Convert S3 and EC2 auth to flask native dispatching.
Test changes required:
* Eliminate direct reference of the EC2 / S3 controllers, originally
this direct reference was to verify signature checking. Since
signature checking is an @staticmethod now, direct reference of
the API resources covers everything.
* Direct import of keystone.common.controller - due to an oddity in
how our WSGI code work(s) in test, if nothing imports the common
controller module, the tests fail using the oslo import_class
mechanism.
Change-Id: I06e95957b3ea3a55b0da28959548bd5eb628c70b
Partial-Bug: #1776504
Convert /v3/users to use flask native dispatching.
The following test changes were required:
* Application Credentials did not have the plural form
in the JSON Home document. The JSON Home document was
corrected both in code and in tests.
* Application Credentials "patch" test needed to be
refactored to look for METHOD_NOT_ALLOWED instead
of NOT FOUND for invalid/unimplemented methods.
The "assertValidErrorResponse" method was
insufficient and the test now uses the flask
test_client mechanism instead.
Change-Id: Iedaf405d11450b11e2d1fcdfae45ccb8eeb6f255
Partial-Bug: #1776504
This patch removes the rest of the v2.0 specific code which was being
maintained exclusively due to a copy-paste issue with the deprecation
warning on the EC2 controller(s). With sign off from TC members
we have removed all of the bits except those exclusively tied to
the paste.deploy removal. All paste.deploy specific changes will
be removed in a future patch.
With the conversion to Flask, none of the v2.0 legacy controllers
left were wired up to routes that could be accessed.
Change-Id: I959dac0d0dd2e667982383e1e3d52ab28c4c1e2e
Basic conversion of Keystone's core application to flask framework.
This doesn't add much in the way of flask-specific-isms but should
get keystone running directly under flask. This implementation does
not use paste-deploy.
Change-Id: Ib4c1ed3f645dd55fbfb76395263ecdaf605caae7
This commit makes it so all GET APIs within the ec2 API
support HEAD. This change doesn't include any tests because
the ec2 API is untested, see bug 1635389 for more details.
Change-Id: Iab7326d0758425f535c57c64f9cdca5f2e8d122b
Partial-Bug: 1696574
The EC2 jsonhome credential_id is referenced as a parameter unique to
EC2. This is actually just the standard credential_id parameter that
keystone core uses.
Change-Id: I588d2af27116562039dae9d1c51cc877e74d5e9c
The V3 extensions are enhanced to provide JSON Home data for each
of the resources that they provide.
bp json-home
Change-Id: I6466cd583b22b260f8979717fa6ceafcbf252839
The V3 extension classes are changed to use the resource-oriented
method to map paths.
bp json-home
Change-Id: I4286f0affee7570b509c215f3375b2a517a5af4f
There was no base class specific to V3 extensions. This adds a base
class for V3 extensions and also changes the current V3 extensions
to use it.
bp json-home
Change-Id: I9a65867ced1bc116e3395baf4abfa35796511788
Implement an EC2 Controller that returns a V3 token when invoked
via the V3 pipeline. Moved all code except the `authenticate` method
into a common base class mixin. `authenticate()` has become an
abstract method. Shared code from `authenticate()` was moved into
`_authenticate()`.
V3 specific router definition added that makes use of the new V3
specific controller.
For upgrade purposes:
* The paste.ini for keystone will need to be modified to include
the new V3 ec2credentials in the pipeline as is documented in
the updated sample paste.ini.
* Policy.json updated to provide rules for the new V3 EC2credential
CRUD as show in the updated sample policy.json and
policy.v3cloudsample.json
For authentication that occurs via the V3 ec2credential system,
the response auth_method (encoded in the token) will be
"ec2credential". This should have no impact on using
or consuming the token itself but can be used to identify if
the token was issued via the Ec2ControllerV3.authenticate
method.
The V2 version of ec2credential controller has been marked
as deprecated to keep in line with the rest of the V2 API
being deprecated (slated for removal in K).
DocImpact
UpgradeImpact
Change-Id: Iaf1e05a1beef481385c6eb19d7f54cdc84b5b5df
Closes-Bug: #1269947
bp: deprecated-as-of-icehouse
We don't need vim modelines in each source file, it can be set in
user's vimrc.
Change-Id: Ie51ad62946afdf39eadcd59edaf8134ec10265c6
Closes-Bug: #1229324
Merging ec2 credentials into the credentials
table to simplify management of ec2
credentials.
blueprint migrate-ec2-credentials
Change-Id: I8f83c007a44857ca41d7ef23f70cb9718d83ca5d