When a federated user authenticates, they are added to their
mapped groups during shadowing.
Closes-Bug: 1809116
Change-Id: I19dc400b2a7aa46709b242cdeef82beaca975ff3
This repo does not support Python 2 anymore, so we don't need
six for compatibility between Python2 and 3, convert six usage to Python
3 code.
Change-Id: Icba56808f38277b27af2ae5aac4b8507dee71b3b
This change updates the minor API version for the new access rules
feature for application credentials, and also adds documentation for
the new feature to the API reference as well as a release note.
bp whitelist-extension-for-app-creds
Change-Id: I8a03223df63877a4f86fbe7e9fa382fdd96c5934
We should never be disabling an API version now, this change
removes a check for seeing if v3 is disabled. Since we should not
be disabling an API version anymore, this check is not needed.
Also removed one test for checking if an API version is disabled.
Change-Id: I08404bf82f26173c68397e33f9e43fadf34ea15e
To best adhere to the RFC2616, we should emit a Location header when
issuing an HTTP 300 to point to the preferred version. While we only
have a single version active it is 'v3'. In the future it should
always be the most recent set of CRUD. This location is strictly for
CRUD purposes and will lean on the WWW-Authentication URI to point
to the most correct AUTH uri.
Change-Id: Ibdd53f236a3c51d1aa23eac35dd595e2dae79ba6
closes-bug: #1230927
This removes common.controller, common.extension, common.router, and
common.wsgi. Relevant code from common.wsgi (used by AuthContext) was
moved into keystone.server.flask.request_processing.middleware.auth_context.
keystone.api.discovery now uses keystone.flask.base_url
test_middleware and test_exception were modified to reflect the changes
to the remaining code from keystone.common.wsgi
keystone.common.authorization only holds a couple constants for auth
work now.
Routes is removed from requirements.txt
Release-Note for migration to flask added.
Change-Id: I81563b6a49c8f12ecade058a9483f3b6f070dc72
Closes-Bug: #1776504
Move the JSON Home Document and Version Discovery Documents out of
the webob-based mapper and into Flask.
This change removes the keystone.version.controller and
keystone.version.router modules as they have been moved into
keystone.api.discovery.
The keystone.api.discovery module is somewhat specialized as there
are no "resources" and it must handle multiple types of responses
based upon the ACCEPTS header (JSON Home or JSON). In lieu of the
flask-RESTful mechanisms, keystone.api.discovery utilizes bare
flask blueprint and functions. Minor scaffolding work has been done
to ensure the discovery blueprint can be loaded via the loader loop
in keystone.server.flask.application (a stub object in
keystone.api.discovery).
Partial-Bug: #1776504
Change-Id: Ib25380cefdbb7147661bb9853de7872a837322e0