CHANGES¶
4.13.0¶
- Limit deprecated token message to single warning
- auth_token: set correct charset when replying with 401
- Updated from global requirements
4.12.0¶
- Pass ?allow_expired
- Updated from global requirements
- clean up a few doc building warnings
- Add docutils contraint on 0.13.1 to fix building
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
4.11.0¶
- Drop MANIFEST.in - it’s not needed by pbr
- Show team and repo badges on README
- Updated from global requirements
- Deprecate PKI token format options
- Updated from global requirements
- Mock log only after app creation
- Updated from global requirements
- Update .coveragerc after the removal of respective directory
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Add service token to user token plugin
- Specify that unknown arguments can be passed to fetch_token
- Enable release notes translation
- Changed the home-page link
4.10.0¶
- Return and use an app wherever possible
- Refactor audit tests to use create_middleware
- Use oslo_messaging conf fixture
- Extract oslo_messaging specific audit tests
- Use the mocking fixture in notifier tests
- Updated from global requirements
- Use method constant_time_compare from oslo.utils
- Raise NotImplementedError instead of NotImplemented
- Updated from global requirements
- Updated from global requirements
- Update code to use Newton as the code name
- standardize release note page ordering
- Update reno for stable/newton
- Globalize authentication failure error
- Updated from global requirements
4.9.0¶
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
4.8.0¶
- Updated from global requirements
- Updated from global requirements
- Fix description of option cache
4.7.0¶
- Add Python 3.5 classifier
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Use jsonutils instead of ast for loading the service catalog
- Use AccessInfo in UserAuthPlugin instead of custom
- Remove the _is_v2 and _is_v3 helpers
- Remove oslo-incubator
4.6.0¶
- Updated from global requirements
- Use extras for oslo.messaging dependency
- Refactor API tests to not run middleware
- Refactor audit api tests into their own file
- Refactor create_event onto the api object
- Extract a common notifier pattern
- Break out the API piece into its own file
- Use createfile fixture in audit test
- Move audit into its own folder
- use local config options if available in audit middleware
- Use oslo.config fixture in audit tests
- Pop oslo_config_config before doing paste convert
- Updated from global requirements
- Fix typo ‘olso’ to ‘oslo’
- Config: no need to set default=None
- Fix an issue with oslo_config_project paste config
- Updated from global requirements
- Pass X_IS_ADMIN_PROJECT header from auth_token
- Clean up middleware architecture
- Updated from global requirements
- Add a fixture method to add your own token data
- Move auth token opts calculation into auth_token
- Make audit middleware use common config object
- Consolidate user agent calculation
- Create a Config object
- Updated from global requirements
- Updated from global requirements
- Improve documentation for auth_uri
- PEP257: Ignore D203 because it was deprecated
- Updated from global requirements
- Use method split_path from oslo.utils
- Updated from global requirements
- Make sure audit can handle API requests which does not require a token
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Determine project name from oslo_config or local config
4.5.1¶
- Fix AttributeError on cached-invalid token checks
4.5.0¶
- Updated from global requirements
- Updated from global requirements
- Fix D105: Missing docstring in magic method (PEP257)
- Fix D200: One-line docstring should fit on one line with quotes (PEP257)
- Fix D202: No blank lines allowed after function docstring (PEP257)
- Adding audit middleware specific notification driver conf
- remove old options from documentation
- generate sample config automatically
- Return default value for pkg_version if missing
- Updated from global requirements
- Fix D204 PEP257 violation and enable D301 and D209
- Fix D400 PEP257 violation
- Fix D401 PEP257 violation and enable H403
- Update config options
- s3token config with auth URI
- Updated from global requirements
- Return JSON for Unauthorized message
- Updated from global requirements
- Fix doc build if git is absent
- PEP257: add flake8-docstring testing
- Only confirm token binding on one token
- Create signing_dir upon first usage
- Updated from global requirements
- Updated from global requirements
- Handle cache invalidate outside cache object
- Update reno for stable/mitaka
- Remove bandit.yaml in favor of defaults
- use the same context across a request
- Updated from global requirements
- Update documentation for running tests
- Updated from global requirements
- Add back a bandit tox job
4.3.0¶
- argparse expects a list not a dictionary
- update deprecation message to indicate when deprecations were made
- Updated from global requirements
- Split oslo_config and list all opts
- Updated from global requirements
- Make pep8 the linting interface
- Remove clobbering of passed oslo_config_config
- Updated from global requirements
- Use positional instead of keystoneclient version
- Updated from global requirements
- Remove Babel from requirements.txt
4.2.0¶
- Updated from global requirements
- Deprecate in-process cache
- Revert “Disable memory caching of tokens”
- Revert “Don’t cache signed tokens”
- Updated from global requirements
- Remove bandit tox environment
- Remove unnecessary _reject_request function
- Group common PKI validation code - Refactor
- Group common PKI validation code - Tests
- Remove except Exception handler
- Fix tests to work with keystoneauth1 2.2.0
- Bandit profile updates
- Replace deprecated library function os.popen() with subprocess
4.1.0¶
- Add project_name to the auth_token fixture
- Revert “Stop using private keystoneclient functions”
- create release notes for ksm 4.1.0
- Don’t cache signed tokens
- Disable memory caching of tokens
- Updated from global requirements
- Use oslo_config choices support
- Stop using private keystoneclient functions
- Use fixture for mock patch
- auth_token verify revocation by audit_id
- Updated from global requirements
- Deprecated tox -downloadcache option removed
- Updated from global requirements
- Make BaseAuthProtocol public
- Use load_from_options_getter for auth plugins
- Configuration is outdated
- Updated from global requirements
- Use keystoneauth for auth_token fixture
- Don’t list deprecated opts in sample config
- Updated from global requirements
- Put py34 first in the env order of tox
4.0.0¶
- Add release notes for keystonemiddleware
- Updated from global requirements
- Adding parse of protocol v4 of AWS auth to ec2_token
- Add a mock-fixture for keystonemiddleware auth_protocol
- Add domain and trust details to user plugin
- Remove py26 target from tox.ini
- Use keystoneauth
- Updated from global requirements
- Address hacking check H405
- update middlewarearchitecture.rst
- Make “Auth Token confirmed use of %s apis” debug level
- Define entry points for filter factories for Paste Deployment
- Updated from global requirements
- Updated from global requirements
3.0.0¶
- Updated from global requirements
- drop use of norm_ns
2.4.1¶
- Updated from global requirements
- Straighten up exceptions imports
- Separate setting catalog on headers from others
2.4.0¶
- Updated from global requirements
- Updated from global requirements
- Remove auth headers in AuthProtocol
- Use request helpers for token_info/token_auth
- Make __all__ immutable
- Move response status check to the call
- only make token invalid when it really is
- auto-generate release history
- Add shields.io version/downloads links/badges into README.rst
- Updated from global requirements
- Change ignore-errors to ignore_errors
- Ensure auth_plugin options are in generated CONF
- Cleanup a few auth_token comments
2.3.0¶
- Updated from global requirements
- Remove unused group parameter from tests
- auth_token tests use clean config
- Docstring updates
- Use ConnectionRefused for auth_token tests
2.2.0¶
- Seperate standalone cache tests
- Import _memcache_pool normally
- Create Environment cache pool
- Handle memcache pool arguments collectively
- Updated from global requirements
- Allow specifying a region name to auth_token
- Updated from global requirements
- Allow to use oslo.config without global CONF
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- Move common request processing to base class
- Fix rst
- py34 not py33 is tested and supported
- Refactor extract method for offline validation
- Send the correct user-agent to Keystone
- Move enforcement and time validation to base class
- Separate the fetch and validate parts of auth_token
- Fixes modules index generated by Sphinx
2.1.0¶
- Add token_auth helper to request
- Add user_token and service_token to request
- Create a simple base class from AuthProtocol
- Switch from deprecated oslo_utils.timeutils.strtime
- Updated from global requirements
- Refactor _confirm_token_bind takes AccessInfo
- Make token bind work with a request
- Rename _LOG to log in auth_token middleware
- Don’t allow webob to set a default content type
- Prevent a UnicodeDecodeError in the s3token middleware
- Remove install_venv_common and fix typo in memorycache
2.0.0¶
- Ensure cache keys are a known/fixed length
- Updated from global requirements
- Refactor request methods onto request object
- validate_token returns AccessInfo
- Updated from global requirements
- Fixes a spelling error in a test name
- Remove custom header handling
- Unit tests catch deprecated function usage
- Common base class for unit tests
- Stop using function deprecated in py34
- Move bandit requirement to test-requirements.txt
- Fetch user token from request rather than env
- Remove the _msg_format function
- Base use webob
- Don’t rely on token_info for header building
- Move project included validation
- Depend on keystoneclient for expiration checking
- Don’t store expire into memcache
- Removes discover from test-reqs
- Drop py2.6 support for keystone middleware
- Create new user plugin tests
- Add an explicit test failure condition when auth_token is missing
- Fixup test-requirements-py3.txt
- Fix list_opts test to not check all deps
- Refactor certificate fetch functions
- tox env for Bandit
- Cleanup token hashes generated by cache
- Updated from global requirements
- Improved handling of endpoints missing urls
- Refactor: extract echo_app from enclosing class
- Add keystone v3 API to fetch revocation list
- Simplify request making in auth_token tests
- Change auth_token to use keystoneclient
- Deprecate auth_token authentication
- Updated from global requirements
1.6.1¶
- Ignore cover directory
- Remove superfluous / spammy log line
- Drop use of ‘oslo’ namespace package
- Port keystonemiddleware to Python 3
- Remove unused iso8601 dependency
- Update README to work with release tools
1.6.0¶
- Uncap library requirements for liberty
- Remove retry parameter
- Fix s3_token middleware parsing insecure option
- Updated from global requirements
- Pull echo service out of auth_token
- Fix typos in keystonemiddleware
- Rename requests mock object in testing
- Update auth_token config docs
- Crosslink to other sites that are owned by Keystone
- Move _memcache_pool into auth_token
- Move unit tests into tests.unit
1.5.0¶
- Allow loading auth plugins via overrides
- Updated from global requirements
- Delay denial when service token is invalid
- Updated from global requirements
- Move UserAuthPlugin into its own file
- Extract IdentityServer into file
- Extract all TokenCache related classes to file
- Break default auth plugin into file
- Extract revocations to file
- Extract SigningDirectory into file
- Separate exceptions into their own file
- Updated from global requirements
- Updated from global requirements
- Move auth_token into its own folder
- Updated from global requirements
1.4.0¶
- Refactor auth_token revocation list members to new class
- Refactor extract class for signing directory
- Turn our auth plugin into a token interface
- iso expires should be returned in one place
- move add event creation logic to keystonemiddleware
- Updated from global requirements
- Sync with oslo-incubator
- Use oslo.context instead of incubator code
- Refactor auth_uri handling
- make audit event scoped to request session and not middleware
- Updated from global requirements
- Remove custom string truth handling
- Updated from global requirements
- incorrect reference in enabling audit middleware
- Updated from global requirements
- Enforce check F821 and H304
- Switch from oslo.config to oslo_config
- Switch from oslo.serialization to oslo_serialization
- Switch from oslo.utils to oslo_utils
- Add python-memcached to test-requirements
- Correct failures for check E122
- Correct failures for check H703
- Updated from global requirements
- Correct failures for check H238
- Move to hacking 0.10
- Updated from global requirements
- Use a test fixture for mocking time
- Fix environ keys missing HTTP_ prefix
- support micro version if sent
- Fix passing parameters to log message
- Correct incorrect rst in docstrings
- remove unused variable in _IdentityServer
1.3.1¶
- Fix auth_token does version request for no token
- Adds Memcached dependencies doc
- fallback to online validation if offline validation fails
1.3.0¶
- documentation for audit middleware
- remove the unused method _will_expire_soon
- Updated from global requirements
- Use newer requests-mock syntax
- Allow loading other auth methods in auth_token
- Auth token tests create temp cert directory
- Add a test to ensure the version check error
- Split identity server into v2 and v3
- Workflow documentation is now in infra-manual
- Use real discovery object in auth_token middleware
- Updated from global requirements
- Make everything in audit middleware private
- Updated from global requirements
- Adding audit middleware to keystonemiddleware
- Fix paste config option conversion for auth options
- Auth token supports deprecated names for paste conf options
- Correct tests to use strings in conf
- Change occurrences of keystone to identity server
- Updated from global requirements
- Updated from global requirements
- Updated from global requirements
- I18n
- Adds space after # in comments
- Update python-keystoneclient reference
- Use Discovery fixtures for auth token tests
- Convert authentication into a plugin
- Add versions to requests
- Use an adapter in IdentityServer
- Use connection retrying from keystoneclient
- Updated from global requirements
- Use correct name of oslo debugger script
- Use new ksc features in User Token Plugin
- Remove netaddr package requirement
- add context to keystonemiddleware
- Updated from global requirements
- Improve help strings
- Updated from global requirements
- Changing the value type of http_connect_timeout
- Revert “Support service user and project in non-default domain”
- Replace httpretty with requests-mock
- Encode middleware error message as bytes
- Docstring cleanup
- Remove HTTP_X_STORAGE_TOKEN doc
- Fix reference to middleware architecture doc
- Clean up the middleware docs
- Update oslo-incubator and switch to oslo.{utils,serialization}
- Refactor auth_token cache
1.2.0¶
- Add an optional advanced pool of memcached clients
- Fix auth_token for old oslo.config
- Support service user and project in non-default domain
- Add composite authentication support
- Fix test failure after discovery hack
- Updated from global requirements
- BaseAuthTokenMiddlewareTest.setUp call super normally
- Remove unused iso8601
- Use oslo_debug_helper and remove our own version
- convert the conf value into correct type
- Always add auth URI to unauthorized requests
- Work toward Python 3.4 support and testing
- warn against sorting requirements
- Always supply a username to auth_token tests setup
- Create an Auth Plugin to pass to users
- Updated from global requirements
1.1.1¶
- Hash for PKIZ
- auth_token cached token handling
- Add a test for re-caching a token
- Updated from global requirements
- Remove intersphinx mappings
- Use oslosphinx in keystonemiddlware for documentation
- Updated from global requirements
- Convert auth_token middleware to use sessions
1.1.0¶
- Updated from global requirements
- Remove mox dependency
- move webob from test-requirements to requirements
- remove unused dep: stevedore
- remove unused dep: prettytable
- Example JSON files should be human-readable
- Updated from global requirements
- Mark keystonemiddleware as being a universal wheel
- Use keystoneclient fixtures in middleware tests
- prefer identity API v3 over v2 in auth_token
- Clean up openstack-common.conf
- Sync with oslo-incubator 569979adf
- Refactor auth_token, move identity server members to class
1.0.0¶
- Expose an entry point to list auth_token middleware config options
- Privatize Everything
- Privatize Everything
- add CONTRIBUTING.rst
- add README
- Update setup.cfg to remove keystoneclient ref
- Bring over debug_helper.sh
- Update requirement files
- Update .gitignore files
- Correct Doc location and update for middleware only
- Move Docs to the right location
- Remove .update-venv
- Update middleware and tests for new package
- Update requirements
- Update MANIFEST.in
- Remove unused testing files from keystoneclient
- Move examples split to new location
- Move ec2_token to new location
- Add in original keystoneclient test-requirements.txt
- Initial oslo-incubator sync
- Cleanup unused testr.conf file
- Move tests to new location
- Moving middleware to new location
- Initial commit
- Fix 500 error if request body is not JSON object
- auth_token _cache_get checks token expired
- auth_token _cache_get checks token expired
- Using six.u(‘’) instead of u’‘
- Session Documentation
- Link to docstrings in using-api-v3
- Refactor auth_token token cache members to class
- Refactor auth_token token cache members to class
- Add service_name to URL discovery
- Don’t use mock non-exist method assert_called_once
- Remove _factory methods from auth plugins
- Make get_oauth_params conditional for specific oauthlib versions
- Changes exception raised by v3.trusts.update()
- Add role assignments as concept in Client API V3 docs
- Fix tests to use UUID strings rather than ints for IDs
- Clean up oauth auth plugin code
- Add endpoint handling to Token/Endpoint auth
- Add support for extensions-list
- auth_token middleware hashes tokens with configurable algorithm
- auth_token middleware hashes tokens with configurable algorithm
- Remove left over vim headers
- Add /role_assignments endpoint support
- Authenticate via oauth
- Auth Plugin invalidation
- Move DisableModuleFixture to utils
- replace string format arguments with function parameters
- Fixes an erroneous type check in a test
- auth_token hashes PKI token once
- auth_token hashes PKI token once
- Compressed Signature and Validation
- Compressed Signature and Validation
- Compressed Signature and Validation
- OAuth request/access token and consumer support for oauth client API
- Regions Management
- Discovery URL querying functions
- Move auth_token tests not requiring v2/v3 to new class
- Cached tokens aren’t expired
- Cached tokens aren’t expired
- Move auth_token cache pool tests out of NoMemcache
- Fixed the size limit tests in Python 3
- Make auth_token return a V2 Catalog
- Make auth_token return a V2 Catalog
- Fix client fixtures
- fixed typos found by RETF rules
- fixed typos found by RETF rules
- auth_token configurable check of revocations for cached
- auth_token configurable check of revocations for cached
- Remove unused AdjustedBaseAuthTokenMiddlewareTest
- auth_token test remove unused fake_app parameter
- Fix typo in BaseAuthTokenMiddlewareTest
- Enhance tests for auth_token middleware
- Limited use trusts
- Debug log when token found in revocation list
- Ensure that cached token is not revoked
- Fix the catalog format of a sample token
- remove universal_newlines
- replace double quotes with single
- Deprecate admin_token option in auth_token
- Create a V3 Token Generator
- Implement endpoint filtering functionality on the client side
- Fix typo of ANS1 to ASN1
- Fix typo of ANS1 to ASN1
- Add new error for invalid response
- Rename HTTPError -> HttpError
- Add CRUD operations for Federation Mapping Rules
- Don’t use generic kwargs in v2 Token Generation
- Update docs for auth_token middleware config options
- Allow session to return an error response object
- Add service name to catalog
- Hash functions support different hash algorithms
- Add CRUD operations for Identity Providers
- eliminate race condition fetching certs
- eliminate race condition fetching certs
- Allow passing auth plugin as a parameter
- Prefer () to continue line per PEP8
- Prefer () to continue line per PEP8
- Use HttpNotImplemented in tests.v3.test_trusts
- Ensure JSON headers in Auth Requests
- Create a test token generator and use it
- Safer noqa handling
- Rename request_uri to identity_uri
- Tests should use identity_uri by default
- Replace auth fragements with identity_uri
- Replace auth fragements with identity_uri
- Remove releases.rst from keystone docs
- Handle URLs via the session and auth_plugins
- Add a method for changing a user’s password in v3
- sanity check memcached availability before running tests against it
- Change the default version discovery URLs
- add functional test for cache pool
- Add a positional decorator
- add pooling for cache references
- add pooling for cache references
- use v3 api to get certificates
- use v3 api to get certificates
- Don’t use a connection pool unless provided
- Reference docstring for auth_token fields
- Docs link to middlewarearchitecture
- Uses explicit imports for _
- Discover should support other services
- Replace httplib.HTTPSConnection in ec2_token
- Revert “Add request/access token and consumer...”
- Revert “Authenticate via oauth”
- Fix doc build errors
- Fix doc build errors
- Fix doc build errors
- Generate module docs
- Authenticate via oauth
- Add request/access token and consumer support for keystoneclient
- Add ‘methods’ to all v3 test tokens
- Use AccessInfo in auth_token middleware
- Add ‘methods’ to all v3 test tokens
- Handle Token/Endpoint authentication
- Split sample PKI token generation
- Fix retry logic
- Fix state modifying catalog tests
- Remove reference to non-existent shell doc
- increase default revocation_cache_time
- Make keystoneclient not log auth tokens
- improve configuration help text in auth_token
- Log the command output on CertificateConfigError
- V3 xml responses should use v3 namespace
- Enforce scope mutual exclusion for trusts
- Token Revocation Extension
- Atomic write of certificate files and revocation list
- Privatize auth construction parameters
- Set the right permissions for signing_dir in tests
- deprecate XML support in favor of JSON
- Capitalize Client API title consistently
- Remove http_handler config option in auth_token
- Rely on OSLO.config
- Use admin_prefix consistently
- demonstrate auth_token behavior with a simple echo service
- Remove redundant default value None for dict.get
- Remove redundant default value None for dict.get
- correct typo of config option name in error message
- remove extra indentation
- refer to non-deprecated config option in help
- Create V3 Auth Plugins
- Create V2 Auth Plugins
- Fix role_names call from V3 AccessInfo
- Interactive prompt for create user
- Replace assertEqual(None, *) with assertIsNone in tests
- Ensure domains.list filtered results are correct
- Test query-string for list actions with filter arguments
- Fix keystone command man page
- Add link to the v3 client api doc
- Fix references to auth_token in middlewarearchitecture doc
- Use WebOb directly in ec2_token middleware
- Don’t use private last_request variable
- Python: Pass bytes to derive_keys()
- Use WebOb directly for locale testing
- Make sure to unset all variable starting with OS_
- Python3: use six.moves.urllib.parse.quote instead of urllib.quote
- Remove vim header
- Remove vim header
- Remove vim header
- Python3: httpretty.last_request().body is now bytes
- Python3: fix test_insecure
- Deprecate s3_token middleware
- Python3: webob.Response.body must be bytes
- Python 3: call functions from memcache_crypt.py with bytes as input
- Python 3: call functions from memcache_crypt.py with bytes as input
- Use requests library in S3 middleware
- Use requests library in S3 middleware
- Python 3: make tests from v2_0/test_access.py pass
- Python 3: make tests from v2_0/test_access.py pass
- Create Authentication Plugins
- Fix debug curl commands for included data
- Add back –insecure option to CURL debug
- Use HTTPretty in S3 test code
- Provide a conversion function for creating session
- Update reference to middlewarearchitecture doc
- Update middlewarearchitecture config options docs
- Remove support for old Swift memcache interface
- Remove support for old Swift memcache interface
- Replace urllib/urlparse with six.moves.*
- Python 3: fix tests/test_utils.py
- Python 3: Fix an str vs bytes issue in tempfile
- Return role names by AccessInfo.role_names
- Copy s3_token middleware from keystone
- Copy s3_token middleware from keystone
- build auth context from middleware
- Fix E12x warnings found by Pep8 1.4.6
- Fix typos in documents and comments
- Fix typos in documents and comments
- Consistently support kwargs across all v3 CRUD Manager ops
- Use six to make dict work in Python 2 and Python 3
- Python 3: set webob.Response().body to a bytes value
- Remove test_print_{dict,list}_unicode_without_encode
- Tests use cleanUp rather than tearDown
- Adjust import items according to hacking import rule
- Adjust import items according to hacking import rule
- Adjust import items according to hacking import rule
- Replace assertTrue with explicit assertIsInstance
- Fix discover command failed to read extension list issue
- Fix incorrect assertTrue usage
- Make assertQueryStringIs usage simpler
- auth_token tests use assertIs/Not/None
- Make common log import consistent
- Python 3: Use HTTPMessage.get() rather than HTTPMessage.getheader()
- auth_token tests close temp file descriptor
- Tests cleanup temporary files
- Removes use of timeutils.set_time_override
- Controllable redirect handling
- Verify token binding in auth_token middleware
- Verify token binding in auth_token middleware
- Fix auth_token middleware test invalid cross-device link issue
- Add unit tests for generic/shell.py
- Rename using-api.rst to using-api-v2.rst
- Documents keystone v3 API usage - part 1
- v3 test utils, don’t modify input parameter
- Fix error in v3 credentials create/update
- Rename instead of writing directly to revoked file
- Correctly handle auth_url/token authentication
- Remove debug specific handling
- Fix missed management_url setter in v3 client
- Add service catalog to domain scoped token fixture
- Change assertEquals to assertIsNone
- Avoid meaningless comparison that leads to a TypeError
- Python3: replace urllib by six.moves.urllib
- Fix –debug handling in the shell
- Rename tokenauth to authtoken in the doc
- use six.StringIO for compatibility with io.StringIO in python3
- Properly handle Regions in keystoneclient
- Use testresources for example files
- Discover supported APIs
- Warn user about unsupported API version
- Add workaround for OSError raised by Popen.communicate()
- Use assertIn where appropriate
- Extract a base Session object
- Do not format messages before they are logged
- keystoneclient requires an email address when creating a user
- Fix typo in keystoneclient
- Encode the text before print it to console
- Opt-out of service catalog
- Opt-out of service catalog
- Opt-out of service catalog
- Remove deprecated auth_token middleware
- “publicurl” should be required on endpoint-create
- Update the management url for every fetched token
- Fix python3 incompatible use of urlparse
- Convert revocation list file last modified to UTC
- Convert revocation list file last modified to UTC
- Migrate the keystone.common.cms to keystoneclient
- Migrate the keystone.common.cms to keystoneclient
- Avoid returning stale token via auth_token property
- Remove SERVICE_TOKEN and SERVICE_ENDPOINT env vars
- Make ROOTDIR determination more robust
- Replace OpenStack LLC with OpenStack Foundation
- Replace OpenStack LLC with OpenStack Foundation
- Replace OpenStack LLC with OpenStack Foundation
- Replace OpenStack LLC with OpenStack Foundation
- Add AssertRequestHeaderEqual test helper and make use of it
- python3: Make iteritems py3k compat
- Normalize datetimes to account for tz
- Normalize datetimes to account for tz
- assertEquals is deprecated, use assertEqual (H602)
- remove the nova dependency in the ec2_token middleware
- Fix H202 assertRaises Exception
- Fix H202 assertRaises Exception
- Refactor for testability of an upcoming change
- Refactor for testability of an upcoming change
- Allow v2 client authentication with trust_id
- Fix misused assertTrue in unit tests
- Add auth_uri in conf to avoid unnecessary warning
- Move tests in keystoneclient
- Set example timestamps to 2038-01-18T21:14:07Z
- Replace HttpConnection in auth_token with Requests
- Replace HttpConnection in auth_token with Requests
- Support client generate literal ipv6 auth_uri base on auth_host
- Log user info in auth_token middleware
- Changed header from LLC to Foundation based on trademark policies
- python3: Use from future import unicode_literals
- Fix and enable gating on F841
- Use OSLO jsonutils instead of json module
- Allow configure the number of http retries
- Use hashed token for invalid PKI token cache key
- Make auth_token middleware fetching respect prefix
- Move all opens in auth_token to be in context
- Refactor Keystone to use unified logging from Oslo
- Refactor verify signing dir logic
- Fixes files with wrong bitmode
- Don’t cache tokens as invalid on network errors
- Fix a typo in fetch_revocation_list
- auth_uri (public ep) should not default to auth_* values (admin ep)
- Adds help in keystone_authtoken config opts
- python3: Add basic compatibility support
- remove swift dependency of s3 middleware
- flake8: fix alphabetical imports and enable H306
- Drop webob from auth_token.py
- no logging on cms failure
- rm improper assert syntax
- Fix and enable gating on H402
- Raise key length defaults
- Fix auth_token.py bad signing_dir log message
- Fix and enable H401
- Revert environment module usage in middleware
- Fix the cache interface to use time= by default
- Change memcache config entry name in Keystone to be consistent with Oslo
- Change memcache config entry name in Keystone to be consistent with Oslo
- Fix memcache encryption middleware
- Fix memcache encryption middleware
- Isolate eventlet code into environment
- Provide keystone CLI man page
- Check Expiry
- Check Expiry
- import only modules (flake8 H302)
- Satisfy flake8 import rules F401 and F403
- Default signing_dir to secure temp dir (bug 1181157)
- Use testr instead of nose
- Securely create signing_dir (bug 1174608)
- adding notes about dealing with exceptions in the client
- Fix v3 with UUID and memcache expiring
- Fix v3 with UUID and memcache expiring
- Allow keystoneclient to work with older keystone installs
- Wrap config module and require manual setup (bug 1143998)
- Config value for revocation list timeout
- Cache tokens using memorycache from oslo
- Cache tokens using memorycache from oslo
- xml_body returns backtrace on XMLSyntaxError
- Make auth_token lazy load the auth_version
- Doc info and other readability improvements
- Retry http_request and json_request failure
- Use v2.0 api by default in auth_token middleware
- Fix auth-token middleware to understand v3 tokens
- Fix auth-token middleware to understand v3 tokens
- Remove test dep on name of dir (bug 1124283)
- bug 1131840: fix auth and token data for XML translation
- Rework S3Token middleware tests
- v3 token API
- Use oslo-config-2013.1b3
- Allow configure auth_token http connect timeout
- Allow configure auth_token http connect timeout
- Fix spelling mistakes
- Mark password config options with secret
- Fixes ‘not in’ operator usage
- Fix thinko in self.middleware.cert_file_missing
- Limit the size of HTTP requests
- Blueprint memcache-protection: enable memcache value encryption/integrity check
- Blueprint memcache-protection: enable memcache value encryption/integrity check
- Warning message is not logged for valid token-less request
- Use os.path to find ~/keystone-signing (bug 1078947)
- Remove iso8601 dep in favor of openstack.common
- remove unused import
- Bug 1052674: added support for Swift cache
- URL-encode user-supplied tokens (bug 974319)
- Fix middleware logging for swift
- Remove swift auth
- Don’t try to split a list of memcache servers
- Import auth_token middleware from keystoneclient
- Throw validation response into the environment
- Add auth-token code to keystoneclient, along with supporting files
- Add auth-token code to keystoneclient, along with supporting files
- Use the right subprocess based on os monkeypatch
- Make initial structural changes to keystoneclient in preparation to moving auth_token here from keystone. No functional change should occur from this commit (even though it did refresh a newer copy of openstack.common.setup.py, none of the newer updates are in functions called from this client)
- fixes bug 1074172
- HACKING compliance: consistent use of ‘except’
- auth_token hash pki key PKI tokens on hash in memcached when accessed by auth_token middelware
- Move ‘opentack.context’ and ‘openstack.params’ definitions to keystone.common.wsgi
- Replace refs to ‘Keystone API’ with ‘Identity API’
- replacing PKI token detection from content length to content prefix. (bug 1060389)
- updating base keystoneclient documentation
- updating keystoneclient doc theme
- Backslash continuation cleanup
- Check for expected cfg impl (bug 1043479)
- Fix PEP8 issues
- Fix auth_token middleware to fetch revocation list as admin
- allow middleware configuration from app config
- Change underscores in new cert options to dashes
- PKI Token revocation
- Use user home dir as default for cache
- Set default signing_dir based on os USER
- Test for Cert by name
- Cryptographically Signed tokens
- Prevent service catalog injection in auth_token
- Admin Auth URI prefix
- Support 2-way SSL with Keystone server if it is configured to enforce 2-way SSL. See also https://review.openstack.org/#/c/7706/ for the corresponding review for the 2-way SSL addition to Keystone
- Change CLI options to use dashes
- Keystone should use openstack.common.jsonutils
- Removed unused import
- Reorder imports by full module path
- Pass serviceCatalog in auth_token middleware
- 400 on unrecognized content type (bug 1012282)
- PEP8 fixes
- Move docs to doc
- fix importing of optional modules in auth_token
- blueprint 2-way-ssl
- Fixes some pep8 warning/errors
- Update swift_auth documentation
- Add ACL check using <tenant_id>:<user> format
- Use X_USER_NAME and X_ROLES headers
- Allow other middleware overriding authentication
- Backslash continuation removal (Keystone folsom-1)
- Added ‘NormalizingFilter’ middleware
- Make sure we parse delay_auth_decision as boolean
- Exit on error in a S3 way
- Add a _ at the end of reseller_prefix default
- additional logging to support debugging auth issue
- Add support to swift_auth for tokenless authz
- Improve swift_auth test coverage + Minor fixes
- S3 tokens cleanups
- updating docs to include creating service accts
- Rename tokenauth to authtoken
- Remove nova-specific middlewares
- Remove glance_auth_token middleware
- Update username -> name in token response
- Refactor keystone.common.logging use (bug 948224)
- Allow connect to another tenant
- Improved legacy tenancy resolution (bug 951933)
- Fix iso8601 import/use and date comparaison
- Add simple set of tests for auth_token middleware
- Add token caching via memcache
- Added license header (bug 929663)
- Make sure we have a port number before int it
- HTTP_AUTHORIZATION was used in proxy mode
- Add reseller admin capability
- improve auth_token middleware
- Unpythonic code in redux in auth_token.py
- Handle KeyError in _get_admin_auth_token
- Provide request to Middleware.process_response()
- Set tenantName to ‘admin’ in get_admin_auth_token
- XML de/serialization (bug 928058)
- Update auth_token middleware so it sets X_USER_ID
- Fix case of admin role in middleware
- Remove extraneous _validate_claims() arg
- Fix copyright dates and remove duplicate Apache licenses
- Re-adds admin_pass/user to auth_tok middleware
- Update docs for Swift and S3 middlewares
- Added Apache 2.0 License information
- Update swift token middleware
- Add s3_token
- Fixes role checking for admin check
- Add tests for core middleware
- termie all the things
- be more safe with getting json aprams
- fix keystoneclient tests
- pep8 cleanup
- doc updates
- fix middleware
- update some names
- fix some imports
- re-indent
- check for membership
- add more middleware
- woops
- add legacy middleware