* Update keystoneauth from branch 'master'
to e071ad44b01362b8ee930cb23dbb52e2d87fd62d
- reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.
Change-Id: I607493fb73536ce938f67d1a7e79af3c78eca4f4
* Update keystoneauth from branch 'master'
to ec225c225cfa2b12d325c4e47da8cea1fcfcdc3f
- Merge "Update python classifier in setup.cfg"
- Update python classifier in setup.cfg
As per the current release tested runtime, we test
python version from 3.8 to 3.11 so updating the
same in python classifier in setup.cfg
Change-Id: I8d3a53d2bc5207a5627edf881bb7eacdff56a7ec
* Update keystoneauth from branch 'master'
to 733a34bcef44d74939fd4fe509da1aceb0c85d1b
- Merge "Change retries log level to warning instead of info"
- Change retries log level to warning instead of info
Closes-bug: 2042670
Change-Id: Id771077b1070a80b9acab5ffda66155f0dea22be
* Update keystoneauth from branch 'master'
to b68be4b70ed64d60c85a7a3ac66fd2769f2ed1bf
- Bump hacking, other flake8 plugins
Address the couple of small issues it highlights.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I0b0b8ff96d024cc3432ce902e781fff7e594924e
* Update keystoneauth from branch 'master'
to 9df23dc6a8458fb13a3f5d5b4c893e0f755035ee
- Bump bandit
Address incompatibility with Python 3.8, which happens due to the older
bandits use of the private '_ast' module instead of 'ast' [1] and the
deprecated 'Num' having been removed from the former. The bump requires
an additional nosec for a line that is misidentified as a hardcoded
password.
A note about requirements ordering is removed as it hasn't been relevant
since pip 20.3 introduced the new dependency resolver.
[1] 09b0207e2b
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: Icaaa3a2e24429bba5cf70c04062cfa5820c8a1bf
* Update keystoneauth from branch 'master'
to b5ddc0732e939d19fe41c76343edb49459d342e2
- Remove dependency on oslo_config
Per the note in requirements.txt, we do not want to depend on any oslo
library. Fix the accidental inclusion of this library.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I0287fc2493831e9b52790f7d6db13b8a4ed7158e
* Update keystoneauth from branch 'master'
to 2bc0f5afb08f7199489547a19c9eca924db61e91
- Merge "Allow setting retriable status codes for Adapter via configuration options"
- Allow setting retriable status codes for Adapter via configuration options
Signed-off-by: Pierre-Samuel Le Stang <pierre-samuel.le-stang@corp.ovh.com>
Change-Id: Id7ad3f398891361abe62027248eba0f5eb1934d7
* Update keystoneauth from branch 'master'
to 44e477dfb5821cb535d880738a965901ecd6f734
- Merge "Drop parameters when connecting to a redirected endpoint"
- Drop parameters when connecting to a redirected endpoint
When redirected, the server *generally* returns a fully
formed URI, but does not really have to, so we may end up
in a "depending on how the redirect was triggered" would
result in the response handling.
Ultimately, any behavior which is not an fully formed URI
would be invalid.
But our code was taking the URI we got back, and would then
re-issue the request with a list of parameters with the new
URL. Duplicating the parameters on the URI.
Example of what was occuring, when only provision_state=active
was a parameter before the redirect:
/v1/nodes?provision_state=active&provision_state=active
Co-Authored-By: Kristi Nikolla <knikolla@bu.edu>
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Story: 2010029
Task: 45316
Change-Id: I4969a42ee651ac2c559e378d879b673a1d788c57
* Update keystoneauth from branch 'master'
to b0a6c8da6c4413b922fb72ff6acf99cd159f42e9
- Merge "Add project URLs from README as packaging metadata"
- Add project URLs from README as packaging metadata
Change-Id: Ibdbc0b9228c6b24a521b9117ee0298a4a302bb98
* Update keystoneauth from branch 'master'
to 659a288cc145db280e32d9b5c968861e6df8c51b
- Merge "Keep request-id at redirect"
- Keep request-id at redirect
Currently when redirects are used, the request id can get lost on redirect.
Proposed patch reuses req-id from redirect response and passes it to
actual request
Closes-Bug: #2000742
Change-Id: I98d5d4490b3d5667677cdd19f3c7b39abe6044ef
* Update keystoneauth from branch 'master'
to efba3f9b384099486678c91dd351105ffe4e690c
- Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: Ia73a8b414df7173dbc802e0175140f889a7cfa2d
* Update keystoneauth from branch 'master'
to e6f3999c6f2f846e3dda505343166ab8c8346c2a
- Merge "Support PKCE with v3oidcdeviceauthz"
- Support PKCE with v3oidcdeviceauthz
In case the OAuth 2.0 client for keystone is configured in Keycloak to
require PKCE (for horizon Web-SSO), this also applies to other flows
like v3oidcdeviceauthz.
https://www.rfc-editor.org/rfc/rfc7636
Signed-off-by: Arvid Requate <requate@univention.de>
Change-Id: I8475a583844d9b97ed65a9909c31cebc31cfbebb
* Update keystoneauth from branch 'master'
to 28048af9593740315df8d9027c3bd6cae5e0a715
- Merge "Add doc of OAuth 2.0 Mutual-TLS Authenticate"
- Add doc of OAuth 2.0 Mutual-TLS Authenticate
Added a new OAuth2mTlsClientCredential plugin, accessible via the
'v3oauth2mtlsclientcredential' entry point, making possible to
authenticate using an OAuth 2.0 Mutual-TLS client credentials.
Implements: blueprint support-oauth2-mtls
Change-Id: I4b85bcfbfad1e34624b48ecd6476d01a4adba9eb
* Update keystoneauth from branch 'master'
to 0195cc7eadef99f75530740c165bff2680cb135f
- Merge "Add doc of OAuth2.0 Client Credentials Grant Flow"
- Add doc of OAuth2.0 Client Credentials Grant Flow
This patch provides Keystoneauth documents for OAuth2.0 client
authorization. The specification about OAuth2.0 Client Credential Grant
is added to authentication plugins.
Implement: blueprint oauth2-client-credentials-ext
Change-Id: Iefaa997c1e561f51cb0e93d80106ccaa70932755
* Update keystoneauth from branch 'master'
to c69ade60a677a95c873a06fbc72e9810da7d5fdf
- Remove last reference to the python six package
We missed an import of the six package.
Change-Id: Id618b93d47a6e25a89144b3a93b12cbb5fc14797
* Update keystoneauth from branch 'master'
to 6e0f3eb61a833740b512c58aecb05ea7de792279
- Merge "Fix up some packaging metadata"
- Fix up some packaging metadata
https://pypi.org/pypi/keystoneauth1/json currently does not have a minimum
python version.
Also clean up a twine warning:
warning: `long_description_content_type` missing. defaulting to `text/x-rst`.
Change-Id: Ibc4747c32afe646fe15baf52538f1ef1defc40c1
* Update keystoneauth from branch 'master'
to fe74dedb0530cf05d88821435f3d85138a5cb11a
- Merge "Make v3oidcpassword send client_id"
- Make v3oidcpassword send client_id
Updates the v3oidcpassword function to also send the client_id as part of the request body,
this seems to be a requirement for services like onelogin.
Change-Id: I2392ef51302804c0c66c0fb52227db5f35bca3fd
* Update keystoneauth from branch 'master'
to 1462b7344e3f65938f30d3e0cdb17061033c2cf0
- Merge "Add RFC required headers and data to the request"
- Add RFC required headers and data to the request
Fixup for 44e5b2deef0a92c9d7d7e0a64643364d2ea0eee7
Signed-off-by: Arvid Requate <requate@univention.de>
Change-Id: I88bbfebd19f3e291c304f5bbd7f8dde2ed951821
* Update keystoneauth from branch 'master'
to 2e40bbf8e3c12ae06c7572adfa8510e0deef7eb4
- Update master for stable/2023.1
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: I9d1c3fab9382490c51471893c830c01106c07497
* Update keystoneauth from branch 'master'
to 8d24892f9dc2742d9bd837b3a71fce260a5ec326
- Merge "Remove six"
- Remove six
This is no longer necessary since we only support Python 3.x.
A note is removed from requirements.txt since it's no longer relevant:
pip 20.3+ has a real dependency resolver.
Change-Id: Ie3006813a79fef1f128d388b906e4f1752347fa4
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
* Update keystoneauth from branch 'master'
to eb5ebfd4bd7b889cb34a66a9176d8b36afcac896
- Merge "Switch to 2023.1 Python3 unit tests and generic template name"
- Switch to 2023.1 Python3 unit tests and generic template name
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope. Also,
updating the template name to generic one.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: I2447df95b05fcd4f133f8c4d278c6284a67eb0b7
* Update keystoneauth from branch 'master'
to f6e340270ead0c1b39d8616808f57f6e2abf3bd7
- Merge "Update master for stable/zed"
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Ia0d14f0955504bdeb41c1eff4d6854293e1f3430
* Update keystoneauth from branch 'master'
to bf5aed34cdde12538c9ffb37a202b952b0779c97
- Merge "Replace abc.abstractproperty with property and abc.abstractmethod"
- Replace abc.abstractproperty with property and abc.abstractmethod
Replace abc.abstractproperty with property and abc.abstractmethod,
as abc.abstractproperty has been deprecated since python3.3[1]
[1]https://docs.python.org/3.8/whatsnew/3.3.html?highlight=deprecated#abc
Change-Id: I506bd4f17d9c86d1a0328e765e8c695c76e16f18
* Update keystoneauth from branch 'master'
to 3ffea9276ebf70072ceb8c3b6543b4020abcd35f
- Merge "Allow federation to work with unversioned auth_url"
- Allow federation to work with unversioned auth_url
while e.g. V3Password works perfectly fine with unversioned auth_url
like 'http://keystone', everything based on FederationBaseAuth
does not and only requires versioned v3 auth_url.
Since OS_FEDERATION is implemented only in v3, this patch
makes sure that federated_token_url has v3 in it, thus allowing
for unversoned auth_url as well.
Closes-Bug: #1998366
Change-Id: I1f0b00b6f721c53bb5308e03223d0c1564ca81b3
* Update keystoneauth from branch 'master'
to d2a100f85d38b5b72f599551583066c7542cce05
- Merge "setup.cfg: Restore python_requires after a typo"
- setup.cfg: Restore python_requires after a typo
The "python_equires" typo was introduced by the change
I3980fbc53ce4b954aff5e98087897ea94e50e4fc, commit
a1e209c9a1bbee28c71ada7cc4675710f3b91794.
The typo apparently had a weird effect of declaring our
package as supporting Python 2, although obviously we
quit py2 long time ago.
Closes-bug: 1999431
Change-Id: Ife08f751bd64f2bbb04747ccc030d38ce78db712
* Update keystoneauth from branch 'master'
to ca28df84808787342303666e1b286dbc5ec88c61
- OAuth 2.0 Mutual-TLS Support
Added a new OAuth2mTlsClientCredential plugin, accessible via the
'v3oauth2mtlsclientcredential' entry point, making possible to
authenticate using an OAuth 2.0 Mutual-TLS client credentials.
Co-Authored-By: Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp>
Change-Id: I0e02ef18da5d60cdd1bcde07b07c2071b74b73d6
Implements: blueprint support-oauth2-mtls
* Update keystoneauth from branch 'master'
to c96b058212865804ad29eb7461328f87ea874e9e
- Merge "Enforce scope mutual exclusion for system"
- Enforce scope mutual exclusion for system
we already fail when mutliple scope identifiers are provided, however
not when system scope is involved. As a result of the undocumented
priority of checks, when system scope is specified together with any
other scope, that other scope will silently be used.
Change-Id: I120ed63f6c1262d067eeb6168feab35278cacf6a
* Update keystoneauth from branch 'master'
to 5098d45cca0e858f8763a083308733bbc470b120
- Allow passing of version header
Add keyword option to get_version_data() to allow passing
of the version header so that we can get the microversions.
Specifically, this is so that we can re-use this function
in barbican, which recently implemented microversions, but
doesn't return them by default, for backward compatibility
with old clients.
Change-Id: I909750381a559f9dc61650c9f98c88d4481012b7
* Update keystoneauth from branch 'master'
to 11faa0e67d6e70ff7f48266e9a57e733e42dd009
- Fix linters and bindep on jammy
Bump linter requirements - follow the changes
made in keystone in commits
6dfde5b48b388e32e34a385c3a9ef48da7c7c49b and
5c71ebd7a92d25df83e2e7cc5fad9990e9eebbf5 in
order to fix compatibility with Python 3.10.
Remove python-dev from bindep - it's no longer
supported by jammy and lead us to the following
errors with the announce-release job:
```
No package matching 'python-dev' is available
```
Co-Authored-By: Herve Beraud <hberaud@redhat.com>
Change-Id: If687a2678733ce018bd31c602140f073ab1a1a65
* Update keystoneauth from branch 'master'
to aa9c5d230f48c0ca4a4fb5dde6c92a07aab287e0
- OAuth2.0 Client Credentials Grant Flow Support
Added a new OAuth2ClientCredential plugin, accessible via the
'v3oauth2clientcredential' entry point, making possible to authenticate
using an application credentials as an OAuth2.0 client credentials.
Change-Id: I77d6faef4cbc75abb8e7d86f386fb6d16e40cabf
* Update keystoneauth from branch 'master'
to 2445a5df78d808a773ea820505c7af5215c573cf
- Update python testing as per zed cycle teting runtime
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Add release notes and update the python
classifier for the same.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Co-Authored-By: Ghanshyam Mann <gmann@ghanshyammann.com>
Change-Id: Ic7671ad666ebc0614686e068b9d4c0824e384fb3
* Update keystoneauth from branch 'master'
to f194e6a82097ba38435146ba3a0df924855dc22f
- Merge "Allow logging of Content-Type text/plain"
- Allow logging of Content-Type text/plain
Noticed this while doing some local testing, if a WSGI app replies with
a text/plain content type to communicate a server error, we aren't able
to see the error response message when passing --debug to the
openstackclient, example:
RESP: [500] Date: Thu, 01 Oct 2020 23:54:15 GMT Server: Apache/2.4.18
(Ubuntu) Content-Type: text/plain; charset=UTF-8 Connection: close
Transfer-Encoding: chunked
RESP BODY: Omitted, Content-Type is set to text/plain; charset=UTF-8.
Only application/json responses have their bodies logged.
Change-Id: Ibfd46c7725bd0aa26f1f80b0e8fc6eda2ac2e090
* Update keystoneauth from branch 'master'
to 12a84e1919d11d314427330964017babd8f75794
- Merge "Fix version discovery check of url for integer project id"
- Fix version discovery check of url for integer project id
Check if the last url segment matches the project id.
Previously the check only confirmed whether the last url segment
endswith the project id which could cause problems with spurious
matches of some legacy integer project ids.
Closes-Bug: 1968793
Change-Id: I7c6c22e41bde2a73508635b7e964c58a02c12146
* Update keystoneauth from branch 'master'
to cc58eca84fb9e3ba975adb3bb4529c10dcbddbde
- Merge "Improve help messages for a few options"
- Improve help messages for a few options
Closes-Bug: #1962037
Change-Id: If082a7f4cc09ffc42c68081dd43c2808b6c5f8a9
* Update keystoneauth from branch 'master'
to 97477c326117c318d6ec7b8a56fc5efd3f018d90
- Merge "User-friendly error message for DiscoveryFailure"
- User-friendly error message for DiscoveryFailure
The passage about discovery document and allow_version_hack makes little
sense for people unfamiliar with keystoneauth internals. What it
actually means in most cases is that the remote service is not
available. Rephrase the error message and add some debug logging.
Change-Id: I156dbb45bd8c07ace1900894f6779ed9f38cf3c6
* Update keystoneauth from branch 'master'
to 2d40bf525dd52935389329bfa75f981c19a0ec7b
- Merge "remove unicode from code"
- remove unicode from code
remove unicode from code
Change-Id: I95f201f5678f093981014a553ffadb2a6b2a0453
* Update keystoneauth from branch 'master'
to 03a9dbb948a6db87186bdf0c9e874f4e028dbfb9
- Merge "fix: miss attr _discovery_cache in ServiceTokenAuthWrapper"
- fix: miss attr _discovery_cache in ServiceTokenAuthWrapper
Add the super method to the ServiceTokenAuthWrapper class
to get the _discovery_cache attribute of the parent class.
the error info is below while neutron is authenticated by
keystoneauth plug in task inspector enroll baremetal node:
ERROR oslo_messaging.rpc.server:
Exception during message handling: AttributeError:
'ServiceTokenAuthWrapper' object has no attribute '_discovery_cache'
Change-Id: Icc7c4e25a123b5565c94f43f932ee32f9f304a76
* Update keystoneauth from branch 'master'
to c69cc01b7b7f79e5afb9a0d430bffdf8b9028f6b
- Merge "Use TOX_CONSTRAINTS_FILE"
- Use TOX_CONSTRAINTS_FILE
UPPER_CONSTRAINTS_FILE is old name and deprecated
This allows to use upper-constraints file as more
readable way instead of UPPER_CONSTRAINTS_FILE=<lower-constraints file>.
Change-Id: Ie3771b123acace8320db5b2e8dfadeef1c2a1b90
* Update keystoneauth from branch 'master'
to f9950b0ff399157b46030c86f6c0af2dd8b6c057
- Merge "bump py37 to py38 in tox.ini"
- bump py37 to py38 in tox.ini
in 'victoria' cycle, we should test py38 by default.
ref:
https://governance.openstack.org/tc/reference/runtimes/victoria.html
Change-Id: I9cf801f2beda01b04e48488156fec0de11efe3a9
* Update keystoneauth from branch 'master'
to 7eeda4d9afcaed36fda4cd81c584d2028fd4803f
- Drop lower-constraints.txt and its testing
As discussed in TC PTG[1] and TC resolution[2], we are
dropping the lower-constraints.txt file and its testing.
We will keep lower bounds in the requirements.txt file but
with a note that these are not tested lower bounds and we
try our best to keep them updated.
[1] https://etherpad.opendev.org/p/tc-zed-ptg#L326
[2] https://governance.openstack.org/tc/resolutions/20220414-drop-lower-constraints.html#proposal
Change-Id: I73718d9f52d11b9a17ab49468743d5237179ada5
* Update keystoneauth from branch 'master'
to 24036619413356e68d07acecba109f86088ce93b
- Merge "Update master for stable/yoga"
- Update master for stable/yoga
Add file to the reno documentation build to show release notes for
stable/yoga.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.
Sem-Ver: feature
Change-Id: Ifd5fc37cb58a363e9bc9f2b2752d455555ba82e9
* Update keystoneauth from branch 'master'
to 030bc2389365c323e1cab9134e8b21919e5cd0d8
- Merge "Update master for stable/xena"
- Update master for stable/xena
Add file to the reno documentation build to show release notes for
stable/xena.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.
Sem-Ver: feature
Change-Id: I2621cf1da0b4721adfbb222bcf3f75e2f6a8d875
* Update keystoneauth from branch 'master'
to d2b729d0c010f4077669f812aa2878a8cd2b59ee
- Merge "Update master for stable/wallaby"
- Update master for stable/wallaby
Add file to the reno documentation build to show release notes for
stable/wallaby.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/wallaby.
Sem-Ver: feature
Change-Id: I89924f9516f07caca3ae792aafc36587fd81badc
* Update keystoneauth from branch 'master'
to 27a3be4bc8bb5890762f442b91b1f1722570dce1
- Merge "Clarify token_endpoint.Token usecases"
- Clarify token_endpoint.Token usecases
This authentication plugin isn't grouped with the other authentication
plugins, but it can be really useful for people writing proxies or
implementing service-to-service calls.
This commit just highlights the usefulness of this plugin with some
example usecases and a code snippet. The current documentation phrases
it such that it's only useful for testing.
Change-Id: I1de4959ccde3fdf8141d8f4949c73542c2200483
* Update keystoneauth from branch 'master'
to 8da0a63569841f82ed73ef1900ed4818bcd0801a
- Merge "setup.cfg: Replace dashes by underscores"
- setup.cfg: Replace dashes by underscores
Since setuptools v54.1.0[1], the parmeters with dash have been
deprecated in favor of the new parameters with underscore.
This change updates the parameters accordingly to avoid the warnings
like the example below.
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: I3980fbc53ce4b954aff5e98087897ea94e50e4fc
* Update keystoneauth from branch 'master'
to 49db50bfb32521c327ae90bc133516cf343a0c2d
- Fix bindep for current rpm based distributions
python-devel is no longer available in current RPM based distributions.
This was tested with centos7, rhel7, rhel8, fedora35.
Change-Id: I4a2e6886af6d6862f25957e7bb206a5fc9664d90
* Update keystoneauth from branch 'master'
to 7bbce9761cae1af894f4cd70706eed0d5c4f669e
- Fix docs build
Avoid conflicts between apidoc generated documentation and the source
code by adding "noindex" to SPHINX_APIDOC_OPTIONS.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib1498a3712ec9cfd0abcb282b093f82ba0ee8128