Commit Graph

124 Commits

Author SHA1 Message Date
Zuul e49893e598 Merge "External OAuth2.0 Authorization Server Support" 2023-09-13 18:32:57 +00:00
sunyonggen de15a610e1 External OAuth2.0 Authorization Server Support
The external_oauth2_token filter has been added for accepting or denying
incoming requests containing OAuth 2.0 access tokens that are obtained
from an External Authentication Server.

Depends-On: https://review.opendev.org/c/openstack/keystoneauth/+/860614
Implements: blueprint enhance-oauth2-interoperability
Change-Id: I529c5b0c89933395b126e86651ef09368dd7e6b4
2023-08-30 13:30:32 +00:00
Stephen Finucane 22408f8da0 Remove six
Change-Id: Ib3edfdd087ed1d954f1ecf72a191138f8f1c46a1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2023-06-27 18:03:31 +01:00
Stephen Finucane 0f48ff3e8d Bump hacking to 6.0.x
A note about dependency ordering is removed from the requirements file:
this is no longer true with the dependency resolver introduced with pip
20.3.

Change-Id: I615be3453db37588edf98a46ce484efc5e051f11
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2023-06-27 18:03:30 +01:00
Ghanshyam Mann d60ccd46b9 Drop lower-constraints.txt and its testing
As discussed in TC PTG[1] and TC resolution[2], we are
dropping the lower-constraints.txt file and its testing.
We will keep lower bounds in the requirements.txt file but
with a note that these are not tested lower bounds and we
try our best to keep them updated.

[1] https://etherpad.opendev.org/p/tc-zed-ptg#L326
[2] https://governance.openstack.org/tc/resolutions/20220414-drop-lower-constraints.html#proposal

Change-Id: Ifb9dc54424256d5cffe557894b2d26b2401ebf92
2022-04-30 20:20:34 -05:00
Colleen Murphy 5f093bf5ee Add validation of app cred access rules
This commit adds a validation step in the auth_token middleware to check
for the presence of an access_rules attribute in an application
credential token and to validate the request against the permissions
granted for that token. During token validation it sends a header to
keystone to indicate that it is capable of validating these access
rules, and not providing this header for a token like this would result
in the token failing validation. This disregards access rules for a
service request made by a service on behalf of a user, such as nova
making a request to glance, because such a request is not under the
control of the user and is not expected to be explicitly allowed in the
access rules.

bp whitelist-extension-for-app-creds

Depends-On: https://review.opendev.org/670377

Change-Id: I185e0541d5df538d74edadf9976b3034a2470c88
2019-07-15 16:05:59 -07:00
Lance Bragstad e192963170 Run lower-constraints on Bionic and update python-keystoneclient
This commit updates the version of python-keystoneclient to 3.10.0,
which has fixes to handle different openssl versions:

  https://review.openstack.org/#/c/406175/2

Since we're bumping the minimum version of python-keystoneclient to
include that fix, we can safely run lower-constraints on Bionic
instead of Xenial.

Change-Id: I52fa44fe76590aced193618406ad30eb70d04f9d
2019-03-26 13:37:57 +00:00
OpenStack Proposal Bot e15e2d040b Updated from global requirements
Change-Id: Ia31fc31bd33e85622a15bc383cf1bb7af753de7e
2018-03-17 08:35:04 +00:00
OpenStack Proposal Bot 04eb58a8f4 Updated from global requirements
Change-Id: I16e6cc35166a20abeb400a8609bfefee64644e72
2018-02-17 09:34:37 +00:00
OpenStack Proposal Bot 8b7ac8e3e4 Updated from global requirements
Change-Id: I6effa91e130eaf7ebdf30dd36e1c486e2f36df07
2018-01-16 04:09:47 +00:00
OpenStack Proposal Bot db21ecd2b5 Updated from global requirements
Change-Id: I14b36d8e7246c3694c9557b8261c2e126f5a2d25
2017-12-05 03:07:28 +00:00
Jamie Lennox 9d8e2836fe Use oslo_cache in auth_token middleware
Use the new oslo.cache library instead of using memcached directly.
This keeps the old options around and will continue to use those in
preference to the oslo.config library as there is no way to test whether
oslo.cache was explicitly configured to use that in preference.

Currently there are no messages or anything to deprecate the old options
until we've had a chance to test it in production environments.

Closes-Bug: #1523375
Change-Id: Ifccacc5db311ad538ce60191cbe221644d1a5807
Co-Authored-By: Nicolas Helgeson <nh202b@att.com>
2017-12-01 16:36:40 -08:00
OpenStack Proposal Bot 579f5cee17 Updated from global requirements
Change-Id: I193865cda77ca1e22495b01ea602ebb28a912a8a
2017-11-16 11:07:11 +00:00
OpenStack Proposal Bot 452099f4eb Updated from global requirements
Change-Id: Id3da041f16b8bca068baff4db4239e2c2a6d17cd
2017-11-14 19:03:22 +00:00
OpenStack Proposal Bot c7bdfffbc6 Updated from global requirements
Change-Id: I2a031b4a114da146f720eed4d28666a00a2a7dc0
2017-11-03 17:51:28 +00:00
OpenStack Proposal Bot 9df878e7db Updated from global requirements
Change-Id: I8f3fb853bf358db8fe01427d57b0823f5e3d82c0
2017-10-15 17:00:19 +00:00
OpenStack Proposal Bot b2d6502c26 Updated from global requirements
Change-Id: I83f38668dcc15e5e884c8928047537c8b1a19bd3
2017-08-24 05:50:50 +00:00
Morgan Fainberg 6f63f09735 Remove use of positional decorator
The positional decorator results in poorly maintainable code in
a misguided effort to emulate python3's key-word-arg only notation
and functionality. This patch removes keystonemiddleware's dependance
on the positional decorator.

Change-Id: I1be3b19d08daf18babac66f274787862c6d77a93
2017-08-07 13:18:19 -07:00
OpenStack Proposal Bot 4e91647c1f Updated from global requirements
Change-Id: I15c7eed7a39f8ed7c5d8e18e4083979870cdfbb8
2017-07-27 20:22:52 +00:00
OpenStack Proposal Bot e1629bb0df Updated from global requirements
Change-Id: If23c486c63fa1b0ae3fe003eb7b220138e9e454d
2017-07-23 13:43:13 +00:00
OpenStack Proposal Bot 577ded1154 Updated from global requirements
Change-Id: Ic5a8fd8c1cf4729f4254751f595c0df876c1a05a
2017-07-18 01:47:30 +00:00
OpenStack Proposal Bot 5f9020c925 Updated from global requirements
Change-Id: Ifae5931a29ef9e687139de0a78f33736907f7f7d
2017-06-15 16:24:45 +00:00
OpenStack Proposal Bot c86bbd076f Updated from global requirements
Change-Id: I119fbce30d448bcda1be5da1122922b1ea5c3b57
2017-06-03 13:05:19 +00:00
OpenStack Proposal Bot c2d61ee459 Updated from global requirements
Change-Id: I2304e946843d671351a5ad98c03d297ec85830a3
2017-05-26 17:20:28 +00:00
OpenStack Proposal Bot a657e0704e Updated from global requirements
Change-Id: I62b51c1d98bccbd2929637743e5c52a306427128
2017-05-23 16:20:56 +00:00
OpenStack Proposal Bot bf5bf96dc6 Updated from global requirements
Change-Id: I5a9e67d2ded7ac9b9079ffbfcf30c03f442e3c24
2017-05-15 00:45:35 +00:00
OpenStack Proposal Bot 9b14d80fe0 Updated from global requirements
Change-Id: I5c42ec052c4b8f6a3cabc5e2456b1aacc322e479
2017-04-06 22:03:25 +00:00
OpenStack Proposal Bot 8221869f4e Updated from global requirements
Change-Id: Id74368e2b0b7421c2cc1ad498a008b33df38f39a
2017-02-11 17:43:25 +00:00
OpenStack Proposal Bot 0a9b80cbfb Updated from global requirements
Change-Id: I9b61fd0d06cb0ebdea1f389f9f9903b9e264ffb9
2017-01-21 15:49:11 +00:00
Jenkins 3a36cc2d0a Merge "use oslo.log instead of logging" 2017-01-17 21:19:33 +00:00
OpenStack Proposal Bot c241aec527 Updated from global requirements
Change-Id: Ie9a3bef08a28346476651403fdf3b8fe202b8c58
2017-01-16 17:20:03 +00:00
Janonymous f4d453ec30 use oslo.log instead of logging
The constants of log levels were added in the 1.8 version
of the oslo.log library.
So we can replace all usage of system logging module
with log module from oslo.log

Change-Id: I97a1d913b543dc9dbd4d228b04adbdf7ee320df5
2017-01-13 03:24:18 +00:00
OpenStack Proposal Bot 7924f5d0a0 Updated from global requirements
Change-Id: I759faf89ee7611ee3d010d494fb3e65a0e38389e
2016-12-15 13:42:20 +00:00
OpenStack Proposal Bot f637eee722 Updated from global requirements
Change-Id: I72dd0bb8b87c3e9b3964bb4e891c06f2cfdacaad
2016-12-02 17:10:53 +00:00
OpenStack Proposal Bot 69fcd5fa60 Updated from global requirements
Change-Id: If2ac4bafa048f260bb22ebe931750a61c4405aac
2016-12-02 05:06:08 +00:00
OpenStack Proposal Bot 461a1860a1 Updated from global requirements
Change-Id: I99a55d7bf7b9ed1c610b566ed65830b563b29dd6
2016-11-09 04:16:44 +00:00
OpenStack Proposal Bot 8bb477382f Updated from global requirements
Change-Id: I506b5036961fef7645c2010bef090f2b4b098189
2016-11-06 01:59:49 +00:00
OpenStack Proposal Bot 8a5762fbca Updated from global requirements
Change-Id: I48f690002699b255c05e7a77dcdbb2315be462e4
2016-10-27 12:15:03 +00:00
OpenStack Proposal Bot 7ea888a277 Updated from global requirements
Change-Id: I47d293076ae0c0e775eccbd697466e077fcaee1f
2016-10-21 00:43:32 +00:00
OpenStack Proposal Bot b5800c1673 Updated from global requirements
Change-Id: I5579cc4505b63c845a35bc20ed1fee29b169901a
2016-10-19 03:51:58 +00:00
OpenStack Proposal Bot 257d3c6af2 Updated from global requirements
Change-Id: I2fc7078e9ebaff57957658d0026cd67376755180
2016-10-15 00:05:47 +00:00
OpenStack Proposal Bot 729137de45 Updated from global requirements
Change-Id: If32fa221c8d59e4369d118abea1dce37b003dfc0
2016-10-14 05:37:12 +00:00
OpenStack Proposal Bot fd8dc9c70f Updated from global requirements
Change-Id: I9e17251cd10dad1bbd8edcd39c7133296f62edaf
2016-10-12 22:47:20 +00:00
OpenStack Proposal Bot aab9c28018 Updated from global requirements
Change-Id: I16ce65c86cae1b826b4d6ddde9c3d9a0bab689a6
2016-09-21 19:07:03 +00:00
OpenStack Proposal Bot b347acf9ab Updated from global requirements
Change-Id: Ibfdc533a2520f2b3649a52b94cac4492db542d7c
2016-08-24 01:32:45 +00:00
OpenStack Proposal Bot 1686c4f5a4 Updated from global requirements
Change-Id: I3a80f56a7ebf068124d6972aa4085b6b8b1da464
2016-08-12 00:19:33 +00:00
OpenStack Proposal Bot 7ba3677421 Updated from global requirements
Change-Id: I9c57b8379d8fa9180e10b469a48a80c9b1a4013c
2016-08-08 10:42:19 +00:00
OpenStack Proposal Bot 7dd636efcd Updated from global requirements
Change-Id: Ifff7679fd49de73dd20f91f2b944493f2d1ed7d1
2016-08-04 02:35:56 +00:00
OpenStack Proposal Bot 67dacadfd5 Updated from global requirements
Change-Id: I786d8e92e535fdee916abcd4875c9afb0176c39f
2016-08-01 18:41:58 +00:00
OpenStack Proposal Bot 97857004fb Updated from global requirements
Change-Id: Ib20a754d72a03257a371dc4e99d9feb545ccbfc1
2016-07-29 02:29:11 +00:00