Remove six.moves Replace the following items with Python 3 style code.
- six.moves.urllib
- six.moves.queue
- six.moves.range
- six.moves.http_client
Subsequent patches will replace other six usages.
Change-Id: I80c713546fcc97391c64e95ef708830632e1ef32
With python 3.x, classes can use the metaclass= logic
to not require usage of the six library.
Subsequent patches will replace other six usages.
Change-Id: Iefdc99c338c7aaea18d535426c4676dbedb44f32
Client should be able to create a token using “auth_url” (e.g. ”https://keycloak:7443/auth”)
Server should be able to validate the token using “user_info_endpoint_url” (e.g. “https://cbnd:9443/something/custom”)
also be backward compatible
Change-Id: I437fde40345af52483cc764e5dc6a1f55f1b3e88
Sometimes when mistral requests are failing with "401 Unauthorized"
against keycloak, the reason are not mentioned in the logs.
In case keycloack return 401 it must provide the www-Authenticate
response header with the reason:
https://www.w3.org/Protocols/HTTP/1.0/spec.html#WWW-Authenticate
This code take care of it by adding the WWW-Authenticate value to
mistral api-log.
Change-Id: I7ae221aaeb2233184bd4818490e72ff662dca5cb
Closes-Bug: #1737500
This patch enables ssl support for keycloak middleware. It adds 3
new config options: 'certfile', 'keyfile' and 'cafile' and substitues
their values to the request to keycloak server.
Change-Id: Id8a771af373cd9d1e198142c21957622f9d0232c
Closes-bug: #1712749
This patch adds new improvements to the keycloak auth module:
* Token format is validated before sending it to keycloak server.
* Realm name is taken from parsed token, 'X-PROJECT-ID' header is
not required anymore.
* Added support of user roles - now Mistral understands the
difference between admin and regular user.
* Added more detailed error explanations and new unit tests.
Change-Id: I7ac4834f2ecb4cafb9d4fcd154a8cf41a71e6c4a
Abstract authentication function so plugins for other authentication
backends can be implemented in cases where keystone is not used. Currently,
mistral is hard coded to support keystone and keycloak. The domain/project
related trust that is specific to keystone is not addressed.
Change-Id: I21994ab20af519b2ba85efd7cbe043547988e5b3
Implements: blueprint mistral-abstract-auth
Q.hongtao