This repo does not support Python 2 anymore, so we don't need
six for compatibility between Python2 and 3, convert six usage to Python
3 code.
Change-Id: Icba56808f38277b27af2ae5aac4b8507dee71b3b
Convert the /auth paths to flask native dispatching.
A minor change to additional_urls was implemented to ensure all
urls are added at once instead of individually (causing an over-
write issue within flask as a single resource may only have a
single set of URL mappings).
Alternate URLs now support adding alternate JSON Home rel links.
This is to support the case of OS-FEDERATION auth routes moving
to /auth. The old JSON Home entries must exist but reference
the new paths.
This port includes the following test changes (needed due to the
way flask handles requests and the way requests are passed through
the auth system):
* Implemented keystone.common.render_token (module)
containing render_token_response_from_model and use it instead
of keystone.common.controller.render_token_response_from_model.
Minor differences occur in render_token_response_from_model in
the keystone.common.render_token module, this is simply
for referencing data from flask instead of the request object.
* Test cases have been modified to no longer rely on the auth
controller(s) directly
* Test cases now use "make_request" as a context manager
since authenticate/authenticate_for_token directly
reference the flask contexts and must have an explicit
context pushed.
* Test cases no longer pass request objects into methods
such as authenticate/authenticate_for_token or similar
methods on the auth plugins
* Test cases for federation reference the token model now
where possible instead of the rendered token response.
Rendered token responses are generated where needed.
* Auth Plugin Configuration is done in test core as well.
This is because Auth controller does not exist.
NOTE: This is a massive change, but must of these changes
were now easily uncoupled because of how far reaching auth
is.
Change-Id: I636928102875760726cc3493775a2be48e774fd7
Partial-Bug: #1776504
Correct an issue with the RBACEnforcer requiring 'member_name' instead
of 'member_key' for the inferred lookup. Due to how flask works and that
all views are instantiated on demand (and not accessible outside of
the active method without a lot of extra introspection), the provider
object now supports a "deferred" lookup mechanism. This mechanism
leverages the descriptor construct and does the lookup of the provider
api property and method at runtime. This, in essence, works like a
"@classproperty" would.
Change-Id: I264384dd521ea60ba6ee98652aaeb939f1a75521
Partial-Bug: #1776504
Move the json_home "extension" rel functiond to a common location
so that they may be shared as needed between apis. Since there
are no new extensions for keystone, once keystone is moved to being
100% flask dispatched, no new relation functions will need to be
added to keystone.api._shared.json_home_relations.
Change-Id: I7040526acccee63183559b5b817b3e33990ab508
Partial-Bug: #1776504