CHANGES

CHANGES

  • Make tests pass in 2022

4.22.0

  • Skip the services with no endpoints when parsing service catalog
  • Update stable/queens upper constraints file location
  • Make sure audit middleware use own context
  • OpenDev Migration Patch
  • import zuul job settings from project-config
  • Add arguments for MemcacheClientPool init
  • Fix KeystoneMiddleware memcachepool abstraction
  • Fix the doc CI failure
  • Add option to disable using oslo_message notifier
  • Updated from global requirements
  • Update UPPER_CONSTRAINTS_FILE for stable/queens
  • Update .gitreview for stable/queens

4.21.0

  • Imported Translations from Zanata

4.20.0

  • cfg.CONF must not be used directly
  • Fix docs builds
  • Log TokenNotFound at INFO level instead of WARNING
  • rel-note and doc for lazy loading of oslo_cache
  • lazy loading of oslo_cache

4.19.0

  • Updated from global requirements
  • Use oslo_cache in auth_token middleware
  • Remove setting of version/release from releasenotes
  • Updated from global requirements
  • Imported Translations from Zanata

4.18.0

  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Fix py3 byte/string error
  • Rename auth_uri to www_authenticate_uri
  • Updates for stestr
  • Issue a deprecation warning for validating PKI tokens
  • Fix gate error caused by mocked URLs
  • Correct docs usage of keystoneauth1 session
  • Update config docs to reflect non-deprecated methods
  • Add doc8 rule and check doc/source files
  • Updated from global requirements
  • Remove use of positional decorator
  • strip whitespace from token
  • Update reno for stable/pike
  • Remove notice about system time
  • Updated from global requirements
  • Updated from global requirements
  • Update comment about fetch token kwargs

4.17.0

  • Update URLs in documentation
  • Updated from global requirements
  • Enable sphinx todo extension
  • Replace six.iteritems() with .items()
  • Change locations of docs for intersphinx
  • Redundant adminURL in test_gives_v2_catalog
  • Switch from oslosphinx to openstackdocstheme
  • Updated from global requirements
  • Using assertFalse(A) instead of assertEqual(False, A)
  • Removing double spaces
  • Updated from global requirements
  • Fix html_last_updated_fmt for Python3
  • add a log when the option in conf can’t be identitied
  • Updated from global requirements
  • Updated from global requirements

4.16.0

  • Fix oslo.messaging deprecation of get_transport
  • Updated from global requirements
  • Replace pycrypto with cryptography
  • Updated from global requirements
  • Update driver config parameter from string to list
  • Updated from global requirements
  • Remove log translations
  • Added “warning-is-error” sphinx check for docs
  • Updated from global requirements
  • Imported Translations from Zanata

4.15.0

  • Remove deprecated oslo.messaging aliases parameter
  • Pass located tests directory in oslo debug
  • Remove old comment referencing fixed bug
  • Bump the token deferral message from info to debug
  • Remove unused logging import
  • Updated from global requirements
  • Fixed man_pages no value warning when making docs
  • Use https for *.openstack.org references
  • Imported Translations from Zanata
  • Updated from global requirements
  • Update reno for stable/ocata

4.14.0

  • Updated from global requirements
  • fix broken links
  • use oslo.log instead of logging
  • Removes unnecessary utf-8 coding
  • Remove references to Python 3.4
  • Switch tox unit test command to use ostestr

4.13.1

  • Add Constraints support
  • Auth token, set the correct charset

4.13.0

  • Limit deprecated token message to single warning
  • auth_token: set correct charset when replying with 401
  • Updated from global requirements

4.12.0

  • Pass ?allow_expired
  • Updated from global requirements
  • clean up a few doc building warnings
  • Add docutils contraint on 0.13.1 to fix building
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements

4.11.0

  • Drop MANIFEST.in - it’s not needed by pbr
  • Show team and repo badges on README
  • Updated from global requirements
  • Deprecate PKI token format options
  • Updated from global requirements
  • Mock log only after app creation
  • Updated from global requirements
  • Update .coveragerc after the removal of respective directory
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Add service token to user token plugin
  • Specify that unknown arguments can be passed to fetch_token
  • Enable release notes translation
  • Changed the home-page link

4.10.0

  • Return and use an app wherever possible
  • Refactor audit tests to use create_middleware
  • Use oslo_messaging conf fixture
  • Extract oslo_messaging specific audit tests
  • Use the mocking fixture in notifier tests
  • Updated from global requirements
  • Use method constant_time_compare from oslo.utils
  • Raise NotImplementedError instead of NotImplemented
  • Updated from global requirements
  • Updated from global requirements
  • Update code to use Newton as the code name
  • standardize release note page ordering
  • Update reno for stable/newton
  • Globalize authentication failure error
  • Updated from global requirements

4.9.0

  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements

4.8.0

  • Updated from global requirements
  • Updated from global requirements
  • Fix description of option `cache`

4.7.0

  • Add Python 3.5 classifier
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Use jsonutils instead of ast for loading the service catalog
  • Use AccessInfo in UserAuthPlugin instead of custom
  • Remove the _is_v2 and _is_v3 helpers
  • Remove oslo-incubator

4.6.0

  • Updated from global requirements
  • Use extras for oslo.messaging dependency
  • Refactor API tests to not run middleware
  • Refactor audit api tests into their own file
  • Refactor create_event onto the api object
  • Extract a common notifier pattern
  • Break out the API piece into its own file
  • Use createfile fixture in audit test
  • Move audit into its own folder
  • use local config options if available in audit middleware
  • Use oslo.config fixture in audit tests
  • Pop oslo_config_config before doing paste convert
  • Updated from global requirements
  • Fix typo ‘olso’ to ‘oslo’
  • Config: no need to set default=None
  • Fix an issue with oslo_config_project paste config
  • Updated from global requirements
  • Pass X_IS_ADMIN_PROJECT header from auth_token
  • Clean up middleware architecture
  • Updated from global requirements
  • Add a fixture method to add your own token data
  • Move auth token opts calculation into auth_token
  • Make audit middleware use common config object
  • Consolidate user agent calculation
  • Create a Config object
  • Updated from global requirements
  • Updated from global requirements
  • Improve documentation for auth_uri
  • PEP257: Ignore D203 because it was deprecated
  • Updated from global requirements
  • Use method split_path from oslo.utils
  • Updated from global requirements
  • Make sure audit can handle API requests which does not require a token
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Determine project name from oslo_config or local config

4.5.1

  • Fix AttributeError on cached-invalid token checks

4.5.0

  • Updated from global requirements
  • Updated from global requirements
  • Fix D105: Missing docstring in magic method (PEP257)
  • Fix D200: One-line docstring should fit on one line with quotes (PEP257)
  • Fix D202: No blank lines allowed after function docstring (PEP257)
  • Adding audit middleware specific notification driver conf
  • remove old options from documentation
  • generate sample config automatically
  • Return default value for pkg_version if missing
  • Updated from global requirements
  • Fix D204 PEP257 violation and enable D301 and D209
  • Fix D400 PEP257 violation
  • Fix D401 PEP257 violation and enable H403
  • Update config options
  • s3token config with auth URI
  • Updated from global requirements
  • Return JSON for Unauthorized message
  • Updated from global requirements
  • Fix doc build if git is absent
  • PEP257: add flake8-docstring testing
  • Only confirm token binding on one token
  • Create signing_dir upon first usage
  • Updated from global requirements
  • Updated from global requirements
  • Handle cache invalidate outside cache object
  • Update reno for stable/mitaka
  • Remove bandit.yaml in favor of defaults
  • use the same context across a request
  • Updated from global requirements
  • Update documentation for running tests
  • Updated from global requirements
  • Add back a bandit tox job

4.3.0

  • argparse expects a list not a dictionary
  • update deprecation message to indicate when deprecations were made
  • Updated from global requirements
  • Split oslo_config and list all opts
  • Updated from global requirements
  • Make pep8 *the* linting interface
  • Remove clobbering of passed oslo_config_config
  • Updated from global requirements
  • Use positional instead of keystoneclient version
  • Updated from global requirements
  • Remove Babel from requirements.txt

4.2.0

  • Updated from global requirements
  • Deprecate in-process cache
  • Revert “Disable memory caching of tokens”
  • Revert “Don’t cache signed tokens”
  • Updated from global requirements
  • Remove bandit tox environment
  • Remove unnecessary _reject_request function
  • Group common PKI validation code - Refactor
  • Group common PKI validation code - Tests
  • Remove except Exception handler
  • Fix tests to work with keystoneauth1 2.2.0
  • Bandit profile updates
  • Replace deprecated library function os.popen() with subprocess

4.1.0

  • Add project_name to the auth_token fixture
  • Revert “Stop using private keystoneclient functions”
  • create release notes for ksm 4.1.0
  • Don’t cache signed tokens
  • Disable memory caching of tokens
  • Updated from global requirements
  • Use oslo_config choices support
  • Stop using private keystoneclient functions
  • Use fixture for mock patch
  • auth_token verify revocation by audit_id
  • Updated from global requirements
  • Deprecated tox -downloadcache option removed
  • Updated from global requirements
  • Make BaseAuthProtocol public
  • Use load_from_options_getter for auth plugins
  • Configuration is outdated
  • Updated from global requirements
  • Use keystoneauth for auth_token fixture
  • Don’t list deprecated opts in sample config
  • Updated from global requirements
  • Put py34 first in the env order of tox

4.0.0

  • Add release notes for keystonemiddleware
  • Updated from global requirements
  • Adding parse of protocol v4 of AWS auth to ec2_token
  • Add a mock-fixture for keystonemiddleware auth_protocol
  • Add domain and trust details to user plugin
  • Remove py26 target from tox.ini
  • Use keystoneauth
  • Updated from global requirements
  • Address hacking check H405
  • update middlewarearchitecture.rst
  • Make “Auth Token confirmed use of %s apis” debug level
  • Define entry points for filter factories for Paste Deployment
  • Updated from global requirements
  • Updated from global requirements

3.0.0

  • Updated from global requirements
  • drop use of norm_ns

2.4.1

  • Updated from global requirements
  • Straighten up exceptions imports
  • Separate setting catalog on headers from others

2.4.0

  • Updated from global requirements
  • Updated from global requirements
  • Remove auth headers in AuthProtocol
  • Use request helpers for token_info/token_auth
  • Make __all__ immutable
  • Move response status check to the call
  • only make token invalid when it really is
  • auto-generate release history
  • Add shields.io version/downloads links/badges into README.rst
  • Updated from global requirements
  • Change ignore-errors to ignore_errors
  • Ensure auth_plugin options are in generated CONF
  • Cleanup a few auth_token comments

2.3.0

  • Updated from global requirements
  • Remove unused group parameter from tests
  • auth_token tests use clean config
  • Docstring updates
  • Use ConnectionRefused for auth_token tests

2.2.0

  • Seperate standalone cache tests
  • Import _memcache_pool normally
  • Create Environment cache pool
  • Handle memcache pool arguments collectively
  • Updated from global requirements
  • Allow specifying a region name to auth_token
  • Updated from global requirements
  • Allow to use oslo.config without global CONF
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • Move common request processing to base class
  • Fix rst
  • py34 not py33 is tested and supported
  • Refactor extract method for offline validation
  • Send the correct user-agent to Keystone
  • Move enforcement and time validation to base class
  • Separate the fetch and validate parts of auth_token
  • Fixes modules index generated by Sphinx

2.1.0

  • Add token_auth helper to request
  • Add user_token and service_token to request
  • Create a simple base class from AuthProtocol
  • Switch from deprecated oslo_utils.timeutils.strtime
  • Updated from global requirements
  • Refactor _confirm_token_bind takes AccessInfo
  • Make token bind work with a request
  • Rename _LOG to log in auth_token middleware
  • Don’t allow webob to set a default content type
  • Prevent a UnicodeDecodeError in the s3token middleware
  • Remove install_venv_common and fix typo in memorycache

2.0.0

  • Ensure cache keys are a known/fixed length
  • Updated from global requirements
  • Refactor request methods onto request object
  • validate_token returns AccessInfo
  • Updated from global requirements
  • Fixes a spelling error in a test name
  • Remove custom header handling
  • Unit tests catch deprecated function usage
  • Common base class for unit tests
  • Stop using function deprecated in py34
  • Move bandit requirement to test-requirements.txt
  • Fetch user token from request rather than env
  • Remove the _msg_format function
  • Base use webob
  • Don’t rely on token_info for header building
  • Move project included validation
  • Depend on keystoneclient for expiration checking
  • Don’t store expire into memcache
  • Removes discover from test-reqs
  • Drop py2.6 support for keystone middleware
  • Create new user plugin tests
  • Add an explicit test failure condition when auth_token is missing
  • Fixup test-requirements-py3.txt
  • Fix list_opts test to not check all deps
  • Refactor certificate fetch functions
  • tox env for Bandit
  • Cleanup token hashes generated by cache
  • Updated from global requirements
  • Improved handling of endpoints missing urls
  • Refactor: extract echo_app from enclosing class
  • Add keystone v3 API to fetch revocation list
  • Simplify request making in auth_token tests
  • Change auth_token to use keystoneclient
  • Deprecate auth_token authentication
  • Updated from global requirements

1.6.1

  • Ignore cover directory
  • Remove superfluous / spammy log line
  • Drop use of ‘oslo’ namespace package
  • Port keystonemiddleware to Python 3
  • Remove unused iso8601 dependency
  • Update README to work with release tools

1.6.0

  • Uncap library requirements for liberty
  • Remove retry parameter
  • Fix s3_token middleware parsing insecure option
  • Updated from global requirements
  • Pull echo service out of auth_token
  • Fix typos in keystonemiddleware
  • Rename requests mock object in testing
  • Update auth_token config docs
  • Crosslink to other sites that are owned by Keystone
  • Move _memcache_pool into auth_token
  • Move unit tests into tests.unit

1.5.0

  • Allow loading auth plugins via overrides
  • Updated from global requirements
  • Delay denial when service token is invalid
  • Updated from global requirements
  • Move UserAuthPlugin into its own file
  • Extract IdentityServer into file
  • Extract all TokenCache related classes to file
  • Break default auth plugin into file
  • Extract revocations to file
  • Extract SigningDirectory into file
  • Separate exceptions into their own file
  • Updated from global requirements
  • Updated from global requirements
  • Move auth_token into its own folder
  • Updated from global requirements

1.4.0

  • Refactor auth_token revocation list members to new class
  • Refactor extract class for signing directory
  • Turn our auth plugin into a token interface
  • iso expires should be returned in one place
  • move add event creation logic to keystonemiddleware
  • Updated from global requirements
  • Sync with oslo-incubator
  • Use oslo.context instead of incubator code
  • Refactor auth_uri handling
  • make audit event scoped to request session and not middleware
  • Updated from global requirements
  • Remove custom string truth handling
  • Updated from global requirements
  • incorrect reference in enabling audit middleware
  • Updated from global requirements
  • Enforce check F821 and H304
  • Switch from oslo.config to oslo_config
  • Switch from oslo.serialization to oslo_serialization
  • Switch from oslo.utils to oslo_utils
  • Add python-memcached to test-requirements
  • Correct failures for check E122
  • Correct failures for check H703
  • Updated from global requirements
  • Correct failures for check H238
  • Move to hacking 0.10
  • Updated from global requirements
  • Use a test fixture for mocking time
  • Fix environ keys missing HTTP_ prefix
  • support micro version if sent
  • Fix passing parameters to log message
  • Correct incorrect rst in docstrings
  • remove unused variable in _IdentityServer

1.3.1

  • Fix auth_token does version request for no token
  • Adds Memcached dependencies doc
  • fallback to online validation if offline validation fails

1.3.0

  • documentation for audit middleware
  • remove the unused method _will_expire_soon
  • Updated from global requirements
  • Use newer requests-mock syntax
  • Allow loading other auth methods in auth_token
  • Auth token tests create temp cert directory
  • Add a test to ensure the version check error
  • Split identity server into v2 and v3
  • Workflow documentation is now in infra-manual
  • Use real discovery object in auth_token middleware
  • Updated from global requirements
  • Make everything in audit middleware private
  • Updated from global requirements
  • Adding audit middleware to keystonemiddleware
  • Fix paste config option conversion for auth options
  • Auth token supports deprecated names for paste conf options
  • Correct tests to use strings in conf
  • Change occurrences of keystone to identity server
  • Updated from global requirements
  • Updated from global requirements
  • Updated from global requirements
  • I18n
  • Adds space after # in comments
  • Update python-keystoneclient reference
  • Use Discovery fixtures for auth token tests
  • Convert authentication into a plugin
  • Add versions to requests
  • Use an adapter in IdentityServer
  • Use connection retrying from keystoneclient
  • Updated from global requirements
  • Use correct name of oslo debugger script
  • Use new ksc features in User Token Plugin
  • Remove netaddr package requirement
  • add context to keystonemiddleware
  • Updated from global requirements
  • Improve help strings
  • Updated from global requirements
  • Changing the value type of http_connect_timeout
  • Revert “Support service user and project in non-default domain”
  • Replace httpretty with requests-mock
  • Encode middleware error message as bytes
  • Docstring cleanup
  • Remove HTTP_X_STORAGE_TOKEN doc
  • Fix reference to middleware architecture doc
  • Clean up the middleware docs
  • Update oslo-incubator and switch to oslo.{utils,serialization}
  • Refactor auth_token cache

1.2.0

  • Add an optional advanced pool of memcached clients
  • Fix auth_token for old oslo.config
  • Support service user and project in non-default domain
  • Add composite authentication support
  • Fix test failure after discovery hack
  • Updated from global requirements
  • BaseAuthTokenMiddlewareTest.setUp call super normally
  • Remove unused iso8601
  • Use oslo_debug_helper and remove our own version
  • convert the conf value into correct type
  • Always add auth URI to unauthorized requests
  • Work toward Python 3.4 support and testing
  • warn against sorting requirements
  • Always supply a username to auth_token tests setup
  • Create an Auth Plugin to pass to users
  • Updated from global requirements

1.1.1

  • Hash for PKIZ
  • auth_token cached token handling
  • Add a test for re-caching a token
  • Updated from global requirements
  • Remove intersphinx mappings
  • Use oslosphinx in keystonemiddlware for documentation
  • Updated from global requirements
  • Convert auth_token middleware to use sessions

1.1.0

  • Updated from global requirements
  • Remove mox dependency
  • move webob from test-requirements to requirements
  • remove unused dep: stevedore
  • remove unused dep: prettytable
  • Example JSON files should be human-readable
  • Updated from global requirements
  • Mark keystonemiddleware as being a universal wheel
  • Use keystoneclient fixtures in middleware tests
  • prefer identity API v3 over v2 in auth_token
  • Clean up openstack-common.conf
  • Sync with oslo-incubator 569979adf
  • Refactor auth_token, move identity server members to class

1.0.0

  • Expose an entry point to list auth_token middleware config options
  • Privatize Everything
  • Privatize Everything
  • add CONTRIBUTING.rst
  • add README
  • Update setup.cfg to remove keystoneclient ref
  • Bring over debug_helper.sh
  • Update requirement files
  • Update .gitignore files
  • Correct Doc location and update for middleware only
  • Move Docs to the right location
  • Remove .update-venv
  • Update middleware and tests for new package
  • Update requirements
  • Update MANIFEST.in
  • Remove unused testing files from keystoneclient
  • Move examples split to new location
  • Move ec2_token to new location
  • Add in original keystoneclient test-requirements.txt
  • Initial oslo-incubator sync
  • Cleanup unused testr.conf file
  • Move tests to new location
  • Moving middleware to new location
  • Initial commit
  • Fix 500 error if request body is not JSON object
  • auth_token _cache_get checks token expired
  • auth_token _cache_get checks token expired
  • Using six.u(‘’) instead of u’‘
  • Session Documentation
  • Link to docstrings in using-api-v3
  • Refactor auth_token token cache members to class
  • Refactor auth_token token cache members to class
  • Add service_name to URL discovery
  • Don’t use mock non-exist method assert_called_once
  • Remove _factory methods from auth plugins
  • Make get_oauth_params conditional for specific oauthlib versions
  • Changes exception raised by v3.trusts.update()
  • Add role assignments as concept in Client API V3 docs
  • Fix tests to use UUID strings rather than ints for IDs
  • Clean up oauth auth plugin code
  • Add endpoint handling to Token/Endpoint auth
  • Add support for extensions-list
  • auth_token middleware hashes tokens with configurable algorithm
  • auth_token middleware hashes tokens with configurable algorithm
  • Remove left over vim headers
  • Add /role_assignments endpoint support
  • Authenticate via oauth
  • Auth Plugin invalidation
  • Move DisableModuleFixture to utils
  • replace string format arguments with function parameters
  • Fixes an erroneous type check in a test
  • auth_token hashes PKI token once
  • auth_token hashes PKI token once
  • Compressed Signature and Validation
  • Compressed Signature and Validation
  • Compressed Signature and Validation
  • OAuth request/access token and consumer support for oauth client API
  • Regions Management
  • Discovery URL querying functions
  • Move auth_token tests not requiring v2/v3 to new class
  • Cached tokens aren’t expired
  • Cached tokens aren’t expired
  • Move auth_token cache pool tests out of NoMemcache
  • Fixed the size limit tests in Python 3
  • Make auth_token return a V2 Catalog
  • Make auth_token return a V2 Catalog
  • Fix client fixtures
  • fixed typos found by RETF rules
  • fixed typos found by RETF rules
  • auth_token configurable check of revocations for cached
  • auth_token configurable check of revocations for cached
  • Remove unused AdjustedBaseAuthTokenMiddlewareTest
  • auth_token test remove unused fake_app parameter
  • Fix typo in BaseAuthTokenMiddlewareTest
  • Enhance tests for auth_token middleware
  • Limited use trusts
  • Debug log when token found in revocation list
  • Ensure that cached token is not revoked
  • Fix the catalog format of a sample token
  • remove universal_newlines
  • replace double quotes with single
  • Deprecate admin_token option in auth_token
  • Create a V3 Token Generator
  • Implement endpoint filtering functionality on the client side
  • Fix typo of ANS1 to ASN1
  • Fix typo of ANS1 to ASN1
  • Add new error for invalid response
  • Rename HTTPError -> HttpError
  • Add CRUD operations for Federation Mapping Rules
  • Don’t use generic kwargs in v2 Token Generation
  • Update docs for auth_token middleware config options
  • Allow session to return an error response object
  • Add service name to catalog
  • Hash functions support different hash algorithms
  • Add CRUD operations for Identity Providers
  • eliminate race condition fetching certs
  • eliminate race condition fetching certs
  • Allow passing auth plugin as a parameter
  • Prefer () to continue line per PEP8
  • Prefer () to continue line per PEP8
  • Use `HttpNotImplemented` in `tests.v3.test_trusts`
  • Ensure JSON headers in Auth Requests
  • Create a test token generator and use it
  • Safer noqa handling
  • Rename request_uri to identity_uri
  • Tests should use identity_uri by default
  • Replace auth fragements with identity_uri
  • Replace auth fragements with identity_uri
  • Remove releases.rst from keystone docs
  • Handle URLs via the session and auth_plugins
  • Add a method for changing a user’s password in v3
  • sanity check memcached availability before running tests against it
  • Change the default version discovery URLs
  • add functional test for cache pool
  • Add a positional decorator
  • add pooling for cache references
  • add pooling for cache references
  • use v3 api to get certificates
  • use v3 api to get certificates
  • Don’t use a connection pool unless provided
  • Reference docstring for auth_token fields
  • Docs link to middlewarearchitecture
  • Uses explicit imports for _
  • Discover should support other services
  • Replace httplib.HTTPSConnection in ec2_token
  • Revert “Add request/access token and consumer…”
  • Revert “Authenticate via oauth”
  • Fix doc build errors
  • Fix doc build errors
  • Fix doc build errors
  • Generate module docs
  • Authenticate via oauth
  • Add request/access token and consumer support for keystoneclient
  • Add ‘methods’ to all v3 test tokens
  • Use AccessInfo in auth_token middleware
  • Add ‘methods’ to all v3 test tokens
  • Handle Token/Endpoint authentication
  • Split sample PKI token generation
  • Fix retry logic
  • Fix state modifying catalog tests
  • Remove reference to non-existent shell doc
  • increase default revocation_cache_time
  • Make keystoneclient not log auth tokens
  • improve configuration help text in auth_token
  • Log the command output on CertificateConfigError
  • V3 xml responses should use v3 namespace
  • Enforce scope mutual exclusion for trusts
  • Token Revocation Extension
  • Atomic write of certificate files and revocation list
  • Privatize auth construction parameters
  • Set the right permissions for signing_dir in tests
  • deprecate XML support in favor of JSON
  • Capitalize Client API title consistently
  • Remove http_handler config option in auth_token
  • Rely on OSLO.config
  • Use admin_prefix consistently
  • demonstrate auth_token behavior with a simple echo service
  • Remove redundant default value None for dict.get
  • Remove redundant default value None for dict.get
  • correct typo of config option name in error message
  • remove extra indentation
  • refer to non-deprecated config option in help
  • Create V3 Auth Plugins
  • Create V2 Auth Plugins
  • Fix role_names call from V3 AccessInfo
  • Interactive prompt for create user
  • Replace assertEqual(None, *) with assertIsNone in tests
  • Ensure domains.list filtered results are correct
  • Test query-string for list actions with filter arguments
  • Fix keystone command man page
  • Add link to the v3 client api doc
  • Fix references to auth_token in middlewarearchitecture doc
  • Use WebOb directly in ec2_token middleware
  • Don’t use private last_request variable
  • Python: Pass bytes to derive_keys()
  • Use WebOb directly for locale testing
  • Make sure to unset all variable starting with OS_
  • Python3: use six.moves.urllib.parse.quote instead of urllib.quote
  • Remove vim header
  • Remove vim header
  • Remove vim header
  • Python3: httpretty.last_request().body is now bytes
  • Python3: fix test_insecure
  • Deprecate s3_token middleware
  • Python3: webob.Response.body must be bytes
  • Python 3: call functions from memcache_crypt.py with bytes as input
  • Python 3: call functions from memcache_crypt.py with bytes as input
  • Use requests library in S3 middleware
  • Use requests library in S3 middleware
  • Python 3: make tests from v2_0/test_access.py pass
  • Python 3: make tests from v2_0/test_access.py pass
  • Create Authentication Plugins
  • Fix debug curl commands for included data
  • Add back –insecure option to CURL debug
  • Use HTTPretty in S3 test code
  • Provide a conversion function for creating session
  • Update reference to middlewarearchitecture doc
  • Update middlewarearchitecture config options docs
  • Remove support for old Swift memcache interface
  • Remove support for old Swift memcache interface
  • Replace urllib/urlparse with six.moves.*
  • Python 3: fix tests/test_utils.py
  • Python 3: Fix an str vs bytes issue in tempfile
  • Return role names by AccessInfo.role_names
  • Copy s3_token middleware from keystone
  • Copy s3_token middleware from keystone
  • build auth context from middleware
  • Fix E12x warnings found by Pep8 1.4.6
  • Fix typos in documents and comments
  • Fix typos in documents and comments
  • Consistently support kwargs across all v3 CRUD Manager ops
  • Use six to make dict work in Python 2 and Python 3
  • Python 3: set webob.Response().body to a bytes value
  • Remove test_print_{dict,list}_unicode_without_encode
  • Tests use cleanUp rather than tearDown
  • Adjust import items according to hacking import rule
  • Adjust import items according to hacking import rule
  • Adjust import items according to hacking import rule
  • Replace assertTrue with explicit assertIsInstance
  • Fix discover command failed to read extension list issue
  • Fix incorrect assertTrue usage
  • Make assertQueryStringIs usage simpler
  • auth_token tests use assertIs/Not/None
  • Make common log import consistent
  • Python 3: Use HTTPMessage.get() rather than HTTPMessage.getheader()
  • auth_token tests close temp file descriptor
  • Tests cleanup temporary files
  • Removes use of timeutils.set_time_override
  • Controllable redirect handling
  • Verify token binding in auth_token middleware
  • Verify token binding in auth_token middleware
  • Fix auth_token middleware test invalid cross-device link issue
  • Add unit tests for generic/shell.py
  • Rename using-api.rst to using-api-v2.rst
  • Documents keystone v3 API usage - part 1
  • v3 test utils, don’t modify input parameter
  • Fix error in v3 credentials create/update
  • Rename instead of writing directly to revoked file
  • Correctly handle auth_url/token authentication
  • Remove debug specific handling
  • Fix missed management_url setter in v3 client
  • Add service catalog to domain scoped token fixture
  • Change assertEquals to assertIsNone
  • Avoid meaningless comparison that leads to a TypeError
  • Python3: replace urllib by six.moves.urllib
  • Fix –debug handling in the shell
  • Rename tokenauth to authtoken in the doc
  • use six.StringIO for compatibility with io.StringIO in python3
  • Properly handle Regions in keystoneclient
  • Use testresources for example files
  • Discover supported APIs
  • Warn user about unsupported API version
  • Add workaround for OSError raised by Popen.communicate()
  • Use assertIn where appropriate
  • Extract a base Session object
  • Do not format messages before they are logged
  • keystoneclient requires an email address when creating a user
  • Fix typo in keystoneclient
  • Encode the text before print it to console
  • Opt-out of service catalog
  • Opt-out of service catalog
  • Opt-out of service catalog
  • Remove deprecated auth_token middleware
  • “publicurl” should be required on endpoint-create
  • Update the management url for every fetched token
  • Fix python3 incompatible use of urlparse
  • Convert revocation list file last modified to UTC
  • Convert revocation list file last modified to UTC
  • Migrate the keystone.common.cms to keystoneclient
  • Migrate the keystone.common.cms to keystoneclient
  • Avoid returning stale token via auth_token property
  • Remove SERVICE_TOKEN and SERVICE_ENDPOINT env vars
  • Make ROOTDIR determination more robust
  • Replace OpenStack LLC with OpenStack Foundation
  • Replace OpenStack LLC with OpenStack Foundation
  • Replace OpenStack LLC with OpenStack Foundation
  • Replace OpenStack LLC with OpenStack Foundation
  • Add AssertRequestHeaderEqual test helper and make use of it
  • python3: Make iteritems py3k compat
  • Normalize datetimes to account for tz
  • Normalize datetimes to account for tz
  • assertEquals is deprecated, use assertEqual (H602)
  • remove the nova dependency in the ec2_token middleware
  • Fix H202 assertRaises Exception
  • Fix H202 assertRaises Exception
  • Refactor for testability of an upcoming change
  • Refactor for testability of an upcoming change
  • Allow v2 client authentication with trust_id
  • Fix misused assertTrue in unit tests
  • Add auth_uri in conf to avoid unnecessary warning
  • Move tests in keystoneclient
  • Set example timestamps to 2038-01-18T21:14:07Z
  • Replace HttpConnection in auth_token with Requests
  • Replace HttpConnection in auth_token with Requests
  • Support client generate literal ipv6 auth_uri base on auth_host
  • Log user info in auth_token middleware
  • Changed header from LLC to Foundation based on trademark policies
  • python3: Use from future import unicode_literals
  • Fix and enable gating on F841
  • Use OSLO jsonutils instead of json module
  • Allow configure the number of http retries
  • Use hashed token for invalid PKI token cache key
  • Make auth_token middleware fetching respect prefix
  • Move all opens in auth_token to be in context
  • Refactor Keystone to use unified logging from Oslo
  • Refactor verify signing dir logic
  • Fixes files with wrong bitmode
  • Don’t cache tokens as invalid on network errors
  • Fix a typo in fetch_revocation_list
  • auth_uri (public ep) should not default to auth_* values (admin ep)
  • Adds help in keystone_authtoken config opts
  • python3: Add basic compatibility support
  • remove swift dependency of s3 middleware
  • flake8: fix alphabetical imports and enable H306
  • Drop webob from auth_token.py
  • no logging on cms failure
  • rm improper assert syntax
  • Fix and enable gating on H402
  • Raise key length defaults
  • Fix auth_token.py bad signing_dir log message
  • Fix and enable H401
  • Revert environment module usage in middleware
  • Fix the cache interface to use time= by default
  • Change memcache config entry name in Keystone to be consistent with Oslo
  • Change memcache config entry name in Keystone to be consistent with Oslo
  • Fix memcache encryption middleware
  • Fix memcache encryption middleware
  • Isolate eventlet code into environment
  • Provide keystone CLI man page
  • Check Expiry
  • Check Expiry
  • import only modules (flake8 H302)
  • Satisfy flake8 import rules F401 and F403
  • Default signing_dir to secure temp dir (bug 1181157)
  • Use testr instead of nose
  • Securely create signing_dir (bug 1174608)
  • adding notes about dealing with exceptions in the client
  • Fix v3 with UUID and memcache expiring
  • Fix v3 with UUID and memcache expiring
  • Allow keystoneclient to work with older keystone installs
  • Wrap config module and require manual setup (bug 1143998)
  • Config value for revocation list timeout
  • Cache tokens using memorycache from oslo
  • Cache tokens using memorycache from oslo
  • xml_body returns backtrace on XMLSyntaxError
  • Make auth_token lazy load the auth_version
  • Doc info and other readability improvements
  • Retry http_request and json_request failure
  • Use v2.0 api by default in auth_token middleware
  • Fix auth-token middleware to understand v3 tokens
  • Fix auth-token middleware to understand v3 tokens
  • Remove test dep on name of dir (bug 1124283)
  • bug 1131840: fix auth and token data for XML translation
  • Rework S3Token middleware tests
  • v3 token API
  • Use oslo-config-2013.1b3
  • Allow configure auth_token http connect timeout
  • Allow configure auth_token http connect timeout
  • Fix spelling mistakes
  • Mark password config options with secret
  • Fixes ‘not in’ operator usage
  • Fix thinko in self.middleware.cert_file_missing
  • Limit the size of HTTP requests
  • Blueprint memcache-protection: enable memcache value encryption/integrity check
  • Blueprint memcache-protection: enable memcache value encryption/integrity check
  • Warning message is not logged for valid token-less request
  • Use os.path to find ~/keystone-signing (bug 1078947)
  • Remove iso8601 dep in favor of openstack.common
  • remove unused import
  • Bug 1052674: added support for Swift cache
  • URL-encode user-supplied tokens (bug 974319)
  • Fix middleware logging for swift
  • Remove swift auth
  • Don’t try to split a list of memcache servers
  • Import auth_token middleware from keystoneclient
  • Throw validation response into the environment
  • Add auth-token code to keystoneclient, along with supporting files
  • Add auth-token code to keystoneclient, along with supporting files
  • Use the right subprocess based on os monkeypatch
  • Make initial structural changes to keystoneclient in preparation to moving auth_token here from keystone. No functional change should occur from this commit (even though it did refresh a newer copy of openstack.common.setup.py, none of the newer updates are in functions called from this client)
  • fixes bug 1074172
  • HACKING compliance: consistent use of ‘except’
  • auth_token hash pki key PKI tokens on hash in memcached when accessed by auth_token middelware
  • Move ‘opentack.context’ and ‘openstack.params’ definitions to keystone.common.wsgi
  • Replace refs to ‘Keystone API’ with ‘Identity API’
  • replacing PKI token detection from content length to content prefix. (bug 1060389)
  • updating base keystoneclient documentation
  • updating keystoneclient doc theme
  • Backslash continuation cleanup
  • Check for expected cfg impl (bug 1043479)
  • Fix PEP8 issues
  • Fix auth_token middleware to fetch revocation list as admin
  • allow middleware configuration from app config
  • Change underscores in new cert options to dashes
  • PKI Token revocation
  • Use user home dir as default for cache
  • Set default signing_dir based on os USER
  • Test for Cert by name
  • Cryptographically Signed tokens
  • Prevent service catalog injection in auth_token
  • Admin Auth URI prefix
  • Support 2-way SSL with Keystone server if it is configured to enforce 2-way SSL. See also https://review.openstack.org/#/c/7706/ for the corresponding review for the 2-way SSL addition to Keystone
  • Change CLI options to use dashes
  • Keystone should use openstack.common.jsonutils
  • Removed unused import
  • Reorder imports by full module path
  • Pass serviceCatalog in auth_token middleware
  • 400 on unrecognized content type (bug 1012282)
  • PEP8 fixes
  • Move docs to doc
  • fix importing of optional modules in auth_token
  • blueprint 2-way-ssl
  • Fixes some pep8 warning/errors
  • Update swift_auth documentation
  • Add ACL check using <tenant_id>:<user> format
  • Use X_USER_NAME and X_ROLES headers
  • Allow other middleware overriding authentication
  • Backslash continuation removal (Keystone folsom-1)
  • Added ‘NormalizingFilter’ middleware
  • Make sure we parse delay_auth_decision as boolean
  • Exit on error in a S3 way
  • Add a _ at the end of reseller_prefix default
  • additional logging to support debugging auth issue
  • Add support to swift_auth for tokenless authz
  • Improve swift_auth test coverage + Minor fixes
  • S3 tokens cleanups
  • updating docs to include creating service accts
  • Rename tokenauth to authtoken
  • Remove nova-specific middlewares
  • Remove glance_auth_token middleware
  • Update username -> name in token response
  • Refactor keystone.common.logging use (bug 948224)
  • Allow connect to another tenant
  • Improved legacy tenancy resolution (bug 951933)
  • Fix iso8601 import/use and date comparaison
  • Add simple set of tests for auth_token middleware
  • Add token caching via memcache
  • Added license header (bug 929663)
  • Make sure we have a port number before int it
  • HTTP_AUTHORIZATION was used in proxy mode
  • Add reseller admin capability
  • improve auth_token middleware
  • Unpythonic code in redux in auth_token.py
  • Handle KeyError in _get_admin_auth_token
  • Provide request to Middleware.process_response()
  • Set tenantName to ‘admin’ in get_admin_auth_token
  • XML de/serialization (bug 928058)
  • Update auth_token middleware so it sets X_USER_ID
  • Fix case of admin role in middleware
  • Remove extraneous _validate_claims() arg
  • Fix copyright dates and remove duplicate Apache licenses
  • Re-adds admin_pass/user to auth_tok middleware
  • Update docs for Swift and S3 middlewares
  • Added Apache 2.0 License information
  • Update swift token middleware
  • Add s3_token
  • Fixes role checking for admin check
  • Add tests for core middleware
  • termie all the things
  • be more safe with getting json aprams
  • fix keystoneclient tests
  • pep8 cleanup
  • doc updates
  • fix middleware
  • update some names
  • fix some imports
  • re-indent
  • check for membership
  • add more middleware
  • woops
  • add legacy middleware
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.