Bandit emits errors for request methods without the timeout parameter.
It's better to follow the instruction to avoid hanging.
Added timeout parameters and config options to set timeout.
[1] https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html
Change-Id: I0c022c3cc57f30530ebdef6e434753ece2bdf912
The [keystone_authtoken]/auth_uri middleware parameter has been causing
extreme confusion amongst operators and developers ever since the
keystonemiddleware started accepting keystoneauth plugin parameters
including auth_url. The two parameters look identical and yet have
completely different meanings and are both required. This patch
deprecates auth_uri and renames it to www_authenticate_uri, which more
accurately describes the WWW-Authenticate header it is configuring and
is dissimilar to any other keystone_authtoken middleware parameter. This
also renames the internal variable names for consistency with the config
option.
Change-Id: I0cf11da3d395749df28077427689fdafc8a6b981
The constants of log levels were added in the 1.8 version
of the oslo.log library.
So we can replace all usage of system logging module
with log module from oslo.log
Change-Id: I97a1d913b543dc9dbd4d228b04adbdf7ee320df5
We added method split_path in version 3.11 of oslo.utils,
so don't maintain it by keystonemiddleware.
Change-Id: Iaba3d3f8b10392c0ee3fbb076f1e364f0c97ca88
Currently tox ignores D400:
D400: First line should end with a period.
This change makes keystonemiddleware docstrings compliant with D400.
Change-Id: Icff2b744d72ae74492cfc6515b91f393fa2b50bf
Currently tox ignores D401 and H403:
401: First line should be in imperative mood.
403: multi line docstrings should end on a new line
This change makes keystonemiddleware docstrings compliant with D401.
H403 is already passing, so this commit also enables it.
Change-Id: I9471721220c99f9c4ed055840ed626bb7750eb3f
s3token middleware only allows configuring host and port for the
auth URI. This doesn't allow the auth server to be on a path.
A new auth_uri config option is added that allows the deployer to
specify the full URL for auth. This overrides auth_host, auth_port,
and auth_protocol. auth_host, auth_port, and auth_protocol are
deprecated.
DocImpact
Change-Id: I1fe13f0365ca4704717fe680a0c8f54c64a9f06c
Mixing "str" and "unicode" can lead to a UnicodeDecodeError. We encode unicode
values before using them with text strings.
The bug occurs if the URL contains a non-ASCII character in the path:
"hého" in "/v1/AUTH_cfa/c/hého" ("/v1/AUTH_cfa/c/h\xc3\xa9ho" in UTF-8) for
example.
The bug occurs on Python 2 in s3_token.py because the tenant id is retrieved
from identity_info['access']['token']['tenant'] and identity_info comes from
resp.json().
The problem is that in Python, the JSON decoder always create Unicode strings.
Example in Python 2:
>>> json.loads('{"key": "value"}') {u'key': u'value'}
There is no issue in Python 3, since all text strings are Unicode.
Change-Id: Ib7fdf60f8369ea9546fcd92f1ac385c777478d10
Closes-Bug: #1428706
Co-Authored-By: Victor Stinner <vstinner@redhat.com>
The "insecure" option was being treated as a bool when it was
actually provided as a string. The fix is to parse the string to
a bool.
Change-Id: Id674f40532215788675c97a8fdfa91d4420347b3
Closes-Bug: 1411063
Make s3_token and ec2_token middleware match auth_token and all
properties except the class itself are now private.
The memcache_crypt module is now private to the keystonemiddleware
package.
Change-Id: Id5103f4e9689bc2dbc6f79705030c903ae5cc406