Hello community,
here is the log from the commit of package python-keystoneauth1 for
openSUSE:Factory checked in at 2018-02-14 10:50:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-keystoneauth1 (Old)
and /work/SRC/openSUSE:Factory/.python-keystoneauth1.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-keystoneauth1"
Wed Feb 14 10:50:31 2018 rev:6 rq:575937 version:3.4.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-keystoneauth1/python-keystoneauth1.changes
2018-01-13 21:43:13.566440685 +0100
+++
/work/SRC/openSUSE:Factory/.python-keystoneauth1.new/python-keystoneauth1.changes
2018-02-14 10:50:32.792006145 +0100
@@ -1,0 +2,16 @@
+Mon Feb 12 09:57:34 UTC 2018 - cloud-de...@suse.de
+
+- update to version 3.4.0 (bsc#1078607)
+ - Implement system scope
+ - Make none auth usable in CLI
+ - Mark SAML loader properties as required
+ - Shift additional_user_agent in the stack
+ - Fix docs builds
+ - Use stestr in tox.ini
+ - Add documentation and release note for app creds
+ - Add osc, shade and sdk tips jobs
+ - Add support for application credentials
+ - Updated from global requirements
+ - Fix masked variable name
+
+-------------------------------------------------------------------
Old:
----
keystoneauth1-3.3.0.tar.gz
New:
----
keystoneauth1-3.4.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-keystoneauth1.spec ++++++
--- /var/tmp/diff_new_pack.70mpQU/_old 2018-02-14 10:50:33.483981243 +0100
+++ /var/tmp/diff_new_pack.70mpQU/_new 2018-02-14 10:50:33.483981243 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-keystoneauth1
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%global sname keystoneauth1
Name: python-keystoneauth1
-Version: 3.3.0
+Version: 3.4.0
Release: 0
Summary: OpenStack authenticating tools
License: Apache-2.0
@@ -34,9 +34,9 @@
BuildRequires: python2-mock >= 2.0.0
BuildRequires: python2-oauthlib >= 0.6.0
BuildRequires: python2-os-testr >= 1.0.0
-BuildRequires: python2-oslo.config >= 4.6.0
-BuildRequires: python2-oslo.utils >= 3.31.0
-BuildRequires: python2-oslotest >= 1.10.0
+BuildRequires: python2-oslo.config >= 5.1.0
+BuildRequires: python2-oslo.utils >= 3.33.0
+BuildRequires: python2-oslotest >= 3.2.0
BuildRequires: python2-pbr >= 2.0.0
BuildRequires: python2-positional
BuildRequires: python2-pycrypto >= 2.6
@@ -53,9 +53,9 @@
BuildRequires: python3-mock >= 2.0.0
BuildRequires: python3-oauthlib >= 0.6.0
BuildRequires: python3-os-testr >= 1.0.0
-BuildRequires: python3-oslo.config >= 4.6.0
-BuildRequires: python3-oslo.utils >= 3.31.0
-BuildRequires: python3-oslotest >= 1.10.0
+BuildRequires: python3-oslo.config >= 5.1.0
+BuildRequires: python3-oslo.utils >= 3.33.0
+BuildRequires: python3-oslotest >= 3.2.0
BuildRequires: python3-pbr >= 2.0.0
BuildRequires: python3-positional
BuildRequires: python3-pycrypto >= 2.6
++++++ keystoneauth1-3.3.0.tar.gz -> keystoneauth1-3.4.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/.zuul.yaml
new/keystoneauth1-3.4.0/.zuul.yaml
--- old/keystoneauth1-3.3.0/.zuul.yaml 1970-01-01 01:00:00.000000000 +0100
+++ new/keystoneauth1-3.4.0/.zuul.yaml 2018-01-21 18:16:03.000000000 +0100
@@ -0,0 +1,8 @@
+- project:
+ name: openstack/keystoneauth
+ templates:
+ - openstacksdk-functional-tips
+ - openstacksdk-tox-tips
+ - osc-tox-unit-tips
+ - shade-functional-tips
+ - shade-tox-tips
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/AUTHORS
new/keystoneauth1-3.4.0/AUTHORS
--- old/keystoneauth1-3.3.0/AUTHORS 2017-11-29 22:54:05.000000000 +0100
+++ new/keystoneauth1-3.4.0/AUTHORS 2018-01-21 18:18:04.000000000 +0100
@@ -31,6 +31,7 @@
Clenimar Sousa <clenimar.file...@gmail.com>
Clint Byrum <cl...@fewbar.com>
Colleen Murphy <colleen.mur...@suse.com>
+Colleen Murphy <colleen.mur...@suse.de>
Colleen Murphy <coll...@gazlene.net>
Corey Bryant <corey.bry...@canonical.com>
Cyril Roelandt <cyril.roela...@enovance.com>
@@ -144,6 +145,7 @@
Victor Stinner <vstin...@redhat.com>
Vincent Untz <vu...@suse.com>
Vishvananda Ishaya <vishvana...@gmail.com>
+Vladyslav Drok <vd...@mirantis.com>
Vu Cong Tuan <tua...@vn.fujitsu.com>
Wu Wenxiang <wu.wenxi...@99cloud.net>
YangLei <yang...@cn.ibm.com>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/ChangeLog
new/keystoneauth1-3.4.0/ChangeLog
--- old/keystoneauth1-3.3.0/ChangeLog 2017-11-29 22:54:05.000000000 +0100
+++ new/keystoneauth1-3.4.0/ChangeLog 2018-01-21 18:18:03.000000000 +0100
@@ -1,12 +1,29 @@
CHANGES
=======
+3.4.0
+-----
+
+* Add documentation and release note for app creds
+* Add support for application credentials
+* Updated from global requirements
+* Implement system scope
+* Use stestr in tox.ini
+* Updated from global requirements
+* Fix masked variable name
+* Shift additional\_user\_agent in the stack
+* Updated from global requirements
+* Fix docs builds
+* Add osc, shade and sdk tips jobs
+* Mark SAML loader properties as required
+
3.3.0
-----
* Remove setting of version/release from releasenotes
* Updated from global requirements
* Updated from global requirements
+* Make none auth usable in CLI
* Add EndpointData.\_\_str\_\_ for debugging
* Correct docs usage of keystoneauth1 session
* Updated from global requirements
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/PKG-INFO
new/keystoneauth1-3.4.0/PKG-INFO
--- old/keystoneauth1-3.3.0/PKG-INFO 2017-11-29 22:54:06.000000000 +0100
+++ new/keystoneauth1-3.4.0/PKG-INFO 2018-01-21 18:18:05.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: keystoneauth1
-Version: 3.3.0
+Version: 3.4.0
Summary: Authentication Library for OpenStack Identity
Home-page: https://docs.openstack.org/keystoneauth/latest/
Author: OpenStack
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/doc/requirements.txt
new/keystoneauth1-3.4.0/doc/requirements.txt
--- old/keystoneauth1-3.3.0/doc/requirements.txt 1970-01-01
01:00:00.000000000 +0100
+++ new/keystoneauth1-3.4.0/doc/requirements.txt 2018-01-21
18:16:03.000000000 +0100
@@ -0,0 +1,19 @@
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
+
+# For generationg sphinx documentation
+openstackdocstheme>=1.17.0 # Apache-2.0
+reno>=2.5.0 # Apache-2.0
+sphinx!=1.6.6,>=1.6.2 # BSD
+
+# For autodoc builds
+hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
+fixtures>=3.0.0 # Apache-2.0/BSD
+mock>=2.0.0 # BSD
+betamax>=0.7.0 # Apache-2.0
+oslo.config>=5.1.0 # Apache-2.0
+oslo.utils>=3.33.0 # Apache-2.0
+requests-mock>=1.1.0 # Apache-2.0
+lxml!=3.7.0,>=3.4.1 # BSD
+oauthlib>=0.6.0 # BSD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/doc/source/authentication-plugins.rst
new/keystoneauth1-3.4.0/doc/source/authentication-plugins.rst
--- old/keystoneauth1-3.3.0/doc/source/authentication-plugins.rst
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/doc/source/authentication-plugins.rst
2018-01-21 18:16:26.000000000 +0100
@@ -59,6 +59,8 @@
a V3 identity service using Time-Based One-Time Password (TOTP).
- :py:class:`~keystoneauth1.identity.v3.TokenlessAuth`: Authenticate against
a V3 identity service using tokenless authentication.
+- :py:class:`~keystoneauth1.identity.v3.ApplicationCredentialMethod`:
+ Authenticate against a V3 identity service using an application credential.
- :py:class:`~keystoneauth1.extras.kerberos.KerberosMethod`: Authenticate
against a V3 identity service using Kerberos.
@@ -179,6 +181,29 @@
>>> s = session.Session(auth=a)
+Application Credentials
+=======================
+
+There is a specific authentication method for interacting with Identity servers
+that support application credential authentication. Since application
+credentials are associated to a user on a specific project, some parameters are
+not required as they would be with traditional password authentication. The
+following method can be used to authenticate for a token using an application
+credential::
+
+- :py:class:`~keystoneauth1.identity.v3.ApplicationCredential`:
+
+The following example shows the method usage with a session::
+
+ >>> from keystoneauth1 import session
+ >>> from keystone.identity import v3
+ >>> auth = v3.ApplicationCredential(
+ application_credential_secret='application_credential_secret',
+ application_credential_id='c2872b920853478292623be94b657090'
+ )
+ >>> sess = session.Session(auth=auth)
+
+
Tokenless Auth
==============
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/access/access.py
new/keystoneauth1-3.4.0/keystoneauth1/access/access.py
--- old/keystoneauth1-3.3.0/keystoneauth1/access/access.py 2017-11-29
22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/access/access.py 2018-01-21
18:16:03.000000000 +0100
@@ -219,7 +219,7 @@
:returns: bool
"""
- return self.project_scoped or self.domain_scoped
+ return self.project_scoped or self.domain_scoped or self.system_scoped
@property
def project_scoped(self):
@@ -238,6 +238,14 @@
raise NotImplementedError()
@property
+ def system_scoped(self):
+ """Return true if the auth token was scoped to the system.
+
+ :returns: bool
+ """
+ raise NotImplementedError()
+
+ @property
def trust_id(self):
"""Return the trust id associated with the auth request.
@@ -492,6 +500,10 @@
return False
@property
+ def system_scoped(self):
+ return False
+
+ @property
def _trust(self):
return self._data['access']['trust']
@@ -647,6 +659,10 @@
def username(self):
return self._user['name']
+ @_missingproperty
+ def system(self):
+ return self._data['token']['system']
+
@property
def _domain(self):
return self._data['token']['domain']
@@ -690,6 +706,10 @@
except KeyError:
return False
+ @_missingproperty
+ def system_scoped(self):
+ return self._data['token']['system'].get('all', False)
+
@property
def _trust(self):
return self._data['token']['OS-TRUST:trust']
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/access/service_catalog.py
new/keystoneauth1-3.4.0/keystoneauth1/access/service_catalog.py
--- old/keystoneauth1-3.3.0/keystoneauth1/access/service_catalog.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/access/service_catalog.py
2018-01-21 18:16:03.000000000 +0100
@@ -206,9 +206,9 @@
return matching_endpoints
ret = {}
- for service_type, endpoints in matching_endpoints.items():
+ for matched_service_type, endpoints in matching_endpoints.items():
if not endpoints:
- ret[service_type] = []
+ ret[matched_service_type] = []
continue
matches_by_interface = {}
for endpoint in endpoints:
@@ -216,7 +216,7 @@
matches_by_interface[endpoint.interface].append(endpoint)
best_interface = [i for i in interfaces
if i in matches_by_interface.keys()][0]
- ret[service_type] = matches_by_interface[best_interface]
+ ret[matched_service_type] = matches_by_interface[best_interface]
return ret
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/extras/_saml2/_loading.py
new/keystoneauth1-3.4.0/keystoneauth1/extras/_saml2/_loading.py
--- old/keystoneauth1-3.3.0/keystoneauth1/extras/_saml2/_loading.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/extras/_saml2/_loading.py
2018-01-21 18:16:03.000000000 +0100
@@ -29,10 +29,14 @@
options.extend([
loading.Opt('identity-provider-url',
+ required=True,
help=('An Identity Provider URL, where the SAML2 '
'authentication request will be sent.')),
- loading.Opt('username', help='Username'),
- loading.Opt('password', secret=True, help='Password')
+ loading.Opt('username', help='Username', required=True),
+ loading.Opt('password',
+ secret=True,
+ help='Password',
+ required=True)
])
return options
@@ -53,14 +57,20 @@
options.extend([
loading.Opt('identity-provider-url',
+ required=True,
help=('An Identity Provider URL, where the SAML '
'authentication request will be sent.')),
loading.Opt('service-provider-endpoint',
+ required=True,
help="Service Provider's Endpoint"),
loading.Opt('service-provider-entity-id',
+ required=True,
help="Service Provider's SAML Entity ID"),
- loading.Opt('username', help='Username'),
- loading.Opt('password', secret=True, help='Password')
+ loading.Opt('username', help='Username', required=True),
+ loading.Opt('password',
+ secret=True,
+ required=True,
+ help='Password')
])
return options
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/fixture/v3.py
new/keystoneauth1-3.4.0/keystoneauth1/fixture/v3.py
--- old/keystoneauth1-3.3.0/keystoneauth1/fixture/v3.py 2017-11-29
22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/fixture/v3.py 2018-01-21
18:16:03.000000000 +0100
@@ -265,6 +265,14 @@
self.root.setdefault('domain', {})['name'] = value
@property
+ def system(self):
+ return self.root.get('system', {})
+
+ @system.setter
+ def system(self, value):
+ return self.root.setdefault('system', value)
+
+ @property
def trust_id(self):
return self.root.get('OS-TRUST:trust', {}).get('id')
@@ -363,12 +371,13 @@
def validate(self):
project = self.root.get('project')
domain = self.root.get('domain')
+ system = self.root.get('system')
trust = self.root.get('OS-TRUST:trust')
catalog = self.root.get('catalog')
roles = self.root.get('roles')
scoped = project or domain or trust
- if sum((bool(project), bool(domain), bool(trust))) > 1:
+ if sum((bool(project), bool(domain), bool(trust), bool(system))) > 1:
msg = 'You cannot scope to multiple targets'
raise exception.FixtureValidationError(msg)
@@ -412,6 +421,13 @@
self.domain_id = id or uuid.uuid4().hex
self.domain_name = name or uuid.uuid4().hex
+ def set_system_scope(self):
+ # NOTE(lbragstad): In the future it might be possible to scope a token
+ # to a subset of the entire system (e.g. a specific service, region, or
+ # service within a region). Until then, the only system scope is the
+ # entire system.
+ self.system = {'all': True}
+
def set_trust_scope(self, id=None, impersonation=False,
trustee_user_id=None, trustor_user_id=None):
self.trust_id = id or uuid.uuid4().hex
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/identity/__init__.py
new/keystoneauth1-3.4.0/keystoneauth1/identity/__init__.py
--- old/keystoneauth1-3.3.0/keystoneauth1/identity/__init__.py 2017-11-29
22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/identity/__init__.py 2018-01-21
18:16:03.000000000 +0100
@@ -55,6 +55,9 @@
V3TokenlessAuth = v3.TokenlessAuth
"""See :class:`keystoneauth1.identity.v3.TokenlessAuth`"""
+V3ApplicationCredential = v3.ApplicationCredential
+"""See :class:`keystoneauth1.identity.v3.ApplicationCredential`"""
+
__all__ = ('BaseIdentityPlugin',
'Password',
'Token',
@@ -66,4 +69,5 @@
'V3OidcAuthorizationCode',
'V3OidcAccessToken',
'V3TOTP',
- 'V3TokenlessAuth')
+ 'V3TokenlessAuth',
+ 'V3ApplicationCredential')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/identity/generic/base.py
new/keystoneauth1-3.4.0/keystoneauth1/identity/generic/base.py
--- old/keystoneauth1-3.3.0/keystoneauth1/identity/generic/base.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/identity/generic/base.py
2018-01-21 18:16:03.000000000 +0100
@@ -41,6 +41,7 @@
project_domain_name=None,
domain_id=None,
domain_name=None,
+ system_scope=None,
trust_id=None,
default_domain_id=None,
default_domain_name=None,
@@ -54,6 +55,7 @@
self._project_domain_name = project_domain_name
self._domain_id = domain_id
self._domain_name = domain_name
+ self._system_scope = system_scope
self._trust_id = trust_id
self._default_domain_id = default_domain_id
self._default_domain_name = default_domain_name
@@ -102,6 +104,7 @@
def _v3_params(self):
"""Return the parameters that are common to v3 plugins."""
return {'trust_id': self._trust_id,
+ 'system_scope': self._system_scope,
'project_id': self._project_id,
'project_name': self._project_name,
'project_domain_id': self.project_domain_id,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/__init__.py
new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/__init__.py
--- old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/__init__.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/__init__.py
2018-01-21 18:16:03.000000000 +0100
@@ -10,6 +10,7 @@
# License for the specific language governing permissions and limitations
# under the License.
+from keystoneauth1.identity.v3.application_credential import * # noqa
from keystoneauth1.identity.v3.base import * # noqa
from keystoneauth1.identity.v3.federation import * # noqa
from keystoneauth1.identity.v3.k2k import * # noqa
@@ -20,7 +21,10 @@
from keystoneauth1.identity.v3.tokenless_auth import * # noqa
-__all__ = ('Auth',
+__all__ = ('ApplicationCredential',
+ 'ApplicationCredentialMethod',
+
+ 'Auth',
'AuthConstructor',
'AuthMethod',
'BaseAuth',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/application_credential.py
new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/application_credential.py
--- old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/application_credential.py
1970-01-01 01:00:00.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/application_credential.py
2018-01-21 18:16:03.000000000 +0100
@@ -0,0 +1,89 @@
+# Copyright 2018 SUSE Linux GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneauth1.identity.v3 import base
+
+
+__all__ = ('ApplicationCredentialMethod', 'ApplicationCredential')
+
+
+class ApplicationCredentialMethod(base.AuthMethod):
+ """Construct a User/Passcode based authentication method.
+
+ :param string application_credential_secret: Application credential secret.
+ :param string application_credential_id: Application credential id.
+ :param string application_credential_name: The name of the application
+ credential, if an ID is not
+ provided.
+ :param string username: Username for authentication, if an application
+ credential ID is not provided.
+ :param string user_id: User ID for authentication, if an application
+ credential ID is not provided.
+ :param string user_domain_id: User's domain ID for authentication, if an
+ application credential ID is not provided.
+ :param string user_domain_name: User's domain name for authentication, if
+ an application credential ID is not
+ provided.
+ """
+
+ _method_parameters = ['application_credential_secret',
+ 'application_credential_id',
+ 'application_credential_name',
+ 'user_id',
+ 'username',
+ 'user_domain_id',
+ 'user_domain_name']
+
+ def get_auth_data(self, session, auth, headers, **kwargs):
+ auth_data = {'secret': self.application_credential_secret}
+
+ if self.application_credential_id:
+ auth_data['id'] = self.application_credential_id
+ else:
+ auth_data['name'] = self.application_credential_name
+ auth_data['user'] = {}
+ if self.user_id:
+ auth_data['user']['id'] = self.user_id
+ elif self.username:
+ auth_data['user']['name'] = self.username
+
+ if self.user_domain_id:
+ auth_data['user']['domain'] = {'id': self.user_domain_id}
+ elif self.user_domain_name:
+ auth_data['user']['domain'] = {
+ 'name': self.user_domain_name}
+
+ return 'application_credential', auth_data
+
+ def get_cache_id_elements(self):
+ return dict(('application_credential_%s' % p, getattr(self, p))
+ for p in self._method_parameters)
+
+
+class ApplicationCredential(base.AuthConstructor):
+ """A plugin for authenticating with an application credential.
+
+ :param string auth_url: Identity service endpoint for authentication.
+ :param string application_credential_secret: Application credential secret.
+ :param string application_credential_id: Application credential ID.
+ :param string application_credential_name: Application credential name.
+ :param string username: Username for authentication.
+ :param string user_id: User ID for authentication.
+ :param string user_domain_id: User's domain ID for authentication.
+ :param string user_domain_name: User's domain name for authentication.
+ :param bool reauthenticate: Allow fetching a new token if the current one
+ is going to expire. (optional) default True
+ """
+
+ _auth_method_class = ApplicationCredentialMethod
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/base.py
new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/base.py
--- old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/base.py 2017-11-29
22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/base.py 2018-01-21
18:16:03.000000000 +0100
@@ -31,6 +31,7 @@
:param string auth_url: Identity service endpoint for authentication.
:param string trust_id: Trust ID for trust scoping.
+ :param string system_scope: System information to scope to.
:param string domain_id: Domain ID for domain scoping.
:param string domain_name: Domain name for domain scoping.
:param string project_id: Project ID for project scoping.
@@ -45,6 +46,7 @@
def __init__(self, auth_url,
trust_id=None,
+ system_scope=None,
domain_id=None,
domain_name=None,
project_id=None,
@@ -56,6 +58,7 @@
super(BaseAuth, self).__init__(auth_url=auth_url,
reauthenticate=reauthenticate)
self.trust_id = trust_id
+ self.system_scope = system_scope
self.domain_id = domain_id
self.domain_name = domain_name
self.project_id = project_id
@@ -78,7 +81,7 @@
"""Return true if parameters can be used to create a scoped token."""
return (self.domain_id or self.domain_name or
self.project_id or self.project_name or
- self.trust_id)
+ self.trust_id or self.system_scope)
class Auth(BaseAuth):
@@ -153,6 +156,15 @@
body['auth']['scope'] = {'OS-TRUST:trust': {'id': self.trust_id}}
elif self.unscoped:
body['auth']['scope'] = 'unscoped'
+ elif self.system_scope:
+ # NOTE(lbragstad): Right now it's only possible to have role
+ # assignments on the entire system. In the future that might change
+ # so that users and groups can have roles on parts of the system,
+ # like a specific service in a specific region. If that happens,
+ # this will have to be accounted for here. Until then we'll only
+ # support scoping to the entire system.
+ if self.system_scope == 'all':
+ body['auth']['scope'] = {'system': {'all': True}}
# NOTE(jamielennox): we add nocatalog here rather than in token_url
# directly as some federation plugins require the base token_url
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/password.py
new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/password.py
--- old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/password.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/password.py
2018-01-21 18:16:03.000000000 +0100
@@ -62,6 +62,7 @@
:param string user_domain_id: User's domain ID for authentication.
:param string user_domain_name: User's domain name for authentication.
:param string trust_id: Trust ID for trust scoping.
+ :param string system_scope: System information to scope to.
:param string domain_id: Domain ID for domain scoping.
:param string domain_name: Domain name for domain scoping.
:param string project_id: Project ID for project scoping.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/loading/_plugins/identity/v3.py
new/keystoneauth1-3.4.0/keystoneauth1/loading/_plugins/identity/v3.py
--- old/keystoneauth1-3.3.0/keystoneauth1/loading/_plugins/identity/v3.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/loading/_plugins/identity/v3.py
2018-01-21 18:16:03.000000000 +0100
@@ -254,3 +254,43 @@
raise exceptions.OptionError(m)
return super(TokenlessAuth, self).load_from_options(**kwargs)
+
+
+class ApplicationCredential(loading.BaseV3Loader):
+
+ @property
+ def plugin_class(self):
+ return identity.V3ApplicationCredential
+
+ def get_options(self):
+ options = super(ApplicationCredential, self).get_options()
+ _add_common_identity_options(options)
+
+ options.extend([
+ loading.Opt('application_credential_secret', secret=True,
+ required=True,
+ help="Application credential auth secret"),
+ ]),
+ options.extend([
+ loading.Opt('application_credential_id',
+ help='Application credential ID'),
+ ]),
+ options.extend([
+ loading.Opt('application_credential_name',
+ help='Application credential name'),
+ ])
+
+ return options
+
+ def load_from_options(self, **kwargs):
+ _assert_identity_options(kwargs)
+ if (not kwargs.get('application_credential_id') and
+ not kwargs.get('application_credential_name')):
+ m = ('You must provide either an application credential ID or an '
+ 'application credential name and user.')
+ raise exceptions.OptionError(m)
+ if not kwargs.get('application_credential_secret'):
+ m = ('You must provide an auth secret.')
+ raise exceptions.OptionError(m)
+
+ return super(ApplicationCredential, self).load_from_options(**kwargs)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/loading/_plugins/noauth.py
new/keystoneauth1-3.4.0/keystoneauth1/loading/_plugins/noauth.py
--- old/keystoneauth1-3.3.0/keystoneauth1/loading/_plugins/noauth.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/loading/_plugins/noauth.py
2018-01-21 18:16:03.000000000 +0100
@@ -17,11 +17,12 @@
class NoAuth(loading.BaseLoader):
"""Use no tokens to perform requests.
- This must be used together with adapter.Adapter.endpoint_override
- to instantiate clients for services deployed in noauth/standalone mode.
+ This can be used to instantiate clients for services deployed in
+ noauth/standalone mode.
There is no fetching a service catalog or determining scope information
- and so it cannot be used by clients that expect use this scope information.
+ and so it cannot be used by clients that expect to use this scope
+ information.
"""
@@ -30,4 +31,11 @@
return noauth.NoAuth
def get_options(self):
- return []
+ options = super(NoAuth, self).get_options()
+
+ options.extend([
+ loading.Opt('endpoint',
+ help='The endpoint that will always be used'),
+ ])
+
+ return options
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/loading/identity.py
new/keystoneauth1-3.4.0/keystoneauth1/loading/identity.py
--- old/keystoneauth1-3.3.0/keystoneauth1/loading/identity.py 2017-11-29
22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/loading/identity.py 2018-01-21
18:16:03.000000000 +0100
@@ -74,6 +74,7 @@
options = super(BaseV3Loader, self).get_options()
options.extend([
+ opts.Opt('system-scope', help='Scope for system operations'),
opts.Opt('domain-id', help='Domain ID to scope to'),
opts.Opt('domain-name', help='Domain name to scope to'),
opts.Opt('project-id', help='Project ID to scope to'),
@@ -136,6 +137,7 @@
options = super(BaseGenericLoader, self).get_options()
options.extend([
+ opts.Opt('system-scope', help='Scope for system operations'),
opts.Opt('domain-id', help='Domain ID to scope to'),
opts.Opt('domain-name', help='Domain name to scope to'),
opts.Opt('project-id', help='Project ID to scope to',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/noauth.py
new/keystoneauth1-3.4.0/keystoneauth1/noauth.py
--- old/keystoneauth1-3.3.0/keystoneauth1/noauth.py 2017-11-29
22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/noauth.py 2018-01-21
18:16:03.000000000 +0100
@@ -20,5 +20,18 @@
that might be deployed in standalone/noauth mode.
"""
- def get_token(self, session):
+ def __init__(self, endpoint=None):
+ super(NoAuth, self).__init__()
+ self.endpoint = endpoint
+
+ def get_token(self, session, **kwargs):
return 'notused'
+
+ def get_endpoint(self, session, **kwargs):
+ """Return the supplied endpoint.
+
+ Using this plugin the same endpoint is returned regardless of the
+ parameters passed to the plugin. endpoint_override overrides the
+ endpoint specified when constructing the plugin.
+ """
+ return kwargs.get('endpoint_override') or self.endpoint
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/session.py
new/keystoneauth1-3.4.0/keystoneauth1/session.py
--- old/keystoneauth1-3.3.0/keystoneauth1/session.py 2017-11-29
22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/session.py 2018-01-21
18:16:03.000000000 +0100
@@ -623,14 +623,14 @@
elif self.app_name:
agent.append(self.app_name)
- for additional in self.additional_user_agent:
- agent.append('%s/%s' % additional)
-
if client_name and client_version:
agent.append('%s/%s' % (client_name, client_version))
elif client_name:
agent.append(client_name)
+ for additional in self.additional_user_agent:
+ agent.append('%s/%s' % additional)
+
if not agent:
# NOTE(jamielennox): determine_user_agent will return an empty
# string on failure so checking for None will ensure it is only
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/access/test_v3_access.py
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/access/test_v3_access.py
--- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/access/test_v3_access.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/access/test_v3_access.py
2018-01-21 18:16:03.000000000 +0100
@@ -73,6 +73,54 @@
self.assertTrue(auth_ref.will_expire_soon(stale_duration=301))
self.assertFalse(auth_ref.will_expire_soon())
+ def test_building_system_scoped_assessinfo(self):
+ token = fixture.V3Token()
+ token.set_system_scope()
+
+ s = token.add_service(type='identity')
+ s.add_standard_endpoints(public='http://url')
+
+ token_id = uuid.uuid4().hex
+
+ auth_ref = access.create(body=token, auth_token=token_id)
+
+ self.assertTrue(auth_ref)
+ self.assertIn('methods', auth_ref._data['token'])
+ self.assertIn('catalog', auth_ref._data['token'])
+ self.assertTrue(auth_ref.has_service_catalog())
+ self.assertTrue(auth_ref._data['token']['catalog'])
+
+ self.assertEqual(token_id, auth_ref.auth_token)
+ self.assertEqual(token.user_name, auth_ref.username)
+ self.assertEqual(token.user_id, auth_ref.user_id)
+
+ self.assertEqual(token.role_ids, auth_ref.role_ids)
+ self.assertEqual(token.role_names, auth_ref.role_names)
+
+ self.assertEqual(token.domain_name, auth_ref.domain_name)
+ self.assertEqual(token.domain_id, auth_ref.domain_id)
+
+ self.assertEqual(token.user_domain_id, auth_ref.user_domain_id)
+ self.assertEqual(token.user_domain_name, auth_ref.user_domain_name)
+
+ self.assertIsNone(auth_ref.project_name)
+ self.assertIsNone(auth_ref.project_id)
+
+ self.assertIsNone(auth_ref.project_domain_id)
+ self.assertIsNone(auth_ref.project_domain_name)
+
+ self.assertIsNone(auth_ref.domain_name)
+ self.assertIsNone(auth_ref.domain_id)
+
+ self.assertEqual(token.system, auth_ref.system)
+
+ self.assertTrue(auth_ref.system_scoped)
+ self.assertFalse(auth_ref.domain_scoped)
+ self.assertFalse(auth_ref.project_scoped)
+
+ self.assertEqual(token.audit_id, auth_ref.audit_id)
+ self.assertEqual(token.audit_chain_id, auth_ref.audit_chain_id)
+
def test_building_domain_scoped_accessinfo(self):
token = fixture.V3Token()
token.set_domain_scope()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/extras/kerberos/test_fedkerb_loading.py
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/extras/kerberos/test_fedkerb_loading.py
---
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/extras/kerberos/test_fedkerb_loading.py
2017-11-29 22:52:38.000000000 +0100
+++
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/extras/kerberos/test_fedkerb_loading.py
2018-01-21 18:16:03.000000000 +0100
@@ -21,7 +21,8 @@
opts = [o.name for o in
loading.get_plugin_loader('v3fedkerb').get_options()]
- allowed_opts = ['domain-id',
+ allowed_opts = ['system-scope',
+ 'domain-id',
'domain-name',
'identity-provider',
'project-id',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/extras/kerberos/test_kerberos_loading.py
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/extras/kerberos/test_kerberos_loading.py
---
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/extras/kerberos/test_kerberos_loading.py
2017-11-29 22:52:38.000000000 +0100
+++
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/extras/kerberos/test_kerberos_loading.py
2018-01-21 18:16:03.000000000 +0100
@@ -20,7 +20,8 @@
opts = [o.name for o in
loading.get_plugin_loader('v3kerberos').get_options()]
- allowed_opts = ['domain-id',
+ allowed_opts = ['system-scope',
+ 'domain-id',
'domain-name',
'project-id',
'project-name',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/identity/test_identity_v3.py
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/identity/test_identity_v3.py
---
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/identity/test_identity_v3.py
2017-11-29 22:52:38.000000000 +0100
+++
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/identity/test_identity_v3.py
2018-01-21 18:16:03.000000000 +0100
@@ -33,6 +33,9 @@
TEST_PASS = 'password'
+ TEST_APP_CRED_ID = 'appcredid'
+ TEST_APP_CRED_SECRET = 'secret'
+
TEST_SERVICE_CATALOG = [{
"endpoints": [{
"url": "http://cdn.admin-nets.local:8774/v1.0/";,
@@ -186,6 +189,35 @@
"self": "https://identity:5000/v3/projects";,
}
}
+ self.TEST_APP_CRED_TOKEN_RESPONSE = {
+ "token": {
+ "methods": [
+ "application_credential"
+ ],
+
+ "expires_at": "2020-01-01T00:00:10.000123Z",
+ "project": {
+ "domain": {
+ "id": self.TEST_DOMAIN_ID,
+ "name": self.TEST_DOMAIN_NAME
+ },
+ "id": self.TEST_TENANT_ID,
+ "name": self.TEST_TENANT_NAME
+ },
+ "user": {
+ "domain": {
+ "id": self.TEST_DOMAIN_ID,
+ "name": self.TEST_DOMAIN_NAME
+ },
+ "id": self.TEST_USER,
+ "name": self.TEST_USER
+ },
+ "issued_at": "2013-05-29T16:55:21.468960Z",
+ "catalog": self.TEST_SERVICE_CATALOG,
+ "service_providers": self.TEST_SERVICE_PROVIDERS,
+ "application_credential_restricted": True
+ },
+ }
def stub_auth(self, subject_token=None, **kwargs):
if not subject_token:
@@ -370,6 +402,22 @@
domain_id='x', trust_id='x')
self.assertRaises(exceptions.AuthorizationFailure, a.get_auth_ref, s)
+ def test_application_credential_method(self):
+ self.stub_auth(json=self.TEST_APP_CRED_TOKEN_RESPONSE)
+ ac = v3.ApplicationCredential(
+ self.TEST_URL, application_credential_id=self.TEST_APP_CRED_ID,
+ application_credential_secret=self.TEST_APP_CRED_SECRET)
+ req = {'auth': {'identity':
+ {'methods': ['application_credential'],
+ 'application_credential': {
+ 'id': self.TEST_APP_CRED_ID,
+ 'secret': self.TEST_APP_CRED_SECRET}}}}
+ s = session.Session(auth=ac)
+ self.assertEqual({'X-Auth-Token': self.TEST_TOKEN},
+ s.get_auth_headers())
+ self.assertRequestBodyIs(json=req)
+ self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
+
def _do_service_url_test(self, base_url, endpoint_filter):
self.stub_auth(json=self.TEST_RESPONSE_DICT)
self.stub_url('GET', ['path'],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/loading/test_generic.py
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/loading/test_generic.py
--- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/loading/test_generic.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/loading/test_generic.py
2018-01-21 18:16:03.000000000 +0100
@@ -30,6 +30,7 @@
'user-id',
'password',
+ 'system-scope',
'domain-id',
'domain-name',
'project-id',
@@ -70,6 +71,7 @@
opts = [o.name for o in generic.Token().get_options()]
allowed_opts = ['token',
+ 'system-scope',
'domain-id',
'domain-name',
'project-id',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/loading/test_v3.py
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/loading/test_v3.py
--- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/loading/test_v3.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/loading/test_v3.py
2018-01-21 18:16:03.000000000 +0100
@@ -363,3 +363,67 @@
self.assertRaises(exceptions.OptionError,
self.create,
project_name=uuid.uuid4().hex)
+
+
+class V3ApplicationCredentialTests(utils.TestCase):
+
+ def setUp(self):
+ super(V3ApplicationCredentialTests, self).setUp()
+
+ self.auth_url = uuid.uuid4().hex
+
+ def create(self, **kwargs):
+ kwargs.setdefault('auth_url', self.auth_url)
+ loader = loading.get_plugin_loader('v3applicationcredential')
+ return loader.load_from_options(**kwargs)
+
+ def test_basic(self):
+ id = uuid.uuid4().hex
+ secret = uuid.uuid4().hex
+
+ app_cred = self.create(application_credential_id=id,
+ application_credential_secret=secret)
+
+ ac_method = app_cred.auth_methods[0]
+
+ self.assertEqual(id, ac_method.application_credential_id)
+ self.assertEqual(secret, ac_method.application_credential_secret)
+
+ def test_with_name(self):
+ name = uuid.uuid4().hex
+ secret = uuid.uuid4().hex
+ username = uuid.uuid4().hex
+ user_domain_id = uuid.uuid4().hex
+
+ app_cred = self.create(application_credential_name=name,
+ application_credential_secret=secret,
+ username=username,
+ user_domain_id=user_domain_id)
+
+ ac_method = app_cred.auth_methods[0]
+
+ self.assertEqual(name, ac_method.application_credential_name)
+ self.assertEqual(secret, ac_method.application_credential_secret)
+ self.assertEqual(username, ac_method.username)
+ self.assertEqual(user_domain_id, ac_method.user_domain_id)
+
+ def test_without_user_domain(self):
+ self.assertRaises(exceptions.OptionError,
+ self.create,
+ application_credential_name=uuid.uuid4().hex,
+ username=uuid.uuid4().hex,
+ application_credential_secret=uuid.uuid4().hex)
+
+ def test_without_name_or_id(self):
+ self.assertRaises(exceptions.OptionError,
+ self.create,
+ username=uuid.uuid4().hex,
+ user_domain_id=uuid.uuid4().hex,
+ application_credential_secret=uuid.uuid4().hex)
+
+ def test_without_secret(self):
+ self.assertRaises(exceptions.OptionError,
+ self.create,
+ application_credential_id=uuid.uuid4().hex,
+ username=uuid.uuid4().hex,
+ user_domain_id=uuid.uuid4().hex)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/test_noauth.py
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/test_noauth.py
--- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/test_noauth.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/test_noauth.py
2018-01-21 18:16:03.000000000 +0100
@@ -34,4 +34,15 @@
self.assertIsNone(a.get_endpoint(s))
def test_noauth_options(self):
- self.assertEqual([], loader.NoAuth().get_options())
+ opts = loader.NoAuth().get_options()
+ self.assertEqual(['endpoint'], [o.name for o in opts])
+
+ def test_get_endpoint(self):
+ a = noauth.NoAuth(endpoint=self.TEST_URL)
+ s = session.Session(auth=a)
+ self.assertEqual(self.TEST_URL, a.get_endpoint(s))
+
+ def test_get_endpoint_with_override(self):
+ a = noauth.NoAuth(endpoint=self.TEST_URL)
+ s = session.Session(auth=a)
+ self.assertEqual('foo', a.get_endpoint(s, endpoint_override='foo'))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/test_session.py
new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/test_session.py
--- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/test_session.py
2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/test_session.py
2018-01-21 18:16:03.000000000 +0100
@@ -1307,7 +1307,7 @@
adap.get(url)
- agent = 'ksatest/1.2.3 one/1.1.1 two/2.2.2 testclient/4.5.6'
+ agent = 'ksatest/1.2.3 testclient/4.5.6 one/1.1.1 two/2.2.2'
self.assertEqual(agent + ' ' + client_session.DEFAULT_USER_AGENT,
self.requests_mock.last_request.headers['User-Agent'])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1.egg-info/PKG-INFO
new/keystoneauth1-3.4.0/keystoneauth1.egg-info/PKG-INFO
--- old/keystoneauth1-3.3.0/keystoneauth1.egg-info/PKG-INFO 2017-11-29
22:54:05.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1.egg-info/PKG-INFO 2018-01-21
18:18:04.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: keystoneauth1
-Version: 3.3.0
+Version: 3.4.0
Summary: Authentication Library for OpenStack Identity
Home-page: https://docs.openstack.org/keystoneauth/latest/
Author: OpenStack
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1.egg-info/SOURCES.txt
new/keystoneauth1-3.4.0/keystoneauth1.egg-info/SOURCES.txt
--- old/keystoneauth1-3.3.0/keystoneauth1.egg-info/SOURCES.txt 2017-11-29
22:54:06.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1.egg-info/SOURCES.txt 2018-01-21
18:18:05.000000000 +0100
@@ -1,6 +1,7 @@
.coveragerc
.mailmap
.stestr.conf
+.zuul.yaml
AUTHORS
CONTRIBUTING.rst
ChangeLog
@@ -15,6 +16,7 @@
tox.ini
doc/.gitignore
doc/Makefile
+doc/requirements.txt
doc/ext/__init__.py
doc/ext/list_plugins.py
doc/source/authentication-plugins.rst
@@ -91,6 +93,7 @@
keystoneauth1/identity/generic/password.py
keystoneauth1/identity/generic/token.py
keystoneauth1/identity/v3/__init__.py
+keystoneauth1/identity/v3/application_credential.py
keystoneauth1/identity/v3/base.py
keystoneauth1/identity/v3/federation.py
keystoneauth1/identity/v3/k2k.py
@@ -201,6 +204,8 @@
releasenotes/notes/add-totp-auth-plugin-0650d220899c25b7.yaml
releasenotes/notes/additional-headers-f2d16f85f5abe942.yaml
releasenotes/notes/allow_version_hack-flag-9b53b72d9b084c04.yaml
+releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml
+releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml
releasenotes/notes/bug-1582774-49af731b6dfc6f2f.yaml
releasenotes/notes/bug-1614688-c4a1bd54f4ba5644.yaml
releasenotes/notes/bug-1616105-cc8b85eb056e99e2.yaml
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/keystoneauth1.egg-info/entry_points.txt
new/keystoneauth1-3.4.0/keystoneauth1.egg-info/entry_points.txt
--- old/keystoneauth1-3.3.0/keystoneauth1.egg-info/entry_points.txt
2017-11-29 22:54:05.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1.egg-info/entry_points.txt
2018-01-21 18:18:04.000000000 +0100
@@ -6,6 +6,7 @@
v2password = keystoneauth1.loading._plugins.identity.v2:Password
v2token = keystoneauth1.loading._plugins.identity.v2:Token
v3adfspassword = keystoneauth1.extras._saml2._loading:ADFSPassword
+v3applicationcredential =
keystoneauth1.loading._plugins.identity.v3:ApplicationCredential
v3fedkerb = keystoneauth1.extras.kerberos._loading:MappedKerberos
v3kerberos = keystoneauth1.extras.kerberos._loading:Kerberos
v3oauth1 = keystoneauth1.extras.oauth1._loading:V3OAuth1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1.egg-info/pbr.json
new/keystoneauth1-3.4.0/keystoneauth1.egg-info/pbr.json
--- old/keystoneauth1-3.3.0/keystoneauth1.egg-info/pbr.json 2017-11-29
22:54:05.000000000 +0100
+++ new/keystoneauth1-3.4.0/keystoneauth1.egg-info/pbr.json 2018-01-21
18:18:04.000000000 +0100
@@ -1 +1 @@
-{"git_version": "ba6650e", "is_release": true}
\ No newline at end of file
+{"git_version": "d4a552c", "is_release": true}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml
new/keystoneauth1-3.4.0/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml
---
old/keystoneauth1-3.3.0/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml
1970-01-01 01:00:00.000000000 +0100
+++
new/keystoneauth1-3.4.0/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml
2018-01-21 18:16:26.000000000 +0100
@@ -0,0 +1,7 @@
+---
+features:
+ - |
+ [`blueprint application-credentials
<https://blueprints.launchpad.net/keystone/+spec/application-credentials>`_]
+ Support for authentication via an application credential has been added.
+ Keystoneauth can now be used to authenticate to Identity servers that
+ support application credentials.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/keystoneauth1-3.3.0/releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml
new/keystoneauth1-3.4.0/releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml
---
old/keystoneauth1-3.3.0/releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml
1970-01-01 01:00:00.000000000 +0100
+++
new/keystoneauth1-3.4.0/releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml
2018-01-21 18:16:03.000000000 +0100
@@ -0,0 +1,8 @@
+---
+features:
+ - |
+ [`blueprint system-scope
<https://blueprints.launchpad.net/keystone/+spec/system-scope>`_]
+ Keystoneauth now has the ability to authenticate for system-scoped tokens,
+ which were implemented during the Queens development cycle. System-scoped
+ tokens will eventually be required to separate system-level APIs from
+ project-level APIs, allowing for better security via scoped RBAC.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/setup.cfg
new/keystoneauth1-3.4.0/setup.cfg
--- old/keystoneauth1-3.3.0/setup.cfg 2017-11-29 22:54:06.000000000 +0100
+++ new/keystoneauth1-3.4.0/setup.cfg 2018-01-21 18:18:05.000000000 +0100
@@ -55,6 +55,7 @@
v3tokenlessauth =
keystoneauth1.loading._plugins.identity.v3:TokenlessAuth
v3adfspassword = keystoneauth1.extras._saml2._loading:ADFSPassword
v3samlpassword = keystoneauth1.extras._saml2._loading:Saml2Password
+ v3applicationcredential =
keystoneauth1.loading._plugins.identity.v3:ApplicationCredential
[build_sphinx]
source-dir = doc/source
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/test-requirements.txt
new/keystoneauth1-3.4.0/test-requirements.txt
--- old/keystoneauth1-3.3.0/test-requirements.txt 2017-11-29
22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/test-requirements.txt 2018-01-21
18:16:03.000000000 +0100
@@ -9,15 +9,15 @@
coverage!=4.4,>=4.0 # Apache-2.0
fixtures>=3.0.0 # Apache-2.0/BSD
mock>=2.0.0 # BSD
-oslo.config>=4.6.0 # Apache-2.0
+oslo.config>=5.1.0 # Apache-2.0
openstackdocstheme>=1.17.0 # Apache-2.0
-oslo.utils>=3.31.0 # Apache-2.0
-oslotest>=1.10.0 # Apache-2.0
+oslo.utils>=3.33.0 # Apache-2.0
+oslotest>=3.2.0 # Apache-2.0
os-testr>=1.0.0 # Apache-2.0
betamax>=0.7.0 # Apache-2.0
reno>=2.5.0 # Apache-2.0
requests-mock>=1.1.0 # Apache-2.0
-sphinx>=1.6.2 # BSD
+sphinx!=1.6.6,>=1.6.2 # BSD
stestr>=1.0.0 # Apache-2.0
testresources>=2.0.0 # Apache-2.0/BSD
testtools>=2.2.0 # MIT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keystoneauth1-3.3.0/tox.ini
new/keystoneauth1-3.4.0/tox.ini
--- old/keystoneauth1-3.3.0/tox.ini 2017-11-29 22:52:38.000000000 +0100
+++ new/keystoneauth1-3.4.0/tox.ini 2018-01-21 18:16:03.000000000 +0100
@@ -15,7 +15,7 @@
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
.[kerberos,saml2,betamax,oauth1]
-commands = ostestr {posargs}
+commands = stestr run {posargs}
whitelist_externals =
bash
@@ -63,12 +63,14 @@
exclude = .venv,.tox,dist,doc,*egg,build
[testenv:docs]
+deps = -r{toxinidir}/doc/requirements.txt
commands=
bash -c "rm -rf doc/build"
bash -c "rm -rf doc/source/api"
python setup.py build_sphinx
[testenv:releasenotes]
+deps = -r{toxinidir}/doc/requirements.txt
commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html
releasenotes/source releasenotes/build/html
[hacking]
