Commit Graph

98 Commits

Author SHA1 Message Date
OpenStack Release Bot e071ad44b0 reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.

Change-Id: I607493fb73536ce938f67d1a7e79af3c78eca4f4
2024-02-06 15:50:24 +00:00
Julia Kreger 74f05249d1 Drop parameters when connecting to a redirected endpoint
When redirected, the server *generally* returns a fully
formed URI, but does not really have to, so we may end up
in a "depending on how the redirect was triggered" would
result in the response handling.

Ultimately, any behavior which is not an fully formed URI
would be invalid.

But our code was taking the URI we got back, and would then
re-issue the request with a list of parameters with the new
URL. Duplicating the parameters on the URI.

Example of what was occuring, when only provision_state=active
was a parameter before the redirect:

/v1/nodes?provision_state=active&provision_state=active

Co-Authored-By: Kristi Nikolla <knikolla@bu.edu>
Co-Authored-By: Jay Faulkner <jay@jvf.cc>

Story: 2010029
Task: 45316
Change-Id: I4969a42ee651ac2c559e378d879b673a1d788c57
2023-10-06 16:21:02 +02:00
OpenStack Release Bot efba3f9b38 Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.

Sem-Ver: feature
Change-Id: Ia73a8b414df7173dbc802e0175140f889a7cfa2d
2023-09-08 14:53:59 +00:00
OpenStack Release Bot 2e40bbf8e3 Update master for stable/2023.1
Add file to the reno documentation build to show release notes for
stable/2023.1.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.

Sem-Ver: feature
Change-Id: I9d1c3fab9382490c51471893c830c01106c07497
2023-04-27 13:56:02 +02:00
Zuul f6e340270e Merge "Update master for stable/zed" 2023-04-21 16:05:42 +00:00
Zuul 3ffea9276e Merge "Allow federation to work with unversioned auth_url" 2023-04-21 15:58:42 +00:00
sunyonggen ca28df8480 OAuth 2.0 Mutual-TLS Support
Added a new OAuth2mTlsClientCredential plugin, accessible via the
'v3oauth2mtlsclientcredential' entry point, making possible to
authenticate using an OAuth 2.0 Mutual-TLS client credentials.

Co-Authored-By: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp>
Change-Id: I0e02ef18da5d60cdd1bcde07b07c2071b74b73d6
Implements: blueprint support-oauth2-mtls
2023-02-10 20:56:45 +09:00
Pavlo Shchelokovskyy 737790f732 Allow federation to work with unversioned auth_url
while e.g. V3Password works perfectly fine with unversioned auth_url
like 'http://keystone', everything based on FederationBaseAuth
does not and only requires versioned v3 auth_url.

Since OS_FEDERATION is implemented only in v3, this patch
makes sure that federated_token_url has v3 in it, thus allowing
for unversoned auth_url as well.

Closes-Bug: #1998366
Change-Id: I1f0b00b6f721c53bb5308e03223d0c1564ca81b3
2022-12-02 18:04:08 +00:00
OpenStack Release Bot aaca2b3018 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: Ia0d14f0955504bdeb41c1eff4d6854293e1f3430
2022-09-09 15:12:22 +00:00
Yi Feng aa9c5d230f OAuth2.0 Client Credentials Grant Flow Support
Added a new OAuth2ClientCredential plugin, accessible via the
'v3oauth2clientcredential' entry point, making possible to authenticate
using an application credentials as an OAuth2.0 client credentials.

Change-Id: I77d6faef4cbc75abb8e7d86f386fb6d16e40cabf
2022-08-30 06:29:20 +00:00
Grzegorz Grasza 2445a5df78 Update python testing as per zed cycle teting runtime
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Add release notes and update the python
classifier for the same.

[1] https://governance.openstack.org/tc/reference/runtimes/zed.html

Co-Authored-By: Ghanshyam Mann <gmann@ghanshyammann.com>
Change-Id: Ic7671ad666ebc0614686e068b9d4c0824e384fb3
2022-06-03 17:56:03 +02:00
shanyunfan33 af78d4a22c remove unicode from code
remove unicode from code

Change-Id: I95f201f5678f093981014a553ffadb2a6b2a0453
2022-04-29 15:48:17 +00:00
OpenStack Release Bot 08aa669b8f Update master for stable/yoga
Add file to the reno documentation build to show release notes for
stable/yoga.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.

Sem-Ver: feature
Change-Id: Ifd5fc37cb58a363e9bc9f2b2752d455555ba82e9
2022-03-11 10:48:21 -06:00
OpenStack Release Bot 33776ab842 Update master for stable/xena
Add file to the reno documentation build to show release notes for
stable/xena.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.

Sem-Ver: feature
Change-Id: I2621cf1da0b4721adfbb222bcf3f75e2f6a8d875
2022-03-11 10:47:28 -06:00
OpenStack Release Bot 011d6b2f06 Update master for stable/wallaby
Add file to the reno documentation build to show release notes for
stable/wallaby.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/wallaby.

Sem-Ver: feature
Change-Id: I89924f9516f07caca3ae792aafc36587fd81badc
2022-03-04 16:50:54 +00:00
Zuul 6a662719ce Merge "Update master for stable/victoria" 2020-11-17 14:23:52 +00:00
Dmitry Tantsur d21c52867f Provide the default get_auth_ref implementation
osc-lib tries to call it, failing for e.g. http_basic.

Change-Id: Iacfba0940beda4dce2a9be0c863cb506d4013e2f
2020-09-17 12:28:35 +02:00
OpenStack Release Bot d441f33cd5 Update master for stable/victoria
Add file to the reno documentation build to show release notes for
stable/victoria.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/victoria.

Change-Id: Iee8f7c760fb33a5bc54724e50104eb638adff527
Sem-Ver: feature
2020-09-10 17:05:38 +00:00
Dmitry Tantsur 981a19bba1 Correct major version discovery for non-keystone plugins
When a non-keystone plugin is used together with an unversioned endpoint,
we give up on discovery before figuring out both major version and
the correct endpoint. This is because get_endpoint_data is called with
discover_versions=False, so discovery assumes we have all information
already. It may be an issue in discovery itself, but I'm afraid to
touch that code. Instead, if get_endpoint_data returns no API version
with discover_versions=False, try with discover_versions=True, which
matches what the identity plugins do.

Also increase the unit test coverage.

Change-Id: Ie623931b150748d7759cf276e0023a2f06a8d4db
2020-07-31 11:32:26 +02:00
Monty Taylor 4aaa2e52b0 Drop python 3.5 support
Now that we released ussuri, we have a stable release that supports
3.5. That means if needed we can backport changes needed for
zuul and nodepool, so it should be safe to go ahead and drop 3.5
support.

Change-Id: Iaaba139009f2b49815c29717d71b9182a6bec2ab
2020-06-22 10:04:17 -05:00
Steve Baker ff68663217 Implement HTTP Basic client support in keystoneauth1
A new basic auth plugin is added which enables HTTP Basic
authentication for standalone services. Like the noauth plugin, the
endpoint needs to be specified explicitly, along with the
username and password.

An example of a standalone server implementing HTTP Basic can be seen
in Ironic change https://review.opendev.org/#/c/727467/

Change-Id: Ib3f0a9c518d031a67f9605cf64a8a9cc81131ed3
Story: 2007656
Task: 39741
2020-06-15 10:26:35 +12:00
Zuul 7d03b2b2f4 Merge "Switch to newer openstackdocstheme and reno versions" 2020-05-29 18:59:56 +00:00
Lance Bragstad ad46262148 Inject /v3 in token path for v3 plugins
Without this, it's possible to get HTTP 404 errors from keystone if
OS_AUTH_URL isn't versioned (e.g., https://keystone.example.com/ instead
of https://keystone.example.com/v3), even if OS_IDENTITY_API is set to
3.

This commit works around this issue by checking the AUTH_URL before
building the token_url and appending '/v3' to the URL before sending the
request.

Closes-Bug: 1876317

Change-Id: Ic75f0c9b36022b884105b87bfe05f4f8292d53b2
2020-05-22 09:38:27 -05:00
Andreas Jaeger 5b98e12acb Switch to newer openstackdocstheme and reno versions
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems

Update Sphinx version as well.

Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.

Disable openstackdocs_auto_name to use 'project' variable as name.

Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.

Remove docs requirements from lower-constraints, they are not needed
during install or test but only for docs building.

openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.

See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html

Change-Id: I23798a960616d53d1cc54342640e670fc677738d
2020-05-21 12:53:08 +02:00
Zuul f2790340bd Merge "Cleanup py27 support" 2020-04-20 18:47:24 +00:00
Andreas Jaeger 1accaf2d8a Cleanup py27 support
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove python 2.7 stanza from setup.py
- Add requires on python >= 3.6 to setup.cfg so that pypi and pip
  know about the requirement
- Remove obsolete sections from setup.cfg
- Update classifiers
- Update requirements, no need for python_version anymore
- Cleanup doc/source/conf.py to remove now obsolete content.
- Use newer openstackdocstheme and Sphinx versions
- Remove install_command from tox.ini, the default is fine
- Remove hacking from doc/requirements, we don't need to autodoc it.
- Remove Babel, this repo does not use it.

Change-Id: I8ad7b5e6ef11ea51c587ff58bfc54aee4fcda9da
2020-04-17 18:46:54 +02:00
OpenStack Release Bot c7ff533fdb Update master for stable/ussuri
Add file to the reno documentation build to show release notes for
stable/ussuri.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.

Change-Id: Ia506af26cca82e96f157bc777521fd82d39a74f5
Sem-Ver: feature
2020-04-02 14:27:07 +00:00
Vishakha Agarwal aafc90a9c2 [ussuri][goal] Drop python 2.7 support and testing
OpenStack is dropping the py2.7 support in ussuri cycle.

keystoneauth is ready with python 3 and ok to drop the
python 2.7 support.

Complete discussion & schedule can be found in
- http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010142.html
- https://etherpad.openstack.org/p/drop-python2-support

Ussuri Communtiy-wide goal:
https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html

Change-Id: I76ad66b76a85db9609aebc08e1f26a74219402f0
2020-01-07 12:31:09 -05:00
Zuul de53f90bf9 Merge "Fetch discovery documents with auth when needed" 2019-10-21 19:25:50 +00:00
Zuul ed9309480f Merge "Update master for stable/train" 2019-10-21 17:55:54 +00:00
Zuul 5e5185f80f Merge "Allow initializing session with connection retries" 2019-10-09 20:23:21 +00:00
Monty Taylor 26ad02db0f Fetch discovery documents with auth when needed
Some services, like Nova, default to requiring auth for their
versioned discovery documents. This means strict discovery
does not work on them, because discovery as it is now defaults
to not sending auth. Just changing the default would be a behavior
change resulting in sending unneeded data with *every* request.
Instead, respond to Unauthorized exceptions by retrying the request
with auth token. This way discovery will work for services that
are otherwise blocking unauthenticated access, and will get more
efficient over time as those services improve.

Depends-On: https://review.opendev.org/#/c/685999
Change-Id: I8a33e8a05bed0f18e4e42431f6d16b8a6a5270ef
2019-10-04 18:36:29 +02:00
OpenStack Release Bot 8289f1501f Update master for stable/train
Add file to the reno documentation build to show release notes for
stable/train.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.

Change-Id: I66c0ab254ad9dc0427d4fbdbeea0ffb623284588
Sem-Ver: feature
2019-09-07 18:24:25 +00:00
Rabi Mishra 373cbdbda8 Allow initializing session with connection retries
Though we can now set ``connect_retires`` while creating an adapter object,
that  would allow retries in case of connection timeout (ex. with session
clients derived from Adapater/LegacyJsonAdapater), it can't be used in
certain scenarios like endpoint discovery with auth plugin get_discovery()
or getting AccessInfo with get_access()/get_auth_ref().

Having ``connect_retries`` in Session constructor would allow users
with option of setting it when creating session objects (if they want)
and can be overridden per service with the adapter interface.

This commit also changes the default value of ``connect_retries`` from
0 to None to allow for adapter's to override retries on the session
object.

Depends-On: https://review.opendev.org/#/c/680497/

Change-Id: Iffb671fefae23926b1f09017d9db438341eae238
Partial-Bug: #1840235
2019-09-05 19:31:22 +00:00
Alex Schultz b2b5ad3cb1 Cleanup session on delete
If an external session object was not passed to the Session class, we
create a requests.Session() on our own. Once this is used, it may still
have an open connection when the auth Session is closed. We need to
handle the closing of the requests.Session() ourselves if we created
one. If you do not close it, a ResourceWarning may be reported about the
socket that is left open. If a session object is provided, we do not
attempt to close it as it will be up to the code consuming keystoneauth
to properly handle cleaning up the provided session.

Change-Id: I590755d665b371c76ba8e02836d81d41a95ac601
Closes-Bug: #1838704
2019-08-26 08:12:27 -06:00
Adrian Turjak 6a69e4dfbd add support for auth_receipts and multi-method auth
- new exception when an auth receipt is returned.
- a new method for auth receipt.
- support to existing v3 Auth plugins to add additional methods.
- Added a new MultiFactor plugin with loading support which
  takes method names as strings.

Change-Id: Ie6601a50011118e3a07be9752f747c2298ff5230
Closes-Bug: #1839748
2019-08-14 11:51:28 +12:00
Dmitry Tantsur bca9ee7d3c Allow requesting fixed retry delay instead of exponential
Clients like ironicclient and swiftclient use fixed delay for their
build-in retry functionality. To replace it without changing behavior
we need a similar feature.

Change-Id: I1f9de98dae5719842f03d45e5a9d724199d5718b
2019-07-29 13:07:38 +02:00
Eric Fried 3fd9ce7007 reno: per-request global_request_id
Adds a release note for the per-request global_request_id kwarg that was
added via [1].

[1] Ied73320fcd813ae796e40cbdb30717900486b92c

Change-Id: I2c347e928b20c9533dc2758adc75bc8fdd78c006
2019-07-11 16:47:35 -05:00
Zuul aee0d8a130 Merge "Limit interval between retries to 1 minute" 2019-06-21 19:55:04 +00:00
Dmitry Tantsur 34c005ae5f Limit interval between retries to 1 minute
Currently it grows exponentially, exceeding 1 hour after 15 retries.
While we don't expect people to have so many retries, we should not
let them shoot their legs.

Change-Id: I01dfaa1c379340a0d41fcfdb07298fdef6110941
2019-06-19 15:28:35 +02:00
Dmitry Tantsur 92921c6016 Allow setting retry counts for Adapter via configuration options
Change-Id: I67ba69bfff69676ceb28b8a7515f10f5eff21c4c
2019-06-19 15:24:11 +02:00
Michael McCune 96559d6009 add a handler for unknown HTTP errors
This change adds logic to handle a situation where an error response has
been received by HTTP but its body schema is an unknown format.

This issue came up during a review of related changes:
https://review.opendev.org/#/c/662281/
https://review.opendev.org/#/c/662281/7/keystoneauth1/exceptions/http.py

Change-Id: I21a33052e951f515988fdfd8ab1f42440ca9d4f8
2019-06-04 16:03:33 -04:00
Michael McCune 01d2da9e47 add handling for multiple error returns
This change adds logic to the `exceptions.from_response` to handle
errors formatted in accordance with the API-SIG guidelines. When there
are multiple errors returned, only the first error will be included in
the exception with a note informing that there were more errors.

API SIG guideline:
https://specs.openstack.org/openstack/api-sig/guidelines/errors.html

email thread for content:
http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006377.html

related neutron bug:
https://bugs.launchpad.net/neutron/+bug/1828543

Change-Id: I1f06c2cd5c4e93e04582d4ffbb434db92010d712
2019-06-03 11:09:34 -04:00
OpenStack Release Bot 6910374a83 Update master for stable/stein
Add file to the reno documentation build to show release notes for
stable/stein.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.

Change-Id: I7f3066154f30f3449e4bc54704ca01780ba10d6d
Sem-Ver: feature
2019-03-18 14:39:43 +00:00
Zuul 0828f7048e Merge "Add support for client-side rate limiting" 2019-03-01 01:58:36 +00:00
Monty Taylor 09934718f7 Add support for client-side rate limiting
shade/openstacksdk has implemented client-side rate limiting on top of
keystoneauth for ages and uses it extensively in nodepool. As part of an
effort to refactor that code a new approach was devised which was much
simpler and therfore suitable for inclusion in keystoneauth directly.

The underlying goal is two-fold, but fundamentally is about allowing a
user to add some settings so that they can avoid slamming their cloud.
First, allow a user to express that they never want to exceed a given
rate. Second, allow a user to limit the number of concurrent requests
allowed to be in flight.

The settings and logic are added to Adapter and not Session so that the
settings can easily be per-service. There is no need to block requests
to nova on a neutron rate limit, after all.

Co-Authored-By: Ian Wienand <iwienand@redhat.com>
Needed-By: https://review.openstack.org/604926
Change-Id: Ic831e03a37d804f45b7ee58c87f92fa0f4411ad8
2019-02-28 22:14:24 +00:00
Monty Taylor c6e87c8209
Add missing release note for ironic discovery fix
Change-Id: I3f0a6047ecb0569553d17eb7a066ac7023817c66
2018-10-24 03:52:20 +01:00
Monty Taylor 106d91fb41
Cache root urls with and without trailing slashes
The trailng slash on a pathless url is not meaningful, but we were
treating the url given to the discovery cache as if it were. In some
circumstances, such as an endpoint_override that didn't match the
found discovery document perfectly, a double-request could be made.
Normalize root urls in the caching code so that https://example.com and
https://example.com/ would be the same.

Change-Id: I70a5911cf0f213a7816fe8d58c6cca4702ff71bb
2018-09-23 10:23:03 -05:00
Monty Taylor c40eb2951d
Add support for ironic single-version responses
The ironic payload looks like:

  {'id': 'v1',
   'links': [{"href": "https://bare-metal.example.com/v1/",
              "rel": "self"}]}

This does not have version info in it, nor min/max ranges for
microversion discovery. We can't really get any useful information from
this document, but we can at least not fail when trying to deal with it.
This should then be upwards-compatible with ironic adding version discovery
information to the document that is returned.

Change-Id: I47e0f9b295c24ef168f4a033faf573b953025d4c
2018-09-06 15:49:38 -05:00
OpenStack Release Bot 8c02fd763a Update reno for stable/rocky
Change-Id: I4bd8f5afed5fc6488144e509afe2f5c7f5df5669
2018-07-26 12:34:02 +00:00