As per the current release tested runtime, we test
python version from 3.8 to 3.11 so updating the
same in python classifier in setup.cfg
Change-Id: I8d3a53d2bc5207a5627edf881bb7eacdff56a7ec
https://pypi.org/pypi/keystoneauth1/json currently does not have a minimum
python version.
Also clean up a twine warning:
warning: `long_description_content_type` missing. defaulting to `text/x-rst`.
Change-Id: Ibc4747c32afe646fe15baf52538f1ef1defc40c1
Added a new OAuth2mTlsClientCredential plugin, accessible via the
'v3oauth2mtlsclientcredential' entry point, making possible to
authenticate using an OAuth 2.0 Mutual-TLS client credentials.
Co-Authored-By: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp>
Change-Id: I0e02ef18da5d60cdd1bcde07b07c2071b74b73d6
Implements: blueprint support-oauth2-mtls
Added a new OAuth2ClientCredential plugin, accessible via the
'v3oauth2clientcredential' entry point, making possible to authenticate
using an application credentials as an OAuth2.0 client credentials.
Change-Id: I77d6faef4cbc75abb8e7d86f386fb6d16e40cabf
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Add release notes and update the python
classifier for the same.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Co-Authored-By: Ghanshyam Mann <gmann@ghanshyammann.com>
Change-Id: Ic7671ad666ebc0614686e068b9d4c0824e384fb3
Since setuptools v54.1.0[1], the parmeters with dash have been
deprecated in favor of the new parameters with underscore.
This change updates the parameters accordingly to avoid the warnings
like the example below.
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: I3980fbc53ce4b954aff5e98087897ea94e50e4fc
Now that we released ussuri, we have a stable release that supports
3.5. That means if needed we can backport changes needed for
zuul and nodepool, so it should be safe to go ahead and drop 3.5
support.
Change-Id: Iaaba139009f2b49815c29717d71b9182a6bec2ab
A new basic auth plugin is added which enables HTTP Basic
authentication for standalone services. Like the noauth plugin, the
endpoint needs to be specified explicitly, along with the
username and password.
An example of a standalone server implementing HTTP Basic can be seen
in Ironic change https://review.opendev.org/#/c/727467/
Change-Id: Ib3f0a9c518d031a67f9605cf64a8a9cc81131ed3
Story: 2007656
Task: 39741
This updates lower constraints to versions that will work with py38 so
that when we move to running on focal nodes, which has py38 as its
default py3 runtime, the lower-constraints job will continue to pass.
It also cleans out some secondary requirements that are no longer needed
due to our direct dependencies being updated.
Linters are removed that are kept in the global requirements blacklist
as those are not version tracked and are not relevant for our
lower-constraints unit test runs.
Change-Id: I228212d8347a33a6bc2735a8506acffe58bee2ec
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
keystoneauth is a little special in the world, in that it's an user
facing library and takes pride in staying compatible. As such it
doesn't change much, so the likelihood that patches will land that
break python3.5 is really low in the first place.
Although the overall openstack python3 support goal puts a min of
python3.6 - which is a great choice, keystoneauth has a big user,
OpenStackSDK, that is keeping python3.5 because OpenStackSDK has
a big user - Zuul, that still supports python3.5.
To be friendly to everyone, keep the py35 unit tests just to make
sure nobody lands f-strings or anything.
Once Zuul drops python3.5 we can circle back around and drop it
here too.
Remove openstackdocstheme from test-requirements.txt. It only
needs to be in doc/requirements.txt.
Change-Id: If380bbf77b757655b1dc55322f4636ef83986fe5
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove python 2.7 stanza from setup.py
- Add requires on python >= 3.6 to setup.cfg so that pypi and pip
know about the requirement
- Remove obsolete sections from setup.cfg
- Update classifiers
- Update requirements, no need for python_version anymore
- Cleanup doc/source/conf.py to remove now obsolete content.
- Use newer openstackdocstheme and Sphinx versions
- Remove install_command from tox.ini, the default is fine
- Remove hacking from doc/requirements, we don't need to autodoc it.
- Remove Babel, this repo does not use it.
Change-Id: I8ad7b5e6ef11ea51c587ff58bfc54aee4fcda9da
- new exception when an auth receipt is returned.
- a new method for auth receipt.
- support to existing v3 Auth plugins to add additional methods.
- Added a new MultiFactor plugin with loading support which
takes method names as strings.
Change-Id: Ie6601a50011118e3a07be9752f747c2298ff5230
Closes-Bug: #1839748
Python 3.5 was the target runtime for the Rocky release.
The current target py3 runtime for Stein is Python 3.6,
so there is no reason to keep testing against the older version. Also
correct setup.cfg and tox.ini to reflect the current supported Python
versions.
https://governance.openstack.org/tc/reference/runtimes/stein.html#python-runtime-for-stein
Change-Id: I9d1b57b981269fea3afe39cf524350f3c4a7d944
Create a tox environment for running the unit tests against the lower
bounds of the dependencies.
Create a lower-constraints.txt to be used to enforce the lower bounds
in those tests.
Add openstack-tox-lower-constraints job to the zuul configuration.
See http://lists.openstack.org/pipermail/openstack-dev/2018-March/128352.html
for more details.
Also fix the lower bound for requests-kerberos.
Change-Id: Ie5da1d132321b2cffea3eb8522462daad45900b5
Depends-On: https://review.openstack.org/555034
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
It does not accept any arguments and sets the token to 'notused'.
It does not have any endpoint/url associated,
and thus must be used together with adapter.Adapter.endpoint_override to
instantiate a session for client to a service that is deployed in
noauth/standalone mode.
Unfortunately the 'noauth' name is already taken by
cinderclient.contrib.noauth.
Change-Id: I2f7175ea095aac774e7c5889880fcff15586559c
The ADFSPassword plugin is not registered as an entry point under
keystoneauth1.plugin, and is therefore unusable from the “openstack” CLI
as a valid authentication plugin.
This commit registers the ADFS plugin in entry points as v3adfspassword.
Change-Id: Ic95c25647d91ea2de51a3eea7672a45c48bdaefb
Closes-Bug: #1687314
Now that the latest version of pbr supports handling a
ChangeLog that can contain invalid characters, this
setting should be uncommented in order to support
strict documentation formatting.
This will cause any docs build warnings to be treated as
as errors and fail.
Change-Id: I22d631550f0dbb6e0efcfd875a24dcd278fa1d03
This change removes the soon-to-be unused "warnerrors" setting,
which will be replaced by "warning-is-error" in sphinx
releases >= 1.5.[0] This also pre-emptively fixes most warnings
that came up when testing with sphinx >= 1.5:
- Multiple cases of Opts
- Redundant loading of todo extension
Added a comment to not to enable the new sphinx setting until
the issues with Changlog building are fixed.
Added setup.py to the list of files to ignore when building
docs.
[0] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113085.html
Change-Id: Ia0079c6b551dd3896bc3d922a477f927757bd61b
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: I8a0588259d7b3fc8bd10504ffba7129b840e2a0d
Now that there exists only a gate job for Python 3.5 and not 3.4,
we should remove those references to the 3.4 that is untested.
Change-Id: I82f370a4d9da07e121e0ce6cac851008e3925639
This is a major refactoring of the SAML2 plugin to move the logic into a
standalone requests auth plugin, and then have the keystoneauth plugin
simply provide a wrapper around that.
There was really no way to migrate this and keep the existing test files
as they were because the entire structure has been changed.
This will be the recommended way to do federation plugins in future and
keep the auth logic out of keystoneauth as much as possible (as kerberos
already does).
The intention will be that later we should be able to extract the SAML
ECP requests plugin into it's own upstream module.
Change-Id: I4a7377b9350741e8f7a4ed2a49a7e2442eacdd23
Now that there is a passing gate job, we can claim support for
Python 3.5 in the classifier. This patch also adds the convenience
py35 venv.
Change-Id: I277c17f774e880b6d2c7c73a8410f1cd1167f055
An auth plugin that allows service clients to be authenticated
with the X.509 tokenless authentication. Please find typical configured
options in authentication-plugins.rst
implements bp keystone-tokenless-authz-with-x509-ssl-client-cert
Change-Id: Ie0298f0ef7f3891cfc81072ab9ef9e501773fe5f
This patch adds a BaseLoader class for the Kerberos plugin and an entry
point in setup.cfg.
Since the plugin file is being renamed, also fix the comment that
refers to the library as 'keystoneauth' - it is called 'keystoneauth1'
and trying to install 'keystoneauth' will cause the outdated version of
the library to be installed and kerberos will not work.
To make sure the plugin was loadable, this was tested using a version
of python-openstackclient that had been migrated to keystoneauth[1].
[1] https://review.openstack.org/#/c/276350/
Change-Id: Id339295c795f6bf1b428dac8fc9f79d2f5fb453f
Closes-bug: #1567257
Partial-bug: #1567260
Some services or users may have obtained an access token, so it would be
possible to authenticate using this token directly (for example a
service where the user has already logged in). This new class makes
possible to use an access token to authenticate directly with Keystone,
exchanging it for a Keystone token.
Closes-bug: 1583780
Change-Id: I5a31270194a3d1aa48de709dba49afde460731e2