Hello community, here is the log from the commit of package python-keystoneauth1 for openSUSE:Factory checked in at 2018-02-14 10:50:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-keystoneauth1 (Old) and /work/SRC/openSUSE:Factory/.python-keystoneauth1.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-keystoneauth1" Wed Feb 14 10:50:31 2018 rev:6 rq:575937 version:3.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-keystoneauth1/python-keystoneauth1.changes 2018-01-13 21:43:13.566440685 +0100 +++ /work/SRC/openSUSE:Factory/.python-keystoneauth1.new/python-keystoneauth1.changes 2018-02-14 10:50:32.792006145 +0100 @@ -1,0 +2,16 @@ +Mon Feb 12 09:57:34 UTC 2018 - cloud-de...@suse.de + +- update to version 3.4.0 (bsc#1078607) + - Implement system scope + - Make none auth usable in CLI + - Mark SAML loader properties as required + - Shift additional_user_agent in the stack + - Fix docs builds + - Use stestr in tox.ini + - Add documentation and release note for app creds + - Add osc, shade and sdk tips jobs + - Add support for application credentials + - Updated from global requirements + - Fix masked variable name + +------------------------------------------------------------------- Old: ---- keystoneauth1-3.3.0.tar.gz New: ---- keystoneauth1-3.4.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-keystoneauth1.spec ++++++ --- /var/tmp/diff_new_pack.70mpQU/_old 2018-02-14 10:50:33.483981243 +0100 +++ /var/tmp/diff_new_pack.70mpQU/_new 2018-02-14 10:50:33.483981243 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-keystoneauth1 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %global sname keystoneauth1 Name: python-keystoneauth1 -Version: 3.3.0 +Version: 3.4.0 Release: 0 Summary: OpenStack authenticating tools License: Apache-2.0 @@ -34,9 +34,9 @@ BuildRequires: python2-mock >= 2.0.0 BuildRequires: python2-oauthlib >= 0.6.0 BuildRequires: python2-os-testr >= 1.0.0 -BuildRequires: python2-oslo.config >= 4.6.0 -BuildRequires: python2-oslo.utils >= 3.31.0 -BuildRequires: python2-oslotest >= 1.10.0 +BuildRequires: python2-oslo.config >= 5.1.0 +BuildRequires: python2-oslo.utils >= 3.33.0 +BuildRequires: python2-oslotest >= 3.2.0 BuildRequires: python2-pbr >= 2.0.0 BuildRequires: python2-positional BuildRequires: python2-pycrypto >= 2.6 @@ -53,9 +53,9 @@ BuildRequires: python3-mock >= 2.0.0 BuildRequires: python3-oauthlib >= 0.6.0 BuildRequires: python3-os-testr >= 1.0.0 -BuildRequires: python3-oslo.config >= 4.6.0 -BuildRequires: python3-oslo.utils >= 3.31.0 -BuildRequires: python3-oslotest >= 1.10.0 +BuildRequires: python3-oslo.config >= 5.1.0 +BuildRequires: python3-oslo.utils >= 3.33.0 +BuildRequires: python3-oslotest >= 3.2.0 BuildRequires: python3-pbr >= 2.0.0 BuildRequires: python3-positional BuildRequires: python3-pycrypto >= 2.6 ++++++ keystoneauth1-3.3.0.tar.gz -> keystoneauth1-3.4.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/.zuul.yaml new/keystoneauth1-3.4.0/.zuul.yaml --- old/keystoneauth1-3.3.0/.zuul.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/keystoneauth1-3.4.0/.zuul.yaml 2018-01-21 18:16:03.000000000 +0100 @@ -0,0 +1,8 @@ +- project: + name: openstack/keystoneauth + templates: + - openstacksdk-functional-tips + - openstacksdk-tox-tips + - osc-tox-unit-tips + - shade-functional-tips + - shade-tox-tips diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/AUTHORS new/keystoneauth1-3.4.0/AUTHORS --- old/keystoneauth1-3.3.0/AUTHORS 2017-11-29 22:54:05.000000000 +0100 +++ new/keystoneauth1-3.4.0/AUTHORS 2018-01-21 18:18:04.000000000 +0100 @@ -31,6 +31,7 @@ Clenimar Sousa <clenimar.file...@gmail.com> Clint Byrum <cl...@fewbar.com> Colleen Murphy <colleen.mur...@suse.com> +Colleen Murphy <colleen.mur...@suse.de> Colleen Murphy <coll...@gazlene.net> Corey Bryant <corey.bry...@canonical.com> Cyril Roelandt <cyril.roela...@enovance.com> @@ -144,6 +145,7 @@ Victor Stinner <vstin...@redhat.com> Vincent Untz <vu...@suse.com> Vishvananda Ishaya <vishvana...@gmail.com> +Vladyslav Drok <vd...@mirantis.com> Vu Cong Tuan <tua...@vn.fujitsu.com> Wu Wenxiang <wu.wenxi...@99cloud.net> YangLei <yang...@cn.ibm.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/ChangeLog new/keystoneauth1-3.4.0/ChangeLog --- old/keystoneauth1-3.3.0/ChangeLog 2017-11-29 22:54:05.000000000 +0100 +++ new/keystoneauth1-3.4.0/ChangeLog 2018-01-21 18:18:03.000000000 +0100 @@ -1,12 +1,29 @@ CHANGES ======= +3.4.0 +----- + +* Add documentation and release note for app creds +* Add support for application credentials +* Updated from global requirements +* Implement system scope +* Use stestr in tox.ini +* Updated from global requirements +* Fix masked variable name +* Shift additional\_user\_agent in the stack +* Updated from global requirements +* Fix docs builds +* Add osc, shade and sdk tips jobs +* Mark SAML loader properties as required + 3.3.0 ----- * Remove setting of version/release from releasenotes * Updated from global requirements * Updated from global requirements +* Make none auth usable in CLI * Add EndpointData.\_\_str\_\_ for debugging * Correct docs usage of keystoneauth1 session * Updated from global requirements diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/PKG-INFO new/keystoneauth1-3.4.0/PKG-INFO --- old/keystoneauth1-3.3.0/PKG-INFO 2017-11-29 22:54:06.000000000 +0100 +++ new/keystoneauth1-3.4.0/PKG-INFO 2018-01-21 18:18:05.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: keystoneauth1 -Version: 3.3.0 +Version: 3.4.0 Summary: Authentication Library for OpenStack Identity Home-page: https://docs.openstack.org/keystoneauth/latest/ Author: OpenStack diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/doc/requirements.txt new/keystoneauth1-3.4.0/doc/requirements.txt --- old/keystoneauth1-3.3.0/doc/requirements.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/keystoneauth1-3.4.0/doc/requirements.txt 2018-01-21 18:16:03.000000000 +0100 @@ -0,0 +1,19 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. + +# For generationg sphinx documentation +openstackdocstheme>=1.17.0 # Apache-2.0 +reno>=2.5.0 # Apache-2.0 +sphinx!=1.6.6,>=1.6.2 # BSD + +# For autodoc builds +hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0 +fixtures>=3.0.0 # Apache-2.0/BSD +mock>=2.0.0 # BSD +betamax>=0.7.0 # Apache-2.0 +oslo.config>=5.1.0 # Apache-2.0 +oslo.utils>=3.33.0 # Apache-2.0 +requests-mock>=1.1.0 # Apache-2.0 +lxml!=3.7.0,>=3.4.1 # BSD +oauthlib>=0.6.0 # BSD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/doc/source/authentication-plugins.rst new/keystoneauth1-3.4.0/doc/source/authentication-plugins.rst --- old/keystoneauth1-3.3.0/doc/source/authentication-plugins.rst 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/doc/source/authentication-plugins.rst 2018-01-21 18:16:26.000000000 +0100 @@ -59,6 +59,8 @@ a V3 identity service using Time-Based One-Time Password (TOTP). - :py:class:`~keystoneauth1.identity.v3.TokenlessAuth`: Authenticate against a V3 identity service using tokenless authentication. +- :py:class:`~keystoneauth1.identity.v3.ApplicationCredentialMethod`: + Authenticate against a V3 identity service using an application credential. - :py:class:`~keystoneauth1.extras.kerberos.KerberosMethod`: Authenticate against a V3 identity service using Kerberos. @@ -179,6 +181,29 @@ >>> s = session.Session(auth=a) +Application Credentials +======================= + +There is a specific authentication method for interacting with Identity servers +that support application credential authentication. Since application +credentials are associated to a user on a specific project, some parameters are +not required as they would be with traditional password authentication. The +following method can be used to authenticate for a token using an application +credential:: + +- :py:class:`~keystoneauth1.identity.v3.ApplicationCredential`: + +The following example shows the method usage with a session:: + + >>> from keystoneauth1 import session + >>> from keystone.identity import v3 + >>> auth = v3.ApplicationCredential( + application_credential_secret='application_credential_secret', + application_credential_id='c2872b920853478292623be94b657090' + ) + >>> sess = session.Session(auth=auth) + + Tokenless Auth ============== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/access/access.py new/keystoneauth1-3.4.0/keystoneauth1/access/access.py --- old/keystoneauth1-3.3.0/keystoneauth1/access/access.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/access/access.py 2018-01-21 18:16:03.000000000 +0100 @@ -219,7 +219,7 @@ :returns: bool """ - return self.project_scoped or self.domain_scoped + return self.project_scoped or self.domain_scoped or self.system_scoped @property def project_scoped(self): @@ -238,6 +238,14 @@ raise NotImplementedError() @property + def system_scoped(self): + """Return true if the auth token was scoped to the system. + + :returns: bool + """ + raise NotImplementedError() + + @property def trust_id(self): """Return the trust id associated with the auth request. @@ -492,6 +500,10 @@ return False @property + def system_scoped(self): + return False + + @property def _trust(self): return self._data['access']['trust'] @@ -647,6 +659,10 @@ def username(self): return self._user['name'] + @_missingproperty + def system(self): + return self._data['token']['system'] + @property def _domain(self): return self._data['token']['domain'] @@ -690,6 +706,10 @@ except KeyError: return False + @_missingproperty + def system_scoped(self): + return self._data['token']['system'].get('all', False) + @property def _trust(self): return self._data['token']['OS-TRUST:trust'] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/access/service_catalog.py new/keystoneauth1-3.4.0/keystoneauth1/access/service_catalog.py --- old/keystoneauth1-3.3.0/keystoneauth1/access/service_catalog.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/access/service_catalog.py 2018-01-21 18:16:03.000000000 +0100 @@ -206,9 +206,9 @@ return matching_endpoints ret = {} - for service_type, endpoints in matching_endpoints.items(): + for matched_service_type, endpoints in matching_endpoints.items(): if not endpoints: - ret[service_type] = [] + ret[matched_service_type] = [] continue matches_by_interface = {} for endpoint in endpoints: @@ -216,7 +216,7 @@ matches_by_interface[endpoint.interface].append(endpoint) best_interface = [i for i in interfaces if i in matches_by_interface.keys()][0] - ret[service_type] = matches_by_interface[best_interface] + ret[matched_service_type] = matches_by_interface[best_interface] return ret diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/extras/_saml2/_loading.py new/keystoneauth1-3.4.0/keystoneauth1/extras/_saml2/_loading.py --- old/keystoneauth1-3.3.0/keystoneauth1/extras/_saml2/_loading.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/extras/_saml2/_loading.py 2018-01-21 18:16:03.000000000 +0100 @@ -29,10 +29,14 @@ options.extend([ loading.Opt('identity-provider-url', + required=True, help=('An Identity Provider URL, where the SAML2 ' 'authentication request will be sent.')), - loading.Opt('username', help='Username'), - loading.Opt('password', secret=True, help='Password') + loading.Opt('username', help='Username', required=True), + loading.Opt('password', + secret=True, + help='Password', + required=True) ]) return options @@ -53,14 +57,20 @@ options.extend([ loading.Opt('identity-provider-url', + required=True, help=('An Identity Provider URL, where the SAML ' 'authentication request will be sent.')), loading.Opt('service-provider-endpoint', + required=True, help="Service Provider's Endpoint"), loading.Opt('service-provider-entity-id', + required=True, help="Service Provider's SAML Entity ID"), - loading.Opt('username', help='Username'), - loading.Opt('password', secret=True, help='Password') + loading.Opt('username', help='Username', required=True), + loading.Opt('password', + secret=True, + required=True, + help='Password') ]) return options diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/fixture/v3.py new/keystoneauth1-3.4.0/keystoneauth1/fixture/v3.py --- old/keystoneauth1-3.3.0/keystoneauth1/fixture/v3.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/fixture/v3.py 2018-01-21 18:16:03.000000000 +0100 @@ -265,6 +265,14 @@ self.root.setdefault('domain', {})['name'] = value @property + def system(self): + return self.root.get('system', {}) + + @system.setter + def system(self, value): + return self.root.setdefault('system', value) + + @property def trust_id(self): return self.root.get('OS-TRUST:trust', {}).get('id') @@ -363,12 +371,13 @@ def validate(self): project = self.root.get('project') domain = self.root.get('domain') + system = self.root.get('system') trust = self.root.get('OS-TRUST:trust') catalog = self.root.get('catalog') roles = self.root.get('roles') scoped = project or domain or trust - if sum((bool(project), bool(domain), bool(trust))) > 1: + if sum((bool(project), bool(domain), bool(trust), bool(system))) > 1: msg = 'You cannot scope to multiple targets' raise exception.FixtureValidationError(msg) @@ -412,6 +421,13 @@ self.domain_id = id or uuid.uuid4().hex self.domain_name = name or uuid.uuid4().hex + def set_system_scope(self): + # NOTE(lbragstad): In the future it might be possible to scope a token + # to a subset of the entire system (e.g. a specific service, region, or + # service within a region). Until then, the only system scope is the + # entire system. + self.system = {'all': True} + def set_trust_scope(self, id=None, impersonation=False, trustee_user_id=None, trustor_user_id=None): self.trust_id = id or uuid.uuid4().hex diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/identity/__init__.py new/keystoneauth1-3.4.0/keystoneauth1/identity/__init__.py --- old/keystoneauth1-3.3.0/keystoneauth1/identity/__init__.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/identity/__init__.py 2018-01-21 18:16:03.000000000 +0100 @@ -55,6 +55,9 @@ V3TokenlessAuth = v3.TokenlessAuth """See :class:`keystoneauth1.identity.v3.TokenlessAuth`""" +V3ApplicationCredential = v3.ApplicationCredential +"""See :class:`keystoneauth1.identity.v3.ApplicationCredential`""" + __all__ = ('BaseIdentityPlugin', 'Password', 'Token', @@ -66,4 +69,5 @@ 'V3OidcAuthorizationCode', 'V3OidcAccessToken', 'V3TOTP', - 'V3TokenlessAuth') + 'V3TokenlessAuth', + 'V3ApplicationCredential') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/identity/generic/base.py new/keystoneauth1-3.4.0/keystoneauth1/identity/generic/base.py --- old/keystoneauth1-3.3.0/keystoneauth1/identity/generic/base.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/identity/generic/base.py 2018-01-21 18:16:03.000000000 +0100 @@ -41,6 +41,7 @@ project_domain_name=None, domain_id=None, domain_name=None, + system_scope=None, trust_id=None, default_domain_id=None, default_domain_name=None, @@ -54,6 +55,7 @@ self._project_domain_name = project_domain_name self._domain_id = domain_id self._domain_name = domain_name + self._system_scope = system_scope self._trust_id = trust_id self._default_domain_id = default_domain_id self._default_domain_name = default_domain_name @@ -102,6 +104,7 @@ def _v3_params(self): """Return the parameters that are common to v3 plugins.""" return {'trust_id': self._trust_id, + 'system_scope': self._system_scope, 'project_id': self._project_id, 'project_name': self._project_name, 'project_domain_id': self.project_domain_id, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/__init__.py new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/__init__.py --- old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/__init__.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/__init__.py 2018-01-21 18:16:03.000000000 +0100 @@ -10,6 +10,7 @@ # License for the specific language governing permissions and limitations # under the License. +from keystoneauth1.identity.v3.application_credential import * # noqa from keystoneauth1.identity.v3.base import * # noqa from keystoneauth1.identity.v3.federation import * # noqa from keystoneauth1.identity.v3.k2k import * # noqa @@ -20,7 +21,10 @@ from keystoneauth1.identity.v3.tokenless_auth import * # noqa -__all__ = ('Auth', +__all__ = ('ApplicationCredential', + 'ApplicationCredentialMethod', + + 'Auth', 'AuthConstructor', 'AuthMethod', 'BaseAuth', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/application_credential.py new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/application_credential.py --- old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/application_credential.py 1970-01-01 01:00:00.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/application_credential.py 2018-01-21 18:16:03.000000000 +0100 @@ -0,0 +1,89 @@ +# Copyright 2018 SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystoneauth1.identity.v3 import base + + +__all__ = ('ApplicationCredentialMethod', 'ApplicationCredential') + + +class ApplicationCredentialMethod(base.AuthMethod): + """Construct a User/Passcode based authentication method. + + :param string application_credential_secret: Application credential secret. + :param string application_credential_id: Application credential id. + :param string application_credential_name: The name of the application + credential, if an ID is not + provided. + :param string username: Username for authentication, if an application + credential ID is not provided. + :param string user_id: User ID for authentication, if an application + credential ID is not provided. + :param string user_domain_id: User's domain ID for authentication, if an + application credential ID is not provided. + :param string user_domain_name: User's domain name for authentication, if + an application credential ID is not + provided. + """ + + _method_parameters = ['application_credential_secret', + 'application_credential_id', + 'application_credential_name', + 'user_id', + 'username', + 'user_domain_id', + 'user_domain_name'] + + def get_auth_data(self, session, auth, headers, **kwargs): + auth_data = {'secret': self.application_credential_secret} + + if self.application_credential_id: + auth_data['id'] = self.application_credential_id + else: + auth_data['name'] = self.application_credential_name + auth_data['user'] = {} + if self.user_id: + auth_data['user']['id'] = self.user_id + elif self.username: + auth_data['user']['name'] = self.username + + if self.user_domain_id: + auth_data['user']['domain'] = {'id': self.user_domain_id} + elif self.user_domain_name: + auth_data['user']['domain'] = { + 'name': self.user_domain_name} + + return 'application_credential', auth_data + + def get_cache_id_elements(self): + return dict(('application_credential_%s' % p, getattr(self, p)) + for p in self._method_parameters) + + +class ApplicationCredential(base.AuthConstructor): + """A plugin for authenticating with an application credential. + + :param string auth_url: Identity service endpoint for authentication. + :param string application_credential_secret: Application credential secret. + :param string application_credential_id: Application credential ID. + :param string application_credential_name: Application credential name. + :param string username: Username for authentication. + :param string user_id: User ID for authentication. + :param string user_domain_id: User's domain ID for authentication. + :param string user_domain_name: User's domain name for authentication. + :param bool reauthenticate: Allow fetching a new token if the current one + is going to expire. (optional) default True + """ + + _auth_method_class = ApplicationCredentialMethod diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/base.py new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/base.py --- old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/base.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/base.py 2018-01-21 18:16:03.000000000 +0100 @@ -31,6 +31,7 @@ :param string auth_url: Identity service endpoint for authentication. :param string trust_id: Trust ID for trust scoping. + :param string system_scope: System information to scope to. :param string domain_id: Domain ID for domain scoping. :param string domain_name: Domain name for domain scoping. :param string project_id: Project ID for project scoping. @@ -45,6 +46,7 @@ def __init__(self, auth_url, trust_id=None, + system_scope=None, domain_id=None, domain_name=None, project_id=None, @@ -56,6 +58,7 @@ super(BaseAuth, self).__init__(auth_url=auth_url, reauthenticate=reauthenticate) self.trust_id = trust_id + self.system_scope = system_scope self.domain_id = domain_id self.domain_name = domain_name self.project_id = project_id @@ -78,7 +81,7 @@ """Return true if parameters can be used to create a scoped token.""" return (self.domain_id or self.domain_name or self.project_id or self.project_name or - self.trust_id) + self.trust_id or self.system_scope) class Auth(BaseAuth): @@ -153,6 +156,15 @@ body['auth']['scope'] = {'OS-TRUST:trust': {'id': self.trust_id}} elif self.unscoped: body['auth']['scope'] = 'unscoped' + elif self.system_scope: + # NOTE(lbragstad): Right now it's only possible to have role + # assignments on the entire system. In the future that might change + # so that users and groups can have roles on parts of the system, + # like a specific service in a specific region. If that happens, + # this will have to be accounted for here. Until then we'll only + # support scoping to the entire system. + if self.system_scope == 'all': + body['auth']['scope'] = {'system': {'all': True}} # NOTE(jamielennox): we add nocatalog here rather than in token_url # directly as some federation plugins require the base token_url diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/password.py new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/password.py --- old/keystoneauth1-3.3.0/keystoneauth1/identity/v3/password.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/identity/v3/password.py 2018-01-21 18:16:03.000000000 +0100 @@ -62,6 +62,7 @@ :param string user_domain_id: User's domain ID for authentication. :param string user_domain_name: User's domain name for authentication. :param string trust_id: Trust ID for trust scoping. + :param string system_scope: System information to scope to. :param string domain_id: Domain ID for domain scoping. :param string domain_name: Domain name for domain scoping. :param string project_id: Project ID for project scoping. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/loading/_plugins/identity/v3.py new/keystoneauth1-3.4.0/keystoneauth1/loading/_plugins/identity/v3.py --- old/keystoneauth1-3.3.0/keystoneauth1/loading/_plugins/identity/v3.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/loading/_plugins/identity/v3.py 2018-01-21 18:16:03.000000000 +0100 @@ -254,3 +254,43 @@ raise exceptions.OptionError(m) return super(TokenlessAuth, self).load_from_options(**kwargs) + + +class ApplicationCredential(loading.BaseV3Loader): + + @property + def plugin_class(self): + return identity.V3ApplicationCredential + + def get_options(self): + options = super(ApplicationCredential, self).get_options() + _add_common_identity_options(options) + + options.extend([ + loading.Opt('application_credential_secret', secret=True, + required=True, + help="Application credential auth secret"), + ]), + options.extend([ + loading.Opt('application_credential_id', + help='Application credential ID'), + ]), + options.extend([ + loading.Opt('application_credential_name', + help='Application credential name'), + ]) + + return options + + def load_from_options(self, **kwargs): + _assert_identity_options(kwargs) + if (not kwargs.get('application_credential_id') and + not kwargs.get('application_credential_name')): + m = ('You must provide either an application credential ID or an ' + 'application credential name and user.') + raise exceptions.OptionError(m) + if not kwargs.get('application_credential_secret'): + m = ('You must provide an auth secret.') + raise exceptions.OptionError(m) + + return super(ApplicationCredential, self).load_from_options(**kwargs) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/loading/_plugins/noauth.py new/keystoneauth1-3.4.0/keystoneauth1/loading/_plugins/noauth.py --- old/keystoneauth1-3.3.0/keystoneauth1/loading/_plugins/noauth.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/loading/_plugins/noauth.py 2018-01-21 18:16:03.000000000 +0100 @@ -17,11 +17,12 @@ class NoAuth(loading.BaseLoader): """Use no tokens to perform requests. - This must be used together with adapter.Adapter.endpoint_override - to instantiate clients for services deployed in noauth/standalone mode. + This can be used to instantiate clients for services deployed in + noauth/standalone mode. There is no fetching a service catalog or determining scope information - and so it cannot be used by clients that expect use this scope information. + and so it cannot be used by clients that expect to use this scope + information. """ @@ -30,4 +31,11 @@ return noauth.NoAuth def get_options(self): - return [] + options = super(NoAuth, self).get_options() + + options.extend([ + loading.Opt('endpoint', + help='The endpoint that will always be used'), + ]) + + return options diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/loading/identity.py new/keystoneauth1-3.4.0/keystoneauth1/loading/identity.py --- old/keystoneauth1-3.3.0/keystoneauth1/loading/identity.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/loading/identity.py 2018-01-21 18:16:03.000000000 +0100 @@ -74,6 +74,7 @@ options = super(BaseV3Loader, self).get_options() options.extend([ + opts.Opt('system-scope', help='Scope for system operations'), opts.Opt('domain-id', help='Domain ID to scope to'), opts.Opt('domain-name', help='Domain name to scope to'), opts.Opt('project-id', help='Project ID to scope to'), @@ -136,6 +137,7 @@ options = super(BaseGenericLoader, self).get_options() options.extend([ + opts.Opt('system-scope', help='Scope for system operations'), opts.Opt('domain-id', help='Domain ID to scope to'), opts.Opt('domain-name', help='Domain name to scope to'), opts.Opt('project-id', help='Project ID to scope to', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/noauth.py new/keystoneauth1-3.4.0/keystoneauth1/noauth.py --- old/keystoneauth1-3.3.0/keystoneauth1/noauth.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/noauth.py 2018-01-21 18:16:03.000000000 +0100 @@ -20,5 +20,18 @@ that might be deployed in standalone/noauth mode. """ - def get_token(self, session): + def __init__(self, endpoint=None): + super(NoAuth, self).__init__() + self.endpoint = endpoint + + def get_token(self, session, **kwargs): return 'notused' + + def get_endpoint(self, session, **kwargs): + """Return the supplied endpoint. + + Using this plugin the same endpoint is returned regardless of the + parameters passed to the plugin. endpoint_override overrides the + endpoint specified when constructing the plugin. + """ + return kwargs.get('endpoint_override') or self.endpoint diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/session.py new/keystoneauth1-3.4.0/keystoneauth1/session.py --- old/keystoneauth1-3.3.0/keystoneauth1/session.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/session.py 2018-01-21 18:16:03.000000000 +0100 @@ -623,14 +623,14 @@ elif self.app_name: agent.append(self.app_name) - for additional in self.additional_user_agent: - agent.append('%s/%s' % additional) - if client_name and client_version: agent.append('%s/%s' % (client_name, client_version)) elif client_name: agent.append(client_name) + for additional in self.additional_user_agent: + agent.append('%s/%s' % additional) + if not agent: # NOTE(jamielennox): determine_user_agent will return an empty # string on failure so checking for None will ensure it is only diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/access/test_v3_access.py new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/access/test_v3_access.py --- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/access/test_v3_access.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/access/test_v3_access.py 2018-01-21 18:16:03.000000000 +0100 @@ -73,6 +73,54 @@ self.assertTrue(auth_ref.will_expire_soon(stale_duration=301)) self.assertFalse(auth_ref.will_expire_soon()) + def test_building_system_scoped_assessinfo(self): + token = fixture.V3Token() + token.set_system_scope() + + s = token.add_service(type='identity') + s.add_standard_endpoints(public='http://url') + + token_id = uuid.uuid4().hex + + auth_ref = access.create(body=token, auth_token=token_id) + + self.assertTrue(auth_ref) + self.assertIn('methods', auth_ref._data['token']) + self.assertIn('catalog', auth_ref._data['token']) + self.assertTrue(auth_ref.has_service_catalog()) + self.assertTrue(auth_ref._data['token']['catalog']) + + self.assertEqual(token_id, auth_ref.auth_token) + self.assertEqual(token.user_name, auth_ref.username) + self.assertEqual(token.user_id, auth_ref.user_id) + + self.assertEqual(token.role_ids, auth_ref.role_ids) + self.assertEqual(token.role_names, auth_ref.role_names) + + self.assertEqual(token.domain_name, auth_ref.domain_name) + self.assertEqual(token.domain_id, auth_ref.domain_id) + + self.assertEqual(token.user_domain_id, auth_ref.user_domain_id) + self.assertEqual(token.user_domain_name, auth_ref.user_domain_name) + + self.assertIsNone(auth_ref.project_name) + self.assertIsNone(auth_ref.project_id) + + self.assertIsNone(auth_ref.project_domain_id) + self.assertIsNone(auth_ref.project_domain_name) + + self.assertIsNone(auth_ref.domain_name) + self.assertIsNone(auth_ref.domain_id) + + self.assertEqual(token.system, auth_ref.system) + + self.assertTrue(auth_ref.system_scoped) + self.assertFalse(auth_ref.domain_scoped) + self.assertFalse(auth_ref.project_scoped) + + self.assertEqual(token.audit_id, auth_ref.audit_id) + self.assertEqual(token.audit_chain_id, auth_ref.audit_chain_id) + def test_building_domain_scoped_accessinfo(self): token = fixture.V3Token() token.set_domain_scope() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/extras/kerberos/test_fedkerb_loading.py new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/extras/kerberos/test_fedkerb_loading.py --- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/extras/kerberos/test_fedkerb_loading.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/extras/kerberos/test_fedkerb_loading.py 2018-01-21 18:16:03.000000000 +0100 @@ -21,7 +21,8 @@ opts = [o.name for o in loading.get_plugin_loader('v3fedkerb').get_options()] - allowed_opts = ['domain-id', + allowed_opts = ['system-scope', + 'domain-id', 'domain-name', 'identity-provider', 'project-id', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/extras/kerberos/test_kerberos_loading.py new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/extras/kerberos/test_kerberos_loading.py --- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/extras/kerberos/test_kerberos_loading.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/extras/kerberos/test_kerberos_loading.py 2018-01-21 18:16:03.000000000 +0100 @@ -20,7 +20,8 @@ opts = [o.name for o in loading.get_plugin_loader('v3kerberos').get_options()] - allowed_opts = ['domain-id', + allowed_opts = ['system-scope', + 'domain-id', 'domain-name', 'project-id', 'project-name', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/identity/test_identity_v3.py new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/identity/test_identity_v3.py --- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/identity/test_identity_v3.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/identity/test_identity_v3.py 2018-01-21 18:16:03.000000000 +0100 @@ -33,6 +33,9 @@ TEST_PASS = 'password' + TEST_APP_CRED_ID = 'appcredid' + TEST_APP_CRED_SECRET = 'secret' + TEST_SERVICE_CATALOG = [{ "endpoints": [{ "url": "http://cdn.admin-nets.local:8774/v1.0/", @@ -186,6 +189,35 @@ "self": "https://identity:5000/v3/projects", } } + self.TEST_APP_CRED_TOKEN_RESPONSE = { + "token": { + "methods": [ + "application_credential" + ], + + "expires_at": "2020-01-01T00:00:10.000123Z", + "project": { + "domain": { + "id": self.TEST_DOMAIN_ID, + "name": self.TEST_DOMAIN_NAME + }, + "id": self.TEST_TENANT_ID, + "name": self.TEST_TENANT_NAME + }, + "user": { + "domain": { + "id": self.TEST_DOMAIN_ID, + "name": self.TEST_DOMAIN_NAME + }, + "id": self.TEST_USER, + "name": self.TEST_USER + }, + "issued_at": "2013-05-29T16:55:21.468960Z", + "catalog": self.TEST_SERVICE_CATALOG, + "service_providers": self.TEST_SERVICE_PROVIDERS, + "application_credential_restricted": True + }, + } def stub_auth(self, subject_token=None, **kwargs): if not subject_token: @@ -370,6 +402,22 @@ domain_id='x', trust_id='x') self.assertRaises(exceptions.AuthorizationFailure, a.get_auth_ref, s) + def test_application_credential_method(self): + self.stub_auth(json=self.TEST_APP_CRED_TOKEN_RESPONSE) + ac = v3.ApplicationCredential( + self.TEST_URL, application_credential_id=self.TEST_APP_CRED_ID, + application_credential_secret=self.TEST_APP_CRED_SECRET) + req = {'auth': {'identity': + {'methods': ['application_credential'], + 'application_credential': { + 'id': self.TEST_APP_CRED_ID, + 'secret': self.TEST_APP_CRED_SECRET}}}} + s = session.Session(auth=ac) + self.assertEqual({'X-Auth-Token': self.TEST_TOKEN}, + s.get_auth_headers()) + self.assertRequestBodyIs(json=req) + self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN) + def _do_service_url_test(self, base_url, endpoint_filter): self.stub_auth(json=self.TEST_RESPONSE_DICT) self.stub_url('GET', ['path'], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/loading/test_generic.py new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/loading/test_generic.py --- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/loading/test_generic.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/loading/test_generic.py 2018-01-21 18:16:03.000000000 +0100 @@ -30,6 +30,7 @@ 'user-id', 'password', + 'system-scope', 'domain-id', 'domain-name', 'project-id', @@ -70,6 +71,7 @@ opts = [o.name for o in generic.Token().get_options()] allowed_opts = ['token', + 'system-scope', 'domain-id', 'domain-name', 'project-id', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/loading/test_v3.py new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/loading/test_v3.py --- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/loading/test_v3.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/loading/test_v3.py 2018-01-21 18:16:03.000000000 +0100 @@ -363,3 +363,67 @@ self.assertRaises(exceptions.OptionError, self.create, project_name=uuid.uuid4().hex) + + +class V3ApplicationCredentialTests(utils.TestCase): + + def setUp(self): + super(V3ApplicationCredentialTests, self).setUp() + + self.auth_url = uuid.uuid4().hex + + def create(self, **kwargs): + kwargs.setdefault('auth_url', self.auth_url) + loader = loading.get_plugin_loader('v3applicationcredential') + return loader.load_from_options(**kwargs) + + def test_basic(self): + id = uuid.uuid4().hex + secret = uuid.uuid4().hex + + app_cred = self.create(application_credential_id=id, + application_credential_secret=secret) + + ac_method = app_cred.auth_methods[0] + + self.assertEqual(id, ac_method.application_credential_id) + self.assertEqual(secret, ac_method.application_credential_secret) + + def test_with_name(self): + name = uuid.uuid4().hex + secret = uuid.uuid4().hex + username = uuid.uuid4().hex + user_domain_id = uuid.uuid4().hex + + app_cred = self.create(application_credential_name=name, + application_credential_secret=secret, + username=username, + user_domain_id=user_domain_id) + + ac_method = app_cred.auth_methods[0] + + self.assertEqual(name, ac_method.application_credential_name) + self.assertEqual(secret, ac_method.application_credential_secret) + self.assertEqual(username, ac_method.username) + self.assertEqual(user_domain_id, ac_method.user_domain_id) + + def test_without_user_domain(self): + self.assertRaises(exceptions.OptionError, + self.create, + application_credential_name=uuid.uuid4().hex, + username=uuid.uuid4().hex, + application_credential_secret=uuid.uuid4().hex) + + def test_without_name_or_id(self): + self.assertRaises(exceptions.OptionError, + self.create, + username=uuid.uuid4().hex, + user_domain_id=uuid.uuid4().hex, + application_credential_secret=uuid.uuid4().hex) + + def test_without_secret(self): + self.assertRaises(exceptions.OptionError, + self.create, + application_credential_id=uuid.uuid4().hex, + username=uuid.uuid4().hex, + user_domain_id=uuid.uuid4().hex) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/test_noauth.py new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/test_noauth.py --- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/test_noauth.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/test_noauth.py 2018-01-21 18:16:03.000000000 +0100 @@ -34,4 +34,15 @@ self.assertIsNone(a.get_endpoint(s)) def test_noauth_options(self): - self.assertEqual([], loader.NoAuth().get_options()) + opts = loader.NoAuth().get_options() + self.assertEqual(['endpoint'], [o.name for o in opts]) + + def test_get_endpoint(self): + a = noauth.NoAuth(endpoint=self.TEST_URL) + s = session.Session(auth=a) + self.assertEqual(self.TEST_URL, a.get_endpoint(s)) + + def test_get_endpoint_with_override(self): + a = noauth.NoAuth(endpoint=self.TEST_URL) + s = session.Session(auth=a) + self.assertEqual('foo', a.get_endpoint(s, endpoint_override='foo')) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/test_session.py new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/test_session.py --- old/keystoneauth1-3.3.0/keystoneauth1/tests/unit/test_session.py 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1/tests/unit/test_session.py 2018-01-21 18:16:03.000000000 +0100 @@ -1307,7 +1307,7 @@ adap.get(url) - agent = 'ksatest/1.2.3 one/1.1.1 two/2.2.2 testclient/4.5.6' + agent = 'ksatest/1.2.3 testclient/4.5.6 one/1.1.1 two/2.2.2' self.assertEqual(agent + ' ' + client_session.DEFAULT_USER_AGENT, self.requests_mock.last_request.headers['User-Agent']) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1.egg-info/PKG-INFO new/keystoneauth1-3.4.0/keystoneauth1.egg-info/PKG-INFO --- old/keystoneauth1-3.3.0/keystoneauth1.egg-info/PKG-INFO 2017-11-29 22:54:05.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1.egg-info/PKG-INFO 2018-01-21 18:18:04.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: keystoneauth1 -Version: 3.3.0 +Version: 3.4.0 Summary: Authentication Library for OpenStack Identity Home-page: https://docs.openstack.org/keystoneauth/latest/ Author: OpenStack diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1.egg-info/SOURCES.txt new/keystoneauth1-3.4.0/keystoneauth1.egg-info/SOURCES.txt --- old/keystoneauth1-3.3.0/keystoneauth1.egg-info/SOURCES.txt 2017-11-29 22:54:06.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1.egg-info/SOURCES.txt 2018-01-21 18:18:05.000000000 +0100 @@ -1,6 +1,7 @@ .coveragerc .mailmap .stestr.conf +.zuul.yaml AUTHORS CONTRIBUTING.rst ChangeLog @@ -15,6 +16,7 @@ tox.ini doc/.gitignore doc/Makefile +doc/requirements.txt doc/ext/__init__.py doc/ext/list_plugins.py doc/source/authentication-plugins.rst @@ -91,6 +93,7 @@ keystoneauth1/identity/generic/password.py keystoneauth1/identity/generic/token.py keystoneauth1/identity/v3/__init__.py +keystoneauth1/identity/v3/application_credential.py keystoneauth1/identity/v3/base.py keystoneauth1/identity/v3/federation.py keystoneauth1/identity/v3/k2k.py @@ -201,6 +204,8 @@ releasenotes/notes/add-totp-auth-plugin-0650d220899c25b7.yaml releasenotes/notes/additional-headers-f2d16f85f5abe942.yaml releasenotes/notes/allow_version_hack-flag-9b53b72d9b084c04.yaml +releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml +releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml releasenotes/notes/bug-1582774-49af731b6dfc6f2f.yaml releasenotes/notes/bug-1614688-c4a1bd54f4ba5644.yaml releasenotes/notes/bug-1616105-cc8b85eb056e99e2.yaml diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1.egg-info/entry_points.txt new/keystoneauth1-3.4.0/keystoneauth1.egg-info/entry_points.txt --- old/keystoneauth1-3.3.0/keystoneauth1.egg-info/entry_points.txt 2017-11-29 22:54:05.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1.egg-info/entry_points.txt 2018-01-21 18:18:04.000000000 +0100 @@ -6,6 +6,7 @@ v2password = keystoneauth1.loading._plugins.identity.v2:Password v2token = keystoneauth1.loading._plugins.identity.v2:Token v3adfspassword = keystoneauth1.extras._saml2._loading:ADFSPassword +v3applicationcredential = keystoneauth1.loading._plugins.identity.v3:ApplicationCredential v3fedkerb = keystoneauth1.extras.kerberos._loading:MappedKerberos v3kerberos = keystoneauth1.extras.kerberos._loading:Kerberos v3oauth1 = keystoneauth1.extras.oauth1._loading:V3OAuth1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/keystoneauth1.egg-info/pbr.json new/keystoneauth1-3.4.0/keystoneauth1.egg-info/pbr.json --- old/keystoneauth1-3.3.0/keystoneauth1.egg-info/pbr.json 2017-11-29 22:54:05.000000000 +0100 +++ new/keystoneauth1-3.4.0/keystoneauth1.egg-info/pbr.json 2018-01-21 18:18:04.000000000 +0100 @@ -1 +1 @@ -{"git_version": "ba6650e", "is_release": true} \ No newline at end of file +{"git_version": "d4a552c", "is_release": true} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml new/keystoneauth1-3.4.0/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml --- old/keystoneauth1-3.3.0/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/keystoneauth1-3.4.0/releasenotes/notes/bp-application-credentials-416a1f8bb2311e04.yaml 2018-01-21 18:16:26.000000000 +0100 @@ -0,0 +1,7 @@ +--- +features: + - | + [`blueprint application-credentials <https://blueprints.launchpad.net/keystone/+spec/application-credentials>`_] + Support for authentication via an application credential has been added. + Keystoneauth can now be used to authenticate to Identity servers that + support application credentials. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml new/keystoneauth1-3.4.0/releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml --- old/keystoneauth1-3.3.0/releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/keystoneauth1-3.4.0/releasenotes/notes/bp-system-scope-29e9c597039ddb1e.yaml 2018-01-21 18:16:03.000000000 +0100 @@ -0,0 +1,8 @@ +--- +features: + - | + [`blueprint system-scope <https://blueprints.launchpad.net/keystone/+spec/system-scope>`_] + Keystoneauth now has the ability to authenticate for system-scoped tokens, + which were implemented during the Queens development cycle. System-scoped + tokens will eventually be required to separate system-level APIs from + project-level APIs, allowing for better security via scoped RBAC. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/setup.cfg new/keystoneauth1-3.4.0/setup.cfg --- old/keystoneauth1-3.3.0/setup.cfg 2017-11-29 22:54:06.000000000 +0100 +++ new/keystoneauth1-3.4.0/setup.cfg 2018-01-21 18:18:05.000000000 +0100 @@ -55,6 +55,7 @@ v3tokenlessauth = keystoneauth1.loading._plugins.identity.v3:TokenlessAuth v3adfspassword = keystoneauth1.extras._saml2._loading:ADFSPassword v3samlpassword = keystoneauth1.extras._saml2._loading:Saml2Password + v3applicationcredential = keystoneauth1.loading._plugins.identity.v3:ApplicationCredential [build_sphinx] source-dir = doc/source diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/test-requirements.txt new/keystoneauth1-3.4.0/test-requirements.txt --- old/keystoneauth1-3.3.0/test-requirements.txt 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/test-requirements.txt 2018-01-21 18:16:03.000000000 +0100 @@ -9,15 +9,15 @@ coverage!=4.4,>=4.0 # Apache-2.0 fixtures>=3.0.0 # Apache-2.0/BSD mock>=2.0.0 # BSD -oslo.config>=4.6.0 # Apache-2.0 +oslo.config>=5.1.0 # Apache-2.0 openstackdocstheme>=1.17.0 # Apache-2.0 -oslo.utils>=3.31.0 # Apache-2.0 -oslotest>=1.10.0 # Apache-2.0 +oslo.utils>=3.33.0 # Apache-2.0 +oslotest>=3.2.0 # Apache-2.0 os-testr>=1.0.0 # Apache-2.0 betamax>=0.7.0 # Apache-2.0 reno>=2.5.0 # Apache-2.0 requests-mock>=1.1.0 # Apache-2.0 -sphinx>=1.6.2 # BSD +sphinx!=1.6.6,>=1.6.2 # BSD stestr>=1.0.0 # Apache-2.0 testresources>=2.0.0 # Apache-2.0/BSD testtools>=2.2.0 # MIT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keystoneauth1-3.3.0/tox.ini new/keystoneauth1-3.4.0/tox.ini --- old/keystoneauth1-3.3.0/tox.ini 2017-11-29 22:52:38.000000000 +0100 +++ new/keystoneauth1-3.4.0/tox.ini 2018-01-21 18:16:03.000000000 +0100 @@ -15,7 +15,7 @@ deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt .[kerberos,saml2,betamax,oauth1] -commands = ostestr {posargs} +commands = stestr run {posargs} whitelist_externals = bash @@ -63,12 +63,14 @@ exclude = .venv,.tox,dist,doc,*egg,build [testenv:docs] +deps = -r{toxinidir}/doc/requirements.txt commands= bash -c "rm -rf doc/build" bash -c "rm -rf doc/source/api" python setup.py build_sphinx [testenv:releasenotes] +deps = -r{toxinidir}/doc/requirements.txt commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html [hacking]