1. 18 Oct, 2019 1 commit
  2. 27 Sep, 2019 3 commits
    • Thomas Goirand's avatar
      Fixed (build-)depends for this release. · 0615b155
      Thomas Goirand authored
      0615b155
    • Thomas Goirand's avatar
      Merge tag '7.0.1' into debian/train · ce98f831
      Thomas Goirand authored
      keystonemiddleware 7.0.1 release
      
      meta:version: 7.0.1
      meta:diff-start: -
      meta:series: train
      meta:release-type: release
      meta:pypi: yes
      meta:first: no
      meta:release:Author: Sean McGinnis <sean.mcginnis@gmail.com>
      meta:release:Commit: Sean McGinnis <sean.mcginnis@gmail.com>
      meta:release:Change-Id: I4c182baedd9a44d1d1d520a1129856343f0ee404
      meta:release:Code-Review+1: Colleen Murphy <colleen@gazlene.net>
      meta:release:Code-Review+2: Sean McGinnis <sean.mcginnis@gmail.com>
      meta:release:Workflow+1: Sean McGinnis <sean.mcginnis@gmail.com>
      ce98f831
    • Thomas Goirand's avatar
      Now packaging 7.0.1 · bcce8f0b
      Thomas Goirand authored
      bcce8f0b
  3. 23 Aug, 2019 1 commit
    • Gage Hugo's avatar
      Comment html_static_path entry in docs conf.py · 0a65b142
      Gage Hugo authored
      Currently with sphinx 2.2.0 the docs job is throwing a warning
      that the html_static_path entry does not exist. We treat warnings
      as errors so this causes the job to fail.
      
      This change comments the html_static_path entry in conf.py since
      the path currently does not exist so it appears to be unused.
      
      Change-Id: Ib2c74f4f37855cec250d09b23c45b5b7fde44c8d
      0a65b142
  4. 16 Aug, 2019 1 commit
  5. 02 Aug, 2019 2 commits
  6. 19 Jul, 2019 1 commit
  7. 18 Jul, 2019 3 commits
  8. 15 Jul, 2019 1 commit
    • Colleen Murphy's avatar
      Add validation of app cred access rules · 5f093bf5
      Colleen Murphy authored
      This commit adds a validation step in the auth_token middleware to check
      for the presence of an access_rules attribute in an application
      credential token and to validate the request against the permissions
      granted for that token. During token validation it sends a header to
      keystone to indicate that it is capable of validating these access
      rules, and not providing this header for a token like this would result
      in the token failing validation. This disregards access rules for a
      service request made by a service on behalf of a user, such as nova
      making a request to glance, because such a request is not under the
      control of the user and is not expected to be explicitly allowed in the
      access rules.
      
      bp whitelist-extension-for-app-creds
      
      Depends-On: https://review.opendev.org/670377
      
      Change-Id: I185e0541d5df538d74edadf9976b3034a2470c88
      5f093bf5
  9. 12 Jul, 2019 1 commit
  10. 26 Jun, 2019 1 commit
  11. 21 Jun, 2019 1 commit
  12. 20 Jun, 2019 2 commits
    • Colleen Murphy's avatar
      Remove Diablo compatibility tests · d040cf67
      Colleen Murphy authored
      We really don't care about Diablo compatibility any more. Clean up the
      old cruft.
      
      Change-Id: Ib1f628eb40ba0cb6334300cb6dca7dcdfcddba1b
      d040cf67
    • Lance Bragstad's avatar
      Fix bandit warning · 0c3b3f5e
      Lance Bragstad authored
      Bandit is throwing warnings because we use 'token' in a couple of
      variables.
      
      Change-Id: I9fd21974027bc2bda6036c34fa587a044faaacae
      0c3b3f5e
  13. 19 Jun, 2019 1 commit
    • Morgan Fainberg's avatar
      Remove PKI/PKIZ support · b3e84aaf
      Morgan Fainberg authored
      Keystone server no longer supports PKI/PKIZ. This change removes
      keystonemiddleware's support of PKI/PKIZ and associated code.
      
      Change-Id: I9a6639a2aa3774be61972d57f38220f66fd5c0e8
      closes-bug: #1649735
      partial-bug: #1736985
      b3e84aaf
  14. 12 Jun, 2019 1 commit
  15. 03 Jun, 2019 1 commit
    • Jens Harbott's avatar
      Add a new option to choose the Identity endpoint · f6037a3d
      Jens Harbott authored
      Previously the admin Identity endpoint was hardcoded to be used. Now
      that keystone has dropped v2 support, deploying an admin Identity
      endpoint is no longer useful, so allow this to be changed by the
      deployer. Keep the default as using the `admin` endpoint, but create
      a deprecation message so that we can change the default in the future.
      
      Partial-Bug: 1830002
      Change-Id: I993a45ccb1109d67e65bf32d1e134cc9bec2d88e
      f6037a3d
  16. 20 May, 2019 2 commits
    • ushen's avatar
      print auth version for request strategy in debug · fe36fa6b
      ushen authored
      previously it will print auth version of _requested_auth_version
      which will be none all the time. Change it to klass makes more sense.
      
      Change-Id: I1cec8f163e808f03f15ef053e5768cf711238f0d
      fe36fa6b
    • Gage Hugo's avatar
      Blacklist bandit 1.6.0 & cap sphinx for 2.7 · e93d0789
      Gage Hugo authored
      The latest version of bandit has broken directory exclusion,
      so multiple test files are getting flagged. This change
      blocks version 1.6.0 while this issue is fixed for 1.6.1.
      
      This change also caps sphinx at <2.0.0 for python version 2.7.
      
      Change-Id: I5d32d835886360522af21f735c74b2f85036f7f1
      e93d0789
  17. 19 Apr, 2019 1 commit
  18. 17 Apr, 2019 1 commit
    • Colleen Murphy's avatar
      Bump memcached minimum version · fa0500e4
      Colleen Murphy authored
      python-memcached==1.56 causes the unit tests to fail under python3.7, so
      bump to the latest allowed by upper-constraints.
      
      Change-Id: I22a596afcb6b7477f6753ea9896f7ac025be3a85
      fa0500e4
  19. 12 Apr, 2019 1 commit
  20. 09 Apr, 2019 2 commits
  21. 28 Mar, 2019 3 commits
    • Thomas Goirand's avatar
      Removed Python 2 support. · 5000fcdc
      Thomas Goirand authored
      5000fcdc
    • Thomas Goirand's avatar
      Now packaging 6.0.0. · 0dac11d0
      Thomas Goirand authored
      0dac11d0
    • Thomas Goirand's avatar
      Merge tag '6.0.0' into debian/stein · 7d0da72b
      Thomas Goirand authored
      keystonemiddleware 6.0.0 release
      
      meta:version: 6.0.0
      meta:diff-start: -
      meta:series: stein
      meta:release-type: release
      meta:pypi: yes
      meta:first: no
      meta:release:Author: Colleen Murphy <colleen.murphy@suse.de>
      meta:release:Commit: Colleen Murphy <colleen.murphy@suse.de>
      meta:release:Change-Id: Ie49976f61e508f59fa71d75ba5219de9fa96ab77
      meta:release:Code-Review+1: Lance Bragstad <lbragstad@gmail.com>
      meta:release:Code-Review+2: Thierry Carrez <thierry@openstack.org>
      meta:release:Code-Review+2: Sean McGinnis <sean.mcginnis@gmail.com>
      meta:release:Workflow+1: Sean McGinnis <sean.mcginnis@gmail.com>
      7d0da72b
  22. 26 Mar, 2019 2 commits
    • Lance Bragstad's avatar
      Run lower-constraints on Bionic and update python-keystoneclient · e1929631
      Lance Bragstad authored
      This commit updates the version of python-keystoneclient to 3.10.0,
      which has fixes to handle different openssl versions:
      
        https://review.openstack.org/#/c/406175/2
      
      Since we're bumping the minimum version of python-keystoneclient to
      include that fix, we can safely run lower-constraints on Bionic
      instead of Xenial.
      
      Change-Id: I52fa44fe76590aced193618406ad30eb70d04f9d
      e1929631
    • Lance Bragstad's avatar
      Run lower-constraints job on Xenial · 3ece9273
      Lance Bragstad authored
      The openstack-lower-constraints-jobs was updated to run in Ubuntu
      Bionic, but the underlying version of openssl changed, causing tests
      in keystonemiddleware to fail with the current version of
      python-keystoneclient:
      
        https://review.openstack.org/#/c/406175/
      
      Instead of bumping the version immediately, we can ensure the
      lower-constraints job runs on Xenial for the time being, making it so
      we can backport this fix to stable/stein. A subsequent patch will
      update the job to use Bionic when we bump the minimum version of
      python-keystoneclient.
      
      Change-Id: I5a5ad8ad86df80755a304f70597578b7dfec2068
      3ece9273
  23. 18 Mar, 2019 1 commit
    • OpenStack Release Bot's avatar
      Update master for stable/stein · c321f1ec
      OpenStack Release Bot authored
      Add file to the reno documentation build to show release notes for
      stable/stein.
      
      Use pbr instruction to increment the minor version number
      automatically so that master versions are higher than the versions on
      stable/stein.
      
      Change-Id: Ieb590fa57bd3af81dbb39ac9de1d55e34de5cf22
      Sem-Ver: feature
      c321f1ec
  24. 06 Mar, 2019 1 commit
  25. 01 Mar, 2019 1 commit
  26. 28 Feb, 2019 1 commit
    • Colleen Murphy's avatar
      Fix debug tox environment · a2f04771
      Colleen Murphy authored
      Without this patch, inserting a breakpoint causes the debug tox
      environment to hang for a long time until the testenv timeout is
      reached. This patch modifies the testenv to use similar stdout/stderr
      settings that we use in keystoneclient and keystoneauth, which seems to
      fix the issue, and removes other unnecessary settings.
      
      Change-Id: I2f2f8f4738f43648a6bda067efe605db5807eaff
      a2f04771
  27. 15 Feb, 2019 2 commits
  28. 14 Feb, 2019 1 commit