delta/openstack/python-keystoneclient.git, branch 0.10.1 opendev.org: openstack/python-keystoneclient.git Merge "Don't log sensitive auth data" 2014-07-24T21:30:53+00:00 Jenkins jenkins@review.openstack.org 2014-07-24T21:30:53+00:00 e58f7999f9011c7810b61483f8389713dfa7c72a 






Don't log sensitive auth data
2014-07-24T14:47:34+00:00

Jamie Lennox
jamielennox@redhat.com

2014-06-18T00:22:10+00:00

0e9ecaa1547306f7af6527126fb88f8151908498

Add the ability to turn off logging from the session object and then
handle logging of auth requests within their own sections.  This is a
very simplistic ability to completely disable logging.  Logging more
filtered debugging can be added later.

This new ability is utilized in this patch to prevent logging of
requests that include passwords.  This covers authenticate, password
change, and user update requests that include passwords.

SecurityImpact
Change-Id: I3dabb94ab047e86b8730e73416c1a1c333688489
Closes-Bug: #1004114
Closes-Bug: #1327019





Add the ability to turn off logging from the session object and then
handle logging of auth requests within their own sections.  This is a
very simplistic ability to completely disable logging.  Logging more
filtered debugging can be added later.

This new ability is utilized in this patch to prevent logging of
requests that include passwords.  This covers authenticate, password
change, and user update requests that include passwords.

SecurityImpact
Change-Id: I3dabb94ab047e86b8730e73416c1a1c333688489
Closes-Bug: #1004114
Closes-Bug: #1327019







Reorder the old compatibility arguments
2014-07-23T22:48:27+00:00

Vishvananda Ishaya
vishvananda@gmail.com

2014-07-23T22:48:27+00:00

82e45a6f5cb3e63d60d369d9fe06cb29e0a699e3

The registration for --os-cert, os-cacert, and os-key were moved
recently into a new method. We need to register the new versions
(which have default values set) before the old compatible versions
(--os_cert, etc.) that have no default values set or the default
values which pull from the env variables (OS_CERT, etc.) get
ignored.

Change-Id: I4bfb89d02909176be420dd978f8235d94978c494
Closes-bug: 1347957





The registration for --os-cert, os-cacert, and os-key were moved
recently into a new method. We need to register the new versions
(which have default values set) before the old compatible versions
(--os_cert, etc.) that have no default values set or the default
values which pull from the env variables (OS_CERT, etc.) get
ignored.

Change-Id: I4bfb89d02909176be420dd978f8235d94978c494
Closes-bug: 1347957







Merge "Rename saml2_token_url to token_url"
2014-07-23T15:06:32+00:00

Jenkins
jenkins@review.openstack.org

2014-07-23T15:06:32+00:00

2ff18d3c897e55867876013842f1592ff32ba8c1












Merge "Enforce authenticated=False in saml2 plugin"
2014-07-23T15:06:23+00:00

Jenkins
jenkins@review.openstack.org

2014-07-23T15:06:23+00:00

d68404df3059efb68993e1bd274ffe06f330725f












Merge "Insert space between ``#`` and the comment"
2014-07-23T15:06:14+00:00

Jenkins
jenkins@review.openstack.org

2014-07-23T15:06:14+00:00

96581f14d74768c26dbacb9b309cfe08098af2b8












Insert space between ``#`` and the comment
2014-07-23T11:40:34+00:00

Marek Denis
marek.denis@cern.ch

2014-07-23T11:40:34+00:00

feed25dadaa06235a0038b6e29d7dbff1456f20d

test_auth_saml2.py file has a comment:
 ``#for better readibility``. A space should be inserted between
 a ``#`` and the comment message.

Change-Id: Ic36bf9254beee9a3f6f1fa904184c17a28f4fa13





test_auth_saml2.py file has a comment:
 ``#for better readibility``. A space should be inserted between
 a ``#`` and the comment message.

Change-Id: Ic36bf9254beee9a3f6f1fa904184c17a28f4fa13







Rename saml2_token_url to token_url
2014-07-23T10:18:21+00:00

Marek Denis
marek.denis@cern.ch

2014-07-23T10:18:21+00:00

14716ed1f2b03aa9e49ab51a87b1a7ecf99abdb3

For the consisteny a property returning authentication url
should be called token_url.
This patch renames ``saml2_token_url`` to ``token_url`` in the
contrib.auth.v3.saml2.Saml2UnscopedPlugin plugin.

Change-Id: I435a118bb31338a37a29eec68b8e9ce50d163675





For the consisteny a property returning authentication url
should be called token_url.
This patch renames ``saml2_token_url`` to ``token_url`` in the
contrib.auth.v3.saml2.Saml2UnscopedPlugin plugin.

Change-Id: I435a118bb31338a37a29eec68b8e9ce50d163675







Enforce authenticated=False in saml2 plugin
2014-07-23T10:09:43+00:00

Marek Denis
marek.denis@cern.ch

2014-07-23T10:09:43+00:00

bad4bf928d57806033d53bab1e7cc766b0d8eef0

All underlying HTTP calls executed via ``keystoneclient.session.Session``
object should have ``authenticated=False`` option enforced indicating the
plugin is not authenticated with the Identity Service yet.

Change-Id: I946f1ed6a55c4172d8f4bf6a24e5cbc3a00d1154





All underlying HTTP calls executed via ``keystoneclient.session.Session``
object should have ``authenticated=False`` option enforced indicating the
plugin is not authenticated with the Identity Service yet.

Change-Id: I946f1ed6a55c4172d8f4bf6a24e5cbc3a00d1154







Allow passing kwargs from managers to session
2014-07-23T02:32:27+00:00

Jamie Lennox
jamielennox@redhat.com

2014-07-14T00:01:10+00:00

a58bb4b27ada086f850ee990da9ed0ef15f3294c

Resource managers may need to pass certain overrides down to the session
layer. The most common example would be to allow them to specify a
different interface to issue a request to than is common. It is possible
later that we may wish to expose this ability to users as well so that
they can choose in there own programs what interface, endpoint name etc
a particular request should be issued to.

Change-Id: I7ee0931d4ea78cf9f463b2f0b54457226c5bea8d





Resource managers may need to pass certain overrides down to the session
layer. The most common example would be to allow them to specify a
different interface to issue a request to than is common. It is possible
later that we may wish to expose this ability to users as well so that
they can choose in there own programs what interface, endpoint name etc
a particular request should be issued to.

Change-Id: I7ee0931d4ea78cf9f463b2f0b54457226c5bea8d