Keystone now provides "member" by default.
It should not be a problem for upgrades when the configuration
is the default one, because Keystone is case-preserving and
Member and member are the considered the same:
https://docs.openstack.org/keystone/latest/admin/identity-case-insensitive.html
Change-Id: I3bd72631d57546dcf8b887833539fe3ccaac4e47
this change adds a utils module to the castellan service package. this
module contains 3 wrapper functions to help reduce the overhead for
working with castellan.
* add sahara.service.castellan.utils module
* fixup previous usages of the castellan key manager
Change-Id: I6ad4e98ab41788022104ad2886e0ab74e4061ec3
Partial-Implements: blueprint improved-secret-storage
This change adds the sahara key manager and converts the proxy passwords
and swift passwords to use the castellan interface.
* adding sahara key manager
* adding castellan to requirements
* removing barbicanclient from requirements
* removing sahara.utils.keymgr and related tests
* adding castellan wrapper configs to sahara list_opts
* creating a castellan validate_config to help setup
* updating documentation for castellan usage
* fixing up tests to work with castellan
* converting all proxy password usages to use castellan
* converting job binaries to use castellan when user credentials are
applied
* converting data source to use castellan when user credentials are
applied
Change-Id: I8cb08a365c6175744970b1037501792fe1ddb0c7
Partial-Implements: blueprint improved-secret-storage
Closes-Bug: #1431944
This change implements the sahara.service.sessions module with the basic
session cache object. It also adds the authentication plugin from the
keystonemiddleware into the context for rest transactions.
It also migrates the keystone client utility functions to use the new
session methodology. The trust module has been accordingly fixed to make
greater use of authentication objects instead of client objects.
* adding auth plugin to context
* adding sessions module
* adding test for sessions
* adding keystonemiddleware base auth plugin object to context on api
call
* adding keystone session to sessions module
* refactoring keystone client to use sessions
* adding keystone methods to retrieve auth plugins, tokens, and service
catalog
* changing sahara.service.trusts to use new keystone methods
* fixing trust tests to fit new authentication methodologies
Change-Id: I65ed4b4dcee8752bf4e66ef9e47305ff408d8d5d
Partial-Implements: bp keystone-sessions
All non-plugin exceptions are now located in one place. The constructor
usage is now brought to one pattern.
Change-Id: I794143889edf89a8ab79d0c6b8fb410da39081a0
All keystoneclient calls wrapped in execute_with_retry
method to avoid occasional errors
partially implements bp clients-calls-retry
Change-Id: I3d7f09c8b867ef7b7766295815e71fd1083a14c1
This is an initial commit to make sahara logs relevant to new
logging spec.
We need to change some log levels to become closer to the spec, also
we need to change some log messages (e.g. for INFO level).
partially-implement bp new-style-logging
Change-Id: I8e7b7c4c3f375648d2999b1d0e19b68390cc22a8
Changes:
* using oslo_config instead of oslo.config
* using oslo_concurrency instead of oslo.concurrency
* using oslo_db instead of oslo.db
* using oslo_i18n instead of oslo.i18n
* using oslo_messaging instead of oslo.messaging
* using oslo_middleware instead of oslo.middleware
* using oslo_serialization instead of oslo.serialization
* using oslo_utils instead of oslo.utils
Change-Id: Ib0f18603ca5b0885256a39a96a3620d05260a272
Closes-bug: #1414587
oslo.log was added to global requirements, so we can migrate to this module.
Also we need this migration to be ensure that it works correctly with
log-improvements.
Since openstack.common.log is not dropped in oslo-incubator,
we shouldn't remove it.
Change-Id: I90468e4db812ae0b5d8a43a37206b236f8904661
Closes-bug: #1412673
This change adds options that allow DataSource objects to be
referenced by name or uuid in the job_configs dictionary of a
job_execution. If a reference to a DataSource is found, the path
information replaces the reference.
Note, references are partially resolved in early processing to
determine whether or not a proxy user must be created. References
are fully resolved in run_job().
Implements: blueprint edp-data-sources-in-job-configs
Change-Id: I5be62b798b86a8aaf933c2cc6b6d5a252f0a8627
* Generates a cluster-scoped proxy-user and keystone TRUST
* Pass a proxy-user auth and trust id to hive-server using hive-site.xml
Partially implements: blueprint edp-hive-vanilla-swift
Change-Id: I65592421b29428d3e726aaf0aaa4977378849ef0
Changes
* adding periodic task for user removal
* adding a wrapper function for the periodic tasks class to improve
configuration
* refactoring proxy user delete function to allow a user id
Change-Id: I641e1650e7a5fcd96246e13b7e1d548c4a0dda25
Partial-implements: blueprint edp-swift-trust-authentication
Changes
* adding a generic keystone client creation function
* adding a function to create proxy user clients
* renaming admin client functions for clarity
* adding token delegation/removal during proxy user creation/deletion
* adding a configuration option for proxy user trust roles
Change-Id: I362a27c1b1d0c5b81d6fbbb91fc0689e339f0076
Partial-implements: blueprint edp-swift-trust-authentication
Changes
* adding sahara.utils.proxy module
* adding functions to create and delete proxy users
* adding proxy user creation during job execution
* adding proxy user deletion during job execution status update
* adding sanitization for proxy configs from job execution
* adding unit test for proxy usage detection function
Partial-implements: blueprint edp-swift-trust-authentication
Change-Id: I551a14a3cb5320a27fc6104b35c3b9a08a03abda
Changes
* adding configuration option for use of proxy domain
* adding configuration option for proxy domain name
* adding method to get the Domain object for the proxy
Partial-implements: blueprint edp-swift-trust-authentication
Change-Id: I369de80c918a52db5200865f754c40bc807289e4
Luigi Toscano