Added the ability to authenticate using a system-scoped token and the
ability to authenticate using a cached token to the
external_oauth2_token filter.
Implements: blueprint enhance-oauth2-interoperability
Change-Id: I1fb4921faaafd5288d5909762ff5553e5e2475dc
The external_oauth2_token filter has been added for accepting or denying
incoming requests containing OAuth 2.0 access tokens that are obtained
from an External Authentication Server.
Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614
Implements: blueprint enhance-oauth2-interoperability
Change-Id: I529c5b0c89933395b126e86651ef09368dd7e6b4
This updates the test-requirements to fix No module error in oslo_config.sphinxconfiggen when executing tox with doc env.
Change-Id: I4bfe30b3517f4a6c5c536afa150c66ef8522a2d0
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* parallelizing building of documents
Update Sphinx version as well.
Remove the doc requirements from lower-constraints, they are not
needed during installation.
openstackdocstheme renames some variables, so follow the renames. A
couple of variables are also not needed anymore, remove them.
Set openstackdocs_pdf_link to link to PDF file.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Ic7c901ff19aa073b6e003ccb95aaf77886f20152
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Idc319f3f8a3ddd57cba91e4cefc66dbb18d5cc22
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
We literally say in (the rendered version of) the same doc:
# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
#auth_type = <None>
Looks like auth_plugin has been deprecated for quite some time:
https://opendev.org/openstack/keystoneauth/commit/a56ed4218
Change-Id: I2dafa0cb28f017667497e0a6585d96a8cd090d5f
Currently with sphinx 2.2.0 the docs job is throwing a warning
that the html_static_path entry does not exist. We treat warnings
as errors so this causes the job to fail.
This change comments the html_static_path entry in conf.py since
the path currently does not exist so it appears to be unused.
Change-Id: Ib2c74f4f37855cec250d09b23c45b5b7fde44c8d
Some options are now automatically configured by the version 1.20:
- project
- html_last_updated_fmt
- latex_engine
- latex_elements
- version
- release.
Change-Id: I161a3983e23b0ae50c232eb63ca78f8fd230e91e
Previously the admin Identity endpoint was hardcoded to be used. Now
that keystone has dropped v2 support, deploying an admin Identity
endpoint is no longer useful, so allow this to be changed by the
deployer. Keep the default as using the `admin` endpoint, but create
a deprecation message so that we can change the default in the future.
Partial-Bug: 1830002
Change-Id: I993a45ccb1109d67e65bf32d1e134cc9bec2d88e
The latest version of bandit has broken directory exclusion,
so multiple test files are getting flagged. This change
blocks version 1.6.0 while this issue is fixed for 1.6.1.
This change also caps sphinx at <2.0.0 for python version 2.7.
Change-Id: I5d32d835886360522af21f735c74b2f85036f7f1
With Keystone v3, the admin (35357) and public (5000) ports are
the same and use the same keystone code paths for authentication.
This patch set replace 35357 and only uses port 5000
Change-Id: I596e3a2b29b2954bf7caef6f9408d9b2b4e890ee
The ChangeLog file is generated when we run `python setup.py sdist`,
which doesn't naturally happen when we run `tox -edocs`, so on a fresh
clone the docs build will fail because it references the ChangeLog file
which isn't there. Since we don't rely on pbr any more for release notes
and we have a sophisticated release note management tool, point the docs
at the published release notes instead of the pbr ChangeLog.
Change-Id: I614091eae739154337795a8f120b68686ad0ed0a
With the new way of generating docs in the gate[1] our autodoc builds
are slightly broken. Put the required dependencies for doc building and
autodoc generation into doc/requirements.txt. We can also now remove
docs-related requirements from test-requirements.txt.
[1] http://lists.openstack.org/pipermail/openstack-dev/2017-December/125710.html
Change-Id: Ifbd16fe364bb216821125c70bb7d3ab0ac1f10a3
The [keystone_authtoken]/auth_uri middleware parameter has been causing
extreme confusion amongst operators and developers ever since the
keystonemiddleware started accepting keystoneauth plugin parameters
including auth_url. The two parameters look identical and yet have
completely different meanings and are both required. This patch
deprecates auth_uri and renames it to www_authenticate_uri, which more
accurately describes the WWW-Authenticate header it is configuring and
is dissimilar to any other keystone_authtoken middleware parameter. This
also renames the internal variable names for consistency with the config
option.
Change-Id: I0cf11da3d395749df28077427689fdafc8a6b981
Changed the keystone_authtoken part of the config docs so that it
advertises the use of identity_uri over the deprecated auth_protocol,
auth_port, auth_host
Change-Id: Ia1351a83abed30f2680c2ce3a074028bd95158fb
Closes-Bug: 1679238
doc8 is a linter for documents and used in openstack-manuals.
It is better to enforce document linters for simple checking.
This change is to add doc8 in tox file and fix line too long
in some files.
The current rules are as bellow:
- invalid rst format - D000
- lines should not be longer than 79 characters - D001
- RST exception: line with no whitespace except in the beginning
- RST exception: lines with http or https urls
- RST exception: literal blocks
- RST exception: rst target directives
- no trailing whitespace - D002
- no tabulation for indentation - D003
- no carriage returns (use unix newlines) - D004
- no newline at end of file - D005
Change-Id: I01b11619b42eebf13cb17e1b4a2e8464a8ccc797
Keystone used to require that the memcached and keystone servers both
use UTC, but this was fixed[1]. Keeping the notice in the
keystonemiddleware documentation is confusing. This patch removes the
note.
[1] https://bugs.launchpad.net/keystone/+bug/1221087
Change-Id: Iae2dc43ea3f0270246acd3184b7bb0c5778dcc7c
In a previous change [0] when warning-is-error was added, the
sphinx todo extension was causing errors with duplicate
registration. However with the recent changes between pbr and
sphinx, this extension no longer throws a duplicate error when
using warning-is-error and we can add it back in.
[0] https://review.openstack.org/#/c/439819/
Change-Id: Ib71f156eb179bdfe07479441334ea0efcc594924
Due to latest change in docs the old urls don't work and cause gate
failures. Fix it to reflect the new locations.
Change-Id: I5b02d7fa40b5892ee0c66bba8dd642dde9a6637e
Depends-On: I7e170275fd422345505b7282b52899d08c7a4172
As part of the docs migration work[0] for Pike we need to switch to use
the openstackdocstheme.
[0]https://review.openstack.org/#/c/472275/
Change-Id: I5150a456df75d61035a6f00366fa70bd4ec83457
html_last_updated_fmt option is interpreted as a
byte string in python3, causing Sphinx build to break.
This patch makes it utf-8 string.
Change-Id: I21ff7fe4da885d590303105c311aa9792fdaef2a
This change adds the "warning-is-error" setting
to setup.cfg in order to enforce strict doc validation which
will cause the build to fail if any warnings are thrown.
This also removes the redundant loading of the todo plugin
warning that shows up while running 'tox -e docs' with
'warning-is-error' enabled.
Change-Id: I33c110073feec7dd38ab75981d6f97c654852f37
There was an old comment left regarding this bug:
https://bugs.launchpad.net/pbr/+bug/1260495
which was fixed over a year ago but left over.
This change removes the comment and related extension
and adds the referenced pbr setting.
Change-Id: Ib334c136835a9b5b43cabe13b9616cce45e578e0
When building keystonemiddleware docs, the following warning
is currently emitted:
WARNING: no "man_pages" config value found;
no manual pages will be written
This change comments out man_pages since it was only
specifying an empty list, and the warning no longer appears.
Change-Id: Ia650abc6cb3b3bcf36469cae9d8c20e83d0317a4
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: I8521461203fe40e4576f4de7cfb500bd64027d6d