Added the ability to authenticate using a system-scoped token and the
ability to authenticate using a cached token to the
external_oauth2_token filter.
Implements: blueprint enhance-oauth2-interoperability
Change-Id: I1fb4921faaafd5288d5909762ff5553e5e2475dc
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* parallelizing building of documents
Update Sphinx version as well.
Remove the doc requirements from lower-constraints, they are not
needed during installation.
openstackdocstheme renames some variables, so follow the renames. A
couple of variables are also not needed anymore, remove them.
Set openstackdocs_pdf_link to link to PDF file.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Ic7c901ff19aa073b6e003ccb95aaf77886f20152
We literally say in (the rendered version of) the same doc:
# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
#auth_type = <None>
Looks like auth_plugin has been deprecated for quite some time:
https://opendev.org/openstack/keystoneauth/commit/a56ed4218
Change-Id: I2dafa0cb28f017667497e0a6585d96a8cd090d5f
Currently with sphinx 2.2.0 the docs job is throwing a warning
that the html_static_path entry does not exist. We treat warnings
as errors so this causes the job to fail.
This change comments the html_static_path entry in conf.py since
the path currently does not exist so it appears to be unused.
Change-Id: Ib2c74f4f37855cec250d09b23c45b5b7fde44c8d
Some options are now automatically configured by the version 1.20:
- project
- html_last_updated_fmt
- latex_engine
- latex_elements
- version
- release.
Change-Id: I161a3983e23b0ae50c232eb63ca78f8fd230e91e
Previously the admin Identity endpoint was hardcoded to be used. Now
that keystone has dropped v2 support, deploying an admin Identity
endpoint is no longer useful, so allow this to be changed by the
deployer. Keep the default as using the `admin` endpoint, but create
a deprecation message so that we can change the default in the future.
Partial-Bug: 1830002
Change-Id: I993a45ccb1109d67e65bf32d1e134cc9bec2d88e
With Keystone v3, the admin (35357) and public (5000) ports are
the same and use the same keystone code paths for authentication.
This patch set replace 35357 and only uses port 5000
Change-Id: I596e3a2b29b2954bf7caef6f9408d9b2b4e890ee
The ChangeLog file is generated when we run `python setup.py sdist`,
which doesn't naturally happen when we run `tox -edocs`, so on a fresh
clone the docs build will fail because it references the ChangeLog file
which isn't there. Since we don't rely on pbr any more for release notes
and we have a sophisticated release note management tool, point the docs
at the published release notes instead of the pbr ChangeLog.
Change-Id: I614091eae739154337795a8f120b68686ad0ed0a
The [keystone_authtoken]/auth_uri middleware parameter has been causing
extreme confusion amongst operators and developers ever since the
keystonemiddleware started accepting keystoneauth plugin parameters
including auth_url. The two parameters look identical and yet have
completely different meanings and are both required. This patch
deprecates auth_uri and renames it to www_authenticate_uri, which more
accurately describes the WWW-Authenticate header it is configuring and
is dissimilar to any other keystone_authtoken middleware parameter. This
also renames the internal variable names for consistency with the config
option.
Change-Id: I0cf11da3d395749df28077427689fdafc8a6b981
Changed the keystone_authtoken part of the config docs so that it
advertises the use of identity_uri over the deprecated auth_protocol,
auth_port, auth_host
Change-Id: Ia1351a83abed30f2680c2ce3a074028bd95158fb
Closes-Bug: 1679238
doc8 is a linter for documents and used in openstack-manuals.
It is better to enforce document linters for simple checking.
This change is to add doc8 in tox file and fix line too long
in some files.
The current rules are as bellow:
- invalid rst format - D000
- lines should not be longer than 79 characters - D001
- RST exception: line with no whitespace except in the beginning
- RST exception: lines with http or https urls
- RST exception: literal blocks
- RST exception: rst target directives
- no trailing whitespace - D002
- no tabulation for indentation - D003
- no carriage returns (use unix newlines) - D004
- no newline at end of file - D005
Change-Id: I01b11619b42eebf13cb17e1b4a2e8464a8ccc797
Keystone used to require that the memcached and keystone servers both
use UTC, but this was fixed[1]. Keeping the notice in the
keystonemiddleware documentation is confusing. This patch removes the
note.
[1] https://bugs.launchpad.net/keystone/+bug/1221087
Change-Id: Iae2dc43ea3f0270246acd3184b7bb0c5778dcc7c
In a previous change [0] when warning-is-error was added, the
sphinx todo extension was causing errors with duplicate
registration. However with the recent changes between pbr and
sphinx, this extension no longer throws a duplicate error when
using warning-is-error and we can add it back in.
[0] https://review.openstack.org/#/c/439819/
Change-Id: Ib71f156eb179bdfe07479441334ea0efcc594924
Due to latest change in docs the old urls don't work and cause gate
failures. Fix it to reflect the new locations.
Change-Id: I5b02d7fa40b5892ee0c66bba8dd642dde9a6637e
Depends-On: I7e170275fd422345505b7282b52899d08c7a4172
As part of the docs migration work[0] for Pike we need to switch to use
the openstackdocstheme.
[0]https://review.openstack.org/#/c/472275/
Change-Id: I5150a456df75d61035a6f00366fa70bd4ec83457
html_last_updated_fmt option is interpreted as a
byte string in python3, causing Sphinx build to break.
This patch makes it utf-8 string.
Change-Id: I21ff7fe4da885d590303105c311aa9792fdaef2a
This change adds the "warning-is-error" setting
to setup.cfg in order to enforce strict doc validation which
will cause the build to fail if any warnings are thrown.
This also removes the redundant loading of the todo plugin
warning that shows up while running 'tox -e docs' with
'warning-is-error' enabled.
Change-Id: I33c110073feec7dd38ab75981d6f97c654852f37
There was an old comment left regarding this bug:
https://bugs.launchpad.net/pbr/+bug/1260495
which was fixed over a year ago but left over.
This change removes the comment and related extension
and adds the referenced pbr setting.
Change-Id: Ib334c136835a9b5b43cabe13b9616cce45e578e0
When building keystonemiddleware docs, the following warning
is currently emitted:
WARNING: no "man_pages" config value found;
no manual pages will be written
This change comments out man_pages since it was only
specifying an empty list, and the warning no longer appears.
Change-Id: Ia650abc6cb3b3bcf36469cae9d8c20e83d0317a4
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: I8521461203fe40e4576f4de7cfb500bd64027d6d
Fixed two warnings:
- keystonemiddleware/auth_token/__init__.py:docstring of
keystonemiddleware.auth_token.BaseAuthProtocol.kwargs_to_fetch_token
WARNING: Inline strong start-string without end-string.
- keystonemiddleware/doc/source/api/modules.rst
WARNING: document isn't included in any toctree
Change-Id: Iaec9adb228fe9131365ab1c15d4c85567921ccdd
This commit attempts to clean up and shuffle some of the keystonemiddleware
architecture document around to read a little easier.
Change-Id: Icb0ad50ac67a35a50e5c2dd39324aa3e169e9dc9
Now oslo messaging notifier can use driver information from audit
middleware specific conf section. This allows audit to have different
driver and transport usage from existing standard oslo messaging
configuration. If audit middleware section is not defined, then existing
logic is used which identifies driver from shared common oslo messaging
notification conf section.
Adjusted code and tests to recent oslo messaging notifier topic to
topics arg change. And recent request.context change.
Change-Id: Ia9ce654d3903efd0fd7893347e44ee27a765c745
Closes-Bug: 1544840
Let's use sphinx extensions to generate the config options instead of
updating them manually.
The following options will no longer appear since we use auth plugins
now:
auth_admin_prefix
auth_url
auth_host
auth_port
auth_protocol
identity_uri
admin_token
admin_user
admin_password
admin_tenant_name
Change-Id: I0a6eac26f93bfb1c2cbba17a98629108915f78c6
The config options in the architecture page needed to be updated. This
includes new values and correct text for old values. We also note in the
code that the revocation event list is only valid for PKI tokens.
Change-Id: Ib98d3de771d88feea72ea9598d094b77cde6093e
When building packages if git is absent, then we should not set
html_last_updated_fmt. It can still be set via the -D switch
when building with sphinx-build.
Change-Id: Ic2a6031a9b098e39c95669ca6fa2b92e536dc2ad
Closes-Bug: #1552251
The documentation for how to run tests currently says to use
"python setup.py test", which results in errors. Update the docs
to specify tox.
Change-Id: Ib32f6c0708de9439b6bdee4a4fb56cb88bc47d5a
Closes-Bug: #1550068
os.popen() is deprecated since version 2.6. Resolved with use of
subprocess module.
Closes-bug: #1529836
Change-Id: I3f78fff64f100aa7d435c830a2a913a521af698e