In Queens development cycle, openstack_auth code was merged
into the horizon repository.
blueprint merge-openstack-auth
Change-Id: I74b10a90fe79fc768cfb8de6f68d3cd2f4938e51
This adds auth functionality to the Auth Drop down.
A new K2K django auth plugin has been added (With the intent
to do K2K at Login Time). Session variables have been
added so horizon can display the names of the Keystone Providers.
An endpoint was also added that allows the user to
switch keystone providers.
Change-Id: I75b1a10a3b40b5544b60f6fdc060e0070c585977
Implements: blueprint k2k-horizon
There's a pretty awful hack currently in place to add the reason
attribute to the TestResponse class. This code correctly initializes
the class, including the reason attribute.
Change-Id: I73384db1f89add051547f4d5db36ab1e647e84ef
Closes-Bug: 1613740
The tests are currently failing due to a missing attribute 'reason' in
the TestResponse object.
Change-Id: Ib229c3d2807634d9670d91e271611b207a504266
Closes-Bug: 1613740
There are certain cases the user.Token constructor is called with
the default unscoped_token value of None. When this happens using
PKI, an unexpected error occurs. If the token is None, we know it's
not pki and should not make an extra call to the Keystone client to
check.
A test is provided to demonstrate the issue, and the test fails
without the included code change.
Change-Id: Ie8e93eda4cf8e8285785335126624781470be19c
Closes-Bug: #1551977
With the keystoneauth release, the authentication library
should move from keystoneclient to keystoneauth.
Co-Authored-By: Diego Adolfo <diegoado@gmail.com>
Change-Id: If880022f447255e7d943915087e229778cc6acf8
Implements: blueprint keystoneauth-update
In order to perform identity operations in keystone v3 when the v3
policy file is used, a domain scoped token is required. Adding the
domain scoped token to the session as it remains valid until the user
logs out.
The domain scoped token is sizeable, so a check to make sure the
session backend used is not signed cookies, as this will overflow
the cookie.
Additionally, errors around getting and storing the domain scoped
token are logged, but doesn't block authentication, as it only blocks
identity operations.
A call to delete the domain token is made on logout.
Support for the case of a user with a domain role but no project roles
is now supported as well. That is a user can log in with only scoping
to a domain. This allows domain admins to be able to configure identity
without requiring a project role.
Implements: blueprint domain-scoped-tokens
Change-Id: I0ed1737cdd80dc143f1df94700e311351d5d3b24
To enable websso, make sure you have your environment configured.
Then add following to Horizon settings:
WEBSSO_ENABLED=True
Also make sure your KEYSTONE is version 3+
Depends on:
https://review.openstack.org/#/c/136177/https://review.openstack.org/#/c/151842/
Co-Authored-By: Thai Tran <tqtran@us.ibm.com>
Co-Authored-By: Jose Castro Leon <jose.castro.leon@cern.ch>
Co-Authored-By: Marek Denis <marek.denis@cern.ch>
Co-Authored-By: Lin Hua Cheng <os.lcheng@gmail.com>
implements bp federated-identity
Change-Id: Ief74bece750ffe633d4323238cad89bad61496ed
In order to sync global-requirements, this patch bumps
hacking to 0.9.x series.
H236, H305, H307 errors are fixed in this patch.
H307 and H904 are added to the ignore list.
Change-Id: I37c16ad67912dec8ce1562676ae0ebbfbe277d99
H301 one import per line |
H304 No relative imports
When checking imports DJANGO_SETTINGS_MODULE environment needs to
be set. Add the following to tox.ini testenv:pep8.
setenv = DJANGO_SETTINGS_MODULE=openstack_auth.tests.settings
A part of blueprint openstack-hacking-compliant
Change-Id: I65a23c1e9a5d7a5852d448651254b6a3866f1dd3
E502 the backslash is redundant between brackets
E501 line too long (XX > 79 characters)
F841 local variable 'XXX' is assigned to but never used
Remove F403 and F999 from ignore list because there is
no violations related to these.
The remaining are all from OpenStack Hacking (H***) rules.
A part of blueprint openstack-hacking-compliant
Change-Id: I0fb46309621c15dfe4363039bbe46669f1315dec
E121 continuation line indentation is not a multiple of four
E126 continuation line over-indented for hanging indent
E127 continuation line over-indented for visual indent
E128 continuation line under-indented for visual indent
A part of blueprint openstack-hacking-compliant
Change-Id: I06ce0ee5132178a777ce9b9e409ef1d24af1ea1f
The status_code field is compared to integers in the requests library, so it
has to be set to an integer, not to None. This works in Python 2 because back
then, one could compare an int to NoneType.
Partial-Bug: 1287323
Change-Id: I7138ceca36692fdf5948c4d6f74186f89c2709f0
Unscoped token does not have a roles attribute in it. Fix the
code to handle non-existent of roles in the Auth Token.
Fixes: bug #1202385
Change-Id: I2bd101e3ed2dd37da86f84773c2b9dafc0717d3b
For multi-domain model, set OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT
to True and the login form will prompt the user for Domain name.
For single-domain model, set OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT
to False. The application will use the name of the default domain in
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN to login.
Cleanup the unused Tenant field in the login form.
Implements blueprint login-domain-support