011) | ||
1069 | 76 | ================= | ||
1070 | 77 | |||
1071 | 78 | * Forked from https://github.com/jacobian/python-cloudservers | ||
1072 | 79 | |||
1073 | 80 | * Rebranded to python-novatools | ||
1074 | 81 | |||
1075 | 82 | * Auth URL support | ||
1076 | 83 | |||
1077 | 84 | * New OpenStack specific commands added (pause, suspend, etc) | ||
1078 | 85 | |||
1079 | 86 | 1.2 (August 15, 2010) | ||
1080 | 87 | ===================== | ||
1081 | 88 | |||
1082 | 89 | * Support for Python 2.4 - 2.7. | ||
1083 | 90 | |||
1084 | 91 | * Improved output of :program:`cloudservers ipgroup-list`. | ||
1085 | 92 | |||
1086 | 93 | * Made ``cloudservers boot --ipgroup <name>`` work (as well as ``--ipgroup | ||
1087 | 94 | <id>``). | ||
1088 | 95 | |||
1089 | 96 | 1.1 (May 6, 2010) | ||
1090 | 97 | ================= | ||
1091 | 98 | |||
1092 | 99 | * Added a ``--files`` option to :program:`cloudservers boot` supporting | ||
1093 | 100 | the upload of (up to five) files at boot time. | ||
1094 | 101 | |||
1095 | 102 | * Added a ``--key`` option to :program:`cloudservers boot` to key the server | ||
1096 | 103 | with an SSH public key at boot time. This is just a shortcut for ``--files``, | ||
1097 | 104 | but it's a useful shortcut. | ||
1098 | 105 | |||
1099 | 106 | * Changed the default server image to Ubuntu 10.04 LTS. | ||
1104 | 107 | 34 | ||
1105 | === modified file 'doc/source/shell.rst' | |||
1106 | --- doc/source/shell.rst 2012-09-07 13:13:18 +0000 | |||
1107 | +++ doc/source/shell.rst 2012-11-30 14:11:19 +0000 | |||
1108 | @@ -1,22 +1,43 @@ | |||
1109 | 1 | The :program:`keystone` shell utility | 1 | The :program:`keystone` shell utility |
1111 | 2 | ========================================= | 2 | ===================================== |
1112 | 3 | 3 | ||
1113 | 4 | .. program:: keystone | 4 | .. program:: keystone |
1114 | 5 | .. highlight:: bash | 5 | .. highlight:: bash |
1115 | 6 | 6 | ||
1116 | 7 | 7 | ||
1129 | 8 | The :program:`keystone` shell utility interacts with OpenStack Keystone API | 8 | The :program:`keystone` shell utility interacts with OpenStack Identity API |
1130 | 9 | from the command line. It supports the entirety of the OpenStack Keystone API. | 9 | from the command line. It supports the entirety of the OpenStack Identity API. |
1131 | 10 | 10 | ||
1132 | 11 | First, you'll need an OpenStack Keystone account. You get this by using the | 11 | To communicate with the API, you will need to be authenticated - and the |
1133 | 12 | `keystone-manage` command in OpenStack Keystone. | 12 | :program:`keystone` provides multiple options for this. |
1134 | 13 | 13 | ||
1135 | 14 | You'll need to provide :program:`keystone` with your OpenStack username and | 14 | While bootstrapping keystone the authentication is accomplished with a |
1136 | 15 | password. You can do this with the :option:`--os-username`, :option:`--os-password`. | 15 | shared secret token and the location of the Identity API endpoint. The |
1137 | 16 | You can optionally specify a :option:`--os-tenant-id` or :option:`--os-tenant-name`, | 16 | shared secret token is configured in keystone.conf as "admin_token". |
1138 | 17 | to scope your token to a specific tenant. If you don't specify a tenant, you | 17 | |
1139 | 18 | will be scoped to your default tenant if you have one. Instead of using | 18 | You can specify those values on the command line with :option:`--os-token` |
1140 | 19 | options, it is easier to just set them as environment variables: | 19 | and :option:`--os-endpoint`, or set them in environment variables: |
1141 | 20 | |||
1142 | 21 | .. envvar:: OS_SERVICE_TOKEN | ||
1143 | 22 | |||
1144 | 23 | Your keystone administrative token | ||
1145 | 24 | |||
1146 | 25 | .. envvar:: OS_SERVICE_ENDPOINT | ||
1147 | 26 | |||
1148 | 27 | Your Identity API endpoint | ||
1149 | 28 | |||
1150 | 29 | The command line options will override any environment variables set. | ||
1151 | 30 | |||
1152 | 31 | If you already have accounts, you can use your OpenStack username and | ||
1153 | 32 | password. You can do this with the :option:`--os-username`, | ||
1154 | 33 | :option:`--os-password`. | ||
1155 | 34 | |||
1156 | 35 | Keystone allows a user to be associated with one or more tenants. To specify | ||
1157 | 36 | the tenant for which you want to authorize against, you may optionally | ||
1158 | 37 | specify a :option:`--os-tenant-id` or :option:`--os-tenant-name`. | ||
1159 | 38 | |||
1160 | 39 | Instead of using options, it is easier to just set them as environment | ||
1161 | 40 | variables: | ||
1162 | 20 | 41 | ||
1163 | 21 | .. envvar:: OS_USERNAME | 42 | .. envvar:: OS_USERNAME |
1164 | 22 | 43 | ||
1165 | 23 | 44 | ||
1166 | === added directory 'doc/source/static' | |||
1167 | === added file 'doc/source/static/basic.css' | |||
1168 | --- doc/source/static/basic.css 1970-01-01 00:00:00 +0000 | |||
1169 | +++ doc/source/static/basic.css 2012-11-30 14:11:19 +0000 | |||
1170 | @@ -0,0 +1,416 @@ | |||
1171 | 1 | /** | ||
1172 | 2 | * Sphinx stylesheet -- basic theme | ||
1173 | 3 | * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
1174 | 4 | */ | ||
1175 | 5 | |||
1176 | 6 | /* -- main layout ----------------------------------------------------------- */ | ||
1177 | 7 | |||
1178 | 8 | div.clearer { | ||
1179 | 9 | clear: both; | ||
1180 | 10 | } | ||
1181 | 11 | |||
1182 | 12 | /* -- relbar ---------------------------------------------------------------- */ | ||
1183 | 13 | |||
1184 | 14 | div.related { | ||
1185 | 15 | width: 100%; | ||
1186 | 16 | font-size: 90%; | ||
1187 | 17 | } | ||
1188 | 18 | |||
1189 | 19 | div.related h3 { | ||
1190 | 20 | display: none; | ||
1191 | 21 | } | ||
1192 | 22 | |||
1193 | 23 | div.related ul { | ||
1194 | 24 | margin: 0; | ||
1195 | 25 | padding: 0 0 0 10px; | ||
1196 | 26 | list-style: none; | ||
1197 | 27 | } | ||
1198 | 28 | |||
1199 | 29 | div.related li { | ||
1200 | 30 | display: inline; | ||
1201 | 31 | } | ||
1202 | 32 | |||
1203 | 33 | div.related li.right { | ||
1204 | 34 | float: right; | ||
1205 | 35 | margin-right: 5px; | ||
1206 | 36 | } | ||
1207 | 37 | |||
1208 | 38 | /* -- sidebar --------------------------------------------------------------- */ | ||
1209 | 39 | |||
1210 | 40 | div.sphinxsidebarwrapper { | ||
1211 | 41 | padding: 10px 5px 0 10px; | ||
1212 | 42 | } | ||
1213 | 43 | |||
1214 | 44 | div.sphinxsidebar { | ||
1215 | 45 | float: left; | ||
1216 | 46 | width: 230px; | ||
1217 | 47 | margin-left: -100%; | ||
1218 | 48 | font-size: 90%; | ||
1219 | 49 | } | ||
1220 | 50 | |||
1221 | 51 | div.sphinxsidebar ul { | ||
1222 | 52 | list-style: none; | ||
1223 | 53 | } | ||
1224 | 54 | |||
1225 | 55 | div.sphinxsidebar ul ul, | ||
1226 | 56 | div.sphinxsidebar ul.want-points { | ||
1227 | 57 | margin-left: 20px; | ||
1228 | 58 | list-style: square; | ||
1229 | 59 | } | ||
1230 | 60 | |||
1231 | 61 | div.sphinxsidebar ul ul { | ||
1232 | 62 | margin-top: 0; | ||
1233 | 63 | margin-bottom: 0; | ||
1234 | 64 | } | ||
1235 | 65 | |||
1236 | 66 | div.sphinxsidebar form { | ||
1237 | 67 | margin-top: 10px; | ||
1238 | 68 | } | ||
1239 | 69 | |||
1240 | 70 | div.sphinxsidebar input { | ||
1241 | 71 | border: 1px solid #98dbcc; | ||
1242 | 72 | font-family: sans-serif; | ||
1243 | 73 | font-size: 1em; | ||
1244 | 74 | } | ||
1245 | 75 | |||
1246 | 76 | img { | ||
1247 | 77 | border: 0; | ||
1248 | 78 | } | ||
1249 | 79 | |||
1250 | 80 | /* -- search page ----------------------------------------------------------- */ | ||
1251 | 81 | |||
1252 | 82 | ul.search { | ||
1253 | 83 | margin: 10px 0 0 20px; | ||
1254 | 84 | padding: 0; | ||
1255 | 85 | } | ||
1256 | 86 | |||
1257 | 87 | ul.search li { | ||
1258 | 88 | padding: 5px 0 5px 20px; | ||
1259 | 89 | background-image: url(file.png); | ||
1260 | 90 | background-repeat: no-repeat; | ||
1261 | 91 | background-position: 0 7px; | ||
1262 | 92 | } | ||
1263 | 93 | |||
1264 | 94 | ul.search li a { | ||
1265 | 95 | font-weight: bold; | ||
1266 | 96 | } | ||
1267 | 97 | |||
1268 | 98 | ul.search li div.context { | ||
1269 | 99 | color: #888; | ||
1270 | 100 | margin: 2px 0 0 30px; | ||
1271 | 101 | text-align: left; | ||
1272 | 102 | } | ||
1273 | 103 | |||
1274 | 104 | ul.keywordmatches li.goodmatch a { | ||
1275 | 105 | font-weight: bold; | ||
1276 | 106 | } | ||
1277 | 107 | |||
1278 | 108 | /* -- index page ------------------------------------------------------------ */ | ||
1279 | 109 | |||
1280 | 110 | table.contentstable { | ||
1281 | 111 | width: 90%; | ||
1282 | 112 | } | ||
1283 | 113 | |||
1284 | 114 | table.contentstable p.biglink { | ||
1285 | 115 | line-height: 150%; | ||
1286 | 116 | } | ||
1287 | 117 | |||
1288 | 118 | a.biglink { | ||
1289 | 119 | font-size: 1.3em; | ||
1290 | 120 | } | ||
1291 | 121 | |||
1292 | 122 | span.linkdescr { | ||
1293 | 123 | font-style: italic; | ||
1294 | 124 | padding-top: 5px; | ||
1295 | 125 | font-size: 90%; | ||
1296 | 126 | } | ||
1297 | 127 | |||
1298 | 128 | /* -- general index --------------------------------------------------------- */ | ||
1299 | 129 | |||
1300 | 130 | table.indextable td { | ||
1301 | 131 | text-align: left; | ||
1302 | 132 | vertical-align: top; | ||
1303 | 133 | } | ||
1304 | 134 | |||
1305 | 135 | table.indextable dl, table.indextable dd { | ||
1306 | 136 | margin-top: 0; | ||
1307 | 137 | margin-bottom: 0; | ||
1308 | 138 | } | ||
1309 | 139 | |||
1310 | 140 | table.indextable tr.pcap { | ||
1311 | 141 | height: 10px; | ||
1312 | 142 | } | ||
1313 | 143 | |||
1314 | 144 | table.indextable tr.cap { | ||
1315 | 145 | margin-top: 10px; | ||
1316 | 146 | background-color: #f2f2f2; | ||
1317 | 147 | } | ||
1318 | 148 | |||
1319 | 149 | img.toggler { | ||
1320 | 150 | margin-right: 3px; | ||
1321 | 151 | margin-top: 3px; | ||
1322 | 152 | cursor: pointer; | ||
1323 | 153 | } | ||
1324 | 154 | |||
1325 | 155 | /* -- general body styles --------------------------------------------------- */ | ||
1326 | 156 | |||
1327 | 157 | a.headerlink { | ||
1328 | 158 | visibility: hidden; | ||
1329 | 159 | } | ||
1330 | 160 | |||
1331 | 161 | h1:hover > a.headerlink, | ||
1332 | 162 | h2:hover > a.headerlink, | ||
1333 | 163 | h3:hover > a.headerlink, | ||
1334 | 164 | h4:hover > a.headerlink, | ||
1335 | 165 | h5:hover > a.headerlink, | ||
1336 | 166 | h6:hover > a.headerlink, | ||
1337 | 167 | dt:hover > a.headerlink { | ||
1338 | 168 | visibility: visible; | ||
1339 | 169 | } | ||
1340 | 170 | |||
1341 | 171 | div.body p.caption { | ||
1342 | 172 | text-align: inherit; | ||
1343 | 173 | } | ||
1344 | 174 | |||
1345 | 175 | div.body td { | ||
1346 | 176 | text-align: left; | ||
1347 | 177 | } | ||
1348 | 178 | |||
1349 | 179 | .field-list ul { | ||
1350 | 180 | padding-left: 1em; | ||
1351 | 181 | } | ||
1352 | 182 | |||
1353 | 183 | .first { | ||
1354 | 184 | } | ||
1355 | 185 | |||
1356 | 186 | p.rubric { | ||
1357 | 187 | margin-top: 30px; | ||
1358 | 188 | font-weight: bold; | ||
1359 | 189 | } | ||
1360 | 190 | |||
1361 | 191 | /* -- sidebars -------------------------------------------------------------- */ | ||
1362 | 192 | |||
1363 | 193 | div.sidebar { | ||
1364 | 194 | margin: 0 0 0.5em 1em; | ||
1365 | 195 | border: 1px solid #ddb; | ||
1366 | 196 | padding: 7px 7px 0 7px; | ||
1367 | 197 | background-color: #ffe; | ||
1368 | 198 | width: 40%; | ||
1369 | 199 | float: right; | ||
1370 | 200 | } | ||
1371 | 201 | |||
1372 | 202 | p.sidebar-title { | ||
1373 | 203 | font-weight: bold; | ||
1374 | 204 | } | ||
1375 | 205 | |||
1376 | 206 | /* -- topics ---------------------------------------------------------------- */ | ||
1377 | 207 | |||
1378 | 208 | div.topic { | ||
1379 | 209 | border: 1px solid #ccc; | ||
1380 | 210 | padding: 7px 7px 0 7px; | ||
1381 | 211 | margin: 10px 0 10px 0; | ||
1382 | 212 | } | ||
1383 | 213 | |||
1384 | 214 | p.topic-title { | ||
1385 | 215 | font-size: 1.1em; | ||
1386 | 216 | font-weight: bold; | ||
1387 | 217 | margin-top: 10px; | ||
1388 | 218 | } | ||
1389 | 219 | |||
1390 | 220 | /* -- admonitions ----------------------------------------------------------- */ | ||
1391 | 221 | |||
1392 | 222 | div.admonition { | ||
1393 | 223 | margin-top: 10px; | ||
1394 | 224 | margin-bottom: 10px; | ||
1395 | 225 | padding: 7px; | ||
1396 | 226 | } | ||
1397 | 227 | |||
1398 | 228 | div.admonition dt { | ||
1399 | 229 | font-weight: bold; | ||
1400 | 230 | } | ||
1401 | 231 | |||
1402 | 232 | div.admonition dl { | ||
1403 | 233 | margin-bottom: 0; | ||
1404 | 234 | } | ||
1405 | 235 | |||
1406 | 236 | p.admonition-title { | ||
1407 | 237 | margin: 0px 10px 5px 0px; | ||
1408 | 238 | font-weight: bold; | ||
1409 | 239 | } | ||
1410 | 240 | |||
1411 | 241 | div.body p.centered { | ||
1412 | 242 | text-align: center; | ||
1413 | 243 | margin-top: 25px; | ||
1414 | 244 | } | ||
1415 | 245 | |||
1416 | 246 | /* -- tables ---------------------------------------------------------------- */ | ||
1417 | 247 | |||
1418 | 248 | table.docutils { | ||
1419 | 249 | border: 0; | ||
1420 | 250 | border-collapse: collapse; | ||
1421 | 251 | } | ||
1422 | 252 | |||
1423 | 253 | table.docutils td, table.docutils th { | ||
1424 | 254 | padding: 1px 8px 1px 0; | ||
1425 | 255 | border-top: 0; | ||
1426 | 256 | border-left: 0; | ||
1427 | 257 | border-right: 0; | ||
1428 | 258 | border-bottom: 1px solid #aaa; | ||
1429 | 259 | } | ||
1430 | 260 | |||
1431 | 261 | table.field-list td, table.field-list th { | ||
1432 | 262 | border: 0 !important; | ||
1433 | 263 | } | ||
1434 | 264 | |||
1435 | 265 | table.footnote td, table.footnote th { | ||
1436 | 266 | border: 0 !important; | ||
1437 | 267 | } | ||
1438 | 268 | |||
1439 | 269 | th { | ||
1440 | 270 | text-align: left; | ||
1441 | 271 | padding-right: 5px; | ||
1442 | 272 | } | ||
1443 | 273 | |||
1444 | 274 | /* -- other body styles ----------------------------------------------------- */ | ||
1445 | 275 | |||
1446 | 276 | dl { | ||
1447 | 277 | margin-bottom: 15px; | ||
1448 | 278 | } | ||
1449 | 279 | |||
1450 | 280 | dd p { | ||
1451 | 281 | margin-top: 0px; | ||
1452 | 282 | } | ||
1453 | 283 | |||
1454 | 284 | dd ul, dd table { | ||
1455 | 285 | margin-bottom: 10px; | ||
1456 | 286 | } | ||
1457 | 287 | |||
1458 | 288 | dd { | ||
1459 | 289 | margin-top: 3px; | ||
1460 | 290 | margin-bottom: 10px; | ||
1461 | 291 | margin-left: 30px; | ||
1462 | 292 | } | ||
1463 | 293 | |||
1464 | 294 | dt:target, .highlight { | ||
1465 | 295 | background-color: #fbe54e; | ||
1466 | 296 | } | ||
1467 | 297 | |||
1468 | 298 | dl.glossary dt { | ||
1469 | 299 | font-weight: bold; | ||
1470 | 300 | font-size: 1.1em; | ||
1471 | 301 | } | ||
1472 | 302 | |||
1473 | 303 | .field-list ul { | ||
1474 | 304 | margin: 0; | ||
1475 | 305 | padding-left: 1em; | ||
1476 | 306 | } | ||
1477 | 307 | |||
1478 | 308 | .field-list p { | ||
1479 | 309 | margin: 0; | ||
1480 | 310 | } | ||
1481 | 311 | |||
1482 | 312 | .refcount { | ||
1483 | 313 | color: #060; | ||
1484 | 314 | } | ||
1485 | 315 | |||
1486 | 316 | .optional { | ||
1487 | 317 | font-size: 1.3em; | ||
1488 | 318 | } | ||
1489 | 319 | |||
1490 | 320 | .versionmodified { | ||
1491 | 321 | font-style: italic; | ||
1492 | 322 | } | ||
1493 | 323 | |||
1494 | 324 | .system-message { | ||
1495 | 325 | background-color: #fda; | ||
1496 | 326 | padding: 5px; | ||
1497 | 327 | border: 3px solid red; | ||
1498 | 328 | } | ||
1499 | 329 | |||
1500 | 330 | .footnote:target { | ||
1501 | 331 | background-color: #ffa | ||
1502 | 332 | } | ||
1503 | 333 | |||
1504 | 334 | .line-block { | ||
1505 | 335 | display: block; | ||
1506 | 336 | margin-top: 1em; | ||
1507 | 337 | margin-bottom: 1em; | ||
1508 | 338 | } | ||
1509 | 339 | |||
1510 | 340 | .line-block .line-block { | ||
1511 | 341 | margin-top: 0; | ||
1512 | 342 | margin-bottom: 0; | ||
1513 | 343 | margin-left: 1.5em; | ||
1514 | 344 | } | ||
1515 | 345 | |||
1516 | 346 | /* -- code displays --------------------------------------------------------- */ | ||
1517 | 347 | |||
1518 | 348 | pre { | ||
1519 | 349 | overflow: auto; | ||
1520 | 350 | } | ||
1521 | 351 | |||
1522 | 352 | td.linenos pre { | ||
1523 | 353 | padding: 5px 0px; | ||
1524 | 354 | border: 0; | ||
1525 | 355 | background-color: transparent; | ||
1526 | 356 | color: #aaa; | ||
1527 | 357 | } | ||
1528 | 358 | |||
1529 | 359 | table.highlighttable { | ||
1530 | 360 | margin-left: 0.5em; | ||
1531 | 361 | } | ||
1532 | 362 | |||
1533 | 363 | table.highlighttable td { | ||
1534 | 364 | padding: 0 0.5em 0 0.5em; | ||
1535 | 365 | } | ||
1536 | 366 | |||
1537 | 367 | tt.descname { | ||
1538 | 368 | background-color: transparent; | ||
1539 | 369 | font-weight: bold; | ||
1540 | 370 | font-size: 1.2em; | ||
1541 | 371 | } | ||
1542 | 372 | |||
1543 | 373 | tt.descclassname { | ||
1544 | 374 | background-color: transparent; | ||
1545 | 375 | } | ||
1546 | 376 | |||
1547 | 377 | tt.xref, a tt { | ||
1548 | 378 | background-color: transparent; | ||
1549 | 379 | font-weight: bold; | ||
1550 | 380 | } | ||
1551 | 381 | |||
1552 | 382 | h1 tt, h2 tt, h3 tt, h4 tt, h5 tt, h6 tt { | ||
1553 | 383 | background-color: transparent; | ||
1554 | 384 | } | ||
1555 | 385 | |||
1556 | 386 | /* -- math display ---------------------------------------------------------- */ | ||
1557 | 387 | |||
1558 | 388 | img.math { | ||
1559 | 389 | vertical-align: middle; | ||
1560 | 390 | } | ||
1561 | 391 | |||
1562 | 392 | div.body div.math p { | ||
1563 | 393 | text-align: center; | ||
1564 | 394 | } | ||
1565 | 395 | |||
1566 | 396 | span.eqno { | ||
1567 | 397 | float: right; | ||
1568 | 398 | } | ||
1569 | 399 | |||
1570 | 400 | /* -- printout stylesheet --------------------------------------------------- */ | ||
1571 | 401 | |||
1572 | 402 | @media print { | ||
1573 | 403 | div.document, | ||
1574 | 404 | div.documentwrapper, | ||
1575 | 405 | div.bodywrapper { | ||
1576 | 406 | margin: 0 !important; | ||
1577 | 407 | width: 100%; | ||
1578 | 408 | } | ||
1579 | 409 | |||
1580 | 410 | div.sphinxsidebar, | ||
1581 | 411 | div.related, | ||
1582 | 412 | div.footer, | ||
1583 | 413 | #top-link { | ||
1584 | 414 | display: none; | ||
1585 | 415 | } | ||
1586 | 416 | } | ||
1587 | 0 | 417 | ||
1588 | === added file 'doc/source/static/default.css' | |||
1589 | --- doc/source/static/default.css 1970-01-01 00:00:00 +0000 | |||
1590 | +++ doc/source/static/default.css 2012-11-30 14:11:19 +0000 | |||
1591 | @@ -0,0 +1,230 @@ | |||
1592 | 1 | /** | ||
1593 | 2 | * Sphinx stylesheet -- default theme | ||
1594 | 3 | * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
1595 | 4 | */ | ||
1596 | 5 | |||
1597 | 6 | @import url("basic.css"); | ||
1598 | 7 | |||
1599 | 8 | /* -- page layout ----------------------------------------------------------- */ | ||
1600 | 9 | |||
1601 | 10 | body { | ||
1602 | 11 | font-family: sans-serif; | ||
1603 | 12 | font-size: 100%; | ||
1604 | 13 | background-color: #11303d; | ||
1605 | 14 | color: #000; | ||
1606 | 15 | margin: 0; | ||
1607 | 16 | padding: 0; | ||
1608 | 17 | } | ||
1609 | 18 | |||
1610 | 19 | div.document { | ||
1611 | 20 | background-color: #1c4e63; | ||
1612 | 21 | } | ||
1613 | 22 | |||
1614 | 23 | div.documentwrapper { | ||
1615 | 24 | float: left; | ||
1616 | 25 | width: 100%; | ||
1617 | 26 | } | ||
1618 | 27 | |||
1619 | 28 | div.bodywrapper { | ||
1620 | 29 | margin: 0 0 0 230px; | ||
1621 | 30 | } | ||
1622 | 31 | |||
1623 | 32 | div.body { | ||
1624 | 33 | background-color: #ffffff; | ||
1625 | 34 | color: #000000; | ||
1626 | 35 | padding: 0 20px 30px 20px; | ||
1627 | 36 | } | ||
1628 | 37 | |||
1629 | 38 | div.footer { | ||
1630 | 39 | color: #ffffff; | ||
1631 | 40 | width: 100%; | ||
1632 | 41 | padding: 9px 0 9px 0; | ||
1633 | 42 | text-align: center; | ||
1634 | 43 | font-size: 75%; | ||
1635 | 44 | } | ||
1636 | 45 | |||
1637 | 46 | div.footer a { | ||
1638 | 47 | color: #ffffff; | ||
1639 | 48 | text-decoration: underline; | ||
1640 | 49 | } | ||
1641 | 50 | |||
1642 | 51 | div.related { | ||
1643 | 52 | background-color: #133f52; | ||
1644 | 53 | line-height: 30px; | ||
1645 | 54 | color: #ffffff; | ||
1646 | 55 | } | ||
1647 | 56 | |||
1648 | 57 | div.related a { | ||
1649 | 58 | color: #ffffff; | ||
1650 | 59 | } | ||
1651 | 60 | |||
1652 | 61 | div.sphinxsidebar { | ||
1653 | 62 | } | ||
1654 | 63 | |||
1655 | 64 | div.sphinxsidebar h3 { | ||
1656 | 65 | font-family: 'Trebuchet MS', sans-serif; | ||
1657 | 66 | color: #ffffff; | ||
1658 | 67 | font-size: 1.4em; | ||
1659 | 68 | font-weight: normal; | ||
1660 | 69 | margin: 0; | ||
1661 | 70 | padding: 0; | ||
1662 | 71 | } | ||
1663 | 72 | |||
1664 | 73 | div.sphinxsidebar h3 a { | ||
1665 | 74 | color: #ffffff; | ||
1666 | 75 | } | ||
1667 | 76 | |||
1668 | 77 | div.sphinxsidebar h4 { | ||
1669 | 78 | font-family: 'Trebuchet MS', sans-serif; | ||
1670 | 79 | color: #ffffff; | ||
1671 | 80 | font-size: 1.3em; | ||
1672 | 81 | font-weight: normal; | ||
1673 | 82 | margin: 5px 0 0 0; | ||
1674 | 83 | padding: 0; | ||
1675 | 84 | } | ||
1676 | 85 | |||
1677 | 86 | div.sphinxsidebar p { | ||
1678 | 87 | color: #ffffff; | ||
1679 | 88 | } | ||
1680 | 89 | |||
1681 | 90 | div.sphinxsidebar p.topless { | ||
1682 | 91 | margin: 5px 10px 10px 10px; | ||
1683 | 92 | } | ||
1684 | 93 | |||
1685 | 94 | div.sphinxsidebar ul { | ||
1686 | 95 | margin: 10px; | ||
1687 | 96 | padding: 0; | ||
1688 | 97 | color: #ffffff; | ||
1689 | 98 | } | ||
1690 | 99 | |||
1691 | 100 | div.sphinxsidebar a { | ||
1692 | 101 | color: #98dbcc; | ||
1693 | 102 | } | ||
1694 | 103 | |||
1695 | 104 | div.sphinxsidebar input { | ||
1696 | 105 | border: 1px solid #98dbcc; | ||
1697 | 106 | font-family: sans-serif; | ||
1698 | 107 | font-size: 1em; | ||
1699 | 108 | } | ||
1700 | 109 | |||
1701 | 110 | /* -- body styles ----------------------------------------------------------- */ | ||
1702 | 111 | |||
1703 | 112 | a { | ||
1704 | 113 | color: #355f7c; | ||
1705 | 114 | text-decoration: none; | ||
1706 | 115 | } | ||
1707 | 116 | |||
1708 | 117 | a:hover { | ||
1709 | 118 | text-decoration: underline; | ||
1710 | 119 | } | ||
1711 | 120 | |||
1712 | 121 | div.body p, div.body dd, div.body li { | ||
1713 | 122 | text-align: left; | ||
1714 | 123 | line-height: 130%; | ||
1715 | 124 | } | ||
1716 | 125 | |||
1717 | 126 | div.body h1, | ||
1718 | 127 | div.body h2, | ||
1719 | 128 | div.body h3, | ||
1720 | 129 | div.body h4, | ||
1721 | 130 | div.body h5, | ||
1722 | 131 | div.body h6 { | ||
1723 | 132 | font-family: 'Trebuchet MS', sans-serif; | ||
1724 | 133 | background-color: #f2f2f2; | ||
1725 | 134 | font-weight: normal; | ||
1726 | 135 | color: #20435c; | ||
1727 | 136 | border-bottom: 1px solid #ccc; | ||
1728 | 137 | margin: 20px -20px 10px -20px; | ||
1729 | 138 | padding: 3px 0 3px 10px; | ||
1730 | 139 | } | ||
1731 | 140 | |||
1732 | 141 | div.body h1 { margin-top: 0; font-size: 200%; } | ||
1733 | 142 | div.body h2 { font-size: 160%; } | ||
1734 | 143 | div.body h3 { font-size: 140%; } | ||
1735 | 144 | div.body h4 { font-size: 120%; } | ||
1736 | 145 | div.body h5 { font-size: 110%; } | ||
1737 | 146 | div.body h6 { font-size: 100%; } | ||
1738 | 147 | |||
1739 | 148 | a.headerlink { | ||
1740 | 149 | color: #c60f0f; | ||
1741 | 150 | font-size: 0.8em; | ||
1742 | 151 | padding: 0 4px 0 4px; | ||
1743 | 152 | text-decoration: none; | ||
1744 | 153 | } | ||
1745 | 154 | |||
1746 | 155 | a.headerlink:hover { | ||
1747 | 156 | background-color: #c60f0f; | ||
1748 | 157 | color: white; | ||
1749 | 158 | } | ||
1750 | 159 | |||
1751 | 160 | div.body p, div.body dd, div.body li { | ||
1752 | 161 | text-align: left; | ||
1753 | 162 | line-height: 130%; | ||
1754 | 163 | } | ||
1755 | 164 | |||
1756 | 165 | div.admonition p.admonition-title + p { | ||
1757 | 166 | display: inline; | ||
1758 | 167 | } | ||
1759 | 168 | |||
1760 | 169 | div.admonition p { | ||
1761 | 170 | margin-bottom: 5px; | ||
1762 | 171 | } | ||
1763 | 172 | |||
1764 | 173 | div.admonition pre { | ||
1765 | 174 | margin-bottom: 5px; | ||
1766 | 175 | } | ||
1767 | 176 | |||
1768 | 177 | div.admonition ul, div.admonition ol { | ||
1769 | 178 | margin-bottom: 5px; | ||
1770 | 179 | } | ||
1771 | 180 | |||
1772 | 181 | div.note { | ||
1773 | 182 | background-color: #eee; | ||
1774 | 183 | border: 1px solid #ccc; | ||
1775 | 184 | } | ||
1776 | 185 | |||
1777 | 186 | div.seealso { | ||
1778 | 187 | background-color: #ffc; | ||
1779 | 188 | border: 1px solid #ff6; | ||
1780 | 189 | } | ||
1781 | 190 | |||
1782 | 191 | div.topic { | ||
1783 | 192 | background-color: #eee; | ||
1784 | 193 | } | ||
1785 | 194 | |||
1786 | 195 | div.warning { | ||
1787 | 196 | background-color: #ffe4e4; | ||
1788 | 197 | border: 1px solid #f66; | ||
1789 | 198 | } | ||
1790 | 199 | |||
1791 | 200 | p.admonition-title { | ||
1792 | 201 | display: inline; | ||
1793 | 202 | } | ||
1794 | 203 | |||
1795 | 204 | p.admonition-title:after { | ||
1796 | 205 | content: ":"; | ||
1797 | 206 | } | ||
1798 | 207 | |||
1799 | 208 | pre { | ||
1800 | 209 | padding: 5px; | ||
1801 | 210 | background-color: #eeffcc; | ||
1802 | 211 | color: #333333; | ||
1803 | 212 | line-height: 120%; | ||
1804 | 213 | border: 1px solid #ac9; | ||
1805 | 214 | border-left: none; | ||
1806 | 215 | border-right: none; | ||
1807 | 216 | } | ||
1808 | 217 | |||
1809 | 218 | tt { | ||
1810 | 219 | background-color: #ecf0f3; | ||
1811 | 220 | padding: 0 1px 0 1px; | ||
1812 | 221 | font-size: 0.95em; | ||
1813 | 222 | } | ||
1814 | 223 | |||
1815 | 224 | .warning tt { | ||
1816 | 225 | background: #efc2c2; | ||
1817 | 226 | } | ||
1818 | 227 | |||
1819 | 228 | .note tt { | ||
1820 | 229 | background: #d6d6d6; | ||
1821 | 230 | } | ||
1822 | 0 | 231 | ||
1823 | === added file 'doc/source/static/header-line.gif' | |||
1824 | 1 | Binary files doc/source/static/header-line.gif 1970-01-01 00:00:00 +0000 and doc/source/static/header-line.gif 2012-11-30 14:11:19 +0000 differ | 232 | Binary files doc/source/static/header-line.gif 1970-01-01 00:00:00 +0000 and doc/source/static/header-line.gif 2012-11-30 14:11:19 +0000 differ |
1825 | === added file 'doc/source/static/header_bg.jpg' | |||
1826 | 2 | Binary files doc/source/static/header_bg.jpg 1970-01-01 00:00:00 +0000 and doc/source/static/header_bg.jpg 2012-11-30 14:11:19 +0000 differ | 233 | Binary files doc/source/static/header_bg.jpg 1970-01-01 00:00:00 +0000 and doc/source/static/header_bg.jpg 2012-11-30 14:11:19 +0000 differ |
1827 | === added file 'doc/source/static/jquery.tweet.js' | |||
1828 | --- doc/source/static/jquery.tweet.js 1970-01-01 00:00:00 +0000 | |||
1829 | +++ doc/source/static/jquery.tweet.js 2012-11-30 14:11:19 +0000 | |||
1830 | @@ -0,0 +1,154 @@ | |||
1831 | 1 | (function($) { | ||
1832 | 2 | |||
1833 | 3 | $.fn.tweet = function(o){ | ||
1834 | 4 | var s = { | ||
1835 | 5 | username: ["seaofclouds"], // [string] required, unless you want to display our tweets. :) it can be an array, just do ["username1","username2","etc"] | ||
1836 | 6 | list: null, //[string] optional name of list belonging to username | ||
1837 | 7 | avatar_size: null, // [integer] height and width of avatar if displayed (48px max) | ||
1838 | 8 | count: 3, // [integer] how many tweets to display? | ||
1839 | 9 | intro_text: null, // [string] do you want text BEFORE your your tweets? | ||
1840 | 10 | outro_text: null, // [string] do you want text AFTER your tweets? | ||
1841 | 11 | join_text: null, // [string] optional text in between date and tweet, try setting to "auto" | ||
1842 | 12 | auto_join_text_default: "i said,", // [string] auto text for non verb: "i said" bullocks | ||
1843 | 13 | auto_join_text_ed: "i", // [string] auto text for past tense: "i" surfed | ||
1844 | 14 | auto_join_text_ing: "i am", // [string] auto tense for present tense: "i was" surfing | ||
1845 | 15 | auto_join_text_reply: "i replied to", // [string] auto tense for replies: "i replied to" @someone "with" | ||
1846 | 16 | auto_join_text_url: "i was looking at", // [string] auto tense for urls: "i was looking at" http:... | ||
1847 | 17 | loading_text: null, // [string] optional loading text, displayed while tweets load | ||
1848 | 18 | query: null // [string] optional search query | ||
1849 | 19 | }; | ||
1850 | 20 | |||
1851 | 21 | if(o) $.extend(s, o); | ||
1852 | 22 | |||
1853 | 23 | $.fn.extend({ | ||
1854 | 24 | linkUrl: function() { | ||
1855 | 25 | var returning = []; | ||
1856 | 26 | var regexp = /((ftp|http|https):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?)/gi; | ||
1857 | 27 | this.each(function() { | ||
1858 | 28 | returning.push(this.replace(regexp,"<a href=\"$1\">$1</a>")); | ||
1859 | 29 | }); | ||
1860 | 30 | return $(returning); | ||
1861 | 31 | }, | ||
1862 | 32 | linkUser: function() { | ||
1863 | 33 | var returning = []; | ||
1864 | 34 | var regexp = /[\@]+([A-Za-z0-9-_]+)/gi; | ||
1865 | 35 | this.each(function() { | ||
1866 | 36 | returning.push(this.replace(regexp,"<a href=\"http://twitter.com/$1\">@$1</a>")); | ||
1867 | 37 | }); | ||
1868 | 38 | return $(returning); | ||
1869 | 39 | }, | ||
1870 | 40 | linkHash: function() { | ||
1871 | 41 | var returning = []; | ||
1872 | 42 | var regexp = / [\#]+([A-Za-z0-9-_]+)/gi; | ||
1873 | 43 | this.each(function() { | ||
1874 | 44 | returning.push(this.replace(regexp, ' <a href="http://search.twitter.com/search?q=&tag=$1&lang=all&from='+s.username.join("%2BOR%2B")+'">#$1</a>')); | ||
1875 | 45 | }); | ||
1876 | 46 | return $(returning); | ||
1877 | 47 | }, | ||
1878 | 48 | capAwesome: function() { | ||
1879 | 49 | var returning = []; | ||
1880 | 50 | this.each(function() { | ||
1881 | 51 | returning.push(this.replace(/\b(awesome)\b/gi, '<span class="awesome">$1</span>')); | ||
1882 | 52 | }); | ||
1883 | 53 | return $(returning); | ||
1884 | 54 | }, | ||
1885 | 55 | capEpic: function() { | ||
1886 | 56 | var returning = []; | ||
1887 | 57 | this.each(function() { | ||
1888 | 58 | returning.push(this.replace(/\b(epic)\b/gi, '<span class="epic">$1</span>')); | ||
1889 | 59 | }); | ||
1890 | 60 | return $(returning); | ||
1891 | 61 | }, | ||
1892 | 62 | makeHeart: function() { | ||
1893 | 63 | var returning = []; | ||
1894 | 64 | this.each(function() { | ||
1895 | 65 | returning.push(this.replace(/(<)+[3]/gi, "<tt class='heart'>♥</tt>")); | ||
1896 | 66 | }); | ||
1897 | 67 | return $(returning); | ||
1898 | 68 | } | ||
1899 | 69 | }); | ||
1900 | 70 | |||
1901 | 71 | function relative_time(time_value) { | ||
1902 | 72 | var parsed_date = Date.parse(time_value); | ||
1903 | 73 | var relative_to = (arguments.length > 1) ? arguments[1] : new Date(); | ||
1904 | 74 | var delta = parseInt((relative_to.getTime() - parsed_date) / 1000); | ||
1905 | 75 | var pluralize = function (singular, n) { | ||
1906 | 76 | return '' + n + ' ' + singular + (n == 1 ? '' : 's'); | ||
1907 | 77 | }; | ||
1908 | 78 | if(delta < 60) { | ||
1909 | 79 | return 'less than a minute ago'; | ||
1910 | 80 | } else if(delta < (45*60)) { | ||
1911 | 81 | return 'about ' + pluralize("minute", parseInt(delta / 60)) + ' ago'; | ||
1912 | 82 | } else if(delta < (24*60*60)) { | ||
1913 | 83 | return 'about ' + pluralize("hour", parseInt(delta / 3600)) + ' ago'; | ||
1914 | 84 | } else { | ||
1915 | 85 | return 'about ' + pluralize("day", parseInt(delta / 86400)) + ' ago'; | ||
1916 | 86 | } | ||
1917 | 87 | } | ||
1918 | 88 | |||
1919 | 89 | function build_url() { | ||
1920 | 90 | var proto = ('https:' == document.location.protocol ? 'https:' : 'http:'); | ||
1921 | 91 | if (s.list) { | ||
1922 | 92 | return proto+"//api.twitter.com/1/"+s.username[0]+"/lists/"+s.list+"/statuses.json?per_page="+s.count+"&callback=?"; | ||
1923 | 93 | } else if (s.query == null && s.username.length == 1) { | ||
1924 | 94 | return proto+'//twitter.com/status/user_timeline/'+s.username[0]+'.json?count='+s.count+'&callback=?'; | ||
1925 | 95 | } else { | ||
1926 | 96 | var query = (s.query || 'from:'+s.username.join('%20OR%20from:')); | ||
1927 | 97 | return proto+'//search.twitter.com/search.json?&q='+query+'&rpp='+s.count+'&callback=?'; | ||
1928 | 98 | } | ||
1929 | 99 | } | ||
1930 | 100 | |||
1931 | 101 | return this.each(function(){ | ||
1932 | 102 | var list = $('<ul class="tweet_list">').appendTo(this); | ||
1933 | 103 | var intro = '<p class="tweet_intro">'+s.intro_text+'</p>'; | ||
1934 | 104 | var outro = '<p class="tweet_outro">'+s.outro_text+'</p>'; | ||
1935 | 105 | var loading = $('<p class="loading">'+s.loading_text+'</p>'); | ||
1936 | 106 | |||
1937 | 107 | if(typeof(s.username) == "string"){ | ||
1938 | 108 | s.username = [s.username]; | ||
1939 | 109 | } | ||
1940 | 110 | |||
1941 | 111 | if (s.loading_text) $(this).append(loading); | ||
1942 | 112 | $.getJSON(build_url(), function(data){ | ||
1943 | 113 | if (s.loading_text) loading.remove(); | ||
1944 | 114 | if (s.intro_text) list.before(intro); | ||
1945 | 115 | $.each((data.results || data), function(i,item){ | ||
1946 | 116 | // auto join text based on verb tense and content | ||
1947 | 117 | if (s.join_text == "auto") { | ||
1948 | 118 | if (item.text.match(/^(@([A-Za-z0-9-_]+)) .*/i)) { | ||
1949 | 119 | var join_text = s.auto_join_text_reply; | ||
1950 | 120 | } else if (item.text.match(/(^\w+:\/\/[A-Za-z0-9-_]+\.[A-Za-z0-9-_:%&\?\/.=]+) .*/i)) { | ||
1951 | 121 | var join_text = s.auto_join_text_url; | ||
1952 | 122 | } else if (item.text.match(/^((\w+ed)|just) .*/im)) { | ||
1953 | 123 | var join_text = s.auto_join_text_ed; | ||
1954 | 124 | } else if (item.text.match(/^(\w*ing) .*/i)) { | ||
1955 | 125 | var join_text = s.auto_join_text_ing; | ||
1956 | 126 | } else { | ||
1957 | 127 | var join_text = s.auto_join_text_default; | ||
1958 | 128 | } | ||
1959 | 129 | } else { | ||
1960 | 130 | var join_text = s.join_text; | ||
1961 | 131 | }; | ||
1962 | 132 | |||
1963 | 133 | var from_user = item.from_user || item.user.screen_name; | ||
1964 | 134 | var profile_image_url = item.profile_image_url || item.user.profile_image_url; | ||
1965 | 135 | var join_template = '<span class="tweet_join"> '+join_text+' </span>'; | ||
1966 | 136 | var join = ((s.join_text) ? join_template : ' '); | ||
1967 | 137 | var avatar_template = '<a class="tweet_avatar" href="http://twitter.com/'+from_user+'"><img src="'+profile_image_url+'" height="'+s.avatar_size+'" width="'+s.avatar_size+'" alt="'+from_user+'\'s avatar" title="'+from_user+'\'s avatar" border="0"/></a>'; | ||
1968 | 138 | var avatar = (s.avatar_size ? avatar_template : ''); | ||
1969 | 139 | var date = '<a href="http://twitter.com/'+from_user+'/statuses/'+item.id+'" title="view tweet on twitter">'+relative_time(item.created_at)+'</a>'; | ||
1970 | 140 | var text = '<span class="tweet_text">' +$([item.text]).linkUrl().linkUser().linkHash().makeHeart().capAwesome().capEpic()[0]+ '</span>'; | ||
1971 | 141 | |||
1972 | 142 | // until we create a template option, arrange the items below to alter a tweet's display. | ||
1973 | 143 | list.append('<li>' + avatar + date + join + text + '</li>'); | ||
1974 | 144 | |||
1975 | 145 | list.children('li:first').addClass('tweet_first'); | ||
1976 | 146 | list.children('li:odd').addClass('tweet_even'); | ||
1977 | 147 | list.children('li:even').addClass('tweet_odd'); | ||
1978 | 148 | }); | ||
1979 | 149 | if (s.outro_text) list.after(outro); | ||
1980 | 150 | }); | ||
1981 | 151 | |||
1982 | 152 | }); | ||
1983 | 153 | }; | ||
1984 | 154 | })(jQuery); | ||
1985 | 0 | \ No newline at end of file | 155 | \ No newline at end of file |
1986 | 1 | 156 | ||
1987 | === added file 'doc/source/static/nature.css' | |||
1988 | --- doc/source/static/nature.css 1970-01-01 00:00:00 +0000 | |||
1989 | +++ doc/source/static/nature.css 2012-11-30 14:11:19 +0000 | |||
1990 | @@ -0,0 +1,245 @@ | |||
1991 | 1 | /* | ||
1992 | 2 | * nature.css_t | ||
1993 | 3 | * ~~~~~~~~~~~~ | ||
1994 | 4 | * | ||
1995 | 5 | * Sphinx stylesheet -- nature theme. | ||
1996 | 6 | * | ||
1997 | 7 | * :copyright: Copyright 2007-2011 by the Sphinx team, see AUTHORS. | ||
1998 | 8 | * :license: BSD, see LICENSE for details. | ||
1999 | 9 | * | ||
2000 | 10 | */ | ||
2001 | 11 | |||
2002 | 12 | @import url("basic.css"); | ||
2003 | 13 | |||
2004 | 14 | /* -- page layout ----------------------------------------------------------- */ | ||
2005 | 15 | |||
2006 | 16 | body { | ||
2007 | 17 | font-family: Arial, sans-serif; | ||
2008 | 18 | font-size: 100%; | ||
2009 | 19 | background-color: #111; | ||
2010 | 20 | color: #555; | ||
2011 | 21 | margin: 0; | ||
2012 | 22 | padding: 0; | ||
2013 | 23 | } | ||
2014 | 24 | |||
2015 | 25 | div.documentwrapper { | ||
2016 | 26 | float: left; | ||
2017 | 27 | width: 100%; | ||
2018 | 28 | } | ||
2019 | 29 | |||
2020 | 30 | div.bodywrapper { | ||
2021 | 31 | margin: 0 0 0 {{ theme_sidebarwidth|toint }}px; | ||
2022 | 32 | } | ||
2023 | 33 | |||
2024 | 34 | hr { | ||
2025 | 35 | border: 1px solid #B1B4B6; | ||
2026 | 36 | } | ||
2027 | 37 | |||
2028 | 38 | div.document { | ||
2029 | 39 | background-color: #eee; | ||
2030 | 40 | } | ||
2031 | 41 | |||
2032 | 42 | div.body { | ||
2033 | 43 | background-color: #ffffff; | ||
2034 | 44 | color: #3E4349; | ||
2035 | 45 | padding: 0 30px 30px 30px; | ||
2036 | 46 | font-size: 0.9em; | ||
2037 | 47 | } | ||
2038 | 48 | |||
2039 | 49 | div.footer { | ||
2040 | 50 | color: #555; | ||
2041 | 51 | width: 100%; | ||
2042 | 52 | padding: 13px 0; | ||
2043 | 53 | text-align: center; | ||
2044 | 54 | font-size: 75%; | ||
2045 | 55 | } | ||
2046 | 56 | |||
2047 | 57 | div.footer a { | ||
2048 | 58 | color: #444; | ||
2049 | 59 | text-decoration: underline; | ||
2050 | 60 | } | ||
2051 | 61 | |||
2052 | 62 | div.related { | ||
2053 | 63 | background-color: #6BA81E; | ||
2054 | 64 | line-height: 32px; | ||
2055 | 65 | color: #fff; | ||
2056 | 66 | text-shadow: 0px 1px 0 #444; | ||
2057 | 67 | font-size: 0.9em; | ||
2058 | 68 | } | ||
2059 | 69 | |||
2060 | 70 | div.related a { | ||
2061 | 71 | color: #E2F3CC; | ||
2062 | 72 | } | ||
2063 | 73 | |||
2064 | 74 | div.sphinxsidebar { | ||
2065 | 75 | font-size: 0.75em; | ||
2066 | 76 | line-height: 1.5em; | ||
2067 | 77 | } | ||
2068 | 78 | |||
2069 | 79 | div.sphinxsidebarwrapper{ | ||
2070 | 80 | padding: 20px 0; | ||
2071 | 81 | } | ||
2072 | 82 | |||
2073 | 83 | div.sphinxsidebar h3, | ||
2074 | 84 | div.sphinxsidebar h4 { | ||
2075 | 85 | font-family: Arial, sans-serif; | ||
2076 | 86 | color: #222; | ||
2077 | 87 | font-size: 1.2em; | ||
2078 | 88 | font-weight: normal; | ||
2079 | 89 | margin: 0; | ||
2080 | 90 | padding: 5px 10px; | ||
2081 | 91 | background-color: #ddd; | ||
2082 | 92 | text-shadow: 1px 1px 0 white | ||
2083 | 93 | } | ||
2084 | 94 | |||
2085 | 95 | div.sphinxsidebar h4{ | ||
2086 | 96 | font-size: 1.1em; | ||
2087 | 97 | } | ||
2088 | 98 | |||
2089 | 99 | div.sphinxsidebar h3 a { | ||
2090 | 100 | color: #444; | ||
2091 | 101 | } | ||
2092 | 102 | |||
2093 | 103 | |||
2094 | 104 | div.sphinxsidebar p { | ||
2095 | 105 | color: #888; | ||
2096 | 106 | padding: 5px 20px; | ||
2097 | 107 | } | ||
2098 | 108 | |||
2099 | 109 | div.sphinxsidebar p.topless { | ||
2100 | 110 | } | ||
2101 | 111 | |||
2102 | 112 | div.sphinxsidebar ul { | ||
2103 | 113 | margin: 10px 20px; | ||
2104 | 114 | padding: 0; | ||
2105 | 115 | color: #000; | ||
2106 | 116 | } | ||
2107 | 117 | |||
2108 | 118 | div.sphinxsidebar a { | ||
2109 | 119 | color: #444; | ||
2110 | 120 | } | ||
2111 | 121 | |||
2112 | 122 | div.sphinxsidebar input { | ||
2113 | 123 | border: 1px solid #ccc; | ||
2114 | 124 | font-family: sans-serif; | ||
2115 | 125 | font-size: 1em; | ||
2116 | 126 | } | ||
2117 | 127 | |||
2118 | 128 | div.sphinxsidebar input[type=text]{ | ||
2119 | 129 | margin-left: 20px; | ||
2120 | 130 | } | ||
2121 | 131 | |||
2122 | 132 | /* -- body styles ----------------------------------------------------------- */ | ||
2123 | 133 | |||
2124 | 134 | a { | ||
2125 | 135 | color: #005B81; | ||
2126 | 136 | text-decoration: none; | ||
2127 | 137 | } | ||
2128 | 138 | |||
2129 | 139 | a:hover { | ||
2130 | 140 | color: #E32E00; | ||
2131 | 141 | text-decoration: underline; | ||
2132 | 142 | } | ||
2133 | 143 | |||
2134 | 144 | div.body h1, | ||
2135 | 145 | div.body h2, | ||
2136 | 146 | div.body h3, | ||
2137 | 147 | div.body h4, | ||
2138 | 148 | div.body h5, | ||
2139 | 149 | div.body h6 { | ||
2140 | 150 | font-family: Arial, sans-serif; | ||
2141 | 151 | background-color: #BED4EB; | ||
2142 | 152 | font-weight: normal; | ||
2143 | 153 | color: #212224; | ||
2144 | 154 | margin: 30px 0px 10px 0px; | ||
2145 | 155 | padding: 5px 0 5px 10px; | ||
2146 | 156 | text-shadow: 0px 1px 0 white | ||
2147 | 157 | } | ||
2148 | 158 | |||
2149 | 159 | div.body h1 { border-top: 20px solid white; margin-top: 0; font-size: 200%; } | ||
2150 | 160 | div.body h2 { font-size: 150%; background-color: #C8D5E3; } | ||
2151 | 161 | div.body h3 { font-size: 120%; background-color: #D8DEE3; } | ||
2152 | 162 | div.body h4 { font-size: 110%; background-color: #D8DEE3; } | ||
2153 | 163 | div.body h5 { font-size: 100%; background-color: #D8DEE3; } | ||
2154 | 164 | div.body h6 { font-size: 100%; background-color: #D8DEE3; } | ||
2155 | 165 | |||
2156 | 166 | a.headerlink { | ||
2157 | 167 | color: #c60f0f; | ||
2158 | 168 | font-size: 0.8em; | ||
2159 | 169 | padding: 0 4px 0 4px; | ||
2160 | 170 | text-decoration: none; | ||
2161 | 171 | } | ||
2162 | 172 | |||
2163 | 173 | a.headerlink:hover { | ||
2164 | 174 | background-color: #c60f0f; | ||
2165 | 175 | color: white; | ||
2166 | 176 | } | ||
2167 | 177 | |||
2168 | 178 | div.body p, div.body dd, div.body li { | ||
2169 | 179 | line-height: 1.5em; | ||
2170 | 180 | } | ||
2171 | 181 | |||
2172 | 182 | div.admonition p.admonition-title + p { | ||
2173 | 183 | display: inline; | ||
2174 | 184 | } | ||
2175 | 185 | |||
2176 | 186 | div.highlight{ | ||
2177 | 187 | background-color: white; | ||
2178 | 188 | } | ||
2179 | 189 | |||
2180 | 190 | div.note { | ||
2181 | 191 | background-color: #eee; | ||
2182 | 192 | border: 1px solid #ccc; | ||
2183 | 193 | } | ||
2184 | 194 | |||
2185 | 195 | div.seealso { | ||
2186 | 196 | background-color: #ffc; | ||
2187 | 197 | border: 1px solid #ff6; | ||
2188 | 198 | } | ||
2189 | 199 | |||
2190 | 200 | div.topic { | ||
2191 | 201 | background-color: #eee; | ||
2192 | 202 | } | ||
2193 | 203 | |||
2194 | 204 | div.warning { | ||
2195 | 205 | background-color: #ffe4e4; | ||
2196 | 206 | border: 1px solid #f66; | ||
2197 | 207 | } | ||
2198 | 208 | |||
2199 | 209 | p.admonition-title { | ||
2200 | 210 | display: inline; | ||
2201 | 211 | } | ||
2202 | 212 | |||
2203 | 213 | p.admonition-title:after { | ||
2204 | 214 | content: ":"; | ||
2205 | 215 | } | ||
2206 | 216 | |||
2207 | 217 | pre { | ||
2208 | 218 | padding: 10px; | ||
2209 | 219 | background-color: White; | ||
2210 | 220 | color: #222; | ||
2211 | 221 | line-height: 1.2em; | ||
2212 | 222 | border: 1px solid #C6C9CB; | ||
2213 | 223 | font-size: 1.1em; | ||
2214 | 224 | margin: 1.5em 0 1.5em 0; | ||
2215 | 225 | -webkit-box-shadow: 1px 1px 1px #d8d8d8; | ||
2216 | 226 | -moz-box-shadow: 1px 1px 1px #d8d8d8; | ||
2217 | 227 | } | ||
2218 | 228 | |||
2219 | 229 | tt { | ||
2220 | 230 | background-color: #ecf0f3; | ||
2221 | 231 | color: #222; | ||
2222 | 232 | /* padding: 1px 2px; */ | ||
2223 | 233 | font-size: 1.1em; | ||
2224 | 234 | font-family: monospace; | ||
2225 | 235 | } | ||
2226 | 236 | |||
2227 | 237 | .viewcode-back { | ||
2228 | 238 | font-family: Arial, sans-serif; | ||
2229 | 239 | } | ||
2230 | 240 | |||
2231 | 241 | div.viewcode-block:target { | ||
2232 | 242 | background-color: #f4debf; | ||
2233 | 243 | border-top: 1px solid #ac9; | ||
2234 | 244 | border-bottom: 1px solid #ac9; | ||
2235 | 245 | } | ||
2236 | 0 | 246 | ||
2237 | === added file 'doc/source/static/openstack_logo.png' | |||
2238 | 1 | Binary files doc/source/static/openstack_logo.png 1970-01-01 00:00:00 +0000 and doc/source/static/openstack_logo.png 2012-11-30 14:11:19 +0000 differ | 247 | Binary files doc/source/static/openstack_logo.png 1970-01-01 00:00:00 +0000 and doc/source/static/openstack_logo.png 2012-11-30 14:11:19 +0000 differ |
2239 | === added file 'doc/source/static/tweaks.css' | |||
2240 | --- doc/source/static/tweaks.css 1970-01-01 00:00:00 +0000 | |||
2241 | +++ doc/source/static/tweaks.css 2012-11-30 14:11:19 +0000 | |||
2242 | @@ -0,0 +1,94 @@ | |||
2243 | 1 | body { | ||
2244 | 2 | background: #fff url(../_static/header_bg.jpg) top left no-repeat; | ||
2245 | 3 | } | ||
2246 | 4 | |||
2247 | 5 | #header { | ||
2248 | 6 | width: 950px; | ||
2249 | 7 | margin: 0 auto; | ||
2250 | 8 | height: 102px; | ||
2251 | 9 | } | ||
2252 | 10 | |||
2253 | 11 | #header h1#logo { | ||
2254 | 12 | background: url(../_static/openstack_logo.png) top left no-repeat; | ||
2255 | 13 | display: block; | ||
2256 | 14 | float: left; | ||
2257 | 15 | text-indent: -9999px; | ||
2258 | 16 | width: 175px; | ||
2259 | 17 | height: 55px; | ||
2260 | 18 | } | ||
2261 | 19 | |||
2262 | 20 | #navigation { | ||
2263 | 21 | background: url(../_static/header-line.gif) repeat-x 0 bottom; | ||
2264 | 22 | display: block; | ||
2265 | 23 | float: left; | ||
2266 | 24 | margin: 27px 0 0 25px; | ||
2267 | 25 | padding: 0; | ||
2268 | 26 | } | ||
2269 | 27 | |||
2270 | 28 | #navigation li{ | ||
2271 | 29 | float: left; | ||
2272 | 30 | display: block; | ||
2273 | 31 | margin-right: 25px; | ||
2274 | 32 | } | ||
2275 | 33 | |||
2276 | 34 | #navigation li a { | ||
2277 | 35 | display: block; | ||
2278 | 36 | font-weight: normal; | ||
2279 | 37 | text-decoration: none; | ||
2280 | 38 | background-position: 50% 0; | ||
2281 | 39 | padding: 20px 0 5px; | ||
2282 | 40 | color: #353535; | ||
2283 | 41 | font-size: 14px; | ||
2284 | 42 | } | ||
2285 | 43 | |||
2286 | 44 | #navigation li a.current, #navigation li a.section { | ||
2287 | 45 | border-bottom: 3px solid #cf2f19; | ||
2288 | 46 | color: #cf2f19; | ||
2289 | 47 | } | ||
2290 | 48 | |||
2291 | 49 | div.related { | ||
2292 | 50 | background-color: #cde2f8; | ||
2293 | 51 | border: 1px solid #b0d3f8; | ||
2294 | 52 | } | ||
2295 | 53 | |||
2296 | 54 | div.related a { | ||
2297 | 55 | color: #4078ba; | ||
2298 | 56 | text-shadow: none; | ||
2299 | 57 | } | ||
2300 | 58 | |||
2301 | 59 | div.sphinxsidebarwrapper { | ||
2302 | 60 | padding-top: 0; | ||
2303 | 61 | } | ||
2304 | 62 | |||
2305 | 63 | pre { | ||
2306 | 64 | color: #555; | ||
2307 | 65 | } | ||
2308 | 66 | |||
2309 | 67 | div.documentwrapper h1, div.documentwrapper h2, div.documentwrapper h3, div.documentwrapper h4, div.documentwrapper h5, div.documentwrapper h6 { | ||
2310 | 68 | font-family: 'PT Sans', sans-serif !important; | ||
2311 | 69 | color: #264D69; | ||
2312 | 70 | border-bottom: 1px dotted #C5E2EA; | ||
2313 | 71 | padding: 0; | ||
2314 | 72 | background: none; | ||
2315 | 73 | padding-bottom: 5px; | ||
2316 | 74 | } | ||
2317 | 75 | |||
2318 | 76 | div.documentwrapper h3 { | ||
2319 | 77 | color: #CF2F19; | ||
2320 | 78 | } | ||
2321 | 79 | |||
2322 | 80 | a.headerlink { | ||
2323 | 81 | color: #fff !important; | ||
2324 | 82 | margin-left: 5px; | ||
2325 | 83 | background: #CF2F19 !important; | ||
2326 | 84 | } | ||
2327 | 85 | |||
2328 | 86 | div.body { | ||
2329 | 87 | margin-top: -25px; | ||
2330 | 88 | margin-left: 230px; | ||
2331 | 89 | } | ||
2332 | 90 | |||
2333 | 91 | div.document { | ||
2334 | 92 | width: 960px; | ||
2335 | 93 | margin: 0 auto; | ||
2336 | 94 | } | ||
2337 | 0 | \ No newline at end of file | 95 | \ No newline at end of file |
2338 | 1 | 96 | ||
2339 | === modified file 'doc/source/using-api.rst' | |||
2340 | --- doc/source/using-api.rst 2012-06-22 12:58:18 +0000 | |||
2341 | +++ doc/source/using-api.rst 2012-11-30 14:11:19 +0000 | |||
2342 | @@ -4,7 +4,8 @@ | |||
2343 | 4 | 4 | ||
2344 | 5 | Introduction | 5 | Introduction |
2345 | 6 | ============ | 6 | ============ |
2347 | 7 | The main concepts in the Keystone API are: | 7 | |
2348 | 8 | The main concepts in the Identity API are: | ||
2349 | 8 | 9 | ||
2350 | 9 | * tenants | 10 | * tenants |
2351 | 10 | * users | 11 | * users |
2352 | @@ -12,12 +13,13 @@ | |||
2353 | 12 | * services | 13 | * services |
2354 | 13 | * endpoints | 14 | * endpoints |
2355 | 14 | 15 | ||
2359 | 15 | The Keystone API lets you query and make changes through managers. For example, | 16 | The Identity API lets you query and make changes through managers. For example, |
2360 | 16 | to maipulate tenants, you interact with a | 17 | to manipulate tenants, you interact with a |
2361 | 17 | ``keystoneclient.v2_0.tenants.TenantManger`` object. | 18 | ``keystoneclient.v2_0.tenants.TenantManager`` object. |
2362 | 18 | 19 | ||
2365 | 19 | You obtain access to managers through via atributes of the ``keystoneclient.v2_0.client.Client`` object. For example, the ``tenants`` attribute of the ``Client`` | 20 | You obtain access to managers through via attributes of the |
2366 | 20 | class is a tenant manager:: | 21 | ``keystoneclient.v2_0.client.Client`` object. For example, the ``tenants`` |
2367 | 22 | attribute of the ``Client`` class is a tenant manager:: | ||
2368 | 21 | 23 | ||
2369 | 22 | >>> from keystoneclient.v2_0 import client | 24 | >>> from keystoneclient.v2_0 import client |
2370 | 23 | >>> keystone = client.Client(...) | 25 | >>> keystone = client.Client(...) |
2371 | @@ -36,8 +38,8 @@ | |||
2372 | 36 | 38 | ||
2373 | 37 | If you are an administrator, you can authenticate by connecting to the admin | 39 | If you are an administrator, you can authenticate by connecting to the admin |
2374 | 38 | endpoint and using the admin token (sometimes referred to as the service | 40 | endpoint and using the admin token (sometimes referred to as the service |
2377 | 39 | token). The token is specified as the ``admin_token`` configuration option in your | 41 | token). The token is specified as the ``admin_token`` configuration option in |
2378 | 40 | keystone.conf config file, which is typically in /etc/keystone:: | 42 | your keystone.conf config file, which is typically in /etc/keystone:: |
2379 | 41 | 43 | ||
2380 | 42 | >>> from keystoneclient.v2_0 import client | 44 | >>> from keystoneclient.v2_0 import client |
2381 | 43 | >>> token = '012345SECRET99TOKEN012345' | 45 | >>> token = '012345SECRET99TOKEN012345' |
2382 | @@ -54,7 +56,7 @@ | |||
2383 | 54 | >>> tenant_name='openstackDemo' | 56 | >>> tenant_name='openstackDemo' |
2384 | 55 | >>> auth_url='http://192.168.206.130:5000/v2.0' | 57 | >>> auth_url='http://192.168.206.130:5000/v2.0' |
2385 | 56 | >>> keystone = client.Client(username=username, password=password, | 58 | >>> keystone = client.Client(username=username, password=password, |
2387 | 57 | ... tenant_name, auth_url=auth_url) | 59 | ... tenant_name=tenant_name, auth_url=auth_url) |
2388 | 58 | 60 | ||
2389 | 59 | Creating tenants | 61 | Creating tenants |
2390 | 60 | ================ | 62 | ================ |
2391 | @@ -77,8 +79,9 @@ | |||
2392 | 77 | >>> keystone = client.Client(...) | 79 | >>> keystone = client.Client(...) |
2393 | 78 | >>> tenants = keystone.tenants.list() | 80 | >>> tenants = keystone.tenants.list() |
2394 | 79 | >>> my_tenant = [x for x in tenants if x.name=='openstackDemo'][0] | 81 | >>> my_tenant = [x for x in tenants if x.name=='openstackDemo'][0] |
2397 | 80 | >>> my_user = keystone.users.create(name="adminUser", password="secretword", | 82 | >>> my_user = keystone.users.create(name="adminUser", |
2398 | 81 | ... tenant_id=my_tenant.id) | 83 | ... password="secretword", |
2399 | 84 | ... tenant_id=my_tenant.id) | ||
2400 | 82 | 85 | ||
2401 | 83 | Creating roles and adding users | 86 | Creating roles and adding users |
2402 | 84 | =============================== | 87 | =============================== |
2403 | @@ -103,7 +106,8 @@ | |||
2404 | 103 | >>> keystone = client.Client(...) | 106 | >>> keystone = client.Client(...) |
2405 | 104 | >>> service = keystone.services.create(name="nova", service_type="compute", | 107 | >>> service = keystone.services.create(name="nova", service_type="compute", |
2406 | 105 | ... description="Nova Compute Service") | 108 | ... description="Nova Compute Service") |
2411 | 106 | >>> keystone.endpoints.create(region="RegionOne", service_id=service.id, | 109 | >>> keystone.endpoints.create( |
2412 | 107 | ... publicurl="http://192.168.206.130:8774/v2/%(tenant_id)s", | 110 | ... region="RegionOne", service_id=service.id, |
2413 | 108 | ... adminurl="http://192.168.206.130:8774/v2/%(tenant_id)s", | 111 | ... publicurl="http://192.168.206.130:8774/v2/%(tenant_id)s", |
2414 | 109 | ... internalurl="http://192.168.206.130:8774/v2/%(tenant_id)s") | 112 | ... adminurl="http://192.168.206.130:8774/v2/%(tenant_id)s", |
2415 | 113 | ... internalurl="http://192.168.206.130:8774/v2/%(tenant_id)s") | ||
2416 | 110 | 114 | ||
2417 | === added directory 'examples' | |||
2418 | === added directory 'examples/pki' | |||
2419 | === added directory 'examples/pki/certs' | |||
2420 | === added file 'examples/pki/certs/cacert.pem' | |||
2421 | --- examples/pki/certs/cacert.pem 1970-01-01 00:00:00 +0000 | |||
2422 | +++ examples/pki/certs/cacert.pem 2012-11-30 14:11:19 +0000 | |||
2423 | @@ -0,0 +1,18 @@ | |||
2424 | 1 | -----BEGIN CERTIFICATE----- | ||
2425 | 2 | MIIC0TCCAjqgAwIBAgIJAP2TNFqmE1KUMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD | ||
2426 | 3 | VQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55 | ||
2427 | 4 | dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMG | ||
2428 | 5 | CSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2Vs | ||
2429 | 6 | ZiBTaWduZWQwIBcNMTIxMTExMTA1NDA2WhgPMjA3MTA1MDYxMDU0MDZaMIGeMQow | ||
2430 | 7 | CAYDVQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1 | ||
2431 | 8 | bm55dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTEl | ||
2432 | 9 | MCMGCSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxML | ||
2433 | 10 | U2VsZiBTaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXgnd5wlHAp | ||
2434 | 11 | GxZ58LrpEkHU995lT9PxtMgkp0tpFhg7R5HQw9K7TfQk5NHB28hNzf8UE/c0z2pJ | ||
2435 | 12 | XggPnAzvdx27NQeJGX5CWsi6fITZ8vH/+SxgfxxC+CE/6BkDpzw21MgBtq11vWL7 | ||
2436 | 13 | XVaxNeU12Ax889U66i3CrObuCYt2mbpzAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB | ||
2437 | 14 | Af8wDQYJKoZIhvcNAQEFBQADgYEAkFIbnr2/0/XWp+f80Gl6GAC7tdmZFlT9udVF | ||
2438 | 15 | q794rXyMlYY64pq34SzfQAn+4DztT4B9yzrTx03tLNr6Uf+5TS+ubcwG41UBBMs/ | ||
2439 | 16 | Icf9zBMRqr+IXhijS49gQ7dPjqNTCqX+6ILbRWjdXP15ZWymI3ayQL/CMwFt/E+0 | ||
2440 | 17 | kT6MLes= | ||
2441 | 18 | -----END CERTIFICATE----- | ||
2442 | 0 | 19 | ||
2443 | === added file 'examples/pki/certs/middleware.pem' | |||
2444 | --- examples/pki/certs/middleware.pem 1970-01-01 00:00:00 +0000 | |||
2445 | +++ examples/pki/certs/middleware.pem 2012-11-30 14:11:19 +0000 | |||
2446 | @@ -0,0 +1,33 @@ | |||
2447 | 1 | -----BEGIN CERTIFICATE----- | ||
2448 | 2 | MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV | ||
2449 | 3 | BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK | ||
2450 | 4 | EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr | ||
2451 | 5 | ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x | ||
2452 | 6 | MjExMTExMDU0MDZaGA8yMDcxMDUwNjEwNTQwNlowgZAxCzAJBgNVBAYTAlVTMQsw | ||
2453 | 7 | CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh | ||
2454 | 8 | Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv | ||
2455 | 9 | cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB | ||
2456 | 10 | BQADgY0AMIGJAoGBALVu4bjaOH33yAx0WdpEqj4UDVsLxVjWxEpIbOlDlc6IfJd+ | ||
2457 | 11 | cUriQtxf6ahjxtzLPERS81SnwZmrICWZngbOn733pULMTZktTJH+o7C74NdKwUSN | ||
2458 | 12 | xjlCeWUy+FqIQoje4ygoJRPpMdkp1wHNO0ZERwRN9e8M5TIlx/LRtk+q8bT5AgMB | ||
2459 | 13 | AAEwDQYJKoZIhvcNAQEFBQADgYEAcp9ancue9Oq+MkaPucCrIqFhiUsdUThulJlB | ||
2460 | 14 | etPpUDGgStBSHgze/oxG2+flIjRoI6gG9Chfw//vWHOwDT7N32AHSgaI4b8/k/+s | ||
2461 | 15 | hAV2khYkV4PW2oS1TfeU/vxQzXbgApqhLBNqfFmJVW48aGAr/aqsJi3MYWN3269+ | ||
2462 | 16 | 6vChaVw= | ||
2463 | 17 | -----END CERTIFICATE----- | ||
2464 | 18 | -----BEGIN PRIVATE KEY----- | ||
2465 | 19 | MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALVu4bjaOH33yAx0 | ||
2466 | 20 | WdpEqj4UDVsLxVjWxEpIbOlDlc6IfJd+cUriQtxf6ahjxtzLPERS81SnwZmrICWZ | ||
2467 | 21 | ngbOn733pULMTZktTJH+o7C74NdKwUSNxjlCeWUy+FqIQoje4ygoJRPpMdkp1wHN | ||
2468 | 22 | O0ZERwRN9e8M5TIlx/LRtk+q8bT5AgMBAAECgYAmwq6EYFJrTvE0//JmN/8qzfvg | ||
2469 | 23 | dI5PoWpD+F8UInUxr2T2tHOdrOLd07vGVrKYXu7cJeCIOGKa4r02azAggioL/nE9 | ||
2470 | 24 | FgPpqEC+QROvLuhFsk1gLZ2pGQ06sveKZVMH22h59BKZkYlhjh5qd4vlmhPqkmPp | ||
2471 | 25 | gdXj7ZjDCJhhQdFVkQJBANp18k2mVksn8q29LMieVTSIZNN3ucDA1QHbim+3fp/O | ||
2472 | 26 | GxCzU7Mv1Xfnu1zoRFu5/sF3YG0Zy3TGPDrEljBC3rUCQQDUnBjVFXL35OkBZqXW | ||
2473 | 27 | taJPzGbsPoqAO+Ls2juS97zNzeGxUNhvcKuEvHO63PXqDxp1535DpvJEBN1rT2FF | ||
2474 | 28 | iaO1AkEAt/QTWWFUTqrPxY6DNFdm5fpn9E1fg7icZJkKBDJeFJCH59MpCryfovzl | ||
2475 | 29 | n0ERtq9ynlQ4RQYwdR8rvkylLvRP9QJAOiXHFOAc5XeR0nREfwiGL9TzgUFJl/DJ | ||
2476 | 30 | C4ZULMnctVzNkTVPPItQHal87WppR26CCiUZ/161e6zo8eRv8hjG0QJABWqfYQuK | ||
2477 | 31 | dWH8nxlXS+NFUDbsCdL+XpOVE7iEH7hvSw/A/kz40mLx8sDp/Fz1ysrogR/L+NGC | ||
2478 | 32 | Vrlwm4q/WYJO0Q== | ||
2479 | 33 | -----END PRIVATE KEY----- | ||
2480 | 0 | 34 | ||
2481 | === added file 'examples/pki/certs/signing_cert.pem' | |||
2482 | --- examples/pki/certs/signing_cert.pem 1970-01-01 00:00:00 +0000 | |||
2483 | +++ examples/pki/certs/signing_cert.pem 2012-11-30 14:11:19 +0000 | |||
2484 | @@ -0,0 +1,17 @@ | |||
2485 | 1 | -----BEGIN CERTIFICATE----- | ||
2486 | 2 | MIICoDCCAgkCAREwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV | ||
2487 | 3 | BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK | ||
2488 | 4 | EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr | ||
2489 | 5 | ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x | ||
2490 | 6 | MjExMTExMDU0MDZaGA8yMDcxMDUwNjEwNTQwNlowgY8xCzAJBgNVBAYTAlVTMQsw | ||
2491 | 7 | CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh | ||
2492 | 8 | Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv | ||
2493 | 9 | cGVuc3RhY2sub3JnMREwDwYDVQQDEwhLZXlzdG9uZTCBnzANBgkqhkiG9w0BAQEF | ||
2494 | 10 | AAOBjQAwgYkCgYEAuoQC6IBqMxC5845c/ZkLsdcQbTHqIpYJHEkwEoxyeEjwiGFf | ||
2495 | 11 | iZmiZ91pSFNc9MfjdJnN+be/ndVS19w1nrrJvV/udVsf6JZWkTPX5HyxnllwznCH | ||
2496 | 12 | pP7gfvMZzGsqzWlSdiD6mcRbCYRX9hCCauG3jhCtISINCVYMYQGH6QSib9sCAwEA | ||
2497 | 13 | ATANBgkqhkiG9w0BAQUFAAOBgQBCssELi+1RSjEmzeqSnpgUqmtpvB9oxbcwl+xH | ||
2498 | 14 | rIrYvqMU6pV2aSxgLDqpGjjusLHUau9Bmu3Myc/fm9/mlPUQHNj0AWl8vvfSlq1b | ||
2499 | 15 | vsWMUa1h4UFlPWoF2DIUFd+noBxe5CbcLUV6K0oyJAcPO433OyuGl5oQkhxmoy1J | ||
2500 | 16 | w59KRg== | ||
2501 | 17 | -----END CERTIFICATE----- | ||
2502 | 0 | 18 | ||
2503 | === added file 'examples/pki/certs/ssl_cert.pem' | |||
2504 | --- examples/pki/certs/ssl_cert.pem 1970-01-01 00:00:00 +0000 | |||
2505 | +++ examples/pki/certs/ssl_cert.pem 2012-11-30 14:11:19 +0000 | |||
2506 | @@ -0,0 +1,17 @@ | |||
2507 | 1 | -----BEGIN CERTIFICATE----- | ||
2508 | 2 | MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV | ||
2509 | 3 | BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK | ||
2510 | 4 | EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr | ||
2511 | 5 | ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x | ||
2512 | 6 | MjExMTExMDU0MDZaGA8yMDcxMDUwNjEwNTQwNlowgZAxCzAJBgNVBAYTAlVTMQsw | ||
2513 | 7 | CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh | ||
2514 | 8 | Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv | ||
2515 | 9 | cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB | ||
2516 | 10 | BQADgY0AMIGJAoGBALVu4bjaOH33yAx0WdpEqj4UDVsLxVjWxEpIbOlDlc6IfJd+ | ||
2517 | 11 | cUriQtxf6ahjxtzLPERS81SnwZmrICWZngbOn733pULMTZktTJH+o7C74NdKwUSN | ||
2518 | 12 | xjlCeWUy+FqIQoje4ygoJRPpMdkp1wHNO0ZERwRN9e8M5TIlx/LRtk+q8bT5AgMB | ||
2519 | 13 | AAEwDQYJKoZIhvcNAQEFBQADgYEAcp9ancue9Oq+MkaPucCrIqFhiUsdUThulJlB | ||
2520 | 14 | etPpUDGgStBSHgze/oxG2+flIjRoI6gG9Chfw//vWHOwDT7N32AHSgaI4b8/k/+s | ||
2521 | 15 | hAV2khYkV4PW2oS1TfeU/vxQzXbgApqhLBNqfFmJVW48aGAr/aqsJi3MYWN3269+ | ||
2522 | 16 | 6vChaVw= | ||
2523 | 17 | -----END CERTIFICATE----- | ||
2524 | 0 | 18 | ||
2525 | === added directory 'examples/pki/cms' | |||
2526 | === added file 'examples/pki/cms/auth_token_revoked.json' | |||
2527 | --- examples/pki/cms/auth_token_revoked.json 1970-01-01 00:00:00 +0000 | |||
2528 | +++ examples/pki/cms/auth_token_revoked.json 2012-11-30 14:11:19 +0000 | |||
2529 | @@ -0,0 +1,1 @@ | |||
2530 | 1 | {"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2012-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "revoked_username1", "roles_links": ["role1","role2"], "id": "revoked_user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "revoked_username1"}}} | ||
2531 | 0 | 2 | ||
2532 | === added file 'examples/pki/cms/auth_token_revoked.pem' | |||
2533 | --- examples/pki/cms/auth_token_revoked.pem 1970-01-01 00:00:00 +0000 | |||
2534 | +++ examples/pki/cms/auth_token_revoked.pem 2012-11-30 14:11:19 +0000 | |||
2535 | @@ -0,0 +1,42 @@ | |||
2536 | 1 | -----BEGIN CMS----- | ||
2537 | 2 | MIIHVgYJKoZIhvcNAQcCoIIHRzCCB0MCAQExCTAHBgUrDgMCGjCCBeQGCSqGSIb3 | ||
2538 | 3 | DQEHAaCCBdUEggXReyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k | ||
2539 | 4 | cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx | ||
2540 | 5 | LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy | ||
2541 | 6 | ZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2 | ||
2542 | 7 | L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInB1YmxpY1VS | ||
2543 | 8 | TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh | ||
2544 | 9 | NjBmY2Y4OWJiNjYxN2EifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUi | ||
2545 | 10 | OiAidm9sdW1lIiwgIm5hbWUiOiAidm9sdW1lIn0sIHsiZW5kcG9pbnRzIjogW3si | ||
2546 | 11 | YWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwgInJlZ2lvbiI6 | ||
2547 | 12 | ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5 | ||
2548 | 13 | MjkyL3YxIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi | ||
2549 | 14 | fV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFt | ||
2550 | 15 | ZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRw | ||
2551 | 16 | Oi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5 | ||
2552 | 17 | YmI2NjE3YSIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjog | ||
2553 | 18 | Imh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYw | ||
2554 | 19 | ZmNmODliYjY2MTdhIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3 | ||
2555 | 20 | NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSJ9XSwgImVu | ||
2556 | 21 | ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAi | ||
2557 | 22 | bm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcu | ||
2558 | 23 | MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy | ||
2559 | 24 | bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV | ||
2560 | 25 | UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf | ||
2561 | 26 | bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u | ||
2562 | 27 | ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi | ||
2563 | 28 | LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1 | ||
2564 | 29 | ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg | ||
2565 | 30 | ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJyZXZv | ||
2566 | 31 | a2VkX3VzZXJuYW1lMSIsICJyb2xlc19saW5rcyI6IFsicm9sZTEiLCJyb2xlMiJd | ||
2567 | 32 | LCAiaWQiOiAicmV2b2tlZF91c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAi | ||
2568 | 33 | cm9sZTEifSwgeyJuYW1lIjogInJvbGUyIn1dLCAibmFtZSI6ICJyZXZva2VkX3Vz | ||
2569 | 34 | ZXJuYW1lMSJ9fX0NCjGCAUkwggFFAgEBMIGkMIGeMQowCAYDVQQFEwE1MQswCQYD | ||
2570 | 35 | VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55dmFsZTESMBAGA1UE | ||
2571 | 36 | ChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMGCSqGSIb3DQEJARYW | ||
2572 | 37 | a2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2VsZiBTaWduZWQCAREw | ||
2573 | 38 | BwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYBhV5KrVjcdACPUNafkPY+lgCSlh6uc | ||
2574 | 39 | N55SATBcQmg1/argEUFg/cx2GcF7ftQV384iGepLEgsq+6om2wPw6DWA0RknpVLJ | ||
2575 | 40 | vMsHbWdGoXIZ5jRuAQTPtkXcJQOR677baDHvGJ+5zwBBDT2CmN2Tcv348+Xpjp7D | ||
2576 | 41 | hF/cmAXnYYo00g== | ||
2577 | 42 | -----END CMS----- | ||
2578 | 0 | 43 | ||
2579 | === added file 'examples/pki/cms/auth_token_scoped.json' | |||
2580 | --- examples/pki/cms/auth_token_scoped.json 1970-01-01 00:00:00 +0000 | |||
2581 | +++ examples/pki/cms/auth_token_scoped.json 2012-11-30 14:11:19 +0000 | |||
2582 | @@ -0,0 +1,1 @@ | |||
2583 | 1 | {"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2012-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "user_name1", "roles_links": ["role1","role2"], "id": "user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "user_name1"}}} | ||
2584 | 0 | 2 | ||
2585 | === added file 'examples/pki/cms/auth_token_scoped.pem' | |||
2586 | --- examples/pki/cms/auth_token_scoped.pem 1970-01-01 00:00:00 +0000 | |||
2587 | +++ examples/pki/cms/auth_token_scoped.pem 2012-11-30 14:11:19 +0000 | |||
2588 | @@ -0,0 +1,41 @@ | |||
2589 | 1 | -----BEGIN CMS----- | ||
2590 | 2 | MIIHQAYJKoZIhvcNAQcCoIIHMTCCBy0CAQExCTAHBgUrDgMCGjCCBc4GCSqGSIb3 | ||
2591 | 3 | DQEHAaCCBb8EggW7eyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k | ||
2592 | 4 | cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx | ||
2593 | 5 | LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy | ||
2594 | 6 | ZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2 | ||
2595 | 7 | L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInB1YmxpY1VS | ||
2596 | 8 | TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh | ||
2597 | 9 | NjBmY2Y4OWJiNjYxN2EifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUi | ||
2598 | 10 | OiAidm9sdW1lIiwgIm5hbWUiOiAidm9sdW1lIn0sIHsiZW5kcG9pbnRzIjogW3si | ||
2599 | 11 | YWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwgInJlZ2lvbiI6 | ||
2600 | 12 | ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5 | ||
2601 | 13 | MjkyL3YxIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi | ||
2602 | 14 | fV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFt | ||
2603 | 15 | ZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRw | ||
2604 | 16 | Oi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5 | ||
2605 | 17 | YmI2NjE3YSIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjog | ||
2606 | 18 | Imh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYw | ||
2607 | 19 | ZmNmODliYjY2MTdhIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3 | ||
2608 | 20 | NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSJ9XSwgImVu | ||
2609 | 21 | ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAi | ||
2610 | 22 | bm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcu | ||
2611 | 23 | MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy | ||
2612 | 24 | bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV | ||
2613 | 25 | UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf | ||
2614 | 26 | bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u | ||
2615 | 27 | ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi | ||
2616 | 28 | LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1 | ||
2617 | 29 | ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg | ||
2618 | 30 | ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy | ||
2619 | 31 | X25hbWUxIiwgInJvbGVzX2xpbmtzIjogWyJyb2xlMSIsInJvbGUyIl0sICJpZCI6 | ||
2620 | 32 | ICJ1c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAicm9sZTEifSwgeyJuYW1l | ||
2621 | 33 | IjogInJvbGUyIn1dLCAibmFtZSI6ICJ1c2VyX25hbWUxIn19fQ0KMYIBSTCCAUUC | ||
2622 | 34 | AQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES | ||
2623 | 35 | MBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sxETAPBgNVBAsT | ||
2624 | 36 | CEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3Jn | ||
2625 | 37 | MRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkqhkiG9w0BAQEF | ||
2626 | 38 | AASBgFizBVs3dCvlHx04nUHgXHpaA9RL+e3uaaNszK9UwCBpBlv8c6+74sz6i3+G | ||
2627 | 39 | eYDIpL9bc6QgNJ6cKhmW5yLmS8/+mmAMAcm06bdWc7p/mqC3Ild+xmQ+OHDYyyJg | ||
2628 | 40 | DvtRUgtidFUCvxne/nwKK0WHJlpY+iwWqel5F+Xqmb8vheb1 | ||
2629 | 41 | -----END CMS----- | ||
2630 | 0 | 42 | ||
2631 | === added file 'examples/pki/cms/auth_token_unscoped.json' | |||
2632 | --- examples/pki/cms/auth_token_unscoped.json 1970-01-01 00:00:00 +0000 | |||
2633 | +++ examples/pki/cms/auth_token_unscoped.json 2012-11-30 14:11:19 +0000 | |||
2634 | @@ -0,0 +1,1 @@ | |||
2635 | 1 | {"access": {"token": {"expires": "2012-08-17T15:35:34Z", "id": "01e032c996ef4406b144335915a41e79"}, "serviceCatalog": {}, "user": {"username": "user_name1", "roles_links": [], "id": "c9c89e3be3ee453fbf00c7966f6d3fbd", "roles": [{'name': 'role1'},{'name': 'role2'},], "name": "user_name1"}}} | ||
2636 | 0 | \ No newline at end of file | 2 | \ No newline at end of file |
2637 | 1 | 3 | ||
2638 | === added file 'examples/pki/cms/auth_token_unscoped.pem' | |||
2639 | --- examples/pki/cms/auth_token_unscoped.pem 1970-01-01 00:00:00 +0000 | |||
2640 | +++ examples/pki/cms/auth_token_unscoped.pem 2012-11-30 14:11:19 +0000 | |||
2641 | @@ -0,0 +1,17 @@ | |||
2642 | 1 | -----BEGIN CMS----- | ||
2643 | 2 | MIICpwYJKoZIhvcNAQcCoIICmDCCApQCAQExCTAHBgUrDgMCGjCCATUGCSqGSIb3 | ||
2644 | 3 | DQEHAaCCASYEggEieyJhY2Nlc3MiOiB7InRva2VuIjogeyJleHBpcmVzIjogIjIw | ||
2645 | 4 | MTItMDgtMTdUMTU6MzU6MzRaIiwgImlkIjogIjAxZTAzMmM5OTZlZjQ0MDZiMTQ0 | ||
2646 | 5 | MzM1OTE1YTQxZTc5In0sICJzZXJ2aWNlQ2F0YWxvZyI6IHt9LCAidXNlciI6IHsi | ||
2647 | 6 | dXNlcm5hbWUiOiAidXNlcl9uYW1lMSIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQi | ||
2648 | 7 | OiAiYzljODllM2JlM2VlNDUzZmJmMDBjNzk2NmY2ZDNmYmQiLCAicm9sZXMiOiBb | ||
2649 | 8 | eyduYW1lJzogJ3JvbGUxJ30seyduYW1lJzogJ3JvbGUyJ30sXSwgIm5hbWUiOiAi | ||
2650 | 9 | dXNlcl9uYW1lMSJ9fX0xggFJMIIBRQIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkG | ||
2651 | 10 | A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNV | ||
2652 | 11 | BAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEW | ||
2653 | 12 | FmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgER | ||
2654 | 13 | MAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAITCwkW7cAbcWbCBD5GfGMGHB9hP/ | ||
2655 | 14 | UagaCZ8HFhlzjdQoJjvC+Mtu+3lWlwqPGR8ztY9kBc1401S2qJxD4FGo+M3CkNpF | ||
2656 | 15 | s0mtaT2PUJfFkDCzHqeBQNFHyZeqLjkPYnokPcw4s3i60DBGTFfAiUT3xumn8a4h | ||
2657 | 16 | C+zEAee35C/A+Iw= | ||
2658 | 17 | -----END CMS----- | ||
2659 | 0 | 18 | ||
2660 | === added file 'examples/pki/cms/revocation_list.json' | |||
2661 | --- examples/pki/cms/revocation_list.json 1970-01-01 00:00:00 +0000 | |||
2662 | +++ examples/pki/cms/revocation_list.json 2012-11-30 14:11:19 +0000 | |||
2663 | @@ -0,0 +1,1 @@ | |||
2664 | 1 | {"revoked":[{"id":"7acfcfdaf6a14aebe97c61c5947bc4d3","expires":"2012-08-14T17:58:48Z"}]} | ||
2665 | 0 | 2 | ||
2666 | === added file 'examples/pki/cms/revocation_list.pem' | |||
2667 | --- examples/pki/cms/revocation_list.pem 1970-01-01 00:00:00 +0000 | |||
2668 | +++ examples/pki/cms/revocation_list.pem 2012-11-30 14:11:19 +0000 | |||
2669 | @@ -0,0 +1,12 @@ | |||
2670 | 1 | -----BEGIN CMS----- | ||
2671 | 2 | MIIB2QYJKoZIhvcNAQcCoIIByjCCAcYCAQExCTAHBgUrDgMCGjBpBgkqhkiG9w0B | ||
2672 | 3 | BwGgXARaeyJyZXZva2VkIjpbeyJpZCI6IjdhY2ZjZmRhZjZhMTRhZWJlOTdjNjFj | ||
2673 | 4 | NTk0N2JjNGQzIiwiZXhwaXJlcyI6IjIwMTItMDgtMTRUMTc6NTg6NDhaIn1dfQ0K | ||
2674 | 5 | MYIBSTCCAUUCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYD | ||
2675 | 6 | VQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sx | ||
2676 | 7 | ETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVu | ||
2677 | 8 | c3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkq | ||
2678 | 9 | hkiG9w0BAQEFAASBgDNDhvViAo8EqTVVvZ00pWUWjajTwoV1w1os1XDJ1XacBUo+ | ||
2679 | 10 | rsh7gljIIVuvHL2F9C660I5jxhb7QVsTge3CwSiDmexxBAPOs4lNR5hFH7FdT47b | ||
2680 | 11 | OK2qd0XnRjo5F7odUxIkozuQ/UISaNTPeWxGEMNVhpTXo2Dwn8wN1wrs/Z2E | ||
2681 | 12 | -----END CMS----- | ||
2682 | 0 | 13 | ||
2683 | === added file 'examples/pki/gen_pki.sh' | |||
2684 | --- examples/pki/gen_pki.sh 1970-01-01 00:00:00 +0000 | |||
2685 | +++ examples/pki/gen_pki.sh 2012-11-30 14:11:19 +0000 | |||
2686 | @@ -0,0 +1,222 @@ | |||
2687 | 1 | #!/bin/bash | ||
2688 | 2 | |||
2689 | 3 | # Copyright 2012 OpenStack LLC | ||
2690 | 4 | # | ||
2691 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
2692 | 6 | # not use this file except in compliance with the License. You may obtain | ||
2693 | 7 | # a copy of the License at | ||
2694 | 8 | # | ||
2695 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
2696 | 10 | # | ||
2697 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
2698 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
2699 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
2700 | 14 | # License for the specific language governing permissions and limitations | ||
2701 | 15 | # under the License. | ||
2702 | 16 | |||
2703 | 17 | # This script generates the crypto necessary for the SSL tests. | ||
2704 | 18 | |||
2705 | 19 | DIR=`dirname "$0"` | ||
2706 | 20 | CURRENT_DIR=`cd "$DIR" && pwd` | ||
2707 | 21 | CERTS_DIR=$CURRENT_DIR/certs | ||
2708 | 22 | PRIVATE_DIR=$CURRENT_DIR/private | ||
2709 | 23 | CMS_DIR=$CURRENT_DIR/cms | ||
2710 | 24 | |||
2711 | 25 | |||
2712 | 26 | function rm_old { | ||
2713 | 27 | rm -rf $CERTS_DIR/*.pem | ||
2714 | 28 | rm -rf $PRIVATE_DIR/*.pem | ||
2715 | 29 | } | ||
2716 | 30 | |||
2717 | 31 | function cleanup { | ||
2718 | 32 | rm -rf *.conf > /dev/null 2>&1 | ||
2719 | 33 | rm -rf index* > /dev/null 2>&1 | ||
2720 | 34 | rm -rf *.crt > /dev/null 2>&1 | ||
2721 | 35 | rm -rf newcerts > /dev/null 2>&1 | ||
2722 | 36 | rm -rf *.pem > /dev/null 2>&1 | ||
2723 | 37 | rm -rf serial* > /dev/null 2>&1 | ||
2724 | 38 | } | ||
2725 | 39 | |||
2726 | 40 | function generate_ca_conf { | ||
2727 | 41 | echo ' | ||
2728 | 42 | [ req ] | ||
2729 | 43 | default_bits = 1024 | ||
2730 | 44 | default_keyfile = cakey.pem | ||
2731 | 45 | default_md = sha1 | ||
2732 | 46 | |||
2733 | 47 | prompt = no | ||
2734 | 48 | distinguished_name = ca_distinguished_name | ||
2735 | 49 | |||
2736 | 50 | x509_extensions = ca_extensions | ||
2737 | 51 | |||
2738 | 52 | [ ca_distinguished_name ] | ||
2739 | 53 | serialNumber = 5 | ||
2740 | 54 | countryName = US | ||
2741 | 55 | stateOrProvinceName = CA | ||
2742 | 56 | localityName = Sunnyvale | ||
2743 | 57 | organizationName = OpenStack | ||
2744 | 58 | organizationalUnitName = Keystone | ||
2745 | 59 | emailAddress = keystone@openstack.org | ||
2746 | 60 | commonName = Self Signed | ||
2747 | 61 | |||
2748 | 62 | [ ca_extensions ] | ||
2749 | 63 | basicConstraints = critical,CA:true | ||
2750 | 64 | ' > ca.conf | ||
2751 | 65 | } | ||
2752 | 66 | |||
2753 | 67 | function generate_ssl_req_conf { | ||
2754 | 68 | echo ' | ||
2755 | 69 | [ req ] | ||
2756 | 70 | default_bits = 1024 | ||
2757 | 71 | default_keyfile = keystonekey.pem | ||
2758 | 72 | default_md = sha1 | ||
2759 | 73 | |||
2760 | 74 | prompt = no | ||
2761 | 75 | distinguished_name = distinguished_name | ||
2762 | 76 | |||
2763 | 77 | [ distinguished_name ] | ||
2764 | 78 | countryName = US | ||
2765 | 79 | stateOrProvinceName = CA | ||
2766 | 80 | localityName = Sunnyvale | ||
2767 | 81 | organizationName = OpenStack | ||
2768 | 82 | organizationalUnitName = Keystone | ||
2769 | 83 | commonName = localhost | ||
2770 | 84 | emailAddress = keystone@openstack.org | ||
2771 | 85 | ' > ssl_req.conf | ||
2772 | 86 | } | ||
2773 | 87 | |||
2774 | 88 | function generate_cms_signing_req_conf { | ||
2775 | 89 | echo ' | ||
2776 | 90 | [ req ] | ||
2777 | 91 | default_bits = 1024 | ||
2778 | 92 | default_keyfile = keystonekey.pem | ||
2779 | 93 | default_md = sha1 | ||
2780 | 94 | |||
2781 | 95 | prompt = no | ||
2782 | 96 | distinguished_name = distinguished_name | ||
2783 | 97 | |||
2784 | 98 | [ distinguished_name ] | ||
2785 | 99 | countryName = US | ||
2786 | 100 | stateOrProvinceName = CA | ||
2787 | 101 | localityName = Sunnyvale | ||
2788 | 102 | organizationName = OpenStack | ||
2789 | 103 | organizationalUnitName = Keystone | ||
2790 | 104 | commonName = Keystone | ||
2791 | 105 | emailAddress = keystone@openstack.org | ||
2792 | 106 | ' > cms_signing_req.conf | ||
2793 | 107 | } | ||
2794 | 108 | |||
2795 | 109 | function generate_signing_conf { | ||
2796 | 110 | echo ' | ||
2797 | 111 | [ ca ] | ||
2798 | 112 | default_ca = signing_ca | ||
2799 | 113 | |||
2800 | 114 | [ signing_ca ] | ||
2801 | 115 | dir = . | ||
2802 | 116 | database = $dir/index.txt | ||
2803 | 117 | new_certs_dir = $dir/newcerts | ||
2804 | 118 | |||
2805 | 119 | certificate = $dir/certs/cacert.pem | ||
2806 | 120 | serial = $dir/serial | ||
2807 | 121 | private_key = $dir/private/cakey.pem | ||
2808 | 122 | |||
2809 | 123 | default_days = 21360 | ||
2810 | 124 | default_crl_days = 30 | ||
2811 | 125 | default_md = sha1 | ||
2812 | 126 | |||
2813 | 127 | policy = policy_any | ||
2814 | 128 | |||
2815 | 129 | [ policy_any ] | ||
2816 | 130 | countryName = supplied | ||
2817 | 131 | stateOrProvinceName = supplied | ||
2818 | 132 | localityName = optional | ||
2819 | 133 | organizationName = supplied | ||
2820 | 134 | organizationalUnitName = supplied | ||
2821 | 135 | emailAddress = supplied | ||
2822 | 136 | commonName = supplied | ||
2823 | 137 | ' > signing.conf | ||
2824 | 138 | } | ||
2825 | 139 | |||
2826 | 140 | function setup { | ||
2827 | 141 | touch index.txt | ||
2828 | 142 | echo '10' > serial | ||
2829 | 143 | generate_ca_conf | ||
2830 | 144 | mkdir newcerts | ||
2831 | 145 | } | ||
2832 | 146 | |||
2833 | 147 | function check_error { | ||
2834 | 148 | if [ $1 != 0 ] ; then | ||
2835 | 149 | echo "Failed! rc=${1}" | ||
2836 | 150 | echo 'Bailing ...' | ||
2837 | 151 | cleanup | ||
2838 | 152 | exit $1 | ||
2839 | 153 | else | ||
2840 | 154 | echo 'Done' | ||
2841 | 155 | fi | ||
2842 | 156 | } | ||
2843 | 157 | |||
2844 | 158 | function generate_ca { | ||
2845 | 159 | echo 'Generating New CA Certificate ...' | ||
2846 | 160 | openssl req -x509 -newkey rsa:1024 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes | ||
2847 | 161 | check_error $? | ||
2848 | 162 | } | ||
2849 | 163 | |||
2850 | 164 | function ssl_cert_req { | ||
2851 | 165 | echo 'Generating SSL Certificate Request ...' | ||
2852 | 166 | generate_ssl_req_conf | ||
2853 | 167 | openssl req -newkey rsa:1024 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes | ||
2854 | 168 | check_error $? | ||
2855 | 169 | #openssl req -in req.pem -text -noout | ||
2856 | 170 | } | ||
2857 | 171 | |||
2858 | 172 | function cms_signing_cert_req { | ||
2859 | 173 | echo 'Generating CMS Signing Certificate Request ...' | ||
2860 | 174 | generate_cms_signing_req_conf | ||
2861 | 175 | openssl req -newkey rsa:1024 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes | ||
2862 | 176 | check_error $? | ||
2863 | 177 | #openssl req -in req.pem -text -noout | ||
2864 | 178 | } | ||
2865 | 179 | |||
2866 | 180 | function issue_certs { | ||
2867 | 181 | generate_signing_conf | ||
2868 | 182 | echo 'Issuing SSL Certificate ...' | ||
2869 | 183 | openssl ca -in ssl_req.pem -config signing.conf -batch | ||
2870 | 184 | check_error $? | ||
2871 | 185 | openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem | ||
2872 | 186 | check_error $? | ||
2873 | 187 | echo 'Issuing CMS Signing Certificate ...' | ||
2874 | 188 | openssl ca -in cms_signing_req.pem -config signing.conf -batch | ||
2875 | 189 | check_error $? | ||
2876 | 190 | openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem | ||
2877 | 191 | check_error $? | ||
2878 | 192 | } | ||
2879 | 193 | |||
2880 | 194 | function create_middleware_cert { | ||
2881 | 195 | cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem | ||
2882 | 196 | cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem | ||
2883 | 197 | } | ||
2884 | 198 | |||
2885 | 199 | function check_openssl { | ||
2886 | 200 | echo 'Checking openssl availability ...' | ||
2887 | 201 | which openssl | ||
2888 | 202 | check_error $? | ||
2889 | 203 | } | ||
2890 | 204 | |||
2891 | 205 | function gen_sample_cms { | ||
2892 | 206 | for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json" | ||
2893 | 207 | do | ||
2894 | 208 | openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} | ||
2895 | 209 | done | ||
2896 | 210 | } | ||
2897 | 211 | |||
2898 | 212 | check_openssl | ||
2899 | 213 | rm_old | ||
2900 | 214 | cleanup | ||
2901 | 215 | setup | ||
2902 | 216 | generate_ca | ||
2903 | 217 | ssl_cert_req | ||
2904 | 218 | cms_signing_cert_req | ||
2905 | 219 | issue_certs | ||
2906 | 220 | create_middleware_cert | ||
2907 | 221 | gen_sample_cms | ||
2908 | 222 | cleanup | ||
2909 | 0 | 223 | ||
2910 | === added directory 'examples/pki/private' | |||
2911 | === added file 'examples/pki/private/cakey.pem' | |||
2912 | --- examples/pki/private/cakey.pem 1970-01-01 00:00:00 +0000 | |||
2913 | +++ examples/pki/private/cakey.pem 2012-11-30 14:11:19 +0000 | |||
2914 | @@ -0,0 +1,16 @@ | |||
2915 | 1 | -----BEGIN PRIVATE KEY----- | ||
2916 | 2 | MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMXgnd5wlHApGxZ5 | ||
2917 | 3 | 8LrpEkHU995lT9PxtMgkp0tpFhg7R5HQw9K7TfQk5NHB28hNzf8UE/c0z2pJXggP | ||
2918 | 4 | nAzvdx27NQeJGX5CWsi6fITZ8vH/+SxgfxxC+CE/6BkDpzw21MgBtq11vWL7XVax | ||
2919 | 5 | NeU12Ax889U66i3CrObuCYt2mbpzAgMBAAECgYEAligxJE9CFSrcR14Zc3zSQeqe | ||
2920 | 6 | fcFbpnXQveAyo2MHRTQWx2wobY19RjuI+DOn2IRSQbK2w+zrSLiMBonx3U8Kj8nx | ||
2921 | 7 | A4EQ75GLJEEr81TvBoIZSJAqrowNrkXNq8W++qwjlGXRjKiBAYlKMrFvR4lij4XN | ||
2922 | 8 | 6cdB7kGdSIUmhvC20sECQQD4ebCGfsgFWnrqOrco6T9eQRTvP3+gJuqYXYLuVSTC | ||
2923 | 9 | R4gHxT5QVXSZt/Hv3UWJ0BLDbyLzLGHf30w1AqgwsUP5AkEAy96qXq6j2+IRa5w7 | ||
2924 | 10 | 2G+KZHF5N/MK/Hyy27Jw67GBVeGQj1Dwq2ZGAJBZrfXjTtQQAGdQ7EfOTCAOzHgX | ||
2925 | 11 | 2Bx0ywJAYqfGbBBIkL+VEA0SDh9WNrE2g6u9m7P371kplEGgH7dRDmzFShYz/pin | ||
2926 | 12 | aep8IrTHzmsBAHY9wiqh0mZkqzim2QJADTYdxkr89WfeByI1wp3f0wiDeXu3j4sp | ||
2927 | 13 | MBGNPcjf/8fBTXhKUGEtUiYImbxggaA+dTg8x0MT/FzreJajvO6DJwJARMc6rhzv | ||
2928 | 14 | aTlm4IgApcDPBeuz6SKex9TfvDUJpqACoFM4lMgyHADi9NrJBslxFHPP5eTiM2Ag | ||
2929 | 15 | vI7EuW837e6raQ== | ||
2930 | 16 | -----END PRIVATE KEY----- | ||
2931 | 0 | 17 | ||
2932 | === added file 'examples/pki/private/signing_key.pem' | |||
2933 | --- examples/pki/private/signing_key.pem 1970-01-01 00:00:00 +0000 | |||
2934 | +++ examples/pki/private/signing_key.pem 2012-11-30 14:11:19 +0000 | |||
2935 | @@ -0,0 +1,16 @@ | |||
2936 | 1 | -----BEGIN PRIVATE KEY----- | ||
2937 | 2 | MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALqEAuiAajMQufOO | ||
2938 | 3 | XP2ZC7HXEG0x6iKWCRxJMBKMcnhI8IhhX4mZomfdaUhTXPTH43SZzfm3v53VUtfc | ||
2939 | 4 | NZ66yb1f7nVbH+iWVpEz1+R8sZ5ZcM5wh6T+4H7zGcxrKs1pUnYg+pnEWwmEV/YQ | ||
2940 | 5 | gmrht44QrSEiDQlWDGEBh+kEom/bAgMBAAECgYBywfSUHya4gqsW2toGQps6cauu | ||
2941 | 6 | s85uN0glujY0w2tO7Pnpv5errvaI12cG1BvWlAIz5MohwlfIgc919wyavCyRJgQN | ||
2942 | 7 | xQo5v5MEMYKKc8ppmXpRr03HLwoPLOHVs6UHRJQT9dhOBfmLzMZIP7P/lJlt2/1X | ||
2943 | 8 | Okwxft/PWorczKX1aQJBAORlVqP+Cj4r5kz1A77agnCvINioV1VM5n9PvzPVzYLH | ||
2944 | 9 | 5r1I53RWFooy1Hx2RUCmtSRQMZMeI9iGMg9c8d3LJ4UCQQDRDuIAd3AoNBcwXKC4 | ||
2945 | 10 | BPNkbI9BSqnpIdZo87BzpY8rJ/ra3VHMHuq4w+gQsmmEy3pp01AZd1uBqv3s1wHy | ||
2946 | 11 | muffAkEAn2ZmiH+lUGy9B5q8qXfBL7naF7utb/gCqnnSvO+LxamUTSjTeKsYgg0l | ||
2947 | 12 | pVO503xF0fkyEDYp2FUYHQbGOwAtLQJAHkJ3N/YRx9/yU0+0+63LxQdpnNu/yDzb | ||
2948 | 13 | mglbywF1vZtl1fQe+NqowuGoX3JTj6McLuElQOpj1lr3siZU49bEJQJBANRazUzj | ||
2949 | 14 | Xfoja7wGuZ3PwHdxxoNDlJ2u0rYjcfK9VZuPGSz/25iCOkaar3OralJ3lfCWbFKA | ||
2950 | 15 | vvRp8Hl2Yk4hdKM= | ||
2951 | 16 | -----END PRIVATE KEY----- | ||
2952 | 0 | 17 | ||
2953 | === added file 'examples/pki/private/ssl_key.pem' | |||
2954 | --- examples/pki/private/ssl_key.pem 1970-01-01 00:00:00 +0000 | |||
2955 | +++ examples/pki/private/ssl_key.pem 2012-11-30 14:11:19 +0000 | |||
2956 | @@ -0,0 +1,16 @@ | |||
2957 | 1 | -----BEGIN PRIVATE KEY----- | ||
2958 | 2 | MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALVu4bjaOH33yAx0 | ||
2959 | 3 | WdpEqj4UDVsLxVjWxEpIbOlDlc6IfJd+cUriQtxf6ahjxtzLPERS81SnwZmrICWZ | ||
2960 | 4 | ngbOn733pULMTZktTJH+o7C74NdKwUSNxjlCeWUy+FqIQoje4ygoJRPpMdkp1wHN | ||
2961 | 5 | O0ZERwRN9e8M5TIlx/LRtk+q8bT5AgMBAAECgYAmwq6EYFJrTvE0//JmN/8qzfvg | ||
2962 | 6 | dI5PoWpD+F8UInUxr2T2tHOdrOLd07vGVrKYXu7cJeCIOGKa4r02azAggioL/nE9 | ||
2963 | 7 | FgPpqEC+QROvLuhFsk1gLZ2pGQ06sveKZVMH22h59BKZkYlhjh5qd4vlmhPqkmPp | ||
2964 | 8 | gdXj7ZjDCJhhQdFVkQJBANp18k2mVksn8q29LMieVTSIZNN3ucDA1QHbim+3fp/O | ||
2965 | 9 | GxCzU7Mv1Xfnu1zoRFu5/sF3YG0Zy3TGPDrEljBC3rUCQQDUnBjVFXL35OkBZqXW | ||
2966 | 10 | taJPzGbsPoqAO+Ls2juS97zNzeGxUNhvcKuEvHO63PXqDxp1535DpvJEBN1rT2FF | ||
2967 | 11 | iaO1AkEAt/QTWWFUTqrPxY6DNFdm5fpn9E1fg7icZJkKBDJeFJCH59MpCryfovzl | ||
2968 | 12 | n0ERtq9ynlQ4RQYwdR8rvkylLvRP9QJAOiXHFOAc5XeR0nREfwiGL9TzgUFJl/DJ | ||
2969 | 13 | C4ZULMnctVzNkTVPPItQHal87WppR26CCiUZ/161e6zo8eRv8hjG0QJABWqfYQuK | ||
2970 | 14 | dWH8nxlXS+NFUDbsCdL+XpOVE7iEH7hvSw/A/kz40mLx8sDp/Fz1ysrogR/L+NGC | ||
2971 | 15 | Vrlwm4q/WYJO0Q== | ||
2972 | 16 | -----END PRIVATE KEY----- | ||
2973 | 0 | 17 | ||
2974 | === added file 'keystoneclient/access.py' | |||
2975 | --- keystoneclient/access.py 1970-01-01 00:00:00 +0000 | |||
2976 | +++ keystoneclient/access.py 2012-11-30 14:11:19 +0000 | |||
2977 | @@ -0,0 +1,144 @@ | |||
2978 | 1 | # Copyright 2012 Nebula, Inc. | ||
2979 | 2 | # | ||
2980 | 3 | # All Rights Reserved. | ||
2981 | 4 | # | ||
2982 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); | ||
2983 | 6 | # you may not use this file except in compliance with the License. | ||
2984 | 7 | # You may obtain a copy of the License at | ||
2985 | 8 | # | ||
2986 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
2987 | 10 | # | ||
2988 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
2989 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, | ||
2990 | 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
2991 | 14 | # See the License for the specific language governing permissions and | ||
2992 | 15 | # limitations under the License. | ||
2993 | 16 | |||
2994 | 17 | |||
2995 | 18 | class AccessInfo(dict): | ||
2996 | 19 | """An object for encapsulating a raw authentication token from keystone | ||
2997 | 20 | and helper methods for extracting useful values from that token.""" | ||
2998 | 21 | |||
2999 | 22 | def __init__(self, *args, **kwargs): | ||
3000 | 23 | dict.__init__(self, *args, **kwargs) | ||
3001 | 24 | |||
3002 | 25 | @property | ||
3003 | 26 | def auth_token(self): | ||
3004 | 27 | """ Returns the token_id associated with the auth request, to be used | ||
3005 | 28 | in headers for authenticating OpenStack API requests. | ||
3006 | 29 | |||
3007 | 30 | :returns: str | ||
3008 | 31 | """ | ||
3009 | 32 | return self['token'].get('id', None) | ||
3010 | 33 | |||
3011 | 34 | @property | ||
3012 | 35 | def username(self): | ||
3013 | 36 | """ Returns the username associated with the authentication request. | ||
3014 | 37 | Follows the pattern defined in the V2 API of first looking for 'name', | ||
3015 | 38 | returning that if available, and falling back to 'username' if name | ||
3016 | 39 | is unavailable. | ||
3017 | 40 | |||
3018 | 41 | :returns: str | ||
3019 | 42 | """ | ||
3020 | 43 | name = self['user'].get('name', None) | ||
3021 | 44 | if name: | ||
3022 | 45 | return name | ||
3023 | 46 | else: | ||
3024 | 47 | return self['user'].get('username', None) | ||
3025 | 48 | |||
3026 | 49 | @property | ||
3027 | 50 | def user_id(self): | ||
3028 | 51 | """ Returns the user id associated with the authentication request. | ||
3029 | 52 | |||
3030 | 53 | :returns: str | ||
3031 | 54 | """ | ||
3032 | 55 | return self['user'].get('id', None) | ||
3033 | 56 | |||
3034 | 57 | @property | ||
3035 | 58 | def tenant_name(self): | ||
3036 | 59 | """ Returns the tenant (project) name associated with the | ||
3037 | 60 | authentication request. | ||
3038 | 61 | |||
3039 | 62 | :returns: str | ||
3040 | 63 | """ | ||
3041 | 64 | tenant_dict = self['token'].get('tenant', None) | ||
3042 | 65 | if tenant_dict: | ||
3043 | 66 | return tenant_dict.get('name', None) | ||
3044 | 67 | return None | ||
3045 | 68 | |||
3046 | 69 | @property | ||
3047 | 70 | def project_name(self): | ||
3048 | 71 | """ Synonym for tenant_name """ | ||
3049 | 72 | return self.tenant_name | ||
3050 | 73 | |||
3051 | 74 | @property | ||
3052 | 75 | def scoped(self): | ||
3053 | 76 | """ Returns true if the authorization token was scoped to a tenant | ||
3054 | 77 | (project), and contains a populated service catalog. | ||
3055 | 78 | |||
3056 | 79 | :returns: bool | ||
3057 | 80 | """ | ||
3058 | 81 | if ('serviceCatalog' in self | ||
3059 | 82 | and self['serviceCatalog'] | ||
3060 | 83 | and 'tenant' in self['token']): | ||
3061 | 84 | return True | ||
3062 | 85 | return False | ||
3063 | 86 | |||
3064 | 87 | @property | ||
3065 | 88 | def tenant_id(self): | ||
3066 | 89 | """ Returns the tenant (project) id associated with the authentication | ||
3067 | 90 | request, or None if the authentication request wasn't scoped to a | ||
3068 | 91 | tenant (project). | ||
3069 | 92 | |||
3070 | 93 | :returns: str | ||
3071 | 94 | """ | ||
3072 | 95 | tenant_dict = self['token'].get('tenant', None) | ||
3073 | 96 | if tenant_dict: | ||
3074 | 97 | return tenant_dict.get('id', None) | ||
3075 | 98 | return None | ||
3076 | 99 | |||
3077 | 100 | @property | ||
3078 | 101 | def project_id(self): | ||
3079 | 102 | """ Synonym for project_id """ | ||
3080 | 103 | return self.tenant_id | ||
3081 | 104 | |||
3082 | 105 | @property | ||
3083 | 106 | def auth_url(self): | ||
3084 | 107 | """ Returns a tuple of URLs from publicURL and adminURL for the service | ||
3085 | 108 | 'identity' from the service catalog associated with the authorization | ||
3086 | 109 | request. If the authentication request wasn't scoped to a tenant | ||
3087 | 110 | (project), this property will return None. | ||
3088 | 111 | |||
3089 | 112 | :returns: tuple of urls | ||
3090 | 113 | """ | ||
3091 | 114 | return_list = [] | ||
3092 | 115 | if 'serviceCatalog' in self and self['serviceCatalog']: | ||
3093 | 116 | identity_services = [x for x in self['serviceCatalog'] | ||
3094 | 117 | if x['type'] == 'identity'] | ||
3095 | 118 | for svc in identity_services: | ||
3096 | 119 | for endpoint in svc['endpoints']: | ||
3097 | 120 | if 'publicURL' in endpoint: | ||
3098 | 121 | return_list.append(endpoint['publicURL']) | ||
3099 | 122 | if len(return_list) > 0: | ||
3100 | 123 | return tuple(return_list) | ||
3101 | 124 | return None | ||
3102 | 125 | |||
3103 | 126 | @property | ||
3104 | 127 | def management_url(self): | ||
3105 | 128 | """ Returns the first adminURL for 'identity' from the service catalog | ||
3106 | 129 | associated with the authorization request, or None if the | ||
3107 | 130 | authentication request wasn't scoped to a tenant (project). | ||
3108 | 131 | |||
3109 | 132 | :returns: tuple of urls | ||
3110 | 133 | """ | ||
3111 | 134 | return_list = [] | ||
3112 | 135 | if 'serviceCatalog' in self and self['serviceCatalog']: | ||
3113 | 136 | identity_services = [x for x in self['serviceCatalog'] | ||
3114 | 137 | if x['type'] == 'identity'] | ||
3115 | 138 | for svc in identity_services: | ||
3116 | 139 | for endpoint in svc['endpoints']: | ||
3117 | 140 | if 'adminURL' in endpoint: | ||
3118 | 141 | return_list.append(endpoint['adminURL']) | ||
3119 | 142 | if len(return_list) > 0: | ||
3120 | 143 | return tuple(return_list) | ||
3121 | 144 | return None | ||
3122 | 0 | 145 | ||
3123 | === modified file 'keystoneclient/base.py' | |||
3124 | --- keystoneclient/base.py 2012-06-22 12:58:18 +0000 | |||
3125 | +++ keystoneclient/base.py 2012-11-30 14:11:19 +0000 | |||
3126 | @@ -18,6 +18,8 @@ | |||
3127 | 18 | Base utilities to build API operation managers and objects on top of. | 18 | Base utilities to build API operation managers and objects on top of. |
3128 | 19 | """ | 19 | """ |
3129 | 20 | 20 | ||
3130 | 21 | import urllib | ||
3131 | 22 | |||
3132 | 21 | from keystoneclient import exceptions | 23 | from keystoneclient import exceptions |
3133 | 22 | 24 | ||
3134 | 23 | 25 | ||
3135 | @@ -76,7 +78,11 @@ | |||
3136 | 76 | 78 | ||
3137 | 77 | def _get(self, url, response_key): | 79 | def _get(self, url, response_key): |
3138 | 78 | resp, body = self.api.get(url) | 80 | resp, body = self.api.get(url) |
3140 | 79 | return self.resource_class(self, body[response_key]) | 81 | return self.resource_class(self, body[response_key], loaded=True) |
3141 | 82 | |||
3142 | 83 | def _head(self, url): | ||
3143 | 84 | resp, body = self.api.head(url) | ||
3144 | 85 | return resp.status == 204 | ||
3145 | 80 | 86 | ||
3146 | 81 | def _create(self, url, body, response_key, return_raw=False): | 87 | def _create(self, url, body, response_key, return_raw=False): |
3147 | 82 | resp, body = self.api.post(url, body=body) | 88 | resp, body = self.api.post(url, body=body) |
3148 | @@ -87,11 +93,15 @@ | |||
3149 | 87 | def _delete(self, url): | 93 | def _delete(self, url): |
3150 | 88 | resp, body = self.api.delete(url) | 94 | resp, body = self.api.delete(url) |
3151 | 89 | 95 | ||
3153 | 90 | def _update(self, url, body, response_key=None, method="PUT"): | 96 | def _update(self, url, body=None, response_key=None, method="PUT"): |
3154 | 91 | methods = {"PUT": self.api.put, | 97 | methods = {"PUT": self.api.put, |
3156 | 92 | "POST": self.api.post} | 98 | "POST": self.api.post, |
3157 | 99 | "PATCH": self.api.patch} | ||
3158 | 93 | try: | 100 | try: |
3160 | 94 | resp, body = methods[method](url, body=body) | 101 | if body is not None: |
3161 | 102 | resp, body = methods[method](url, body=body) | ||
3162 | 103 | else: | ||
3163 | 104 | resp, body = methods[method](url) | ||
3164 | 95 | except KeyError: | 105 | except KeyError: |
3165 | 96 | raise exceptions.ClientException("Invalid update method: %s" | 106 | raise exceptions.ClientException("Invalid update method: %s" |
3166 | 97 | % method) | 107 | % method) |
3167 | @@ -139,6 +149,115 @@ | |||
3168 | 139 | return found | 149 | return found |
3169 | 140 | 150 | ||
3170 | 141 | 151 | ||
3171 | 152 | class CrudManager(Manager): | ||
3172 | 153 | """Base manager class for manipulating Keystone entities. | ||
3173 | 154 | |||
3174 | 155 | Children of this class are expected to define a `collection_key` and `key`. | ||
3175 | 156 | |||
3176 | 157 | - `collection_key`: Usually a plural noun by convention (e.g. `entities`); | ||
3177 | 158 | used to refer collections in both URL's (e.g. `/v3/entities`) and JSON | ||
3178 | 159 | objects containing a list of member resources (e.g. `{'entities': [{}, | ||
3179 | 160 | {}, {}]}`). | ||
3180 | 161 | - `key`: Usually a singular noun by convention (e.g. `entity`); used to | ||
3181 | 162 | refer to an individual member of the collection. | ||
3182 | 163 | |||
3183 | 164 | """ | ||
3184 | 165 | collection_key = None | ||
3185 | 166 | key = None | ||
3186 | 167 | |||
3187 | 168 | def build_url(self, base_url=None, **kwargs): | ||
3188 | 169 | """Builds a resource URL for the given kwargs. | ||
3189 | 170 | |||
3190 | 171 | Given an example collection where `collection_key = 'entities'` and | ||
3191 | 172 | `key = 'entity'`, the following URL's could be generated. | ||
3192 | 173 | |||
3193 | 174 | By default, the URL will represent a collection of entities, e.g.:: | ||
3194 | 175 | |||
3195 | 176 | /entities | ||
3196 | 177 | |||
3197 | 178 | If kwargs contains an `entity_id`, then the URL will represent a | ||
3198 | 179 | specific member, e.g.:: | ||
3199 | 180 | |||
3200 | 181 | /entities/{entity_id} | ||
3201 | 182 | |||
3202 | 183 | If a `base_url` is provided, the generated URL will be appended to it. | ||
3203 | 184 | |||
3204 | 185 | """ | ||
3205 | 186 | url = base_url if base_url is not None else '' | ||
3206 | 187 | |||
3207 | 188 | url += '/%s' % self.collection_key | ||
3208 | 189 | |||
3209 | 190 | # do we have a specific entity? | ||
3210 | 191 | entity_id = kwargs.get('%s_id' % self.key) | ||
3211 | 192 | if entity_id is not None: | ||
3212 | 193 | url += '/%s' % entity_id | ||
3213 | 194 | |||
3214 | 195 | return url | ||
3215 | 196 | |||
3216 | 197 | def _filter_kwargs(self, kwargs): | ||
3217 | 198 | # drop null values | ||
3218 | 199 | for key, ref in kwargs.copy().iteritems(): | ||
3219 | 200 | if ref is None: | ||
3220 | 201 | kwargs.pop(key) | ||
3221 | 202 | else: | ||
3222 | 203 | id_value = getid(ref) | ||
3223 | 204 | if id_value != ref: | ||
3224 | 205 | kwargs.pop(key) | ||
3225 | 206 | kwargs['%s_id' % key] = id_value | ||
3226 | 207 | return kwargs | ||
3227 | 208 | |||
3228 | 209 | def create(self, **kwargs): | ||
3229 | 210 | kwargs = self._filter_kwargs(kwargs) | ||
3230 | 211 | return self._create( | ||
3231 | 212 | self.build_url(**kwargs), | ||
3232 | 213 | {self.key: kwargs}, | ||
3233 | 214 | self.key) | ||
3234 | 215 | |||
3235 | 216 | def get(self, **kwargs): | ||
3236 | 217 | kwargs = self._filter_kwargs(kwargs) | ||
3237 | 218 | return self._get( | ||
3238 | 219 | self.build_url(**kwargs), | ||
3239 | 220 | self.key) | ||
3240 | 221 | |||
3241 | 222 | def head(self, **kwargs): | ||
3242 | 223 | kwargs = self._filter_kwargs(kwargs) | ||
3243 | 224 | return self._head(self.build_url(**kwargs)) | ||
3244 | 225 | |||
3245 | 226 | def list(self, base_url=None, **kwargs): | ||
3246 | 227 | kwargs = self._filter_kwargs(kwargs) | ||
3247 | 228 | |||
3248 | 229 | return self._list( | ||
3249 | 230 | '%(base_url)s%(query)s' % { | ||
3250 | 231 | 'base_url': self.build_url(base_url=base_url, **kwargs), | ||
3251 | 232 | 'query': '?%s' % urllib.urlencode(kwargs) if kwargs else '', | ||
3252 | 233 | }, | ||
3253 | 234 | self.collection_key) | ||
3254 | 235 | |||
3255 | 236 | def put(self, base_url=None, **kwargs): | ||
3256 | 237 | kwargs = self._filter_kwargs(kwargs) | ||
3257 | 238 | |||
3258 | 239 | return self._update( | ||
3259 | 240 | self.build_url(base_url=base_url, **kwargs), | ||
3260 | 241 | method='PUT') | ||
3261 | 242 | |||
3262 | 243 | def update(self, **kwargs): | ||
3263 | 244 | kwargs = self._filter_kwargs(kwargs) | ||
3264 | 245 | params = kwargs.copy() | ||
3265 | 246 | params.pop('%s_id' % self.key) | ||
3266 | 247 | |||
3267 | 248 | return self._update( | ||
3268 | 249 | self.build_url(**kwargs), | ||
3269 | 250 | {self.key: params}, | ||
3270 | 251 | self.key, | ||
3271 | 252 | method='PATCH') | ||
3272 | 253 | |||
3273 | 254 | def delete(self, **kwargs): | ||
3274 | 255 | kwargs = self._filter_kwargs(kwargs) | ||
3275 | 256 | |||
3276 | 257 | return self._delete( | ||
3277 | 258 | self.build_url(**kwargs)) | ||
3278 | 259 | |||
3279 | 260 | |||
3280 | 142 | class Resource(object): | 261 | class Resource(object): |
3281 | 143 | """ | 262 | """ |
3282 | 144 | A resource represents a particular instance of an object (tenant, user, | 263 | A resource represents a particular instance of an object (tenant, user, |
3283 | @@ -185,6 +304,9 @@ | |||
3284 | 185 | if new: | 304 | if new: |
3285 | 186 | self._add_details(new._info) | 305 | self._add_details(new._info) |
3286 | 187 | 306 | ||
3287 | 307 | def delete(self): | ||
3288 | 308 | return self.manager.delete(self) | ||
3289 | 309 | |||
3290 | 188 | def __eq__(self, other): | 310 | def __eq__(self, other): |
3291 | 189 | if not isinstance(other, self.__class__): | 311 | if not isinstance(other, self.__class__): |
3292 | 190 | return False | 312 | return False |
3293 | 191 | 313 | ||
3294 | === modified file 'keystoneclient/client.py' | |||
3295 | --- keystoneclient/client.py 2012-09-07 13:13:18 +0000 | |||
3296 | +++ keystoneclient/client.py 2012-11-30 14:11:19 +0000 | |||
3297 | @@ -10,7 +10,6 @@ | |||
3298 | 10 | 10 | ||
3299 | 11 | import copy | 11 | import copy |
3300 | 12 | import logging | 12 | import logging |
3301 | 13 | import os | ||
3302 | 14 | import urlparse | 13 | import urlparse |
3303 | 15 | 14 | ||
3304 | 16 | import httplib2 | 15 | import httplib2 |
3305 | @@ -26,6 +25,7 @@ | |||
3306 | 26 | urlparse.parse_qsl = cgi.parse_qsl | 25 | urlparse.parse_qsl = cgi.parse_qsl |
3307 | 27 | 26 | ||
3308 | 28 | 27 | ||
3309 | 28 | from keystoneclient import access | ||
3310 | 29 | from keystoneclient import exceptions | 29 | from keystoneclient import exceptions |
3311 | 30 | 30 | ||
3312 | 31 | 31 | ||
3313 | @@ -39,40 +39,71 @@ | |||
3314 | 39 | def __init__(self, username=None, tenant_id=None, tenant_name=None, | 39 | def __init__(self, username=None, tenant_id=None, tenant_name=None, |
3315 | 40 | password=None, auth_url=None, region_name=None, timeout=None, | 40 | password=None, auth_url=None, region_name=None, timeout=None, |
3316 | 41 | endpoint=None, token=None, cacert=None, key=None, | 41 | endpoint=None, token=None, cacert=None, key=None, |
3318 | 42 | cert=None, insecure=False): | 42 | cert=None, insecure=False, original_ip=None, debug=False, |
3319 | 43 | auth_ref=None): | ||
3320 | 43 | super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert) | 44 | super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert) |
3321 | 44 | if cert: | 45 | if cert: |
3322 | 45 | if key: | 46 | if key: |
3323 | 46 | self.add_certificate(key=key, cert=cert, domain='') | 47 | self.add_certificate(key=key, cert=cert, domain='') |
3324 | 47 | else: | 48 | else: |
3325 | 48 | self.add_certificate(key=cert, cert=cert, domain='') | 49 | self.add_certificate(key=cert, cert=cert, domain='') |
3329 | 49 | self.username = username | 50 | self.version = 'v2.0' |
3330 | 50 | self.tenant_id = tenant_id | 51 | # set baseline defaults |
3331 | 51 | self.tenant_name = tenant_name | 52 | self.username = None |
3332 | 53 | self.tenant_id = None | ||
3333 | 54 | self.tenant_name = None | ||
3334 | 55 | self.auth_url = None | ||
3335 | 56 | self.token = None | ||
3336 | 57 | self.auth_token = None | ||
3337 | 58 | self.management_url = None | ||
3338 | 59 | # if loading from a dictionary passed in via auth_ref, | ||
3339 | 60 | # load values from AccessInfo parsing that dictionary | ||
3340 | 61 | self.auth_ref = access.AccessInfo(**auth_ref) if auth_ref else None | ||
3341 | 62 | if self.auth_ref: | ||
3342 | 63 | self.username = self.auth_ref.username | ||
3343 | 64 | self.tenant_id = self.auth_ref.tenant_id | ||
3344 | 65 | self.tenant_name = self.auth_ref.tenant_name | ||
3345 | 66 | self.auth_url = self.auth_ref.auth_url[0] | ||
3346 | 67 | self.management_url = self.auth_ref.management_url[0] | ||
3347 | 68 | self.auth_token = self.auth_ref.auth_token | ||
3348 | 69 | # allow override of the auth_ref defaults from explicit | ||
3349 | 70 | # values provided to the client | ||
3350 | 71 | if username: | ||
3351 | 72 | self.username = username | ||
3352 | 73 | if tenant_id: | ||
3353 | 74 | self.tenant_id = tenant_id | ||
3354 | 75 | if tenant_name: | ||
3355 | 76 | self.tenant_name = tenant_name | ||
3356 | 77 | if auth_url: | ||
3357 | 78 | self.auth_url = auth_url.rstrip('/') | ||
3358 | 79 | if token: | ||
3359 | 80 | self.auth_token = token | ||
3360 | 81 | if endpoint: | ||
3361 | 82 | self.management_url = endpoint.rstrip('/') | ||
3362 | 52 | self.password = password | 83 | self.password = password |
3365 | 53 | self.auth_url = auth_url.rstrip('/') if auth_url else None | 84 | self.original_ip = original_ip |
3364 | 54 | self.version = 'v2.0' | ||
3366 | 55 | self.region_name = region_name | 85 | self.region_name = region_name |
3367 | 56 | self.auth_token = token | ||
3368 | 57 | |||
3369 | 58 | self.management_url = endpoint | ||
3370 | 59 | 86 | ||
3371 | 60 | # httplib2 overrides | 87 | # httplib2 overrides |
3372 | 61 | self.force_exception_to_status_code = True | 88 | self.force_exception_to_status_code = True |
3373 | 62 | self.disable_ssl_certificate_validation = insecure | 89 | self.disable_ssl_certificate_validation = insecure |
3374 | 63 | 90 | ||
3375 | 64 | # logging setup | 91 | # logging setup |
3377 | 65 | self.debug_log = os.environ.get('KEYSTONECLIENT_DEBUG', False) | 92 | self.debug_log = debug |
3378 | 66 | if self.debug_log: | 93 | if self.debug_log: |
3379 | 67 | ch = logging.StreamHandler() | 94 | ch = logging.StreamHandler() |
3380 | 68 | _logger.setLevel(logging.DEBUG) | 95 | _logger.setLevel(logging.DEBUG) |
3381 | 69 | _logger.addHandler(ch) | 96 | _logger.addHandler(ch) |
3382 | 70 | 97 | ||
3383 | 71 | def authenticate(self): | 98 | def authenticate(self): |
3385 | 72 | """ Authenticate against the keystone API. | 99 | """ Authenticate against the Identity API. |
3386 | 73 | 100 | ||
3387 | 74 | Not implemented here because auth protocols should be API | 101 | Not implemented here because auth protocols should be API |
3388 | 75 | version-specific. | 102 | version-specific. |
3389 | 103 | |||
3390 | 104 | Expected to authenticate or validate an existing authentication | ||
3391 | 105 | reference already associated with the client. Invoking this call | ||
3392 | 106 | *always* makes a call to the Keystone. | ||
3393 | 76 | """ | 107 | """ |
3394 | 77 | raise NotImplementedError | 108 | raise NotImplementedError |
3395 | 78 | 109 | ||
3396 | @@ -107,6 +138,9 @@ | |||
3397 | 107 | if self.debug_log: | 138 | if self.debug_log: |
3398 | 108 | _logger.debug("RESP: %s\nRESP BODY: %s\n", resp, body) | 139 | _logger.debug("RESP: %s\nRESP BODY: %s\n", resp, body) |
3399 | 109 | 140 | ||
3400 | 141 | def serialize(self, entity): | ||
3401 | 142 | return json.dumps(entity) | ||
3402 | 143 | |||
3403 | 110 | def request(self, url, method, **kwargs): | 144 | def request(self, url, method, **kwargs): |
3404 | 111 | """ Send an http request with the specified characteristics. | 145 | """ Send an http request with the specified characteristics. |
3405 | 112 | 146 | ||
3406 | @@ -117,9 +151,12 @@ | |||
3407 | 117 | request_kwargs = copy.copy(kwargs) | 151 | request_kwargs = copy.copy(kwargs) |
3408 | 118 | request_kwargs.setdefault('headers', kwargs.get('headers', {})) | 152 | request_kwargs.setdefault('headers', kwargs.get('headers', {})) |
3409 | 119 | request_kwargs['headers']['User-Agent'] = self.USER_AGENT | 153 | request_kwargs['headers']['User-Agent'] = self.USER_AGENT |
3410 | 154 | if self.original_ip: | ||
3411 | 155 | request_kwargs['headers']['Forwarded'] = "for=%s;by=%s" % ( | ||
3412 | 156 | self.original_ip, self.USER_AGENT) | ||
3413 | 120 | if 'body' in kwargs: | 157 | if 'body' in kwargs: |
3414 | 121 | request_kwargs['headers']['Content-Type'] = 'application/json' | 158 | request_kwargs['headers']['Content-Type'] = 'application/json' |
3416 | 122 | request_kwargs['body'] = json.dumps(kwargs['body']) | 159 | request_kwargs['body'] = self.serialize(kwargs['body']) |
3417 | 123 | 160 | ||
3418 | 124 | self.http_log_req((url, method,), request_kwargs) | 161 | self.http_log_req((url, method,), request_kwargs) |
3419 | 125 | resp, body = super(HTTPClient, self).request(url, | 162 | resp, body = super(HTTPClient, self).request(url, |
3420 | @@ -127,6 +164,13 @@ | |||
3421 | 127 | **request_kwargs) | 164 | **request_kwargs) |
3422 | 128 | self.http_log_resp(resp, body) | 165 | self.http_log_resp(resp, body) |
3423 | 129 | 166 | ||
3424 | 167 | if resp.status in (400, 401, 403, 404, 408, 409, 413, 500, 501): | ||
3425 | 168 | _logger.debug("Request returned failure status: %s", resp.status) | ||
3426 | 169 | raise exceptions.from_response(resp, body) | ||
3427 | 170 | elif resp.status in (301, 302, 305): | ||
3428 | 171 | # Redirected. Reissue the request to the new location. | ||
3429 | 172 | return self.request(resp['location'], method, **kwargs) | ||
3430 | 173 | |||
3431 | 130 | if body: | 174 | if body: |
3432 | 131 | try: | 175 | try: |
3433 | 132 | body = json.loads(body) | 176 | body = json.loads(body) |
3434 | @@ -136,51 +180,38 @@ | |||
3435 | 136 | _logger.debug("No body was returned.") | 180 | _logger.debug("No body was returned.") |
3436 | 137 | body = None | 181 | body = None |
3437 | 138 | 182 | ||
3438 | 139 | if resp.status in (400, 401, 403, 404, 408, 409, 413, 500, 501): | ||
3439 | 140 | _logger.exception("Request returned failure status.") | ||
3440 | 141 | raise exceptions.from_response(resp, body) | ||
3441 | 142 | elif resp.status in (301, 302, 305): | ||
3442 | 143 | # Redirected. Reissue the request to the new location. | ||
3443 | 144 | return self.request(resp['location'], method, **kwargs) | ||
3444 | 145 | |||
3445 | 146 | return resp, body | 183 | return resp, body |
3446 | 147 | 184 | ||
3447 | 148 | def _cs_request(self, url, method, **kwargs): | 185 | def _cs_request(self, url, method, **kwargs): |
3450 | 149 | if not self.management_url: | 186 | """ Makes an authenticated request to keystone endpoint by |
3451 | 150 | self.authenticate() | 187 | concatenating self.management_url and url and passing in method and |
3452 | 188 | any associated kwargs. """ | ||
3453 | 151 | 189 | ||
3454 | 190 | if self.management_url is None: | ||
3455 | 191 | raise exceptions.AuthorizationFailure( | ||
3456 | 192 | 'Current authorization does not have a known management url') | ||
3457 | 152 | kwargs.setdefault('headers', {}) | 193 | kwargs.setdefault('headers', {}) |
3458 | 153 | if self.auth_token: | 194 | if self.auth_token: |
3459 | 154 | kwargs['headers']['X-Auth-Token'] = self.auth_token | 195 | kwargs['headers']['X-Auth-Token'] = self.auth_token |
3460 | 155 | 196 | ||
3480 | 156 | # Perform the request once. If we get a 401 back then it | 197 | resp, body = self.request(self.management_url + url, method, |
3481 | 157 | # might be because the auth token expired, so try to | 198 | **kwargs) |
3482 | 158 | # re-authenticate and try again. If it still fails, bail. | 199 | return resp, body |
3464 | 159 | try: | ||
3465 | 160 | resp, body = self.request(self.management_url + url, method, | ||
3466 | 161 | **kwargs) | ||
3467 | 162 | return resp, body | ||
3468 | 163 | except exceptions.Unauthorized: | ||
3469 | 164 | try: | ||
3470 | 165 | if getattr(self, '_failures', 0) < 1: | ||
3471 | 166 | self._failures = getattr(self, '_failures', 0) + 1 | ||
3472 | 167 | self.authenticate() | ||
3473 | 168 | resp, body = self.request(self.management_url + url, | ||
3474 | 169 | method, **kwargs) | ||
3475 | 170 | return resp, body | ||
3476 | 171 | else: | ||
3477 | 172 | raise | ||
3478 | 173 | except exceptions.Unauthorized: | ||
3479 | 174 | raise | ||
3483 | 175 | 200 | ||
3484 | 176 | def get(self, url, **kwargs): | 201 | def get(self, url, **kwargs): |
3485 | 177 | return self._cs_request(url, 'GET', **kwargs) | 202 | return self._cs_request(url, 'GET', **kwargs) |
3486 | 178 | 203 | ||
3487 | 204 | def head(self, url, **kwargs): | ||
3488 | 205 | return self._cs_request(url, 'HEAD', **kwargs) | ||
3489 | 206 | |||
3490 | 179 | def post(self, url, **kwargs): | 207 | def post(self, url, **kwargs): |
3491 | 180 | return self._cs_request(url, 'POST', **kwargs) | 208 | return self._cs_request(url, 'POST', **kwargs) |
3492 | 181 | 209 | ||
3493 | 182 | def put(self, url, **kwargs): | 210 | def put(self, url, **kwargs): |
3494 | 183 | return self._cs_request(url, 'PUT', **kwargs) | 211 | return self._cs_request(url, 'PUT', **kwargs) |
3495 | 184 | 212 | ||
3496 | 213 | def patch(self, url, **kwargs): | ||
3497 | 214 | return self._cs_request(url, 'PATCH', **kwargs) | ||
3498 | 215 | |||
3499 | 185 | def delete(self, url, **kwargs): | 216 | def delete(self, url, **kwargs): |
3500 | 186 | return self._cs_request(url, 'DELETE', **kwargs) | 217 | return self._cs_request(url, 'DELETE', **kwargs) |
3501 | 187 | 218 | ||
3502 | === added directory 'keystoneclient/common' | |||
3503 | === added file 'keystoneclient/common/__init__.py' | |||
3504 | === added file 'keystoneclient/common/cms.py' | |||
3505 | --- keystoneclient/common/cms.py 1970-01-01 00:00:00 +0000 | |||
3506 | +++ keystoneclient/common/cms.py 2012-11-30 14:11:19 +0000 | |||
3507 | @@ -0,0 +1,169 @@ | |||
3508 | 1 | import hashlib | ||
3509 | 2 | |||
3510 | 3 | import logging | ||
3511 | 4 | |||
3512 | 5 | |||
3513 | 6 | subprocess = None | ||
3514 | 7 | LOG = logging.getLogger(__name__) | ||
3515 | 8 | PKI_ANS1_PREFIX = 'MII' | ||
3516 | 9 | |||
3517 | 10 | |||
3518 | 11 | def _ensure_subprocess(): | ||
3519 | 12 | # NOTE(vish): late loading subprocess so we can | ||
3520 | 13 | # use the green version if we are in | ||
3521 | 14 | # eventlet. | ||
3522 | 15 | global subprocess | ||
3523 | 16 | if not subprocess: | ||
3524 | 17 | try: | ||
3525 | 18 | from eventlet import patcher | ||
3526 | 19 | if patcher.already_patched.get('os'): | ||
3527 | 20 | from eventlet.green import subprocess | ||
3528 | 21 | else: | ||
3529 | 22 | import subprocess | ||
3530 | 23 | except ImportError: | ||
3531 | 24 | import subprocess | ||
3532 | 25 | |||
3533 | 26 | |||
3534 | 27 | def cms_verify(formatted, signing_cert_file_name, ca_file_name): | ||
3535 | 28 | """ | ||
3536 | 29 | verifies the signature of the contents IAW CMS syntax | ||
3537 | 30 | """ | ||
3538 | 31 | _ensure_subprocess() | ||
3539 | 32 | process = subprocess.Popen(["openssl", "cms", "-verify", | ||
3540 | 33 | "-certfile", signing_cert_file_name, | ||
3541 | 34 | "-CAfile", ca_file_name, | ||
3542 | 35 | "-inform", "PEM", | ||
3543 | 36 | "-nosmimecap", "-nodetach", | ||
3544 | 37 | "-nocerts", "-noattr"], | ||
3545 | 38 | stdin=subprocess.PIPE, | ||
3546 | 39 | stdout=subprocess.PIPE, | ||
3547 | 40 | stderr=subprocess.PIPE) | ||
3548 | 41 | output, err = process.communicate(formatted) | ||
3549 | 42 | retcode = process.poll() | ||
3550 | 43 | if retcode: | ||
3551 | 44 | LOG.error('Verify error: %s' % err) | ||
3552 | 45 | raise subprocess.CalledProcessError(retcode, "openssl", output=err) | ||
3553 | 46 | return output | ||
3554 | 47 | |||
3555 | 48 | |||
3556 | 49 | def token_to_cms(signed_text): | ||
3557 | 50 | copy_of_text = signed_text.replace('-', '/') | ||
3558 | 51 | |||
3559 | 52 | formatted = "-----BEGIN CMS-----\n" | ||
3560 | 53 | line_length = 64 | ||
3561 | 54 | while len(copy_of_text) > 0: | ||
3562 | 55 | if (len(copy_of_text) > line_length): | ||
3563 | 56 | formatted += copy_of_text[:line_length] | ||
3564 | 57 | copy_of_text = copy_of_text[line_length:] | ||
3565 | 58 | else: | ||
3566 | 59 | formatted += copy_of_text | ||
3567 | 60 | copy_of_text = "" | ||
3568 | 61 | formatted += "\n" | ||
3569 | 62 | |||
3570 | 63 | formatted += "-----END CMS-----\n" | ||
3571 | 64 | |||
3572 | 65 | return formatted | ||
3573 | 66 | |||
3574 | 67 | |||
3575 | 68 | def verify_token(token, signing_cert_file_name, ca_file_name): | ||
3576 | 69 | return cms_verify(token_to_cms(token), | ||
3577 | 70 | signing_cert_file_name, | ||
3578 | 71 | ca_file_name) | ||
3579 | 72 | |||
3580 | 73 | |||
3581 | 74 | def is_ans1_token(token): | ||
3582 | 75 | ''' | ||
3583 | 76 | thx to ayoung for sorting this out. | ||
3584 | 77 | |||
3585 | 78 | base64 decoded hex representation of MII is 3082 | ||
3586 | 79 | In [3]: binascii.hexlify(base64.b64decode('MII=')) | ||
3587 | 80 | Out[3]: '3082' | ||
3588 | 81 | |||
3589 | 82 | re: http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf | ||
3590 | 83 | |||
3591 | 84 | pg4: For tags from 0 to 30 the first octet is the identfier | ||
3592 | 85 | pg10: Hex 30 means sequence, followed by the length of that sequence. | ||
3593 | 86 | pg5: Second octet is the length octet | ||
3594 | 87 | first bit indicates short or long form, next 7 bits encode the number | ||
3595 | 88 | of subsequent octets that make up the content length octets as an | ||
3596 | 89 | unsigned binary int | ||
3597 | 90 | |||
3598 | 91 | 82 = 10000010 (first bit indicates long form) | ||
3599 | 92 | 0000010 = 2 octets of content length | ||
3600 | 93 | so read the next 2 octets to get the length of the content. | ||
3601 | 94 | |||
3602 | 95 | In the case of a very large content length there could be a requirement to | ||
3603 | 96 | have more than 2 octets to designate the content length, therefore | ||
3604 | 97 | requiring us to check for MIM, MIQ, etc. | ||
3605 | 98 | In [4]: base64.b64encode(binascii.a2b_hex('3083')) | ||
3606 | 99 | Out[4]: 'MIM=' | ||
3607 | 100 | In [5]: base64.b64encode(binascii.a2b_hex('3084')) | ||
3608 | 101 | Out[5]: 'MIQ=' | ||
3609 | 102 | Checking for MI would become invalid at 16 octets of content length | ||
3610 | 103 | 10010000 = 90 | ||
3611 | 104 | In [6]: base64.b64encode(binascii.a2b_hex('3090')) | ||
3612 | 105 | Out[6]: 'MJA=' | ||
3613 | 106 | Checking for just M is insufficient | ||
3614 | 107 | |||
3615 | 108 | But we will only check for MII: | ||
3616 | 109 | Max length of the content using 2 octets is 7FFF or 32767 | ||
3617 | 110 | It's not practical to support a token of this length or greater in http | ||
3618 | 111 | therefore, we will check for MII only and ignore the case of larger tokens | ||
3619 | 112 | ''' | ||
3620 | 113 | return token[:3] == PKI_ANS1_PREFIX | ||
3621 | 114 | |||
3622 | 115 | |||
3623 | 116 | def cms_sign_text(text, signing_cert_file_name, signing_key_file_name): | ||
3624 | 117 | """ Uses OpenSSL to sign a document | ||
3625 | 118 | Produces a Base64 encoding of a DER formatted CMS Document | ||
3626 | 119 | http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax | ||
3627 | 120 | """ | ||
3628 | 121 | _ensure_subprocess() | ||
3629 | 122 | process = subprocess.Popen(["openssl", "cms", "-sign", | ||
3630 | 123 | "-signer", signing_cert_file_name, | ||
3631 | 124 | "-inkey", signing_key_file_name, | ||
3632 | 125 | "-outform", "PEM", | ||
3633 | 126 | "-nosmimecap", "-nodetach", | ||
3634 | 127 | "-nocerts", "-noattr"], | ||
3635 | 128 | stdin=subprocess.PIPE, | ||
3636 | 129 | stdout=subprocess.PIPE, | ||
3637 | 130 | stderr=subprocess.PIPE) | ||
3638 | 131 | output, err = process.communicate(text) | ||
3639 | 132 | retcode = process.poll() | ||
3640 | 133 | if retcode or "Error" in err: | ||
3641 | 134 | LOG.error('Signing error: %s' % err) | ||
3642 | 135 | raise subprocess.CalledProcessError(retcode, "openssl") | ||
3643 | 136 | return output | ||
3644 | 137 | |||
3645 | 138 | |||
3646 | 139 | def cms_sign_token(text, signing_cert_file_name, signing_key_file_name): | ||
3647 | 140 | output = cms_sign_text(text, signing_cert_file_name, signing_key_file_name) | ||
3648 | 141 | return cms_to_token(output) | ||
3649 | 142 | |||
3650 | 143 | |||
3651 | 144 | def cms_to_token(cms_text): | ||
3652 | 145 | |||
3653 | 146 | start_delim = "-----BEGIN CMS-----" | ||
3654 | 147 | end_delim = "-----END CMS-----" | ||
3655 | 148 | signed_text = cms_text | ||
3656 | 149 | signed_text = signed_text.replace('/', '-') | ||
3657 | 150 | signed_text = signed_text.replace(start_delim, '') | ||
3658 | 151 | signed_text = signed_text.replace(end_delim, '') | ||
3659 | 152 | signed_text = signed_text.replace('\n', '') | ||
3660 | 153 | |||
3661 | 154 | return signed_text | ||
3662 | 155 | |||
3663 | 156 | |||
3664 | 157 | def cms_hash_token(token_id): | ||
3665 | 158 | """ | ||
3666 | 159 | return: for ans1_token, returns the hash of the passed in token | ||
3667 | 160 | otherwise, returns what it was passed in. | ||
3668 | 161 | """ | ||
3669 | 162 | if token_id is None: | ||
3670 | 163 | return None | ||
3671 | 164 | if is_ans1_token(token_id): | ||
3672 | 165 | hasher = hashlib.md5() | ||
3673 | 166 | hasher.update(token_id) | ||
3674 | 167 | return hasher.hexdigest() | ||
3675 | 168 | else: | ||
3676 | 169 | return token_id | ||
3677 | 0 | 170 | ||
3678 | === added directory 'keystoneclient/contrib' | |||
3679 | === added file 'keystoneclient/contrib/__init__.py' | |||
3680 | === added directory 'keystoneclient/contrib/bootstrap' | |||
3681 | === added file 'keystoneclient/contrib/bootstrap/__init__.py' | |||
3682 | === added file 'keystoneclient/contrib/bootstrap/shell.py' | |||
3683 | --- keystoneclient/contrib/bootstrap/shell.py 1970-01-01 00:00:00 +0000 | |||
3684 | +++ keystoneclient/contrib/bootstrap/shell.py 2012-11-30 14:11:19 +0000 | |||
3685 | @@ -0,0 +1,28 @@ | |||
3686 | 1 | from keystoneclient import utils | ||
3687 | 2 | from keystoneclient.v2_0 import client | ||
3688 | 3 | |||
3689 | 4 | |||
3690 | 5 | @utils.arg('--user-name', metavar='<user-name>', default='admin', dest='user', | ||
3691 | 6 | help='The name of the user to be created (default="admin").') | ||
3692 | 7 | @utils.arg('--pass', metavar='<password>', required=True, dest='passwd', | ||
3693 | 8 | help='The password for the new user.') | ||
3694 | 9 | @utils.arg('--role-name', metavar='<role-name>', default='admin', dest='role', | ||
3695 | 10 | help='The name of the role to be created and granted to the user ' | ||
3696 | 11 | '(default="admin").') | ||
3697 | 12 | @utils.arg('--tenant-name', metavar='<tenant-name>', default='admin', | ||
3698 | 13 | dest='tenant', | ||
3699 | 14 | help='The name of the tenant to be created (default="admin").') | ||
3700 | 15 | def do_bootstrap(kc, args): | ||
3701 | 16 | """Grants a new role to a new user on a new tenant, after creating each.""" | ||
3702 | 17 | tenant = kc.tenants.create(tenant_name=args.tenant) | ||
3703 | 18 | role = kc.roles.create(name=args.role) | ||
3704 | 19 | user = kc.users.create(name=args.user, password=args.passwd, email=None) | ||
3705 | 20 | kc.roles.add_user_role(user=user, role=role, tenant=tenant) | ||
3706 | 21 | |||
3707 | 22 | # verify the result | ||
3708 | 23 | user_client = client.Client( | ||
3709 | 24 | username=args.user, | ||
3710 | 25 | password=args.passwd, | ||
3711 | 26 | tenant_name=args.tenant, | ||
3712 | 27 | auth_url=kc.management_url) | ||
3713 | 28 | user_client.authenticate() | ||
3714 | 0 | 29 | ||
3715 | === modified file 'keystoneclient/exceptions.py' | |||
3716 | --- keystoneclient/exceptions.py 2012-06-22 12:58:18 +0000 | |||
3717 | +++ keystoneclient/exceptions.py 2012-11-30 14:11:19 +0000 | |||
3718 | @@ -9,6 +9,10 @@ | |||
3719 | 9 | pass | 9 | pass |
3720 | 10 | 10 | ||
3721 | 11 | 11 | ||
3722 | 12 | class ValidationError(Exception): | ||
3723 | 13 | pass | ||
3724 | 14 | |||
3725 | 15 | |||
3726 | 12 | class AuthorizationFailure(Exception): | 16 | class AuthorizationFailure(Exception): |
3727 | 13 | pass | 17 | pass |
3728 | 14 | 18 | ||
3729 | @@ -24,6 +28,11 @@ | |||
3730 | 24 | pass | 28 | pass |
3731 | 25 | 29 | ||
3732 | 26 | 30 | ||
3733 | 31 | class EmptyCatalog(Exception): | ||
3734 | 32 | """ The service catalog is empty. """ | ||
3735 | 33 | pass | ||
3736 | 34 | |||
3737 | 35 | |||
3738 | 27 | class ClientException(Exception): | 36 | class ClientException(Exception): |
3739 | 28 | """ | 37 | """ |
3740 | 29 | The base exception class for all exceptions this library raises. | 38 | The base exception class for all exceptions this library raises. |
3741 | @@ -95,6 +104,14 @@ | |||
3742 | 95 | message = "Not Implemented" | 104 | message = "Not Implemented" |
3743 | 96 | 105 | ||
3744 | 97 | 106 | ||
3745 | 107 | class ServiceUnavailable(ClientException): | ||
3746 | 108 | """ | ||
3747 | 109 | HTTP 503 - Service Unavailable: The server is currently unavailable. | ||
3748 | 110 | """ | ||
3749 | 111 | http_status = 503 | ||
3750 | 112 | message = "Service Unavailable" | ||
3751 | 113 | |||
3752 | 114 | |||
3753 | 98 | # In Python 2.4 Exception is old-style and thus doesn't have a __subclasses__() | 115 | # In Python 2.4 Exception is old-style and thus doesn't have a __subclasses__() |
3754 | 99 | # so we can do this: | 116 | # so we can do this: |
3755 | 100 | # _code_map = dict((c.http_status, c) | 117 | # _code_map = dict((c.http_status, c) |
3756 | @@ -106,7 +123,8 @@ | |||
3757 | 106 | Forbidden, | 123 | Forbidden, |
3758 | 107 | NotFound, | 124 | NotFound, |
3759 | 108 | OverLimit, | 125 | OverLimit, |
3761 | 109 | HTTPNotImplemented]) | 126 | HTTPNotImplemented, |
3762 | 127 | ServiceUnavailable]) | ||
3763 | 110 | 128 | ||
3764 | 111 | 129 | ||
3765 | 112 | def from_response(response, body): | 130 | def from_response(response, body): |
3766 | 113 | 131 | ||
3767 | === modified file 'keystoneclient/generic/shell.py' | |||
3768 | --- keystoneclient/generic/shell.py 2012-03-26 14:01:05 +0000 | |||
3769 | +++ keystoneclient/generic/shell.py 2012-11-30 14:11:19 +0000 | |||
3770 | @@ -28,13 +28,15 @@ | |||
3771 | 28 | extensions supported. | 28 | extensions supported. |
3772 | 29 | 29 | ||
3773 | 30 | Usage:: | 30 | Usage:: |
3781 | 31 | $ keystone discover | 31 | |
3782 | 32 | Keystone found at http://localhost:35357 | 32 | $ keystone discover |
3783 | 33 | - supports version v1.0 (DEPRECATED) here http://localhost:35357/v1.0 | 33 | Keystone found at http://localhost:35357 |
3784 | 34 | - supports version v1.1 (CURRENT) here http://localhost:35357/v1.1 | 34 | |
3785 | 35 | - supports version v2.0 (BETA) here http://localhost:35357/v2.0 | 35 | - supports version v1.0 (DEPRECATED) here http://localhost:35357/v1.0 |
3786 | 36 | - and RAX-KSKEY: Rackspace API Key Authentication Admin Extension | 36 | - supports version v1.1 (CURRENT) here http://localhost:35357/v1.1 |
3787 | 37 | - and RAX-KSGRP: Rackspace Keystone Group Extensions | 37 | - supports version v2.0 (CURRENT) here http://localhost:35357/v2.0 |
3788 | 38 | - and RAX-KSKEY: Rackspace API Key Authentication Admin Extension | ||
3789 | 39 | - and RAX-KSGRP: Rackspace Keystone Group Extensions | ||
3790 | 38 | """ | 40 | """ |
3791 | 39 | if cs.endpoint: | 41 | if cs.endpoint: |
3792 | 40 | versions = cs.discover(cs.endpoint) | 42 | versions = cs.discover(cs.endpoint) |
3793 | 41 | 43 | ||
3794 | === added directory 'keystoneclient/locale' | |||
3795 | === added file 'keystoneclient/locale/keystoneclient.pot' | |||
3796 | --- keystoneclient/locale/keystoneclient.pot 1970-01-01 00:00:00 +0000 | |||
3797 | +++ keystoneclient/locale/keystoneclient.pot 2012-11-30 14:11:19 +0000 | |||
3798 | @@ -0,0 +1,20 @@ | |||
3799 | 1 | # Translations template for python-keystoneclient. | ||
3800 | 2 | # Copyright (C) 2012 ORGANIZATION | ||
3801 | 3 | # This file is distributed under the same license as the | ||
3802 | 4 | # python-keystoneclient project. | ||
3803 | 5 | # FIRST AUTHOR <EMAIL@ADDRESS>, 2012. | ||
3804 | 6 | # | ||
3805 | 7 | #, fuzzy | ||
3806 | 8 | msgid "" | ||
3807 | 9 | msgstr "" | ||
3808 | 10 | "Project-Id-Version: python-keystoneclient 0.1.3.12\n" | ||
3809 | 11 | "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" | ||
3810 | 12 | "POT-Creation-Date: 2012-09-29 16:02-0700\n" | ||
3811 | 13 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" | ||
3812 | 14 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | ||
3813 | 15 | "Language-Team: LANGUAGE <LL@li.org>\n" | ||
3814 | 16 | "MIME-Version: 1.0\n" | ||
3815 | 17 | "Content-Type: text/plain; charset=utf-8\n" | ||
3816 | 18 | "Content-Transfer-Encoding: 8bit\n" | ||
3817 | 19 | "Generated-By: Babel 0.9.6\n" | ||
3818 | 20 | |||
3819 | 0 | 21 | ||
3820 | === added directory 'keystoneclient/middleware' | |||
3821 | === added file 'keystoneclient/middleware/__init__.py' | |||
3822 | === added file 'keystoneclient/middleware/auth_token.py' | |||
3823 | --- keystoneclient/middleware/auth_token.py 1970-01-01 00:00:00 +0000 | |||
3824 | +++ keystoneclient/middleware/auth_token.py 2012-11-30 14:11:19 +0000 | |||
3825 | @@ -0,0 +1,864 @@ | |||
3826 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
3827 | 2 | |||
3828 | 3 | # Copyright 2010-2012 OpenStack LLC | ||
3829 | 4 | # | ||
3830 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); | ||
3831 | 6 | # you may not use this file except in compliance with the License. | ||
3832 | 7 | # You may obtain a copy of the License at | ||
3833 | 8 | # | ||
3834 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
3835 | 10 | # | ||
3836 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
3837 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, | ||
3838 | 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or | ||
3839 | 14 | # implied. | ||
3840 | 15 | # See the License for the specific language governing permissions and | ||
3841 | 16 | # limitations under the License. | ||
3842 | 17 | |||
3843 | 18 | """ | ||
3844 | 19 | TOKEN-BASED AUTH MIDDLEWARE | ||
3845 | 20 | |||
3846 | 21 | This WSGI component: | ||
3847 | 22 | |||
3848 | 23 | * Verifies that incoming client requests have valid tokens by validating | ||
3849 | 24 | tokens with the auth service. | ||
3850 | 25 | * Rejects unauthenticated requests UNLESS it is in 'delay_auth_decision' | ||
3851 | 26 | mode, which means the final decision is delegated to the downstream WSGI | ||
3852 | 27 | component (usually the OpenStack service) | ||
3853 | 28 | * Collects and forwards identity information based on a valid token | ||
3854 | 29 | such as user name, tenant, etc | ||
3855 | 30 | |||
3856 | 31 | Refer to: http://keystone.openstack.org/middlewarearchitecture.html | ||
3857 | 32 | |||
3858 | 33 | HEADERS | ||
3859 | 34 | ------- | ||
3860 | 35 | |||
3861 | 36 | * Headers starting with HTTP\_ is a standard http header | ||
3862 | 37 | * Headers starting with HTTP_X is an extended http header | ||
3863 | 38 | |||
3864 | 39 | Coming in from initial call from client or customer | ||
3865 | 40 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
3866 | 41 | |||
3867 | 42 | HTTP_X_AUTH_TOKEN | ||
3868 | 43 | The client token being passed in. | ||
3869 | 44 | |||
3870 | 45 | HTTP_X_STORAGE_TOKEN | ||
3871 | 46 | The client token being passed in (legacy Rackspace use) to support | ||
3872 | 47 | swift/cloud files | ||
3873 | 48 | |||
3874 | 49 | Used for communication between components | ||
3875 | 50 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
3876 | 51 | |||
3877 | 52 | WWW-Authenticate | ||
3878 | 53 | HTTP header returned to a user indicating which endpoint to use | ||
3879 | 54 | to retrieve a new token | ||
3880 | 55 | |||
3881 | 56 | What we add to the request for use by the OpenStack service | ||
3882 | 57 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
3883 | 58 | |||
3884 | 59 | HTTP_X_IDENTITY_STATUS | ||
3885 | 60 | 'Confirmed' or 'Invalid' | ||
3886 | 61 | The underlying service will only see a value of 'Invalid' if the Middleware | ||
3887 | 62 | is configured to run in 'delay_auth_decision' mode | ||
3888 | 63 | |||
3889 | 64 | HTTP_X_TENANT_ID | ||
3890 | 65 | Identity service managed unique identifier, string | ||
3891 | 66 | |||
3892 | 67 | HTTP_X_TENANT_NAME | ||
3893 | 68 | Unique tenant identifier, string | ||
3894 | 69 | |||
3895 | 70 | HTTP_X_USER_ID | ||
3896 | 71 | Identity-service managed unique identifier, string | ||
3897 | 72 | |||
3898 | 73 | HTTP_X_USER_NAME | ||
3899 | 74 | Unique user identifier, string | ||
3900 | 75 | |||
3901 | 76 | HTTP_X_ROLES | ||
3902 | 77 | Comma delimited list of case-sensitive Roles | ||
3903 | 78 | |||
3904 | 79 | HTTP_X_SERVICE_CATALOG | ||
3905 | 80 | json encoded keystone service catalog (optional). | ||
3906 | 81 | |||
3907 | 82 | HTTP_X_TENANT | ||
3908 | 83 | *Deprecated* in favor of HTTP_X_TENANT_ID and HTTP_X_TENANT_NAME | ||
3909 | 84 | Keystone-assigned unique identifier, deprecated | ||
3910 | 85 | |||
3911 | 86 | HTTP_X_USER | ||
3912 | 87 | *Deprecated* in favor of HTTP_X_USER_ID and HTTP_X_USER_NAME | ||
3913 | 88 | Unique user name, string | ||
3914 | 89 | |||
3915 | 90 | HTTP_X_ROLE | ||
3916 | 91 | *Deprecated* in favor of HTTP_X_ROLES | ||
3917 | 92 | This is being renamed, and the new header contains the same data. | ||
3918 | 93 | |||
3919 | 94 | OTHER ENVIRONMENT VARIABLES | ||
3920 | 95 | --------------------------- | ||
3921 | 96 | |||
3922 | 97 | keystone.token_info | ||
3923 | 98 | Information about the token discovered in the process of | ||
3924 | 99 | validation. This may include extended information returned by the | ||
3925 | 100 | Keystone token validation call, as well as basic information about | ||
3926 | 101 | the tenant and user. | ||
3927 | 102 | |||
3928 | 103 | """ | ||
3929 | 104 | |||
3930 | 105 | import datetime | ||
3931 | 106 | import httplib | ||
3932 | 107 | import json | ||
3933 | 108 | import logging | ||
3934 | 109 | import os | ||
3935 | 110 | import stat | ||
3936 | 111 | import time | ||
3937 | 112 | import webob | ||
3938 | 113 | import webob.exc | ||
3939 | 114 | |||
3940 | 115 | from keystoneclient.openstack.common import jsonutils | ||
3941 | 116 | from keystoneclient.common import cms | ||
3942 | 117 | from keystoneclient import utils | ||
3943 | 118 | from keystoneclient.openstack.common import timeutils | ||
3944 | 119 | |||
3945 | 120 | CONF = None | ||
3946 | 121 | try: | ||
3947 | 122 | from openstack.common import cfg | ||
3948 | 123 | CONF = cfg.CONF | ||
3949 | 124 | except ImportError: | ||
3950 | 125 | # cfg is not a library yet, try application copies | ||
3951 | 126 | for app in 'nova', 'glance', 'quantum', 'cinder': | ||
3952 | 127 | try: | ||
3953 | 128 | cfg = __import__('%s.openstack.common.cfg' % app, | ||
3954 | 129 | fromlist=['%s.openstack.common' % app]) | ||
3955 | 130 | # test which application middleware is running in | ||
3956 | 131 | if hasattr(cfg, 'CONF') and 'config_file' in cfg.CONF: | ||
3957 | 132 | CONF = cfg.CONF | ||
3958 | 133 | break | ||
3959 | 134 | except ImportError: | ||
3960 | 135 | pass | ||
3961 | 136 | if not CONF: | ||
3962 | 137 | from keystoneclient.openstack.common import cfg | ||
3963 | 138 | CONF = cfg.CONF | ||
3964 | 139 | LOG = logging.getLogger(__name__) | ||
3965 | 140 | |||
3966 | 141 | # alternative middleware configuration in the main application's | ||
3967 | 142 | # configuration file e.g. in nova.conf | ||
3968 | 143 | # [keystone_authtoken] | ||
3969 | 144 | # auth_host = 127.0.0.1 | ||
3970 | 145 | # auth_port = 35357 | ||
3971 | 146 | # auth_protocol = http | ||
3972 | 147 | # admin_tenant_name = admin | ||
3973 | 148 | # admin_user = admin | ||
3974 | 149 | # admin_password = badpassword | ||
3975 | 150 | opts = [ | ||
3976 | 151 | cfg.StrOpt('auth_admin_prefix', default=''), | ||
3977 | 152 | cfg.StrOpt('auth_host', default='127.0.0.1'), | ||
3978 | 153 | cfg.IntOpt('auth_port', default=35357), | ||
3979 | 154 | cfg.StrOpt('auth_protocol', default='https'), | ||
3980 | 155 | cfg.StrOpt('auth_uri', default=None), | ||
3981 | 156 | cfg.BoolOpt('delay_auth_decision', default=False), | ||
3982 | 157 | cfg.StrOpt('admin_token'), | ||
3983 | 158 | cfg.StrOpt('admin_user'), | ||
3984 | 159 | cfg.StrOpt('admin_password'), | ||
3985 | 160 | cfg.StrOpt('admin_tenant_name', default='admin'), | ||
3986 | 161 | cfg.StrOpt('certfile'), | ||
3987 | 162 | cfg.StrOpt('keyfile'), | ||
3988 | 163 | cfg.StrOpt('signing_dir'), | ||
3989 | 164 | cfg.ListOpt('memcache_servers'), | ||
3990 | 165 | cfg.IntOpt('token_cache_time', default=300), | ||
3991 | 166 | ] | ||
3992 | 167 | CONF.register_opts(opts, group='keystone_authtoken') | ||
3993 | 168 | |||
3994 | 169 | |||
3995 | 170 | def will_expire_soon(expiry): | ||
3996 | 171 | """ Determines if expiration is about to occur. | ||
3997 | 172 | |||
3998 | 173 | :param expiry: a datetime of the expected expiration | ||
3999 | 174 | :returns: boolean : true if expiration is within 30 seconds | ||
4000 | 175 | """ | ||
4001 | 176 | soon = (timeutils.utcnow() + datetime.timedelta(seconds=30)) | ||
4002 | 177 | return expiry < soon | ||
4003 | 178 | |||
4004 | 179 | |||
4005 | 180 | class InvalidUserToken(Exception): | ||
4006 | 181 | pass | ||
4007 | 182 | |||
4008 | 183 | |||
4009 | 184 | class ServiceError(Exception): | ||
4010 | 185 | pass | ||
4011 | 186 | |||
4012 | 187 | |||
4013 | 188 | class ConfigurationError(Exception): | ||
4014 | 189 | pass | ||
4015 | 190 | |||
4016 | 191 | |||
4017 | 192 | class AuthProtocol(object): | ||
4018 | 193 | """Auth Middleware that handles authenticating client calls.""" | ||
4019 | 194 | |||
4020 | 195 | def __init__(self, app, conf): | ||
4021 | 196 | LOG.info('Starting keystone auth_token middleware') | ||
4022 | 197 | self.conf = conf | ||
4023 | 198 | self.app = app | ||
4024 | 199 | |||
4025 | 200 | # delay_auth_decision means we still allow unauthenticated requests | ||
4026 | 201 | # through and we let the downstream service make the final decision | ||
4027 | 202 | self.delay_auth_decision = (self._conf_get('delay_auth_decision') in | ||
4028 | 203 | (True, 'true', 't', '1', 'on', 'yes', 'y')) | ||
4029 | 204 | |||
4030 | 205 | # where to find the auth service (we use this to validate tokens) | ||
4031 | 206 | self.auth_host = self._conf_get('auth_host') | ||
4032 | 207 | self.auth_port = int(self._conf_get('auth_port')) | ||
4033 | 208 | self.auth_protocol = self._conf_get('auth_protocol') | ||
4034 | 209 | if self.auth_protocol == 'http': | ||
4035 | 210 | self.http_client_class = httplib.HTTPConnection | ||
4036 | 211 | else: | ||
4037 | 212 | self.http_client_class = httplib.HTTPSConnection | ||
4038 | 213 | |||
4039 | 214 | self.auth_admin_prefix = self._conf_get('auth_admin_prefix') | ||
4040 | 215 | self.auth_uri = self._conf_get('auth_uri') | ||
4041 | 216 | if self.auth_uri is None: | ||
4042 | 217 | self.auth_uri = '%s://%s:%s' % (self.auth_protocol, | ||
4043 | 218 | self.auth_host, | ||
4044 | 219 | self.auth_port) | ||
4045 | 220 | |||
4046 | 221 | # SSL | ||
4047 | 222 | self.cert_file = self._conf_get('certfile') | ||
4048 | 223 | self.key_file = self._conf_get('keyfile') | ||
4049 | 224 | |||
4050 | 225 | #signing | ||
4051 | 226 | self.signing_dirname = self._conf_get('signing_dir') | ||
4052 | 227 | if self.signing_dirname is None: | ||
4053 | 228 | self.signing_dirname = '%s/keystone-signing' % os.environ['HOME'] | ||
4054 | 229 | LOG.info('Using %s as cache directory for signing certificate' % | ||
4055 | 230 | self.signing_dirname) | ||
4056 | 231 | if (os.path.exists(self.signing_dirname) and | ||
4057 | 232 | not os.access(self.signing_dirname, os.W_OK)): | ||
4058 | 233 | raise ConfigurationError("unable to access signing dir %s" % | ||
4059 | 234 | self.signing_dirname) | ||
4060 | 235 | |||
4061 | 236 | if not os.path.exists(self.signing_dirname): | ||
4062 | 237 | os.makedirs(self.signing_dirname) | ||
4063 | 238 | #will throw IOError if it cannot change permissions | ||
4064 | 239 | os.chmod(self.signing_dirname, stat.S_IRWXU) | ||
4065 | 240 | |||
4066 | 241 | val = '%s/signing_cert.pem' % self.signing_dirname | ||
4067 | 242 | self.signing_cert_file_name = val | ||
4068 | 243 | val = '%s/cacert.pem' % self.signing_dirname | ||
4069 | 244 | self.ca_file_name = val | ||
4070 | 245 | val = '%s/revoked.pem' % self.signing_dirname | ||
4071 | 246 | self.revoked_file_name = val | ||
4072 | 247 | |||
4073 | 248 | # Credentials used to verify this component with the Auth service since | ||
4074 | 249 | # validating tokens is a privileged call | ||
4075 | 250 | self.admin_token = self._conf_get('admin_token') | ||
4076 | 251 | self.admin_token_expiry = None | ||
4077 | 252 | self.admin_user = self._conf_get('admin_user') | ||
4078 | 253 | self.admin_password = self._conf_get('admin_password') | ||
4079 | 254 | self.admin_tenant_name = self._conf_get('admin_tenant_name') | ||
4080 | 255 | |||
4081 | 256 | # Token caching via memcache | ||
4082 | 257 | self._cache = None | ||
4083 | 258 | self._iso8601 = None | ||
4084 | 259 | memcache_servers = self._conf_get('memcache_servers') | ||
4085 | 260 | # By default the token will be cached for 5 minutes | ||
4086 | 261 | self.token_cache_time = int(self._conf_get('token_cache_time')) | ||
4087 | 262 | self._token_revocation_list = None | ||
4088 | 263 | self._token_revocation_list_fetched_time = None | ||
4089 | 264 | cache_timeout = datetime.timedelta(seconds=0) | ||
4090 | 265 | self.token_revocation_list_cache_timeout = cache_timeout | ||
4091 | 266 | if memcache_servers: | ||
4092 | 267 | try: | ||
4093 | 268 | import memcache | ||
4094 | 269 | import iso8601 | ||
4095 | 270 | LOG.info('Using memcache for caching token') | ||
4096 | 271 | self._cache = memcache.Client(memcache_servers.split(',')) | ||
4097 | 272 | self._iso8601 = iso8601 | ||
4098 | 273 | except ImportError as e: | ||
4099 | 274 | LOG.warn('disabled caching due to missing libraries %s', e) | ||
4100 | 275 | |||
4101 | 276 | def _conf_get(self, name): | ||
4102 | 277 | # try config from paste-deploy first | ||
4103 | 278 | if name in self.conf: | ||
4104 | 279 | return self.conf[name] | ||
4105 | 280 | else: | ||
4106 | 281 | return CONF.keystone_authtoken[name] | ||
4107 | 282 | |||
4108 | 283 | def __call__(self, env, start_response): | ||
4109 | 284 | """Handle incoming request. | ||
4110 | 285 | |||
4111 | 286 | Authenticate send downstream on success. Reject request if | ||
4112 | 287 | we can't authenticate. | ||
4113 | 288 | |||
4114 | 289 | """ | ||
4115 | 290 | LOG.debug('Authenticating user token') | ||
4116 | 291 | try: | ||
4117 | 292 | self._remove_auth_headers(env) | ||
4118 | 293 | user_token = self._get_user_token_from_header(env) | ||
4119 | 294 | token_info = self._validate_user_token(user_token) | ||
4120 | 295 | env['keystone.token_info'] = token_info | ||
4121 | 296 | user_headers = self._build_user_headers(token_info) | ||
4122 | 297 | self._add_headers(env, user_headers) | ||
4123 | 298 | return self.app(env, start_response) | ||
4124 | 299 | |||
4125 | 300 | except InvalidUserToken: | ||
4126 | 301 | if self.delay_auth_decision: | ||
4127 | 302 | LOG.info('Invalid user token - deferring reject downstream') | ||
4128 | 303 | self._add_headers(env, {'X-Identity-Status': 'Invalid'}) | ||
4129 | 304 | return self.app(env, start_response) | ||
4130 | 305 | else: | ||
4131 | 306 | LOG.info('Invalid user token - rejecting request') | ||
4132 | 307 | return self._reject_request(env, start_response) | ||
4133 | 308 | |||
4134 | 309 | except ServiceError as e: | ||
4135 | 310 | LOG.critical('Unable to obtain admin token: %s' % e) | ||
4136 | 311 | resp = webob.exc.HTTPServiceUnavailable() | ||
4137 | 312 | return resp(env, start_response) | ||
4138 | 313 | |||
4139 | 314 | def _remove_auth_headers(self, env): | ||
4140 | 315 | """Remove headers so a user can't fake authentication. | ||
4141 | 316 | |||
4142 | 317 | :param env: wsgi request environment | ||
4143 | 318 | |||
4144 | 319 | """ | ||
4145 | 320 | auth_headers = ( | ||
4146 | 321 | 'X-Identity-Status', | ||
4147 | 322 | 'X-Tenant-Id', | ||
4148 | 323 | 'X-Tenant-Name', | ||
4149 | 324 | 'X-User-Id', | ||
4150 | 325 | 'X-User-Name', | ||
4151 | 326 | 'X-Roles', | ||
4152 | 327 | 'X-Service-Catalog', | ||
4153 | 328 | # Deprecated | ||
4154 | 329 | 'X-User', | ||
4155 | 330 | 'X-Tenant', | ||
4156 | 331 | 'X-Role', | ||
4157 | 332 | ) | ||
4158 | 333 | LOG.debug('Removing headers from request environment: %s' % | ||
4159 | 334 | ','.join(auth_headers)) | ||
4160 | 335 | self._remove_headers(env, auth_headers) | ||
4161 | 336 | |||
4162 | 337 | def _get_user_token_from_header(self, env): | ||
4163 | 338 | """Get token id from request. | ||
4164 | 339 | |||
4165 | 340 | :param env: wsgi request environment | ||
4166 | 341 | :return token id | ||
4167 | 342 | :raises InvalidUserToken if no token is provided in request | ||
4168 | 343 | |||
4169 | 344 | """ | ||
4170 | 345 | token = self._get_header(env, 'X-Auth-Token', | ||
4171 | 346 | self._get_header(env, 'X-Storage-Token')) | ||
4172 | 347 | if token: | ||
4173 | 348 | return token | ||
4174 | 349 | else: | ||
4175 | 350 | LOG.warn("Unable to find authentication token in headers: %s", env) | ||
4176 | 351 | raise InvalidUserToken('Unable to find token in headers') | ||
4177 | 352 | |||
4178 | 353 | def _reject_request(self, env, start_response): | ||
4179 | 354 | """Redirect client to auth server. | ||
4180 | 355 | |||
4181 | 356 | :param env: wsgi request environment | ||
4182 | 357 | :param start_response: wsgi response callback | ||
4183 | 358 | :returns HTTPUnauthorized http response | ||
4184 | 359 | |||
4185 | 360 | """ | ||
4186 | 361 | headers = [('WWW-Authenticate', 'Keystone uri=\'%s\'' % self.auth_uri)] | ||
4187 | 362 | resp = webob.exc.HTTPUnauthorized('Authentication required', headers) | ||
4188 | 363 | return resp(env, start_response) | ||
4189 | 364 | |||
4190 | 365 | def get_admin_token(self): | ||
4191 | 366 | """Return admin token, possibly fetching a new one. | ||
4192 | 367 | |||
4193 | 368 | if self.admin_token_expiry is set from fetching an admin token, check | ||
4194 | 369 | it for expiration, and request a new token is the existing token | ||
4195 | 370 | is about to expire. | ||
4196 | 371 | |||
4197 | 372 | :return admin token id | ||
4198 | 373 | :raise ServiceError when unable to retrieve token from keystone | ||
4199 | 374 | |||
4200 | 375 | """ | ||
4201 | 376 | if self.admin_token_expiry: | ||
4202 | 377 | if will_expire_soon(self.admin_token_expiry): | ||
4203 | 378 | self.admin_token = None | ||
4204 | 379 | |||
4205 | 380 | if not self.admin_token: | ||
4206 | 381 | (self.admin_token, | ||
4207 | 382 | self.admin_token_expiry) = self._request_admin_token() | ||
4208 | 383 | |||
4209 | 384 | return self.admin_token | ||
4210 | 385 | |||
4211 | 386 | def _get_http_connection(self): | ||
4212 | 387 | if self.auth_protocol == 'http': | ||
4213 | 388 | return self.http_client_class(self.auth_host, self.auth_port) | ||
4214 | 389 | else: | ||
4215 | 390 | return self.http_client_class(self.auth_host, | ||
4216 | 391 | self.auth_port, | ||
4217 | 392 | self.key_file, | ||
4218 | 393 | self.cert_file) | ||
4219 | 394 | |||
4220 | 395 | def _http_request(self, method, path): | ||
4221 | 396 | """HTTP request helper used to make unspecified content type requests. | ||
4222 | 397 | |||
4223 | 398 | :param method: http method | ||
4224 | 399 | :param path: relative request url | ||
4225 | 400 | :return (http response object) | ||
4226 | 401 | :raise ServerError when unable to communicate with keystone | ||
4227 | 402 | |||
4228 | 403 | """ | ||
4229 | 404 | conn = self._get_http_connection() | ||
4230 | 405 | |||
4231 | 406 | try: | ||
4232 | 407 | conn.request(method, path) | ||
4233 | 408 | response = conn.getresponse() | ||
4234 | 409 | body = response.read() | ||
4235 | 410 | except Exception as e: | ||
4236 | 411 | LOG.error('HTTP connection exception: %s' % e) | ||
4237 | 412 | raise ServiceError('Unable to communicate with keystone') | ||
4238 | 413 | finally: | ||
4239 | 414 | conn.close() | ||
4240 | 415 | |||
4241 | 416 | return response, body | ||
4242 | 417 | |||
4243 | 418 | def _json_request(self, method, path, body=None, additional_headers=None): | ||
4244 | 419 | """HTTP request helper used to make json requests. | ||
4245 | 420 | |||
4246 | 421 | :param method: http method | ||
4247 | 422 | :param path: relative request url | ||
4248 | 423 | :param body: dict to encode to json as request body. Optional. | ||
4249 | 424 | :param additional_headers: dict of additional headers to send with | ||
4250 | 425 | http request. Optional. | ||
4251 | 426 | :return (http response object, response body parsed as json) | ||
4252 | 427 | :raise ServerError when unable to communicate with keystone | ||
4253 | 428 | |||
4254 | 429 | """ | ||
4255 | 430 | conn = self._get_http_connection() | ||
4256 | 431 | |||
4257 | 432 | kwargs = { | ||
4258 | 433 | 'headers': { | ||
4259 | 434 | 'Content-type': 'application/json', | ||
4260 | 435 | 'Accept': 'application/json', | ||
4261 | 436 | }, | ||
4262 | 437 | } | ||
4263 | 438 | |||
4264 | 439 | if additional_headers: | ||
4265 | 440 | kwargs['headers'].update(additional_headers) | ||
4266 | 441 | |||
4267 | 442 | if body: | ||
4268 | 443 | kwargs['body'] = jsonutils.dumps(body) | ||
4269 | 444 | |||
4270 | 445 | full_path = self.auth_admin_prefix + path | ||
4271 | 446 | try: | ||
4272 | 447 | conn.request(method, full_path, **kwargs) | ||
4273 | 448 | response = conn.getresponse() | ||
4274 | 449 | body = response.read() | ||
4275 | 450 | except Exception as e: | ||
4276 | 451 | LOG.error('HTTP connection exception: %s' % e) | ||
4277 | 452 | raise ServiceError('Unable to communicate with keystone') | ||
4278 | 453 | finally: | ||
4279 | 454 | conn.close() | ||
4280 | 455 | |||
4281 | 456 | try: | ||
4282 | 457 | data = jsonutils.loads(body) | ||
4283 | 458 | except ValueError: | ||
4284 | 459 | LOG.debug('Keystone did not return json-encoded body') | ||
4285 | 460 | data = {} | ||
4286 | 461 | |||
4287 | 462 | return response, data | ||
4288 | 463 | |||
4289 | 464 | def _request_admin_token(self): | ||
4290 | 465 | """Retrieve new token as admin user from keystone. | ||
4291 | 466 | |||
4292 | 467 | :return token id upon success | ||
4293 | 468 | :raises ServerError when unable to communicate with keystone | ||
4294 | 469 | |||
4295 | 470 | """ | ||
4296 | 471 | params = { | ||
4297 | 472 | 'auth': { | ||
4298 | 473 | 'passwordCredentials': { | ||
4299 | 474 | 'username': self.admin_user, | ||
4300 | 475 | 'password': self.admin_password, | ||
4301 | 476 | }, | ||
4302 | 477 | 'tenantName': self.admin_tenant_name, | ||
4303 | 478 | } | ||
4304 | 479 | } | ||
4305 | 480 | |||
4306 | 481 | response, data = self._json_request('POST', | ||
4307 | 482 | '/v2.0/tokens', | ||
4308 | 483 | body=params) | ||
4309 | 484 | |||
4310 | 485 | try: | ||
4311 | 486 | token = data['access']['token']['id'] | ||
4312 | 487 | expiry = data['access']['token']['expires'] | ||
4313 | 488 | assert token | ||
4314 | 489 | assert expiry | ||
4315 | 490 | datetime_expiry = timeutils.parse_isotime(expiry) | ||
4316 | 491 | return (token, timeutils.normalize_time(datetime_expiry)) | ||
4317 | 492 | except (AssertionError, KeyError): | ||
4318 | 493 | LOG.warn("Unexpected response from keystone service: %s", data) | ||
4319 | 494 | raise ServiceError('invalid json response') | ||
4320 | 495 | except (ValueError): | ||
4321 | 496 | LOG.warn("Unable to parse expiration time from token: %s", data) | ||
4322 | 497 | raise ServiceError('invalid json response') | ||
4323 | 498 | |||
4324 | 499 | def _validate_user_token(self, user_token, retry=True): | ||
4325 | 500 | """Authenticate user using PKI | ||
4326 | 501 | |||
4327 | 502 | :param user_token: user's token id | ||
4328 | 503 | :param retry: Ignored, as it is not longer relevant | ||
4329 | 504 | :return uncrypted body of the token if the token is valid | ||
4330 | 505 | :raise InvalidUserToken if token is rejected | ||
4331 | 506 | :no longer raises ServiceError since it no longer makes RPC | ||
4332 | 507 | |||
4333 | 508 | """ | ||
4334 | 509 | try: | ||
4335 | 510 | token_id = cms.cms_hash_token(user_token) | ||
4336 | 511 | cached = self._cache_get(token_id) | ||
4337 | 512 | if cached: | ||
4338 | 513 | return cached | ||
4339 | 514 | if cms.is_ans1_token(user_token): | ||
4340 | 515 | verified = self.verify_signed_token(user_token) | ||
4341 | 516 | data = json.loads(verified) | ||
4342 | 517 | else: | ||
4343 | 518 | data = self.verify_uuid_token(user_token, retry) | ||
4344 | 519 | self._cache_put(token_id, data) | ||
4345 | 520 | return data | ||
4346 | 521 | except Exception as e: | ||
4347 | 522 | LOG.debug('Token validation failure.', exc_info=True) | ||
4348 | 523 | self._cache_store_invalid(user_token) | ||
4349 | 524 | LOG.warn("Authorization failed for token %s", user_token) | ||
4350 | 525 | raise InvalidUserToken('Token authorization failed') | ||
4351 | 526 | |||
4352 | 527 | def _build_user_headers(self, token_info): | ||
4353 | 528 | """Convert token object into headers. | ||
4354 | 529 | |||
4355 | 530 | Build headers that represent authenticated user: | ||
4356 | 531 | * X_IDENTITY_STATUS: Confirmed or Invalid | ||
4357 | 532 | * X_TENANT_ID: id of tenant if tenant is present | ||
4358 | 533 | * X_TENANT_NAME: name of tenant if tenant is present | ||
4359 | 534 | * X_USER_ID: id of user | ||
4360 | 535 | * X_USER_NAME: name of user | ||
4361 | 536 | * X_ROLES: list of roles | ||
4362 | 537 | * X_SERVICE_CATALOG: service catalog | ||
4363 | 538 | |||
4364 | 539 | Additional (deprecated) headers include: | ||
4365 | 540 | * X_USER: name of user | ||
4366 | 541 | * X_TENANT: For legacy compatibility before we had ID and Name | ||
4367 | 542 | * X_ROLE: list of roles | ||
4368 | 543 | |||
4369 | 544 | :param token_info: token object returned by keystone on authentication | ||
4370 | 545 | :raise InvalidUserToken when unable to parse token object | ||
4371 | 546 | |||
4372 | 547 | """ | ||
4373 | 548 | user = token_info['access']['user'] | ||
4374 | 549 | token = token_info['access']['token'] | ||
4375 | 550 | roles = ','.join([role['name'] for role in user.get('roles', [])]) | ||
4376 | 551 | |||
4377 | 552 | def get_tenant_info(): | ||
4378 | 553 | """Returns a (tenant_id, tenant_name) tuple from context.""" | ||
4379 | 554 | def essex(): | ||
4380 | 555 | """Essex puts the tenant ID and name on the token.""" | ||
4381 | 556 | return (token['tenant']['id'], token['tenant']['name']) | ||
4382 | 557 | |||
4383 | 558 | def pre_diablo(): | ||
4384 | 559 | """Pre-diablo, Keystone only provided tenantId.""" | ||
4385 | 560 | return (token['tenantId'], token['tenantId']) | ||
4386 | 561 | |||
4387 | 562 | def default_tenant(): | ||
4388 | 563 | """Assume the user's default tenant.""" | ||
4389 | 564 | return (user['tenantId'], user['tenantName']) | ||
4390 | 565 | |||
4391 | 566 | for method in [essex, pre_diablo, default_tenant]: | ||
4392 | 567 | try: | ||
4393 | 568 | return method() | ||
4394 | 569 | except KeyError: | ||
4395 | 570 | pass | ||
4396 | 571 | |||
4397 | 572 | raise InvalidUserToken('Unable to determine tenancy.') | ||
4398 | 573 | |||
4399 | 574 | tenant_id, tenant_name = get_tenant_info() | ||
4400 | 575 | |||
4401 | 576 | user_id = user['id'] | ||
4402 | 577 | user_name = user['name'] | ||
4403 | 578 | |||
4404 | 579 | rval = { | ||
4405 | 580 | 'X-Identity-Status': 'Confirmed', | ||
4406 | 581 | 'X-Tenant-Id': tenant_id, | ||
4407 | 582 | 'X-Tenant-Name': tenant_name, | ||
4408 | 583 | 'X-User-Id': user_id, | ||
4409 | 584 | 'X-User-Name': user_name, | ||
4410 | 585 | 'X-Roles': roles, | ||
4411 | 586 | # Deprecated | ||
4412 | 587 | 'X-User': user_name, | ||
4413 | 588 | 'X-Tenant': tenant_name, | ||
4414 | 589 | 'X-Role': roles, | ||
4415 | 590 | } | ||
4416 | 591 | |||
4417 | 592 | try: | ||
4418 | 593 | catalog = token_info['access']['serviceCatalog'] | ||
4419 | 594 | rval['X-Service-Catalog'] = jsonutils.dumps(catalog) | ||
4420 | 595 | except KeyError: | ||
4421 | 596 | pass | ||
4422 | 597 | |||
4423 | 598 | return rval | ||
4424 | 599 | |||
4425 | 600 | def _header_to_env_var(self, key): | ||
4426 | 601 | """Convert header to wsgi env variable. | ||
4427 | 602 | |||
4428 | 603 | :param key: http header name (ex. 'X-Auth-Token') | ||
4429 | 604 | :return wsgi env variable name (ex. 'HTTP_X_AUTH_TOKEN') | ||
4430 | 605 | |||
4431 | 606 | """ | ||
4432 | 607 | return 'HTTP_%s' % key.replace('-', '_').upper() | ||
4433 | 608 | |||
4434 | 609 | def _add_headers(self, env, headers): | ||
4435 | 610 | """Add http headers to environment.""" | ||
4436 | 611 | for (k, v) in headers.iteritems(): | ||
4437 | 612 | env_key = self._header_to_env_var(k) | ||
4438 | 613 | env[env_key] = v | ||
4439 | 614 | |||
4440 | 615 | def _remove_headers(self, env, keys): | ||
4441 | 616 | """Remove http headers from environment.""" | ||
4442 | 617 | for k in keys: | ||
4443 | 618 | env_key = self._header_to_env_var(k) | ||
4444 | 619 | try: | ||
4445 | 620 | del env[env_key] | ||
4446 | 621 | except KeyError: | ||
4447 | 622 | pass | ||
4448 | 623 | |||
4449 | 624 | def _get_header(self, env, key, default=None): | ||
4450 | 625 | """Get http header from environment.""" | ||
4451 | 626 | env_key = self._header_to_env_var(key) | ||
4452 | 627 | return env.get(env_key, default) | ||
4453 | 628 | |||
4454 | 629 | def _cache_get(self, token): | ||
4455 | 630 | """Return token information from cache. | ||
4456 | 631 | |||
4457 | 632 | If token is invalid raise InvalidUserToken | ||
4458 | 633 | return token only if fresh (not expired). | ||
4459 | 634 | """ | ||
4460 | 635 | if self._cache and token: | ||
4461 | 636 | key = 'tokens/%s' % token | ||
4462 | 637 | cached = self._cache.get(key) | ||
4463 | 638 | if cached == 'invalid': | ||
4464 | 639 | LOG.debug('Cached Token %s is marked unauthorized', token) | ||
4465 | 640 | raise InvalidUserToken('Token authorization failed') | ||
4466 | 641 | if cached: | ||
4467 | 642 | data, expires = cached | ||
4468 | 643 | if time.time() < float(expires): | ||
4469 | 644 | LOG.debug('Returning cached token %s', token) | ||
4470 | 645 | return data | ||
4471 | 646 | else: | ||
4472 | 647 | LOG.debug('Cached Token %s seems expired', token) | ||
4473 | 648 | |||
4474 | 649 | def _cache_put(self, token, data): | ||
4475 | 650 | """Put token data into the cache. | ||
4476 | 651 | |||
4477 | 652 | Stores the parsed expire date in cache allowing | ||
4478 | 653 | quick check of token freshness on retrieval. | ||
4479 | 654 | """ | ||
4480 | 655 | if self._cache and data: | ||
4481 | 656 | key = 'tokens/%s' % token | ||
4482 | 657 | if 'token' in data.get('access', {}): | ||
4483 | 658 | timestamp = data['access']['token']['expires'] | ||
4484 | 659 | expires = self._iso8601.parse_date(timestamp).strftime('%s') | ||
4485 | 660 | else: | ||
4486 | 661 | LOG.error('invalid token format') | ||
4487 | 662 | return | ||
4488 | 663 | LOG.debug('Storing %s token in memcache', token) | ||
4489 | 664 | self._cache.set(key, | ||
4490 | 665 | (data, expires), | ||
4491 | 666 | time=self.token_cache_time) | ||
4492 | 667 | |||
4493 | 668 | def _cache_store_invalid(self, token): | ||
4494 | 669 | """Store invalid token in cache.""" | ||
4495 | 670 | if self._cache: | ||
4496 | 671 | key = 'tokens/%s' % token | ||
4497 | 672 | LOG.debug('Marking token %s as unauthorized in memcache', token) | ||
4498 | 673 | self._cache.set(key, | ||
4499 | 674 | 'invalid', | ||
4500 | 675 | time=self.token_cache_time) | ||
4501 | 676 | |||
4502 | 677 | def cert_file_missing(self, called_proc_err, file_name): | ||
4503 | 678 | return (called_proc_err.output.find(file_name) | ||
4504 | 679 | and not os.path.exists(file_name)) | ||
4505 | 680 | |||
4506 | 681 | def verify_uuid_token(self, user_token, retry=True): | ||
4507 | 682 | """Authenticate user token with keystone. | ||
4508 | 683 | |||
4509 | 684 | :param user_token: user's token id | ||
4510 | 685 | :param retry: flag that forces the middleware to retry | ||
4511 | 686 | user authentication when an indeterminate | ||
4512 | 687 | response is received. Optional. | ||
4513 | 688 | :return token object received from keystone on success | ||
4514 | 689 | :raise InvalidUserToken if token is rejected | ||
4515 | 690 | :raise ServiceError if unable to authenticate token | ||
4516 | 691 | |||
4517 | 692 | """ | ||
4518 | 693 | |||
4519 | 694 | headers = {'X-Auth-Token': self.get_admin_token()} | ||
4520 | 695 | response, data = self._json_request('GET', | ||
4521 | 696 | '/v2.0/tokens/%s' % user_token, | ||
4522 | 697 | additional_headers=headers) | ||
4523 | 698 | |||
4524 | 699 | if response.status == 200: | ||
4525 | 700 | self._cache_put(user_token, data) | ||
4526 | 701 | return data | ||
4527 | 702 | if response.status == 404: | ||
4528 | 703 | # FIXME(ja): I'm assuming the 404 status means that user_token is | ||
4529 | 704 | # invalid - not that the admin_token is invalid | ||
4530 | 705 | self._cache_store_invalid(user_token) | ||
4531 | 706 | LOG.warn("Authorization failed for token %s", user_token) | ||
4532 | 707 | raise InvalidUserToken('Token authorization failed') | ||
4533 | 708 | if response.status == 401: | ||
4534 | 709 | LOG.info('Keystone rejected admin token %s, resetting', headers) | ||
4535 | 710 | self.admin_token = None | ||
4536 | 711 | else: | ||
4537 | 712 | LOG.error('Bad response code while validating token: %s' % | ||
4538 | 713 | response.status) | ||
4539 | 714 | if retry: | ||
4540 | 715 | LOG.info('Retrying validation') | ||
4541 | 716 | return self._validate_user_token(user_token, False) | ||
4542 | 717 | else: | ||
4543 | 718 | LOG.warn("Invalid user token: %s. Keystone response: %s.", | ||
4544 | 719 | user_token, data) | ||
4545 | 720 | |||
4546 | 721 | raise InvalidUserToken() | ||
4547 | 722 | |||
4548 | 723 | def is_signed_token_revoked(self, signed_text): | ||
4549 | 724 | """Indicate whether the token appears in the revocation list.""" | ||
4550 | 725 | revocation_list = self.token_revocation_list | ||
4551 | 726 | revoked_tokens = revocation_list.get('revoked', []) | ||
4552 | 727 | if not revoked_tokens: | ||
4553 | 728 | return | ||
4554 | 729 | revoked_ids = (x['id'] for x in revoked_tokens) | ||
4555 | 730 | token_id = utils.hash_signed_token(signed_text) | ||
4556 | 731 | for revoked_id in revoked_ids: | ||
4557 | 732 | if token_id == revoked_id: | ||
4558 | 733 | LOG.debug('Token %s is marked as having been revoked', | ||
4559 | 734 | token_id) | ||
4560 | 735 | return True | ||
4561 | 736 | return False | ||
4562 | 737 | |||
4563 | 738 | def cms_verify(self, data): | ||
4564 | 739 | """Verifies the signature of the provided data's IAW CMS syntax. | ||
4565 | 740 | |||
4566 | 741 | If either of the certificate files are missing, fetch them and | ||
4567 | 742 | retry. | ||
4568 | 743 | """ | ||
4569 | 744 | while True: | ||
4570 | 745 | try: | ||
4571 | 746 | output = cms.cms_verify(data, self.signing_cert_file_name, | ||
4572 | 747 | self.ca_file_name) | ||
4573 | 748 | except cms.subprocess.CalledProcessError as err: | ||
4574 | 749 | if self.cert_file_missing(err, self.signing_cert_file_name): | ||
4575 | 750 | self.fetch_signing_cert() | ||
4576 | 751 | continue | ||
4577 | 752 | if self.cert_file_missing(err, self.ca_file_name): | ||
4578 | 753 | self.fetch_ca_cert() | ||
4579 | 754 | continue | ||
4580 | 755 | raise err | ||
4581 | 756 | return output | ||
4582 | 757 | |||
4583 | 758 | def verify_signed_token(self, signed_text): | ||
4584 | 759 | """Check that the token is unrevoked and has a valid signature.""" | ||
4585 | 760 | if self.is_signed_token_revoked(signed_text): | ||
4586 | 761 | raise InvalidUserToken('Token has been revoked') | ||
4587 | 762 | |||
4588 | 763 | formatted = cms.token_to_cms(signed_text) | ||
4589 | 764 | return self.cms_verify(formatted) | ||
4590 | 765 | |||
4591 | 766 | @property | ||
4592 | 767 | def token_revocation_list_fetched_time(self): | ||
4593 | 768 | if not self._token_revocation_list_fetched_time: | ||
4594 | 769 | # If the fetched list has been written to disk, use its | ||
4595 | 770 | # modification time. | ||
4596 | 771 | if os.path.exists(self.revoked_file_name): | ||
4597 | 772 | mtime = os.path.getmtime(self.revoked_file_name) | ||
4598 | 773 | fetched_time = datetime.datetime.fromtimestamp(mtime) | ||
4599 | 774 | # Otherwise the list will need to be fetched. | ||
4600 | 775 | else: | ||
4601 | 776 | fetched_time = datetime.datetime.min | ||
4602 | 777 | self._token_revocation_list_fetched_time = fetched_time | ||
4603 | 778 | return self._token_revocation_list_fetched_time | ||
4604 | 779 | |||
4605 | 780 | @token_revocation_list_fetched_time.setter | ||
4606 | 781 | def token_revocation_list_fetched_time(self, value): | ||
4607 | 782 | self._token_revocation_list_fetched_time = value | ||
4608 | 783 | |||
4609 | 784 | @property | ||
4610 | 785 | def token_revocation_list(self): | ||
4611 | 786 | timeout = (self.token_revocation_list_fetched_time + | ||
4612 | 787 | self.token_revocation_list_cache_timeout) | ||
4613 | 788 | list_is_current = timeutils.utcnow() < timeout | ||
4614 | 789 | if list_is_current: | ||
4615 | 790 | # Load the list from disk if required | ||
4616 | 791 | if not self._token_revocation_list: | ||
4617 | 792 | with open(self.revoked_file_name, 'r') as f: | ||
4618 | 793 | self._token_revocation_list = jsonutils.loads(f.read()) | ||
4619 | 794 | else: | ||
4620 | 795 | self.token_revocation_list = self.fetch_revocation_list() | ||
4621 | 796 | return self._token_revocation_list | ||
4622 | 797 | |||
4623 | 798 | @token_revocation_list.setter | ||
4624 | 799 | def token_revocation_list(self, value): | ||
4625 | 800 | """Save a revocation list to memory and to disk. | ||
4626 | 801 | |||
4627 | 802 | :param value: A json-encoded revocation list | ||
4628 | 803 | |||
4629 | 804 | """ | ||
4630 | 805 | self._token_revocation_list = jsonutils.loads(value) | ||
4631 | 806 | self.token_revocation_list_fetched_time = timeutils.utcnow() | ||
4632 | 807 | with open(self.revoked_file_name, 'w') as f: | ||
4633 | 808 | f.write(value) | ||
4634 | 809 | |||
4635 | 810 | def fetch_revocation_list(self, retry=True): | ||
4636 | 811 | headers = {'X-Auth-Token': self.get_admin_token()} | ||
4637 | 812 | response, data = self._json_request('GET', '/v2.0/tokens/revoked', | ||
4638 | 813 | additional_headers=headers) | ||
4639 | 814 | if response.status == 401: | ||
4640 | 815 | if retry: | ||
4641 | 816 | LOG.info('Keystone rejected admin token %s, resetting admin ' | ||
4642 | 817 | 'token', headers) | ||
4643 | 818 | self.admin_token = None | ||
4644 | 819 | return self.fetch_revocation_list(retry=False) | ||
4645 | 820 | if response.status != 200: | ||
4646 | 821 | raise ServiceError('Unable to fetch token revocation list.') | ||
4647 | 822 | if (not 'signed' in data): | ||
4648 | 823 | raise ServiceError('Revocation list inmproperly formatted.') | ||
4649 | 824 | return self.cms_verify(data['signed']) | ||
4650 | 825 | |||
4651 | 826 | def fetch_signing_cert(self): | ||
4652 | 827 | response, data = self._http_request('GET', | ||
4653 | 828 | '/v2.0/certificates/signing') | ||
4654 | 829 | try: | ||
4655 | 830 | #todo check response | ||
4656 | 831 | certfile = open(self.signing_cert_file_name, 'w') | ||
4657 | 832 | certfile.write(data) | ||
4658 | 833 | certfile.close() | ||
4659 | 834 | except (AssertionError, KeyError): | ||
4660 | 835 | LOG.warn("Unexpected response from keystone service: %s", data) | ||
4661 | 836 | raise ServiceError('invalid json response') | ||
4662 | 837 | |||
4663 | 838 | def fetch_ca_cert(self): | ||
4664 | 839 | response, data = self._http_request('GET', | ||
4665 | 840 | '/v2.0/certificates/ca') | ||
4666 | 841 | try: | ||
4667 | 842 | #todo check response | ||
4668 | 843 | certfile = open(self.ca_file_name, 'w') | ||
4669 | 844 | certfile.write(data) | ||
4670 | 845 | certfile.close() | ||
4671 | 846 | except (AssertionError, KeyError): | ||
4672 | 847 | LOG.warn("Unexpected response from keystone service: %s", data) | ||
4673 | 848 | raise ServiceError('invalid json response') | ||
4674 | 849 | |||
4675 | 850 | |||
4676 | 851 | def filter_factory(global_conf, **local_conf): | ||
4677 | 852 | """Returns a WSGI filter app for use with paste.deploy.""" | ||
4678 | 853 | conf = global_conf.copy() | ||
4679 | 854 | conf.update(local_conf) | ||
4680 | 855 | |||
4681 | 856 | def auth_filter(app): | ||
4682 | 857 | return AuthProtocol(app, conf) | ||
4683 | 858 | return auth_filter | ||
4684 | 859 | |||
4685 | 860 | |||
4686 | 861 | def app_factory(global_conf, **local_conf): | ||
4687 | 862 | conf = global_conf.copy() | ||
4688 | 863 | conf.update(local_conf) | ||
4689 | 864 | return AuthProtocol(None, conf) | ||
4690 | 0 | 865 | ||
4691 | === added file 'keystoneclient/middleware/test.py' | |||
4692 | --- keystoneclient/middleware/test.py 1970-01-01 00:00:00 +0000 | |||
4693 | +++ keystoneclient/middleware/test.py 2012-11-30 14:11:19 +0000 | |||
4694 | @@ -0,0 +1,67 @@ | |||
4695 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
4696 | 2 | |||
4697 | 3 | # Copyright 2012 OpenStack LLC | ||
4698 | 4 | # | ||
4699 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
4700 | 6 | # not use this file except in compliance with the License. You may obtain | ||
4701 | 7 | # a copy of the License at | ||
4702 | 8 | # | ||
4703 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
4704 | 10 | # | ||
4705 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
4706 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
4707 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
4708 | 14 | # License for the specific language governing permissions and limitations | ||
4709 | 15 | # under the License. | ||
4710 | 16 | |||
4711 | 17 | # | ||
4712 | 18 | # Test support for middleware authentication | ||
4713 | 19 | # | ||
4714 | 20 | |||
4715 | 21 | import os | ||
4716 | 22 | import sys | ||
4717 | 23 | |||
4718 | 24 | |||
4719 | 25 | ROOTDIR = os.path.dirname(os.path.abspath(os.curdir)) | ||
4720 | 26 | |||
4721 | 27 | |||
4722 | 28 | def rootdir(*p): | ||
4723 | 29 | return os.path.join(ROOTDIR, *p) | ||
4724 | 30 | |||
4725 | 31 | |||
4726 | 32 | class NoModule(object): | ||
4727 | 33 | """A mixin class to provide support for unloading/disabling modules.""" | ||
4728 | 34 | |||
4729 | 35 | def __init__(self, *args, **kw): | ||
4730 | 36 | super(NoModule, self).__init__(*args, **kw) | ||
4731 | 37 | self._finders = [] | ||
4732 | 38 | self._cleared_modules = {} | ||
4733 | 39 | |||
4734 | 40 | def tearDown(self): | ||
4735 | 41 | super(NoModule, self).tearDown() | ||
4736 | 42 | for finder in self._finders: | ||
4737 | 43 | sys.meta_path.remove(finder) | ||
4738 | 44 | sys.modules.update(self._cleared_modules) | ||
4739 | 45 | |||
4740 | 46 | def clear_module(self, module): | ||
4741 | 47 | cleared_modules = {} | ||
4742 | 48 | for fullname in sys.modules.keys(): | ||
4743 | 49 | if fullname == module or fullname.startswith(module + '.'): | ||
4744 | 50 | cleared_modules[fullname] = sys.modules.pop(fullname) | ||
4745 | 51 | return cleared_modules | ||
4746 | 52 | |||
4747 | 53 | def disable_module(self, module): | ||
4748 | 54 | """Ensure ImportError for the specified module.""" | ||
4749 | 55 | |||
4750 | 56 | # Clear 'module' references in sys.modules | ||
4751 | 57 | self._cleared_modules.update(self.clear_module(module)) | ||
4752 | 58 | |||
4753 | 59 | # Disallow further imports of 'module' | ||
4754 | 60 | class NoModule(object): | ||
4755 | 61 | def find_module(self, fullname, path): | ||
4756 | 62 | if fullname == module or fullname.startswith(module + '.'): | ||
4757 | 63 | raise ImportError | ||
4758 | 64 | |||
4759 | 65 | finder = NoModule() | ||
4760 | 66 | self._finders.append(finder) | ||
4761 | 67 | sys.meta_path.insert(0, finder) | ||
4762 | 0 | 68 | ||
4763 | === added file 'keystoneclient/openstack/common/cfg.py' | |||
4764 | --- keystoneclient/openstack/common/cfg.py 1970-01-01 00:00:00 +0000 | |||
4765 | +++ keystoneclient/openstack/common/cfg.py 2012-11-30 14:11:19 +0000 | |||
4766 | @@ -0,0 +1,1653 @@ | |||
4767 | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
4768 | 2 | |||
4769 | 3 | # Copyright 2012 Red Hat, Inc. | ||
4770 | 4 | # | ||
4771 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
4772 | 6 | # not use this file except in compliance with the License. You may obtain | ||
4773 | 7 | # a copy of the License at | ||
4774 | 8 | # | ||
4775 | 9 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
4776 | 10 | # | ||
4777 | 11 | # Unless required by applicable law or agreed to in writing, software | ||
4778 | 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
4779 | 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
4780 | 14 | # License for the specific language governing permissions and limitations | ||
4781 | 15 | # under the License. | ||
4782 | 16 | |||
4783 | 17 | r""" | ||
4784 | 18 | Configuration options which may be set on the command line or in config files. | ||
4785 | 19 | |||
4786 | 20 | The schema for each option is defined using the Opt sub-classes, e.g.: | ||
4787 | 21 | |||
4788 | 22 | :: | ||
4789 | 23 | |||
4790 | 24 | common_opts = [ | ||
4791 | 25 | cfg.StrOpt('bind_host', | ||
4792 | 26 | default='0.0.0.0', | ||
4793 | 27 | help='IP address to listen on'), | ||
4794 | 28 | cfg.IntOpt('bind_port', | ||
4795 | 29 | default=9292, | ||
4796 | 30 | help='Port number to listen on') | ||
4797 | 31 | ] | ||
4798 | 32 | |||
4799 | 33 | Options can be strings, integers, floats, booleans, lists or 'multi strings':: | ||
4800 | 34 | |||
4801 | 35 | enabled_apis_opt = cfg.ListOpt('enabled_apis', | ||
4802 | 36 | default=['ec2', 'osapi_compute'], | ||
4803 | 37 | help='List of APIs to enable by default') | ||
4804 | 38 | |||
4805 | 39 | DEFAULT_EXTENSIONS = [ | ||
4806 | 40 | 'nova.api.openstack.compute.contrib.standard_extensions' | ||
4807 | 41 | ] | ||
4808 | 42 | osapi_compute_extension_opt = cfg.MultiStrOpt('osapi_compute_extension', | ||
4809 | 43 | default=DEFAULT_EXTENSIONS) | ||
4810 | 44 | |||
4811 | 45 | Option schemas are registered with the config manager at runtime, but before | ||
4812 | 46 | the option is referenced:: | ||
4813 | 47 | |||
4814 | 48 | class ExtensionManager(object): | ||
4815 | 49 | |||
4816 | 50 | enabled_apis_opt = cfg.ListOpt(...) | ||
4817 | 51 | |||
4818 | 52 | def __init__(self, conf): | ||
4819 | 53 | self.conf = conf | ||
4820 | 54 | self.conf.register_opt(enabled_apis_opt) | ||
4821 | 55 | ... | ||
4822 | 56 | |||
4823 | 57 | def _load_extensions(self): | ||
4824 | 58 | for ext_factory in self.conf.osapi_compute_extension: | ||
4825 | 59 | .... | ||
4826 | 60 | |||
4827 | 61 | A common usage pattern is for each option schema to be defined in the module or | ||
4828 | 62 | class which uses the option:: | ||
4829 | 63 | |||
4830 | 64 | opts = ... | ||
4831 | 65 | |||
4832 | 66 | def add_common_opts(conf): | ||
4833 | 67 | conf.register_opts(opts) | ||
4834 | 68 | |||
4835 | 69 | def get_bind_host(conf): | ||
4836 | 70 | return conf.bind_host | ||
4837 | 71 | |||
4838 | 72 | def get_bind_port(conf): | ||
4839 | 73 | return conf.bind_port | ||
4840 | 74 | |||
4841 | 75 | An option may optionally be made available via the command line. Such options | ||
4842 | 76 | must registered with the config manager before the command line is parsed (for | ||
4843 | 77 | the purposes of --help and CLI arg validation):: | ||
4844 | 78 | |||
4845 | 79 | cli_opts = [ | ||
4846 | 80 | cfg.BoolOpt('verbose', | ||
4847 | 81 | short='v', | ||
4848 | 82 | default=False, | ||
4849 | 83 | help='Print more verbose output'), | ||
4850 | 84 | cfg.BoolOpt('debug', | ||
4851 | 85 | short='d', | ||
4852 | 86 | default=False, | ||
4853 | 87 | help='Print debugging output'), | ||
4854 | 88 | ] | ||
4855 | 89 | |||
4856 | 90 | def add_common_opts(conf): | ||
4857 | 91 | conf.register_cli_opts(cli_opts) | ||
4858 | 92 | |||
4859 | 93 | The config manager has two CLI options defined by default, --config-file | ||
4860 | 94 | and --config-dir:: | ||
4861 | 95 | |||
4862 | 96 | class ConfigOpts(object): | ||
4863 | 97 | |||
4864 | 98 | def __call__(self, ...): | ||
4865 | 99 | |||
4866 | 100 | opts = [ | ||
4867 | 101 | MultiStrOpt('config-file', | ||
4868 | 102 | ...), | ||
4869 | 103 | StrOpt('config-dir', | ||
4870 | 104 | ...), | ||
4871 | 105 | ] | ||
4872 | 106 | |||
4873 | 107 | self.register_cli_opts(opts) | ||
4874 | 108 | |||
4875 | 109 | Option values are parsed from any supplied config files using | ||
4876 | 110 | openstack.common.iniparser. If none are specified, a default set is used | ||
4877 | 111 | e.g. glance-api.conf and glance-common.conf:: | ||
4878 | 112 | |||
4879 | 113 | glance-api.conf: | ||
4880 | 114 | [DEFAULT] | ||
4881 | 115 | bind_port = 9292 | ||
4882 | 116 | |||
4883 | 117 | glance-common.conf: | ||
4884 | 118 | [DEFAULT] | ||
4885 | 119 | bind_host = 0.0.0.0 | ||
4886 | 120 | |||
4887 | 121 | Option values in config files override those on the command line. Config files | ||
4888 | 122 | are parsed in order, with values in later files overriding those in earlier | ||
4889 | 123 | files. | ||
4890 | 124 | |||
4891 | 125 | The parsing of CLI args and config files is initiated by invoking the config | ||
4892 | 126 | manager e.g.:: | ||
4893 | 127 | |||
4894 | 128 | conf = ConfigOpts() | ||
4895 | 129 | conf.register_opt(BoolOpt('verbose', ...)) | ||
4896 | 130 | conf(sys.argv[1:]) | ||
4897 | 131 | if conf.verbose: | ||
4898 | 132 | ... | ||
4899 | 133 | |||
4900 | 134 | Options can be registered as belonging to a group:: | ||
4901 | 135 | |||
4902 | 136 | rabbit_group = cfg.OptGroup(name='rabbit', | ||
4903 | 137 | title='RabbitMQ options') | ||
4904 | 138 | |||
4905 | 139 | rabbit_host_opt = cfg.StrOpt('host', | ||
4906 | 140 | default='localhost', | ||
4907 | 141 | help='IP/hostname to listen on'), | ||
4908 | 142 | rabbit_port_opt = cfg.IntOpt('port', | ||
4909 | 143 | default=5672, | ||
4910 | 144 | help='Port number to listen on') | ||
4911 | 145 | |||
4912 | 146 | def register_rabbit_opts(conf): | ||
4913 | 147 | conf.register_group(rabbit_group) | ||
4914 | 148 | # options can be registered under a group in either of these ways: | ||
4915 | 149 | conf.register_opt(rabbit_host_opt, group=rabbit_group) | ||
4916 | 150 | conf.register_opt(rabbit_port_opt, group='rabbit') | ||
4917 | 151 | |||
4918 | 152 | If it no group attributes are required other than the group name, the group | ||
4919 | 153 | need not be explicitly registered e.g. | ||
4920 | 154 | |||
4921 | 155 | def register_rabbit_opts(conf): | ||
4922 | 156 | # The group will automatically be created, equivalent calling:: | ||
4923 | 157 | # conf.register_group(OptGroup(name='rabbit')) | ||
4924 | 158 | conf.register_opt(rabbit_port_opt, group='rabbit') | ||
4925 | 159 | |||
4926 | 160 | If no group is specified, options belong to the 'DEFAULT' section of config | ||
4927 | 161 | files:: | ||
4928 | 162 | |||
4929 | 163 | glance-api.conf: | ||
4930 | 164 | [DEFAULT] | ||
4931 | 165 | bind_port = 9292 | ||
4932 | 166 | ... | ||
4933 | 167 | |||
4934 | 168 | [rabbit] | ||
4935 | 169 | host = localhost | ||
4936 | 170 | port = 5672 | ||
4937 | 171 | use_ssl = False | ||
4938 | 172 | userid = guest | ||
4939 | 173 | password = guest | ||
4940 | 174 | virtual_host = / | ||
4941 | 175 | |||
4942 | 176 | Command-line options in a group are automatically prefixed with the | ||
4943 | 177 | group name:: | ||
4944 | 178 | |||
4945 | 179 | --rabbit-host localhost --rabbit-port 9999 | ||
4946 | 180 | |||
4947 | 181 | Option values in the default group are referenced as attributes/properties on | ||
4948 | 182 | the config manager; groups are also attributes on the config manager, with | ||
4949 | 183 | attributes for each of the options associated with the group:: | ||
4950 | 184 | |||
4951 | 185 | server.start(app, conf.bind_port, conf.bind_host, conf) | ||
4952 | 186 | |||
4953 | 187 | self.connection = kombu.connection.BrokerConnection( | ||
4954 | 188 | hostname=conf.rabbit.host, | ||
4955 | 189 | port=conf.rabbit.port, | ||
4956 | 190 | ...) | ||
4957 | 191 | |||
4958 | 192 | Option values may reference other values using PEP 292 string substitution:: | ||
4959 | 193 | |||
4960 | 194 | opts = [ | ||
4961 | 195 | cfg.StrOpt('state_path', | ||
4962 | 196 | default=os.path.join(os.path.dirname(__file__), '../'), | ||
4963 | 197 | help='Top-level directory for maintaining nova state'), | ||
4964 | 198 | cfg.StrOpt('sqlite_db', | ||
4965 | 199 | default='nova.sqlite', | ||
4966 | 200 | help='file name for sqlite'), | ||
4967 | 201 | cfg.StrOpt('sql_connection', | ||
4968 | 202 | default='sqlite:///$state_path/$sqlite_db', | ||
4969 | 203 | help='connection string for sql database'), | ||
4970 | 204 | ] | ||
4971 | 205 | |||
4972 | 206 | Note that interpolation can be avoided by using '$$'. | ||
4973 | 207 | |||
4974 | 208 | For command line utilities that dispatch to other command line utilities, the | ||
4975 | 209 | disable_interspersed_args() method is available. If this this method is called, | ||
4976 | 210 | then parsing e.g.:: | ||
4977 | 211 | |||
4978 | 212 | script --verbose cmd --debug /tmp/mything | ||
4979 | 213 | |||
4980 | 214 | will no longer return:: | ||
4981 | 215 | |||
4982 | 216 | ['cmd', '/tmp/mything'] | ||
4983 | 217 | |||
4984 | 218 | as the leftover arguments, but will instead return:: | ||
4985 | 219 | |||
4986 | 220 | ['cmd', '--debug', '/tmp/mything'] | ||
4987 | 221 | |||
4988 | 222 | i.e. argument parsing is stopped at the first non-option argument. | ||
4989 | 223 | |||
4990 | 224 | Options may be declared as required so that an error is raised if the user | ||
4991 | 225 | does not supply a value for the option. | ||
4992 | 226 | |||
4993 | 227 | Options may be declared as secret so that their values are not leaked into | ||
4994 | 228 | log files: | ||
4995 | 229 | |||
4996 | 230 | opts = [ | ||
4997 | 231 | cfg.StrOpt('s3_store_access_key', secret=True), | ||
4998 | 232 | cfg.StrOpt('s3_store_secret_key', secret=True), | ||
4999 | 233 | ... | ||
5000 | 234 | ] |
The diff has been truncated for viewing.
LGTM; please upload with -v to ensure change history maintained.