| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
A role entity can now be specified as domain specific.
Closes-bug: #1606105
Change-Id: I564cf3da1d61f5bfcf85be591480d2f5c8d694a0
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add unit tests for commands below in identity v3:
group create
group delete
group show
group set
group add user
group remove user
group contains user
Change-Id: I02f3b49e93582245a2749492bba1dfc4c5e0258d
|
| |
|
|
|
|
|
|
| |
Refactor unit tests in identity v3 for "user", "endpoint", "group"
and "service" with fake classes.
Change-Id: I57316bbf762c805f8e9ae225b394bbe58ebdd416
Partially-Implements: blueprint refactor-identity-unit-test
|
| |
|
|
|
|
|
| |
Add missing unit tests and refactor the older tests
with fake classeds for credential in identity v3
Change-Id: I94d4f80a86806c6115178421bd481b7622065956
|
| |
|
|
|
|
|
|
| |
Add FakeProject and FakeDomain classes and update unit tests for
project and domain.
Change-Id: Ifeed5dcba03155daa3b7b46b34d49c333ab19135
Partially-Implements: blueprint refactor-identity-unit-test
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently a user is allowed to specify either a resource ID or name
when running openstack identity comands. In some cases, when a name
is specified instead of an ID, the command will return as not able
to find the resource when it in fact does exist.
The changes here are to check the client against the token on such
requests and to extract the ID of the resource specified if enough
information exists between the two. We then use the ID associated
with the resource to complete the user requests.
Change-Id: I40713b0ded42063b786dc21247e854224b9d2fe2
Closes-Bug: #1561599
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently OpenStackClient uses keystoneclient for authentication.
This change will update OpenStackClient to use keystoneauth for
authentication.
All dependant test have been updated.
Updating how auth_ref is set in the tests to use KSA fixtures had
some racy side-effects. The user_role_list tests failed when they
picked up an auth_ref that was a fixture. This exposed a weakness
in ListUserRole that needed to be fixed at the same time re
handling of unscoped tokens and options.
Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00
Closes-Bug: 1533369
|
| |
|
|
|
|
|
| |
Nothing too complicated here. I fixed a bunch of spacing issues
that I saw in OSC.
Change-Id: I935ab48e7c5bac5f88ecdb3a05f73fb44fc9f41d
|
| |
|
|
|
|
|
|
| |
Make scope check optional for the "token issue" command as unscoped token is
a valid Keystone V2/V3 API.
Change-Id: Ie1cded4dbfdafd3a78c0ebdf89e3f66762509930
Closes-Bug: #1543214
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Utilize the new include names functionality added to
list role assignments (GET /role_assignments?include_names=True).
Which will return the names of the entities instead of their
IDs.
Change-Id: I6dc03baf61ef9354a8a259a9f17ff47ce1665ce7
Depends-On: I4aa77c08660a0cbd021502155938a46121ca76ef
Closes-Bug: #1479569
Implements: blueprint list-assignment-with-names
|
| |/
|
|
|
| |
Change-Id: Ie631600d02942fe6ce035f31af46abe44e543631
Closes-bug: #1543226
|
| |
|
|
|
|
|
|
|
| |
remote-ids are a list, and we should format these values as such,
rather than python representations of lists/arrays.
Closes-Bug: 1478995
Change-Id: Ia6ced0fab2435b8cb486822c676c0dee32613abe
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
According to the [1], 'user_id', 'type', and 'blob' are all required
arguments for 'credential set' but the code treats them as optional. Set the
'required' flag and remove logic supporting missing arguments.
[1]: https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3.rst#credentials-v3credentials "spec"
Change-Id: I597c9616ad744385fc6dd92379feb03daec54458
Closes-Bug: #1418837
|
| |/
|
|
|
|
|
|
|
|
|
| |
the parameter "url" was removed from Keystone, it was only added
for one release as part of an experimental support for adding
service providers.
BackwardsIncompatibleImpact
Closes-Bug: 1506841
Change-Id: I7a62fbf1d9bfa8e6dd8d619e98c32b9860348d2e
|
| |
|
|
|
|
|
|
|
|
| |
Adds inherited information when listing role
assignments. In addition, it makes possible
to list only inherited ones by adding
--inherited option.
Change-Id: Idf889603d584716da95e2c7b4880142fbd8291c4
Closes-Bug: 1370546
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adds the possibility to retrieve a project and list its
parents and subtree in the hierarchy.
Co-Authored-By: Rodrigo Duarte <rodrigods@lsd.ufcg.edu.br>
Co-Authored-By: Samuel de Medeiros Queiroz <samuel@lsd.ufcg.edu.br>
Implements: bp hierarchical-multitenancy
Change-Id: I874f6faffc8a2db9d99f12cbe0a69c0a30c0d9df
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds CRUD support for service providers as it's now available through
keystoneclient
Closes-Bug: 1435962
Depends-On: If802e8a47e45ae00112de3739334b4b5482d0500
Change-Id: Ic55101e50209070aa49ca2adc91c89ba754c8c68
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adding the possibility to create projects hierarchies by adding
the parent field in the create project call.
Co-Authored-By: Victor Silva <victor@lsd.ufcg.edu.br>
Implements: bp hierarchical-multitenancy
Change-Id: I4eac4f5bc067634cc38c305dacc59ab1da63c153
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The federation APIs for the identity providers introduce a new parameter
for every identity provider, named remote_ids, which contains a list of
entity ID associated with. This parameter can be provided during the creation
of the identity provider and can be updated at any time. For more information
look at the blueprint:
https://blueprints.launchpad.net/keystone/+spec/idp-id-registration
This patch add the support to this new parameter in the command line by
inserting the option "--remote-id" in the following commands:
- "identity provider create"
- "identity provider set"
Additionally, the values can be read from a file, specified by
"--remote-id-file", containing an entity id per line.
Change-Id: Ie93340ee57e54128daa70d8a7bd0a9975ff7eef4
Depends-On: I12a262c55b5f6b5cc7007865edf30f14269da537
Implements: blueprint idp-id-registration
|
| |
|
|
|
|
|
|
|
|
|
| |
Added new module in identity v3 api to handle create, read, and delete
operations of trust resources.
Co-Authored-By: Lance Bragstad <lbragstad@gmail.com>
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Closes-Bug: #1413718
Change-Id: I2b360b141ff70d4f396466abede859a3db6644f4
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently v3 endpoint commands access service.name directly, while
name is not a required attribute of service. So if we associate an
endpoint to a service without name, we will get an AttributeError
executing v3 endpoint commands later. This patch addresses this
issue by checking if service.name is available before accessing it.
Change-Id: I3dd686ef02a2e21e2049a49cb55634385c2ecfaf
Closes-Bug: #1406737
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Previously this column was coming up as empty, since user's
have a `default project id`, not just `project id`.
Change-Id: I3d7f7eb600e9526b9c6cc2a8c5d6009b9100b1f5
|
| |/
|
|
|
| |
Change-Id: Ibf84882c9a9f408268c225190436fc1a534e1017
Closes-Bug: #1404997
|
| |
|
|
|
|
|
| |
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Change-Id: Ia6f607630dbf507681733c3ab3b9b7c55de30f49
Closes-Bug: #1387932
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A federated user can authenticate with the v3unscopedsaml plugin and
list the domains and projects she is allowed to scope to.
This patch introduces the new commands 'federation domain list' and
'federation project list'.
Note that for these commands -and plugin- to be available, the lxml
library must be installed.
Change-Id: I2707b624befcfb0a01b40a094e12fd68a3ee7773
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
IssueToken.take_action() was missed in updating the structure of
the ClientManager.
Also, TOKEN_WITH_TENANT_ID in v3 is just wrong...
Closes-Bug: #1383396
Change-Id: If2dd82a26af1d743ee9df73e0c1aebce497bf22e
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The links field in the returned objects from the v3 Identity
API aren't really useful, so let's remove them.
Managed to remove most of them from the core API.
I'll likely remove the extension/contribution (oauth/federation)
related ones in another patch.
Also in this patch the code for setting services and projects
was changed. Though not incorrect, it was not needed to copy
the entire returned object, we should just need to pass in
the fields we want to update.
Change-Id: I164ca9ad8b28fa10b291e9115ef40753e387c547
|
| |/
|
|
|
|
|
|
| |
Currently the code is broken as it references a part of
keystoneclient that does not exist.
Change-Id: I7fbc754537fbb4acffb166b5854840acfaef1fb8
Closes-Bug: #1379871
|
| |
|
|
|
|
|
|
|
| |
Openstackclient needs to have a capability to manage federated protocols
(like saml2, openid connect, abfab). This patch allows users to
administrate such operations from the commandline.
Change-Id: I59eef2acdda60c7ec795d1bfe31e8e960b4478a1
Implements: bp/add-openstackclient-federation-crud
|
| |
|
|
|
| |
Change-Id: I4b8f2e77e741cf74f50aba98ab975af7321b02c6
Implements: bp/add-openstackclient-federation-crud
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change-Id: I1479460473656ea4e2a48a976808371e840b49c1
Closes-Bug: #1348867
|
| |/
|
|
| |
Change-Id: I478215f62b51e6e73283f0304ea1b0736177d1b1
|
| |
|
|
|
|
|
|
|
|
|
| |
identity_client.identity_providers doesn't exist as a manager. These are
located at identity_client.federation.identity_providers. Fix the
routes.
Also fix passing id to .create() as a positional argument. This is not
allowed from keystoneclient it should be passed as a keyword argument.
Change-Id: I912c27fcee58b0723e27e9147def2cbd1c62c288
|
| |
|
|
| |
Change-Id: Ieb9a9af1da27d3935d1a4d3cfb61b0ccb03d099a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The keystoneclient code for oauth1 support has changed.
As such, we should remove the delete, list and authenticate
functions, since they are not in keystoneclient.
Also, we must now pass in the project id when creating a
request token. Additionally we must now pass in roles
when authorizing a request token.
Added functional tests to ensure output and input args
are the same.
bp add-oauth-support
Change-Id: I559c18a73ad95a0c8b7a6a95f463b78334186f61
|
| |
|
|
|
|
|
|
|
|
|
| |
The assignments manager and its test class were created.
Some fake stubs were also added on the fakes.py module.
The "openstack role assignment list" command was created.
Change-Id: Iae94f4fee608ea3e09ff38961ad22edc38efb89c
Implements: blueprint roles-assignment-list
Closes-Bug: 1246310
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Operations for:
* adding Identity Provider
* listing Identity Providers
* showing Identity Provider
* updating Identity Provider
* deleting Identity Provider
Change-Id: I4557168309f93e4670116b5c3c0e29252ff0c40f
Implements: bp/add-openstackclient-federation-crud
|
| |
|
|
|
|
|
|
|
|
| |
Implements token create subcommand which is an equivalent of keystone
token-get command. Original "wrap" parameter for keystone token-get is
not implemented yet due to cliff Bug #1269299
This is a part of: blueprint add-identity-token-support
Change-Id: I2255021c9d1f10f757686583b1ebe40b5f3a9ecb
|
| |
|
|
|
|
|
| |
This finally gets all of the API tests into a common framework regarding
test classes and so forth.
Change-Id: If675347129c50dcba0bfc5b6c58f5a2ca57ff46c
|
|
|
* Add project, user, role and service v3 tests
* Fix issues in commands with enable/disable
* Make commands and tests more consistent between versions
* Make formatting and comments more consistent
Change-Id: Id21e7a5abd7e421a7742f937861ec46b53095fc7
|
