1. 19 Jul, 2019 1 commit
  2. 18 Jul, 2019 2 commits
  3. 28 Mar, 2019 3 commits
    • Thomas Goirand's avatar
      Removed Python 2 support. · 5000fcdc
      Thomas Goirand authored
    • Thomas Goirand's avatar
      Now packaging 6.0.0. · 0dac11d0
      Thomas Goirand authored
    • Thomas Goirand's avatar
      Merge tag '6.0.0' into debian/stein · 7d0da72b
      Thomas Goirand authored
      keystonemiddleware 6.0.0 release
      meta:version: 6.0.0
      meta:diff-start: -
      meta:series: stein
      meta:release-type: release
      meta:pypi: yes
      meta:first: no
      meta:release:Author: Colleen Murphy <colleen.murphy@suse.de>
      meta:release:Commit: Colleen Murphy <colleen.murphy@suse.de>
      meta:release:Change-Id: Ie49976f61e508f59fa71d75ba5219de9fa96ab77
      meta:release:Code-Review+1: Lance Bragstad <lbragstad@gmail.com>
      meta:release:Code-Review+2: Thierry Carrez <thierry@openstack.org>
      meta:release:Code-Review+2: Sean McGinnis <sean.mcginnis@gmail.com>
      meta:release:Workflow+1: Sean McGinnis <sean.mcginnis@gmail.com>
  4. 15 Feb, 2019 2 commits
  5. 14 Feb, 2019 1 commit
  6. 12 Feb, 2019 1 commit
  7. 07 Feb, 2019 1 commit
    • Yang Youseok's avatar
      Add auth invalidation in auth_token for identity endpoint update · 4e51cb8e
      Yang Youseok authored
      Currently auth_token middleware does not concern identity endpoint
      update since service catalog is not updated after service having
      auth_token middleware started.
      Add invalidation logic when EndpointNotfound exception occurs so
      that auth_token middleware can be notified of sevice catalog update
      without restart.
      Change-Id: I631ee1538883d732fe3987b172d987f703dad5c0
      Closes-Bug: #1813739
  8. 09 Jan, 2019 1 commit
  9. 26 Dec, 2018 1 commit
  10. 24 Dec, 2018 1 commit
    • Leehom Li (feli5)'s avatar
      Make sure audit middleware use own context · 82707e15
      Leehom Li (feli5) authored
      Keystone audit middleware requires to iterate req.context as dict,
      but Glance requires to access req.context.read_only.
      When glance enabled audit, they are conflict with each other.
      This patch fix this issue by store audit context in
      Change-Id: Ib9a62a4cd0b7b9ffb9fa2d6440e8072d45ee0fee
      Closes-Bug: #1809101
      Signed-off-by: 's avatarLeehom Li <feli5@cisco.com>
  11. 16 Dec, 2018 1 commit
  12. 12 Dec, 2018 1 commit
  13. 05 Dec, 2018 1 commit
  14. 27 Nov, 2018 1 commit
  15. 19 Nov, 2018 1 commit
  16. 07 Nov, 2018 1 commit
  17. 06 Nov, 2018 1 commit
    • Colleen Murphy's avatar
      Add py36 tox environment · d3815148
      Colleen Murphy authored
      We already run python3.6 unit tests in CI. Add the py36 environment to
      the tox file so that developers with python3.6 available locally can opt
      into running that version too.
      Change-Id: Ic7aad3d4adfafba226d3b1d1b2106d55135ce6ff
  18. 05 Nov, 2018 1 commit
    • David Olorundare's avatar
      Documentation Fix - auth_url Port Number · 67fc7158
      David Olorundare authored
      Made a small fix to the documentation - replacing
      the current auth_url port number 35357, in the
      configuration section of the [keystone_authtoken],
      with 5000.
      This was based on an online conversation with Colleen;
      with the removal of the v2 API from keystone the project
      now recommends use of port 5000 instead of the previous one.
      Change-Id: I750a4d0e75e0b919fd00ddf21c0e7ce62d495f95
  19. 30 Oct, 2018 1 commit
    • Morgan Fainberg's avatar
      Stop supporting revocation list · 7e1b5362
      Morgan Fainberg authored
      With keystone's move to eliminating pki, pkiz, and uuid tokens the
      revocation list is no longer generated. Keystonemiddleware no longer
      needs to attempt to retrieve it and reference it.
      Change-Id: Ief3bf1941e62f9136dbed11877bca81c4102041b
      closes-bug: #1361743
      partial-bug: #1649735
      partial-bug: #1736985
  20. 29 Oct, 2018 1 commit
    • Michael Johnson's avatar
      Fix audit target service selection · 782729b6
      Michael Johnson authored
      The keystonemiddleware audit code would select the wrong OpenStack service
      endpoint for a request if the cloud is not using unique TCP ports for each
      service endpoint. As most services are no longer using a port per service,
      but instead using unique paths, this caused the audit to select the wrong
      target service. This leads to incorrect audit logging due to the wrong
      audit map being used.
      This patch checks the request to see if a TCP port was present in the request,
      and if not, fall back to using the target_endpoint_type configured in the
      audit map file.
      Change-Id: Ie2e0bf74ecca485d599a4041bb770bd6e296bc99
      Closes-bug: 1797584
  21. 28 Oct, 2018 1 commit
  22. 26 Oct, 2018 2 commits
  23. 05 Oct, 2018 1 commit
  24. 11 Sep, 2018 1 commit
    • Tim Burke's avatar
      Respect delay_auth_decision when Keystone is unavailable · da5932af
      Tim Burke authored
      The delay_auth_decision option has two main uses:
        1. Allow a service to provide its own auth mechanism, separate from
           auth tokens (like Swift's tempurl middleware).
        2. Allow a service to integrate with multiple auth middlewares which
           may want to use the same X-Auth-Token header.
      The first case works fine even when the service has trouble talking to
      Keystone -- the client doesn't send an X-Auth-Token header, so we never
      even attempt to contact Keystone.
      The second case can be problematic, however. The client will provide
      some token, and we don't know whether it's valid for Keystone, the other
      auth system, or neither. We have to *try* contacting Keystone, but if
      that was down we'd previously return a 503 without ever trying the other
      auth system. As a result, a Keystone failure results in a total system
      Now, when delay_auth_decision is True and we cannot determine whether a
      token is valid or invalid, we'll instead declare the token invalid and
      defer the rejection. As a result, Keystone failures only affect Keystone
      users, and tokens issued by the other auth system may still be validated
      and used.
      Change-Id: Ie4b3319862ba7fbd329dc6883ce837e894d5270c
  25. 10 Sep, 2018 2 commits
  26. 07 Sep, 2018 3 commits
    • Andreas Jaeger's avatar
      Use templates for cover and lower-constraints · 361867d3
      Andreas Jaeger authored
      Use openstack-tox-cover template, this runs the cover job as
      non-voting in the check queue only.
      Use openstack-lower-constraints-jobs template
      Remove jobs that are part of the templates.
      Change-Id: I58f3bc27aab2885514b8c6a8379e1c2214bd1afd
    • Lance Bragstad's avatar
      Remove tox_install.sh · 9a6875d4
      Lance Bragstad authored
      As part of removing reliance on the old and deprecated zuul-cloner, we
      need to shift constraints declaration to the deps line. This means we
      unfortunately have to duplicate the extras declarations into
      test-requirements - because otherwise the contraints for
      keystonemiddleware conflicts with the installation of itself.
      Change-Id: I8dbb31d1c1fda6df386f456dcf1d8bbed6d168ce
    • wangxiyuan's avatar
      No need to compare CONF content · 4fb7fef1
      wangxiyuan authored
      When setup AuthProtocol class, if the CONF object contains
      deprecated options, An Error "dictionary changed size during
      iteration" will raise when comparing the CONF content.
      Changing "!=" to "is not" here to avoid compare the CONF
      content anymore.
      Change-Id: I820aa244160db4f81149d2576386c86b46de0084
      Closes-bug: #1789351
  27. 04 Sep, 2018 1 commit
  28. 29 Aug, 2018 4 commits
  29. 28 Aug, 2018 1 commit