5f093bf5ee
This commit adds a validation step in the auth_token middleware to check for the presence of an access_rules attribute in an application credential token and to validate the request against the permissions granted for that token. During token validation it sends a header to keystone to indicate that it is capable of validating these access rules, and not providing this header for a token like this would result in the token failing validation. This disregards access rules for a service request made by a service on behalf of a user, such as nova making a request to glance, because such a request is not under the control of the user and is not expected to be explicitly allowed in the access rules. bp whitelist-extension-for-app-creds Depends-On: https://review.opendev.org/670377 Change-Id: I185e0541d5df538d74edadf9976b3034a2470c88
86 lines
1.4 KiB
Plaintext
86 lines
1.4 KiB
Plaintext
appdirs==1.4.3
|
|
asn1crypto==0.24.0
|
|
Babel==2.5.3
|
|
bandit==1.1.0
|
|
beautifulsoup4==4.6.0
|
|
certifi==2018.1.18
|
|
cffi==1.11.5
|
|
chardet==3.0.4
|
|
cliff==2.11.0
|
|
cmd2==0.8.1
|
|
coverage==4.0
|
|
cryptography==2.1
|
|
debtcollector==1.19.0
|
|
dogpile.cache==0.6.5
|
|
dulwich==0.19.0
|
|
extras==1.0.0
|
|
fixtures==3.0.0
|
|
flake8-docstrings==0.2.1.post1
|
|
flake8==2.2.4
|
|
future==0.16.0
|
|
gitdb2==2.0.3
|
|
GitPython==2.1.8
|
|
hacking==0.10.0
|
|
idna==2.6
|
|
iso8601==0.1.12
|
|
keystoneauth1==3.12.0
|
|
linecache2==1.0.0
|
|
mccabe==0.2.1
|
|
mock==2.0.0
|
|
monotonic==1.4
|
|
mox3==0.25.0
|
|
msgpack==0.5.6
|
|
netaddr==0.7.19
|
|
netifaces==0.10.6
|
|
openstack-requirements==1.2.0
|
|
os-client-config==1.29.0
|
|
os-testr==1.0.0
|
|
oslo.cache==1.26.0
|
|
oslo.config==5.2.0
|
|
oslo.context==2.19.2
|
|
oslo.i18n==3.15.3
|
|
oslo.log==3.36.0
|
|
oslo.messaging==5.29.0
|
|
oslo.serialization==2.18.0
|
|
oslo.utils==3.33.0
|
|
oslotest==3.2.0
|
|
packaging==17.1
|
|
Parsley==1.3
|
|
pbr==2.0.0
|
|
pep257==0.7.0
|
|
pep8==1.5.7
|
|
prettytable==0.7.2
|
|
pycadf==1.1.0
|
|
pycparser==2.18
|
|
pyflakes==0.8.1
|
|
pyinotify==0.9.6
|
|
pyparsing==2.2.0
|
|
pyperclip==1.6.0
|
|
python-dateutil==2.7.0
|
|
python-keystoneclient==3.20.0
|
|
python-memcached==1.59
|
|
python-mimeparse==1.6.0
|
|
python-subunit==1.2.0
|
|
pytz==2018.3
|
|
PyYAML==3.12
|
|
reno==2.5.0
|
|
requests-mock==1.2.0
|
|
requests==2.14.2
|
|
requestsexceptions==1.4.0
|
|
rfc3986==1.1.0
|
|
six==1.10.0
|
|
smmap2==2.0.3
|
|
stestr==2.0.0
|
|
stevedore==1.20.0
|
|
testrepository==0.0.18
|
|
testresources==2.0.0
|
|
testtools==2.2.0
|
|
traceback2==1.4.0
|
|
unittest2==1.1.0
|
|
urllib3==1.22
|
|
voluptuous==0.11.1
|
|
waitress==1.1.0
|
|
WebOb==1.7.1
|
|
WebTest==2.0.27
|
|
wrapt==1.10.11
|