This commit is part of a series to retire the Packaging Deb
project. Step 2 is to remove all content from the project
repos, replacing it with a README notification where to find
ongoing work, and how to recover the repo if needed at some
future point (as in
https://docs.openstack.org/infra/manual/drivers.html#retiring-a-project).
Change-Id: I7ec742e00d4be3aab5316550889bcb04d471a715
swauth already uses PBR:
setuptools.setup(
setup_requires=['pbr>=1.8'],
pbr=True)
This patch removes `MANIFEST.in` file as pbr generates a
sensible manifest from git files and some standard files
and it removes the need for an explicit `MANIFEST.in` file.
Change-Id: Idb30c13b6c75129e07e46cbdd75a4aa92dcb5858
Closes-Bug: #1608980
Amazon S3 compatibility:
Due to security concerns raised, this change makes S3 support tunable
using a config option and is turned off by default.
Change-Id: I077f78946983f5d6b3b725dd6aa3ed178dc5604e
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Currently, the input to HMAC function is the entire stored credential
in the format '<salt>$<hash>` but it should rather be only the hashed
key/password.
With this change, validate_creds() method is invoked and only the hash
of the password is used in HMAC computation.
Change-Id: I1a9bbcac6f49c23f3256572f148e55249a59f7ed
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Older versions of swauth supported manually setting up a salt string in
conf file. This change re-introduces it and makes it a tunable option.
The current behavior of randomly generating salt for every password is
NOT affected with this change.
Change-Id: Ifdf6f806b954e4d41c083eeffa981cd7d0dd50b9
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Problem:
If an existing swauth deployment changes `auth_type` in conf file to a
different one (for example: sha1 to sha512), all attempts to authorize
existing/old users will fail because of change in encoder type.
Fix:
With this change, the credentials match is done using an encoder with
which the password was initially encoded. This allows swauth deployments
to change auth_type and old users will still be able to authorize.
Closes-Bug: 1516980
Change-Id: I8a5c397d0796062f4109c59b6dc61b14d4a97e4b
Signed-off-by: Prashanth Pai <ppai@redhat.com>
This issue can be hit when swift3 middleware is in the pipeline.
Change-Id: If87a6663efcf31febe4a207b3d7f331b5f79b834
Signed-off-by: Prashanth Pai <ppai@redhat.com>
E127 continuation line over-indented for visual indent
E131 continuation line unaligned for hanging indent
Change-Id: I19ceb58d8545fb1b585e04b40418271f6ff56a5e
Currently, in cases where swauth returns a JSON document as its body,
it does not specify a content type, and swob defaults it to text/html.
This change uses a standard content type of 'application/json' in each
of these instances, and adjusts the tests accordingly.
Closes-Bug: #1545430
APIImpact
Change-Id: I96d343a87f462811bcefb7d402887f8a570fe6bd
There's no need to have an outdated translation file checked in.
For translations, the full file would be needed which can easily be
generated.
Also update setup.cfg so that - if needed in the future - translations
are used, they follow the OpenStack CI setup as explained in
the spec:
http://specs.openstack.org/openstack-infra/infra-specs/specs/translation_setup.html
Change-Id: I9063faec413f27d6f7312e9403fdf4d14a379d1b