Heat is known to override RequestContext in a strange way and it
attempts to run policy check, which loads full request context, in case
is_admin is not given.
This ensures is_admin is copied during redactation, to avoid failures
in unit tests. is_admin is not a secret field so can appear in
notifications.
This also adds **kwargs interface to redacted_copy, so that we can
inject a few more arguments in subclasses.
Change-Id: I19f83d7b0a13f14df16ac805998d5b3751801c12
There are times, such as in oslo.messaging notifications, when we'd like
a context object to be stripped of any secrets. This adds a method to
RequestContext, redacted_copy(), which returns a copy of that context,
carrying over an allowlist of fields only, leaving secrets behind.
Related-bug: 2030976
Change-Id: Ie4a8eb784c505c41ec5fcd4cba091cc555146763
oslo.context is pretty small and therefore easy to introduce mypy for.
Minimal type hints are added, along with tox targets to validate things.
We can build on these in the future if we'd like to.
Change-Id: Ie5ab9eedfc89654ac3aa635f4a3ad24409ad23b6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The tenant argument of RequestContext have been deprecated long
time ago it is now removed by these changes.
Sem-Ver: api-break
Closes-Bug: 1505827
Change-Id: I2fded6f3476df1fb8c4e042ef28ed8ccb7ab0737
A previous patch[1] added "system_scope" to the context for to_dict()
but the from_dict() method was not updated. This caused the
system_scope to always be None.
This patch corrects that by adding "system_scope" to the list of
values that may need to be extracted from the context dict.
[1] https://review.opendev.org/c/openstack/oslo.context/+/530509
Change-Id: Ica23d5c4183a692de3cb65a7ad72b19f47988ca6
collections.MutableMapping has been deprecated since Python 3.3 and
is removed in Python 3.10. The functionality should be identical.
Change-Id: Ic9b2f8a89a92ac3a5fa5f49bb19f13e547d12eda
This patch bumps bandit allowed version to >=1.6.0,<1.7.0 in order to
avoid the errors detailed here https://github.com/PyCQA/bandit/pull/393
Change-Id: I2e498fd13356f571acb905384206b4c97e6c5d92
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
auth_token_info is a common field that subclasses of RequestContext
add. It contains things like the token itself and the entire catalog,
both of which are undesirable to log. The token is a security concern
and the catalog is huge, which bloats the logs an unacceptable amount.
This change removes the auth_token_info key from the logging dict
that we return to the log formatter, which eliminates both problems.
Change-Id: If5ebaa3c1859d32cd05f51defe173fc625b21af5
Closes-Bug: 1866705
The OpenStack identity sevice issues domain-scoped tokens and
keystonemiddlware sets a specific header when it validates a
domain-scoped token. This commit allows context objects to set
domain_id attributes for tokens scoped to a domain and also processes
the domain ID header from keystonemiddlware.
Change-Id: I620d647499abaf5a7103d82af22a190fcc0b3fae
The context should carry some information that all services will need
in order to enforce scoping. System scope can be implemented here
and available for projects when they start adding scope types to
policies.
bp system-scope
Change-Id: I02fdaccfdd002d60b0b51c5d3327c783009cf35e
As the name of the get_logging_values suggests, that function will
get entries from the context for logging purposes. For this, we
shouldn't need the auth_token since it might potentially leak
in the logs.
This filters out the auth_token by setting it as '***' by
default.
Change-Id: I2b245c1665c3587be3c476b803122788d186e5d5
Some of our consumers define additional members on the context class
that they want included in to_dict and from_dict. While it is
possible to do this today via overrides of those functions, the
from_dict implementation in particular is a little non-obvious.
This has led to bugs when the base class's to_dict behavior changes.
This change moves the logic around extending the keys recognized by
from_dict into from_dict itself and allows consumers to simply
provide a list of those keys by overriding a class member.
Change-Id: Ib143f8a5c129dbf6711800c4d87c8830a8aa3365
Related-Bug: 1721432
This adds the 'project' key to the output dict, which contains the same
value as the 'tenant' key.
Change-Id: I9f7514daa162c5a9f0e7c8c24455bd1d29517cf5
The user, tenant and parameters without _id are deprecated as properties
on the object however have never been deprecated as the argument that is
passed.
This should be a fairly easy transition from a context perspective so
simply use the debtcollector function to rename them in place.
Change-Id: Id6ae5a1c869b8e4279d0100bdb6dbf6790dd9b83
This reverts commit 96432cbe4d.
it helps us a lot in Ocata, need open the deprecation warnings
to make consuming projects move to fix the warning.
Change-Id: I10874c66bfd7c7f582a4fe91dcb6354f1c55fc04
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes oslo.context dependance
on the positional decorator.
Change-Id: I9b83917fedd00a8d4fdf904208a17ebdc5cda59a
Once we get to > 2 services chained, it's important that the caller
pass the global_request_id, not the local one. This provides a unified
property so that it's easy for callers to do the right thing.
Change-Id: I6c56187f776602e0af88a368e41a4239901bde3e
This provides the facility to have a global_request_id which is
different from the service level request_id that we've been using.
Includes basic testing.
Change-Id: I1521188ae627fa2e7d35aa2ffffbcb620c527765
We need to pass into VersionInfo what one would expect from running:
setup.py --name
Right now we pass in say oslo_context and pbr fails if there is no .git in
the python source tree
Closes-Bug: #1662266
Change-Id: Ia9da53a5d617d1790c7ed642d114b723e04bddb7
2.12.0 added a DeprecationWarning a bit late in
Ocata for other projects to react properly. For example
Neutron logs get filled up pretty badly. So let's
defer the deprecation warnings for one more release
Note f25543fcc7 adds
the warning(s).
Instead of a full revert, let's just key off of a
variable _log_deprecation_warnings both in context.py
and test_context.py with a FIXME reminder
Closes-Bug: #1660088
Change-Id: I45ba9a0ed628f3347c7c3b346e907e4363452dd8
In the case of communications that include service tokens we need to add
that information to the context so that we can also enforce policy on
it. Add this information and load this information in the from_environ
method. Add these details to to_policy_values so that we can start to
enforce policy based on these attributes.
Change-Id: Id90f32795905112de804a18ddc8a69c038c829bb
To add service token information to the context we are going to add more
information to the base context object. To hopefully make this easier to
read seperate these to an option per line.
Change-Id: Ic523d3e1545bf5dd865f769e1651500205b9b1a9
There is confusion now between whether parameters refer to the name or
id. Similar to adding _name we should rename the other variables with
_id to make it more obvious.
Change-Id: I203acefae8270bd3373b006fa096bea5ef3106f3
If we want to move all the services over to a standard policy
enforcement dict we need a way to start notifying deployers when the
policy enforcement files are using deprecated values.
Instead of returning a dictionary return an object that acts like a
dictionary but emits a DeprecationWarning whenever a deprecated policy
enforcement value is read from it.
Change-Id: I4b2fda188bbccfd491556cc5631e5c4a76314492
The X-User and X-Tenant deprecated headers from auth_token middleware
are actually name values, not ID values. In most cases this doesn't
matter because these are deprecated and only used when no newer headers
are available but we should still fix it.
Closes-Bug: #1614776
Change-Id: I16e80671e853387004434e766dd6ceebe0a6b2a6
Many assertEqual sentences don't follow assertEqual(expected, actual),
These misplaces have 2 impacts:
1, giving confusing messages when some tests failed.
2, mislead other developers, new test modules may follow these wrong pattern.
This patch fix all of them.
Change-Id: I806c893fd46242b021ce90037609ee47e015e1f3
Closes-Bug: #1604213
The way from_dict is structured today means that it is virtually
impossible for a subclass to use it. The function looks only at its own
__init__ variables and then creates a class with them. If a subclass is
adding something to to_dict (they almost all do) then there is no way
for that subclass to add anything to the from_dict so that it is
correctly reconstructed.
This problem is solvable by the pattern of passing keyword args through
to the constructor and having from_dict add to these arguments if they
are not already present. This pattern is already used by from_environ.
This change also moves from an inspecting __init__ args to explicitly
specifying the arguments supported by from_dict. This will be required
to start doing debtcollector and parameter cleanup without breaking
compatibility in the subclasses where the values returned by inspect may
not be those we actually want to pass to __init__.
Change-Id: Id5d78c2dbf76741338982e8d5ba08b6ad432ec42
We should try and enforce that all arguments passed to an oslo_context
are passed as keyword arguments. positional is a library maintained by
the openstack community for exactly this.
We can't simply switch over to raising an error, so by setting
enforcement to warn we will issue a deprecation warning whenever
arguments are being passed positionally.
Change-Id: I47456ac65911d4cc4a5acbacfd1d0dae8429684a
The oslo.middleware request_id middleware that is used by most services
sets the request_id into the environment at 'openstack.request_id'. Pick
this value up into the context object if it is present in the
environment.
Change-Id: Iae3799f4c5ad799961a4a6b01d2b77fd97e72be3
is_admin_project is provided by keystonemiddleware and used by
oslo.policy to enforce that a project scoped token exists in the admin
project.
To make this usable we add the ability to read the X-Is-Admin-Project
header from the environment, and add it to the outputted policy values.
Note the value is added to keystonemiddleware in the depend review
however it must work even with older auth_token middlewares so is fine
to merge prior to a middleware release.
Closes-Bug: #1577996
Depends-On: Ic680e6eaa683926914cf4b2152ec3bb67c6601ff
Change-Id: Ie48fedb8092e33e9645a37ea3fe44b88d34ad3b8
If somehow whitespace gets into the roles coming from headers we should
remove it and only save the actual role name. This is not possible
coming from auth_token middleware but is tested by some services and is
simple to support here.
Change-Id: I11ac3959d8f8b233c8785671d7a59263a4dc36df
from_environ only supported the current environ variables from
auth_token middleware as these have been in use for a long time. It
turns out particularly in testing that services may still use the
deprecated headers so we should still support those in oslo.context.
Change-Id: Ia7faf7b657525c11f728ac753422efe87f6ac34f
When we compose a string for user_identity, we should
ensure that we don't break for non-ascii strings in
user name or tenant name or domain names.
Change-Id: Id457ebe415f78c435fc8ece810f0a1b20964dabf
Closes-Bug: #1507937
Currently all the services pass there own dictionary to the oslo.policy
enforcement engine. This means that there is no standard policy language
between services.
Create a dictionary with the standard credential items that may be
required in policy enforcement. This method will need to be overriden
from individual services for backwards compatibility for some time.
Change-Id: I7bc31764e79eb61f602c7b8601149ac75bee9f9f
Closes-Bug: #1537653
This reverts commit 01aaeae060.
This causes test failures with oslo.log change
Ica445ad5dfe9bd27dfcf1b1bcb6401a0bc9496a5 when passing these attributes
to a log message and a context object. The result of setting these in
context causes log.record values to be overridden with blank values.
Catering for this condition causes subsequent mismatches for test
conditions mixing context and optional passing additional attributes
to log.
Change-Id: I5450e105dc914f822a2b4c03b759a682d8b4a3e7