CHANGES
=======

* Updated from global requirements
* Fix gate for newton
* Updated from global requirements
* Update .gitreview for stable/newton

4.9.0
-----

* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements

4.8.0
-----

* Updated from global requirements
* Updated from global requirements
* Fix description of option `cache`

4.7.0
-----

* Add Python 3.5 classifier
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Use jsonutils instead of ast for loading the service catalog
* Use AccessInfo in UserAuthPlugin instead of custom
* Remove the _is_v2 and _is_v3 helpers
* Remove oslo-incubator

4.6.0
-----

* Updated from global requirements
* Use extras for oslo.messaging dependency
* Refactor API tests to not run middleware
* Refactor audit api tests into their own file
* Refactor create_event onto the api object
* Extract a common notifier pattern
* Break out the API piece into its own file
* Use createfile fixture in audit test
* Move audit into its own folder
* use local config options if available in audit middleware
* Use oslo.config fixture in audit tests
* Pop oslo_config_config before doing paste convert
* Updated from global requirements
* Fix typo 'olso' to 'oslo'
* Config: no need to set default=None
* Fix an issue with oslo_config_project paste config
* Updated from global requirements
* Pass X_IS_ADMIN_PROJECT header from auth_token
* Clean up middleware architecture
* Updated from global requirements
* Add a fixture method to add your own token data
* Move auth token opts calculation into auth_token
* Make audit middleware use common config object
* Consolidate user agent calculation
* Create a Config object
* Updated from global requirements
* Updated from global requirements
* Improve documentation for auth_uri
* PEP257: Ignore D203 because it was deprecated
* Updated from global requirements
* Use method split_path from oslo.utils
* Updated from global requirements
* Make sure audit can handle API requests which does not require a token
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Determine project name from oslo_config or local config

4.5.1
-----

* Fix AttributeError on cached-invalid token checks

4.5.0
-----

* Updated from global requirements
* Updated from global requirements
* Fix D105: Missing docstring in magic method (PEP257)
* Fix D200: One-line docstring should fit on one line with quotes (PEP257)
* Fix D202: No blank lines allowed after function docstring (PEP257)
* Adding audit middleware specific notification driver conf
* remove old options from documentation
* generate sample config automatically
* Return default value for pkg_version if missing
* Updated from global requirements
* Fix D204 PEP257 violation and enable D301 and D209
* Fix D400 PEP257 violation
* Fix D401 PEP257 violation and enable H403
* Update config options
* s3token config with auth URI
* Updated from global requirements
* Return JSON for Unauthorized message
* Updated from global requirements
* Fix doc build if git is absent
* PEP257: add flake8-docstring testing
* Only confirm token binding on one token
* Create signing_dir upon first usage
* Updated from global requirements
* Updated from global requirements
* Handle cache invalidate outside cache object
* Update reno for stable/mitaka
* Remove bandit.yaml in favor of defaults
* use the same context across a request
* Updated from global requirements
* Update documentation for running tests
* Updated from global requirements
* Add back a bandit tox job

4.3.0
-----

* argparse expects a list not a dictionary
* update deprecation message to indicate when deprecations were made
* Updated from global requirements
* Split oslo_config and list all opts
* Updated from global requirements
* Make pep8 *the* linting interface
* Remove clobbering of passed oslo_config_config
* Updated from global requirements
* Use positional instead of keystoneclient version
* Updated from global requirements
* Remove Babel from requirements.txt

4.2.0
-----

* Updated from global requirements
* Deprecate in-process cache
* Revert "Disable memory caching of tokens"
* Revert "Don't cache signed tokens"
* Updated from global requirements
* Remove bandit tox environment
* Remove unnecessary _reject_request function
* Group common PKI validation code - Refactor
* Group common PKI validation code - Tests
* Remove except Exception handler
* Fix tests to work with keystoneauth1 2.2.0
* Bandit profile updates
* Replace deprecated library function os.popen() with subprocess

4.1.0
-----

* Add project_name to the auth_token fixture
* Revert "Stop using private keystoneclient functions"
* create release notes for ksm 4.1.0
* Don't cache signed tokens
* Disable memory caching of tokens
* Updated from global requirements
* Use oslo_config choices support
* Stop using private keystoneclient functions
* Use fixture for mock patch
* auth_token verify revocation by audit_id
* Updated from global requirements
* Deprecated tox -downloadcache option removed
* Updated from global requirements
* Make BaseAuthProtocol public
* Use load_from_options_getter for auth plugins
* Configuration is outdated
* Updated from global requirements
* Use keystoneauth for auth_token fixture
* Don't list deprecated opts in sample config
* Updated from global requirements
* Put py34 first in the env order of tox

4.0.0
-----

* Add release notes for keystonemiddleware
* Updated from global requirements
* Adding parse of protocol v4 of AWS auth to ec2_token
* Add a mock-fixture for keystonemiddleware auth_protocol
* Add domain and trust details to user plugin
* Remove py26 target from tox.ini
* Use keystoneauth
* Updated from global requirements
* Address hacking check H405
* update middlewarearchitecture.rst
* Make "Auth Token confirmed use of %s apis" debug level
* Define entry points for filter factories for Paste Deployment
* Updated from global requirements
* Updated from global requirements

3.0.0
-----

* Updated from global requirements
* drop use of norm_ns

2.4.1
-----

* Updated from global requirements
* Straighten up exceptions imports
* Separate setting catalog on headers from others

2.4.0
-----

* Updated from global requirements
* Updated from global requirements
* Remove auth headers in AuthProtocol
* Use request helpers for token_info/token_auth
* Make __all__ immutable
* Move response status check to the call
* only make token invalid when it really is
* auto-generate release history
* Add shields.io version/downloads links/badges into README.rst
* Updated from global requirements
* Change ignore-errors to ignore_errors
* Ensure auth_plugin options are in generated CONF
* Cleanup a few auth_token comments

2.3.0
-----

* Updated from global requirements
* Remove unused group parameter from tests
* auth_token tests use clean config
* Docstring updates
* Use ConnectionRefused for auth_token tests

2.2.0
-----

* Seperate standalone cache tests
* Import _memcache_pool normally
* Create Environment cache pool
* Handle memcache pool arguments collectively
* Updated from global requirements
* Allow specifying a region name to auth_token
* Updated from global requirements
* Allow to use oslo.config without global CONF
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* Move common request processing to base class
* Fix rst
* py34 not py33 is tested and supported
* Refactor extract method for offline validation
* Send the correct user-agent to Keystone
* Move enforcement and time validation to base class
* Separate the fetch and validate parts of auth_token
* Fixes modules index generated by Sphinx

2.1.0
-----

* Add token_auth helper to request
* Add user_token and service_token to request
* Create a simple base class from AuthProtocol
* Switch from deprecated oslo_utils.timeutils.strtime
* Updated from global requirements
* Refactor _confirm_token_bind takes AccessInfo
* Make token bind work with a request
* Rename _LOG to log in auth_token middleware
* Don't allow webob to set a default content type
* Prevent a UnicodeDecodeError in the s3token middleware
* Remove install_venv_common and fix typo in memorycache

2.0.0
-----

* Ensure cache keys are a known/fixed length
* Updated from global requirements
* Refactor request methods onto request object
* validate_token returns AccessInfo
* Updated from global requirements
* Fixes a spelling error in a test name
* Remove custom header handling
* Unit tests catch deprecated function usage
* Common base class for unit tests
* Stop using function deprecated in py34
* Move bandit requirement to test-requirements.txt
* Fetch user token from request rather than env
* Remove the _msg_format function
* Base use webob
* Don't rely on token_info for header building
* Move project included validation
* Depend on keystoneclient for expiration checking
* Don't store expire into memcache
* Removes discover from test-reqs
* Drop py2.6 support for keystone middleware
* Create new user plugin tests
* Add an explicit test failure condition when auth_token is missing
* Fixup test-requirements-py3.txt
* Fix list_opts test to not check all deps
* Refactor certificate fetch functions
* tox env for Bandit
* Cleanup token hashes generated by cache
* Updated from global requirements
* Improved handling of endpoints missing urls
* Refactor: extract echo_app from enclosing class
* Add keystone v3 API to fetch revocation list
* Simplify request making in auth_token tests
* Change auth_token to use keystoneclient
* Deprecate auth_token authentication
* Updated from global requirements

1.6.1
-----

* Ignore cover directory
* Remove superfluous / spammy log line
* Drop use of 'oslo' namespace package
* Port keystonemiddleware to Python 3
* Remove unused iso8601 dependency
* Update README to work with release tools

1.6.0
-----

* Uncap library requirements for liberty
* Remove retry parameter
* Fix s3_token middleware parsing insecure option
* Updated from global requirements
* Pull echo service out of auth_token
* Fix typos in keystonemiddleware
* Rename requests mock object in testing
* Update auth_token config docs
* Crosslink to other sites that are owned by Keystone
* Move _memcache_pool into auth_token
* Move unit tests into tests.unit

1.5.0
-----

* Allow loading auth plugins via overrides
* Updated from global requirements
* Delay denial when service token is invalid
* Updated from global requirements
* Move UserAuthPlugin into its own file
* Extract IdentityServer into file
* Extract all TokenCache related classes to file
* Break default auth plugin into file
* Extract revocations to file
* Extract SigningDirectory into file
* Separate exceptions into their own file
* Updated from global requirements
* Updated from global requirements
* Move auth_token into its own folder
* Updated from global requirements

1.4.0
-----

* Refactor auth_token revocation list members to new class
* Refactor extract class for signing directory
* Turn our auth plugin into a token interface
* iso expires should be returned in one place
* move add event creation logic to keystonemiddleware
* Updated from global requirements
* Sync with oslo-incubator
* Use oslo.context instead of incubator code
* Refactor auth_uri handling
* make audit event scoped to request session and not middleware
* Updated from global requirements
* Remove custom string truth handling
* Updated from global requirements
* incorrect reference in enabling audit middleware
* Updated from global requirements
* Enforce check F821 and H304
* Switch from oslo.config to oslo_config
* Switch from oslo.serialization to oslo_serialization
* Switch from oslo.utils to oslo_utils
* Add python-memcached to test-requirements
* Correct failures for check E122
* Correct failures for check H703
* Updated from global requirements
* Correct failures for check H238
* Move to hacking 0.10
* Updated from global requirements
* Use a test fixture for mocking time
* Fix environ keys missing HTTP_ prefix
* support micro version if sent
* Fix passing parameters to log message
* Correct incorrect rst in docstrings
* remove unused variable in _IdentityServer

1.3.1
-----

* Fix auth_token does version request for no token
* Adds Memcached dependencies doc
* fallback to online validation if offline validation fails

1.3.0
-----

* documentation for audit middleware
* remove the unused method _will_expire_soon
* Updated from global requirements
* Use newer requests-mock syntax
* Allow loading other auth methods in auth_token
* Auth token tests create temp cert directory
* Add a test to ensure the version check error
* Split identity server into v2 and v3
* Workflow documentation is now in infra-manual
* Use real discovery object in auth_token middleware
* Updated from global requirements
* Make everything in audit middleware private
* Updated from global requirements
* Adding audit middleware to keystonemiddleware
* Fix paste config option conversion for auth options
* Auth token supports deprecated names for paste conf options
* Correct tests to use strings in conf
* Change occurrences of keystone to identity server
* Updated from global requirements
* Updated from global requirements
* Updated from global requirements
* I18n
* Adds space after # in comments
* Update python-keystoneclient reference
* Use Discovery fixtures for auth token tests
* Convert authentication into a plugin
* Add versions to requests
* Use an adapter in IdentityServer
* Use connection retrying from keystoneclient
* Updated from global requirements
* Use correct name of oslo debugger script
* Use new ksc features in User Token Plugin
* Remove netaddr package requirement
* add context to keystonemiddleware
* Updated from global requirements
* Improve help strings
* Updated from global requirements
* Changing the value type of http_connect_timeout
* Revert "Support service user and project in non-default domain"
* Replace httpretty with requests-mock
* Encode middleware error message as bytes
* Docstring cleanup
* Remove HTTP_X_STORAGE_TOKEN doc
* Fix reference to middleware architecture doc
* Clean up the middleware docs
* Update oslo-incubator and switch to oslo.{utils,serialization}
* Refactor auth_token cache

1.2.0
-----

* Add an optional advanced pool of memcached clients
* Fix auth_token for old oslo.config
* Support service user and project in non-default domain
* Add composite authentication support
* Fix test failure after discovery hack
* Updated from global requirements
* BaseAuthTokenMiddlewareTest.setUp call super normally
* Remove unused iso8601
* Use oslo_debug_helper and remove our own version
* convert the conf value into correct type
* Always add auth URI to unauthorized requests
* Work toward Python 3.4 support and testing
* warn against sorting requirements
* Always supply a username to auth_token tests setup
* Create an Auth Plugin to pass to users
* Updated from global requirements

1.1.1
-----

* Hash for PKIZ
* auth_token cached token handling
* Add a test for re-caching a token
* Updated from global requirements
* Remove intersphinx mappings
* Use oslosphinx in keystonemiddlware for documentation
* Updated from global requirements
* Convert auth_token middleware to use sessions

1.1.0
-----

* Updated from global requirements
* Remove mox dependency
* move webob from test-requirements to requirements
* remove unused dep: stevedore
* remove unused dep: prettytable
* Example JSON files should be human-readable
* Updated from global requirements
* Mark keystonemiddleware as being a universal wheel
* Use keystoneclient fixtures in middleware tests
* prefer identity API v3 over v2 in auth_token
* Clean up openstack-common.conf
* Sync with oslo-incubator 569979adf
* Refactor auth_token, move identity server members to class

1.0.0
-----

* Expose an entry point to list auth_token middleware config options
* Privatize Everything
* Privatize Everything
* add CONTRIBUTING.rst
* add README
* Update setup.cfg to remove keystoneclient ref
* Bring over debug_helper.sh
* Update requirement files
* Update .gitignore files
* Correct Doc location and update for middleware only
* Move Docs to the right location
* Remove .update-venv
* Update middleware and tests for new package
* Update requirements
* Update MANIFEST.in
* Remove unused testing files from keystoneclient
* Move examples split to new location
* Move ec2_token to new location
* Add in original keystoneclient test-requirements.txt
* Initial oslo-incubator sync
* Cleanup unused testr.conf file
* Move tests to new location
* Moving middleware to new location
* Initial commit
* Fix 500 error if request body is not JSON object
* auth_token _cache_get checks token expired
* auth_token _cache_get checks token expired
* Using six.u('') instead of u''
* Session Documentation
* Link to docstrings in using-api-v3
* Refactor auth_token token cache members to class
* Refactor auth_token token cache members to class
* Add service_name to URL discovery
* Don't use mock non-exist method assert_called_once
* Remove _factory methods from auth plugins
* Make get_oauth_params conditional for specific oauthlib versions
* Changes exception raised by v3.trusts.update()
* Add role assignments as concept in Client API V3 docs
* Fix tests to use UUID strings rather than ints for IDs
* Clean up oauth auth plugin code
* Add endpoint handling to Token/Endpoint auth
* Add support for extensions-list
* auth_token middleware hashes tokens with configurable algorithm
* auth_token middleware hashes tokens with configurable algorithm
* Remove left over vim headers
* Add /role_assignments endpoint support
* Authenticate via oauth
* Auth Plugin invalidation
* Move DisableModuleFixture to utils
* replace string format arguments with function parameters
* Fixes an erroneous type check in a test
* auth_token hashes PKI token once
* auth_token hashes PKI token once
* Compressed Signature and Validation
* Compressed Signature and Validation
* Compressed Signature and Validation
* OAuth request/access token and consumer support for oauth client API
* Regions Management
* Discovery URL querying functions
* Move auth_token tests not requiring v2/v3 to new class
* Cached tokens aren't expired
* Cached tokens aren't expired
* Move auth_token cache pool tests out of NoMemcache
* Fixed the size limit tests in Python 3
* Make auth_token return a V2 Catalog
* Make auth_token return a V2 Catalog
* Fix client fixtures
* fixed typos found by RETF rules
* fixed typos found by RETF rules
* auth_token configurable check of revocations for cached
* auth_token configurable check of revocations for cached
* Remove unused AdjustedBaseAuthTokenMiddlewareTest
* auth_token test remove unused fake_app parameter
* Fix typo in BaseAuthTokenMiddlewareTest
* Enhance tests for auth_token middleware
* Limited use trusts
* Debug log when token found in revocation list
* Ensure that cached token is not revoked
* Fix the catalog format of a sample token
* remove universal_newlines
* replace double quotes with single
* Deprecate admin_token option in auth_token
* Create a V3 Token Generator
* Implement endpoint filtering functionality on the client side
* Fix typo of ANS1 to ASN1
* Fix typo of ANS1 to ASN1
* Add new error for invalid response
* Rename HTTPError -> HttpError
* Add CRUD operations for Federation Mapping Rules
* Don't use generic kwargs in v2 Token Generation
* Update docs for auth_token middleware config options
* Allow session to return an error response object
* Add service name to catalog
* Hash functions support different hash algorithms
* Add CRUD operations for Identity Providers
* eliminate race condition fetching certs
* eliminate race condition fetching certs
* Allow passing auth plugin as a parameter
* Prefer () to continue line per PEP8
* Prefer () to continue line per PEP8
* Use `HttpNotImplemented` in `tests.v3.test_trusts`
* Ensure JSON headers in Auth Requests
* Create a test token generator and use it
* Safer noqa handling
* Rename request_uri to identity_uri
* Tests should use identity_uri by default
* Replace auth fragements with identity_uri
* Replace auth fragements with identity_uri
* Remove releases.rst from keystone docs
* Handle URLs via the session and auth_plugins
* Add a method for changing a user's password in v3
* sanity check memcached availability before running tests against it
* Change the default version discovery URLs
* add functional test for cache pool
* Add a positional decorator
* add pooling for cache references
* add pooling for cache references
* use v3 api to get certificates
* use v3 api to get certificates
* Don't use a connection pool unless provided
* Reference docstring for auth_token fields
* Docs link to middlewarearchitecture
* Uses explicit imports for _
* Discover should support other services
* Replace httplib.HTTPSConnection in ec2_token
* Revert "Add request/access token and consumer..."
* Revert "Authenticate via oauth"
* Fix doc build errors
* Fix doc build errors
* Fix doc build errors
* Generate module docs
* Authenticate via oauth
* Add request/access token and consumer support for keystoneclient
* Add 'methods' to all v3 test tokens
* Use AccessInfo in auth_token middleware
* Add 'methods' to all v3 test tokens
* Handle Token/Endpoint authentication
* Split sample PKI token generation
* Fix retry logic
* Fix state modifying catalog tests
* Remove reference to non-existent shell doc
* increase default revocation_cache_time
* Make keystoneclient not log auth tokens
* improve configuration help text in auth_token
* Log the command output on CertificateConfigError
* V3 xml responses should use v3 namespace
* Enforce scope mutual exclusion for trusts
* Token Revocation Extension
* Atomic write of certificate files and revocation list
* Privatize auth construction parameters
* Set the right permissions for signing_dir in tests
* deprecate XML support in favor of JSON
* Capitalize Client API title consistently
* Remove http_handler config option in auth_token
* Rely on OSLO.config
* Use admin_prefix consistently
* demonstrate auth_token behavior with a simple echo service
* Remove redundant default value None for dict.get
* Remove redundant default value None for dict.get
* correct typo of config option name in error message
* remove extra indentation
* refer to non-deprecated config option in help
* Create V3 Auth Plugins
* Create V2 Auth Plugins
* Fix role_names call from V3 AccessInfo
* Interactive prompt for create user
* Replace assertEqual(None, *) with assertIsNone in tests
* Ensure domains.list filtered results are correct
* Test query-string for list actions with filter arguments
* Fix keystone command man page
* Add link to the v3 client api doc
* Fix references to auth_token in middlewarearchitecture doc
* Use WebOb directly in ec2_token middleware
* Don't use private last_request variable
* Python: Pass bytes to derive_keys()
* Use WebOb directly for locale testing
* Make sure to unset all variable starting with OS_
* Python3: use six.moves.urllib.parse.quote instead of urllib.quote
* Remove vim header
* Remove vim header
* Remove vim header
* Python3: httpretty.last_request().body is now bytes
* Python3: fix test_insecure
* Deprecate s3_token middleware
* Python3: webob.Response.body must be bytes
* Python 3: call functions from memcache_crypt.py with bytes as input
* Python 3: call functions from memcache_crypt.py with bytes as input
* Use requests library in S3 middleware
* Use requests library in S3 middleware
* Python 3: make tests from v2_0/test_access.py pass
* Python 3: make tests from v2_0/test_access.py pass
* Create Authentication Plugins
* Fix debug curl commands for included data
* Add back --insecure option to CURL debug
* Use HTTPretty in S3 test code
* Provide a conversion function for creating session
* Update reference to middlewarearchitecture doc
* Update middlewarearchitecture config options docs
* Remove support for old Swift memcache interface
* Remove support for old Swift memcache interface
* Replace urllib/urlparse with six.moves.*
* Python 3: fix tests/test_utils.py
* Python 3: Fix an str vs bytes issue in tempfile
* Return role names by AccessInfo.role_names
* Copy s3_token middleware from keystone
* Copy s3_token middleware from keystone
* build auth context from middleware
* Fix E12x warnings found by Pep8 1.4.6
* Fix typos in documents and comments
* Fix typos in documents and comments
* Consistently support kwargs across all v3 CRUD Manager ops
* Use six to make dict work in Python 2 and Python 3
* Python 3: set webob.Response().body to a bytes value
* Remove test_print_{dict,list}_unicode_without_encode
* Tests use cleanUp rather than tearDown
* Adjust import items according to hacking import rule
* Adjust import items according to hacking import rule
* Adjust import items according to hacking import rule
* Replace assertTrue with explicit assertIsInstance
* Fix discover command failed to read extension list issue
* Fix incorrect assertTrue usage
* Make assertQueryStringIs usage simpler
* auth_token tests use assertIs/Not/None
* Make common log import consistent
* Python 3: Use HTTPMessage.get() rather than HTTPMessage.getheader()
* auth_token tests close temp file descriptor
* Tests cleanup temporary files
* Removes use of timeutils.set_time_override
* Controllable redirect handling
* Verify token binding in auth_token middleware
* Verify token binding in auth_token middleware
* Fix auth_token middleware test invalid cross-device link issue
* Add unit tests for generic/shell.py
* Rename using-api.rst to using-api-v2.rst
* Documents keystone v3 API usage - part 1
* v3 test utils, don't modify input parameter
* Fix error in v3 credentials create/update
* Rename instead of writing directly to revoked file
* Correctly handle auth_url/token authentication
* Remove debug specific handling
* Fix missed management_url setter in v3 client
* Add service catalog to domain scoped token fixture
* Change assertEquals to assertIsNone
* Avoid meaningless comparison that leads to a TypeError
* Python3: replace urllib by six.moves.urllib
* Fix --debug handling in the shell
* Rename tokenauth to authtoken in the doc
* use six.StringIO for compatibility with io.StringIO in python3
* Properly handle Regions in keystoneclient
* Use testresources for example files
* Discover supported APIs
* Warn user about unsupported API version
* Add workaround for OSError raised by Popen.communicate()
* Use assertIn where appropriate
* Extract a base Session object
* Do not format messages before they are logged
* keystoneclient requires an email address when creating a user
* Fix typo in keystoneclient
* Encode the text before print it to console
* Opt-out of service catalog
* Opt-out of service catalog
* Opt-out of service catalog
* Remove deprecated auth_token middleware
* "publicurl" should be required on endpoint-create
* Update the management url for every fetched token
* Fix python3 incompatible use of urlparse
* Convert revocation list file last modified to UTC
* Convert revocation list file last modified to UTC
* Migrate the keystone.common.cms to keystoneclient
* Migrate the keystone.common.cms to keystoneclient
* Avoid returning stale token via auth_token property
* Remove SERVICE_TOKEN and SERVICE_ENDPOINT env vars
* Make ROOTDIR determination more robust
* Replace OpenStack LLC with OpenStack Foundation
* Replace OpenStack LLC with OpenStack Foundation
* Replace OpenStack LLC with OpenStack Foundation
* Replace OpenStack LLC with OpenStack Foundation
* Add AssertRequestHeaderEqual test helper and make use of it
* python3: Make iteritems py3k compat
* Normalize datetimes to account for tz
* Normalize datetimes to account for tz
* assertEquals is deprecated, use assertEqual (H602)
* remove the nova dependency in the ec2_token middleware
* Fix H202 assertRaises Exception
* Fix H202 assertRaises Exception
* Refactor for testability of an upcoming change
* Refactor for testability of an upcoming change
* Allow v2 client authentication with trust_id
* Fix misused assertTrue in unit tests
* Add auth_uri in conf to avoid unnecessary warning
* Move tests in keystoneclient
* Set example timestamps to 2038-01-18T21:14:07Z
* Replace HttpConnection in auth_token with Requests
* Replace HttpConnection in auth_token with Requests
* Support client generate literal ipv6 auth_uri base on auth_host
* Log user info in auth_token middleware
* Changed header from LLC to Foundation based on trademark policies
* python3: Use from future import unicode_literals
* Fix and enable gating on F841
* Use OSLO jsonutils instead of json module
* Allow configure the number of http retries
* Use hashed token for invalid PKI token cache key
* Make auth_token middleware fetching respect prefix
* Move all opens in auth_token to be in context
* Refactor Keystone to use unified logging from Oslo
* Refactor verify signing dir logic
* Fixes files with wrong bitmode
* Don't cache tokens as invalid on network errors
* Fix a typo in fetch_revocation_list
* auth_uri (public ep) should not default to auth_* values (admin ep)
* Adds help in keystone_authtoken config opts
* python3: Add basic compatibility support
* remove swift dependency of s3 middleware
* flake8: fix alphabetical imports and enable H306
* Drop webob from auth_token.py
* no logging on cms failure
* rm improper assert syntax
* Fix and enable gating on H402
* Raise key length defaults
* Fix auth_token.py bad signing_dir log message
* Fix and enable H401
* Revert environment module usage in middleware
* Fix the cache interface to use time= by default
* Change memcache config entry name in Keystone to be consistent with Oslo
* Change memcache config entry name in Keystone to be consistent with Oslo
* Fix memcache encryption middleware
* Fix memcache encryption middleware
* Isolate eventlet code into environment
* Provide keystone CLI man page
* Check Expiry
* Check Expiry
* import only modules (flake8 H302)
* Satisfy flake8 import rules F401 and F403
* Default signing_dir to secure temp dir (bug 1181157)
* Use testr instead of nose
* Securely create signing_dir (bug 1174608)
* adding notes about dealing with exceptions in the client
* Fix v3 with UUID and memcache expiring
* Fix v3 with UUID and memcache expiring
* Allow keystoneclient to work with older keystone installs
* Wrap config module and require manual setup (bug 1143998)
* Config value for revocation list timeout
* Cache tokens using memorycache from oslo
* Cache tokens using memorycache from oslo
* xml_body returns backtrace on XMLSyntaxError
* Make auth_token lazy load the auth_version
* Doc info and other readability improvements
* Retry http_request and json_request failure
* Use v2.0 api by default in auth_token middleware
* Fix auth-token middleware to understand v3 tokens
* Fix auth-token middleware to understand v3 tokens
* Remove test dep on name of dir (bug 1124283)
* bug 1131840: fix auth and token data for XML translation
* Rework S3Token middleware tests
* v3 token API
* Use oslo-config-2013.1b3
* Allow configure auth_token http connect timeout
* Allow configure auth_token http connect timeout
* Fix spelling mistakes
* Mark password config options with secret
* Fixes 'not in' operator usage
* Fix thinko in self.middleware.cert_file_missing
* Limit the size of HTTP requests
* Blueprint memcache-protection: enable memcache value encryption/integrity check
* Blueprint memcache-protection: enable memcache value encryption/integrity check
* Warning message is not logged for valid token-less request
* Use os.path to find ~/keystone-signing (bug 1078947)
* Remove iso8601 dep in favor of openstack.common
* remove unused import
* Bug 1052674: added support for Swift cache
* URL-encode user-supplied tokens (bug 974319)
* Fix middleware logging for swift
* Remove swift auth
* Don't try to split a list of memcache servers
* Import auth_token middleware from keystoneclient
* Throw validation response into the environment
* Add auth-token code to keystoneclient, along with supporting files
* Add auth-token code to keystoneclient, along with supporting files
* Use the right subprocess based on os monkeypatch
* Make initial structural changes to keystoneclient in preparation to moving auth_token here from keystone.  No functional change should occur from this commit (even though it did refresh a newer copy of openstack.common.setup.py, none of the newer updates are in functions called from this client)
* fixes bug 1074172
* HACKING compliance: consistent use of 'except'
* auth_token hash pki key PKI tokens on hash in memcached when accessed by auth_token middelware
* Move 'opentack.context' and 'openstack.params' definitions to keystone.common.wsgi
* Replace refs to 'Keystone API' with 'Identity API'
* replacing PKI token detection from content length to content prefix. (bug 1060389)
* updating base keystoneclient documentation
* updating keystoneclient doc theme
* Backslash continuation cleanup
* Check for expected cfg impl (bug 1043479)
* Fix PEP8 issues
* Fix auth_token middleware to fetch revocation list as admin
* allow middleware configuration from app config
* Change underscores in new cert options to dashes
* PKI Token revocation
* Use user home dir as default for cache
* Set default signing_dir based on os USER
* Test for Cert by name
* Cryptographically Signed tokens
* Prevent service catalog injection in auth_token
* Admin Auth URI prefix
* Support 2-way SSL with Keystone server if it is configured to enforce 2-way SSL.  See also https://review.openstack.org/#/c/7706/ for the corresponding review for the 2-way SSL addition to Keystone
* Change CLI options to use dashes
* Keystone should use openstack.common.jsonutils
* Removed unused import
* Reorder imports by full module path
* Pass serviceCatalog in auth_token middleware
* 400 on unrecognized content type (bug 1012282)
* PEP8 fixes
* Move docs to doc
* fix importing of optional modules in auth_token
* blueprint 2-way-ssl
* Fixes some pep8 warning/errors
* Update swift_auth documentation
* Add ACL check using <tenant_id>:<user> format
* Use X_USER_NAME and X_ROLES headers
* Allow other middleware overriding authentication
* Backslash continuation removal (Keystone folsom-1)
* Added 'NormalizingFilter' middleware
* Make sure we parse delay_auth_decision as boolean
* Exit on error in a S3 way
* Add a _ at the end of reseller_prefix default
* additional logging to support debugging auth issue
* Add support to swift_auth for tokenless authz
* Improve swift_auth test coverage + Minor fixes
* S3 tokens cleanups
* updating docs to include creating service accts
* Rename tokenauth to authtoken
* Remove nova-specific middlewares
* Remove glance_auth_token middleware
* Update username -> name in token response
* Refactor keystone.common.logging use (bug 948224)
* Allow connect to another tenant
* Improved legacy tenancy resolution (bug 951933)
* Fix iso8601 import/use and date comparaison
* Add simple set of tests for auth_token middleware
* Add token caching via memcache
* Added license header (bug 929663)
* Make sure we have a port number before int it
* HTTP_AUTHORIZATION was used in proxy mode
* Add reseller admin capability
* improve auth_token middleware
* Unpythonic code in redux in auth_token.py
* Handle KeyError in _get_admin_auth_token
* Provide request to Middleware.process_response()
* Set tenantName to 'admin' in get_admin_auth_token
* XML de/serialization (bug 928058)
* Update auth_token middleware so it sets X_USER_ID
* Fix case of admin role in middleware
* Remove extraneous _validate_claims() arg
* Fix copyright dates and remove duplicate Apache licenses
* Re-adds admin_pass/user to auth_tok middleware
* Update docs for Swift and S3 middlewares
* Added Apache 2.0 License information
* Update swift token middleware
* Add s3_token
* Fixes role checking for admin check
* Add tests for core middleware
* termie all the things
* be more safe with getting json aprams
* fix keystoneclient tests
* pep8 cleanup
* doc updates
* fix middleware
* update some names
* fix some imports
* re-indent
* check for membership
* add more middleware
* woops
* add legacy middleware
