This patch adds support for MFA TOTP on openstack dashboard.
A new configuration variable OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED
was added false by default.
If enabled, users needing TOTP are prompted with a new form.
keystone doc: https://docs.openstack.org/keystone/latest/admin/auth-totp.html
Demonstration video : https://youtu.be/prDJJdFoMpM
Change-Id: I1047102a379c8a900a5e6840096bb671da4fd2ff
Blueprint: #totp-support
Closes-Bug: #2030477
This passes the client IP to the keystoneauth1 Session's
original_ip parameter.
This sets the Forwarder HTTP header so that when the request
lands in Keystone the request can actually be interpreted who
made the request and not only that it was proxied by Horizon.
Forwarded: for=100.64.10.1;by=openstack_auth keystoneauth1/4.4.0 python-requests/2.25.1 CPython/3.6.8
In the above example header the 100.64.10.1 is the client IP
that is sent from a load balancer in the X-Forwarded-For header
while the actual REMOTE_ADDR in the HTTP request is the load balancers
IP address.
Change-Id: I52da9dcd7fb6b1ac46852718f285795628121e26
django.utils.translation.ugettext(), ugettext_lazy(), ugettext_noop(),
ungettext(), and ungettext_lazy() are deprecated in favor of the
functions that they’re aliases for: django.utils.translation.gettext(),
gettext_lazy(), gettext_noop(), ngettext(), and ngettext_lazy().
https://docs.djangoproject.com/en/4.0/releases/3.0/#id3
Change-Id: I77878f84e9d10cf6a136dada81eabf4e18676250
This pylint check 'no-else-return' might be debatable.
but as far as I checked it works in most cases.
Change-Id: Ie8574d4a529454c6e050fa62a7a17ea097d00240
Unfortunately the only way we can know the user_id at this point is
by parsing the error message.
I also refactored the exceptions in openstack_auth to make them use
different classes (but one common superclass).
Partially implements blueprint: allow-users-change-expired-password
Change-Id: Ieceee09db21040b96577db19bd195dc3799e3892
Keystone V2 API was deprecated in Stein release in Horizon and
removed from Keystone in Queens release.
Change-Id: I917e273d3174adf0874e516b3d635ccb8ba58a27
This commit also moves descriptions of settings defined in openstack_auth
from openstack_dashboard/settings.py and local_settings.py(.example)
to openstack_auth/settings.py.
Note that if openstack_dashboard has different default settings
from openstack_auth defaults, they are now moved to
openstack_dashboard/defaults.py.
Part of blueprint ini-based-configuration
Change-Id: I59eebc388de0bcbd4d1fe35c6138efbd3e04c5b8
openstack_dashboard/dashboards/project/cgroups/workflows.py:313:8: R1702: Too many nested blocks (6/5) (too-many-nested-blocks)
openstack_auth/plugin/base.py:221:12: R1704: Redefining argument with the local name 'domain_name' (redefined-argument-from-local)
horizon/tables/formset.py:59:16: R1704: Redefining argument with the local name 'column' (redefined-argument-from-local)
Change-Id: Ifeb192efac83c0b2d5399c51f66c8fb8f8969fc0
openstack_dashboard/hooks.py:16:0: E0611: No name 'command' in module 'distutils' (no-name-in-module)
openstack_dashboard/dashboards/project/networks/ports/sg_base.py:52:12: E1111: Assigning result of a function call, where the function has no return (assignment-from-no-return)
BaseSecurityGroupsAction._get_initial_security_groups() is now marked
as abstract method because this method must be implemented in subclasses.
BaseSecurityGroupsAction.handle() is now dropped because there is
no difference from the parent class (horizon.workflows.Action).
openstack_auth/views.py:211:4: E1206: Not enough arguments for logging format string (logging-too-few-args)
openstack_auth/views.py:269:8: E1206: Not enough arguments for logging format string (logging-too-few-args)
openstack_auth/plugin/base.py:237:20: E1206: Not enough arguments for logging format string (logging-too-few-args)
horizon/base.py:166:24: E1133: Non-iterable value self.policy_rules is used in an iterating context (not-an-iterable)
horizon/tabs/base.py:489:40: E1133: Non-iterable value self.table_classes is used in an iterating context (not-an-iterable)
Change-Id: I0b045d04af251854b5017c9f698e3b40503a0724
"Invalid service catalog service" looks odd.
This commit also fixes typo and unnecessary capitalizations.
TrivialFix
Change-Id: I356a2da683aa859b791890837dc6bfe060b5b670
- in exception.py Class ServiceCatalogException
an exception message is untranslated,
- in k2k.oy Class K2KAuthPlugin def get_plugin
an exception message is untranslated.
Change-Id: I7d09f625cc3e074bc5a40478668c7b382613da2f
Signed-off-by: peiy <peiy@rc.inesa.com>
Moves Django OpenStack Auth content to Horizon, since they are so
tightly coupled. This cleans up the development workflow and should
make keystone / auth related contributions easier.
Implements: blueprint merge-openstack-auth
Change-Id: Ia1cdc47bad1ca6e633073a9f9445b0c7f70d05bc