├── .coveragerc ├── .gitignore ├── .gitreview ├── .mailmap ├── .stestr.conf ├── .zuul.yaml ├── CONTRIBUTING.rst ├── HACKING.rst ├── LICENSE ├── README.rst ├── bindep.txt ├── doc ├── .gitignore ├── Makefile ├── requirements.txt └── source │ ├── conf.py │ ├── index.rst │ ├── using-api-v2.rst │ ├── using-api-v3.rst │ └── using-sessions.rst ├── examples └── pki │ ├── certs │ ├── cacert.pem │ ├── signing_cert.pem │ └── ssl_cert.pem │ ├── cms │ ├── auth_token_revoked.json │ ├── auth_token_revoked.pem │ ├── auth_token_revoked.pkiz │ ├── auth_token_scoped.json │ ├── auth_token_scoped.pem │ ├── auth_token_scoped.pkiz │ ├── auth_token_scoped_expired.json │ ├── auth_token_scoped_expired.pem │ ├── auth_token_scoped_expired.pkiz │ ├── auth_token_unscoped.json │ ├── auth_token_unscoped.pem │ ├── auth_token_unscoped.pkiz │ ├── auth_v3_token_revoked.json │ ├── auth_v3_token_revoked.pem │ ├── auth_v3_token_revoked.pkiz │ ├── auth_v3_token_scoped.json │ ├── auth_v3_token_scoped.pem │ ├── auth_v3_token_scoped.pkiz │ ├── revocation_list.der │ ├── revocation_list.json │ ├── revocation_list.pem │ └── revocation_list.pkiz │ ├── gen_cmsz.py │ ├── gen_pki.sh │ ├── private │ ├── cakey.pem │ ├── signing_key.pem │ └── ssl_key.pem │ └── run_all.sh ├── keystoneclient ├── __init__.py ├── _discover.py ├── access.py ├── adapter.py ├── auth │ ├── __init__.py │ ├── base.py │ ├── cli.py │ ├── conf.py │ ├── identity │ │ ├── __init__.py │ │ ├── access.py │ │ ├── base.py │ │ ├── generic │ │ │ ├── __init__.py │ │ │ ├── base.py │ │ │ ├── cli.py │ │ │ ├── password.py │ │ │ └── token.py │ │ ├── v2.py │ │ └── v3 │ │ │ ├── __init__.py │ │ │ ├── base.py │ │ │ ├── federated.py │ │ │ ├── password.py │ │ │ └── token.py │ └── token_endpoint.py ├── base.py ├── baseclient.py ├── client.py ├── common │ ├── __init__.py │ └── cms.py ├── contrib │ ├── __init__.py │ ├── auth │ │ ├── __init__.py │ │ └── v3 │ │ │ ├── __init__.py │ │ │ ├── oidc.py │ │ │ └── saml2.py │ └── ec2 │ │ ├── __init__.py │ │ └── utils.py ├── discover.py ├── exceptions.py ├── fixture │ ├── __init__.py │ ├── discovery.py │ ├── exception.py │ ├── v2.py │ └── v3.py ├── generic │ ├── __init__.py │ └── client.py ├── httpclient.py ├── i18n.py ├── service_catalog.py ├── session.py ├── tests │ ├── __init__.py │ ├── functional │ │ ├── __init__.py │ │ ├── base.py │ │ ├── test_base.py │ │ └── v3 │ │ │ ├── __init__.py │ │ │ ├── client_fixtures.py │ │ │ ├── test_credentials.py │ │ │ ├── test_domain_configs.py │ │ │ ├── test_domains.py │ │ │ ├── test_ec2.py │ │ │ ├── test_endpoint_filters.py │ │ │ ├── test_endpoint_groups.py │ │ │ ├── test_endpoints.py │ │ │ ├── test_federation.py │ │ │ ├── test_groups.py │ │ │ ├── test_implied_roles.py │ │ │ ├── test_policies.py │ │ │ ├── test_projects.py │ │ │ ├── test_regions.py │ │ │ ├── test_roles.py │ │ │ ├── test_services.py │ │ │ └── test_users.py │ └── unit │ │ ├── __init__.py │ │ ├── apiclient │ │ ├── __init__.py │ │ └── test_exceptions.py │ │ ├── auth │ │ ├── __init__.py │ │ ├── test_access.py │ │ ├── test_auth.py │ │ ├── test_cli.py │ │ ├── test_conf.py │ │ ├── test_default_cli.py │ │ ├── test_identity_common.py │ │ ├── test_identity_v2.py │ │ ├── test_identity_v3.py │ │ ├── test_identity_v3_federated.py │ │ ├── test_loading.py │ │ ├── test_password.py │ │ ├── test_token.py │ │ ├── test_token_endpoint.py │ │ └── utils.py │ │ ├── client_fixtures.py │ │ ├── generic │ │ ├── __init__.py │ │ └── test_client.py │ │ ├── test_base.py │ │ ├── test_cms.py │ │ ├── test_discovery.py │ │ ├── test_ec2utils.py │ │ ├── test_fixtures.py │ │ ├── test_http.py │ │ ├── test_https.py │ │ ├── test_keyring.py │ │ ├── test_session.py │ │ ├── test_utils.py │ │ ├── utils.py │ │ ├── v2_0 │ │ ├── __init__.py │ │ ├── client_fixtures.py │ │ ├── test_access.py │ │ ├── test_auth.py │ │ ├── test_certificates.py │ │ ├── test_client.py │ │ ├── test_discovery.py │ │ ├── test_ec2.py │ │ ├── test_endpoints.py │ │ ├── test_extensions.py │ │ ├── test_roles.py │ │ ├── test_service_catalog.py │ │ ├── test_services.py │ │ ├── test_tenants.py │ │ ├── test_tokens.py │ │ ├── test_users.py │ │ └── utils.py │ │ └── v3 │ │ ├── __init__.py │ │ ├── client_fixtures.py │ │ ├── examples │ │ └── xml │ │ │ ├── ADFS_RequestSecurityTokenResponse.xml │ │ │ └── ADFS_fault.xml │ │ ├── saml2_fixtures.py │ │ ├── test_access.py │ │ ├── test_access_rules.py │ │ ├── test_application_credentials.py │ │ ├── test_auth.py │ │ ├── test_auth_manager.py │ │ ├── test_auth_oidc.py │ │ ├── test_auth_saml2.py │ │ ├── test_client.py │ │ ├── test_credentials.py │ │ ├── test_discover.py │ │ ├── test_domain_configs.py │ │ ├── test_domains.py │ │ ├── test_ec2.py │ │ ├── test_endpoint_filter.py │ │ ├── test_endpoint_groups.py │ │ ├── test_endpoint_policy.py │ │ ├── test_endpoints.py │ │ ├── test_federation.py │ │ ├── test_groups.py │ │ ├── test_limits.py │ │ ├── test_oauth1.py │ │ ├── test_policies.py │ │ ├── test_projects.py │ │ ├── test_regions.py │ │ ├── test_registered_limits.py │ │ ├── test_role_assignments.py │ │ ├── test_roles.py │ │ ├── test_service_catalog.py │ │ ├── test_services.py │ │ ├── test_simple_cert.py │ │ ├── test_tokens.py │ │ ├── test_trusts.py │ │ ├── test_users.py │ │ └── utils.py ├── utils.py ├── v2_0 │ ├── __init__.py │ ├── certificates.py │ ├── client.py │ ├── ec2.py │ ├── endpoints.py │ ├── extensions.py │ ├── roles.py │ ├── services.py │ ├── tenants.py │ ├── tokens.py │ └── users.py └── v3 │ ├── __init__.py │ ├── access_rules.py │ ├── application_credentials.py │ ├── auth.py │ ├── client.py │ ├── contrib │ ├── __init__.py │ ├── endpoint_filter.py │ ├── endpoint_policy.py │ ├── federation │ │ ├── __init__.py │ │ ├── base.py │ │ ├── core.py │ │ ├── domains.py │ │ ├── identity_providers.py │ │ ├── mappings.py │ │ ├── projects.py │ │ ├── protocols.py │ │ ├── saml.py │ │ └── service_providers.py │ ├── oauth1 │ │ ├── __init__.py │ │ ├── access_tokens.py │ │ ├── auth.py │ │ ├── consumers.py │ │ ├── core.py │ │ ├── request_tokens.py │ │ └── utils.py │ ├── simple_cert.py │ └── trusts.py │ ├── credentials.py │ ├── domain_configs.py │ ├── domains.py │ ├── ec2.py │ ├── endpoint_groups.py │ ├── endpoints.py │ ├── groups.py │ ├── limits.py │ ├── policies.py │ ├── projects.py │ ├── regions.py │ ├── registered_limits.py │ ├── role_assignments.py │ ├── roles.py │ ├── services.py │ ├── system.py │ ├── tokens.py │ └── users.py ├── playbooks ├── run-ds-tox.yaml └── tox-post.yaml ├── releasenotes ├── notes │ ├── .placeholder │ ├── Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml │ ├── add-support-for-limits-6f883d6d3054a500.yaml │ ├── add-support-for-registered-limits-d83b888ea65a614b.yaml │ ├── bp-application-credentials-27728ded876d7d5a.yaml │ ├── bp-domain-config-9566e672a98f4e7f.yaml │ ├── bp-pci-dss-query-password-expired-users-b0c4b1bbdcf33f16.yaml │ ├── bp-whitelist-extension-for-app-creds-d03526e52e3edcce.yaml │ ├── bug-1615076-26962c85aeaf288c.yaml │ ├── bug-1616105-cc8b85eb056e99e2.yaml │ ├── bug-1641674-4862454115265e76.yaml │ ├── bug-1654847-d2e9df994c7b617f.yaml │ ├── deprecated_auth-d2a2bf537bdb88d3.yaml │ ├── drop-py-2-7-5ac18e82de83fcfa.yaml │ ├── drop-python-3-6-and-3-7-ef1e107897dde8f4.yaml │ ├── implied_roles-ea39d3c3d998d482.yaml │ ├── ksc_2.1.0-739ded9c4c3f8aaa.yaml │ ├── list_projects_filtered_by_the_parent_project-a873974f197c1e37.yaml │ ├── list_role_assignment_names-7e1b7eb8c2d22d7c.yaml │ ├── project-tags-1f8a32d389951e7a.yaml │ ├── remove-credentials-data-46ab3c3c248047cf.yaml │ ├── remove-middleware-eef8c40117b465aa.yaml │ ├── remove-py38-2e39854190447827.yaml │ ├── remove_apiclient_exceptions-0cd5c8d16aa09a22.yaml │ ├── remove_apiclient_exceptions-6580003a885db286.yaml │ ├── remove_cli-d2c4435ba6a09b79.yaml │ ├── removed-generic-client-ff505b2b01bc9302.yaml │ ├── return-request-id-to-caller-97fa269ad626f8c1.yaml │ └── switch-default-interface-v3-dcd7167196ace531.yaml └── source │ ├── 2023.1.rst │ ├── 2023.2.rst │ ├── 2024.1.rst │ ├── 2024.2.rst │ ├── 2025.1.rst │ ├── _static │ └── .placeholder │ ├── _templates │ └── .placeholder │ ├── conf.py │ ├── index.rst │ ├── locale │ └── fr │ │ └── LC_MESSAGES │ │ └── releasenotes.po │ ├── mitaka.rst │ ├── newton.rst │ ├── ocata.rst │ ├── pike.rst │ ├── queens.rst │ ├── rocky.rst │ ├── stein.rst │ ├── train.rst │ ├── unreleased.rst │ ├── ussuri.rst │ ├── victoria.rst │ ├── wallaby.rst │ ├── xena.rst │ ├── yoga.rst │ └── zed.rst ├── requirements.txt ├── setup.cfg ├── setup.py ├── test-requirements.txt └── tox.ini /.coveragerc: -------------------------------------------------------------------------------- 1 | [run] 2 | branch = True 3 | source = keystoneclient 4 | omit = keystoneclient/tests/* 5 | 6 | [report] 7 | ignore_errors = True 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .coverage 2 | .stestr/ 3 | subunit.log 4 | .venv 5 | *,cover 6 | cover 7 | *.pyc 8 | .idea 9 | *.sw? 10 | *.egg 11 | *~ 12 | .tox 13 | AUTHORS 14 | ChangeLog 15 | build 16 | dist 17 | python_keystoneclient.egg-info 18 | keystoneclient/versioninfo 19 | doc/source/api 20 | # Development environment files 21 | .project 22 | .pydevproject 23 | # Temporary files created during test, but not removed 24 | examples/pki/certs/tmp* 25 | # Files created by releasenotes build 26 | releasenotes/build 27 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/python-keystoneclient.git 5 | -------------------------------------------------------------------------------- /.mailmap: -------------------------------------------------------------------------------- 1 | # Format is: 2 | # 3 | # 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /.stestr.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | test_path=${OS_TEST_PATH:-./keystoneclient/tests/unit} 3 | top_dir=./ 4 | 5 | -------------------------------------------------------------------------------- /.zuul.yaml: -------------------------------------------------------------------------------- 1 | - job: 2 | name: keystoneclient-devstack-functional 3 | parent: devstack-minimal 4 | timeout: 4200 5 | required-projects: 6 | - openstack/keystone 7 | - openstack/python-keystoneclient 8 | run: playbooks/run-ds-tox.yaml 9 | post-run: playbooks/tox-post.yaml 10 | vars: 11 | devstack_localrc: 12 | USE_PYTHON3: true 13 | devstack_services: 14 | key: true 15 | tox_envlist: functional 16 | zuul_work_dir: src/opendev.org/openstack/python-keystoneclient 17 | 18 | - project: 19 | templates: 20 | - openstack-cover-jobs 21 | - openstack-python3-jobs 22 | - publish-openstack-docs-pti 23 | - check-requirements 24 | - lib-forward-testing-python3 25 | - release-notes-jobs-python3 26 | check: 27 | jobs: 28 | - keystoneclient-devstack-functional 29 | gate: 30 | jobs: 31 | - keystoneclient-devstack-functional 32 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | If you would like to contribute to the development of OpenStack, 2 | you must follow the steps documented at: 3 | 4 | https://docs.openstack.org/infra/manual/developers.html 5 | 6 | If you already have a good understanding of how the system works 7 | and your OpenStack accounts are set up, you can skip to the 8 | development workflow section of this documentation to learn how 9 | changes to OpenStack should be submitted for review via the 10 | Gerrit tool: 11 | 12 | https://docs.openstack.org/infra/manual/developers.html#development-workflow 13 | 14 | Pull requests submitted through GitHub will be ignored. 15 | 16 | Bugs should be filed on Launchpad, not GitHub: 17 | 18 | https://bugs.launchpad.net/python-keystoneclient 19 | -------------------------------------------------------------------------------- /HACKING.rst: -------------------------------------------------------------------------------- 1 | Keystone Style Commandments 2 | =========================== 3 | 4 | - Step 1: Read the OpenStack Style Commandments 5 | https://docs.openstack.org/hacking/latest/ 6 | - Step 2: Read on 7 | 8 | Exceptions 9 | ---------- 10 | 11 | When dealing with exceptions from underlying libraries, translate those 12 | exceptions to an instance or subclass of ClientException. 13 | 14 | ======= 15 | Testing 16 | ======= 17 | 18 | python-keystoneclient uses testtools and testr for its unittest suite 19 | and its test runner. Basic workflow around our use of tox and testr can 20 | be found at https://wiki.openstack.org/testr. If you'd like to learn more 21 | in depth: 22 | 23 | https://testtools.readthedocs.org/ 24 | https://testrepository.readthedocs.org/ 25 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | Team and repository tags 3 | ======================== 4 | 5 | .. image:: https://governance.openstack.org/tc/badges/python-keystoneclient.svg 6 | :target: https://governance.openstack.org/tc/reference/tags/index.html 7 | 8 | .. Change things from this point on 9 | 10 | Python bindings to the OpenStack Identity API (Keystone) 11 | ======================================================== 12 | 13 | .. image:: https://img.shields.io/pypi/v/python-keystoneclient.svg 14 | :target: https://pypi.org/project/python-keystoneclient/ 15 | :alt: Latest Version 16 | 17 | This is a client for the OpenStack Identity API, implemented by the Keystone 18 | team; it contains a Python API (the ``keystoneclient`` module) for 19 | OpenStack's Identity Service. For command line interface support, use 20 | `OpenStackClient`_. 21 | 22 | * `PyPi`_ - package installation 23 | * `Online Documentation`_ 24 | * `Launchpad project`_ - release management 25 | * `Blueprints`_ - feature specifications 26 | * `Bugs`_ - issue tracking 27 | * `Source`_ 28 | * `Specs`_ 29 | * `How to Contribute`_ 30 | * `Release Notes`_ 31 | 32 | .. _PyPi: https://pypi.org/project/python-keystoneclient 33 | .. _Online Documentation: https://docs.openstack.org/python-keystoneclient/latest/ 34 | .. _Launchpad project: https://launchpad.net/python-keystoneclient 35 | .. _Blueprints: https://blueprints.launchpad.net/python-keystoneclient 36 | .. _Bugs: https://bugs.launchpad.net/python-keystoneclient 37 | .. _Source: https://opendev.org/openstack/python-keystoneclient 38 | .. _OpenStackClient: https://pypi.org/project/python-openstackclient 39 | .. _How to Contribute: https://docs.openstack.org/infra/manual/developers.html 40 | .. _Specs: https://specs.openstack.org/openstack/keystone-specs/ 41 | .. _Release Notes: https://docs.openstack.org/releasenotes/python-keystoneclient 42 | 43 | .. contents:: Contents: 44 | :local: 45 | 46 | Python API 47 | ---------- 48 | 49 | By way of a quick-start:: 50 | 51 | >>> from keystoneauth1.identity import v3 52 | >>> from keystoneauth1 import session 53 | >>> from keystoneclient.v3 import client 54 | >>> auth = v3.Password(auth_url="http://example.com:5000/v3", username="admin", 55 | ... password="password", project_name="admin", 56 | ... user_domain_id="default", project_domain_id="default") 57 | >>> sess = session.Session(auth=auth) 58 | >>> keystone = client.Client(session=sess) 59 | >>> keystone.projects.list() 60 | [...] 61 | >>> project = keystone.projects.create(name="test", description="My new Project!", domain="default", enabled=True) 62 | >>> project.delete() 63 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | # This is a cross-platform list tracking distribution packages needed by tests; 2 | # see https://docs.openstack.org/infra/bindep/ for additional information. 3 | 4 | gettext 5 | libssl-dev [platform:dpkg] 6 | openssl-devel [platform:rpm] 7 | 8 | dbus-devel [platform:rpm] 9 | dbus-glib-devel [platform:rpm] 10 | libdbus-1-dev [platform:dpkg] 11 | libdbus-glib-1-dev [platform:dpkg] 12 | libffi-dev [platform:dpkg] 13 | libffi-devel [platform:rpm] 14 | libsasl2-dev [platform:dpkg] 15 | libxml2-dev [platform:dpkg] 16 | libxslt1-dev [platform:dpkg] 17 | python3-all-dev [platform:dpkg] 18 | 19 | cyrus-sasl-devel [platform:rpm] 20 | libxml2-devel [platform:rpm] 21 | python3-devel [platform:rpm] 22 | -------------------------------------------------------------------------------- /doc/.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | -------------------------------------------------------------------------------- /doc/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | SPHINXSOURCE = source 8 | PAPER = 9 | BUILDDIR = build 10 | 11 | # Internal variables. 12 | PAPEROPT_a4 = -D latex_paper_size=a4 13 | PAPEROPT_letter = -D latex_paper_size=letter 14 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) $(SPHINXSOURCE) 15 | 16 | .PHONY: help clean html dirhtml pickle json htmlhelp qthelp latex changes linkcheck doctest 17 | 18 | help: 19 | @echo "Please use \`make ' where is one of" 20 | @echo " html to make standalone HTML files" 21 | @echo " dirhtml to make HTML files named index.html in directories" 22 | @echo " pickle to make pickle files" 23 | @echo " json to make JSON files" 24 | @echo " htmlhelp to make HTML files and a HTML help project" 25 | @echo " qthelp to make HTML files and a qthelp project" 26 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 27 | @echo " changes to make an overview of all changed/added/deprecated items" 28 | @echo " linkcheck to check all external links for integrity" 29 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 30 | 31 | clean: 32 | -rm -rf $(BUILDDIR)/* 33 | 34 | html: 35 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 36 | @echo 37 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 38 | 39 | dirhtml: 40 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 41 | @echo 42 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 43 | 44 | pickle: 45 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 46 | @echo 47 | @echo "Build finished; now you can process the pickle files." 48 | 49 | json: 50 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 51 | @echo 52 | @echo "Build finished; now you can process the JSON files." 53 | 54 | htmlhelp: 55 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 56 | @echo 57 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 58 | ".hhp project file in $(BUILDDIR)/htmlhelp." 59 | 60 | qthelp: 61 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 62 | @echo 63 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 64 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 65 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/python-keystoneclient.qhcp" 66 | @echo "To view the help file:" 67 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/python-keystoneclient.qhc" 68 | 69 | latex: 70 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 71 | @echo 72 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 73 | @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \ 74 | "run these through (pdf)latex." 75 | 76 | changes: 77 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 78 | @echo 79 | @echo "The overview file is in $(BUILDDIR)/changes." 80 | 81 | linkcheck: 82 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 83 | @echo 84 | @echo "Link check complete; look for any errors in the above output " \ 85 | "or in $(BUILDDIR)/linkcheck/output.txt." 86 | 87 | doctest: 88 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 89 | @echo "Testing of doctests in the sources finished, look at the " \ 90 | "results in $(BUILDDIR)/doctest/output.txt." 91 | -------------------------------------------------------------------------------- /doc/requirements.txt: -------------------------------------------------------------------------------- 1 | # These are needed for docs generation 2 | openstackdocstheme>=2.2.1 # Apache-2.0 3 | sphinx>=2.0.0 # BSD 4 | sphinxcontrib-apidoc>=0.2.0 # BSD 5 | reno>=3.1.0 # Apache-2.0 6 | lxml>=3.4.1 # BSD 7 | fixtures>=3.0.0 # Apache-2.0/BSD 8 | -------------------------------------------------------------------------------- /doc/source/index.rst: -------------------------------------------------------------------------------- 1 | ======================================================== 2 | Python bindings to the OpenStack Identity API (Keystone) 3 | ======================================================== 4 | 5 | This is a client for OpenStack Identity API. There's a Python API for 6 | :doc:`Identity API v3 ` and :doc:`v2 ` (the 7 | :mod:`keystoneclient` modules). 8 | 9 | Contents: 10 | 11 | .. toctree:: 12 | :maxdepth: 1 13 | 14 | using-api-v3 15 | using-sessions 16 | using-api-v2 17 | api/modules 18 | 19 | Related Identity Projects 20 | ========================= 21 | 22 | In addition to creating the Python client library, the Keystone team also 23 | provides `Identity Service`_, as well as `WSGI Middleware`_. 24 | 25 | .. _`Identity Service`: https://docs.openstack.org/keystone/latest/ 26 | .. _`WSGI Middleware`: https://docs.openstack.org/keystonemiddleware/latest/ 27 | 28 | Release Notes 29 | ============= 30 | 31 | 32 | Read also the `Keystoneclient Release Notes 33 | `_. 34 | 35 | 36 | Contributing 37 | ============ 38 | 39 | Code is hosted `on OpenDev`_. Submit bugs to the Keystone project on 40 | `Launchpad`_. Submit code to the ``openstack/python-keystoneclient`` project 41 | using `Gerrit`_. 42 | 43 | .. _on OpenDev: https://opendev.org/openstack/python-keystoneclient 44 | .. _Launchpad: https://launchpad.net/python-keystoneclient 45 | .. _Gerrit: https://docs.openstack.org/infra/manual/developers.html#development-workflow 46 | 47 | Run tests with ``tox``. 48 | 49 | Indices and tables 50 | ================== 51 | 52 | * :ref:`genindex` 53 | * :ref:`modindex` 54 | * :ref:`search` 55 | 56 | -------------------------------------------------------------------------------- /examples/pki/certs/cacert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID4TCCAsmgAwIBAgIUD+MH2KCtZgLgFWNghxF+xZQZx98wDQYJKoZIhvcNAQEL 3 | BQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAG 4 | A1UEBwwJU3Vubnl2YWxlMRIwEAYDVQQKDAlPcGVuU3RhY2sxETAPBgNVBAsMCEtl 5 | eXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQw 6 | EgYDVQQDDAtTZWxmIFNpZ25lZDAgFw0yMjAzMDcxNTM1MThaGA8yMDgwMDgyOTE1 7 | MzUxOFowgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTES 8 | MBAGA1UEBwwJU3Vubnl2YWxlMRIwEAYDVQQKDAlPcGVuU3RhY2sxETAPBgNVBAsM 9 | CEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3Jn 10 | MRQwEgYDVQQDDAtTZWxmIFNpZ25lZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC 11 | AQoCggEBAL/+AsUcqyF2b/3gaHGtUZx+mReX2QMv+gXmW2KUj1CTmSTxGXCaeoJ5 12 | N7PA6BeBD/HJVqTgCo/oNuHmOgtYrgRngyWpABItt9ONRmTCr2AvA23AZIjfUdwR 13 | ZceRHf67H6N1NOttr8IFkuQFhTAKuRHJGcXNqNMJrNv2v5ha3GNeAhxZd965ok9B 14 | GSd+hvibjZ2mDBZ8kiJ9BGf53TDie/zg+q5CkgqLArgR30pGCe+ZLXPLrhekpyet 15 | BR3guKTV2PMCeIh7Yg/uTJMe22qZ87M6Q1DosSKC/1l+/1ArBve6msc8JEElnc32 16 | HJ7NuTTJreZKEvPmUI2oTcdvokWXtRsCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB 17 | /zANBgkqhkiG9w0BAQsFAAOCAQEAmdWRPzpI5pAoVn9GX1KNgiN/e9oCpnHYIofV 18 | fX7i70OBYOwBoyQhFqniHtGH4uqYIxGJdbDtHzsSYCSV1mGqHhK+kStLy4MULUUV 19 | cNM5yDYDPEtjgJy7G90z/ksX5WuXQgktx9N8emdI6yH8C1b6sHMtHcfnb6O0waMH 20 | HQ9QpZFQapwuIjeWU0zRDFZkdEAkx6wfVuoMhHOjy1WRAuIOL2ELa6h0GL2d+bmw 21 | x4Xpyi4X7pgixz3l/9Kfc6VdVrEy4H2bhldUeZ0WjzvMdYaw953+C/5YAfFYanCH 22 | en9BebSKQMv8QI0OrNyTefMXuxWvcKSOWjQVfRk1ckz6aIrfSw== 23 | -----END CERTIFICATE----- 24 | -------------------------------------------------------------------------------- /examples/pki/certs/signing_cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDpTCCAo0CAREwDQYJKoZIhvcNAQELBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV 3 | BAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2YWxlMRIwEAYDVQQK 4 | DAlPcGVuU3RhY2sxETAPBgNVBAsMCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr 5 | ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDDAtTZWxmIFNpZ25lZDAgFw0y 6 | MjAzMDcxNTM1MThaGA8yMDgwMDgyOTE1MzUxOFowgY8xCzAJBgNVBAYTAlVTMQsw 7 | CQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2YWxlMRIwEAYDVQQKDAlPcGVuU3Rh 8 | Y2sxETAPBgNVBAsMCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv 9 | cGVuc3RhY2sub3JnMREwDwYDVQQDDAhLZXlzdG9uZTCCASIwDQYJKoZIhvcNAQEB 10 | BQADggEPADCCAQoCggEBAJ7Gc/CGy82PWOmlGD+C8d6Kw3Q1ZodOz9EduhXecfLN 11 | +zHXd9Qd35f5hHf4c8j0yAxI8qfeabjnOefEkoHC4W+DTTsUwq1x7FvAPHbTncSH 12 | zePqBE8wKp4pfFuZAhMxP55nTJC/N8t1M1lUqYTANgTCAystyOJuLuMc03UBqO8b 13 | OGzCJsAdcsBPpdYkfycrWv5ZosdaHf3OmakPtWymjSPQ8/lM4x5Fm5GaoYUqb9mo 14 | busMp0te7MMkzWYilSqZBWHx7dsGR7HoN4zMqalttC0inJGc0wnusNrkeb3ieuXw 15 | U6T3V3pE3yTTuHy6HcZZd/8m3O/L9F1odzDnUH10PjkCAwEAATANBgkqhkiG9w0B 16 | AQsFAAOCAQEAiSaPtpERflBUDYtRrAPVEyM3K9DJyZ8pv1vQxCU/h4ZNttVWsRdC 17 | gqdZg8nYSLj81ZwU1OATQhjXjGn9/mYAIzbm+HH1TMJDWqmnkSblAHGPZmswKmga 18 | /Cns8PsgsLcMV9BA38lyBhVtgBn4QgsG9EUvscZvVUnxevgqg3a/tlfpPf7fvbmC 19 | Efcq3liI/l+wxv4O3ET3V6rBZsmTUMNrIIhqFcicynUy3NIIRO3mL92se9X81Jpj 20 | YxHtMt+RakM0P7yRYL2hjgQW2srssGlMt9U/OIEZQKJVBH85qYuoBAcXC7Y6xRy1 21 | LvQc4IKf3X4hmqZC7jhBIQAAbaDZTn8peg== 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /examples/pki/certs/ssl_cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDpjCCAo4CARAwDQYJKoZIhvcNAQELBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV 3 | BAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2YWxlMRIwEAYDVQQK 4 | DAlPcGVuU3RhY2sxETAPBgNVBAsMCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr 5 | ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDDAtTZWxmIFNpZ25lZDAgFw0y 6 | MjAzMDcxNTM1MThaGA8yMDgwMDgyOTE1MzUxOFowgZAxCzAJBgNVBAYTAlVTMQsw 7 | CQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2YWxlMRIwEAYDVQQKDAlPcGVuU3Rh 8 | Y2sxETAPBgNVBAsMCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv 9 | cGVuc3RhY2sub3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB 10 | AQUAA4IBDwAwggEKAoIBAQD1i9+ydZSypNAkkVXdzIqZ8E62cqH7i0JGVGBuGdH8 11 | ZVF3MDcbi8VwqfNRWoWn9mrJUp5HYDV9t5WXz25Ej4EnqlJ3WLZvC1e+ldDIInmi 12 | ULic3iIAgrWbumU3XNLHska/smoVJuLIuFUxEfRpwGOpguOzAO1M6BKCSwr+TBLY 13 | JZxc3F7v1vtwNhisyE5S2H6Q49K0UXHTPjp+fLZAHQ5+Yxqwf0KAJqAD3vMo8Ewx 14 | XlgJu8pQyjjxwtrwnN2WHYoJGt/OOdkLBbzdupWH9CGcxeVc5hSJ1hEKuYS8AOZI 15 | eH6q2MKwT+QiepBsVfuy1JFt4raLht/RcX/WR8lIAzoFAgMBAAEwDQYJKoZIhvcN 16 | AQELBQADggEBAArxwP6I5XXIl3Dhkkt6gegRNc1vYWPEIDkKqggnvntZAOZwavVQ 17 | kiydT09io82SjD3qv/PQFH+N1KkTCIgYreHQpCQaWMvkpCD2iEcu9R75p4rnZMR2 18 | NwIlj4BHvXIo9ET5dkhUUxzUGK7eIymNEoMWMF6OGlQhK1FV3Tvjum0sqLOyKOgr 19 | NFxDv7qFzoKfqjY3lfb9yqO7xC1t3CZSOsBLIaUQ9SBoRJ11UNYGq9ZXHNF3cCbC 20 | PyE1TgVjNEvWBBRY0ofGoPmdqrTe2oZ6rAFKf0aWJ1qIq+umePp9R8ZwWLonbxQ4 21 | 0nqaUI5AOAdsRpUJHGvW0mmMALYjHT+tF8U= 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /examples/pki/cms/auth_token_revoked.json: -------------------------------------------------------------------------------- 1 | { 2 | "access": { 3 | "token": { 4 | "expires": "2038-01-18T21:14:07Z", 5 | "issued_at": "2002-01-18T21:14:07Z", 6 | "id": "placeholder", 7 | "tenant": { 8 | "id": "tenant_id1", 9 | "enabled": true, 10 | "description": null, 11 | "name": "tenant_name1" 12 | } 13 | }, 14 | "serviceCatalog": [ 15 | { 16 | "endpoints_links": [], 17 | "endpoints": [ 18 | { 19 | "adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", 20 | "region": "regionOne", 21 | "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", 22 | "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a" 23 | } 24 | ], 25 | "type": "volume", 26 | "name": "volume" 27 | }, 28 | { 29 | "endpoints_links": [], 30 | "endpoints": [ 31 | { 32 | "adminURL": "http://127.0.0.1:9292/v1", 33 | "region": "regionOne", 34 | "internalURL": "http://127.0.0.1:9292/v1", 35 | "publicURL": "http://127.0.0.1:9292/v1" 36 | } 37 | ], 38 | "type": "image", 39 | "name": "glance" 40 | }, 41 | { 42 | "endpoints_links": [], 43 | "endpoints": [ 44 | { 45 | "adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", 46 | "region": "regionOne", 47 | "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", 48 | "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a" 49 | } 50 | ], 51 | "type": "compute", 52 | "name": "nova" 53 | }, 54 | { 55 | "endpoints_links": [], 56 | "endpoints": [ 57 | { 58 | "adminURL": "http://127.0.0.1:35357/v2.0", 59 | "region": "RegionOne", 60 | "internalURL": "http://127.0.0.1:35357/v2.0", 61 | "publicURL": "http://127.0.0.1:5000/v2.0" 62 | } 63 | ], 64 | "type": "identity", 65 | "name": "keystone" 66 | } 67 | ], 68 | "user": { 69 | "username": "revoked_username1", 70 | "roles_links": [ 71 | "role1", 72 | "role2" 73 | ], 74 | "id": "revoked_user_id1", 75 | "roles": [ 76 | { 77 | "id": "f03fda8f8a3249b2a70fb1f176a7b631", 78 | "name": "role1" 79 | }, 80 | { 81 | "id": "f03fda8f8a3249b2a70fb1f176a7b631", 82 | "name": "role2" 83 | } 84 | ], 85 | "name": "revoked_username1" 86 | } 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /examples/pki/cms/auth_token_revoked.pkiz: -------------------------------------------------------------------------------- 1 | PKIZ_eJylVkt3ozgT3etXzD6nTwBjJ17MQjyMRSzZYAxIOwMJIB524gePX_8Jk0xn0n2me77xxlCC4ureW1X69k38NNNC5A8db4ebbwAjhHaQ2k8HhrJrTKAT6wcRczxd1w1Jh47Z6h5caunuzUixbnFd10rJ0rev1hZFE2A45hLuRbBQzTRlT8-dnVGFlPEE5-tce0C1e90r_gXxQyrWjvGEyCxwX2joiHWYA8xhg3OpwVupXS-cDnuHlhiHhsiHfKXDnIVZsw_tMu7QDOmowwZWVx5sV56p-gZqwZqb0prDSZCjE9LtI9OHB-0mshacBdk1stwyHtckFkyzqHZGZJV_oYF9Aiy4BaS49svhi_tghJZYwwNTKVTKAm9vCcS9XA5bEdsqo2pxSRbzCxiC7w8ULCQ8rsomscprlAsk1lSOrHb-sm3ES4KXmh2p4hs0dLPImtdDMhBMTrmAVsTW_BjVbj8EhxgN3PM-mPq7orkh2i9dKTYO11VvdqRTmxWHF8GXCkgfK6sJbVc9lShnFVZYThUs497pSbBTqUcbVpFqbZQ55WLFSzKUD4jskinlFdyg6nbHguQYKdNNVO3ykYupxMJh3-0_ogADjP8fhSYDWrVHKvtbb5TvkCzdZp0_XrGHJrd96mq75umE9PSacPNKuJuTivassjntdz0gBpaZl2WEaxVVqLoO7Jxw2hLFzF98aVBHSOY2kVJekiV5iazysh9dGoVCHSA0ncbWbtS-mp-SQesBXiVME3yJ1yLh8u-qgX8p2xTzohv4-lACDFL8FyXAzzNr8u-RW3Rg7aGB3d8i7DNf-0DOmLLLwQBVFMaZbW9fqkUVXqhYGPwv6v9TwjHR0C-YJR-jckQH_ll7Z0B3wdtHhVhIYVw4oCKceFjCvV-uLVMB2GKc8XRKK6QQbk7oWJnvhKo3uHHl1_tgfvGU6bvEApHldwL5Cfi-jW81XmVSsoSzVffYYh4PKIR05mxtiCamzxW8VX9qdfArr_9KDfBv9vvjdu05uMkj-htbatfBOLE8P4n_t1sTXZyTQaVkWTbvKvFIkZskdP-yO_jwe1TNlSHjSh8b5l8Jx0QitiiioLx85Qx8JQ2LEiVeLLaDROxHRXZfFAGfJfmVIj9J3oBE9PZ9QH5VhTI2YCNqpRP3f7M9-D3fizlQu8dkWeRfrP8GWFj2iTW_MEHg-KLfsxC9z8Xh-vNAsUvRXN6G2ZiEYk68q_DRHMQY8_tQaY9RdR7nQ2d3kdJ-DJ7xOreTzxMMCJ8rkXIu2WIux4rffRpltxe-y1gWI8G0EVYuqJdVwly9mM7OlHI7I71oqnxRYS9WqJeIxorbr70xFr2ReeZHqd8G8VDOFTZIxSxTZTzLcI-kdYA66sWiPlDLhGVJJWwrmviPQ9YWk8nadaiWky_sdixkw8GiCCfficSC6JdQatN0-SRONlqbIg1AT9eOhq7V3HzCMLWgvDM1F2vEM1cYFuN9hnXfx63eQ1tLia_B1IMF0bCLGmBCaviOszSb0kuC6eU5ZGJ071qTQ2d8-ODpu3kjZoGXiEPHvjddDB9vifUWI7BV_Gk8ca-ilbe2B7mWFq9ZkVvzRtJ0xwwW1bl8Dokk2n3pWLdE_S1RN73GVdyChQG345ewp8ukjCya7pSyjiq_gOnwtdjStqc1bNAew--nM3E406Czg0ATZMAFn0pmu102GdE2eWhrLybzSqvOEc8n8LJlq0g9L06bbtIfD1acv21OyvLk6kb3Bp4QtCYpT6PzDLZP8n5Wwf1dc7w7blCXcsuzZEWPC3y_UFf1RZVbQ1XWj538TKM7PF89WkDG98-hu9laucfd3RVqao5fpSe-Wbjqw7qfxcfkGDMyu3cbVWXO9m55ThBaeQQnC1p6BKiBVOuHh24fsocHLV3fvzqlVlPJC-zjYfase-fr9IyuxdWfNefEhnpyj9y7N_rcsOeFaGOgxmdovBYUBqbjPhQPrSvL-LHbrifzqzQld_3GOLGNUt_Npe40zarJpFyJOb905oi60SsEslMv7oOYuA9v_Cl5aJhHZhMEX7B9-BPcjtMmMb4frf8Hm6bNOA== -------------------------------------------------------------------------------- /examples/pki/cms/auth_token_scoped.json: -------------------------------------------------------------------------------- 1 | { 2 | "access": { 3 | "token": { 4 | "expires": "2038-01-18T21:14:07Z", 5 | "issued_at": "2002-01-18T21:14:07Z", 6 | "id": "placeholder", 7 | "tenant": { 8 | "id": "tenant_id1", 9 | "enabled": true, 10 | "description": null, 11 | "name": "tenant_name1" 12 | } 13 | }, 14 | "serviceCatalog": [ 15 | { 16 | "endpoints_links": [], 17 | "endpoints": [ 18 | { 19 | "adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", 20 | "region": "regionOne", 21 | "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", 22 | "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a" 23 | } 24 | ], 25 | "type": "volume", 26 | "name": "volume" 27 | }, 28 | { 29 | "endpoints_links": [], 30 | "endpoints": [ 31 | { 32 | "adminURL": "http://127.0.0.1:9292/v1", 33 | "region": "regionOne", 34 | "internalURL": "http://127.0.0.1:9292/v1", 35 | "publicURL": "http://127.0.0.1:9292/v1" 36 | } 37 | ], 38 | "type": "image", 39 | "name": "glance" 40 | }, 41 | { 42 | "endpoints_links": [], 43 | "endpoints": [ 44 | { 45 | "adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", 46 | "region": "regionOne", 47 | "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", 48 | "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a" 49 | } 50 | ], 51 | "type": "compute", 52 | "name": "nova" 53 | }, 54 | { 55 | "endpoints_links": [], 56 | "endpoints": [ 57 | { 58 | "adminURL": "http://127.0.0.1:35357/v2.0", 59 | "region": "RegionOne", 60 | "internalURL": "http://127.0.0.1:35357/v2.0", 61 | "publicURL": "http://127.0.0.1:5000/v2.0" 62 | } 63 | ], 64 | "type": "identity", 65 | "name": "keystone" 66 | } 67 | ], 68 | "user": { 69 | "username": "user_name1", 70 | "roles_links": [ 71 | "role1", 72 | "role2" 73 | ], 74 | "id": "user_id1", 75 | "roles": [ 76 | { 77 | "id": "f03fda8f8a3249b2a70fb1f176a7b631", 78 | "name": "role1" 79 | }, 80 | { 81 | "id": "f03fda8f8a3249b2a70fb1f176a7b631", 82 | "name": "role2" 83 | } 84 | ], 85 | "name": "user_name1" 86 | } 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /examples/pki/cms/auth_token_scoped.pkiz: -------------------------------------------------------------------------------- 1 | PKIZ_eJylVkmTmzgUvutXzN2VCotxm0MObMbQSG52ixtLG5DBdrttC_j1I3An6XRSk8wMVS6jJ_H0vfe97dMn9qiGaaG_NOiPi08AWpa1KbH9eEys6pYjxc21I5M9Dhp7ck1xjU4LlLVahme9hJpJNE3d56bmv5i-lYlAd421kjIhKY2yxNxzb1dYQE0uwnpTqw_WwbulQnS1yLFke6dcRHwSezu8ddm-UgNIFAprjkKf6zYrt4fBsUP6kSL-WDuaUifbiqZbu8l7a2FpVg91OHcCpXMCYx7pVgc2xOA2RBHj2nq1NPuUaONBm2bmiiRxdctMr8nve1wSS1V2cO_I2uiKY_sVJPEk4PJD1Iw3pvEdWmGOByRuKzR76E8K2JpvRlOYWU3Wrq7FSr6CUfh2YJ9sEcnbhhZmc8tqhsSU-Mzs5J1P2UfML4fkhIVIx1uvykz5MCoDsfhaM2jMr_IpO3jDKBxlOPYuaSxF4Z5OiNK1x-X68eYMRo_6OXWIcmX-mgM05IIj4s4ZMIdJ0kIhqbEAeTi4A4rDOQ4wTVrUbvSmxoTtBEVl1SMiu0mE5gYmqJrdJ3FxygTpKWvD-u4LiUu2o93dP6IAI4z_jkLlAW67E-YjP7jTdyzWHt3UyxsMLHGyU5t3G1KKaMC3ghg3RLwatXhIWpvgIRwA0iGfBFWFiNpiAc83sV0jgjskGPUu4kZ2GGUezYTmWqzRLjOba3qP0mzL2AGMUyk3wzv3rfxajFyP8FoWNPEH-YEpXP_IGviXtEmQ7PvRX1-ZACMV_4cJ8GvNKv9nzt33YBNYo3f_yGHv_ZXGfJUIYQ1GqCwxLok_3XRgWXjFbGOMf5b_7xTeFY31IjH5U9bc0YF_5t4d0V2hvxSQaQkJYRHQIoICyMEhajamIQBoJiQhpYRbS0DEEPE9M98cOp_g5m10SGP5GgjSG8UMkRn1DPkriCIbTjneVlyxVhZOv-wgyUcUjDpjsdFZEdNkAfrzX4Y6-F2s_44N8G_s_dlcWwYTPay-JWv1NgZOzsuv7P88FdHVpRhZKtYNfWOJZAJPi633LdzB13jPWlkYNTravWB-U3hXxGSrfRY3148-Ax-dBlmKoiBn5lhM9jMj4QdGwHtKfsfIL5RTULDansbod1nIQ12hLFd6tv4h7MGfxT3rAwfvVKz39YfQP4Nk2wyFKV8T5sD7h9GQbK23vji-v28o03o3KQiMSRnIWbVhDeUHBKxQsJYWfi0a43tvNdz71sfnQtSPXQu8daU-E7rmO2XN_u5MTFnY7nFQtSyQBkhcCRO7QgOrn2TVwiAXAA4KVkRh97EOTsgYzLe0_npzC3XUJqYxT0hVwcHiwCa2ehzkLBesLmHhiVoWoqxg_9xQ30w58MV7R4Lv9ky3d-yAvAtMTcmPtCzXplIaKrTMPfs9Q_dINQXrkeuuDGrw0H2lQHMngWlQOwoHw4HK3lT40NBUqLmc0RlEcdUSRaqSB1qE-KyVpIIFHTPPh6pigulwBe1AVJusQRyO0Rl6BtXppNgxaOV8ozowGqjBb_MRG49soHg4ZjOQlIveLWsjJRsVHe6KnFbuk8EIoWpNqJQOOqEQvSa1GqRxcWXDicYUGFSlePVI57pSHanuvp_YDFV1FTZ8GcrR8fnhBZ6Ka4w_z1waumEnBQICw9PlSQwpmuOXQEtDY1bOTjj9LPl8uh4cdbkwrm2OWkvkdNecc8q88Qq03ivo7FKXPokgTtSDB88PHJnrPsGz2usVbDw-n8O63D4f3dNgPKk7a_biR4EmIrWSU4srF7vhtnDD54cdmMmZX1mv-7amy94ZxKBOLw9pcsj4gX19SR_oSrDzM5JO9SyfyVJcbZ6e02A2S-OLTC4FkJf-jddP9bBYPl1m5Voqs3WnWhDXnVq-SMre4j9_3qsCryp28xwfnzDPZaQ4s5GkWyzkGNyiy9Z9sG_4Obsttd3jUhXFonIWc_9Y53m3ibLSDg2P1fIjuZ1Z3WnDTVPBLjy2p8H98gVME7OB9O_T89-mTsWe -------------------------------------------------------------------------------- /examples/pki/cms/auth_token_scoped_expired.json: -------------------------------------------------------------------------------- 1 | { 2 | "access": { 3 | "token": { 4 | "expires": "2010-06-02T14:47:34Z", 5 | "issued_at": "2002-01-18T21:14:07Z", 6 | "id": "placeholder", 7 | "tenant": { 8 | "id": "tenant_id1", 9 | "enabled": true, 10 | "description": null, 11 | "name": "tenant_name1" 12 | } 13 | }, 14 | "serviceCatalog": [ 15 | { 16 | "endpoints_links": [], 17 | "endpoints": [ 18 | { 19 | "adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", 20 | "region": "regionOne", 21 | "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", 22 | "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a" 23 | } 24 | ], 25 | "type": "volume", 26 | "name": "volume" 27 | }, 28 | { 29 | "endpoints_links": [], 30 | "endpoints": [ 31 | { 32 | "adminURL": "http://127.0.0.1:9292/v1", 33 | "region": "regionOne", 34 | "internalURL": "http://127.0.0.1:9292/v1", 35 | "publicURL": "http://127.0.0.1:9292/v1" 36 | } 37 | ], 38 | "type": "image", 39 | "name": "glance" 40 | }, 41 | { 42 | "endpoints_links": [], 43 | "endpoints": [ 44 | { 45 | "adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", 46 | "region": "regionOne", 47 | "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", 48 | "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a" 49 | } 50 | ], 51 | "type": "compute", 52 | "name": "nova" 53 | }, 54 | { 55 | "endpoints_links": [], 56 | "endpoints": [ 57 | { 58 | "adminURL": "http://127.0.0.1:35357/v2.0", 59 | "region": "RegionOne", 60 | "internalURL": "http://127.0.0.1:35357/v2.0", 61 | "publicURL": "http://127.0.0.1:5000/v2.0" 62 | } 63 | ], 64 | "type": "identity", 65 | "name": "keystone" 66 | } 67 | ], 68 | "user": { 69 | "username": "user_name1", 70 | "roles_links": [ 71 | "role1", 72 | "role2" 73 | ], 74 | "id": "user_id1", 75 | "roles": [ 76 | { 77 | "id": "f03fda8f8a3249b2a70fb1f176a7b631", 78 | "name": "role1" 79 | }, 80 | { 81 | "id": "f03fda8f8a3249b2a70fb1f176a7b631", 82 | "name": "role2" 83 | } 84 | ], 85 | "name": "user_name1" 86 | } 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /examples/pki/cms/auth_token_scoped_expired.pkiz: -------------------------------------------------------------------------------- 1 | PKIZ_eJylVtuSmzgQfddX7PtUKiDsGfOQBy4yhrHEcLd4MzAGZLA99pjb16_Ak2QySW2yu66iDC3RnO5zulufPvGfigyT_KVhb3z4BLBpmnZOrcdjbBZNShQn1Y7c9jho_JdqioM6zVdWah6c9RxrBtM0dZ8amvdieGYiAd1BK2XLjSxHeU6F594qKCRVKuHSLtUH8-A2WxheTXbM-doplYgYR-6Obhy-rpQAM6XFpdBiT-jspdNj_9gR_dgS8ViuNaWMN0W73VhV2pv3pmb2WEft2lcgv_pQRwKwmSPZDAtRaV5MzTrF2rjRahNjyeKoaBLDrdLbmhBH8yI5ODdkdXilkXUBcTQZhPQQVuMXt9ENWmaMG-bCBlZ77E0O-LNYjaHwsKqkXl6zpXwFo_Ftwz7eEJbWVZsZVZOUHIkxFxOjk3dey1_ieTnEJwpDnW7cIjHkw-gMRNKl5NB4XuVTcnCH0TjaaOS-bqN5GOzbCdF25QqpfmzWA-pJP2vXTLnyfM0AGVK4lmi3HqhAWVxjGJcUYhEPzkCiYEZ92sY1qW29KinjK35WmOWIyKpiWDVggqpZfRxlpwTOn5I6KG-5mAvxZoy7-0cUYITx31GoIqB1d6Ji6Pk3-o7Zym3tctFg35SmOLVZZ7NcIgNtMoYawtyS1HSIa4vRIRgA0bEY-0VBmFpTSGd2ZJWE0Y5AVO5CYWSHU-a2Cayu2YrsEqO6bm8qTTacHcA5nadGcOO-li_ZyPUIr-aiiT7YD9zh6kfWwL-kbY7Zvh_z9ZUJMFLxf5gAv_asin-W3H0PbN8cs_tHCXufr20kFjEMSjBC5YXxGnvTlw68Cq-UL4z65_X_zuHN0dgvYkM8JdUNHfhn7p0R3RV7C0gME8aMK6AmjPhYwENY2QaCABsxi1k-p7UJCUMSvVXmW0JnE9y0Dg_bSL76cP5GMUdkhD1HfgFhaOGpxutCyFbK_bpfdJilIwpOHbq3dd7ENBlib_ZLqYPfaf13bIB_E-_P4VoymOjh_S1eqc0onFSUL_z_PDXR5Ws2spStqvaNJZZAsc027je5g696T2oZjh7X2q1hfnN4c8Rty30SVdePOQMfk4Z5iRI_5eGY3PYzI8EHRsB7Sn7HyC-ctyDjvX0bkd9VoYh1peW10vPnH2QP_kz3fA4c3FO22pcfpH8G8aYaMkO-xjyBtxfDId6Yb3NxvH8_UKbn3eTAR5MzkPJuwwfKDwh4o-AjLfjaNMb73qyE96NPTGHYj1MLvE2lPoFd9Z2yan9LJm25bPfUL2oupAEzZ06ZVZCB90-2rLGfQkD9jDdR3H3sgxMyDvOtrL9-ucY6qWMDzWJWFHgw-XSOzJ76Ka8Fs4u5PEnNJcob9s8D9S2Ug5i9TyT4Hs_09Y5vkHe-oSnpsc3zlaHkSMWmsefXM3aOraZQPXScJWqRiJ1LCzRnMhiotcJgQGus7A1FDJCmYs0RUIeY4qg5CVUl9bWQiEk9n2dcdDw8D6uKAabNBbZ8Sa2Sigg0ImfsolZvJ8dr1Bbrb1T7qMIa_nY-4scjCygujfgZaJ5KbpPUoZKMjg43R-ta7uMBBVg1J1RKh9cBDC9xqfrbKLvyw4nGHaBWbenysZ3pSnFsdef9iQ2pqqPwwxdShifbKSSRDulneAkzL_1s95acEXAHC8PNXUdeP_Qrz9qeXvW6znWfvOrq4irIun8XtKKPVnfijJEHMs9DT9RWUmE9KjynDFjbJfPxS7Mx0iWWFs9RWj46L3Z3V587XM1PWwNCXoTJ2UNDv1d9vvuz9tLXV_kxDWYYgqHYd8_N6XzoH2b-xWpw0y_gJtAsxErjRb5G4RbKz_YBO2VeLXPDpyxSbVs8N2ZTBVgCiztMAyErXrdbb7N_Me8fcjVnq9dBsKTF4alod0-SuyzE3LNe81ZdFU6TCv48WWXN-hB7O_B8DmemaSyebLh7CO6kaJFerYooCIa2zek7UjVGq6ck30Okq4_3s0OV2WpyLwkwwsqXL2A6MSOifz89_w1E1sSW -------------------------------------------------------------------------------- /examples/pki/cms/auth_token_unscoped.json: -------------------------------------------------------------------------------- 1 | { 2 | "access": { 3 | "token": { 4 | "expires": "2112-08-17T15:35:34Z", 5 | "issued_at": "2002-01-18T21:14:07Z", 6 | "id": "01e032c996ef4406b144335915a41e79" 7 | }, 8 | "serviceCatalog": {}, 9 | "user": { 10 | "username": "user_name1", 11 | "roles_links": [], 12 | "id": "c9c89e3be3ee453fbf00c7966f6d3fbd", 13 | "roles": [ 14 | { 15 | "id": "359da42d31c04437a32812aeb79e9c0b", 16 | "name": "role1" 17 | }, 18 | { 19 | "id": "581af19726fa4af5bda745789ab2bf2b", 20 | "name": "role2" 21 | } 22 | ], 23 | "name": "user_name1" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /examples/pki/cms/auth_token_unscoped.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIIE/gYJKoZIhvcNAQcCoIIE7zCCBOsCAQExDTALBglghkgBZQMEAgEwggMDBgkq 3 | hkiG9w0BBwGgggL0BIIC8HsNCiAgICAiYWNjZXNzIjogew0KICAgICAgICAidG9r 4 | ZW4iOiB7DQogICAgICAgICAgICAiZXhwaXJlcyI6ICIyMTEyLTA4LTE3VDE1OjM1 5 | OjM0WiIsDQogICAgICAgICAgICAiaXNzdWVkX2F0IjogIjIwMDItMDEtMThUMjE6 6 | MTQ6MDdaIiwNCiAgICAgICAgICAgICJpZCI6ICIwMWUwMzJjOTk2ZWY0NDA2YjE0 7 | NDMzNTkxNWE0MWU3OSINCiAgICAgICAgfSwNCiAgICAgICAgInNlcnZpY2VDYXRh 8 | bG9nIjoge30sDQogICAgICAgICJ1c2VyIjogew0KICAgICAgICAgICAgInVzZXJu 9 | YW1lIjogInVzZXJfbmFtZTEiLA0KICAgICAgICAgICAgInJvbGVzX2xpbmtzIjog 10 | W10sDQogICAgICAgICAgICAiaWQiOiAiYzljODllM2JlM2VlNDUzZmJmMDBjNzk2 11 | NmY2ZDNmYmQiLA0KICAgICAgICAgICAgInJvbGVzIjogWw0KICAgICAgICAgICAg 12 | ICAgIHsNCiAgICAgICAgICAgICAgICAgICAgImlkIjogIjM1OWRhNDJkMzFjMDQ0 13 | MzdhMzI4MTJhZWI3OWU5YzBiIiwNCiAgICAgICAgICAgICAgICAgICAgIm5hbWUi 14 | OiAicm9sZTEiDQogICAgICAgICAgICAgICAgfSwNCiAgICAgICAgICAgICAgICB7 15 | DQogICAgICAgICAgICAgICAgICAgICJpZCI6ICI1ODFhZjE5NzI2ZmE0YWY1YmRh 16 | NzQ1Nzg5YWIyYmYyYiIsDQogICAgICAgICAgICAgICAgICAgICJuYW1lIjogInJv 17 | bGUyIg0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIF0sDQogICAgICAg 18 | ICAgICAibmFtZSI6ICJ1c2VyX25hbWUxIg0KICAgICAgICB9DQogICAgfQ0KfQ0K 19 | MYIBzjCCAcoCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYD 20 | VQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2YWxlMRIwEAYDVQQKDAlPcGVuU3RhY2sx 21 | ETAPBgNVBAsMCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVu 22 | c3RhY2sub3JnMRQwEgYDVQQDDAtTZWxmIFNpZ25lZAIBETALBglghkgBZQMEAgEw 23 | DQYJKoZIhvcNAQEBBQAEggEAYIiuAmAxllZ5FdGlJWu0bxAsxwFb114lZAq2/mju 24 | v2Hu9505N4TbkJJI++ojNwv1extCAL0H7jmM2nbPovPa0R6RVDRgh1R03E+uLNld 25 | rBXyiTeZh2OrbmoXdHAXdJRnBkLIfjDXISY5qN/yJhsr3g6djekGnkWzZfwtwjyb 26 | qBbVVB9oK9p5svd85jiOcGlcBxuBhWeqwZiYTzyDtJ2SuwtvBaIDQICyS9VtGI+F 27 | NzqtdUHw/vxsQqOq6tR4Qf32wtZnUS+komQWX3uJXwYpSZHomuGPbs0XolGXYm8D 28 | fM/7R9AH6CUlmBmq/WVQdEMMv9VADaP9yHuGvM8w3f6ZvA== 29 | -----END CMS----- 30 | -------------------------------------------------------------------------------- /examples/pki/cms/auth_token_unscoped.pkiz: -------------------------------------------------------------------------------- 1 | PKIZ_eJxdVNmWqjoQfecr7nuvs5pBW30MIWKiCSKT5A1QZqQdEOTrb7DPHVmLIVWVqr03Vfn1S1w6MjH7A1JnWvySKMZGa4dk23KcPxMG7AS2wlaVEILZDAIbDdAFGz3zbkZGoTnZo5kJnavp4FiTDBttQCSMfImyzIzPL5KHKqsTjRZWoS_w5fCMVL_DZZsJ33eiMYUHhzQ82sIPComWoKeF3FNHHqy1_aJuOzCj7ZnSFjsICn7M--hI6uSFvzDEwo9eOxfMdi7SfAMpklVSRdxyUOA7huSbw3dgTwOvpyMpLbdSeRDKzABqWCLxpiNzq4EFSBYxmmQ5ZDVVSlT_dWrqknssP5nre6wmbwqp02f44o_8iH9Tmr5JFwZKPdGSfhvSuFk_uIvesJNmdedHlsZm3UU_WsTHKVFTV9Mm3NB5OGZz7rJCEo-au7ZCVV5woUc4JnNW8oY19sgbUuFiQkCesemP0-ZAuxdR8CMgHb25xE3BRQTTgPbMsEemopGW2UCbdR2WiahSl9TEb2RvlM6kEXnF6lBTQV_aQcHrL2ilN6PBuqFupVGBInQPOS_9QhTRmOFpllHnYUkEUlK8kTXzXIoD7w3nzdvFRerL09_4W6T_a5QelRUNsf6aGioJoSQ6rc8iu8_4bIAlwHrGfB14LnC9AY6A_KxDF9S-S-17D-3Q8G0bo54YtoscierABIqH9IEST_O7-FKrYSD4HXCPwDt4i_p6n5h-52kH0aX3Ablg_5P47koQPerzkcmxOheieD3u_z0Xlb7O-Y0f6_Fkrjru6c8pUfKTqIs1cpHowe5R9q5koP7h8mBo8Jp9c5GQC0boP4MEmJ5V17wqzFUv64L-WgLAEROnxy40lpf0Fg28fjkQr5bP1g0-Qt-trp_4RXab1bDZlQvFPkffLGmr62wLSLTYS9b2MhKrIzeowvOwgP35VOcfVbq7nLEefJzqb1nfpgf1dh0sdWM-QmW3WJwrvzBhh9bFl0R2kU3U3eqYwodf6ddV2OfzzAwWt0fqJI62dwS7fUn0wd2q22tM5LzxcyqjjMNZt46kpJtbY5PjW218jXuv1s3ncAZhvFAeymKFu2I8xOuxSZf-vH76-_IKeLy0WKvq7Hgbv6A0dJ-seV45vZufmqwrsZ68hlxvo2ZBFrkV55blvzbp_nOZmZes3LycHQkPVlzKz9N2OXxJS00ui6s_aPNNIDjeWsvY-vuP9mOuIel96iFm_HMC_gm2VKmF -------------------------------------------------------------------------------- /examples/pki/cms/auth_v3_token_revoked.pkiz: -------------------------------------------------------------------------------- 1 | PKIZ_eJydWEt3ozgT3etXfPucPgPCpOPFLHgZ47FEwDws7QxODELYTvzA8OunsJ3uPDrT6a9z-uSE4FLdqntvlfLtG_wzHdej_7PIrP_hGyKeR4qGTf7ZcK845tQIcmsDzx5sy7LHgWUEzsmKjLG5ip_tFbFcYVnWNnCt2ZM78zIN2YEzNhbwcBM7q9WT-dBOlAzvZVZ6t954V2ZpoizcYZW38PNoV-buqMu15TGvg3I-a1bIW0-OmZt0ntisUm1XLtKg9Euj5MLoeB0WvssGLCIttWVJakcjLi9Jyk604wXFHkakc8qpZZRZPdrzGZxiTdoMnySZTYZTy_zu1bLqg3s1awjmFYuK2nedjohAZ2JSINqZNROjmkQ5ZtGypIKcvLKBD-hFlsbnbPJ6uOORVz4myg4OkA9jc5vXSTfHIwWdowuvId1qT2xnT6IiJsK5JVFwS-zl4hxsbUJWW8m0Ht6rrNahRJD6YTkabrl9gcLd4Z6l8tC_AAXdcusMq8qwWixS_RFq9CZDdC7Y9UNzfH548taXVCF4CQU-n7YcT1Q-6z8YyhzTdjE3lUU6PJwhZOtkl1lvcS_d5MBSXXkXVLB5WGTucP3SNcRTvcrd4TZbh69aqSt8PqlZSuWlA6Mq62Gd65G02QXWZjkOG4BwdySRp02FcSDW4OSLlUY7dlwK50hFWNKaAR_g5C7uqE1UHhUFFdA5zAZ-OikRFUAKfCkgtGbd47pUeCI5lsesGh6AH33614J6HROJpFGssJrWiESOwoWn-DaVQJATq2ONRYZKbF69ItMBatLyeiSuZOshyxxqhgBPH13N6-ZcvMU4VHJ7c5x2TkvbQXOGFm0GtMvxVGOnaccUJngNrCwZJipQOehoGgPfWcMhJR84zwT8KloWl6JdoZQXmvN0uc2wfp_V8Rk2ehEPjcKC1UHLXaJQAV_upKAuiEdUJxoFei8qntKiJ9wj8KEnWQ8D5TUvGL5yfpwAcaT4Vbs-6xb6ars-6xb6j3aB9h2Np6B71zsxUSkkqrAPwSkGiDbAgQ5CG6Xk0K7eXUBdeu5eqQwSXqaqvAjnqj4Ra6BQAR0QELz1o0BDBCIRDF9dIf2UQh8czDpavPeEHwF7TYDVvUgA_b8aeCkq-lnVClLyeg38Ca11RITXVxf4XamkqxRqQyA71llNFD_lFbVzBdyq5eWvaY1e8_qLtNaBXG1P6x4a-h1Vf9q819CIdawOawpaoG5Sg0MXqPd4kgJVUw_TblJCb99Q9XdMRZ9T9WtFRe_NgnZJDdQtaF_IKFBAxp0P06inNY8g7c7DPJIFu5IPvWbfIlULjt9iJ1EiiBgVLI0xE54GCh1w11FJHTdgPBj5bqwTu4AXyPsRt87c0aHHf60J2HzYZBjaOCb9gMn6OqH3hWJpuF-kg3Ow5XyyuzCyUJZj43ba3p2IyPsaQUudW9_ONUStISazwQer-qpTod_2Pw1LbsuaRib0n2nU5iBjULDtnMC9OgSTGR6Agbif9_8qMphUzQdo6DNsX4WG_tSFX6D5aQwLB1EQrckA3KWD_oL7SsEE0blI4Luh-FFR-v1i8R_URn_mwkFP7QOZ3WHwSTA2gADzTdCIgOaTfrRhWKIEFyvwAxCXcDR2ofoVyuC68lx0EWFdoremOaq4MEtqhxWkDj4ZVgAL2mhK4gYQHDwTUwm233prdXmeTMuxbK7UFbDGNMt5-M6JJzW1DQVWvtK3-ykVQsYrHey-ZJ3TwJbmgUiM1k8T8d6Js3qI2Y8JnRz42Dz2nLgsnfuzvaF3Y7vgrrqFFn7F2jqonYpoC4RpPxYqflWoN5BqR6GRceqnEklhMjERShKFvecNSL9c1Lzm9qrnufoyRD7Oi4szg_R36Gsc6Ckca-DE3Xu29p44-4yuBAcwM2LYi70-MxiowYBgT_XdUNI0KVgUDxB1YZwL44-c-HWm6G2qIBDbALqSj04sfz3eAII3YDhQ-tFGO0MnLsgXO6pvBy2LvLZ3YNBA44PQuPVxDYAdKZSQ9nY5rt7gZ11ypjO3Y9BE0AJUYGO_NzFQLwH7B1bWtEI8it-78TOfy27p9qm-nJh0fO5dV_3wmKWj7cuV6MeW9nNjl7BgnjGChanXvl8_JIfnZ5cF9HIoernm8Dk_LnBSzbX-tMn1xddT68M757sDuq7xxTKFOvQXj-vQ8OT29kFu2lRueZ4Eg0jb1knCcV5vR7MkDC_0pjaC6WcHmCrJeHtPZipL0p0aq6HO1vn5Wge0hWteIvloWCwv87OFVrdT0MM0cgYosT3ov6P4wtBS2EIeI9cy8k2zWo1dY-WYxHMr-P9Agk1jGcxOgmDkNDAbg11jBcxG8MB1mkkSd86UGJVrqLFjmcQKFOfkCCMwVzQxjTyyEqpmta4vQUCgxBkxjfO7yCrIJNJMmUmqgNqeSeg0dnM-aeo0xfRHSyNHEov8uPLCjXdihCxFUFU916BNdWJkfaD1JdC0Hra8c2JieueTjBOZxjjZ8dKMFunywFO4V8NhyGzY6J9mYBvFprGD15dwxzQDA-7TjtGOxMIPR9FjE37XlON2OLSOB7sjD972Dj3vk-d2KBcPs-i21Uf3T1YNbT7l2DUf13g_cx-GOztaP5Uj9n3HlcmoCOybMtQmpSKD5BQhO1wbnuf8VQxq81BFdydp7pVVfCrNm25YBtSST48zfdt8V7ARb2Ot3DaMTjl_rr2tk_ylofomW_jOatpsRxv_xr9ZVVYs75RsIBUdVHqzte-8gzmYPVZW87zOHruTtDb5Kdb8h0X2qHkomd3WT8Pd6GCnj3KCT-U8NZXn440q0yM7TXLn4K6G08aLk0qtd_e3M3pj4XEi56UbYWMNV1823R3Nm6ySHdnj1nkw_MhV8NPqefKPqdLh-AFnnXW_N-82BSmq2VgeqvvWHAyCv_9G5z-CONT--QeRfwEmaLr4 -------------------------------------------------------------------------------- /examples/pki/cms/auth_v3_token_scoped.pkiz: -------------------------------------------------------------------------------- 1 | PKIZ_eJylWEl34rwS3etXvH2fPu0BElh6wthBcmw8IO2wnWDLNiRh8PDrXwlId4bu70u_lyxycKBUt-reWyW-f4cf3bId8h8DL8WL7wg7Ds5b6t7tmFOcMqL5mbGDZ2vTMEzbNzTf6oxQm-ub6MXcYMPmhmHsfNtYPttLJ1WR6VtzbQ0Pt5G12Tx1D70rpcqhTkvnxpnvyzSJpbU9rbIeXs_2ZWbPhkzNT1njl6tlu0HO1j2ldjw4fLdJ1H25TvzSK7WScW1gTVB4Nh3REPfErEvcWCq2WYkT2pGBFURxFIQHq1wYWpk2swNbwimG26dKV-OlO10Y-q3T1JUI7jS0xQqraFg0nm0NmPtjyt0CkUFvKJ81OMwUGuYl4bhzyhY-MC7SJDpnkzXTPQud8jGW9nBA_TDXn7ImHlbKTELn6Nxp8bA5YNM64LCIMLducOjfYDNfn4NtdcjqqaaqgCeyCk5pMnsSdUKiUD9x29MDTerjSqkrvHTEaUeayPUFwvVD9fT87AJRKxFLxgVtupoZoupBnyeR-ODT-bXhSuL_6TZ4hEM-Qcvt-IhoMpZWyvnh9Q1BnSmkX690aZ1Mj-L0dBvv0_kZP6eroEjt6fa1ayKDKrOnT3DKm1aOJbZyG5qQa_qzKgVol3rEfXrJbpfPgxZ55eSEQ0ddcO2IjVHn8Y1KBnrKuXUiPChJQ4EPcPIQDcTEMguLgnDonEJHXuKWiHAghXLhArRm-5o2EKxmSn1Kq-mRXQp6rYszUB7XJIwk2pAG4dCSGHckzyQ1EKSjTaTSUJOxyao3ZDpCwXrWzPiVbAJynUFBEeAR0eWsac-VXc8DKTN3p8Vg9aQftWdo4W5EhkxZqLRbDFSinDXAypIqWAYq-wNJIuA7bRmk5AHnKYd_hXlxKdoVSnmhOUvyp1QZ36dNdIaNXklEwgD44PfMxhLh8Gu7BbFBPLzqSOiPhahYQgpmWuUjqBBUe4aBsoYVVLlyfh6XqV3z37XrT91CX23Xn7qF_qFdoH1LZQno3nY6yisJh5XiQXCiAEQT4EAHoY11zaBdwl2cbTDO7CvPQcK5ENKZ3ldP4JEKCuXQAQ7Bey_0VYQhElbgdyhqLyHQB0uhAyk-Cec14BY0AQp-lQD6XzXwWlT0q6oVpOQIDfwNrccIc0dUF_hdyXioJGJCIDMa0wZLXsIqYmYSuFXPyt_TGr3l9RdpPQZy9YLWAhr6N6r-snmnJSEdaBM0BLRA7LgBhy6Q8HicAFUTRyGDW0Jv31H135iK_kzVrxUVfTQLMsQNULcgopChL4GMBw-mkaA1CyHtwVFYWBf0Sj70ln3rRC6Y8h47DmOO-aygSaRQ7qig0BGzLRk3UQvGoyDPjsbYLOAN-OOI26b27CjwX2tSp03Qpgq0cY7FgElFndDHQtEkOKyT0TlYvnL3F0YWUj7Xbhb9pMM8EzWCllo3npmpiBhTBS9Hn6zqq06F_rX_SVAys25IqEP_qUpMBjIGBZtWB-41IJjM8AAMxP5z_68ig5nYfoKG_oTtq9DQ37rwKzQviWDhwBIiDR6BuwzQX3DfmlOOx4zH8FeTvLAoPbFY_AO10d-5sC-ofcTLiQI-CcYGEGC-cRJi0HwsRpsCSxRnfAN-AOLilkovVL9CGV1XnosuQmVco_emOasY10tiBhWkDj4ZVAAL2qjX2PYhOHimQmqw_d7Zyvl5MuXzur1Sl6eK3Oar4IMTuw0xNQlWvtIzxZQKIOPNGOy-pIPVwpbmgEi03kti_tGJ02aq0J8TOj6yuX4SnLgsnYezvaEPY7tgtiy2r69Y2wC1kxHpgTD950JFbwr1DlJjSSTUOjGVcAKTifKgxmEgPG-ExXLRsIaZG8Fz-XWIfJ4XF2cG6e_R1zggKByp4MTDR7YKT1z-ia5Y8WFmRLAXOyIzGKj-CCuO7NlBTZK4oGE0QsSGcc61v3Lit5mi96mCQEwN6Io_O3H9-_EGEJwRVXxJjDYyaGNsg3wVS_ZMv6eh0wsHBg20HgiNGZ_XANiRghrSfsrn1Tv8dIjPdGZmBJrwe4AKbBR7EwX1YrB_YGVDKsTC6KMbv7BVPeS2SPX1xHhgK-fTqi9ajP6fVV8ciq6nypkS9--39ivzzqe7l3V_e97YizwByLPpE4P5gMSAcGrGH2ZRv6zrLjaL-4eGxfGW9esqduPZdTZG4zi26juoV_RQTbpFXMTrIQ5RPK_LvHfP2l6vyJAncSXuQj-vQqbz-6vQVp5i6uioh4ukllFxwWw3a7_dsFFncM3RNyTWtSjUwqgzBs29vIZpWMch9vet4VMz9n0HWa1r-qG1xLpma3Jk6R12IzU-pttaoQlc_wKntbTzm--str7P4JoTqbAWK_vOCrV7dIm8Dw3rUD-sCNxax1DlqHXeXYcrHcbPr_ZG-kkEyiAQgkjHVHW3OPBba3M-ybTaQ8iSrnFm5IlBQAaIrHf3Z43om-q5qEobTVtJB_wzTVtCHfQyJe6ErBKVzTaj52ktJzfLb5v18ZmC1e32cXCI5qRZzslkMg823voBTYYq2m8GfXVblmo0dM3LjN3xqVkYCzr6sV1KyTqii1l6WDem8cKauebfL3da5hH1YX0kB3S3s8JH95Yrw_PIcQ-yjZenh4leSlL5GLTsx2EXLshhkdaPVjtbG_2tGo-Ml930B6tGP4y9h0aBP1TLYtZNb8udfW9NW0t2T1M6dLvxMdzcDMroZlOOlIexdFw6M4Ybgp-rKB-k7Y2fHb4hecCPk-Tbg_zUV3f7LNaH2_HtbLr99qwVnTxedF1u3DkvvgwjZpJr_SLQ_Uh6Zg-LZnFaqgnaNo8_3Nq_XZh-86yufGsepL68H-fDj6bFE6dcNhN0_rLDIuavLz7-Cz0ItdI= -------------------------------------------------------------------------------- /examples/pki/cms/revocation_list.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/examples/pki/cms/revocation_list.der -------------------------------------------------------------------------------- /examples/pki/cms/revocation_list.json: -------------------------------------------------------------------------------- 1 | {"revoked": [{"expires": "2112-08-14T17:58:48Z", "id": "db98ed2af6c6707bec6dc6c6892789a0"}, {"expires": "2112-08-14T17:58:48Z", "id": "15ce05fd491b79791068ed80a9c7f5e7"}, {"expires": "2112-08-14T17:58:48Z", "id": "db98ed2af6c6707bec6dc6c6892789a0"}, {"expires": "2112-08-14T17:58:48Z", "id": "15ce05fd491b79791068ed80a9c7f5e7"}]} -------------------------------------------------------------------------------- /examples/pki/cms/revocation_list.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIIDVwYJKoZIhvcNAQcCoIIDSDCCA0QCAQExDTALBglghkgBZQMEAgEwggFcBgkq 3 | hkiG9w0BBwGgggFNBIIBSXsicmV2b2tlZCI6IFt7ImV4cGlyZXMiOiAiMjExMi0w 4 | OC0xNFQxNzo1ODo0OFoiLCAiaWQiOiAiZGI5OGVkMmFmNmM2NzA3YmVjNmRjNmM2 5 | ODkyNzg5YTAifSwgeyJleHBpcmVzIjogIjIxMTItMDgtMTRUMTc6NTg6NDhaIiwg 6 | ImlkIjogIjE1Y2UwNWZkNDkxYjc5NzkxMDY4ZWQ4MGE5YzdmNWU3In0sIHsiZXhw 7 | aXJlcyI6ICIyMTEyLTA4LTE0VDE3OjU4OjQ4WiIsICJpZCI6ICJkYjk4ZWQyYWY2 8 | YzY3MDdiZWM2ZGM2YzY4OTI3ODlhMCJ9LCB7ImV4cGlyZXMiOiAiMjExMi0wOC0x 9 | NFQxNzo1ODo0OFoiLCAiaWQiOiAiMTVjZTA1ZmQ0OTFiNzk3OTEwNjhlZDgwYTlj 10 | N2Y1ZTcifV19MYIBzjCCAcoCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYT 11 | AlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2YWxlMRIwEAYDVQQKDAlP 12 | cGVuU3RhY2sxETAPBgNVBAsMCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlz 13 | dG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDDAtTZWxmIFNpZ25lZAIBETALBglg 14 | hkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAVsD6Zy+bXz9D9ZJ32CbG4ggTisgs 15 | 4vZw9xemVMQ9J8+3iLWE2Z+NrqO1T4Q81iu9cKZ/zTFuu99B5X9ZHE57QLrOd+Jb 16 | Ld3E8HYVj8ZpGQfXAcq3ybIkT2SeEddQmW+MlHHkkfu41D1dQ8jgkIcbLjpeRCFk 17 | GA5Zj6Xdnozos/qMLqd1o4ufJ+dQAeFH/fviLkS5fiTPK6GmhqkwBQgffkOHTo/S 18 | xZQeq7GhFKijg5p60AZRc1Q+WlrmkY9W0FrX7bt6iJodWBc2YSEZ5Mr7BpvIu5JH 19 | rg282z/D4Xwj+USzn7jvqZFlmkG9o6s6YKjsrIpnPFH92EWv0+D5NuOuOA== 20 | -----END CMS----- 21 | -------------------------------------------------------------------------------- /examples/pki/cms/revocation_list.pkiz: -------------------------------------------------------------------------------- 1 | PKIZ_eJx9VElzszgUvPMr5p5KBbPY5vAdtGAsYokAYr0ZbIvdSXDM8usHO1Uzl6lRlQ6v1dVPr6vrvb4uB5oWYX8h6j-KV4kSgvmQ2O_XlBT3nAE3R9cFczFCYB4QcM0RcbCHIvjGgiKrWvBwsJD_ZfkkUyXsmntwXMBANoXY2efJntI4vR-VsCbVVURqX6ZxMRxju8knsiaITJSb04ED7cBNWQqxqTpVoDmVq0Ul6QmyP1P0INp1UtVaGrlTEiVKMicqxacyjaiSWvRRaw4nquTgpqDINg4IbkgbarnVLD-gpVOCklbmSEt5cJA8sp07svm6cvBVdnbX8oBAeYzcUnoSeVilHKzS1pUdvivZXKsONwdWFU2KxZDwpmJKskp5Xl78QSxjNuc9_MzbcJYec5KKjJSTG8XiRrkXUJ6vGRdrhosjKQdB2ubpB2m90uEPUbtIq7RiVT5ITLGbZE7r5S6A0GmVa05kDqSTe7L_fwMf_kn_bSAZWcQaisM2xa5OI7KMlOuUA8WxwtrBsHAiqqZV2Ehsso04lkch9u9LJuAoCAQcwU-MYFeZ7xQIC6wCE3oUMm4eKKh_68X6MKSjhGZgQ8FCCAQHNYPUI4MJEhy67t4cGn6K9J9znBaZFYxmBdxf7pWjwBjSSOfSydpVx9n0KNg-ldFIia-Eeq5696wNRpuDCor6q6hLyxhkiFwz2rW35hwzOVP0RnKtp9L8FJr0e97m4w4D_7cT5WjFmsxKRKA0XdaGNRCPZrkF_d4BAzlKFMj_5HqJNQRuAODiBbA6rf6eRvvnxNOEXlRFvHdXtj-D2MuMDbqiuOSiVyTx85Y18dtloKfvw9Y6COXzJ_HkTQxFddXXd9pjQ0uJNxW5v2p2t9K4n939bRN_buvM2zZSl43GpXcKOgb7g9eN5bU8A4Ovpvpjm96TUC0SdI5rkhQfAmsNAKBlX4aRjtDz1bw3JfzxEs-rlyC587XbvrHI-6k20ZK7S3cmcCP4-qCX330gf90ocs9fRD31H4bl95O2t-_QkyAks7u5mNRDFgc4q7W2eVnj8cVudd_ZyuxedvOIKkdd3nLTWn26qmeFZqeKaRbKUer7oxdoU54lAAHDeNeDGd38aisaK94dV3k3akrnd8ohu9gfK_pHeu4hk-F_d9Lf2fB_ww== -------------------------------------------------------------------------------- /examples/pki/private/cakey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC//gLFHKshdm/9 3 | 4GhxrVGcfpkXl9kDL/oF5ltilI9Qk5kk8RlwmnqCeTezwOgXgQ/xyVak4AqP6Dbh 4 | 5joLWK4EZ4MlqQASLbfTjUZkwq9gLwNtwGSI31HcEWXHkR3+ux+jdTTrba/CBZLk 5 | BYUwCrkRyRnFzajTCazb9r+YWtxjXgIcWXfeuaJPQRknfob4m42dpgwWfJIifQRn 6 | +d0w4nv84PquQpIKiwK4Ed9KRgnvmS1zy64XpKcnrQUd4Lik1djzAniIe2IP7kyT 7 | HttqmfOzOkNQ6LEigv9Zfv9QKwb3uprHPCRBJZ3N9hyezbk0ya3mShLz5lCNqE3H 8 | b6JFl7UbAgMBAAECggEAVCmMm03S8utRcrBB+LsqkHiqsb3+AriwWI+/tbo8DO12 9 | 78vFBCij1bg/o8vHsi4AiFRjaAlSd/0queJLxZeNSR77TbIE9vMVp2ZB2n/Bk19o 10 | mF8Dc0C6SMdTn6VMydLLrsL9fMrrhhkdaFnHJeU9db97Tcu22zRdk1taZ/ZEsEXN 11 | 5Ij4GSaylemUsdi2GKWCydDje3M60rGRWiVlMAsgyLhGRjBS0dfi2VRSbjE/Mi+d 12 | vrHGWyKfh/Dgmt5XdljubZE6fbogXtksBl/dvHytQIyYddSTYHWJoCHb0DhBV25V 13 | /m5SNTRoBeRtTy9s7UdMxTR9mpPscWCAonCZVh3nQQKBgQDqwE80+CaYInrNlZIM 14 | 6rX3sdHgcnlP8a2gSRfkmpTQbf5os6jHBwBp3UAqTpKZd6mjrbXXel4Hj8ccZMW9 15 | SqReQJiJwENxhvT5Bz7YGERZbVGvchXeeQBjhOy8D+Smv85I+F+cP/7efutrzFgf 16 | M5mwlic5z58ijJlloGzgP4GquwKBgQDRXuJFzfbjY7DS0vgoz5Gh8GTfB/EPZkNL 17 | ULt22Zz6coMpZ+en8HBrc7gSlAjvf3C4MAon344VIaW6bK1tx4amuJVK3gbbk7Kg 18 | 9YOkXUg60WaBeX9zed+eljV3LIcgRJ10Zu5rJ8ZCLgp1DTF1kh7afmqyufU5828b 19 | vOOpN+5pIQKBgQC7qpGnntn7tVTHFVN00A44vgcyj1E7/9D12nknYAyns8c2nKnI 20 | smg6OY4aREYeOfN7zlsYr9KL6P0cTdNmyE0urCVFulYwY9tjWc97oarCcwpiX6nr 21 | +H+/D3zRu0Lnq16WJzkICIEQDhbWTr4D85Rh/yfMp5ZoYE4hWGaxvxNCEQKBgQCL 22 | bD4N8fworGhB3E95DdCTIDxr8SPr91N0wgw0NvG8Lal+Vz0CrrCOPX8kkAPrSNhN 23 | L2Bz8QDyvXdZT6ml4yqdt2ljc7rpWc+oNBY3zA6fbHZwXfIrecsaFjkAZVyOdmLL 24 | 8wdtwAzcYUCBdgmrm2SEZ46x+fd9Ychplj2coCxZQQKBgEtdtXU93fZ6vUUTN6Rj 25 | DbWQPxktPClfBvxEr7jfdMLO33UziVQU9ZoXpj5fplWFtjLw09W1bNa6VYKGkcVK 26 | ZYCHni/J440p7v9NvHZHX8kqYkFvzs0djFXzkLTzSKk6ErDMjvWUcQq7IvB3JLNo 27 | xrS0SJBTBskGUKX/1OEP69B1 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /examples/pki/private/signing_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCexnPwhsvNj1jp 3 | pRg/gvHeisN0NWaHTs/RHboV3nHyzfsx13fUHd+X+YR3+HPI9MgMSPKn3mm45znn 4 | xJKBwuFvg007FMKtcexbwDx2053Eh83j6gRPMCqeKXxbmQITMT+eZ0yQvzfLdTNZ 5 | VKmEwDYEwgMrLcjibi7jHNN1AajvGzhswibAHXLAT6XWJH8nK1r+WaLHWh39zpmp 6 | D7Vspo0j0PP5TOMeRZuRmqGFKm/ZqG7rDKdLXuzDJM1mIpUqmQVh8e3bBkex6DeM 7 | zKmpbbQtIpyRnNMJ7rDa5Hm94nrl8FOk91d6RN8k07h8uh3GWXf/Jtzvy/RdaHcw 8 | 51B9dD45AgMBAAECggEAVYj/6LIVlTYGZkiEmaKHfqYuyaoDBB3XIwbquuFNbcq9 9 | 6onzihhV3l+Tl7YHWllUdBnQb9MIDY6zyUJC0xkTramEr7Ftd1cKSBt192Xldnza 10 | 1E+75pVCQFaFIit5zLEZXtKzkr8Q5dDLyvIrKNMLxuBmKJrPv/wv0jYzTLOKONUO 11 | BRxEb2c13lvq/RqT4xpxU8wadk/tC4N1tvLGdUnq/+1+GcmswwChBPnYafY+pzF3 12 | ylyoQUtirIZ0TAkSBwZZGkZC137OPs6CmbBqxLcPT2swUSQpUSAglwG7PklRAW1u 13 | 2Qin1gka7J3l6erIYfeJ87C7day+3+uGtlYxplMRIQKBgQDJobPdn/YZakdI4ZaH 14 | YNL67qtO5A410vb0Sm6UXWASAyfRq7nMG1CyWvlfTpPTeao9bBD0oKKIteW7RTo5 15 | mSozpKOt2Rgb3auyOkuswFbSxRuufgRDayUnyYMaHfhfp/pHEpXg/aiwNckiZ6Mi 16 | iOwIlLN+ytyzadfXZSrlPtVpvQKBgQDJlnD1hnOtWRgWeB4uUXzJPa9MJBK7JLRW 17 | +FSMrUxssw14vScmLO3kV/pN1J++FMkq7Y5ZmOpy34sGc3iMaM+H4JuNCvP5SwtG 18 | 626rOm5enH2sKd4BubiZcln5zrjgw/RV/a7aQQep4cQpaEgNoyTAu6BuU0fid6xc 19 | jVQJAXnILQKBgQDII7YB2vHRMGkpsqJUJovFgHqSiFSCoLF4sxkoM7dUqcUwniCC 20 | tOpY32yAaeLaGv4ckdQSvhAXW1Z5mLG+0oXNVTMTMVZ48oOnGa5b/18vP2/GuFdL 21 | BGORJrj3h6AucvI+8ffLqH10yy6m8/A+K2L+8Xtp87s2a21P5J+7ha8YkQKBgB4m 22 | fBqc02xX6PxjVtBCq9FFgpR2yL5ozPg9CBhKSyXu2dL3J4XULnh6mBtP89xwK25a 23 | PXI1Jsurl5WNa7hEbNW7yEgeHUNp7/PZfqHpiVxpN3qqgGPtrSh2K/Lq8kfbxw2d 24 | dat7EnRcKgSvbidsATE6XtJhblz23TayhKEcMWS5AoGBAItYfoHpgnQXk1gXal6e 25 | incHFVTgrUQlDKZ5UQn5/HvK1Gb3mAtPbLWJZ2Ej70lW5BQnBrCLI8188Z6PJY3w 26 | 8KJ4T2KOu+9qClnezLy2A+bZ+MU+XZrVv+65vjJ5oGhARmRLmYlasBmxwUEEKqlO 27 | ovIe7UVLD9CyaB+MFxFpFwE6 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /examples/pki/private/ssl_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD1i9+ydZSypNAk 3 | kVXdzIqZ8E62cqH7i0JGVGBuGdH8ZVF3MDcbi8VwqfNRWoWn9mrJUp5HYDV9t5WX 4 | z25Ej4EnqlJ3WLZvC1e+ldDIInmiULic3iIAgrWbumU3XNLHska/smoVJuLIuFUx 5 | EfRpwGOpguOzAO1M6BKCSwr+TBLYJZxc3F7v1vtwNhisyE5S2H6Q49K0UXHTPjp+ 6 | fLZAHQ5+Yxqwf0KAJqAD3vMo8EwxXlgJu8pQyjjxwtrwnN2WHYoJGt/OOdkLBbzd 7 | upWH9CGcxeVc5hSJ1hEKuYS8AOZIeH6q2MKwT+QiepBsVfuy1JFt4raLht/RcX/W 8 | R8lIAzoFAgMBAAECggEAQbeB0z1s4rMBkgfjt0z6+2A5cNMVT0FiJ3iFpnH6pVZo 9 | i0G4PgMWgKS7nlZf1yg4RFF8UxYIuvDbdJnrpSXTJ06Ka66uhOHARh3KlwXDEBIS 10 | lslMyF4zRM6KMFsDfrbUAJI7mhWiNJ5BDrUDeRookkGZt1rUJ/UknwJ+mri5gmdo 11 | UYyHuelIcVZfX6mkDCKrVHCCNbdnUgWOkXtPi25n4lqjolwEeBx5y4cu4z6tkqxM 12 | 2hcnKUyj0YKScnhnTqprkbiMpPST4y8I190Q3Eo0Q8w9hvgEUa1xezfVzICScUjG 13 | VXid7aRyq7sXGmCMWyMUAvc4+5/qanreEU1686CrMQKBgQD7FDKV1pcWGJMoL5VI 14 | xiJ8jpDpnRIL940732ODjCQRgH4K9u40OmZ36W880q6o5ZXLLoWQIYZf5Hs1lq7f 15 | 3djqHFqqXtW7P7JU3mW5n/ejbMHlxra4uoTkjR6wUF+g2kW2y4ysI/t8HxSeaVjO 16 | E4cJfoaNufgmgpeKa1QnLrMpqwKBgQD6W+qgx7w2dBXSkYBDhjDoRrCwmqOuWKwG 17 | DMTDrlbu2j7hag6Xdy92CqjGAYXfhny4bpCkFLRjyrDZS4a/cObGKYYG4jVXTYfj 18 | 5cqLUiLmQFrZiK0uA7ek+qMp06FJX45iyECJlXX4gNU8e/WMfujlFLwjZ+72znQE 19 | iTMW5xxbDwKBgEBa1vRtAmDZf66HM75peqFucVpPtjZ3By5XfcxT+VK7GpN442lj 20 | pqwJm0d9wOLtpc1kaTuePDEMAUClFMGwvU6UYfDVSfcqxmzWbEB97h1nXPOmUWNb 21 | +4ARY9JRZ5F1IPVPiwj8WBNibAiGfAqmGrCmS5q8FgzY4DrMc89vOuDtAoGBAJfe 22 | aB6t6ssxcgdwwdi0LzjHoOkQdVgObBOjbTyypgNwGpLMrhtNblnxr12lkNr+Duwm 23 | DdGqyZ57VvoJaaz5xNPSXn4QfIEAA/3H6CzJX2hDA5lP4pW2JZGLhKybtwv2Tj43 24 | 8YZERvK+3Bs7qsFWPtqv0Ey+AGRw6knSHE65VScbAoGBAPUwAUmBZ6F22M6ftNL7 25 | G/qZJsP6OmDSyvJDN9SXiLvbpXQVd6RrZrni6xzwKWAFncFMVo+HWmeAavM8zxsc 26 | a/XVSVvRj0kwg94HotHCF7/nHqYIqyF7hLZipdIphVGXx+c8dbKeVg0fgTnLRkzx 27 | tbxgs3HWa6pgQvxtVAN4Jl3W 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /examples/pki/run_all.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | # Copyright 2012 OpenStack Foundation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | # not use this file except in compliance with the License. You may obtain 7 | # a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | 17 | # This script generates the crypto necessary for the SSL tests. 18 | 19 | . gen_pki.sh 20 | 21 | check_openssl 22 | rm_old 23 | cleanup 24 | setup 25 | generate_ca 26 | ssl_cert_req 27 | cms_signing_cert_req 28 | issue_certs 29 | gen_sample_cms 30 | cleanup 31 | -------------------------------------------------------------------------------- /keystoneclient/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2012 OpenStack Foundation 2 | # All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | 16 | """The python bindings for the OpenStack Identity (Keystone) project. 17 | 18 | A Client object will allow you to communicate with the Identity server. The 19 | recommended way to get a Client object is to use 20 | :py:func:`keystoneclient.client.Client()`. :py:func:`~.Client()` uses version 21 | discovery to create a V3 or V2 client depending on what versions the Identity 22 | server supports and what version is requested. 23 | 24 | Identity V2 and V3 clients can also be created directly. See 25 | :py:class:`keystoneclient.v3.client.Client` for the V3 client and 26 | :py:class:`keystoneclient.v2_0.client.Client` for the V2 client. 27 | 28 | """ 29 | 30 | import importlib 31 | import sys 32 | 33 | import pbr.version 34 | 35 | 36 | __version__ = pbr.version.VersionInfo('python-keystoneclient').version_string() 37 | 38 | __all__ = ( 39 | # Modules 40 | 'generic', 41 | 'v2_0', 42 | 'v3', 43 | 44 | # Packages 45 | 'access', 46 | 'client', 47 | 'exceptions', 48 | 'httpclient', 49 | 'service_catalog', 50 | ) 51 | 52 | 53 | class _LazyImporter(object): 54 | def __init__(self, module): 55 | self._module = module 56 | 57 | def __getattr__(self, name): 58 | # NB: this is only called until the import has been done. 59 | # These submodules are part of the API without explicit importing, but 60 | # expensive to load, so we load them on-demand rather than up-front. 61 | lazy_submodules = [ 62 | 'access', 63 | 'client', 64 | 'exceptions', 65 | 'generic', 66 | 'httpclient', 67 | 'service_catalog', 68 | 'v2_0', 69 | 'v3', 70 | ] 71 | if name in lazy_submodules: 72 | return importlib.import_module('keystoneclient.%s' % name) 73 | 74 | # Return module attributes like __all__ etc. 75 | return getattr(self._module, name) 76 | 77 | 78 | sys.modules[__name__] = _LazyImporter(sys.modules[__name__]) 79 | -------------------------------------------------------------------------------- /keystoneclient/auth/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | # flake8: noqa: F405 14 | 15 | from keystoneclient.auth.base import * # noqa 16 | from keystoneclient.auth.cli import * # noqa 17 | from keystoneclient.auth.conf import * # noqa 18 | 19 | 20 | __all__ = ( 21 | # auth.base 22 | 'AUTH_INTERFACE', 23 | 'BaseAuthPlugin', 24 | 'get_available_plugin_names', 25 | 'get_available_plugin_classes', 26 | 'get_plugin_class', 27 | 'IDENTITY_AUTH_HEADER_NAME', 28 | 'PLUGIN_NAMESPACE', 29 | 30 | # auth.cli 31 | 'load_from_argparse_arguments', 32 | 'register_argparse_arguments', 33 | 34 | # auth.conf 35 | 'get_common_conf_options', 36 | 'get_plugin_options', 37 | 'load_from_conf_options', 38 | 'register_conf_options', 39 | ) 40 | -------------------------------------------------------------------------------- /keystoneclient/auth/identity/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.auth.identity import base 14 | from keystoneclient.auth.identity import generic 15 | from keystoneclient.auth.identity import v2 16 | from keystoneclient.auth.identity import v3 17 | 18 | 19 | BaseIdentityPlugin = base.BaseIdentityPlugin 20 | 21 | V2Password = v2.Password 22 | V2Token = v2.Token 23 | 24 | V3Password = v3.Password 25 | V3Token = v3.Token 26 | 27 | Password = generic.Password 28 | Token = generic.Token 29 | 30 | 31 | __all__ = ('BaseIdentityPlugin', 32 | 'Password', 33 | 'Token', 34 | 'V2Password', 35 | 'V2Token', 36 | 'V3Password', 37 | 'V3Token') 38 | -------------------------------------------------------------------------------- /keystoneclient/auth/identity/access.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.auth.identity import base 14 | 15 | 16 | class AccessInfoPlugin(base.BaseIdentityPlugin): 17 | """A plugin that turns an existing AccessInfo object into a usable plugin. 18 | 19 | There are cases where reuse of an auth_ref or AccessInfo object is 20 | warranted such as from a cache, from auth_token middleware, or another 21 | source. 22 | 23 | Turn the existing access info object into an identity plugin. This plugin 24 | cannot be refreshed as the AccessInfo object does not contain any 25 | authorizing information. 26 | 27 | :param auth_ref: the existing AccessInfo object. 28 | :type auth_ref: keystoneclient.access.AccessInfo 29 | :param auth_url: the url where this AccessInfo was retrieved from. Required 30 | if using the AUTH_INTERFACE with get_endpoint. (optional) 31 | """ 32 | 33 | def __init__(self, auth_ref, auth_url=None): 34 | super(AccessInfoPlugin, self).__init__(auth_url=auth_url, 35 | reauthenticate=False) 36 | self.auth_ref = auth_ref 37 | 38 | def get_auth_ref(self, session, **kwargs): 39 | return self.auth_ref 40 | 41 | def invalidate(self): 42 | # NOTE(jamielennox): Don't allow the default invalidation to occur 43 | # because on next authentication request we will only get the same 44 | # auth_ref object again. 45 | return False 46 | -------------------------------------------------------------------------------- /keystoneclient/auth/identity/generic/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.auth.identity.generic.base import BaseGenericPlugin # noqa 14 | from keystoneclient.auth.identity.generic.password import Password # noqa 15 | from keystoneclient.auth.identity.generic.token import Token # noqa 16 | 17 | 18 | __all__ = ('BaseGenericPlugin', 19 | 'Password', 20 | 'Token', 21 | ) 22 | -------------------------------------------------------------------------------- /keystoneclient/auth/identity/generic/token.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from oslo_config import cfg 14 | 15 | from keystoneclient import _discover 16 | from keystoneclient.auth.identity.generic import base 17 | from keystoneclient.auth.identity import v2 18 | from keystoneclient.auth.identity import v3 19 | 20 | 21 | def get_options(): 22 | return [ 23 | cfg.StrOpt('token', secret=True, help='Token to authenticate with'), 24 | ] 25 | 26 | 27 | class Token(base.BaseGenericPlugin): 28 | """Generic token auth plugin. 29 | 30 | :param string token: Token for authentication. 31 | """ 32 | 33 | def __init__(self, auth_url, token=None, **kwargs): 34 | super(Token, self).__init__(auth_url, **kwargs) 35 | self._token = token 36 | 37 | def create_plugin(self, session, version, url, raw_status=None): 38 | if _discover.version_match((2,), version): 39 | return v2.Token(url, self._token, **self._v2_params) 40 | 41 | elif _discover.version_match((3,), version): 42 | return v3.Token(url, self._token, **self._v3_params) 43 | 44 | @classmethod 45 | def get_options(cls): 46 | options = super(Token, cls).get_options() 47 | options.extend(get_options()) 48 | return options 49 | -------------------------------------------------------------------------------- /keystoneclient/auth/identity/v3/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | # flake8: noqa: F405 14 | 15 | from keystoneclient.auth.identity.v3.base import * # noqa 16 | from keystoneclient.auth.identity.v3.federated import * # noqa 17 | from keystoneclient.auth.identity.v3.password import * # noqa 18 | from keystoneclient.auth.identity.v3.token import * # noqa 19 | 20 | 21 | __all__ = ('Auth', 22 | 'AuthConstructor', 23 | 'AuthMethod', 24 | 'BaseAuth', 25 | 26 | 'FederatedBaseAuth', 27 | 28 | 'Password', 29 | 'PasswordMethod', 30 | 31 | 'Token', 32 | 'TokenMethod') 33 | -------------------------------------------------------------------------------- /keystoneclient/auth/identity/v3/token.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from oslo_config import cfg 14 | 15 | from keystoneclient.auth.identity.v3 import base 16 | 17 | 18 | __all__ = ('TokenMethod', 'Token') 19 | 20 | 21 | class TokenMethod(base.AuthMethod): 22 | """Construct an Auth plugin to fetch a token from a token. 23 | 24 | :param string token: Token for authentication. 25 | """ 26 | 27 | _method_parameters = ['token'] 28 | 29 | def get_auth_data(self, session, auth, headers, **kwargs): 30 | headers['X-Auth-Token'] = self.token 31 | return 'token', {'id': self.token} 32 | 33 | 34 | class Token(base.AuthConstructor): 35 | """A plugin for authenticating with an existing Token. 36 | 37 | :param string auth_url: Identity service endpoint for authentication. 38 | :param string token: Token for authentication. 39 | :param string trust_id: Trust ID for trust scoping. 40 | :param string domain_id: Domain ID for domain scoping. 41 | :param string domain_name: Domain name for domain scoping. 42 | :param string project_id: Project ID for project scoping. 43 | :param string project_name: Project name for project scoping. 44 | :param string project_domain_id: Project's domain ID for project. 45 | :param string project_domain_name: Project's domain name for project. 46 | :param bool reauthenticate: Allow fetching a new token if the current one 47 | is going to expire. (optional) default True 48 | """ 49 | 50 | _auth_method_class = TokenMethod 51 | 52 | def __init__(self, auth_url, token, **kwargs): 53 | super(Token, self).__init__(auth_url, token=token, **kwargs) 54 | 55 | @classmethod 56 | def get_options(cls): 57 | options = super(Token, cls).get_options() 58 | 59 | options.extend([ 60 | cfg.StrOpt('token', 61 | secret=True, 62 | help='Token to authenticate with'), 63 | ]) 64 | 65 | return options 66 | -------------------------------------------------------------------------------- /keystoneclient/auth/token_endpoint.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import warnings 14 | 15 | from oslo_config import cfg 16 | 17 | from keystoneclient.auth import base 18 | 19 | 20 | class Token(base.BaseAuthPlugin): 21 | """A provider that will always use the given token and endpoint. 22 | 23 | This is really only useful for testing and in certain CLI cases where you 24 | have a known endpoint and admin token that you want to use. 25 | """ 26 | 27 | def __init__(self, endpoint, token): 28 | # NOTE(jamielennox): endpoint is reserved for when plugins 29 | # can be used to provide that information 30 | warnings.warn( 31 | 'TokenEndpoint plugin is deprecated as of the 2.1.0 release in ' 32 | 'favor of keystoneauth1.token_endpoint.Token. It will be removed ' 33 | 'in future releases.', 34 | DeprecationWarning) 35 | 36 | self.endpoint = endpoint 37 | self.token = token 38 | 39 | def get_token(self, session): 40 | return self.token 41 | 42 | def get_endpoint(self, session, **kwargs): 43 | """Return the supplied endpoint. 44 | 45 | Using this plugin the same endpoint is returned regardless of the 46 | parameters passed to the plugin. 47 | """ 48 | return self.endpoint 49 | 50 | @classmethod 51 | def get_options(cls): 52 | options = super(Token, cls).get_options() 53 | 54 | options.extend([ 55 | cfg.StrOpt('endpoint', 56 | help='The endpoint that will always be used'), 57 | cfg.StrOpt('token', 58 | secret=True, 59 | help='The token that will always be used'), 60 | ]) 61 | 62 | return options 63 | -------------------------------------------------------------------------------- /keystoneclient/baseclient.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import warnings 14 | 15 | 16 | class Client(object): 17 | 18 | def __init__(self, session): 19 | warnings.warn( 20 | 'keystoneclient.baseclient.Client is deprecated as of the 2.1.0 ' 21 | 'release. It will be removed in future releases.', 22 | DeprecationWarning) 23 | 24 | self.session = session 25 | 26 | def request(self, url, method, **kwargs): 27 | kwargs.setdefault('authenticated', True) 28 | return self.session.request(url, method, **kwargs) 29 | 30 | def get(self, url, **kwargs): 31 | return self.request(url, 'GET', **kwargs) 32 | 33 | def head(self, url, **kwargs): 34 | return self.request(url, 'HEAD', **kwargs) 35 | 36 | def post(self, url, **kwargs): 37 | return self.request(url, 'POST', **kwargs) 38 | 39 | def put(self, url, **kwargs): 40 | return self.request(url, 'PUT', **kwargs) 41 | 42 | def patch(self, url, **kwargs): 43 | return self.request(url, 'PATCH', **kwargs) 44 | 45 | def delete(self, url, **kwargs): 46 | return self.request(url, 'DELETE', **kwargs) 47 | -------------------------------------------------------------------------------- /keystoneclient/client.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from debtcollector import removals 14 | 15 | from keystoneclient import discover 16 | from keystoneclient import httpclient 17 | from keystoneclient import session as client_session 18 | 19 | 20 | @removals.remove(message='Use keystoneclient.httpclient.HTTPClient instead', 21 | version='1.7.0', removal_version='2.0.0') 22 | class HTTPClient(httpclient.HTTPClient): 23 | """Deprecated alias for httpclient.HTTPClient. 24 | 25 | This class is deprecated as of the 1.7.0 release in favor of 26 | :class:`keystoneclient.httpclient.HTTPClient` and may be removed in the 27 | 2.0.0 release. 28 | 29 | """ 30 | 31 | 32 | def Client(version=None, unstable=False, session=None, **kwargs): 33 | """Factory function to create a new identity service client. 34 | 35 | The returned client will be either a V3 or V2 client. Check the version 36 | using the :py:attr:`~keystoneclient.v3.client.Client.version` property or 37 | the instance's class (with instanceof). 38 | 39 | :param tuple version: The required version of the identity API. If 40 | specified the client will be selected such that the 41 | major version is equivalent and an endpoint provides 42 | at least the specified minor version. For example to 43 | specify the 3.1 API use ``(3, 1)``. (optional) 44 | :param bool unstable: Accept endpoints not marked as 'stable'. (optional) 45 | :param session: A session object to be used for communication. If one is 46 | not provided it will be constructed from the provided 47 | kwargs. (optional) 48 | :type session: keystoneclient.session.Session 49 | :param kwargs: Additional arguments are passed through to the client 50 | that is being created. 51 | :returns: New keystone client object. 52 | :rtype: :py:class:`keystoneclient.v3.client.Client` or 53 | :py:class:`keystoneclient.v2_0.client.Client` 54 | :raises keystoneclient.exceptions.DiscoveryFailure: if the server's 55 | response is invalid. 56 | :raises keystoneclient.exceptions.VersionNotAvailable: if a suitable client 57 | cannot be found. 58 | """ 59 | if not session: 60 | session = client_session.Session._construct(kwargs) 61 | 62 | d = discover.Discover(session=session, **kwargs) 63 | return d.create_client(version=version, unstable=unstable) 64 | -------------------------------------------------------------------------------- /keystoneclient/common/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/common/__init__.py -------------------------------------------------------------------------------- /keystoneclient/contrib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/contrib/__init__.py -------------------------------------------------------------------------------- /keystoneclient/contrib/auth/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/contrib/auth/__init__.py -------------------------------------------------------------------------------- /keystoneclient/contrib/auth/v3/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/contrib/auth/v3/__init__.py -------------------------------------------------------------------------------- /keystoneclient/contrib/ec2/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/contrib/ec2/__init__.py -------------------------------------------------------------------------------- /keystoneclient/fixture/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | """ 14 | Produce keystone compliant structures for testing. 15 | 16 | The generators in this directory produce keystone compliant structures for 17 | use in testing. 18 | They should be considered part of the public API because they may be relied 19 | upon to generate test tokens for other clients. However they should never be 20 | imported into the main client (keystoneclient or other). Because of this there 21 | may be dependencies from this module on libraries that are only available in 22 | testing. 23 | 24 | .. warning:: 25 | 26 | The keystoneclient.fixture package is deprecated in favor of 27 | keystoneauth1.fixture and will not be supported. 28 | 29 | """ 30 | 31 | # flake8: noqa: F405 32 | 33 | import warnings 34 | 35 | from keystoneclient.fixture.discovery import * # noqa 36 | from keystoneclient.fixture import exception 37 | from keystoneclient.fixture import v2 38 | from keystoneclient.fixture import v3 39 | 40 | 41 | warnings.warn( 42 | "The keystoneclient.fixture package is deprecated in favor of " 43 | "keystoneauth1.fixture and will not be supported.", DeprecationWarning) 44 | 45 | 46 | FixtureValidationError = exception.FixtureValidationError 47 | V2Token = v2.Token 48 | V3Token = v3.Token 49 | V3FederationToken = v3.V3FederationToken 50 | 51 | __all__ = ('DiscoveryList', 52 | 'FixtureValidationError', 53 | 'V2Discovery', 54 | 'V3Discovery', 55 | 'V2Token', 56 | 'V3Token', 57 | 'V3FederationToken', 58 | ) 59 | -------------------------------------------------------------------------------- /keystoneclient/fixture/discovery.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneauth1.fixture import discovery 14 | 15 | 16 | __all__ = ('DiscoveryList', 17 | 'V2Discovery', 18 | 'V3Discovery', 19 | ) 20 | 21 | 22 | V2Discovery = discovery.V2Discovery 23 | """A Version element for a V2 identity service endpoint. 24 | 25 | An alias of :py:exc:`keystoneauth1.fixture.discovery.V2Discovery` 26 | """ 27 | 28 | V3Discovery = discovery.V3Discovery 29 | """A Version element for a V3 identity service endpoint. 30 | 31 | An alias of :py:exc:`keystoneauth1.fixture.discovery.V3Discovery` 32 | """ 33 | 34 | DiscoveryList = discovery.DiscoveryList 35 | """A List of version elements. 36 | 37 | An alias of :py:exc:`keystoneauth1.fixture.discovery.DiscoveryList` 38 | """ 39 | -------------------------------------------------------------------------------- /keystoneclient/fixture/exception.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneauth1.fixture import exception 14 | 15 | 16 | FixtureValidationError = exception.FixtureValidationError 17 | """The token you created is not legitimate. 18 | 19 | An alias of :py:exc:`keystoneauth1.fixture.exception.FixtureValidationError`` 20 | """ 21 | -------------------------------------------------------------------------------- /keystoneclient/fixture/v2.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneauth1.fixture import v2 14 | 15 | 16 | Token = v2.Token 17 | """A V2 Keystone token that can be used for testing. 18 | 19 | An alias of :py:exc:`keystoneauth1.fixture.v2.Token` 20 | """ 21 | -------------------------------------------------------------------------------- /keystoneclient/fixture/v3.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneauth1.fixture import v3 14 | 15 | 16 | Token = v3.Token 17 | """A V3 Keystone token that can be used for testing. 18 | 19 | An alias of :py:exc:`keystoneauth1.fixture.v3.Token` 20 | """ 21 | 22 | V3FederationToken = v3.V3FederationToken 23 | """A V3 Keystone Federation token that can be used for testing. 24 | 25 | An alias of :py:exc:`keystoneauth1.fixture.v3.V3FederationToken` 26 | """ 27 | -------------------------------------------------------------------------------- /keystoneclient/generic/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | __all__ = ( 3 | 'client', 4 | ) 5 | -------------------------------------------------------------------------------- /keystoneclient/i18n.py: -------------------------------------------------------------------------------- 1 | # Copyright 2014 IBM Corp. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | """oslo.i18n integration module. 16 | 17 | See https://docs.openstack.org/oslo.i18n/latest/user/index.html . 18 | 19 | """ 20 | 21 | import oslo_i18n 22 | 23 | 24 | _translators = oslo_i18n.TranslatorFactory(domain='keystoneclient') 25 | 26 | # The primary translation function using the well-known name "_" 27 | _ = _translators.primary 28 | -------------------------------------------------------------------------------- /keystoneclient/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/tests/__init__.py -------------------------------------------------------------------------------- /keystoneclient/tests/functional/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/tests/functional/__init__.py -------------------------------------------------------------------------------- /keystoneclient/tests/functional/base.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import testtools 14 | 15 | from keystoneclient import client 16 | import os_client_config 17 | 18 | IDENTITY_CLIENT = 'identity' 19 | OPENSTACK_CLOUDS = ('functional_admin', 'devstack-admin', 'envvars') 20 | 21 | 22 | def get_client(version): 23 | """Create a keystoneclient instance to run functional tests. 24 | 25 | The client is instantiated via os-client-config either based on a 26 | clouds.yaml config file or from the environment variables. 27 | 28 | First, look for a 'functional_admin' cloud, as this is a cloud that the 29 | user may have defined for functional testing with admin credentials. If 30 | that is not found, check for the 'devstack-admin' cloud. Finally, fall 31 | back to looking for environment variables. 32 | 33 | """ 34 | for cloud in OPENSTACK_CLOUDS: 35 | try: 36 | cloud_config = os_client_config.get_config( 37 | cloud=cloud, identity_api_version=version) 38 | return cloud_config.get_legacy_client(service_key=IDENTITY_CLIENT, 39 | constructor=client.Client) 40 | 41 | except os_client_config.exceptions.OpenStackConfigException: 42 | pass 43 | 44 | raise Exception("Could not find any cloud definition for clouds named" 45 | " functional_admin or devstack-admin. Check your" 46 | " clouds.yaml file or your envvars and try again.") 47 | 48 | 49 | class ClientTestCase(testtools.TestCase): 50 | 51 | def setUp(self): 52 | super(ClientTestCase, self).setUp() 53 | 54 | if not self.auth_ref.project_scoped: 55 | raise Exception("Could not run functional tests, which are " 56 | "run based on the scope provided for " 57 | "authentication. Please provide a project " 58 | "scope information.") 59 | 60 | @property 61 | def client(self): 62 | if not hasattr(self, '_client'): 63 | self._client = get_client(self.version) 64 | 65 | return self._client 66 | 67 | @property 68 | def auth_ref(self): 69 | return self.client.session.auth.get_auth_ref(self.client.session) 70 | 71 | @property 72 | def project_domain_id(self): 73 | return self.auth_ref.project_domain_id 74 | 75 | @property 76 | def project_id(self): 77 | return self.client.session.get_project_id() 78 | 79 | @property 80 | def user_id(self): 81 | return self.client.session.get_user_id() 82 | 83 | 84 | class V3ClientTestCase(ClientTestCase): 85 | version = '3' 86 | -------------------------------------------------------------------------------- /keystoneclient/tests/functional/test_base.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import keystoneclient 14 | from keystoneclient.tests.functional import base 15 | 16 | 17 | class V3ClientVersionTestCase(base.V3ClientTestCase): 18 | 19 | def test_version(self): 20 | self.assertIsInstance(self.client, 21 | keystoneclient.v3.client.Client) 22 | -------------------------------------------------------------------------------- /keystoneclient/tests/functional/v3/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/tests/functional/v3/__init__.py -------------------------------------------------------------------------------- /keystoneclient/tests/functional/v3/test_implied_roles.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.tests.functional import base 14 | from keystoneclient.tests.functional.v3 import client_fixtures as fixtures 15 | 16 | 17 | role_defs = ["test_admin", 18 | "test_id_manager", 19 | "test_resource_manager", 20 | "test_role_manager", 21 | "test_assignment_manager", 22 | "test_domain_manager", 23 | "test_project_manager", 24 | "test_catalog_manager", 25 | "test_policy_manager", 26 | "test_observer", 27 | "test_domain_tech_lead", 28 | "test_project_observer", 29 | "test_member"] 30 | 31 | inference_rules = {"test_admin": "test_policy_manager", 32 | "test_id_manager": "test_project_observer", 33 | "test_resource_manager": "test_project_observer", 34 | "test_role_manager": "test_project_observer", 35 | "test_catalog_manager": "test_project_observer", 36 | "test_policy_manager": "test_project_observer", 37 | "test_project_observer": "test_observer", 38 | "test_member": "test_observer"} 39 | 40 | 41 | class TestImpliedRoles(base.V3ClientTestCase): 42 | 43 | def setUp(self): 44 | super(TestImpliedRoles, self).setUp() 45 | 46 | def test_implied_roles(self): 47 | initial_rule_count = ( 48 | len(self.client.inference_rules.list_inference_roles())) 49 | 50 | self.create_roles() 51 | self.create_rules() 52 | rule_count = len(self.client.inference_rules.list_inference_roles()) 53 | self.assertEqual(initial_rule_count + len(inference_rules), 54 | rule_count) 55 | 56 | def role_dict(self): 57 | roles = {role.name: role.id for role in self.client.roles.list()} 58 | return roles 59 | 60 | def create_roles(self): 61 | for role_def in role_defs: 62 | role = fixtures.Role(self.client, name=role_def) 63 | self.useFixture(role) 64 | 65 | def create_rules(self): 66 | roles = self.role_dict() 67 | for prior, implied in inference_rules.items(): 68 | rule = fixtures.InferenceRule(self.client, roles[prior], 69 | roles[implied]) 70 | self.useFixture(rule) 71 | -------------------------------------------------------------------------------- /keystoneclient/tests/functional/v3/test_policies.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneauth1.exceptions import http 16 | 17 | from keystoneclient.tests.functional import base 18 | from keystoneclient.tests.functional.v3 import client_fixtures as fixtures 19 | 20 | 21 | class PoliciesTestCase(base.V3ClientTestCase): 22 | 23 | def check_policy(self, policy, policy_ref=None): 24 | self.assertIsNotNone(policy.id) 25 | self.assertIn('self', policy.links) 26 | self.assertIn('/policies/' + policy.id, policy.links['self']) 27 | 28 | if policy_ref: 29 | self.assertEqual(policy_ref['blob'], policy.blob) 30 | self.assertEqual(policy_ref['type'], policy.type) 31 | 32 | else: 33 | # Only check remaining mandatory attributes 34 | self.assertIsNotNone(policy.blob) 35 | self.assertIsNotNone(policy.type) 36 | 37 | def test_create_policy(self): 38 | policy_ref = {'blob': uuid.uuid4().hex, 39 | 'type': uuid.uuid4().hex} 40 | 41 | policy = self.client.policies.create(**policy_ref) 42 | self.addCleanup(self.client.policies.delete, policy) 43 | self.check_policy(policy, policy_ref) 44 | 45 | def test_get_policy(self): 46 | policy = fixtures.Policy(self.client) 47 | self.useFixture(policy) 48 | 49 | policy_ret = self.client.policies.get(policy.id) 50 | self.check_policy(policy_ret, policy.ref) 51 | 52 | def test_list_policies(self): 53 | policy_one = fixtures.Policy(self.client) 54 | self.useFixture(policy_one) 55 | 56 | policy_two = fixtures.Policy(self.client) 57 | self.useFixture(policy_two) 58 | 59 | policies = self.client.policies.list() 60 | 61 | # All policies are valid 62 | for policy in policies: 63 | self.check_policy(policy) 64 | 65 | self.assertIn(policy_one.entity, policies) 66 | self.assertIn(policy_two.entity, policies) 67 | 68 | def test_update_policy(self): 69 | policy = fixtures.Policy(self.client) 70 | self.useFixture(policy) 71 | 72 | new_blob = uuid.uuid4().hex 73 | new_type = uuid.uuid4().hex 74 | 75 | policy_ret = self.client.policies.update(policy.id, 76 | blob=new_blob, 77 | type=new_type) 78 | 79 | policy.ref.update({'blob': new_blob, 'type': new_type}) 80 | self.check_policy(policy_ret, policy.ref) 81 | 82 | def test_delete_policy(self): 83 | policy = self.client.policies.create(blob=uuid.uuid4().hex, 84 | type=uuid.uuid4().hex) 85 | 86 | self.client.policies.delete(policy.id) 87 | self.assertRaises(http.NotFound, 88 | self.client.policies.get, 89 | policy.id) 90 | -------------------------------------------------------------------------------- /keystoneclient/tests/functional/v3/test_regions.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneauth1.exceptions import http 16 | 17 | from keystoneclient.tests.functional import base 18 | from keystoneclient.tests.functional.v3 import client_fixtures as fixtures 19 | 20 | 21 | class RegionsTestCase(base.V3ClientTestCase): 22 | 23 | def check_region(self, region, region_ref=None): 24 | self.assertIsNotNone(region.id) 25 | self.assertIn('self', region.links) 26 | self.assertIn('/regions/' + region.id, region.links['self']) 27 | 28 | # There is no guarantee the below attributes are present in region 29 | if hasattr(region_ref, 'description'): 30 | self.assertEqual(region_ref['description'], region.description) 31 | if hasattr(region_ref, 'parent_region'): 32 | self.assertEqual( 33 | region_ref['parent_region'], 34 | region.parent_region) 35 | 36 | def test_create_region(self): 37 | region_ref = {'description': uuid.uuid4().hex} 38 | 39 | region = self.client.regions.create(**region_ref) 40 | self.addCleanup(self.client.regions.delete, region) 41 | self.check_region(region, region_ref) 42 | 43 | def test_get_region(self): 44 | region = fixtures.Region(self.client) 45 | self.useFixture(region) 46 | 47 | region_ret = self.client.regions.get(region.id) 48 | self.check_region(region_ret, region.ref) 49 | 50 | def test_list_regions(self): 51 | region_one = fixtures.Region(self.client) 52 | self.useFixture(region_one) 53 | 54 | region_two = fixtures.Region(self.client, parent_region=region_one.id) 55 | self.useFixture(region_two) 56 | 57 | regions = self.client.regions.list() 58 | 59 | # All regions are valid 60 | for region in regions: 61 | self.check_region(region) 62 | 63 | self.assertIn(region_one.entity, regions) 64 | self.assertIn(region_two.entity, regions) 65 | 66 | def test_update_region(self): 67 | parent = fixtures.Region(self.client) 68 | self.useFixture(parent) 69 | 70 | region = fixtures.Region(self.client) 71 | self.useFixture(region) 72 | 73 | new_description = uuid.uuid4().hex 74 | region_ret = self.client.regions.update(region.id, 75 | description=new_description, 76 | parent_region=parent.id) 77 | self.check_region(region_ret, region.ref) 78 | 79 | def test_delete_region(self): 80 | region = self.client.regions.create() 81 | 82 | self.client.regions.delete(region.id) 83 | self.assertRaises(http.NotFound, 84 | self.client.regions.get, 85 | region.id) 86 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/tests/unit/__init__.py -------------------------------------------------------------------------------- /keystoneclient/tests/unit/apiclient/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/tests/unit/apiclient/__init__.py -------------------------------------------------------------------------------- /keystoneclient/tests/unit/apiclient/test_exceptions.py: -------------------------------------------------------------------------------- 1 | # Copyright 2012 OpenStack Foundation 2 | # All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | 16 | from keystoneclient import exceptions 17 | from keystoneclient.tests.unit import utils 18 | 19 | 20 | class FakeResponse(object): 21 | json_data = {} 22 | 23 | def __init__(self, **kwargs): 24 | for key, value in kwargs.items(): 25 | setattr(self, key, value) 26 | 27 | def json(self): 28 | return self.json_data 29 | 30 | 31 | class ExceptionsArgsTest(utils.TestCase): 32 | 33 | def assert_exception(self, ex_cls, method, url, status_code, json_data): 34 | ex = exceptions.from_response( 35 | FakeResponse(status_code=status_code, 36 | headers={"Content-Type": "application/json"}, 37 | json_data=json_data), 38 | method, 39 | url) 40 | self.assertIsInstance(ex, ex_cls) 41 | self.assertIn(json_data["error"]["message"], ex.message) 42 | self.assertEqual(ex.details, json_data["error"]["details"]) 43 | self.assertEqual(ex.method, method) 44 | self.assertEqual(ex.url, url) 45 | self.assertEqual(ex.http_status, status_code) 46 | 47 | def test_from_response_known(self): 48 | method = "GET" 49 | url = "/fake" 50 | status_code = 400 51 | json_data = {"error": {"message": "fake message", 52 | "details": "fake details"}} 53 | self.assert_exception( 54 | exceptions.BadRequest, method, url, status_code, json_data) 55 | 56 | def test_from_response_unknown(self): 57 | method = "POST" 58 | url = "/fake-unknown" 59 | status_code = 499 60 | json_data = {"error": {"message": "fake unknown message", 61 | "details": "fake unknown details"}} 62 | self.assert_exception( 63 | exceptions.HTTPClientError, method, url, status_code, json_data) 64 | status_code = 600 65 | self.assert_exception( 66 | exceptions.HTTPError, method, url, status_code, json_data) 67 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/auth/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/tests/unit/auth/__init__.py -------------------------------------------------------------------------------- /keystoneclient/tests/unit/auth/test_access.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneauth1 import fixture 16 | from keystoneauth1 import plugin 17 | 18 | from keystoneclient import access 19 | from keystoneclient.auth.identity import access as access_plugin 20 | from keystoneclient import session 21 | from keystoneclient.tests.unit import utils 22 | 23 | 24 | class AccessInfoPluginTests(utils.TestCase): 25 | 26 | def setUp(self): 27 | super(AccessInfoPluginTests, self).setUp() 28 | with self.deprecations.expect_deprecations_here(): 29 | self.session = session.Session() 30 | self.auth_token = uuid.uuid4().hex 31 | 32 | def _plugin(self, **kwargs): 33 | token = fixture.V3Token() 34 | s = token.add_service('identity') 35 | s.add_standard_endpoints(public=self.TEST_ROOT_URL) 36 | 37 | auth_ref = access.AccessInfo.factory(body=token, 38 | auth_token=self.auth_token) 39 | with self.deprecations.expect_deprecations_here(): 40 | return access_plugin.AccessInfoPlugin(auth_ref, **kwargs) 41 | 42 | def test_auth_ref(self): 43 | plugin = self._plugin() 44 | self.assertEqual(self.TEST_ROOT_URL, 45 | plugin.get_endpoint(self.session, 46 | service_type='identity', 47 | interface='public')) 48 | self.assertEqual(self.auth_token, plugin.get_token(session)) 49 | 50 | def test_auth_url(self): 51 | auth_url = 'http://keystone.test.url' 52 | plug = self._plugin(auth_url=auth_url) 53 | 54 | self.assertEqual(auth_url, 55 | plug.get_endpoint(self.session, 56 | interface=plugin.AUTH_INTERFACE)) 57 | 58 | def test_invalidate(self): 59 | plugin = self._plugin() 60 | auth_ref = plugin.auth_ref 61 | 62 | self.assertIsInstance(auth_ref, access.AccessInfo) 63 | self.assertFalse(plugin.invalidate()) 64 | self.assertIs(auth_ref, plugin.auth_ref) 65 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/auth/test_auth.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.tests.unit.auth import utils 14 | 15 | 16 | class AuthTests(utils.TestCase): 17 | 18 | def test_plugin_names_in_available(self): 19 | pass 20 | 21 | def test_plugin_classes_in_available(self): 22 | pass 23 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/auth/test_loading.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | 16 | from keystoneclient.tests.unit.auth import utils 17 | 18 | 19 | class TestOtherLoading(utils.TestCase): 20 | 21 | def test_loading_getter(self): 22 | 23 | called_opts = [] 24 | 25 | vals = {'a-int': 44, 26 | 'a-bool': False, 27 | 'a-float': 99.99, 28 | 'a-str': 'value'} 29 | 30 | val = uuid.uuid4().hex 31 | 32 | def _getter(opt): 33 | called_opts.append(opt.name) 34 | # return str because oslo.config should convert them back 35 | return str(vals[opt.name]) 36 | 37 | p = utils.MockPlugin.load_from_options_getter(_getter, other=val) 38 | 39 | self.assertEqual(set(vals), set(called_opts)) 40 | 41 | for k, v in vals.items(): 42 | # replace - to _ because it's the dest used to create kwargs 43 | self.assertEqual(v, p[k.replace('-', '_')]) 44 | 45 | # check that additional kwargs get passed through 46 | self.assertEqual(val, p['other']) 47 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/auth/test_token.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneclient.auth.identity.generic import token 16 | from keystoneclient.auth.identity import v2 17 | from keystoneclient.auth.identity import v3 18 | from keystoneclient.auth.identity.v3 import token as v3_token 19 | from keystoneclient.tests.unit.auth import utils 20 | 21 | 22 | class TokenTests(utils.GenericPluginTestCase): 23 | 24 | PLUGIN_CLASS = token.Token 25 | V2_PLUGIN_CLASS = v2.Token 26 | V3_PLUGIN_CLASS = v3.Token 27 | 28 | def new_plugin(self, **kwargs): 29 | kwargs.setdefault('token', uuid.uuid4().hex) 30 | return super(TokenTests, self).new_plugin(**kwargs) 31 | 32 | def test_options(self): 33 | opts = [o.name for o in self.PLUGIN_CLASS.get_options()] 34 | 35 | allowed_opts = ['token', 36 | 'domain-id', 37 | 'domain-name', 38 | 'tenant-id', 39 | 'tenant-name', 40 | 'project-id', 41 | 'project-name', 42 | 'project-domain-id', 43 | 'project-domain-name', 44 | 'trust-id', 45 | 'auth-url'] 46 | 47 | self.assertEqual(set(allowed_opts), set(opts)) 48 | self.assertEqual(len(allowed_opts), len(opts)) 49 | 50 | def test_symbols(self): 51 | self.assertIs(v3.Token, v3_token.Token) 52 | self.assertIs(v3.TokenMethod, v3_token.TokenMethod) 53 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/auth/test_token_endpoint.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from testtools import matchers 14 | 15 | from keystoneclient.auth import token_endpoint 16 | from keystoneclient import session 17 | from keystoneclient.tests.unit import utils 18 | 19 | 20 | class TokenEndpointTest(utils.TestCase): 21 | 22 | TEST_TOKEN = 'aToken' 23 | TEST_URL = 'http://server/prefix' 24 | 25 | def setUp(self): 26 | super(TokenEndpointTest, self).setUp() 27 | self.deprecations.expect_deprecations() 28 | 29 | def test_basic_case(self): 30 | self.requests_mock.get(self.TEST_URL, text='body') 31 | 32 | a = token_endpoint.Token(self.TEST_URL, self.TEST_TOKEN) 33 | s = session.Session(auth=a) 34 | 35 | data = s.get(self.TEST_URL, authenticated=True) 36 | 37 | self.assertEqual(data.text, 'body') 38 | self.assertRequestHeaderEqual('X-Auth-Token', self.TEST_TOKEN) 39 | 40 | def test_basic_endpoint_case(self): 41 | self.stub_url('GET', ['p'], text='body') 42 | a = token_endpoint.Token(self.TEST_URL, self.TEST_TOKEN) 43 | s = session.Session(auth=a) 44 | 45 | data = s.get('/p', 46 | authenticated=True, 47 | endpoint_filter={'service': 'identity'}) 48 | 49 | self.assertEqual(self.TEST_URL, a.get_endpoint(s)) 50 | self.assertEqual('body', data.text) 51 | self.assertRequestHeaderEqual('X-Auth-Token', self.TEST_TOKEN) 52 | 53 | def test_token_endpoint_options(self): 54 | opt_names = [opt.name for opt in token_endpoint.Token.get_options()] 55 | 56 | self.assertThat(opt_names, matchers.HasLength(2)) 57 | 58 | self.assertIn('token', opt_names) 59 | self.assertIn('endpoint', opt_names) 60 | 61 | def test_token_endpoint_user_id(self): 62 | a = token_endpoint.Token(self.TEST_URL, self.TEST_TOKEN) 63 | s = session.Session() 64 | 65 | # we can't know this information about this sort of plugin 66 | self.assertIsNone(a.get_user_id(s)) 67 | self.assertIsNone(a.get_project_id(s)) 68 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/generic/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/tests/unit/generic/__init__.py -------------------------------------------------------------------------------- /keystoneclient/tests/unit/generic/test_client.py: -------------------------------------------------------------------------------- 1 | # Copyright 2014 OpenStack Foundation 2 | # All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | 16 | from oslo_serialization import jsonutils 17 | 18 | from keystoneclient.generic import client 19 | from keystoneclient.tests.unit import utils 20 | 21 | BASE_HOST = 'http://keystone.example.com' 22 | BASE_URL = "%s:5000/" % BASE_HOST 23 | V2_URL = "%sv2.0" % BASE_URL 24 | 25 | EXTENSION_NAMESPACE = ("https://docs.openstack.org/identity/api/ext/OS-FAKE/" 26 | "v1.0") 27 | EXTENSION_DESCRIBED = {"href": "https://github.com/openstack/identity-api", 28 | "rel": "describedby", 29 | "type": "text/html"} 30 | 31 | EXTENSION_ALIAS_FOO = "OS-FAKE-FOO" 32 | EXTENSION_NAME_FOO = "OpenStack Keystone Fake Extension Foo" 33 | EXTENSION_FOO = {"alias": EXTENSION_ALIAS_FOO, 34 | "description": "Fake Foo extension to V2.0 API.", 35 | "links": [EXTENSION_DESCRIBED], 36 | "name": EXTENSION_NAME_FOO, 37 | "namespace": EXTENSION_NAMESPACE, 38 | "updated": '2014-01-08T00:00:00Z'} 39 | 40 | EXTENSION_ALIAS_BAR = "OS-FAKE-BAR" 41 | EXTENSION_NAME_BAR = "OpenStack Keystone Fake Extension Bar" 42 | EXTENSION_BAR = {"alias": EXTENSION_ALIAS_BAR, 43 | "description": "Fake Bar extension to V2.0 API.", 44 | "links": [EXTENSION_DESCRIBED], 45 | "name": EXTENSION_NAME_BAR, 46 | "namespace": EXTENSION_NAMESPACE, 47 | "updated": '2014-01-08T00:00:00Z'} 48 | 49 | 50 | def _create_extension_list(extensions): 51 | return jsonutils.dumps({'extensions': {'values': extensions}}) 52 | 53 | 54 | EXTENSION_LIST = _create_extension_list([EXTENSION_FOO, EXTENSION_BAR]) 55 | 56 | 57 | class ClientDiscoveryTests(utils.TestCase): 58 | 59 | def test_discover_extensions_v2(self): 60 | self.requests_mock.get("%s/extensions" % V2_URL, text=EXTENSION_LIST) 61 | # Creating a HTTPClient not using session is deprecated. 62 | # creating a generic client at all is deprecated. 63 | with self.deprecations.expect_deprecations_here(): 64 | extensions = client.Client().discover_extensions(url=V2_URL) 65 | self.assertIn(EXTENSION_ALIAS_FOO, extensions) 66 | self.assertEqual(extensions[EXTENSION_ALIAS_FOO], EXTENSION_NAME_FOO) 67 | self.assertIn(EXTENSION_ALIAS_BAR, extensions) 68 | self.assertEqual(extensions[EXTENSION_ALIAS_BAR], EXTENSION_NAME_BAR) 69 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v2_0/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/tests/unit/v2_0/__init__.py -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v2_0/test_certificates.py: -------------------------------------------------------------------------------- 1 | # Copyright 2014 IBM Corp. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 3 | # not use this file except in compliance with the License. You may obtain 4 | # a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 10 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 11 | # License for the specific language governing permissions and limitations 12 | # under the License. 13 | 14 | import testresources 15 | 16 | from keystoneclient.tests.unit import client_fixtures 17 | from keystoneclient.tests.unit.v2_0 import utils 18 | 19 | 20 | class CertificateTests(utils.ClientTestCase, testresources.ResourcedTestCase): 21 | 22 | resources = [('examples', client_fixtures.EXAMPLES_RESOURCE)] 23 | 24 | def test_get_ca_certificate(self): 25 | self.stub_url('GET', ['certificates', 'ca'], 26 | headers={'Content-Type': 'text/html; charset=UTF-8'}, 27 | text=self.examples.SIGNING_CA) 28 | res = self.client.certificates.get_ca_certificate() 29 | self.assertEqual(self.examples.SIGNING_CA, res) 30 | 31 | def test_get_signing_certificate(self): 32 | self.stub_url('GET', ['certificates', 'signing'], 33 | headers={'Content-Type': 'text/html; charset=UTF-8'}, 34 | text=self.examples.SIGNING_CERT) 35 | res = self.client.certificates.get_signing_certificate() 36 | self.assertEqual(self.examples.SIGNING_CERT, res) 37 | 38 | 39 | def load_tests(loader, tests, pattern): 40 | return testresources.OptimisingTestSuite(tests) 41 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v2_0/test_extensions.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.tests.unit.v2_0 import utils 14 | from keystoneclient.v2_0 import extensions 15 | 16 | 17 | class ExtensionTests(utils.ClientTestCase): 18 | def setUp(self): 19 | super(ExtensionTests, self).setUp() 20 | self.TEST_EXTENSIONS = { 21 | 'extensions': { 22 | "values": [ 23 | { 24 | 'name': 'OpenStack Keystone User CRUD', 25 | 'namespace': 'https://docs.openstack.org/' 26 | 'identity/api/ext/OS-KSCRUD/v1.0', 27 | 'updated': '2013-07-07T12:00:0-00:00', 28 | 'alias': 'OS-KSCRUD', 29 | 'description': 30 | 'OpenStack extensions to Keystone v2.0 API' 31 | ' enabling User Operations.', 32 | 'links': 33 | '[{"href":' 34 | '"https://github.com/openstack/identity-api", "type":' 35 | ' "text/html", "rel": "describedby"}]', 36 | }, 37 | { 38 | 'name': 'OpenStack EC2 API', 39 | 'namespace': 'https://docs.openstack.org/' 40 | 'identity/api/ext/OS-EC2/v1.0', 41 | 'updated': '2013-09-07T12:00:0-00:00', 42 | 'alias': 'OS-EC2', 43 | 'description': 'OpenStack EC2 Credentials backend.', 44 | 'links': '[{"href":' 45 | '"https://github.com/openstack/identity-api", "type":' 46 | ' "text/html", "rel": "describedby"}]', 47 | } 48 | ] 49 | } 50 | } 51 | 52 | def test_list(self): 53 | self.stub_url('GET', ['extensions'], json=self.TEST_EXTENSIONS) 54 | extensions_list = self.client.extensions.list() 55 | self.assertEqual(2, len(extensions_list)) 56 | for extension in extensions_list: 57 | self.assertIsInstance(extension, extensions.Extension) 58 | self.assertIsNotNone(extension.alias) 59 | self.assertIsNotNone(extension.description) 60 | self.assertIsNotNone(extension.links) 61 | self.assertIsNotNone(extension.name) 62 | self.assertIsNotNone(extension.namespace) 63 | self.assertIsNotNone(extension.updated) 64 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v2_0/utils.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.tests.unit import client_fixtures 14 | from keystoneclient.tests.unit import utils 15 | 16 | 17 | class UnauthenticatedTestCase(utils.TestCase): 18 | """Class used as base for unauthenticated calls.""" 19 | 20 | TEST_ROOT_URL = 'http://127.0.0.1:5000/' 21 | TEST_URL = '%s%s' % (TEST_ROOT_URL, 'v2.0') 22 | TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/' 23 | TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v2.0') 24 | 25 | 26 | class TestCase(UnauthenticatedTestCase): 27 | 28 | TEST_ADMIN_IDENTITY_ENDPOINT = "http://127.0.0.1:35357/v2.0" 29 | 30 | TEST_SERVICE_CATALOG = [{ 31 | "endpoints": [{ 32 | "adminURL": "http://cdn.admin-nets.local:8774/v1.0", 33 | "region": "RegionOne", 34 | "internalURL": "http://127.0.0.1:8774/v1.0", 35 | "publicURL": "http://cdn.admin-nets.local:8774/v1.0/" 36 | }], 37 | "type": "nova_compat", 38 | "name": "nova_compat" 39 | }, { 40 | "endpoints": [{ 41 | "adminURL": "http://nova/novapi/admin", 42 | "region": "RegionOne", 43 | "internalURL": "http://nova/novapi/internal", 44 | "publicURL": "http://nova/novapi/public" 45 | }], 46 | "type": "compute", 47 | "name": "nova" 48 | }, { 49 | "endpoints": [{ 50 | "adminURL": "http://glance/glanceapi/admin", 51 | "region": "RegionOne", 52 | "internalURL": "http://glance/glanceapi/internal", 53 | "publicURL": "http://glance/glanceapi/public" 54 | }], 55 | "type": "image", 56 | "name": "glance" 57 | }, { 58 | "endpoints": [{ 59 | "adminURL": TEST_ADMIN_IDENTITY_ENDPOINT, 60 | "region": "RegionOne", 61 | "internalURL": "http://127.0.0.1:5000/v2.0", 62 | "publicURL": "http://127.0.0.1:5000/v2.0" 63 | }], 64 | "type": "identity", 65 | "name": "keystone" 66 | }, { 67 | "endpoints": [{ 68 | "adminURL": "http://swift/swiftapi/admin", 69 | "region": "RegionOne", 70 | "internalURL": "http://swift/swiftapi/internal", 71 | "publicURL": "http://swift/swiftapi/public" 72 | }], 73 | "type": "object-store", 74 | "name": "swift" 75 | }] 76 | 77 | def stub_auth(self, **kwargs): 78 | self.stub_url('POST', ['tokens'], **kwargs) 79 | 80 | 81 | class ClientTestCase(utils.ClientTestCaseMixin, TestCase): 82 | 83 | scenarios = [ 84 | ('original', 85 | {'client_fixture_class': client_fixtures.OriginalV2}), 86 | ('ksc-session', 87 | {'client_fixture_class': client_fixtures.KscSessionV2}), 88 | ('ksa-session', 89 | {'client_fixture_class': client_fixtures.KsaSessionV2}), 90 | ] 91 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/keystoneclient/tests/unit/v3/__init__.py -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/examples/xml/ADFS_fault.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | http://www.w3.org/2005/08/addressing/soap/fault 4 | urn:uuid:89c47849-2622-4cdc-bb06-1d46c89ed12d 5 | 6 | 7 | 8 | 9 | s:Sender 10 | 11 | a:FailedAuthentication 12 | 13 | 14 | 15 | At least one security token in the message could not be validated. 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_access_rules.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | import uuid 15 | 16 | from keystoneclient import exceptions 17 | from keystoneclient.tests.unit.v3 import utils 18 | from keystoneclient.v3 import access_rules 19 | 20 | 21 | class AccessRuleTests(utils.ClientTestCase, utils.CrudTests): 22 | def setUp(self): 23 | super(AccessRuleTests, self).setUp() 24 | self.key = 'access_rule' 25 | self.collection_key = 'access_rules' 26 | self.model = access_rules.AccessRule 27 | self.manager = self.client.access_rules 28 | self.path_prefix = 'users/%s' % self.TEST_USER_ID 29 | 30 | def new_ref(self, **kwargs): 31 | kwargs = super(AccessRuleTests, self).new_ref(**kwargs) 32 | kwargs.setdefault('path', uuid.uuid4().hex) 33 | kwargs.setdefault('method', uuid.uuid4().hex) 34 | kwargs.setdefault('service', uuid.uuid4().hex) 35 | return kwargs 36 | 37 | def test_update(self): 38 | self.assertRaises(exceptions.MethodNotImplemented, self.manager.update) 39 | 40 | def test_create(self): 41 | self.assertRaises(exceptions.MethodNotImplemented, self.manager.create) 42 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_auth_manager.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneauth1 import fixture 16 | 17 | from keystoneclient.tests.unit.v3 import utils 18 | from keystoneclient.v3 import auth 19 | 20 | 21 | class AuthProjectsTest(utils.ClientTestCase): 22 | 23 | def setUp(self): 24 | super(AuthProjectsTest, self).setUp() 25 | 26 | self.v3token = fixture.V3Token() 27 | self.stub_auth(json=self.v3token) 28 | 29 | self.stub_url('GET', 30 | [], 31 | json={'version': fixture.V3Discovery(self.TEST_URL)}) 32 | 33 | def create_resource(self, id=None, name=None, **kwargs): 34 | kwargs['id'] = id or uuid.uuid4().hex 35 | kwargs['name'] = name or uuid.uuid4().hex 36 | return kwargs 37 | 38 | def test_get_projects(self): 39 | body = {'projects': [self.create_resource(), 40 | self.create_resource(), 41 | self.create_resource()]} 42 | 43 | self.stub_url('GET', ['auth', 'projects'], json=body) 44 | 45 | projects = self.client.auth.projects() 46 | 47 | self.assertEqual(3, len(projects)) 48 | 49 | for p in projects: 50 | self.assertIsInstance(p, auth.Project) 51 | 52 | def test_get_domains(self): 53 | body = {'domains': [self.create_resource(), 54 | self.create_resource(), 55 | self.create_resource()]} 56 | 57 | self.stub_url('GET', ['auth', 'domains'], json=body) 58 | 59 | domains = self.client.auth.domains() 60 | 61 | self.assertEqual(3, len(domains)) 62 | 63 | for d in domains: 64 | self.assertIsInstance(d, auth.Domain) 65 | 66 | def test_get_systems(self): 67 | body = {'system': [{ 68 | 'all': True, 69 | }]} 70 | 71 | self.stub_url('GET', ['auth', 'system'], json=body) 72 | 73 | systems = self.client.auth.systems() 74 | system = systems[0] 75 | 76 | self.assertEqual(1, len(systems)) 77 | self.assertIsInstance(system, auth.System) 78 | self.assertTrue(system.all) 79 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_credentials.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneclient.tests.unit.v3 import utils 16 | from keystoneclient.v3 import credentials 17 | 18 | 19 | class CredentialTests(utils.ClientTestCase, utils.CrudTests): 20 | def setUp(self): 21 | super(CredentialTests, self).setUp() 22 | self.key = 'credential' 23 | self.collection_key = 'credentials' 24 | self.model = credentials.Credential 25 | self.manager = self.client.credentials 26 | 27 | def new_ref(self, **kwargs): 28 | kwargs = super(CredentialTests, self).new_ref(**kwargs) 29 | kwargs.setdefault('blob', uuid.uuid4().hex) 30 | kwargs.setdefault('project_id', uuid.uuid4().hex) 31 | kwargs.setdefault('type', uuid.uuid4().hex) 32 | kwargs.setdefault('user_id', uuid.uuid4().hex) 33 | return kwargs 34 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_domains.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneclient.tests.unit.v3 import utils 16 | from keystoneclient.v3 import domains 17 | 18 | 19 | class DomainTests(utils.ClientTestCase, utils.CrudTests): 20 | def setUp(self): 21 | super(DomainTests, self).setUp() 22 | self.key = 'domain' 23 | self.collection_key = 'domains' 24 | self.model = domains.Domain 25 | self.manager = self.client.domains 26 | 27 | def new_ref(self, **kwargs): 28 | kwargs = super(DomainTests, self).new_ref(**kwargs) 29 | kwargs.setdefault('enabled', True) 30 | kwargs.setdefault('name', uuid.uuid4().hex) 31 | return kwargs 32 | 33 | def test_filter_for_default_domain_by_id(self): 34 | ref = self.new_ref(id='default') 35 | super(DomainTests, self).test_list_by_id( 36 | ref=ref, 37 | id=ref['id']) 38 | 39 | def test_list_filter_name(self): 40 | super(DomainTests, self).test_list(name='adomain123') 41 | 42 | def test_list_filter_enabled(self): 43 | super(DomainTests, self).test_list(enabled=True) 44 | 45 | def test_list_filter_disabled(self): 46 | # False is converted to '0' ref bug #1267530 47 | expected_query = {'enabled': '0'} 48 | super(DomainTests, self).test_list(expected_query=expected_query, 49 | enabled=False) 50 | 51 | def test_update_enabled_defaults_to_none(self): 52 | super(DomainTests, self).test_update( 53 | req_ref={'name': uuid.uuid4().hex}) 54 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_endpoint_groups.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneclient.tests.unit.v3 import utils 16 | from keystoneclient.v3 import endpoint_groups 17 | 18 | 19 | class EndpointGroupTests(utils.ClientTestCase, utils.CrudTests): 20 | 21 | def setUp(self): 22 | super(EndpointGroupTests, self).setUp() 23 | self.key = 'endpoint_group' 24 | self.collection_key = 'endpoint_groups' 25 | self.model = endpoint_groups.EndpointGroup 26 | self.manager = self.client.endpoint_groups 27 | self.path_prefix = 'OS-EP-FILTER' 28 | 29 | def new_ref(self, **kwargs): 30 | kwargs.setdefault('id', uuid.uuid4().hex) 31 | kwargs.setdefault('name', uuid.uuid4().hex) 32 | kwargs.setdefault('filters', '{"interface": "public"}') 33 | kwargs.setdefault('description', uuid.uuid4().hex) 34 | return kwargs 35 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_groups.py: -------------------------------------------------------------------------------- 1 | # Copyright 2012 OpenStack Foundation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | import uuid 16 | 17 | from keystoneclient.tests.unit.v3 import utils 18 | from keystoneclient.v3 import groups 19 | 20 | 21 | class GroupTests(utils.ClientTestCase, utils.CrudTests): 22 | def setUp(self): 23 | super(GroupTests, self).setUp() 24 | self.key = 'group' 25 | self.collection_key = 'groups' 26 | self.model = groups.Group 27 | self.manager = self.client.groups 28 | 29 | def new_ref(self, **kwargs): 30 | kwargs = super(GroupTests, self).new_ref(**kwargs) 31 | kwargs.setdefault('name', uuid.uuid4().hex) 32 | return kwargs 33 | 34 | def test_list_groups_for_user(self): 35 | user_id = uuid.uuid4().hex 36 | ref_list = [self.new_ref(), self.new_ref()] 37 | 38 | self.stub_entity('GET', 39 | ['users', user_id, self.collection_key], 40 | status_code=200, entity=ref_list) 41 | 42 | returned_list = self.manager.list(user=user_id) 43 | self.assertEqual(len(ref_list), len(returned_list)) 44 | [self.assertIsInstance(r, self.model) for r in returned_list] 45 | 46 | def test_list_groups_for_domain(self): 47 | ref_list = [self.new_ref(), self.new_ref()] 48 | domain_id = uuid.uuid4().hex 49 | 50 | self.stub_entity('GET', 51 | [self.collection_key], 52 | status_code=200, entity=ref_list) 53 | 54 | returned_list = self.manager.list(domain=domain_id) 55 | self.assertTrue(len(ref_list), len(returned_list)) 56 | [self.assertIsInstance(r, self.model) for r in returned_list] 57 | 58 | self.assertQueryStringIs('domain_id=%s' % domain_id) 59 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_limits.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneclient.tests.unit.v3 import utils 16 | from keystoneclient.v3 import limits 17 | 18 | 19 | class LimitTests(utils.ClientTestCase, utils.CrudTests): 20 | def setUp(self): 21 | super(LimitTests, self).setUp() 22 | self.key = 'limit' 23 | self.collection_key = 'limits' 24 | self.model = limits.Limit 25 | self.manager = self.client.limits 26 | 27 | def new_ref(self, **kwargs): 28 | ref = { 29 | 'id': uuid.uuid4().hex, 30 | 'project_id': uuid.uuid4().hex, 31 | 'service_id': uuid.uuid4().hex, 32 | 'resource_name': uuid.uuid4().hex, 33 | 'resource_limit': 15, 34 | 'description': uuid.uuid4().hex 35 | } 36 | ref.update(kwargs) 37 | return ref 38 | 39 | def test_create(self): 40 | # This test overrides the generic test case provided by the CrudTests 41 | # class because the limits API supports creating multiple limits in a 42 | # single POST request. As a result, it returns the limits as a list of 43 | # all the created limits from the request. This is different from what 44 | # the base test_create() method assumes about keystone's API. The 45 | # changes here override the base test to closely model how the actual 46 | # limit API behaves. 47 | ref = self.new_ref() 48 | manager_ref = ref.copy() 49 | manager_ref.pop('id') 50 | req_ref = [manager_ref.copy()] 51 | 52 | self.stub_entity('POST', entity=req_ref, status_code=201) 53 | 54 | returned = self.manager.create(**utils.parameterize(manager_ref)) 55 | self.assertIsInstance(returned, self.model) 56 | 57 | expected_limit = req_ref.pop() 58 | for attr in expected_limit: 59 | self.assertEqual( 60 | getattr(returned, attr), 61 | expected_limit[attr], 62 | 'Expected different %s' % attr) 63 | self.assertEntityRequestBodyIs([expected_limit]) 64 | 65 | def test_list_filter_by_service(self): 66 | service_id = uuid.uuid4().hex 67 | expected_query = {'service_id': service_id} 68 | self.test_list(expected_query=expected_query, service=service_id) 69 | 70 | def test_list_filtered_by_resource_name(self): 71 | resource_name = uuid.uuid4().hex 72 | self.test_list(resource_name=resource_name) 73 | 74 | def test_list_filtered_by_region(self): 75 | region_id = uuid.uuid4().hex 76 | expected_query = {'region_id': region_id} 77 | self.test_list(expected_query=expected_query, region=region_id) 78 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_policies.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneclient.tests.unit.v3 import utils 16 | from keystoneclient.v3 import policies 17 | 18 | 19 | class PolicyTests(utils.ClientTestCase, utils.CrudTests): 20 | def setUp(self): 21 | super(PolicyTests, self).setUp() 22 | self.key = 'policy' 23 | self.collection_key = 'policies' 24 | self.model = policies.Policy 25 | self.manager = self.client.policies 26 | 27 | def new_ref(self, **kwargs): 28 | kwargs = super(PolicyTests, self).new_ref(**kwargs) 29 | kwargs.setdefault('type', uuid.uuid4().hex) 30 | kwargs.setdefault('blob', uuid.uuid4().hex) 31 | return kwargs 32 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_regions.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | 14 | import uuid 15 | 16 | 17 | from keystoneclient.tests.unit.v3 import utils 18 | from keystoneclient.v3 import regions 19 | 20 | 21 | class RegionTests(utils.ClientTestCase, utils.CrudTests): 22 | def setUp(self): 23 | super(RegionTests, self).setUp() 24 | self.key = 'region' 25 | self.collection_key = 'regions' 26 | self.model = regions.Region 27 | self.manager = self.client.regions 28 | 29 | def new_ref(self, **kwargs): 30 | kwargs = super(RegionTests, self).new_ref(**kwargs) 31 | kwargs.setdefault('enabled', True) 32 | kwargs.setdefault('id', uuid.uuid4().hex) 33 | return kwargs 34 | 35 | def test_update_enabled_defaults_to_none(self): 36 | super(RegionTests, self).test_update( 37 | req_ref={'description': uuid.uuid4().hex}) 38 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_registered_limits.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneclient.tests.unit.v3 import utils 16 | from keystoneclient.v3 import registered_limits 17 | 18 | 19 | class RegisteredLimitTests(utils.ClientTestCase, utils.CrudTests): 20 | def setUp(self): 21 | super(RegisteredLimitTests, self).setUp() 22 | self.key = 'registered_limit' 23 | self.collection_key = 'registered_limits' 24 | self.model = registered_limits.RegisteredLimit 25 | self.manager = self.client.registered_limits 26 | 27 | def new_ref(self, **kwargs): 28 | ref = { 29 | 'id': uuid.uuid4().hex, 30 | 'service_id': uuid.uuid4().hex, 31 | 'resource_name': uuid.uuid4().hex, 32 | 'default_limit': 10, 33 | 'description': uuid.uuid4().hex 34 | } 35 | ref.update(kwargs) 36 | return ref 37 | 38 | def test_create(self): 39 | # This test overrides the generic test case provided by the CrudTests 40 | # class because the registered limits API supports creating multiple 41 | # limits in a single POST request. As a result, it returns the 42 | # registered limits as a list of all the created limits from the 43 | # request. This is different from what the base test_create() method 44 | # assumes about keystone's API. The changes here override the base test 45 | # to closely model how the actual registered limit API behaves. 46 | ref = self.new_ref() 47 | manager_ref = ref.copy() 48 | manager_ref.pop('id') 49 | req_ref = [manager_ref.copy()] 50 | 51 | self.stub_entity('POST', entity=req_ref, status_code=201) 52 | 53 | returned = self.manager.create(**utils.parameterize(manager_ref)) 54 | self.assertIsInstance(returned, self.model) 55 | 56 | expected_limit = req_ref.pop() 57 | for attr in expected_limit: 58 | self.assertEqual( 59 | getattr(returned, attr), 60 | expected_limit[attr], 61 | 'Expected different %s' % attr) 62 | self.assertEntityRequestBodyIs([expected_limit]) 63 | 64 | def test_list_filter_by_service(self): 65 | service_id = uuid.uuid4().hex 66 | expected_query = {'service_id': service_id} 67 | self.test_list(expected_query=expected_query, service=service_id) 68 | 69 | def test_list_filter_resource_name(self): 70 | resource_name = uuid.uuid4().hex 71 | self.test_list(resource_name=resource_name) 72 | 73 | def test_list_filter_region(self): 74 | region_id = uuid.uuid4().hex 75 | expected_query = {'region_id': region_id} 76 | self.test_list(expected_query=expected_query, region=region_id) 77 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_services.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import uuid 14 | 15 | from keystoneclient.tests.unit.v3 import utils 16 | from keystoneclient.v3 import services 17 | 18 | 19 | class ServiceTests(utils.ClientTestCase, utils.CrudTests): 20 | def setUp(self): 21 | super(ServiceTests, self).setUp() 22 | self.key = 'service' 23 | self.collection_key = 'services' 24 | self.model = services.Service 25 | self.manager = self.client.services 26 | 27 | def new_ref(self, **kwargs): 28 | kwargs = super(ServiceTests, self).new_ref(**kwargs) 29 | kwargs.setdefault('name', uuid.uuid4().hex) 30 | kwargs.setdefault('type', uuid.uuid4().hex) 31 | kwargs.setdefault('enabled', True) 32 | return kwargs 33 | 34 | def test_list_filter_name(self): 35 | filter_name = uuid.uuid4().hex 36 | expected_query = {'name': filter_name} 37 | super(ServiceTests, self).test_list(expected_query=expected_query, 38 | name=filter_name) 39 | 40 | def test_list_filter_type(self): 41 | filter_type = uuid.uuid4().hex 42 | expected_query = {'type': filter_type} 43 | super(ServiceTests, self).test_list(expected_query=expected_query, 44 | type=filter_type) 45 | -------------------------------------------------------------------------------- /keystoneclient/tests/unit/v3/test_simple_cert.py: -------------------------------------------------------------------------------- 1 | # Copyright 2014 IBM Corp. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 3 | # not use this file except in compliance with the License. You may obtain 4 | # a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 10 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 11 | # License for the specific language governing permissions and limitations 12 | # under the License. 13 | 14 | import fixtures 15 | import testresources 16 | 17 | from keystoneclient.tests.unit import client_fixtures 18 | from keystoneclient.tests.unit.v3 import utils 19 | from keystoneclient.v3.contrib import simple_cert 20 | 21 | 22 | class SimpleCertTests(utils.ClientTestCase, testresources.ResourcedTestCase): 23 | 24 | resources = [('examples', client_fixtures.EXAMPLES_RESOURCE)] 25 | 26 | def test_get_ca_certificate(self): 27 | self.stub_url('GET', ['OS-SIMPLE-CERT', 'ca'], 28 | headers={'Content-Type': 'application/x-pem-file'}, 29 | text=self.examples.SIGNING_CA) 30 | res = self.client.simple_cert.get_ca_certificates() 31 | self.assertEqual(self.examples.SIGNING_CA, res) 32 | 33 | def test_get_certificates(self): 34 | self.stub_url('GET', ['OS-SIMPLE-CERT', 'certificates'], 35 | headers={'Content-Type': 'application/x-pem-file'}, 36 | text=self.examples.SIGNING_CERT) 37 | res = self.client.simple_cert.get_certificates() 38 | self.assertEqual(self.examples.SIGNING_CERT, res) 39 | 40 | 41 | class SimpleCertRequestIdTests(utils.TestRequestId): 42 | 43 | def setUp(self): 44 | super(SimpleCertRequestIdTests, self).setUp() 45 | self.mgr = simple_cert.SimpleCertManager(self.client) 46 | 47 | def _mock_request_method(self, method=None, body=None): 48 | return self.useFixture(fixtures.MockPatchObject( 49 | self.client, method, autospec=True, 50 | return_value=(self.resp, body)) 51 | ).mock 52 | 53 | def test_list_ca_certificates(self): 54 | body = {"certificates": [{"name": "admin"}, {"name": "admin2"}]} 55 | get_mock = self._mock_request_method(method='get', body=body) 56 | 57 | response = self.mgr.get_ca_certificates() 58 | self.assertEqual(response.request_ids[0], self.TEST_REQUEST_ID) 59 | get_mock.assert_called_once_with( 60 | '/OS-SIMPLE-CERT/ca', authenticated=False) 61 | 62 | def test_list_certificates(self): 63 | body = {"certificates": [{"name": "admin"}, {"name": "admin2"}]} 64 | get_mock = self._mock_request_method(method='get', body=body) 65 | 66 | response = self.mgr.get_certificates() 67 | self.assertEqual(response.request_ids[0], self.TEST_REQUEST_ID) 68 | get_mock.assert_called_once_with( 69 | '/OS-SIMPLE-CERT/certificates', authenticated=False) 70 | 71 | 72 | def load_tests(loader, tests, pattern): 73 | return testresources.OptimisingTestSuite(tests) 74 | -------------------------------------------------------------------------------- /keystoneclient/v2_0/__init__.py: -------------------------------------------------------------------------------- 1 | from keystoneclient.v2_0.client import Client # noqa 2 | 3 | 4 | __all__ = ( 5 | 'client', 6 | ) 7 | -------------------------------------------------------------------------------- /keystoneclient/v2_0/certificates.py: -------------------------------------------------------------------------------- 1 | # Copyright 2014 IBM Corp. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 3 | # not use this file except in compliance with the License. You may obtain 4 | # a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 10 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 11 | # License for the specific language governing permissions and limitations 12 | # under the License. 13 | 14 | 15 | class CertificatesManager(object): 16 | """Manager for certificates.""" 17 | 18 | def __init__(self, client): 19 | self._client = client 20 | 21 | def get_ca_certificate(self): 22 | """Get CA certificate. 23 | 24 | :returns: PEM-formatted string. 25 | :rtype: str 26 | 27 | """ 28 | resp, body = self._client.get('/certificates/ca', authenticated=False) 29 | return resp.text 30 | 31 | def get_signing_certificate(self): 32 | """Get signing certificate. 33 | 34 | :returns: PEM-formatted string. 35 | :rtype: str 36 | 37 | """ 38 | resp, body = self._client.get('/certificates/signing', 39 | authenticated=False) 40 | return resp.text 41 | -------------------------------------------------------------------------------- /keystoneclient/v2_0/ec2.py: -------------------------------------------------------------------------------- 1 | # Copyright 2011 OpenStack Foundation 2 | # All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | 16 | from keystoneclient import base 17 | 18 | 19 | class EC2(base.Resource): 20 | def __repr__(self): 21 | """Return string representation of EC2 resource information.""" 22 | return "" % self._info 23 | 24 | def delete(self): 25 | return self.manager.delete(self) 26 | 27 | 28 | class CredentialsManager(base.ManagerWithFind): 29 | resource_class = EC2 30 | 31 | def create(self, user_id, tenant_id): 32 | """Create a new access/secret pair for the user/tenant pair. 33 | 34 | :rtype: object of type :class:`EC2` 35 | """ 36 | params = {'tenant_id': tenant_id} 37 | 38 | return self._post('/users/%s/credentials/OS-EC2' % user_id, 39 | params, "credential") 40 | 41 | def list(self, user_id): 42 | """Get a list of access/secret pairs for a user_id. 43 | 44 | :rtype: list of :class:`EC2` 45 | """ 46 | return self._list("/users/%s/credentials/OS-EC2" % user_id, 47 | "credentials") 48 | 49 | def get(self, user_id, access): 50 | """Get the access/secret pair for a given access key. 51 | 52 | :rtype: object of type :class:`EC2` 53 | """ 54 | return self._get("/users/%s/credentials/OS-EC2/%s" % 55 | (user_id, base.getid(access)), "credential") 56 | 57 | def delete(self, user_id, access): 58 | """Delete an access/secret pair for a user.""" 59 | return self._delete("/users/%s/credentials/OS-EC2/%s" % 60 | (user_id, base.getid(access))) 61 | -------------------------------------------------------------------------------- /keystoneclient/v2_0/endpoints.py: -------------------------------------------------------------------------------- 1 | # Copyright 2012 Canonical Ltd. 2 | # All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | 16 | from keystoneclient import base 17 | 18 | 19 | class Endpoint(base.Resource): 20 | """Represents a Keystone endpoint.""" 21 | 22 | def __repr__(self): 23 | """Return string representation of endpoint resource information.""" 24 | return "" % self._info 25 | 26 | 27 | class EndpointManager(base.ManagerWithFind): 28 | """Manager class for manipulating Keystone endpoints.""" 29 | 30 | resource_class = Endpoint 31 | 32 | def list(self): 33 | """List all available endpoints.""" 34 | return self._list('/endpoints', 'endpoints') 35 | 36 | def create(self, region, service_id, publicurl, adminurl=None, 37 | internalurl=None): 38 | """Create a new endpoint.""" 39 | body = {'endpoint': {'region': region, 40 | 'service_id': service_id, 41 | 'publicurl': publicurl, 42 | 'adminurl': adminurl, 43 | 'internalurl': internalurl}} 44 | return self._post('/endpoints', body, 'endpoint') 45 | 46 | def delete(self, id): 47 | """Delete an endpoint.""" 48 | return self._delete('/endpoints/%s' % id) 49 | -------------------------------------------------------------------------------- /keystoneclient/v2_0/extensions.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient import base 14 | 15 | 16 | class Extension(base.Resource): 17 | """Represents an Identity API extension.""" 18 | 19 | def __repr__(self): 20 | """Return string representation of extension resource information.""" 21 | return "" % self._info 22 | 23 | 24 | class ExtensionManager(base.ManagerWithFind): 25 | """Manager class for listing Identity API extensions.""" 26 | 27 | resource_class = Extension 28 | 29 | def list(self): 30 | """List all available extensions.""" 31 | return self._list('/extensions', 'extensions') 32 | -------------------------------------------------------------------------------- /keystoneclient/v2_0/roles.py: -------------------------------------------------------------------------------- 1 | # Copyright 2011 OpenStack Foundation 2 | # Copyright 2011 Nebula, Inc. 3 | # All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | # not use this file except in compliance with the License. You may obtain 7 | # a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | 17 | from keystoneclient import base 18 | 19 | 20 | class Role(base.Resource): 21 | """Represents a Keystone role.""" 22 | 23 | def __repr__(self): 24 | """Return string representation of role resource information.""" 25 | return "" % self._info 26 | 27 | def delete(self): 28 | return self.manager.delete(self) 29 | 30 | 31 | class RoleManager(base.ManagerWithFind): 32 | """Manager class for manipulating Keystone roles.""" 33 | 34 | resource_class = Role 35 | 36 | def get(self, role): 37 | return self._get("/OS-KSADM/roles/%s" % base.getid(role), "role") 38 | 39 | def create(self, name): 40 | """Create a role.""" 41 | params = {"role": {"name": name}} 42 | return self._post('/OS-KSADM/roles', params, "role") 43 | 44 | def delete(self, role): 45 | """Delete a role.""" 46 | return self._delete("/OS-KSADM/roles/%s" % base.getid(role)) 47 | 48 | def list(self): 49 | """List all available roles.""" 50 | return self._list("/OS-KSADM/roles", "roles") 51 | 52 | def roles_for_user(self, user, tenant=None): 53 | user_id = base.getid(user) 54 | if tenant: 55 | tenant_id = base.getid(tenant) 56 | route = "/tenants/%s/users/%s/roles" 57 | return self._list(route % (tenant_id, user_id), "roles") 58 | else: 59 | return self._list("/users/%s/roles" % user_id, "roles") 60 | 61 | def add_user_role(self, user, role, tenant=None): 62 | """Add a role to a user. 63 | 64 | If tenant is specified, the role is added just for that tenant, 65 | otherwise the role is added globally. 66 | """ 67 | user_id = base.getid(user) 68 | role_id = base.getid(role) 69 | if tenant: 70 | route = "/tenants/%s/users/%s/roles/OS-KSADM/%s" 71 | params = (base.getid(tenant), user_id, role_id) 72 | return self._update(route % params, None, "role") 73 | else: 74 | route = "/users/%s/roles/OS-KSADM/%s" 75 | return self._update(route % (user_id, role_id), None, "roles") 76 | 77 | def remove_user_role(self, user, role, tenant=None): 78 | """Remove a role from a user. 79 | 80 | If tenant is specified, the role is removed just for that tenant, 81 | otherwise the role is removed from the user's global roles. 82 | """ 83 | user_id = base.getid(user) 84 | role_id = base.getid(role) 85 | if tenant: 86 | route = "/tenants/%s/users/%s/roles/OS-KSADM/%s" 87 | params = (base.getid(tenant), user_id, role_id) 88 | return self._delete(route % params) 89 | else: 90 | route = "/users/%s/roles/OS-KSADM/%s" 91 | return self._delete(route % (user_id, role_id)) 92 | -------------------------------------------------------------------------------- /keystoneclient/v2_0/services.py: -------------------------------------------------------------------------------- 1 | # Copyright 2011 OpenStack Foundation 2 | # Copyright 2011 Nebula, Inc. 3 | # All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | # not use this file except in compliance with the License. You may obtain 7 | # a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | 17 | from keystoneclient import base 18 | 19 | 20 | class Service(base.Resource): 21 | """Represents a Keystone service.""" 22 | 23 | def __repr__(self): 24 | """Return string representation of service resource information.""" 25 | return "" % self._info 26 | 27 | 28 | class ServiceManager(base.ManagerWithFind): 29 | """Manager class for manipulating Keystone services.""" 30 | 31 | resource_class = Service 32 | 33 | def list(self): 34 | """List available services.""" 35 | return self._list("/OS-KSADM/services", "OS-KSADM:services") 36 | 37 | def get(self, id): 38 | """Retrieve a service by id.""" 39 | return self._get("/OS-KSADM/services/%s" % id, "OS-KSADM:service") 40 | 41 | def create(self, name, service_type, description=None): 42 | """Create a new service.""" 43 | body = {"OS-KSADM:service": {'name': name, 44 | 'type': service_type, 45 | 'description': description}} 46 | return self._post("/OS-KSADM/services", body, "OS-KSADM:service") 47 | 48 | def delete(self, id): 49 | """Delete a service.""" 50 | return self._delete("/OS-KSADM/services/%s" % id) 51 | -------------------------------------------------------------------------------- /keystoneclient/v3/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from keystoneclient.v3.client import Client # noqa 3 | 4 | 5 | __all__ = ( 6 | 'client', 7 | ) 8 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | __all__ = tuple() 3 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/federation/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.v3.contrib.federation.core import * # noqa 14 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/federation/base.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import abc 14 | 15 | from keystoneauth1 import exceptions 16 | from keystoneauth1 import plugin 17 | 18 | from keystoneclient import base 19 | 20 | 21 | class EntityManager(base.Manager, metaclass=abc.ABCMeta): 22 | """Manager class for listing federated accessible objects.""" 23 | 24 | resource_class = None 25 | 26 | @property 27 | @abc.abstractmethod 28 | def object_type(self): 29 | raise exceptions.MethodNotImplemented 30 | 31 | def list(self): 32 | url = '/auth/%s' % self.object_type 33 | try: 34 | tenant_list = self._list(url, self.object_type) 35 | except exceptions.CatalogException: 36 | endpoint_filter = {'interface': plugin.AUTH_INTERFACE} 37 | tenant_list = self._list(url, self.object_type, 38 | endpoint_filter=endpoint_filter) 39 | return tenant_list 40 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/federation/core.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.v3.contrib.federation import domains 14 | from keystoneclient.v3.contrib.federation import identity_providers 15 | from keystoneclient.v3.contrib.federation import mappings 16 | from keystoneclient.v3.contrib.federation import projects 17 | from keystoneclient.v3.contrib.federation import protocols 18 | from keystoneclient.v3.contrib.federation import saml 19 | from keystoneclient.v3.contrib.federation import service_providers 20 | 21 | 22 | class FederationManager(object): 23 | def __init__(self, api): 24 | self.identity_providers = identity_providers.IdentityProviderManager( 25 | api) 26 | self.mappings = mappings.MappingManager(api) 27 | self.protocols = protocols.ProtocolManager(api) 28 | self.projects = projects.ProjectManager(api) 29 | self.domains = domains.DomainManager(api) 30 | self.saml = saml.SamlManager(api) 31 | self.service_providers = service_providers.ServiceProviderManager(api) 32 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/federation/domains.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.v3.contrib.federation import base as federation_base 14 | from keystoneclient.v3 import domains 15 | 16 | 17 | class DomainManager(federation_base.EntityManager): 18 | object_type = 'domains' 19 | resource_class = domains.Domain 20 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/federation/projects.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.v3.contrib.federation import base as federation_base 14 | from keystoneclient.v3 import projects 15 | 16 | 17 | class ProjectManager(federation_base.EntityManager): 18 | object_type = 'projects' 19 | resource_class = projects.Project 20 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/federation/saml.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient import base 14 | 15 | 16 | SAML2_ENDPOINT = '/auth/OS-FEDERATION/saml2' 17 | ECP_ENDPOINT = '/auth/OS-FEDERATION/saml2/ecp' 18 | 19 | 20 | class SamlManager(base.Manager): 21 | """Manager class for creating SAML assertions.""" 22 | 23 | def create_saml_assertion(self, service_provider, token_id): 24 | """Create a SAML assertion from a token. 25 | 26 | Equivalent Identity API call: 27 | POST /auth/OS-FEDERATION/saml2 28 | 29 | :param service_provider: Service Provider resource. 30 | :type service_provider: string 31 | :param token_id: Token to transform to SAML assertion. 32 | :type token_id: string 33 | 34 | :returns: SAML representation of token_id 35 | :rtype: string 36 | """ 37 | headers, body = self._create_common_request(service_provider, token_id) 38 | resp, body = self.client.post(SAML2_ENDPOINT, json=body, 39 | headers=headers) 40 | return self._prepare_return_value(resp, resp.text) 41 | 42 | def create_ecp_assertion(self, service_provider, token_id): 43 | """Create an ECP wrapped SAML assertion from a token. 44 | 45 | Equivalent Identity API call: 46 | POST /auth/OS-FEDERATION/saml2/ecp 47 | 48 | :param service_provider: Service Provider resource. 49 | :type service_provider: string 50 | :param token_id: Token to transform to SAML assertion. 51 | :type token_id: string 52 | 53 | :returns: SAML representation of token_id, wrapped in ECP envelope 54 | :rtype: string 55 | """ 56 | headers, body = self._create_common_request(service_provider, token_id) 57 | resp, body = self.client.post(ECP_ENDPOINT, json=body, 58 | headers=headers) 59 | return self._prepare_return_value(resp, resp.text) 60 | 61 | def _create_common_request(self, service_provider, token_id): 62 | headers = {'Content-Type': 'application/json'} 63 | body = { 64 | 'auth': { 65 | 'identity': { 66 | 'methods': ['token'], 67 | 'token': { 68 | 'id': token_id 69 | } 70 | }, 71 | 'scope': { 72 | 'service_provider': { 73 | 'id': base.getid(service_provider) 74 | } 75 | } 76 | } 77 | } 78 | 79 | return (headers, body) 80 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/oauth1/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from keystoneclient.v3.contrib.oauth1.core import * # noqa 14 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/oauth1/access_tokens.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from keystoneauth1 import plugin 15 | 16 | from keystoneclient import base 17 | from keystoneclient.v3.contrib.oauth1 import utils 18 | 19 | try: 20 | from oauthlib import oauth1 21 | except ImportError: 22 | oauth1 = None 23 | 24 | 25 | class AccessToken(base.Resource): 26 | pass 27 | 28 | 29 | class AccessTokenManager(base.CrudManager): 30 | """Manager class for manipulating identity OAuth access tokens.""" 31 | 32 | resource_class = AccessToken 33 | 34 | def create(self, consumer_key, consumer_secret, request_key, 35 | request_secret, verifier): 36 | endpoint = utils.OAUTH_PATH + '/access_token' 37 | oauth_client = oauth1.Client(consumer_key, 38 | client_secret=consumer_secret, 39 | resource_owner_key=request_key, 40 | resource_owner_secret=request_secret, 41 | signature_method=oauth1.SIGNATURE_HMAC, 42 | verifier=verifier) 43 | url = self.client.get_endpoint(interface=plugin.AUTH_INTERFACE).rstrip( 44 | '/') 45 | url, headers, body = oauth_client.sign(url + endpoint, 46 | http_method='POST') 47 | resp, body = self.client.post(endpoint, headers=headers) 48 | token = utils.get_oauth_token_from_body(resp.content) 49 | return self._prepare_return_value(resp, 50 | self.resource_class(self, token)) 51 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/oauth1/auth.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from keystoneclient.auth.identity import v3 15 | 16 | try: 17 | from oauthlib import oauth1 18 | except ImportError: 19 | oauth1 = None 20 | 21 | 22 | class OAuthMethod(v3.AuthMethod): 23 | """OAuth based authentication method. 24 | 25 | :param string consumer_key: Consumer key. 26 | :param string consumer_secret: Consumer secret. 27 | :param string access_key: Access token key. 28 | :param string access_secret: Access token secret. 29 | """ 30 | 31 | _method_parameters = ['consumer_key', 'consumer_secret', 32 | 'access_key', 'access_secret'] 33 | 34 | def __init__(self, **kwargs): 35 | super(OAuthMethod, self).__init__(**kwargs) 36 | if oauth1 is None: 37 | raise NotImplementedError('optional package oauthlib' 38 | ' is not installed') 39 | 40 | def get_auth_data(self, session, auth, headers, **kwargs): 41 | # Add the oauth specific content into the headers 42 | oauth_client = oauth1.Client(self.consumer_key, 43 | client_secret=self.consumer_secret, 44 | resource_owner_key=self.access_key, 45 | resource_owner_secret=self.access_secret, 46 | signature_method=oauth1.SIGNATURE_HMAC) 47 | o_url, o_headers, o_body = oauth_client.sign(auth.token_url, 48 | http_method='POST') 49 | 50 | headers.update(o_headers) 51 | return 'oauth1', {} 52 | 53 | 54 | class OAuth(v3.AuthConstructor): 55 | _auth_method_class = OAuthMethod 56 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/oauth1/consumers.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from keystoneclient import base 15 | from keystoneclient.v3.contrib.oauth1 import utils 16 | 17 | 18 | class Consumer(base.Resource): 19 | """Represents an OAuth consumer. 20 | 21 | Attributes: 22 | * id: a uuid that identifies the consumer 23 | * description: a short description of the consumer 24 | """ 25 | 26 | pass 27 | 28 | 29 | class ConsumerManager(base.CrudManager): 30 | """Manager class for manipulating identity consumers.""" 31 | 32 | resource_class = Consumer 33 | collection_key = 'consumers' 34 | key = 'consumer' 35 | base_url = utils.OAUTH_PATH 36 | 37 | def create(self, description=None, **kwargs): 38 | return super(ConsumerManager, self).create( 39 | description=description, 40 | **kwargs) 41 | 42 | def get(self, consumer): 43 | return super(ConsumerManager, self).get( 44 | consumer_id=base.getid(consumer)) 45 | 46 | def update(self, consumer, description=None, **kwargs): 47 | return super(ConsumerManager, self).update( 48 | consumer_id=base.getid(consumer), 49 | description=description, 50 | **kwargs) 51 | 52 | def delete(self, consumer): 53 | return super(ConsumerManager, self).delete( 54 | consumer_id=base.getid(consumer)) 55 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/oauth1/core.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from keystoneclient.i18n import _ 15 | from keystoneclient.v3.contrib.oauth1 import access_tokens 16 | from keystoneclient.v3.contrib.oauth1 import consumers 17 | from keystoneclient.v3.contrib.oauth1 import request_tokens 18 | 19 | 20 | def create_oauth_manager(self): 21 | # NOTE(stevemar): Attempt to import the oauthlib package at this point. 22 | try: 23 | import oauthlib # noqa 24 | # NOTE(stevemar): Return an object instead of raising an exception here, 25 | # this will allow users to see an exception only when trying to access the 26 | # oauth portions of client. Otherwise an exception would be raised 27 | # when the client is created. 28 | except ImportError: 29 | return OAuthManagerOptionalImportProxy() 30 | else: 31 | return OAuthManager(self) 32 | 33 | 34 | class OAuthManager(object): 35 | def __init__(self, api): 36 | self.access_tokens = access_tokens.AccessTokenManager(api) 37 | self.consumers = consumers.ConsumerManager(api) 38 | self.request_tokens = request_tokens.RequestTokenManager(api) 39 | 40 | 41 | class OAuthManagerOptionalImportProxy(object): 42 | """Act as a proxy manager in case oauthlib is no installed. 43 | 44 | This class will only be created if oauthlib is not in the system, 45 | trying to access any of the attributes in name (access_tokens, 46 | consumers, request_tokens), will result in a NotImplementedError, 47 | and a message. 48 | 49 | >>> manager.access_tokens.blah 50 | NotImplementedError: To use 'access_tokens' oauthlib must be installed 51 | 52 | Otherwise, if trying to access an attribute other than the ones in name, 53 | the manager will state that the attribute does not exist. 54 | 55 | >>> manager.dne.blah 56 | AttributeError: 'OAuthManagerOptionalImportProxy' object has no 57 | attribute 'dne' 58 | """ 59 | 60 | def __getattribute__(self, name): 61 | """Return error when name is related to oauthlib and not exist.""" 62 | if name in ('access_tokens', 'consumers', 'request_tokens'): 63 | raise NotImplementedError( 64 | _('To use %r oauthlib must be installed') % name) 65 | return super(OAuthManagerOptionalImportProxy, 66 | self).__getattribute__(name) 67 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/oauth1/request_tokens.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | import urllib.parse as urlparse 15 | 16 | from keystoneauth1 import plugin 17 | 18 | from keystoneclient import base 19 | from keystoneclient.v3.contrib.oauth1 import utils 20 | 21 | try: 22 | from oauthlib import oauth1 23 | except ImportError: 24 | oauth1 = None 25 | 26 | 27 | class RequestToken(base.Resource): 28 | def authorize(self, roles): 29 | try: 30 | retval = self.manager.authorize(self.id, roles) 31 | self = retval 32 | except Exception: 33 | retval = None 34 | 35 | return retval 36 | 37 | 38 | class RequestTokenManager(base.CrudManager): 39 | """Manager class for manipulating identity OAuth request tokens.""" 40 | 41 | resource_class = RequestToken 42 | 43 | def authorize(self, request_token, roles): 44 | """Authorize a request token with specific roles. 45 | 46 | Utilize Identity API operation: 47 | PUT /OS-OAUTH1/authorize/$request_token_id 48 | 49 | :param request_token: a request token that will be authorized, and 50 | can be exchanged for an access token. 51 | :param roles: a list of roles, that will be delegated to the user. 52 | """ 53 | request_id = urlparse.quote(base.getid(request_token)) 54 | endpoint = utils.OAUTH_PATH + '/authorize/%s' % (request_id) 55 | body = {'roles': [{'id': base.getid(r_id)} for r_id in roles]} 56 | return self._put(endpoint, body, "token") 57 | 58 | def create(self, consumer_key, consumer_secret, project): 59 | endpoint = utils.OAUTH_PATH + '/request_token' 60 | headers = {'requested-project-id': base.getid(project)} 61 | oauth_client = oauth1.Client(consumer_key, 62 | client_secret=consumer_secret, 63 | signature_method=oauth1.SIGNATURE_HMAC, 64 | callback_uri="oob") 65 | url = self.client.get_endpoint(interface=plugin.AUTH_INTERFACE).rstrip( 66 | "/") 67 | url, headers, body = oauth_client.sign(url + endpoint, 68 | http_method='POST', 69 | headers=headers) 70 | resp, body = self.client.post(endpoint, headers=headers) 71 | token = utils.get_oauth_token_from_body(resp.content) 72 | return self._prepare_return_value(resp, 73 | self.resource_class(self, token)) 74 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/oauth1/utils.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | import urllib.parse as urlparse 15 | 16 | 17 | OAUTH_PATH = '/OS-OAUTH1' 18 | 19 | 20 | def get_oauth_token_from_body(body): 21 | """Parse the URL response body to retrieve the oauth token key and secret. 22 | 23 | The response body will look like: 24 | 'oauth_token=12345&oauth_token_secret=67890' with 25 | 'oauth_expires_at=2013-03-30T05:27:19.463201' possibly there, too. 26 | """ 27 | body = body.decode('utf-8') 28 | 29 | credentials = urlparse.parse_qs(body) 30 | key = credentials['oauth_token'][0] 31 | secret = credentials['oauth_token_secret'][0] 32 | token = {'key': key, 'id': key, 'secret': secret} 33 | expires_at = credentials.get('oauth_expires_at') 34 | if expires_at: 35 | token['expires'] = expires_at[0] 36 | return token 37 | -------------------------------------------------------------------------------- /keystoneclient/v3/contrib/simple_cert.py: -------------------------------------------------------------------------------- 1 | # Copyright 2014 IBM Corp. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 3 | # not use this file except in compliance with the License. You may obtain 4 | # a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 10 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 11 | # License for the specific language governing permissions and limitations 12 | # under the License. 13 | 14 | from keystoneclient import base 15 | 16 | 17 | class SimpleCertManager(object): 18 | """Manager for the OS-SIMPLE-CERT extension.""" 19 | 20 | def __init__(self, client): 21 | self._client = client 22 | self.mgr = base.Manager(self._client) 23 | 24 | def get_ca_certificates(self): 25 | """Get CA certificates. 26 | 27 | :returns: PEM-formatted string. 28 | :rtype: str 29 | 30 | """ 31 | resp, body = self._client.get('/OS-SIMPLE-CERT/ca', 32 | authenticated=False) 33 | return self.mgr._prepare_return_value(resp, resp.text) 34 | 35 | def get_certificates(self): 36 | """Get signing certificates. 37 | 38 | :returns: PEM-formatted string. 39 | :rtype: str 40 | 41 | """ 42 | resp, body = self._client.get('/OS-SIMPLE-CERT/certificates', 43 | authenticated=False) 44 | return self.mgr._prepare_return_value(resp, resp.text) 45 | -------------------------------------------------------------------------------- /keystoneclient/v3/system.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 OpenStack Foundation 2 | # All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | 16 | from keystoneclient import base 17 | 18 | 19 | class System(base.Resource): 20 | """Represents the deployment system, with all the services in it. 21 | 22 | Attributes: 23 | * all: boolean 24 | """ 25 | 26 | pass 27 | -------------------------------------------------------------------------------- /playbooks/run-ds-tox.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | roles: 3 | - run-devstack 4 | - ensure-tox 5 | - tox 6 | -------------------------------------------------------------------------------- /playbooks/tox-post.yaml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | roles: 3 | - fetch-tox-output 4 | - fetch-subunit-output 5 | -------------------------------------------------------------------------------- /releasenotes/notes/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/releasenotes/notes/.placeholder -------------------------------------------------------------------------------- /releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Added a ``allow_expired`` argument to ``validate`` and ``get_token_data`` 4 | in `keystoneclient.v3.tokens`. Setting this to ``True``, allos for a token 5 | validation query to fetch expired tokens. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/add-support-for-limits-6f883d6d3054a500.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added support for managing project-specific limits. The ``POST`` API for 5 | limits in keystone supports batch creation, but the client implementation 6 | does not. Creation for limits using the client must be done one at a time. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/add-support-for-registered-limits-d83b888ea65a614b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added support for managing registered limits. The ``POST`` API for 5 | registered limits in keystone supports batch creation, but the client 6 | implementation does not. Creation of registered limits using the client 7 | must be done one at a time. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/bp-application-credentials-27728ded876d7d5a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds support for creating, reading, and deleting application credentials. 5 | With application credentials, a user can grant their applications limited 6 | access to their cloud resources. Applications can use keystoneauth with 7 | the `v3applicationcredential` auth plugin to authenticate with keystone 8 | without needing the user's password. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/bp-domain-config-9566e672a98f4e7f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Added support for ``domain configs``. A user can now 4 | upload domain specific configurations to keytone 5 | using the client. See ``client.domain_configs.create``, 6 | ``client.domain_configs.delete``, ``client.domain_configs.get`` 7 | and ``client.domain_configs.update``. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/bp-pci-dss-query-password-expired-users-b0c4b1bbdcf33f16.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added ability to filter on multiple values with the same parameter key. 5 | For example, we can now filter on user names that contain both ``test`` and 6 | ``user`` using ``keystone.users.list(name__contains=['test', 'user'])``. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/bp-whitelist-extension-for-app-creds-d03526e52e3edcce.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds support for creating access rules as an attribute of application 5 | credentials as well as for retrieving and deleting them. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/bug-1615076-26962c85aeaf288c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The region resource in Keystone never support or contain "enabled" property. 5 | Thus the property is deprecated and will be removed in future versions. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/bug-1616105-cc8b85eb056e99e2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - > 4 | [`bug 1616105 `_] 5 | Only log the response body when the ``Content-Type`` header is set to 6 | ``application/json``. This avoids logging large binary objects (such as 7 | images). Other ``Content-Type`` will not be logged. Additional 8 | ``Content-Type`` strings can be added as required. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/bug-1641674-4862454115265e76.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | Keystone Client now supports endpoint group filtering. 4 | features: 5 | - | 6 | Support for handling the relationship between endpoint groups and projects 7 | has been added. It is now possible to list, associate, check and 8 | disassociate endpoint groups that have access to a project. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/bug-1654847-d2e9df994c7b617f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | The ``X-Service-Token`` header value is now properly masked, and is 5 | displayed as a hash value, in the log. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecated_auth-d2a2bf537bdb88d3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - > 4 | [`blueprint deprecate-to-ksa `_] 5 | Several modules related to authentication in keystoneclient have been 6 | deprecated in favor of [`keystoneauth `_] 7 | These modules include: ``keystoneclient.session``, ``keystoneclient.adapter``, 8 | ``keystoneclient.httpclient``, ``keystoneclient.auth.base``, 9 | ``keystoneclient.auth.cli``, ``keystoneclient.auth.conf``, 10 | ``keystoneclient.auth.identity.base``, and ``keystoneclient.auth.token_endpoint``. 11 | Tips for migrating to `keystoneauth` have been 12 | [`documented `_]. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-py-2-7-5ac18e82de83fcfa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Python 2.7 support has been dropped. Last release of python-keystoneclient 5 | to support python 2.7 is OpenStack Train. The minimum version of Python now 6 | supported is Python 3.6. -------------------------------------------------------------------------------- /releasenotes/notes/drop-python-3-6-and-3-7-ef1e107897dde8f4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Python 3.6 & 3.7 support has been dropped. The minimum version of Python now 5 | supported is Python 3.8. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/implied_roles-ea39d3c3d998d482.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - support for implied roles in v3 API. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/ksc_2.1.0-739ded9c4c3f8aaa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - > 4 | [`bug 1462694 `_] 5 | Add support for `include_subtree` in list_role_assignments. 6 | - > 7 | [`bug 1526686 `_] 8 | Replace textwrap with faster code in cms functions. 9 | - > 10 | [`bug 1457702 `_] 11 | Change default endpoint to public for keystone v3. 12 | - > 13 | [`bug 1520244 `_] 14 | Support `truncated` flag returned from server. 15 | other: 16 | - > 17 | Support v2 parameters for the v3 service create method. 18 | -------------------------------------------------------------------------------- /releasenotes/notes/list_projects_filtered_by_the_parent_project-a873974f197c1e37.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Now keystone client supports to list projects which belongs to the given 5 | parent project. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/list_role_assignment_names-7e1b7eb8c2d22d7c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - > 4 | [`bug 1479569 `_] 5 | With the ``include_names`` parameter set to True the names of the role assignments 6 | are returned with the entities IDs. (GET /role_assignments?include_names=True) 7 | -------------------------------------------------------------------------------- /releasenotes/notes/project-tags-1f8a32d389951e7a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | [`blueprint project-tags `_] 5 | The keystoneclient now supports project tags feature in keystone. This 6 | allows operators to use the client to associate tags to a project, 7 | retrieve tags associated with a project, delete tags associated with a 8 | project, and filter projects based on tags. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-credentials-data-46ab3c3c248047cf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | The ``data`` argument for creating and updating credentials has 4 | been removed. 5 | other: 6 | - The ``data`` argument for creating and updating credentials was 7 | deprecated in the 1.7.0 release. It has been replaced by the 8 | ``blob`` argument. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-middleware-eef8c40117b465aa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | keystoneclient.middleware has been removed. 4 | critical: 5 | - > 6 | [`bug 1449066 `_] 7 | The `keystoneclient.middleware` module has been removed in favor of the 8 | keystonemiddleware library. The aforementioned module has been deprecated 9 | since keystoneclient v0.10.0 which was included in the Juno release 10 | of OpenStack. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-py38-2e39854190447827.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Support for Python 3.8 has been removed. Now the minimum python version 5 | supported is 3.9 . 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove_apiclient_exceptions-0cd5c8d16aa09a22.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - > 4 | Removed `keystoneclient.apiclient.exceptions`. This file was deprecated 5 | in v0.7.1 and has now been replaced by `keystoneclient.exceptions`. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove_apiclient_exceptions-6580003a885db286.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | keystoneclient.apiclient has been removed. 4 | critical: 5 | - > 6 | [`bug 1526651 `_] 7 | The `keystoneclient.apiclient` module has been removed in favor of 8 | `keystoneclient.exceptions`. The aforementioned module has been deprecated 9 | since keystoneclient v0.7.1 which was inclued in the Juno release 10 | of OpenStack. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/remove_cli-d2c4435ba6a09b79.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | The ``keystone`` CLI has been removed. 4 | other: 5 | - The ``keystone`` CLI has been removed, using the ``openstack`` 6 | CLI is recommended. This feature has been deprecated since the 7 | Liberty release of Keystone. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/removed-generic-client-ff505b2b01bc9302.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - Deprecate the `keystoneclient.generic` client. This client used to be able 4 | to determine available API versions and some basics around installed 5 | extensions however the APIs were never upgraded for the v3 API. It doesn't 6 | seem to be used in the openstack ecosystem. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/return-request-id-to-caller-97fa269ad626f8c1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - > 4 | [`blueprint return-request-id-to-caller 5 | `_] 6 | Instantiating client with ``include_metadata=True`` will cause manager response to return data 7 | along with request_ids for better tracing. Refer [`using-api-v3 8 | `_] 9 | 10 | 11 | Added support to return "x-openstack-request-id" header in request_ids attribute if 12 | ``include_metadata=True``. Also, for APIs which return response as None, client will return request_ids 13 | as well if ``include_metadata`` is True. -------------------------------------------------------------------------------- /releasenotes/notes/switch-default-interface-v3-dcd7167196ace531.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | For sessions using the v3 Identity API, the default interface has been 5 | switched from ``admin`` to ``public``. This allows deployments to get rid 6 | of the admin endpoint, which functionally is no longer necessary with the 7 | v3 API. 8 | -------------------------------------------------------------------------------- /releasenotes/source/2023.1.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | 2023.1 Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/2023.1 7 | -------------------------------------------------------------------------------- /releasenotes/source/2023.2.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | 2023.2 Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/2023.2 7 | -------------------------------------------------------------------------------- /releasenotes/source/2024.1.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | 2024.1 Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/2024.1 7 | -------------------------------------------------------------------------------- /releasenotes/source/2024.2.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | 2024.2 Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/2024.2 7 | -------------------------------------------------------------------------------- /releasenotes/source/2025.1.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | 2025.1 Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/2025.1 7 | -------------------------------------------------------------------------------- /releasenotes/source/_static/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/releasenotes/source/_static/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/_templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/python-keystoneclient/18b5f4222482196f9c81a69db295d33041212c8b/releasenotes/source/_templates/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | ============================== 2 | keystoneclient Release Notes 3 | ============================== 4 | 5 | .. toctree:: 6 | :maxdepth: 1 7 | 8 | unreleased 9 | 2025.1 10 | 2024.2 11 | 2024.1 12 | 2023.2 13 | 2023.1 14 | zed 15 | yoga 16 | xena 17 | wallaby 18 | victoria 19 | ussuri 20 | train 21 | stein 22 | rocky 23 | queens 24 | pike 25 | ocata 26 | newton 27 | mitaka 28 | -------------------------------------------------------------------------------- /releasenotes/source/locale/fr/LC_MESSAGES/releasenotes.po: -------------------------------------------------------------------------------- 1 | # Gérald LONLAS , 2016. #zanata 2 | msgid "" 3 | msgstr "" 4 | "Project-Id-Version: keystoneclient Release Notes 3.12.1\n" 5 | "Report-Msgid-Bugs-To: \n" 6 | "POT-Creation-Date: 2017-07-24 15:13+0000\n" 7 | "MIME-Version: 1.0\n" 8 | "Content-Type: text/plain; charset=UTF-8\n" 9 | "Content-Transfer-Encoding: 8bit\n" 10 | "PO-Revision-Date: 2016-10-22 06:08+0000\n" 11 | "Last-Translator: Gérald LONLAS \n" 12 | "Language-Team: French\n" 13 | "Language: fr\n" 14 | "X-Generator: Zanata 3.9.6\n" 15 | "Plural-Forms: nplurals=2; plural=(n > 1)\n" 16 | 17 | msgid "2.1.0" 18 | msgstr "2.1.0" 19 | 20 | msgid "2.2.0" 21 | msgstr "2.2.0" 22 | 23 | msgid "2.3.0" 24 | msgstr "2.3.0" 25 | 26 | msgid "3.0.0" 27 | msgstr "3.0.0" 28 | 29 | msgid "3.6.0" 30 | msgstr "3.6.0" 31 | 32 | msgid "Bug Fixes" 33 | msgstr "Corrections de bugs" 34 | 35 | msgid "Critical Issues" 36 | msgstr "Erreurs critiques" 37 | 38 | msgid "Current Series Release Notes" 39 | msgstr "Note de la release actuelle" 40 | 41 | msgid "Deprecation Notes" 42 | msgstr "Notes dépréciées " 43 | 44 | msgid "Mitaka Series Release Notes" 45 | msgstr "Note de release pour Mitaka" 46 | 47 | msgid "New Features" 48 | msgstr "Nouvelles fonctionnalités" 49 | 50 | msgid "Newton Series Release Notes" 51 | msgstr "Note de release pour Newton" 52 | 53 | msgid "Other Notes" 54 | msgstr "Autres notes" 55 | 56 | msgid "keystoneclient Release Notes" 57 | msgstr "Note de release pour keystoneclient" 58 | -------------------------------------------------------------------------------- /releasenotes/source/mitaka.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Mitaka Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/mitaka 7 | -------------------------------------------------------------------------------- /releasenotes/source/newton.rst: -------------------------------------------------------------------------------- 1 | ============================= 2 | Newton Series Release Notes 3 | ============================= 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/newton 7 | -------------------------------------------------------------------------------- /releasenotes/source/ocata.rst: -------------------------------------------------------------------------------- 1 | ============================ 2 | Ocata Series Release Notes 3 | ============================ 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/ocata 7 | -------------------------------------------------------------------------------- /releasenotes/source/pike.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Pike Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/pike 7 | -------------------------------------------------------------------------------- /releasenotes/source/queens.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Queens Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/queens 7 | -------------------------------------------------------------------------------- /releasenotes/source/rocky.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Rocky Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/rocky 7 | -------------------------------------------------------------------------------- /releasenotes/source/stein.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Stein Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/stein 7 | -------------------------------------------------------------------------------- /releasenotes/source/train.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Train Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/train 7 | -------------------------------------------------------------------------------- /releasenotes/source/unreleased.rst: -------------------------------------------------------------------------------- 1 | ============================== 2 | Current Series Release Notes 3 | ============================== 4 | 5 | .. release-notes:: 6 | -------------------------------------------------------------------------------- /releasenotes/source/ussuri.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Ussuri Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/ussuri 7 | -------------------------------------------------------------------------------- /releasenotes/source/victoria.rst: -------------------------------------------------------------------------------- 1 | ============================= 2 | Victoria Series Release Notes 3 | ============================= 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/victoria 7 | -------------------------------------------------------------------------------- /releasenotes/source/wallaby.rst: -------------------------------------------------------------------------------- 1 | ============================ 2 | Wallaby Series Release Notes 3 | ============================ 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/wallaby 7 | -------------------------------------------------------------------------------- /releasenotes/source/xena.rst: -------------------------------------------------------------------------------- 1 | ========================= 2 | Xena Series Release Notes 3 | ========================= 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/xena 7 | -------------------------------------------------------------------------------- /releasenotes/source/yoga.rst: -------------------------------------------------------------------------------- 1 | ========================= 2 | Yoga Series Release Notes 3 | ========================= 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/yoga 7 | -------------------------------------------------------------------------------- /releasenotes/source/zed.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | Zed Series Release Notes 3 | ======================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/zed 7 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # Requirements lower bounds listed here are our best effort to keep them up to 2 | # date but we do not test them so no guarantee of having them all correct. If 3 | # you find any incorrect lower bounds, let us know or propose a fix. 4 | pbr>=2.0.0 # Apache-2.0 5 | 6 | debtcollector>=1.2.0 # Apache-2.0 7 | keystoneauth1>=3.4.0 # Apache-2.0 8 | oslo.config>=5.2.0 # Apache-2.0 9 | oslo.i18n>=3.15.3 # Apache-2.0 10 | oslo.serialization>=2.18.0 # Apache-2.0 11 | oslo.utils>=3.33.0 # Apache-2.0 12 | requests>=2.14.2 # Apache-2.0 13 | stevedore>=1.20.0 # Apache-2.0 14 | packaging>=20.4 # BSD 15 | -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [metadata] 2 | name = python-keystoneclient 3 | summary = Client Library for OpenStack Identity 4 | description_file = 5 | README.rst 6 | author = OpenStack 7 | author_email = openstack-discuss@lists.openstack.org 8 | home_page = https://docs.openstack.org/python-keystoneclient/latest/ 9 | python_requires = >=3.9 10 | classifier = 11 | Environment :: OpenStack 12 | Intended Audience :: Information Technology 13 | Intended Audience :: System Administrators 14 | License :: OSI Approved :: Apache Software License 15 | Operating System :: POSIX :: Linux 16 | Programming Language :: Python 17 | Programming Language :: Python :: 3 18 | Programming Language :: Python :: 3.9 19 | Programming Language :: Python :: 3.10 20 | Programming Language :: Python :: 3.11 21 | Programming Language :: Python :: 3.12 22 | 23 | [files] 24 | packages = 25 | keystoneclient 26 | 27 | [entry_points] 28 | keystoneclient.auth.plugin = 29 | password = keystoneclient.auth.identity.generic:Password 30 | token = keystoneclient.auth.identity.generic:Token 31 | admin_token = keystoneclient.auth.token_endpoint:Token 32 | v2password = keystoneclient.auth.identity.v2:Password 33 | v2token = keystoneclient.auth.identity.v2:Token 34 | v3password = keystoneclient.auth.identity.v3:Password 35 | v3token = keystoneclient.auth.identity.v3:Token 36 | v3oidcpassword = keystoneclient.contrib.auth.v3.oidc:OidcPassword 37 | v3unscopedsaml = keystoneclient.contrib.auth.v3.saml2:Saml2UnscopedToken 38 | v3scopedsaml = keystoneclient.contrib.auth.v3.saml2:Saml2ScopedToken 39 | v3unscopedadfs = keystoneclient.contrib.auth.v3.saml2:ADFSUnscopedToken 40 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2013 Hewlett-Packard Development Company, L.P. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | import setuptools 17 | 18 | setuptools.setup( 19 | setup_requires=['pbr>=2.0.0'], 20 | pbr=True) 21 | -------------------------------------------------------------------------------- /test-requirements.txt: -------------------------------------------------------------------------------- 1 | hacking>=6.1.0,<6.2.0 # Apache-2.0 2 | flake8-docstrings==1.7.0 # MIT 3 | 4 | coverage>=4.0 # Apache-2.0 5 | fixtures>=3.0.0 # Apache-2.0/BSD 6 | keyring>=5.5.1 # MIT/PSF 7 | lxml>=4.5.0 # BSD 8 | oauthlib>=0.6.2 # BSD 9 | os-client-config>=1.28.0 # Apache-2.0 10 | oslotest>=3.2.0 # Apache-2.0 11 | requests-mock>=1.2.0 # Apache-2.0 12 | tempest>=17.1.0 # Apache-2.0 13 | stestr>=2.0.0 # Apache-2.0 14 | testresources>=2.0.0 # Apache-2.0/BSD 15 | testscenarios>=0.4 # Apache-2.0/BSD 16 | testtools>=2.2.0 # MIT 17 | 18 | # Bandit security code scanner 19 | bandit>=1.1.0 # Apache-2.0 20 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | minversion = 3.18.0 3 | skipsdist = True 4 | envlist = py3,pep8,releasenotes 5 | ignore_basepython_conflict = True 6 | 7 | [testenv] 8 | usedevelop = True 9 | setenv = OS_STDOUT_NOCAPTURE=False 10 | OS_STDERR_NOCAPTURE=False 11 | 12 | deps = 13 | -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} 14 | -r{toxinidir}/requirements.txt 15 | -r{toxinidir}/test-requirements.txt 16 | commands = find . -type f -name "*.pyc" -delete 17 | stestr run --slowest {posargs} 18 | allowlist_externals = find 19 | basepython = python3 20 | 21 | [testenv:pep8] 22 | commands = 23 | flake8 24 | bandit -r keystoneclient -x tests -n5 25 | 26 | [testenv:bandit] 27 | # NOTE(browne): This is required for the integration test job of the bandit 28 | # project. Please do not remove. 29 | commands = bandit -r keystoneclient -x tests -n5 30 | 31 | [testenv:venv] 32 | commands = {posargs} 33 | 34 | [testenv:cover] 35 | setenv = 36 | PYTHON=coverage run --source keystoneclient --parallel-mode 37 | commands = 38 | stestr run {posargs} 39 | coverage combine 40 | coverage html -d cover 41 | coverage xml -o cover/coverage.xml 42 | coverage report 43 | 44 | [testenv:debug] 45 | commands = oslo_debug_helper -t keystoneclient/tests {posargs} 46 | 47 | [testenv:functional] 48 | setenv = {[testenv]setenv} 49 | OS_TEST_PATH=./keystoneclient/tests/functional 50 | passenv = OS_* 51 | 52 | [flake8] 53 | # D100: Missing docstring in public module 54 | # D101: Missing docstring in public class 55 | # D102: Missing docstring in public method 56 | # D103: Missing docstring in public function 57 | # D104: Missing docstring in public package 58 | # D107: Missing docstring in __init__ 59 | # D203: 1 blank line required before class docstring (deprecated in pep257) 60 | # D401 First line should be in imperative mood; try rephrasing 61 | # W504 line break after binary operator 62 | ignore = D100,D101,D102,D103,D104,D107,D203,D401,W504 63 | show-source = True 64 | exclude = .venv,.tox,dist,doc,*egg,build 65 | 66 | [testenv:docs] 67 | commands = sphinx-build -W -b html doc/source doc/build/html 68 | deps = 69 | -r{toxinidir}/doc/requirements.txt 70 | -r{toxinidir}/requirements.txt 71 | 72 | [testenv:pdf-docs] 73 | deps = {[testenv:docs]deps} 74 | allowlist_externals = 75 | make 76 | rm 77 | commands = 78 | rm -rf doc/build/pdf 79 | sphinx-build -W -b latex doc/source doc/build/pdf 80 | make -C doc/build/pdf 81 | 82 | [testenv:releasenotes] 83 | commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html 84 | deps = -r{toxinidir}/doc/requirements.txt 85 | 86 | [hacking] 87 | import_exceptions = 88 | keystoneclient.i18n 89 | 90 | [testenv:bindep] 91 | # Do not install any requirements. We want this to be fast and work even if 92 | # system dependencies are missing, since it's used to tell you what system 93 | # dependencies are missing! This also means that bindep must be installed 94 | # separately, outside of the requirements files. 95 | deps = bindep 96 | commands = bindep test 97 | 98 | --------------------------------------------------------------------------------