delta/openstack/python-keystoneclient.git/keystoneclient, branch stable/kilo opendev.org: openstack/python-keystoneclient.git Remove hardcoded endpoint filter for update password 2015-11-30T18:46:23+00:00 Haneef Ali haneef.ali@hp.com 2015-10-06T22:51:12+00:00 e81856f4963d768fa286a9b2d2a40a6663810f6d User password update hardcoded the endpoint_filter to always use the public endpoint. This will break deployments where services behind the firewall have no access to the public endpoint. Endpoint selection should be allowed by the end user (i.e. openstack --os-interface internal user password set). Closes-Bug: 1503459 Change-Id: Ib11d60cd8e81b99aedb27f1cbbf6b79218045cf0 (cherry picked from commit d47da3b59c581dd3bb6bd4d75de819d0fd734fa5) 
User password update hardcoded the endpoint_filter to always use the public
endpoint. This will break deployments where services behind the firewall have
no access to the public endpoint. Endpoint selection should be allowed
by the end user (i.e. openstack --os-interface internal user password set).

Closes-Bug: 1503459

Change-Id: Ib11d60cd8e81b99aedb27f1cbbf6b79218045cf0
(cherry picked from commit d47da3b59c581dd3bb6bd4d75de819d0fd734fa5)
Mask passwords when logging the HTTP response 2015-10-09T18:11:43+00:00 Matt Riedemann mriedem@us.ibm.com 2015-08-31T19:32:25+00:00 ec70eb02f8a5889828cde786694283240f64c5c4 We should sanitize the response body before logging to make sure we aren't leaking through credentials like in the case of the response from the os-initialize_connection volume API. Closes-Bug: #1490693 NOTE(mriedem): The test is slightly different in kilo because the _http_log_response method requires kwargs. Change-Id: Ifd95d3fb624b4636fb72cc11762af62e00a026a0 (cherry picked from commit 3e26ff824801d5084791a52980021784e794e35f) 
We should sanitize the response body before logging to make sure we
aren't leaking through credentials like in the case of the response from
the os-initialize_connection volume API.

Closes-Bug: #1490693

NOTE(mriedem): The test is slightly different in kilo because the
_http_log_response method requires kwargs.

Change-Id: Ifd95d3fb624b4636fb72cc11762af62e00a026a0
(cherry picked from commit 3e26ff824801d5084791a52980021784e794e35f)
Merge "Sync oslo-incubator common code" into stable/kilo 2015-10-06T20:40:05+00:00 Jenkins jenkins@review.openstack.org 2015-10-06T20:40:05+00:00 6457a9fdb33d2e7e49bc81edadf11c048fd66411 






Redirect on 303 in SAML plugin
2015-10-02T01:47:16+00:00

Jamie Lennox
jamielennox@redhat.com

2015-10-01T21:17:21+00:00

805c9d6563f5920ed8a1763fa0b1007f549b998e

The SAML plugin handles redirects in a custom manner but currently only
checks for the 302 redirect code. This doesn't cover the mod_auth_mellon
case which responds with a 303.

Also handle the 303 redirect case.

Change-Id: Idab5f381fcbfb8c561184845d3aa5c8aab142ecd
Closes-Bug: #1501918
(cherry picked from commit 9cd71c064c77a22a0a58084a2abab77b023017b5)





The SAML plugin handles redirects in a custom manner but currently only
checks for the 302 redirect code. This doesn't cover the mod_auth_mellon
case which responds with a 303.

Also handle the 303 redirect case.

Change-Id: Idab5f381fcbfb8c561184845d3aa5c8aab142ecd
Closes-Bug: #1501918
(cherry picked from commit 9cd71c064c77a22a0a58084a2abab77b023017b5)







Merge "Fix Accept header in SAML2 requests" into stable/kilo
2015-09-24T14:00:25+00:00

Jenkins
jenkins@review.openstack.org

2015-09-24T14:00:25+00:00

7d243119abc04ccc0a29eaa2ab715924e17f7adb












Sync oslo-incubator common code
2015-09-23T10:04:10+00:00

Julia Varlamova
jvarlamova@mirantis.com

2015-09-23T08:27:11+00:00

e9c0f09a13beb7e25686e5aa576e400d0c29aa9b

Sync common code to address changes made in dependencies and make branch
"stable/kilo" workable.

Cherry-pick commits 0cc741a, 2aacb111, ac17de97 from oslo-incubator

Change-Id: If746912c99a83806137ca96e0863c4ff2ea8d96c
Closes-Bug: #1480314





Sync common code to address changes made in dependencies and make branch
"stable/kilo" workable.

Cherry-pick commits 0cc741a, 2aacb111, ac17de97 from oslo-incubator

Change-Id: If746912c99a83806137ca96e0863c4ff2ea8d96c
Closes-Bug: #1480314







Update path to subunit2html in post_test_hook
2015-09-20T08:49:23+00:00

Matt Riedemann
mriedem@us.ibm.com

2015-09-03T00:20:17+00:00

8d66e529cfab926c98d569ee83e5aeef76f05776

Per:

http://lists.openstack.org/pipermail/openstack-dev/2015-August/072982.html

The location of subunit2html changed on the images in the gate
so update the path used in the post_test_hook.

Long-term we should just use what's in devstack-gate.

Change-Id: I5e50e7d7ad845aba26403df1df412c0a139a6dc7
Closes-Bug: #1491646
(cherry picked from commit 3e862bbb1e2a7b488cf2de43651270e6afbb82ad)





Per:

http://lists.openstack.org/pipermail/openstack-dev/2015-August/072982.html

The location of subunit2html changed on the images in the gate
so update the path used in the post_test_hook.

Long-term we should just use what's in devstack-gate.

Change-Id: I5e50e7d7ad845aba26403df1df412c0a139a6dc7
Closes-Bug: #1491646
(cherry picked from commit 3e862bbb1e2a7b488cf2de43651270e6afbb82ad)







Fix Accept header in SAML2 requests
2015-08-27T00:57:05+00:00

Jamie Lennox
jamielennox@redhat.com

2015-08-26T02:25:31+00:00

3cc752937e322e4f16eebf048f74c58aec2b2f73

The ; separator allows providing parameters to a type not separating
type options. This means that in strict type checks like those performed
by mod_auth_mellon the check for accept type fails.

Change-Id: Ieeaa74b304921daef68497fec77cc6629ab2f0a2
Closes-Bug: #1488722
(cherry picked from commit e0276c65364bcb8a4a3fe1ad1c91899b1325836c)





The ; separator allows providing parameters to a type not separating
type options. This means that in strict type checks like those performed
by mod_auth_mellon the check for accept type fails.

Change-Id: Ieeaa74b304921daef68497fec77cc6629ab2f0a2
Closes-Bug: #1488722
(cherry picked from commit e0276c65364bcb8a4a3fe1ad1c91899b1325836c)







Make OAuth testcase use actual request headers
2015-07-31T16:04:42+00:00

Boris Bobrov
bbobrov@mirantis.com

2015-07-22T15:52:49+00:00

65d3907d83c2a15babbf8e7063c658a5eda804ec

OAuth test verifies that access_token manager's methods make requests with
certain parameters. It is supposed to use values from mocked http handler
and compare them with referential values acquired from oauth client.

But instead of using values from mocked handler, it used the values from
oauth client and compared them with values from the client acquired using
attributes, basically testing oauthlib and not access_token manager's
methods.

Make the test compare correct values and remove check of timestamp,
which was useless because it is always mocked in tests and not provided in
actual requests.

As a consequence, use of get_oauth_params, which changed in oauthlib
1.0 and blocked the gate, was removed.

Closes-Bug: 1477177
Closes-Bug: 1477247
Change-Id: I5e049163f84fde5827104fd4a6441222eb08468f
(cherry picked from commit 7d5d8b343232ee5faf4de3381024095619335929)





OAuth test verifies that access_token manager's methods make requests with
certain parameters. It is supposed to use values from mocked http handler
and compare them with referential values acquired from oauth client.

But instead of using values from mocked handler, it used the values from
oauth client and compared them with values from the client acquired using
attributes, basically testing oauthlib and not access_token manager's
methods.

Make the test compare correct values and remove check of timestamp,
which was useless because it is always mocked in tests and not provided in
actual requests.

As a consequence, use of get_oauth_params, which changed in oauthlib
1.0 and blocked the gate, was removed.

Closes-Bug: 1477177
Closes-Bug: 1477247
Change-Id: I5e049163f84fde5827104fd4a6441222eb08468f
(cherry picked from commit 7d5d8b343232ee5faf4de3381024095619335929)







Fix s3_token middleware parsing insecure option
2015-04-20T22:33:32+00:00

Brant Knudson
bknudson@us.ibm.com

2015-04-07T19:38:29+00:00

8fa6b6f0b5e95493342ce71489d04f73db2418b8

The "insecure" option was being treated as a bool when it was
actually provided as a string. The fix is to parse the string to
a bool.

Closes-Bug: 1411063
Change-Id: Id674f40532215788675c97a8fdfa91d4420347b3





The "insecure" option was being treated as a bool when it was
actually provided as a string. The fix is to parse the string to
a bool.

Closes-Bug: 1411063
Change-Id: Id674f40532215788675c97a8fdfa91d4420347b3