diff -Nru keystone-8.0.1/AUTHORS keystone-8.1.0/AUTHORS --- keystone-8.0.1/AUTHORS 2015-12-10 13:05:06.000000000 +0000 +++ keystone-8.1.0/AUTHORS 2016-03-03 14:44:30.000000000 +0000 @@ -20,6 +20,7 @@ Andrey Pavlov Andy Smith Angus Lees +Ankit Agrawal Anne Gentle Anthony Dodd Anthony Young @@ -151,6 +152,7 @@ John Warren Jorge L. Williams Jorge Munoz +Jorge Munoz Jose Castro Leon Joseph W. Breu Josh Kearney diff -Nru keystone-8.0.1/ChangeLog keystone-8.1.0/ChangeLog --- keystone-8.0.1/ChangeLog 2015-12-10 13:05:06.000000000 +0000 +++ keystone-8.1.0/ChangeLog 2016-03-03 14:44:29.000000000 +0000 @@ -1,6 +1,30 @@ CHANGES ======= +8.1.0 +----- + +* Make WebSSO trusted_dashboard hostname case-insensitive +* Imported Translations from Zanata +* Escape DN in enabled query +* Test enabled emulation with special user_tree_dn +* Revert "Validate domain ownership for v2 tokens" +* Fix schema validation to use JSONSchema for empty entity +* Refactors validation tests to better see the cases +* Fix trust redelegation and associated test +* use self.skipTest instead of self.skip +* Imported Translations from Zanata +* Fix users in group and groups for user exact filters +* Add audit IDs to revocation events +* Expose defect in users_in_group, groups_for_user exact filters +* Ensure endpoints returned is filtered correctly +* Fix 500 error when no fernet token is passed +* Updated from global requirements +* Updated from global requirements +* Updated from global requirements +* More useful message when using direct driver import +* force releasenotes warnings to be treated as errors + 8.0.1 ----- diff -Nru keystone-8.0.1/debian/changelog keystone-8.1.0/debian/changelog --- keystone-8.0.1/debian/changelog 2016-01-07 12:02:18.000000000 +0000 +++ keystone-8.1.0/debian/changelog 2016-03-21 10:32:04.000000000 +0000 @@ -1,3 +1,9 @@ +keystone (2:8.1.0-0ubuntu1) wily; urgency=medium + + * New upstream stable release (LP: #1559935). + + -- James Page Mon, 21 Mar 2016 10:31:51 +0000 + keystone (2:8.0.1-0ubuntu1) wily; urgency=medium * New upstream point release for OpenStack Liberty (LP: #1530913). diff -Nru keystone-8.0.1/keystone/auth/controllers.py keystone-8.1.0/keystone/auth/controllers.py --- keystone-8.0.1/keystone/auth/controllers.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/auth/controllers.py 2016-03-03 14:43:18.000000000 +0000 @@ -45,8 +45,8 @@ def load_auth_method(method): plugin_name = CONF.auth.get(method) or 'default' + namespace = 'keystone.auth.%s' % method try: - namespace = 'keystone.auth.%s' % method driver_manager = stevedore.DriverManager(namespace, plugin_name, invoke_on_load=True) return driver_manager.driver @@ -55,13 +55,16 @@ 'attempt to load using import_object instead.', method, plugin_name) - @versionutils.deprecated(as_of=versionutils.deprecated.LIBERTY, - in_favor_of='entrypoints', - what='direct import of driver') - def _load_using_import(plugin_name): - return importutils.import_object(plugin_name) + driver = importutils.import_object(plugin_name) - return _load_using_import(plugin_name) + msg = (_( + 'Direct import of auth plugin %(name)r is deprecated as of Liberty in ' + 'favor of its entrypoint from %(namespace)r and may be removed in ' + 'N.') % + {'name': plugin_name, 'namespace': namespace}) + versionutils.report_deprecated_feature(LOG, msg) + + return driver def load_auth_methods(): diff -Nru keystone-8.0.1/keystone/common/controller.py keystone-8.1.0/keystone/common/controller.py --- keystone-8.0.1/keystone/common/controller.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/common/controller.py 2016-03-03 14:43:18.000000000 +0000 @@ -224,27 +224,13 @@ @staticmethod def filter_domain_id(ref): """Remove domain_id since v2 calls are not domain-aware.""" - if 'domain_id' in ref: - if ref['domain_id'] != CONF.identity.default_domain_id: - raise exception.Unauthorized( - _('Non-default domain is not supported')) - del ref['domain_id'] + ref.pop('domain_id', None) return ref @staticmethod def filter_domain(ref): - """Remove domain since v2 calls are not domain-aware. - - V3 Fernet tokens builds the users with a domain in the token data. - This method will ensure that users create in v3 belong to the default - domain. - - """ - if 'domain' in ref: - if ref['domain'].get('id') != CONF.identity.default_domain_id: - raise exception.Unauthorized( - _('Non-default domain is not supported')) - del ref['domain'] + """Remove domain since v2 calls are not domain-aware.""" + ref.pop('domain', None) return ref @staticmethod @@ -287,15 +273,9 @@ def v3_to_v2_user(ref): """Convert a user_ref from v3 to v2 compatible. - - v2.0 users are not domain aware, and should have domain_id validated - to be the default domain, and then removed. - - - v2.0 users expect the use of tenantId instead of default_project_id. - - - v2.0 users have a username attribute. - - This method should only be applied to user_refs being returned from the - v2.0 controller(s). + * v2.0 users are not domain aware, and should have domain_id removed + * v2.0 users expect the use of tenantId instead of default_project_id + * v2.0 users have a username attribute If ref is a list type, we will iterate through each element and do the conversion. diff -Nru keystone-8.0.1/keystone/common/ldap/core.py keystone-8.1.0/keystone/common/ldap/core.py --- keystone-8.0.1/keystone/common/ldap/core.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/common/ldap/core.py 2016-03-03 14:43:18.000000000 +0000 @@ -1823,7 +1823,8 @@ def _get_enabled(self, object_id, conn): dn = self._id_to_dn(object_id) - query = '(%s=%s)' % (self.member_attribute, dn) + query = '(%s=%s)' % (self.member_attribute, + ldap.filter.escape_filter_chars(dn)) try: enabled_value = conn.search_s(self.enabled_emulation_dn, ldap.SCOPE_BASE, diff -Nru keystone-8.0.1/keystone/common/manager.py keystone-8.1.0/keystone/common/manager.py --- keystone-8.0.1/keystone/common/manager.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/common/manager.py 2016-03-03 14:43:18.000000000 +0000 @@ -19,6 +19,8 @@ from oslo_utils import importutils import stevedore +from keystone.i18n import _ + LOG = log.getLogger(__name__) @@ -70,15 +72,16 @@ LOG.debug('Failed to load %r using stevedore: %s', driver_name, e) # Ignore failure and continue on. - @versionutils.deprecated(as_of=versionutils.deprecated.LIBERTY, - in_favor_of='entrypoints', - what='direct import of driver') - def _load_using_import(driver_name, *args): - return importutils.import_object(driver_name, *args) - - # For backwards-compatibility, an unregistered class reference can - # still be used. - return _load_using_import(driver_name, *args) + driver = importutils.import_object(driver_name, *args) + + msg = (_( + 'Direct import of driver %(name)r is deprecated as of Liberty in ' + 'favor of its entrypoint from %(namespace)r and may be removed in ' + 'N.') % + {'name': driver_name, 'namespace': namespace}) + versionutils.report_deprecated_feature(LOG, msg) + + return driver class Manager(object): diff -Nru keystone-8.0.1/keystone/common/sql/core.py keystone-8.1.0/keystone/common/sql/core.py --- keystone-8.0.1/keystone/common/sql/core.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/common/sql/core.py 2016-03-03 14:43:18.000000000 +0000 @@ -325,42 +325,41 @@ satisfied_filters.append(filter_) return query.filter(query_term) - def exact_filter(model, filter_, cumulative_filter_dict): + def exact_filter(model, query, filter_, satisfied_filters): """Applies an exact filter to a query. :param model: the table model in question + :param query: query to apply filters to :param dict filter_: describes this filter - :param dict cumulative_filter_dict: describes the set of exact filters - built up so far - + :param list satisfied_filters: filter_ will be added if it is + satisfied. + :returns query: query updated to add any exact filters we could + satisfy """ key = filter_['name'] col = getattr(model, key) if isinstance(col.property.columns[0].type, sql.types.Boolean): - cumulative_filter_dict[key] = ( - utils.attr_as_boolean(filter_['value'])) + filter_val = utils.attr_as_boolean(filter_['value']) else: _WontMatch.check(filter_['value'], col) - cumulative_filter_dict[key] = filter_['value'] + filter_val = filter_['value'] + + satisfied_filters.append(filter_) + return query.filter(col == filter_val) try: - filter_dict = {} satisfied_filters = [] for filter_ in hints.filters: if filter_['name'] not in model.attributes: continue if filter_['comparator'] == 'equals': - exact_filter(model, filter_, filter_dict) - satisfied_filters.append(filter_) + query = exact_filter(model, query, filter_, + satisfied_filters) else: query = inexact_filter(model, query, filter_, satisfied_filters) - # Apply any exact filters we built up - if filter_dict: - query = query.filter_by(**filter_dict) - # Remove satisfied filters, then the caller will know remaining filters for filter_ in satisfied_filters: hints.filters.remove(filter_) diff -Nru keystone-8.0.1/keystone/common/utils.py keystone-8.1.0/keystone/common/utils.py --- keystone-8.0.1/keystone/common/utils.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/common/utils.py 2016-03-03 14:43:18.000000000 +0000 @@ -526,3 +526,14 @@ except KeyError: LOG.warning(_LW("Couldn't find the auth context.")) raise exception.Unauthorized() + + +def lower_case_hostname(url): + """Change the URL's hostname to lowercase""" + # NOTE(gyee): according to + # https://www.w3.org/TR/WD-html40-970708/htmlweb.html, the netloc portion + # of the URL is case-insensitive + parsed = moves.urllib.parse.urlparse(url) + # Note: _replace method for named tuples is public and defined in docs + replaced = parsed._replace(netloc=parsed.netloc.lower()) + return moves.urllib.parse.urlunparse(replaced) diff -Nru keystone-8.0.1/keystone/common/validation/__init__.py keystone-8.1.0/keystone/common/validation/__init__.py --- keystone-8.0.1/keystone/common/validation/__init__.py 2015-12-10 13:01:52.000000000 +0000 +++ keystone-8.1.0/keystone/common/validation/__init__.py 2016-03-03 14:43:11.000000000 +0000 @@ -28,8 +28,7 @@ :param request_body_schema: a schema to validate the resource reference :param resource_to_validate: the reference to validate :raises keystone.exception.ValidationError: if `resource_to_validate` is - not passed by or passed with an empty value (see wrapper method - below). + None. (see wrapper method below). :raises TypeError: at decoration time when the expected resource to validate isn't found in the decorated method's signature @@ -49,15 +48,15 @@ @functools.wraps(func) def wrapper(*args, **kwargs): - if kwargs.get(resource_to_validate): + if (resource_to_validate in kwargs and + kwargs[resource_to_validate] is not None): schema_validator.validate(kwargs[resource_to_validate]) else: try: resource = args[arg_index] - # If resource to be validated is empty, no need to do - # validation since the message given by jsonschema doesn't - # help in this case. - if resource: + # If the resource to be validated is not None but + # empty, it is possible to be validated by jsonschema. + if resource is not None: schema_validator.validate(resource) else: raise exception.ValidationError( diff -Nru keystone-8.0.1/keystone/contrib/endpoint_filter/backends/catalog_sql.py keystone-8.1.0/keystone/contrib/endpoint_filter/backends/catalog_sql.py --- keystone-8.0.1/keystone/contrib/endpoint_filter/backends/catalog_sql.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/contrib/endpoint_filter/backends/catalog_sql.py 2016-03-03 14:43:18.000000000 +0000 @@ -17,7 +17,6 @@ from keystone.catalog.backends import sql from keystone.catalog import core as catalog_core from keystone.common import dependency -from keystone import exception CONF = cfg.CONF @@ -31,38 +30,33 @@ services = {} - refs = self.endpoint_filter_api.list_endpoints_for_project(project_id) + dict_of_endpoint_refs = (self.endpoint_filter_api. + list_endpoints_for_project(project_id)) - if (not refs and + if (not dict_of_endpoint_refs and CONF.endpoint_filter.return_all_endpoints_if_no_filter): return super(EndpointFilterCatalog, self).get_v3_catalog( user_id, project_id) - for entry in refs: - try: - endpoint = self.get_endpoint(entry['endpoint_id']) - if not endpoint['enabled']: - # Skip disabled endpoints. - continue - service_id = endpoint['service_id'] - services.setdefault( - service_id, - self.get_service(service_id)) - service = services[service_id] - del endpoint['service_id'] - del endpoint['enabled'] - del endpoint['legacy_endpoint_id'] - endpoint['url'] = catalog_core.format_url( - endpoint['url'], substitutions) - # populate filtered endpoints - if 'endpoints' in services[service_id]: - service['endpoints'].append(endpoint) - else: - service['endpoints'] = [endpoint] - except exception.EndpointNotFound: - # remove bad reference from association - self.endpoint_filter_api.remove_endpoint_from_project( - entry['endpoint_id'], project_id) + for endpoint_id, endpoint in dict_of_endpoint_refs.items(): + if not endpoint['enabled']: + # Skip disabled endpoints. + continue + service_id = endpoint['service_id'] + services.setdefault( + service_id, + self.get_service(service_id)) + service = services[service_id] + del endpoint['service_id'] + del endpoint['enabled'] + del endpoint['legacy_endpoint_id'] + endpoint['url'] = catalog_core.format_url( + endpoint['url'], substitutions) + # populate filtered endpoints + if 'endpoints' in services[service_id]: + service['endpoints'].append(endpoint) + else: + service['endpoints'] = [endpoint] # format catalog catalog = [] diff -Nru keystone-8.0.1/keystone/contrib/endpoint_filter/controllers.py keystone-8.1.0/keystone/contrib/endpoint_filter/controllers.py --- keystone-8.0.1/keystone/contrib/endpoint_filter/controllers.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/contrib/endpoint_filter/controllers.py 2016-03-03 14:43:18.000000000 +0000 @@ -103,22 +103,8 @@ def list_endpoints_for_project(self, context, project_id): """List all endpoints currently associated with a given project.""" self.resource_api.get_project(project_id) - refs = self.endpoint_filter_api.list_endpoints_for_project(project_id) - filtered_endpoints = {ref['endpoint_id']: - self.catalog_api.get_endpoint(ref['endpoint_id']) - for ref in refs} - - # need to recover endpoint_groups associated with project - # then for each endpoint group return the endpoints. - endpoint_groups = self._get_endpoint_groups_for_project(project_id) - for endpoint_group in endpoint_groups: - endpoint_refs = self._get_endpoints_filtered_by_endpoint_group( - endpoint_group['id']) - # now check if any endpoints for current endpoint group are not - # contained in the list of filtered endpoints - for endpoint_ref in endpoint_refs: - if endpoint_ref['id'] not in filtered_endpoints: - filtered_endpoints[endpoint_ref['id']] = endpoint_ref + filtered_endpoints = (self.endpoint_filter_api. + list_endpoints_for_project(project_id)) return catalog_controllers.EndpointV3.wrap_collection( context, [v for v in six.itervalues(filtered_endpoints)]) diff -Nru keystone-8.0.1/keystone/contrib/endpoint_filter/core.py keystone-8.1.0/keystone/contrib/endpoint_filter/core.py --- keystone-8.0.1/keystone/contrib/endpoint_filter/core.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/contrib/endpoint_filter/core.py 2016-03-03 14:43:18.000000000 +0000 @@ -50,6 +50,7 @@ @dependency.provider('endpoint_filter_api') +@dependency.requires('catalog_api', 'resource_api') class Manager(manager.Manager): """Default pivot point for the Endpoint Filter backend. @@ -63,6 +64,67 @@ def __init__(self): super(Manager, self).__init__(CONF.endpoint_filter.driver) + def _get_endpoint_groups_for_project(self, project_id): + # recover the project endpoint group memberships and for each + # membership recover the endpoint group + self.resource_api.get_project(project_id) + try: + refs = self.driver.list_endpoint_groups_for_project( + project_id) + endpoint_groups = [self.driver.get_endpoint_group( + ref['endpoint_group_id']) for ref in refs] + return endpoint_groups + except exception.EndpointGroupNotFound: + return [] + + def _get_endpoints_filtered_by_endpoint_group(self, endpoint_group_id): + endpoints = self.catalog_api.list_endpoints() + filters = self.driver.get_endpoint_group(endpoint_group_id)['filters'] + filtered_endpoints = [] + + for endpoint in endpoints: + is_candidate = True + for key, value in filters.items(): + if endpoint[key] != value: + is_candidate = False + break + if is_candidate: + filtered_endpoints.append(endpoint) + return filtered_endpoints + + def list_endpoints_for_project(self, project_id): + """List all endpoints associated with a project. + + :param project_id: project identifier to check + :type project_id: string + :returns: a list of endpoint ids or an empty list. + + """ + refs = self.driver.list_endpoints_for_project(project_id) + filtered_endpoints = {} + for ref in refs: + try: + endpoint = self.catalog_api.get_endpoint(ref['endpoint_id']) + filtered_endpoints.update({ref['endpoint_id']: endpoint}) + except exception.EndpointNotFound: + # remove bad reference from association + self.remove_endpoint_from_project(ref['endpoint_id'], + project_id) + + # need to recover endpoint_groups associated with project + # then for each endpoint group return the endpoints. + endpoint_groups = self._get_endpoint_groups_for_project(project_id) + for endpoint_group in endpoint_groups: + endpoint_refs = self._get_endpoints_filtered_by_endpoint_group( + endpoint_group['id']) + # now check if any endpoints for current endpoint group are not + # contained in the list of filtered endpoints + for endpoint_ref in endpoint_refs: + if endpoint_ref['id'] not in filtered_endpoints: + filtered_endpoints[endpoint_ref['id']] = endpoint_ref + + return filtered_endpoints + @six.add_metaclass(abc.ABCMeta) class EndpointFilterDriverV8(object): diff -Nru keystone-8.0.1/keystone/contrib/federation/controllers.py keystone-8.1.0/keystone/contrib/federation/controllers.py --- keystone-8.0.1/keystone/contrib/federation/controllers.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/contrib/federation/controllers.py 2016-03-03 14:43:18.000000000 +0000 @@ -24,6 +24,7 @@ from keystone.common import authorization from keystone.common import controller from keystone.common import dependency +from keystone.common import utils as k_utils from keystone.common import validation from keystone.common import wsgi from keystone.contrib.federation import idp as keystone_idp @@ -269,7 +270,11 @@ LOG.error(msg) raise exception.ValidationError(msg) - if host not in CONF.federation.trusted_dashboard: + # change trusted_dashboard hostnames to lowercase before comparison + trusted_dashboards = [k_utils.lower_case_hostname(trusted) + for trusted in CONF.federation.trusted_dashboard] + + if host not in trusted_dashboards: msg = _('%(host)s is not a trusted dashboard host') msg = msg % {'host': host} LOG.error(msg) diff -Nru keystone-8.0.1/keystone/locale/de/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/de/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/de/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/de/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: German\n" -"Language: de\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: de\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: German\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/de/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/de/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/de/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/de/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,4 +1,4 @@ -# German translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # @@ -10,18 +10,19 @@ # Tom Cocozzello , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" "Language: de\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: German\n" -"Plural-Forms: nplurals=2; plural=(n != 1)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(detail)s" diff -Nru keystone-8.0.1/keystone/locale/el/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/el/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/el/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/el/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -7,19 +7,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-09-05 01:09+0000\n" -"Last-Translator: Efstathios Iosifidis \n" -"Language-Team: Greek\n" -"Language: el\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-09-05 01:09+0000\n" +"Last-Translator: Efstathios Iosifidis \n" +"Language: el\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Greek\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/en_AU/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/en_AU/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/en_AU/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/en_AU/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: English (Australia)\n" -"Language: en-AU\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: en-AU\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: English (Australia)\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/en_AU/LC_MESSAGES/keystone-log-error.po keystone-8.1.0/keystone/locale/en_AU/LC_MESSAGES/keystone-log-error.po --- keystone-8.0.1/keystone/locale/en_AU/LC_MESSAGES/keystone-log-error.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/en_AU/LC_MESSAGES/keystone-log-error.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-06-26 05:13+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: English (Australia)\n" -"Language: en-AU\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-06-26 05:13+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: en-AU\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: English (Australia)\n" msgid "" "Error setting up the debug environment. Verify that the option --debug-url " diff -Nru keystone-8.0.1/keystone/locale/en_AU/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/en_AU/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/en_AU/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/en_AU/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,4 +1,4 @@ -# English (Australia) translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # @@ -7,18 +7,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" -"Language: en_AU\n" +"Language: en-AU\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: English (Australia)\n" -"Plural-Forms: nplurals=2; plural=(n != 1)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(property_name)s cannot be less than %(min_length)s characters." diff -Nru keystone-8.0.1/keystone/locale/es/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/es/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/es/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/es/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Spanish\n" -"Language: es\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: es\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Spanish\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/es/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/es/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/es/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/es/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,4 +1,4 @@ -# Spanish translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # @@ -13,18 +13,19 @@ # Tom Cocozzello , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" "Language: es\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: Spanish\n" -"Plural-Forms: nplurals=2; plural=(n != 1)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(detail)s" diff -Nru keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: French\n" -"Language: fr\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: fr\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: French\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone-log-error.po keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone-log-error.po --- keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone-log-error.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone-log-error.po 2016-03-03 14:43:18.000000000 +0000 @@ -8,19 +8,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-06-26 05:13+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: French\n" -"Language: fr\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-06-26 05:13+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: fr\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: French\n" #, python-format msgid "" diff -Nru keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone-log-info.po keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone-log-info.po --- keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone-log-info.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone-log-info.po 2016-03-03 14:43:18.000000000 +0000 @@ -9,19 +9,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-08-01 06:26+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: French\n" -"Language: fr\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-08-01 06:26+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: fr\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: French\n" #, python-format msgid "" diff -Nru keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone-log-warning.po keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone-log-warning.po --- keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone-log-warning.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone-log-warning.po 2016-03-03 14:43:18.000000000 +0000 @@ -8,19 +8,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-07-29 06:04+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: French\n" -"Language: fr\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-07-29 06:04+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: fr\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: French\n" #, python-format msgid "%s is not a dogpile.proxy.ProxyBackend" diff -Nru keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/fr/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/fr/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,4 +1,4 @@ -# French translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # @@ -7,23 +7,25 @@ # Maxime COQUEREL , 2014 # Andrew Melim , 2014 # Olivier Perrin , 2013 +# Olivier Perrin , 2013 # Rémi Le Trocquer , 2014 # OpenStack Infra , 2015. #zanata # Tom Cocozzello , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" "Language: fr\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: French\n" -"Plural-Forms: nplurals=2; plural=(n > 1)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(detail)s" diff -Nru keystone-8.0.1/keystone/locale/hu/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/hu/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/hu/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/hu/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Hungarian\n" -"Language: hu\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: hu\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Hungarian\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/it/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/it/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/it/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/it/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Italian\n" -"Language: it\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: it\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Italian\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/it/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/it/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/it/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/it/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,4 +1,4 @@ -# Italian translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # @@ -7,18 +7,19 @@ # Tom Cocozzello , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" "Language: it\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: Italian\n" -"Plural-Forms: nplurals=2; plural=(n != 1)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(detail)s" diff -Nru keystone-8.0.1/keystone/locale/ja/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/ja/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/ja/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/ja/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # Akihiro Motoki , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Japanese\n" -"Language: ja\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: ja\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Japanese\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/ja/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/ja/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/ja/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/ja/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,4 +1,4 @@ -# Japanese translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # @@ -7,18 +7,19 @@ # Akihiro Motoki , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-27 10:27+0000\n" "Last-Translator: Akihiro Motoki \n" "Language: ja\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: Japanese\n" -"Plural-Forms: nplurals=1; plural=0\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(detail)s" diff -Nru keystone-8.0.1/keystone/locale/keystone.pot keystone-8.1.0/keystone/locale/keystone.pot --- keystone-8.0.1/keystone/locale/keystone.pot 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/keystone.pot 2016-03-03 14:43:18.000000000 +0000 @@ -1,21 +1,21 @@ # Translations template for keystone. -# Copyright (C) 2015 OpenStack Foundation +# Copyright (C) 2016 OpenStack Foundation # This file is distributed under the same license as the keystone project. -# FIRST AUTHOR , 2015. +# FIRST AUTHOR , 2016. # #, fuzzy msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.0.0rc2.dev1\n" +"Project-Id-Version: keystone 8.0.2.dev24\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-10-01 06:09+0000\n" +"POT-Creation-Date: 2016-02-01 06:31+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" +"Generated-By: Babel 2.2.0\n" #: keystone/exception.py:78 #, python-format @@ -412,34 +412,34 @@ msgid "Name field is required and cannot be empty" msgstr "" -#: keystone/assignment/controllers.py:155 -#: keystone/assignment/controllers.py:174 +#: keystone/assignment/controllers.py:157 +#: keystone/assignment/controllers.py:176 msgid "User roles not supported: tenant_id required" msgstr "" -#: keystone/assignment/controllers.py:338 -#: keystone/assignment/controllers.py:579 +#: keystone/assignment/controllers.py:340 +#: keystone/assignment/controllers.py:581 msgid "Specify a domain or project, not both" msgstr "" -#: keystone/assignment/controllers.py:341 +#: keystone/assignment/controllers.py:343 msgid "Specify one of domain or project" msgstr "" -#: keystone/assignment/controllers.py:346 -#: keystone/assignment/controllers.py:584 +#: keystone/assignment/controllers.py:348 +#: keystone/assignment/controllers.py:586 msgid "Specify a user or group, not both" msgstr "" -#: keystone/assignment/controllers.py:349 +#: keystone/assignment/controllers.py:351 msgid "Specify one of user or group" msgstr "" -#: keystone/assignment/controllers.py:568 +#: keystone/assignment/controllers.py:570 msgid "Combining effective and group filter will always result in an empty list." msgstr "" -#: keystone/assignment/controllers.py:573 +#: keystone/assignment/controllers.py:575 msgid "" "Combining effective, domain and inherited filters will always result in " "an empty list." @@ -505,30 +505,37 @@ msgid "Cannot duplicate name %s" msgstr "" -#: keystone/auth/controllers.py:118 +#: keystone/auth/controllers.py:60 +#, python-format +msgid "" +"Direct import of auth plugin %(name)r is deprecated as of Liberty in " +"favor of its entrypoint from %(namespace)r and may be removed in N." +msgstr "" + +#: keystone/auth/controllers.py:121 #, python-format msgid "" "Unable to reconcile identity attribute %(attribute)s as it has " "conflicting values %(new)s and %(old)s" msgstr "" -#: keystone/auth/controllers.py:344 keystone/middleware/core.py:227 +#: keystone/auth/controllers.py:347 keystone/middleware/core.py:227 msgid "Scoping to both domain and project is not allowed" msgstr "" -#: keystone/auth/controllers.py:347 +#: keystone/auth/controllers.py:350 msgid "Scoping to both domain and trust is not allowed" msgstr "" -#: keystone/auth/controllers.py:350 +#: keystone/auth/controllers.py:353 msgid "Scoping to both project and trust is not allowed" msgstr "" -#: keystone/auth/controllers.py:520 +#: keystone/auth/controllers.py:523 msgid "User not found" msgstr "" -#: keystone/auth/controllers.py:624 +#: keystone/auth/controllers.py:627 msgid "A project-scoped token is required to produce a service catalog." msgstr "" @@ -568,7 +575,7 @@ msgid "rescope a scoped token" msgstr "" -#: keystone/catalog/controllers.py:175 +#: keystone/catalog/controllers.py:212 #, python-format msgid "Conflicting region IDs specified: \"%(url_id)s\" != \"%(ref_id)s\"" msgstr "" @@ -695,27 +702,22 @@ msgid "%(property_name)s is not a %(display_expected_type)s" msgstr "" -#: keystone/common/controller.py:230 keystone/common/controller.py:246 -#: keystone/token/providers/common.py:638 -msgid "Non-default domain is not supported" -msgstr "" - -#: keystone/common/controller.py:329 keystone/common/controller.py:358 +#: keystone/common/controller.py:309 keystone/common/controller.py:338 #: keystone/identity/core.py:596 keystone/resource/core.py:788 #: keystone/resource/backends/ldap.py:66 keystone/resource/backends/ldap.py:74 #, python-format msgid "Expected dict or list: %s" msgstr "" -#: keystone/common/controller.py:371 +#: keystone/common/controller.py:351 msgid "Marker could not be found" msgstr "" -#: keystone/common/controller.py:382 +#: keystone/common/controller.py:362 msgid "Invalid limit value" msgstr "" -#: keystone/common/controller.py:690 +#: keystone/common/controller.py:670 msgid "Cannot change Domain ID" msgstr "" @@ -729,6 +731,13 @@ msgid "Unexpected status requested for JSON Home response, %s" msgstr "" +#: keystone/common/manager.py:77 +#, python-format +msgid "" +"Direct import of driver %(name)r is deprecated as of Liberty in favor of " +"its entrypoint from %(namespace)r and may be removed in N." +msgstr "" + #: keystone/common/tokenless_auth.py:74 msgid "Neither Project Domain ID nor Project Domain Name was provided." msgstr "" @@ -925,11 +934,11 @@ " self " msgstr "" -#: keystone/common/sql/core.py:445 +#: keystone/common/sql/core.py:444 msgid "Duplicate Entry" msgstr "" -#: keystone/common/sql/core.py:461 +#: keystone/common/sql/core.py:460 #, python-format msgid "An unexpected error occurred when trying to store %s" msgstr "" @@ -1123,8 +1132,8 @@ msgstr "" #: keystone/contrib/revoke/core.py:227 keystone/token/provider.py:197 -#: keystone/token/provider.py:221 keystone/token/provider.py:287 -#: keystone/token/provider.py:294 +#: keystone/token/provider.py:221 keystone/token/provider.py:293 +#: keystone/token/provider.py:300 msgid "Failed to validate token" msgstr "" @@ -1137,7 +1146,7 @@ msgid "Enabled field must be a boolean" msgstr "" -#: keystone/identity/controllers.py:100 +#: keystone/identity/controllers.py:101 msgid "Enabled field should be a boolean" msgstr "" @@ -1194,17 +1203,17 @@ msgid "Found invalid token: scoped to both project and domain." msgstr "" -#: keystone/resource/controllers.py:218 +#: keystone/resource/controllers.py:222 msgid "The creation of projects acting as domains is not allowed yet." msgstr "" -#: keystone/resource/controllers.py:252 +#: keystone/resource/controllers.py:256 msgid "" "Cannot use parents_as_list and parents_as_ids query params at the same " "time." msgstr "" -#: keystone/resource/controllers.py:258 +#: keystone/resource/controllers.py:262 msgid "" "Cannot use subtree_as_list and subtree_as_ids query params at the same " "time." @@ -1283,78 +1292,78 @@ msgid "cannot delete a domain that is enabled, please disable it first." msgstr "" -#: keystone/resource/core.py:876 +#: keystone/resource/core.py:877 msgid "No options specified" msgstr "" -#: keystone/resource/core.py:882 +#: keystone/resource/core.py:883 #, python-format msgid "" "The value of group %(group)s specified in the config should be a " "dictionary of options" msgstr "" -#: keystone/resource/core.py:906 +#: keystone/resource/core.py:907 #, python-format msgid "" "Option %(option)s found with no group specified while checking domain " "configuration request" msgstr "" -#: keystone/resource/core.py:913 +#: keystone/resource/core.py:914 #, python-format msgid "Group %(group)s is not supported for domain specific configurations" msgstr "" -#: keystone/resource/core.py:920 +#: keystone/resource/core.py:921 #, python-format msgid "" "Option %(option)s in group %(group)s is not supported for domain specific" " configurations" msgstr "" -#: keystone/resource/core.py:973 +#: keystone/resource/core.py:974 msgid "An unexpected error occurred when retrieving domain configs" msgstr "" -#: keystone/resource/core.py:1052 keystone/resource/core.py:1136 -#: keystone/resource/core.py:1207 keystone/resource/config_backends/sql.py:76 +#: keystone/resource/core.py:1053 keystone/resource/core.py:1137 +#: keystone/resource/core.py:1208 keystone/resource/config_backends/sql.py:76 #, python-format msgid "option %(option)s in group %(group)s" msgstr "" -#: keystone/resource/core.py:1055 keystone/resource/core.py:1141 -#: keystone/resource/core.py:1203 +#: keystone/resource/core.py:1056 keystone/resource/core.py:1142 +#: keystone/resource/core.py:1204 #, python-format msgid "group %(group)s" msgstr "" -#: keystone/resource/core.py:1057 +#: keystone/resource/core.py:1058 msgid "any options" msgstr "" -#: keystone/resource/core.py:1101 +#: keystone/resource/core.py:1102 #, python-format msgid "" "Trying to update option %(option)s in group %(group)s, so that, and only " "that, option must be specified in the config" msgstr "" -#: keystone/resource/core.py:1106 +#: keystone/resource/core.py:1107 #, python-format msgid "" "Trying to update group %(group)s, so that, and only that, group must be " "specified in the config" msgstr "" -#: keystone/resource/core.py:1115 +#: keystone/resource/core.py:1116 #, python-format msgid "" "request to update group %(group)s, but config provided contains group " "%(group_other)s instead" msgstr "" -#: keystone/resource/core.py:1122 +#: keystone/resource/core.py:1123 #, python-format msgid "" "Trying to update option %(option)s in group %(group)s, but config " @@ -1397,67 +1406,59 @@ msgid "Token does not belong to specified tenant." msgstr "" -#: keystone/token/persistence/backends/kvs.py:132 -#, python-format -msgid "Unknown token version %s" -msgstr "" - -#: keystone/token/providers/common.py:53 -msgid "Domains are not supported by the v2 API. Please use the v3 API instead." +#: keystone/token/provider.py:234 keystone/token/provider.py:255 +msgid "No token in the request" msgstr "" -#: keystone/token/providers/common.py:63 -#, python-format -msgid "" -"Project not found in the default domain (please use the v3 API instead): " -"%s" -msgstr "" - -#: keystone/token/providers/common.py:82 +#: keystone/token/persistence/backends/kvs.py:132 #, python-format -msgid "User not found in the default domain (please use the v3 API instead): %s" +msgid "Unknown token version %s" msgstr "" -#: keystone/token/providers/common.py:299 -#: keystone/token/providers/common.py:404 +#: keystone/token/providers/common.py:274 +#: keystone/token/providers/common.py:388 #, python-format msgid "User %(user_id)s has no access to project %(project_id)s" msgstr "" -#: keystone/token/providers/common.py:304 -#: keystone/token/providers/common.py:409 +#: keystone/token/providers/common.py:279 +#: keystone/token/providers/common.py:393 #, python-format msgid "User %(user_id)s has no access to domain %(domain_id)s" msgstr "" -#: keystone/token/providers/common.py:331 +#: keystone/token/providers/common.py:306 msgid "Trustor is disabled." msgstr "" -#: keystone/token/providers/common.py:395 +#: keystone/token/providers/common.py:379 msgid "Trustee has no delegated roles." msgstr "" -#: keystone/token/providers/common.py:456 +#: keystone/token/providers/common.py:440 #, python-format msgid "Invalid audit info data type: %(data)s (%(type)s)" msgstr "" -#: keystone/token/providers/common.py:484 +#: keystone/token/providers/common.py:468 msgid "User is not a trustee." msgstr "" -#: keystone/token/providers/common.py:553 +#: keystone/token/providers/common.py:537 msgid "The configured token provider does not support bind authentication." msgstr "" -#: keystone/token/providers/common.py:628 +#: keystone/token/providers/common.py:612 msgid "" "Attempting to use OS-FEDERATION token with V2 Identity Service, use V3 " "Authentication" msgstr "" -#: keystone/token/providers/common.py:646 +#: keystone/token/providers/common.py:622 +msgid "Non-default domain is not supported" +msgstr "" + +#: keystone/token/providers/common.py:626 msgid "Domain scoped token is not supported" msgstr "" @@ -1465,17 +1466,17 @@ msgid "Unable to sign token." msgstr "" -#: keystone/token/providers/fernet/core.py:215 +#: keystone/token/providers/fernet/core.py:217 msgid "" "This is not a v2.0 Fernet token. Use v3 for trust, domain, or federated " "tokens." msgstr "" -#: keystone/token/providers/fernet/token_formatters.py:83 +#: keystone/token/providers/fernet/token_formatters.py:95 msgid "This is not a recognized Fernet token" msgstr "" -#: keystone/token/providers/fernet/token_formatters.py:246 +#: keystone/token/providers/fernet/token_formatters.py:258 #, python-format msgid "This is not a recognized Fernet payload version: %s" msgstr "" @@ -1514,26 +1515,26 @@ msgid "Some of requested roles are not in redelegated trust" msgstr "" -#: keystone/trust/core.py:120 +#: keystone/trust/core.py:115 msgid "One of the trust agents is disabled or deleted" msgstr "" -#: keystone/trust/core.py:139 +#: keystone/trust/core.py:134 msgid "remaining_uses must be a positive integer or null." msgstr "" -#: keystone/trust/core.py:145 +#: keystone/trust/core.py:140 #, python-format msgid "" "Requested redelegation depth of %(requested_count)d is greater than " "allowed %(max_count)d" msgstr "" -#: keystone/trust/core.py:152 +#: keystone/trust/core.py:147 msgid "remaining_uses must not be set if redelegation is allowed" msgstr "" -#: keystone/trust/core.py:162 +#: keystone/trust/core.py:157 msgid "" "Modifying \"redelegation_count\" upon redelegation is forbidden. Omitting" " this parameter is advised." diff -Nru keystone-8.0.1/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/ko_KR/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Korean (South Korea)\n" -"Language: ko-KR\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: ko-KR\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Korean (South Korea)\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/ko_KR/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/ko_KR/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/ko_KR/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/ko_KR/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,25 +1,27 @@ -# Korean (South Korea) translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # # Translators: # Sungjin Kang , 2013 +# Sungjin Kang , 2013 # Lucas Palm , 2015. #zanata # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" -"Language: ko_KR\n" +"Language: ko-KR\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: Korean (South Korea)\n" -"Plural-Forms: nplurals=1; plural=0\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(detail)s" diff -Nru keystone-8.0.1/keystone/locale/pl_PL/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/pl_PL/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/pl_PL/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/pl_PL/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,20 +6,20 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Polish (Poland)\n" -"Language: pl-PL\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: pl-PL\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Polish (Poland)\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Portuguese (Brazil)\n" -"Language: pt-BR\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: pt-BR\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Portuguese (Brazil)\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-error.po keystone-8.1.0/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-error.po --- keystone-8.0.1/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-error.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/pt_BR/LC_MESSAGES/keystone-log-error.po 2016-03-03 14:43:18.000000000 +0000 @@ -4,21 +4,22 @@ # # Translators: # OpenStack Infra , 2015. #zanata +# Raildo Mascena , 2016. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev24\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-06-26 05:13+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Portuguese (Brazil)\n" -"Language: pt-BR\n" +"POT-Creation-Date: 2016-01-31 23:17+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2016-01-28 01:30+0000\n" +"Last-Translator: Raildo Mascena \n" +"Language: pt-BR\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Portuguese (Brazil)\n" msgid "" "Error setting up the debug environment. Verify that the option --debug-url " @@ -40,6 +41,10 @@ msgid "Malformed endpoint %(url)s - unknown key %(keyerror)s" msgstr "Endpoint mal formado %(url)s - chave desconhecida %(keyerror)s" +#, python-format +msgid "Malformed endpoint - %(url)r is not a string" +msgstr "URL de endpoint malformada - %(url)r não é uma string" + msgid "Server error" msgstr "Erro do servidor" @@ -51,6 +56,9 @@ "Não é possível construir chave de configuração do cache. Formato esperado " "\":\". Pulando formato desconhecido: %s" +msgid "Unable to sign token" +msgstr "Não é possível assinar o token." + #, python-format msgid "Unexpected error or malformed token determining token expiry: %s" msgstr "" diff -Nru keystone-8.0.1/keystone/locale/pt_BR/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/pt_BR/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/pt_BR/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/pt_BR/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,27 +1,31 @@ -# Portuguese (Brazil) translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # # Translators: # Gabriel Wainer, 2013 +# Gabriel Wainer, 2013 # Lucas Ribeiro , 2014 # Volmar Oliveira Junior , 2013 +# Volmar Oliveira Junior , 2013 # Lucas Palm , 2015. #zanata # OpenStack Infra , 2015. #zanata +# Raildo Mascena , 2016. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev24\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-09-03 12:54+0000\n" -"Last-Translator: openstackjenkins \n" -"Language: pt_BR\n" -"Language-Team: Portuguese (Brazil)\n" -"Plural-Forms: nplurals=2; plural=(n > 1)\n" +"POT-Creation-Date: 2016-01-31 23:16+0000\n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" +"Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" +"PO-Revision-Date: 2016-01-28 01:24+0000\n" +"Last-Translator: Raildo Mascena \n" +"Language: pt-BR\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Portuguese (Brazil)\n" #, python-format msgid "%(detail)s" @@ -140,6 +144,14 @@ msgid "Authentication plugin error." msgstr "Erro do plugin de autenticação." +#, python-format +msgid "" +"Backend `%(backend)s` is not a valid memcached backend. Valid backends: " +"%(backend_list)s" +msgstr "" +"Backend `%(backend)s`não é um memcached backend válido. Backends válidos: " +"%(backend_list)s" + msgid "Cannot authorize a request token with a token issued via delegation." msgstr "" "Não é possível autorizar um token de solicitação com um token emitido por " @@ -162,6 +174,10 @@ msgstr "Não é possível alterar o nome de usuário" #, python-format +msgid "Cannot create an endpoint with an invalid URL: %(url)s" +msgstr "Não é possível criar um endpoint com uma URL inválida: %(url)s" + +#, python-format msgid "Cannot create project with parent: %(project_id)s" msgstr "Não é possível criar o projeto com o pai: %(project_id)s" @@ -214,6 +230,10 @@ "vazia." #, python-format +msgid "Config API entity at /domains/%s/config" +msgstr "Entidade de API de configuração em /domains/%s/config" + +#, python-format msgid "Conflict occurred attempting to store %(type)s - %(details)s" msgstr "Ocorreu um conflito ao tentar armazenar %(type)s -%(details)s" @@ -426,6 +446,18 @@ "arquivo: %(file)s." #, python-format +msgid "Error while opening file %(path)s: %(err)s" +msgstr "Erro enquanto abria arquivo: %(path)s: %(err)s" + +#, python-format +msgid "Error while parsing line: '%(line)s': %(err)s" +msgstr "Erro ao analisar linhas %(line)s: %(err)s" + +#, python-format +msgid "Error while parsing rules %(path)s: %(err)s" +msgstr "Erro ao analisar regras %(path)s: %(err)s" + +#, python-format msgid "Error while reading metadata file, %(reason)s" msgstr "Erro ao ler arquivo de metadados, %(reason)s" @@ -610,6 +642,9 @@ msgid "LDAP %s update" msgstr "Atualização de LDAP %s" +msgid "LDAP does not support projects with is_domain flag enabled" +msgstr "LDAP não suporta projetos com a flag is_domain habilitada" + #, python-format msgid "Lock Timeout occurred for key, %(target)s" msgstr "Ocorreu um tempo limite de bloqueio para a chave, %(target)s" @@ -662,6 +697,10 @@ msgid "Name field is required and cannot be empty" msgstr "Campo nome é requerido e não pode ser vazio" +msgid "Neither Project Domain ID nor Project Domain Name was provided." +msgstr "" +"Nem ID de Domínio do Projeto nem Nome do Domínio do Projeto foram fornecidos." + msgid "" "No Authorization headers found, cannot proceed with OAuth related calls, if " "running under HTTPd or Apache, ensure WSGIPassAuthorization is set to On." @@ -690,6 +729,9 @@ msgid "No remaining uses for trust: %(trust_id)s" msgstr "Nenhum uso restante para confiança: %(trust_id)s" +msgid "No token in the request" +msgstr "Não existe token na requisição." + msgid "Non-default domain is not supported" msgstr "O domínio não padrão não é suportado" @@ -717,9 +759,19 @@ msgstr "Projeto (%s)" #, python-format +msgid "Project ID not found: %(t_id)s" +msgstr "ID de projeto não encontrado: %(t_id)s" + +msgid "Project field is required and cannot be empty." +msgstr "Campo projeto é requerido e não pode ser vazio." + +#, python-format msgid "Project is disabled: %s" msgstr "O projeto está desativado: %s" +msgid "Query string is not UTF-8 encoded" +msgstr "A query string não é codificada em UTF-8" + msgid "Redelegation allowed for delegated by trust only" msgstr "Nova delegação permitida para delegado pela confiança somente" @@ -815,6 +867,15 @@ "Comprimento de string excedido. O comprimento de string '%(string)s' excedeu " "o limite da coluna %(type)s(CHAR(%(length)d))." +msgid "" +"The 'expires_at' must not be before now. The server could not comply with " +"the request since it is either malformed or otherwise incorrect. The client " +"is assumed to be in error." +msgstr "" +"O 'expires_at' não deve ser anterior a agora. O servidor não pôde obedecer à " +"solicitação porque ela está malformada ou de alguma maneira incorreta. O " +"cliente é assumido como tendo erro." + msgid "The --all option cannot be used with the --domain-name option" msgstr "A opção --all não pode ser usada com a opção --domain-name" @@ -847,6 +908,12 @@ "esse servidor não utiliza tokens PKI, caso contrário, este é o resultado de " "configuração incorreta." +msgid "The configured token provider does not support bind authentication." +msgstr "O provedor de token configurado não suporta autenticação bind." + +msgid "The creation of projects acting as domains is not allowed yet." +msgstr "A criação de projetos agindo como domínios ainda não é permitida." + #, python-format msgid "" "The password length must be less than or equal to %(size)i. The server could " @@ -894,6 +961,9 @@ msgid "This is not a recognized Fernet payload version: %s" msgstr "Esta não é uma versão de carga útil do Fernet reconhecida: %s" +msgid "This is not a recognized Fernet token" +msgstr "Este não é um token Fernet reconhecido." + msgid "" "This is not a v2.0 Fernet token. Use v3 for trust, domain, or federated " "tokens." @@ -926,6 +996,9 @@ msgid "Token does not belong to specified tenant." msgstr "O token não pertence ao tenant especificado." +msgid "Token version is unrecognizable or unsupported." +msgstr "Versão do Token é irreconhecível ou não suportada." + msgid "Trustee has no delegated roles." msgstr "Fiador não possui roles delegados." @@ -1050,6 +1123,9 @@ msgid "Unregistered dependency: %(name)s for %(targets)s" msgstr "Dependência não registrada: %(name)s para %(targets)s" +msgid "Update of `is_domain` is not allowed." +msgstr "Atualização de 'is_domain' não é permitida." + msgid "Update of `parent_id` is not allowed." msgstr "Atualização de ‘parent_id’ não é permitida." @@ -1085,6 +1161,14 @@ msgid "User IDs do not match" msgstr "ID de usuário não confere" +msgid "" +"User auth cannot be built due to missing either user id, or user name with " +"domain id, or user name with domain name." +msgstr "" +"A autenticação do usuário não pode ser construída porque está faltando o ID " +"ou o nome do usuário com o ID do domínio ou o nome do usuário com o nome do " +"domínio." + #, python-format msgid "User is disabled: %s" msgstr "O usuário está desativado: %s" @@ -1098,6 +1182,9 @@ msgid "User not found" msgstr "Usuário não localizado" +msgid "User roles not supported: tenant_id required" +msgstr "Papel de usuário não suportado: requer tenant_id" + #, python-format msgid "User type %s not supported" msgstr "Tipo de usuário %s não suportado" @@ -1267,3 +1354,11 @@ #, python-format msgid "token reference must be a KeystoneToken type, got: %s" msgstr "referência de token deve ser um tipo KeystoneToken, obteve: %s" + +#, python-format +msgid "" +"validated expected to find %(param_name)r in function signature for " +"%(func_name)r." +msgstr "" +"validado esperava localizar %(param_name)r na assinatura da função para " +"%(func_name)r." diff -Nru keystone-8.0.1/keystone/locale/ru/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/ru/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/ru/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/ru/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,21 +6,21 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Russian\n" -"Language: ru\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: ru\n" "Plural-Forms: nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n" "%100>=11 && n%100<=14)? 2 : 3);\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Russian\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/ru/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/ru/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/ru/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/ru/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,28 +1,30 @@ -# Russian translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # # Translators: # kogamatranslator49 , 2015 # sher , 2013 +# sher , 2013 # Lucas Palm , 2015. #zanata # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" "Language: ru\n" -"Language-Team: Russian\n" "Plural-Forms: nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n" -"%100>=11 && n%100<=14)? 2 : 3)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" +"%100>=11 && n%100<=14)? 2 : 3);\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Russian\n" #, python-format msgid "%(detail)s" diff -Nru keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-08-04 01:49+0000\n" -"Last-Translator: İşbaran Akçayır \n" -"Language-Team: Turkish (Turkey)\n" -"Language: tr-TR\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-08-04 01:49+0000\n" +"Last-Translator: İşbaran Akçayır \n" +"Language: tr-TR\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Turkish (Turkey)\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-error.po keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-error.po --- keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-error.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-error.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-08-04 01:50+0000\n" -"Last-Translator: İşbaran Akçayır \n" -"Language-Team: Turkish (Turkey)\n" -"Language: tr-TR\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-08-04 01:50+0000\n" +"Last-Translator: İşbaran Akçayır \n" +"Language: tr-TR\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Turkish (Turkey)\n" msgid "Cannot retrieve Authorization headers" msgstr "Yetkilendirme başlıkları alınamıyor" diff -Nru keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-info.po keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-info.po --- keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-info.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-info.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-08-04 01:49+0000\n" -"Last-Translator: İşbaran Akçayır \n" -"Language-Team: Turkish (Turkey)\n" -"Language: tr-TR\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-08-04 01:49+0000\n" +"Last-Translator: İşbaran Akçayır \n" +"Language: tr-TR\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Turkish (Turkey)\n" #, python-format msgid "" diff -Nru keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-warning.po keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-warning.po --- keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-warning.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone-log-warning.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-09-03 12:54+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Turkish (Turkey)\n" -"Language: tr-TR\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-09-03 12:54+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: tr-TR\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Turkish (Turkey)\n" #, python-format msgid "%s is not a dogpile.proxy.ProxyBackend" diff -Nru keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/tr_TR/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/tr_TR/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,4 +1,4 @@ -# Turkish (Turkey) translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # @@ -6,21 +6,23 @@ # Alper Çiftçi , 2015 # Andreas Jaeger , 2015 # catborise , 2013 +# catborise , 2013 # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev24\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-31 23:16+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" -"Language: tr_TR\n" +"Language: tr-TR\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: Turkish (Turkey)\n" -"Plural-Forms: nplurals=1; plural=0\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(detail)s" @@ -386,9 +388,6 @@ "Alan: %(domain)s zaten tanımlanmış bir yapılandırmaya sahip - dosya " "atlanıyor: %(file)s." -msgid "Domains are not supported by the v2 API. Please use the v3 API instead." -msgstr "v2 API alanları desteklemiyor. Bunun yerine lütfen v3 API kullanın" - msgid "Domains are read-only against LDAP" msgstr "Alanlar LDAP'a karşı yalnızca-okunur" diff -Nru keystone-8.0.1/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Chinese (China)\n" -"Language: zh-CN\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: zh-CN\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Chinese (China)\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-error.po keystone-8.1.0/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-error.po --- keystone-8.0.1/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-error.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-error.po 2016-03-03 14:43:18.000000000 +0000 @@ -8,19 +8,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-06-26 05:13+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Chinese (China)\n" -"Language: zh-CN\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-06-26 05:13+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: zh-CN\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Chinese (China)\n" msgid "Cannot retrieve Authorization headers" msgstr "无法获取认证头信息" diff -Nru keystone-8.0.1/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-info.po keystone-8.1.0/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-info.po --- keystone-8.0.1/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-info.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/zh_CN/LC_MESSAGES/keystone-log-info.po 2016-03-03 14:43:18.000000000 +0000 @@ -7,19 +7,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2015-08-01 06:26+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Chinese (China)\n" -"Language: zh-CN\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2015-08-01 06:26+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: zh-CN\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Chinese (China)\n" #, python-format msgid "" diff -Nru keystone-8.0.1/keystone/locale/zh_CN/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/zh_CN/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/zh_CN/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/zh_CN/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,4 +1,4 @@ -# Chinese (Simplified, China) translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # @@ -6,23 +6,26 @@ # Zhong Chaoliang , 2013 # Dongliang Yu , 2013 # Lee Yao , 2013 +# Lee Yao , 2013 +# Zhong Chaoliang , 2013 # 颜海峰 , 2014 # Lucas Palm , 2015. #zanata # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" -"Language: zh_Hans_CN\n" +"Language: zh-CN\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: Chinese (China)\n" -"Plural-Forms: nplurals=1; plural=0\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(detail)s" diff -Nru keystone-8.0.1/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-critical.po keystone-8.1.0/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-critical.po --- keystone-8.0.1/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-critical.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/zh_TW/LC_MESSAGES/keystone-log-critical.po 2016-03-03 14:43:18.000000000 +0000 @@ -6,19 +6,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" -"PO-Revision-Date: 2014-08-31 03:19+0000\n" -"Last-Translator: openstackjenkins \n" -"Language-Team: Chinese (Taiwan)\n" -"Language: zh-TW\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"PO-Revision-Date: 2014-08-31 03:19+0000\n" +"Last-Translator: openstackjenkins \n" +"Language: zh-TW\n" "Plural-Forms: nplurals=1; plural=0;\n" "Generated-By: Babel 2.0\n" -"X-Generator: Zanata 3.7.1\n" +"X-Generator: Zanata 3.7.3\n" +"Language-Team: Chinese (Taiwan)\n" #, python-format msgid "Unable to open template file %s" diff -Nru keystone-8.0.1/keystone/locale/zh_TW/LC_MESSAGES/keystone.po keystone-8.1.0/keystone/locale/zh_TW/LC_MESSAGES/keystone.po --- keystone-8.0.1/keystone/locale/zh_TW/LC_MESSAGES/keystone.po 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/locale/zh_TW/LC_MESSAGES/keystone.po 2016-03-03 14:43:18.000000000 +0000 @@ -1,4 +1,4 @@ -# Chinese (Traditional, Taiwan) translations for keystone. +# Translations template for keystone. # Copyright (C) 2015 OpenStack Foundation # This file is distributed under the same license as the keystone project. # @@ -7,18 +7,19 @@ # OpenStack Infra , 2015. #zanata msgid "" msgstr "" -"Project-Id-Version: keystone 8.0.1.dev11\n" +"Project-Id-Version: keystone 8.0.2.dev18\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/keystone\n" -"POT-Creation-Date: 2015-11-05 06:13+0000\n" +"POT-Creation-Date: 2016-01-15 23:36+0000\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2015-09-03 12:54+0000\n" "Last-Translator: openstackjenkins \n" -"Language: zh_Hant_TW\n" +"Language: zh-TW\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"Generated-By: Babel 2.0\n" +"X-Generator: Zanata 3.7.3\n" "Language-Team: Chinese (Taiwan)\n" -"Plural-Forms: nplurals=1; plural=0\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.1.1\n" #, python-format msgid "%(detail)s" diff -Nru keystone-8.0.1/keystone/tests/unit/core.py keystone-8.1.0/keystone/tests/unit/core.py --- keystone-8.0.1/keystone/tests/unit/core.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/core.py 2016-03-03 14:43:18.000000000 +0000 @@ -321,15 +321,21 @@ def new_trust_ref(trustor_user_id, trustee_user_id, project_id=None, impersonation=None, expires=None, role_ids=None, role_names=None, remaining_uses=None, - allow_redelegation=False): - ref = dict() - ref['id'] = uuid.uuid4().hex - ref['trustor_user_id'] = trustor_user_id - ref['trustee_user_id'] = trustee_user_id - ref['impersonation'] = impersonation or False - ref['project_id'] = project_id - ref['remaining_uses'] = remaining_uses - ref['allow_redelegation'] = allow_redelegation + allow_redelegation=False, redelegation_count=None, + redelegated_trust_id=None, **kwargs): + ref = { + 'id': uuid.uuid4().hex, + 'trustor_user_id': trustor_user_id, + 'trustee_user_id': trustee_user_id, + 'impersonation': impersonation or False, + 'project_id': project_id, + 'remaining_uses': remaining_uses, + 'allow_redelegation': allow_redelegation, + 'redelegated_trust_id': redelegated_trust_id, + } + + if isinstance(redelegation_count, int): + ref.update(redelegation_count=redelegation_count) if isinstance(expires, six.string_types): ref['expires_at'] = expires diff -Nru keystone-8.0.1/keystone/tests/unit/test_associate_project_endpoint_extension.py keystone-8.1.0/keystone/tests/unit/test_associate_project_endpoint_extension.py --- keystone-8.0.1/keystone/tests/unit/test_associate_project_endpoint_extension.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/test_associate_project_endpoint_extension.py 2016-03-03 14:43:18.000000000 +0000 @@ -959,6 +959,15 @@ endpoints = self.assertValidEndpointListResponse(r) self.assertEqual(len(endpoints), 2) + # Ensure catalog includes the endpoints from endpoint_group project + # association, this is needed when a project scoped token is issued + # and "endpoint_filter.sql" backend driver is in place. + user_id = uuid.uuid4().hex + catalog_list = self.catalog_api.get_v3_catalog( + user_id, + self.default_domain_project_id) + self.assertEqual(2, len(catalog_list)) + # Now remove project endpoint group association url = self._get_project_endpoint_group_url( endpoint_group_id, self.default_domain_project_id) @@ -973,6 +982,11 @@ endpoints = self.assertValidEndpointListResponse(r) self.assertEqual(len(endpoints), 1) + catalog_list = self.catalog_api.get_v3_catalog( + user_id, + self.default_domain_project_id) + self.assertEqual(1, len(catalog_list)) + def test_endpoint_group_project_cleanup_with_project(self): # create endpoint group endpoint_group_id = self._create_valid_endpoint_group( diff -Nru keystone-8.0.1/keystone/tests/unit/test_backend_ldap.py keystone-8.1.0/keystone/tests/unit/test_backend_ldap.py --- keystone-8.0.1/keystone/tests/unit/test_backend_ldap.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/test_backend_ldap.py 2016-03-03 14:43:18.000000000 +0000 @@ -20,6 +20,7 @@ import ldap import mock from oslo_config import cfg +from oslotest import mockpatch import pkg_resources from six.moves import range from testtools import matchers @@ -37,6 +38,7 @@ from keystone.tests.unit.ksfixtures import database from keystone.tests.unit.ksfixtures import ldapdb from keystone.tests.unit import test_backend +from keystone.tests.unit.utils import wip CONF = cfg.CONF @@ -2282,6 +2284,37 @@ user_ref = user_api.get('123456789') self.assertIs(False, user_ref['enabled']) + def test_escape_member_dn(self): + # The enabled member DN is properly escaped when querying for enabled + # user. + + object_id = uuid.uuid4().hex + driver = self.identity_api._select_identity_driver( + CONF.identity.default_domain_id) + + # driver.user is the EnabledEmuMixIn implementation used for this test. + mixin_impl = driver.user + + # ) is a special char in a filter and must be escaped. + sample_dn = 'cn=foo)bar' + # LDAP requires ) is escaped by being replaced with "\29" + sample_dn_filter_esc = r'cn=foo\29bar' + + # Override the tree_dn, it's used to build the enabled member filter + mixin_impl.tree_dn = sample_dn + + # The filter that _get_enabled is going to build contains the + # tree_dn, which better be escaped in this case. + exp_filter = '(%s=%s=%s,%s)' % ( + mixin_impl.member_attribute, mixin_impl.id_attr, object_id, + sample_dn_filter_esc) + + with mixin_impl.get_connection() as conn: + m = self.useFixture(mockpatch.PatchObject(conn, 'search_s')).mock + mixin_impl._get_enabled(object_id, conn) + # The 3rd argument is the DN. + self.assertEqual(exp_filter, m.call_args[0][2]) + class LdapIdentitySqlAssignment(BaseLDAPIdentity, unit.SQLDriverOverrides, unit.TestCase): @@ -3344,13 +3377,15 @@ config_files.append(unit.dirs.tests_conf('backend_ldap.conf')) return config_files - def test_list_users_in_group_filtered(self): + @wip('Not supported by LDAP identity driver') + def test_list_users_in_group_inexact_filtered(self): + # The LDAP identity driver currently does not support filtering on the + # listing users for a given group, so will fail this test. + super(LdapFilterTests, + self).test_list_users_in_group_inexact_filtered() + + @wip('Not supported by LDAP identity driver') + def test_list_users_in_group_exact_filtered(self): # The LDAP identity driver currently does not support filtering on the # listing users for a given group, so will fail this test. - try: - super(LdapFilterTests, self).test_list_users_in_group_filtered() - except matchers.MismatchError: - return - # We shouldn't get here...if we do, it means someone has implemented - # filtering, so we can remove this test override. - self.assertTrue(False) + super(LdapFilterTests, self).test_list_users_in_group_exact_filtered() diff -Nru keystone-8.0.1/keystone/tests/unit/test_backend.py keystone-8.1.0/keystone/tests/unit/test_backend.py --- keystone-8.0.1/keystone/tests/unit/test_backend.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/test_backend.py 2016-03-03 14:43:18.000000000 +0000 @@ -4426,7 +4426,9 @@ token_id = self._create_token_id() data = {'id': token_id, 'a': 'b', 'trust_id': None, - 'user': {'id': 'testuserid'}} + 'user': {'id': 'testuserid'}, + 'token_data': {'access': {'token': { + 'audit_ids': [uuid.uuid4().hex]}}}} data_ref = self.token_provider_api._persistence.create_token(token_id, data) expires = data_ref.pop('expires') @@ -4461,7 +4463,8 @@ # FIXME(morganfainberg): These tokens look nothing like "Real" tokens. # This should be fixed when token issuance is cleaned up. data = {'id': token_id, 'a': 'b', - 'user': {'id': user_id}} + 'user': {'id': user_id}, + 'access': {'token': {'audit_ids': [uuid.uuid4().hex]}}} if tenant_id is not None: data['tenant'] = {'id': tenant_id, 'name': tenant_id} if tenant_id is NULL_OBJECT: @@ -4470,7 +4473,7 @@ data['expires'] = expires if trust_id is not None: data['trust_id'] = trust_id - data.setdefault('access', {}).setdefault('trust', {}) + data['access'].setdefault('trust', {}) # Testuserid2 is used here since a trustee will be different in # the cases of impersonation and therefore should not match the # token's user_id. @@ -4596,9 +4599,6 @@ self.assertRaises(exception.TokenNotFound, self.token_provider_api._persistence.get_token, uuid.uuid4().hex) - self.assertRaises(exception.TokenNotFound, - self.token_provider_api._persistence.get_token, - None) def test_delete_token_404(self): self.assertRaises(exception.TokenNotFound, @@ -4636,17 +4636,21 @@ self.assertEqual(data_ref, new_data_ref) - def check_list_revoked_tokens(self, token_ids): - revoked_ids = [x['id'] - for x in self.token_provider_api.list_revoked_tokens()] + def check_list_revoked_tokens(self, token_infos): + revocation_list = self.token_provider_api.list_revoked_tokens() + revoked_ids = [x['id'] for x in revocation_list] + revoked_audit_ids = [x['audit_id'] for x in revocation_list] self._assert_revoked_token_list_matches_token_persistence(revoked_ids) - for token_id in token_ids: + for token_id, audit_id in token_infos: self.assertIn(token_id, revoked_ids) + self.assertIn(audit_id, revoked_audit_ids) def delete_token(self): token_id = uuid.uuid4().hex + audit_id = uuid.uuid4().hex data = {'id_hash': token_id, 'id': token_id, 'a': 'b', - 'user': {'id': 'testuserid'}} + 'user': {'id': 'testuserid'}, + 'token_data': {'token': {'audit_ids': [audit_id]}}} data_ref = self.token_provider_api._persistence.create_token(token_id, data) self.token_provider_api._persistence.delete_token(token_id) @@ -4658,7 +4662,7 @@ exception.TokenNotFound, self.token_provider_api._persistence.delete_token, data_ref['id']) - return token_id + return (token_id, audit_id) def test_list_revoked_tokens_returns_empty_list(self): revoked_ids = [x['id'] @@ -4709,12 +4713,16 @@ token_data = {'id_hash': token_id, 'id': token_id, 'a': 'b', 'expires': expire_time, 'trust_id': None, - 'user': {'id': 'testuserid'}} + 'user': {'id': 'testuserid'}, + 'token_data': {'token': { + 'audit_ids': [uuid.uuid4().hex]}}} token2_id = uuid.uuid4().hex token2_data = {'id_hash': token2_id, 'id': token2_id, 'a': 'b', 'expires': expire_time, 'trust_id': None, - 'user': {'id': 'testuserid'}} + 'user': {'id': 'testuserid'}, + 'token_data': {'token': { + 'audit_ids': [uuid.uuid4().hex]}}} # Create 2 Tokens. self.token_provider_api._persistence.create_token(token_id, token_data) @@ -4749,7 +4757,8 @@ def _test_predictable_revoked_pki_token_id(self, hash_fn): token_id = self._create_token_id() token_id_hash = hash_fn(token_id).hexdigest() - token = {'user': {'id': uuid.uuid4().hex}} + token = {'user': {'id': uuid.uuid4().hex}, + 'token_data': {'token': {'audit_ids': [uuid.uuid4().hex]}}} self.token_provider_api._persistence.create_token(token_id, token) self.token_provider_api._persistence.delete_token(token_id) @@ -4771,7 +4780,8 @@ def test_predictable_revoked_uuid_token_id(self): token_id = uuid.uuid4().hex - token = {'user': {'id': uuid.uuid4().hex}} + token = {'user': {'id': uuid.uuid4().hex}, + 'token_data': {'token': {'audit_ids': [uuid.uuid4().hex]}}} self.token_provider_api._persistence.create_token(token_id, token) self.token_provider_api._persistence.delete_token(token_id) @@ -6662,24 +6672,7 @@ self._delete_test_data('user', user_list) - def test_groups_for_user_filtered(self): - """Test use of filtering doesn't break groups_for_user listing. - - Some backends may use filtering to achieve the list of groups for a - user, so test that it can combine a second filter. - - Test Plan: - - - Create 10 groups, some with names we can filter on - - Create 2 users - - Assign 1 of those users to most of the groups, including some of the - well known named ones - - Assign the other user to other groups as spoilers - - Ensure that when we list groups for users with a filter on the group - name, both restrictions have been enforced on what is returned. - - """ - + def _groups_for_user_data(self): number_of_groups = 10 group_name_data = { # entity index: name for entity @@ -6703,6 +6696,26 @@ group_list[group]['id']) hints = driver_hints.Hints() + return group_list, user_list, hints + + def test_groups_for_user_inexact_filtered(self): + """Test use of filtering doesn't break groups_for_user listing. + + Some backends may use filtering to achieve the list of groups for a + user, so test that it can combine a second filter. + + Test Plan: + + - Create 10 groups, some with names we can filter on + - Create 2 users + - Assign 1 of those users to most of the groups, including some of the + well known named ones + - Assign the other user to other groups as spoilers + - Ensure that when we list groups for users with a filter on the group + name, both restrictions have been enforced on what is returned. + + """ + group_list, user_list, hints = self._groups_for_user_data() hints.add_filter('name', 'The', comparator='startswith') groups = self.identity_api.list_groups_for_user( user_list[0]['id'], hints=hints) @@ -6714,6 +6727,19 @@ self._delete_test_data('user', user_list) self._delete_test_data('group', group_list) + def test_groups_for_user_exact_filtered(self): + """Test exact filters doesn't break groups_for_user listing.""" + group_list, user_list, hints = self._groups_for_user_data() + hints.add_filter('name', 'The Ministry', comparator='equals') + groups = self.identity_api.list_groups_for_user( + user_list[0]['id'], hints=hints) + # We should only get back 1 out of the 3 groups with name 'The + # Ministry' hence showing that both "filters" have been applied. + self.assertEqual(1, len(groups)) + self.assertEqual(group_list[6]['id'], groups[0]['id']) + self._delete_test_data('user', user_list) + self._delete_test_data('group', group_list) + def _get_user_name_field_size(self): """Return the size of the user name field for the backend. @@ -6748,7 +6774,7 @@ users = self.identity_api.list_users(hints=hints) self.assertEqual([], users) - def test_list_users_in_group_filtered(self): + def _list_users_in_group_data(self): number_of_users = 10 user_name_data = { 1: 'Arthur Conan Doyle', @@ -6765,6 +6791,10 @@ group['id']) hints = driver_hints.Hints() + return user_list, group, hints + + def test_list_users_in_group_inexact_filtered(self): + user_list, group, hints = self._list_users_in_group_data() hints.add_filter('name', 'Arthur', comparator='startswith') users = self.identity_api.list_users_in_group(group['id'], hints=hints) self.assertThat(len(users), matchers.Equals(2)) @@ -6773,6 +6803,15 @@ self._delete_test_data('user', user_list) self._delete_entity('group')(group['id']) + def test_list_users_in_group_exact_filtered(self): + user_list, group, hints = self._list_users_in_group_data() + hints.add_filter('name', 'Arthur Rimbaud', comparator='equals') + users = self.identity_api.list_users_in_group(group['id'], hints=hints) + self.assertEqual(1, len(users)) + self.assertEqual(user_list[3]['id'], users[0]['id']) + self._delete_test_data('user', user_list) + self._delete_entity('group')(group['id']) + class LimitTests(filtering.FilterTests): ENTITIES = ['user', 'group', 'project'] diff -Nru keystone-8.0.1/keystone/tests/unit/test_backend_sql.py keystone-8.1.0/keystone/tests/unit/test_backend_sql.py --- keystone-8.0.1/keystone/tests/unit/test_backend_sql.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/test_backend_sql.py 2016-03-03 14:43:18.000000000 +0000 @@ -492,7 +492,8 @@ # necessary. expected_query_args = (token_sql.TokenModel.id, - token_sql.TokenModel.expires) + token_sql.TokenModel.expires, + token_sql.TokenModel.extra,) with mock.patch.object(token_sql, 'sql') as mock_sql: tok = token_sql.Token() diff -Nru keystone-8.0.1/keystone/tests/unit/test_token_provider.py keystone-8.1.0/keystone/tests/unit/test_token_provider.py --- keystone-8.0.1/keystone/tests/unit/test_token_provider.py 2015-12-10 13:01:52.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/test_token_provider.py 2016-03-03 14:43:18.000000000 +0000 @@ -781,6 +781,12 @@ self.assertIsNone( self.token_provider_api._is_valid_token(create_v3_token())) + def test_no_token_raises_token_not_found(self): + self.assertRaises( + exception.TokenNotFound, + self.token_provider_api.validate_token, + None) + # NOTE(ayoung): renamed to avoid automatic test detection class PKIProviderTests(object): diff -Nru keystone-8.0.1/keystone/tests/unit/test_v3_assignment.py keystone-8.1.0/keystone/tests/unit/test_v3_assignment.py --- keystone-8.0.1/keystone/tests/unit/test_v3_assignment.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/test_v3_assignment.py 2016-03-03 14:43:18.000000000 +0000 @@ -124,7 +124,7 @@ self.user2['id']) # First check a user in that domain can authenticate. The v2 user - # cannot authenticate because they exist outside the default domain. + # can authenticate even though they exist outside the default domain. body = { 'auth': { 'passwordCredentials': { @@ -135,8 +135,7 @@ } } self.admin_request( - path='/v2.0/tokens', method='POST', body=body, - expected_status=http_client.UNAUTHORIZED) + path='/v2.0/tokens', method='POST', body=body) auth_data = self.build_authentication_request( user_id=self.user2['id'], @@ -3170,9 +3169,9 @@ 'other_data': other_data} updated_ref = controller.V2Controller.filter_domain(default_domain_ref) self.assertNotIn('domain', updated_ref) - self.assertRaises(exception.Unauthorized, - controller.V2Controller.filter_domain, - non_default_domain_ref) + self.assertNotIn( + 'domain', + controller.V2Controller.filter_domain(non_default_domain_ref)) def test_v2controller_filter_project_parent_id(self): # V2.0 is not project hierarchy aware, ensure parent_id is popped off. diff -Nru keystone-8.0.1/keystone/tests/unit/test_v3_auth.py keystone-8.1.0/keystone/tests/unit/test_v3_auth.py --- keystone-8.0.1/keystone/tests/unit/test_v3_auth.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/test_v3_auth.py 2016-03-03 14:43:18.000000000 +0000 @@ -132,18 +132,6 @@ def test_default_fixture_scope_token(self): self.assertIsNotNone(self.get_scoped_token()) - def test_v3_v2_intermix_non_default_domain_failed(self): - v3_token = self.get_requested_token(self.build_authentication_request( - user_id=self.user['id'], - password=self.user['password'])) - - # now validate the v3 token with v2 API - self.admin_request( - path='/v2.0/tokens/%s' % v3_token, - token=CONF.admin_token, - method='GET', - expected_status=http_client.UNAUTHORIZED) - def test_v3_v2_intermix_new_default_domain(self): # If the default_domain_id config option is changed, then should be # able to validate a v3 token with user in the new domain. @@ -202,7 +190,7 @@ token=CONF.admin_token, expected_status=http_client.UNAUTHORIZED) - def test_v3_v2_intermix_non_default_project_failed(self): + def test_v3_v2_intermix_non_default_project_succeed(self): # self.project is in a non-default domain v3_token = self.get_requested_token(self.build_authentication_request( user_id=self.default_domain_user['id'], @@ -213,10 +201,9 @@ self.admin_request( method='GET', path='/v2.0/tokens/%s' % v3_token, - token=CONF.admin_token, - expected_status=http_client.UNAUTHORIZED) + token=CONF.admin_token) - def test_v3_v2_intermix_non_default_user_failed(self): + def test_v3_v2_intermix_non_default_user_succeed(self): self.assignment_api.create_grant( self.role['id'], user_id=self.user['id'], @@ -232,8 +219,7 @@ self.admin_request( method='GET', path='/v2.0/tokens/%s' % v3_token, - token=CONF.admin_token, - expected_status=http_client.UNAUTHORIZED) + token=CONF.admin_token) def test_v3_v2_intermix_domain_scope_failed(self): self.assignment_api.create_grant( @@ -412,6 +398,17 @@ r = self.get('/auth/tokens', headers=self.headers) self.assertValidUnscopedTokenResponse(r) + def test_validate_missing_subject_token(self): + self.get('/auth/tokens', + expected_status=http_client.NOT_FOUND) + + def test_validate_missing_auth_token(self): + self.admin_request( + method='GET', + path='/v3/projects', + token=None, + expected_status=http_client.UNAUTHORIZED) + def test_validate_token_nocatalog(self): v3_token = self.get_requested_token(self.build_authentication_request( user_id=self.user['id'], @@ -3021,28 +3018,44 @@ def setUp(self): super(TestTrustChain, self).setUp() - # Create trust chain - self.user_chain = list() + """Create a trust chain using redelegation. + + A trust chain is a series of trusts that are redelegated. For example, + self.user_list consists of userA, userB, and userC. The first trust in + the trust chain is going to be established between self.user and userA, + call it trustA. Then, userA is going to obtain a trust scoped token + using trustA, and with that token create a trust between userA and + userB called trustB. This pattern will continue with userB creating a + trust with userC. + So the trust chain should look something like: + trustA -> trustB -> trustC + Where: + self.user is trusting userA with trustA + userA is trusting userB with trustB + userB is trusting userC with trustC + + """ + self.user_list = list() self.trust_chain = list() for _ in range(3): user_ref = self.new_user_ref(domain_id=self.domain_id) user = self.identity_api.create_user(user_ref) user['password'] = user_ref['password'] - self.user_chain.append(user) + self.user_list.append(user) - # trustor->trustee - trustee = self.user_chain[0] - trust_ref = self.new_trust_ref( + # trustor->trustee redelegation without impersonation + trustee = self.user_list[0] + trust_ref = unit.new_trust_ref( trustor_user_id=self.user_id, trustee_user_id=trustee['id'], project_id=self.project_id, - impersonation=True, + impersonation=False, expires=dict(minutes=1), - role_ids=[self.role_id]) - trust_ref.update( + role_ids=[self.role_id], allow_redelegation=True, redelegation_count=3) + # Create a trust between self.user and the first user in the list r = self.post('/OS-TRUST/trusts', body={'trust': trust_ref}) @@ -3051,30 +3064,39 @@ user_id=trustee['id'], password=trustee['password'], trust_id=trust['id']) + + # Generate a trusted token for the first user trust_token = self.get_requested_token(auth_data) self.trust_chain.append(trust) - for trustee in self.user_chain[1:]: - trust_ref = self.new_trust_ref( - trustor_user_id=self.user_id, - trustee_user_id=trustee['id'], + # Set trustor and redelegated_trust_id for next trust in the chain + next_trustor_id = trustee['id'] + redelegated_trust_id = trust['id'] + + # Loop through the user to create a chain of redelegated trust. + for next_trustee in self.user_list[1:]: + trust_ref = unit.new_trust_ref( + trustor_user_id=next_trustor_id, + trustee_user_id=next_trustee['id'], project_id=self.project_id, - impersonation=True, - role_ids=[self.role_id]) - trust_ref.update( - allow_redelegation=True) + impersonation=False, + role_ids=[self.role_id], + allow_redelegation=True, + redelegated_trust_id=redelegated_trust_id) r = self.post('/OS-TRUST/trusts', body={'trust': trust_ref}, token=trust_token) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( - user_id=trustee['id'], - password=trustee['password'], + user_id=next_trustee['id'], + password=next_trustee['password'], trust_id=trust['id']) trust_token = self.get_requested_token(auth_data) self.trust_chain.append(trust) + next_trustor_id = next_trustee['id'] + redelegated_trust_id = trust['id'] - trustee = self.user_chain[-1] + trustee = self.user_list[-1] trust = self.trust_chain[-1] auth_data = self.build_authentication_request( user_id=trustee['id'], @@ -3092,7 +3114,7 @@ self.assertValidTokenResponse(r) def assert_trust_tokens_revoked(self, trust_id): - trustee = self.user_chain[0] + trustee = self.user_list[0] auth_data = self.build_authentication_request( user_id=trustee['id'], password=trustee['password'] @@ -3110,7 +3132,7 @@ trust_id) def test_delete_trust_cascade(self): - self.assert_user_authenticate(self.user_chain[0]) + self.assert_user_authenticate(self.user_list[0]) self.delete('/OS-TRUST/trusts/%(trust_id)s' % { 'trust_id': self.trust_chain[0]['id']}, expected_status=204) @@ -3121,32 +3143,54 @@ self.assert_trust_tokens_revoked(self.trust_chain[0]['id']) def test_delete_broken_chain(self): - self.assert_user_authenticate(self.user_chain[0]) - self.delete('/OS-TRUST/trusts/%(trust_id)s' % { - 'trust_id': self.trust_chain[1]['id']}, - expected_status=204) - + self.assert_user_authenticate(self.user_list[0]) self.delete('/OS-TRUST/trusts/%(trust_id)s' % { 'trust_id': self.trust_chain[0]['id']}, expected_status=204) + # Verify the two remaining trust have been deleted + for i in xrange(len(self.user_list) - 1): + auth_data = self.build_authentication_request( + user_id=self.user_list[i]['id'], + password=self.user_list[i]['password']) + + auth_token = self.get_requested_token(auth_data) + + self.delete('/OS-TRUST/trusts/%(trust_id)s' % { + 'trust_id': self.trust_chain[i + 1]['id']}, + token=auth_token, + expected_status=http_client.NOT_FOUND) + def test_trustor_roles_revoked(self): - self.assert_user_authenticate(self.user_chain[0]) + self.assert_user_authenticate(self.user_list[0]) self.assignment_api.remove_role_from_user_and_project( self.user_id, self.project_id, self.role_id ) - auth_data = self.build_authentication_request( - token=self.last_token, - trust_id=self.trust_chain[-1]['id']) - self.v3_authenticate_token(auth_data, - expected_status=http_client.NOT_FOUND) + # Verify that users are not allowed to authenticate with trust + for i in xrange(len(self.user_list[1:])): + trustee = self.user_list[i] + auth_data = self.build_authentication_request( + user_id=trustee['id'], + password=trustee['password']) + + # Attempt to authenticate with trust + token = self.get_requested_token(auth_data) + auth_data = self.build_authentication_request( + token=token, + trust_id=self.trust_chain[i - 1]['id']) + + # Trustee has no delegated roles + self.admin_request(method='POST', + path='/v3/auth/tokens', + body=auth_data, + expected_status=http_client.FORBIDDEN) def test_intermediate_user_disabled(self): - self.assert_user_authenticate(self.user_chain[0]) + self.assert_user_authenticate(self.user_list[0]) - disabled = self.user_chain[0] + disabled = self.user_list[0] disabled['enabled'] = False self.identity_api.update_user(disabled['id'], disabled) @@ -3157,9 +3201,9 @@ expected_status=http_client.FORBIDDEN) def test_intermediate_user_deleted(self): - self.assert_user_authenticate(self.user_chain[0]) + self.assert_user_authenticate(self.user_list[0]) - self.identity_api.delete_user(self.user_chain[0]['id']) + self.identity_api.delete_user(self.user_list[0]['id']) # Bypass policy enforcement with mock.patch.object(rules, 'enforce', return_value=True): @@ -4513,17 +4557,6 @@ self.token_provider_api.validate_token, trust_scoped_token) - def test_v2_validate_unscoped_token_returns_unauthorized(self): - """Test raised exception when validating unscoped token. - - Test that validating an unscoped token in v2.0 of a v3 user of a - non-default domain returns unauthorized. - """ - unscoped_token = self._get_unscoped_token() - self.assertRaises(exception.Unauthorized, - self.token_provider_api.validate_v2_token, - unscoped_token) - def test_v2_validate_domain_scoped_token_returns_unauthorized(self): """Test raised exception when validating a domain scoped token. diff -Nru keystone-8.0.1/keystone/tests/unit/test_v3_federation.py keystone-8.1.0/keystone/tests/unit/test_v3_federation.py --- keystone-8.0.1/keystone/tests/unit/test_v3_federation.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/test_v3_federation.py 2016-03-03 14:43:18.000000000 +0000 @@ -2665,7 +2665,7 @@ """ if not _is_xmlsec1_installed(): - self.skip('xmlsec1 is not installed') + self.skipTest('xmlsec1 is not installed') generator = keystone_idp.SAMLGenerator() response = generator.samlize_token(self.ISSUER, self.RECIPIENT, @@ -3306,6 +3306,21 @@ resp = self.api.federated_sso_auth(context, self.PROTOCOL) self.assertIn(self.TRUSTED_DASHBOARD, resp.body) + def test_get_sso_origin_host_case_insensitive(self): + # test lowercase hostname in trusted_dashboard + context = { + 'query_string': { + 'origin': "http://horizon.com", + }, + } + host = self.api._get_sso_origin_host(context) + self.assertEqual("http://horizon.com", host) + # test uppercase hostname in trusted_dashboard + self.config_fixture.config(group='federation', + trusted_dashboard=['http://Horizon.com']) + host = self.api._get_sso_origin_host(context) + self.assertEqual("http://horizon.com", host) + def test_federated_sso_auth_with_protocol_specific_remote_id(self): self.config_fixture.config( group=self.PROTOCOL, diff -Nru keystone-8.0.1/keystone/tests/unit/test_validation.py keystone-8.1.0/keystone/tests/unit/test_validation.py --- keystone-8.0.1/keystone/tests/unit/test_validation.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/tests/unit/test_validation.py 2016-03-03 14:43:18.000000000 +0000 @@ -67,6 +67,12 @@ 'additionalProperties': True, } +entity_create_optional_body = { + 'type': 'object', + 'properties': _entity_properties, + 'additionalProperties': True, +} + entity_update = { 'type': 'object', 'properties': _entity_properties, @@ -99,6 +105,15 @@ _INVALID_FILTERS = ['some string', 1, 0, True, False] +def expected_validation_failure(f): + def wrapper(self, *args, **kwargs): + args = (self,) + args + e = self.assertRaises(exception.ValidationError, f, *args, **kwargs) + self.assertIn('Expecting to find entity in request body', + six.text_type(e)) + return wrapper + + class ValidatedDecoratorTests(unit.BaseTestCase): entity_schema = { @@ -113,42 +128,43 @@ 'name': uuid.uuid4().hex, } - invalid_entity = {} - - @validation.validated(entity_schema, 'entity') - def do_something(self, entity): - pass - @validation.validated(entity_create, 'entity') def create_entity(self, entity): - pass + """Used to test cases where validated param is the only param.""" + + @validation.validated(entity_create_optional_body, 'entity') + def create_entity_optional_body(self, entity): + """Used to test cases where there is an optional body.""" @validation.validated(entity_update, 'entity') def update_entity(self, entity_id, entity): - pass + """Used to test cases where validated param is not the only param.""" - def _assert_call_entity_method_fails(self, method, *args, **kwargs): - e = self.assertRaises(exception.ValidationError, method, - *args, **kwargs) + def test_calling_create_with_valid_entity_kwarg_succeeds(self): + self.create_entity(entity=self.valid_entity) - self.assertIn('Expecting to find entity in request body', - six.text_type(e)) + def test_calling_create_with_empty_entity_kwarg_succeeds(self): + """Test the case when client passing in an empty kwarg reference.""" + self.create_entity_optional_body(entity={}) - def test_calling_with_valid_entity_kwarg_succeeds(self): - self.do_something(entity=self.valid_entity) + @expected_validation_failure + def test_calling_create_with_kwarg_as_None_fails(self): + self.create_entity(entity=None) + + def test_calling_create_with_valid_entity_arg_succeeds(self): + self.create_entity(self.valid_entity) + + def test_calling_create_with_empty_entity_arg_succeeds(self): + """Test the case when client passing in an empty entity reference.""" + self.create_entity_optional_body({}) - def test_calling_with_invalid_entity_kwarg_fails(self): - self.assertRaises(exception.ValidationError, - self.do_something, - entity=self.invalid_entity) - - def test_calling_with_valid_entity_arg_succeeds(self): - self.do_something(self.valid_entity) - - def test_calling_with_invalid_entity_arg_fails(self): - self.assertRaises(exception.ValidationError, - self.do_something, - self.invalid_entity) + @expected_validation_failure + def test_calling_create_with_entity_arg_as_None_fails(self): + self.create_entity(None) + + @expected_validation_failure + def test_calling_create_without_an_entity_fails(self): + self.create_entity() def test_using_the_wrong_name_with_the_decorator_fails(self): with testtools.ExpectedException(TypeError): @@ -156,24 +172,22 @@ def function(entity): pass - def test_create_entity_no_request_body_with_decorator(self): - """Test the case when request body is not provided.""" - self._assert_call_entity_method_fails(self.create_entity) + # NOTE(dstanek): below are the test cases for making sure the validation + # works when the validated param is not the only param. Since all of the + # actual validation cases are tested above these test are for a sanity + # check. - def test_create_entity_empty_request_body_with_decorator(self): - """Test the case when client passing in an empty entity reference.""" - self._assert_call_entity_method_fails(self.create_entity, entity={}) - - def test_update_entity_no_request_body_with_decorator(self): - """Test the case when request body is not provided.""" - self._assert_call_entity_method_fails(self.update_entity, - uuid.uuid4().hex) + def test_calling_update_with_valid_entity_succeeds(self): + self.update_entity(uuid.uuid4().hex, self.valid_entity) - def test_update_entity_empty_request_body_with_decorator(self): + def test_calling_update_with_empty_entity_kwarg_succeeds(self): """Test the case when client passing in an empty entity reference.""" - self._assert_call_entity_method_fails(self.update_entity, - uuid.uuid4().hex, - entity={}) + global entity_update + original_entity_update = entity_update.copy() + # pop 'minProperties' from schema so that empty body is allowed. + entity_update.pop('minProperties') + self.update_entity(uuid.uuid4().hex, entity={}) + entity_update = original_entity_update class EntityValidationTestCase(unit.BaseTestCase): @@ -897,6 +911,11 @@ request_to_validate = {'other_attr': uuid.uuid4().hex} self.create_region_validator.validate(request_to_validate) + def test_validate_region_create_succeeds_with_no_parameters(self): + """Validate create region request with no parameters.""" + request_to_validate = {} + self.create_region_validator.validate(request_to_validate) + def test_validate_region_update_succeeds(self): """Test that we validate a region update request.""" request_to_validate = {'id': 'us-west', diff -Nru keystone-8.0.1/keystone/token/persistence/backends/kvs.py keystone-8.1.0/keystone/token/persistence/backends/kvs.py --- keystone-8.0.1/keystone/token/persistence/backends/kvs.py 2015-12-10 13:01:52.000000000 +0000 +++ keystone-8.1.0/keystone/token/persistence/backends/kvs.py 2016-03-03 14:43:18.000000000 +0000 @@ -210,6 +210,15 @@ subsecond=True) revoked_token_data['id'] = data['id'] + token_data = data['token_data'] + if 'access' in token_data: + # It's a v2 token. + audit_ids = token_data['access']['token']['audit_ids'] + else: + # It's a v3 token. + audit_ids = token_data['token']['audit_ids'] + revoked_token_data['audit_id'] = audit_ids[0] + token_list = self._get_key_or_default(self.revocation_key, default=[]) if not isinstance(token_list, list): # NOTE(morganfainberg): In the case that the revocation list is not diff -Nru keystone-8.0.1/keystone/token/persistence/backends/sql.py keystone-8.1.0/keystone/token/persistence/backends/sql.py --- keystone-8.0.1/keystone/token/persistence/backends/sql.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/token/persistence/backends/sql.py 2016-03-03 14:43:18.000000000 +0000 @@ -228,13 +228,23 @@ session = sql.get_session() tokens = [] now = timeutils.utcnow() - query = session.query(TokenModel.id, TokenModel.expires) + query = session.query(TokenModel.id, TokenModel.expires, + TokenModel.extra) query = query.filter(TokenModel.expires > now) token_references = query.filter_by(valid=False) for token_ref in token_references: + token_data = token_ref[2]['token_data'] + if 'access' in token_data: + # It's a v2 token. + audit_ids = token_data['access']['token']['audit_ids'] + else: + # It's a v3 token. + audit_ids = token_data['token']['audit_ids'] + record = { 'id': token_ref[0], 'expires': token_ref[1], + 'audit_id': audit_ids[0], } tokens.append(record) return tokens diff -Nru keystone-8.0.1/keystone/token/persistence/core.py keystone-8.1.0/keystone/token/persistence/core.py --- keystone-8.0.1/keystone/token/persistence/core.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/token/persistence/core.py 2016-03-03 14:43:18.000000000 +0000 @@ -60,11 +60,6 @@ raise exception.TokenNotFound(token_id=token_id) def get_token(self, token_id): - if not token_id: - # NOTE(morganfainberg): There are cases when the - # context['token_id'] will in-fact be None. This also saves - # a round-trip to the backend if we don't have a token_id. - raise exception.TokenNotFound(token_id='') unique_id = utils.generate_unique_id(token_id) token_ref = self._get_token(unique_id) # NOTE(morganfainberg): Lift expired checking to the manager, there is diff -Nru keystone-8.0.1/keystone/token/provider.py keystone-8.1.0/keystone/token/provider.py --- keystone-8.0.1/keystone/token/provider.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/token/provider.py 2016-03-03 14:43:18.000000000 +0000 @@ -230,6 +230,9 @@ return self.check_revocation_v3(token) def validate_v3_token(self, token_id): + if not token_id: + raise exception.TokenNotFound(_('No token in the request')) + unique_id = utils.generate_unique_id(token_id) # NOTE(lbragstad): Only go to persistent storage if we have a token to # fetch from the backend. If the Fernet token provider is being used @@ -248,6 +251,9 @@ @MEMOIZE def _validate_token(self, token_id): + if not token_id: + raise exception.TokenNotFound(_('No token in the request')) + if not self._needs_persistence: return self.driver.validate_v3_token(token_id) token_ref = self._persistence.get_token(token_id) diff -Nru keystone-8.0.1/keystone/token/providers/common.py keystone-8.1.0/keystone/token/providers/common.py --- keystone-8.0.1/keystone/token/providers/common.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/token/providers/common.py 2016-03-03 14:43:18.000000000 +0000 @@ -47,23 +47,7 @@ token['issued_at'] = v3_token.get('issued_at') token['audit_ids'] = v3_token.get('audit_ids') - # Bail immediately if this is a domain-scoped token, which is not - # supported by the v2 API at all. - if 'domain' in v3_token: - raise exception.Unauthorized(_( - 'Domains are not supported by the v2 API. Please use the v3 ' - 'API instead.')) - - # Bail if this is a project-scoped token outside the default domain, - # which may result in a namespace collision with a project inside the - # default domain. if 'project' in v3_token: - if (v3_token['project']['domain']['id'] != - CONF.identity.default_domain_id): - raise exception.Unauthorized(_( - 'Project not found in the default domain (please use the ' - 'v3 API instead): %s') % v3_token['project']['id']) - # v3 token_data does not contain all tenant attributes tenant = self.resource_api.get_project( v3_token['project']['id']) @@ -74,15 +58,6 @@ # Build v2 user v3_user = v3_token['user'] - # Bail if this is a token outside the default domain, - # which may result in a namespace collision with a project inside the - # default domain. - if ('domain' in v3_user and v3_user['domain']['id'] != - CONF.identity.default_domain_id): - raise exception.Unauthorized(_( - 'User not found in the default domain (please use the v3 API ' - 'instead): %s') % v3_user['id']) - user = common_controller.V2Controller.v3_to_v2_user(v3_user) # Maintain Trust Data @@ -370,7 +345,16 @@ return if CONF.trust.enabled and trust: - token_user_id = trust['trustor_user_id'] + # If redelegated_trust_id is set, then we must traverse the + # trust_chain in order to determine who the original trustor is. We + # need to do this because the user ID of the original trustor helps + # us determine scope in the redelegated context. + if trust.get('redelegated_trust_id'): + trust_chain = self.trust_api.get_trust_pedigree(trust['id']) + token_user_id = trust_chain[-1]['trustor_user_id'] + else: + token_user_id = trust['trustor_user_id'] + token_project_id = trust['project_id'] # trusts do not support domains yet token_domain_id = None @@ -636,21 +620,10 @@ token.provider.V3): # this is a V3 token msg = _('Non-default domain is not supported') - # user in a non-default is prohibited - if (token_ref['token_data']['token']['user']['domain']['id'] != - CONF.identity.default_domain_id): - raise exception.Unauthorized(msg) # domain scoping is prohibited if token_ref['token_data']['token'].get('domain'): raise exception.Unauthorized( _('Domain scoped token is not supported')) - # project in non-default domain is prohibited - if token_ref['token_data']['token'].get('project'): - project = token_ref['token_data']['token']['project'] - project_domain_id = project['domain']['id'] - # scoped to project in non-default domain is prohibited - if project_domain_id != CONF.identity.default_domain_id: - raise exception.Unauthorized(msg) # if token is scoped to trust, both trustor and trustee must # be in the default domain. Furthermore, the delegated project # must also be in the default domain diff -Nru keystone-8.0.1/keystone/trust/controllers.py keystone-8.1.0/keystone/trust/controllers.py --- keystone-8.0.1/keystone/trust/controllers.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/trust/controllers.py 2016-03-03 14:43:18.000000000 +0000 @@ -178,17 +178,23 @@ raise exception.Forbidden( _('At least one role should be specified.')) - def _get_user_role(self, trust): + def _get_trustor_roles(self, trust): + original_trust = trust.copy() + while original_trust.get('redelegated_trust_id'): + original_trust = self.trust_api.get_trust( + original_trust['redelegated_trust_id']) + if not self._attribute_is_empty(trust, 'project_id'): return self.assignment_api.get_roles_for_user_and_project( - trust['trustor_user_id'], trust['project_id']) + original_trust['trustor_user_id'], + original_trust['project_id']) else: return [] def _require_trustor_has_role_in_project(self, trust): - user_roles = self._get_user_role(trust) + trustor_roles = self._get_trustor_roles(trust) for trust_role in trust['roles']: - matching_roles = [x for x in user_roles + matching_roles = [x for x in trustor_roles if x == trust_role['id']] if not matching_roles: raise exception.RoleNotFound(role_id=trust_role['id']) diff -Nru keystone-8.0.1/keystone/trust/core.py keystone-8.1.0/keystone/trust/core.py --- keystone-8.0.1/keystone/trust/core.py 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/keystone/trust/core.py 2016-03-03 14:43:18.000000000 +0000 @@ -93,14 +93,9 @@ def get_trust_pedigree(self, trust_id): trust = self.driver.get_trust(trust_id) trust_chain = [trust] - if trust and trust.get('redelegated_trust_id'): - trusts = self.driver.list_trusts_for_trustor( - trust['trustor_user_id']) - while trust_chain[-1].get('redelegated_trust_id'): - for t in trusts: - if t['id'] == trust_chain[-1]['redelegated_trust_id']: - trust_chain.append(t) - break + while trust and trust.get('redelegated_trust_id'): + trust = self.driver.get_trust(trust['redelegated_trust_id']) + trust_chain.append(trust) return trust_chain diff -Nru keystone-8.0.1/keystone.egg-info/pbr.json keystone-8.1.0/keystone.egg-info/pbr.json --- keystone-8.0.1/keystone.egg-info/pbr.json 2015-12-10 13:05:06.000000000 +0000 +++ keystone-8.1.0/keystone.egg-info/pbr.json 2016-03-03 14:44:30.000000000 +0000 @@ -1 +1 @@ -{"git_version": "d100184", "is_release": true} \ No newline at end of file +{"is_release": true, "git_version": "c665080"} \ No newline at end of file diff -Nru keystone-8.0.1/keystone.egg-info/PKG-INFO keystone-8.1.0/keystone.egg-info/PKG-INFO --- keystone-8.0.1/keystone.egg-info/PKG-INFO 2015-12-10 13:05:06.000000000 +0000 +++ keystone-8.1.0/keystone.egg-info/PKG-INFO 2016-03-03 14:44:30.000000000 +0000 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: keystone -Version: 8.0.1 +Version: 8.1.0 Summary: OpenStack Identity Home-page: http://www.openstack.org/ Author: OpenStack diff -Nru keystone-8.0.1/keystone.egg-info/requires.txt keystone-8.1.0/keystone.egg-info/requires.txt --- keystone-8.0.1/keystone.egg-info/requires.txt 2015-12-10 13:05:06.000000000 +0000 +++ keystone-8.1.0/keystone.egg-info/requires.txt 2016-03-03 14:44:30.000000000 +0000 @@ -15,11 +15,11 @@ oslo.concurrency>=2.3.0 oslo.config>=2.3.0 oslo.context>=0.2.0 -oslo.messaging!=1.17.0,!=1.17.1,!=2.6.0,!=2.6.1,!=2.7.0,!=2.8.0,!=2.8.1,!=2.9.0,>=1.16.0 +oslo.messaging!=1.17.0,!=1.17.1,!=2.6.0,!=2.6.1,!=2.7.0,!=2.8.0,!=2.8.1,!=2.9.0,!=3.1.0,>=1.16.0 oslo.db>=2.4.1 oslo.i18n>=1.5.0 oslo.log>=1.8.0 -oslo.middleware>=2.8.0 +oslo.middleware!=3.0.0,!=3.1.0,!=3.2.0,>=2.8.0 oslo.policy>=0.5.0 oslo.serialization>=1.4.0 oslo.service>=0.7.0 diff -Nru keystone-8.0.1/keystone.egg-info/SOURCES.txt keystone-8.1.0/keystone.egg-info/SOURCES.txt --- keystone-8.0.1/keystone.egg-info/SOURCES.txt 2015-12-10 13:05:08.000000000 +0000 +++ keystone-8.1.0/keystone.egg-info/SOURCES.txt 2016-03-03 14:44:32.000000000 +0000 @@ -581,6 +581,7 @@ rally-jobs/README.rst rally-jobs/keystone.yaml releasenotes/notes/.placeholder +releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml releasenotes/notes/new_features-e33d793d8a5ca76a.yaml releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml diff -Nru keystone-8.0.1/PKG-INFO keystone-8.1.0/PKG-INFO --- keystone-8.0.1/PKG-INFO 2015-12-10 13:05:08.000000000 +0000 +++ keystone-8.1.0/PKG-INFO 2016-03-03 14:44:32.000000000 +0000 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: keystone -Version: 8.0.1 +Version: 8.1.0 Summary: OpenStack Identity Home-page: http://www.openstack.org/ Author: OpenStack diff -Nru keystone-8.0.1/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml keystone-8.1.0/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml --- keystone-8.0.1/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml 1970-01-01 00:00:00.000000000 +0000 +++ keystone-8.1.0/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml 2016-03-03 14:43:12.000000000 +0000 @@ -0,0 +1,13 @@ +--- +features: + - > + [`bug 1490804 `_] + Audit IDs are included in the token revocation list. +security: + - > + [`bug 1490804 `_] + [`CVE-2015-7546 `_] + A bug is fixed where an attacker could avoid token revocation when the PKI + or PKIZ token provider is used. The complete remediation for this + vulnerability requires the corresponding fix in the keystonemiddleware + project. diff -Nru keystone-8.0.1/requirements.txt keystone-8.1.0/requirements.txt --- keystone-8.0.1/requirements.txt 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/requirements.txt 2016-03-03 14:43:18.000000000 +0000 @@ -21,11 +21,11 @@ oslo.concurrency>=2.3.0 # Apache-2.0 oslo.config>=2.3.0 # Apache-2.0 oslo.context>=0.2.0 # Apache-2.0 -oslo.messaging!=1.17.0,!=1.17.1,!=2.6.0,!=2.6.1,!=2.7.0,!=2.8.0,!=2.8.1,!=2.9.0,>=1.16.0 # Apache-2.0 +oslo.messaging!=1.17.0,!=1.17.1,!=2.6.0,!=2.6.1,!=2.7.0,!=2.8.0,!=2.8.1,!=2.9.0,!=3.1.0,>=1.16.0 # Apache-2.0 oslo.db>=2.4.1 # Apache-2.0 oslo.i18n>=1.5.0 # Apache-2.0 oslo.log>=1.8.0 # Apache-2.0 -oslo.middleware>=2.8.0 # Apache-2.0 +oslo.middleware!=3.0.0,!=3.1.0,!=3.2.0,>=2.8.0 # Apache-2.0 oslo.policy>=0.5.0 # Apache-2.0 oslo.serialization>=1.4.0 # Apache-2.0 oslo.service>=0.7.0 # Apache-2.0 diff -Nru keystone-8.0.1/test-requirements.txt keystone-8.1.0/test-requirements.txt --- keystone-8.0.1/test-requirements.txt 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/test-requirements.txt 2016-03-03 14:43:18.000000000 +0000 @@ -34,4 +34,4 @@ tempest-lib>=0.8.0 # Functional tests. -requests!=2.8.0,>=2.5.2 +requests!=2.8.0,!=2.9.0,>=2.5.2 diff -Nru keystone-8.0.1/tox.ini keystone-8.1.0/tox.ini --- keystone-8.0.1/tox.ini 2015-12-10 13:01:56.000000000 +0000 +++ keystone-8.1.0/tox.ini 2016-03-03 14:43:18.000000000 +0000 @@ -98,7 +98,7 @@ python setup.py build_sphinx [testenv:releasenotes] -commands = sphinx-build -a -E -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html +commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html [testenv:genconfig] commands = oslo-config-generator --config-file=config-generator/keystone.conf