User Credentials panel is added to Identity dashboard.
Credentials table has Create, Update and Delete credential actions.
Credentials tab is added to the user details for
Identity -> Users table.
Credentials panel is added to user settings.
Change-Id: Icaabed327604d39b0bf6ac3e3cacf9c62f9e5d5d
CSV generation is not fully sanitized to prevent CSV injection.
According to https://owasp.org/www-community/attacks/CSV_Injection,
we have to use the following sanitization:
- Wrap each cell field in double quotes
- Prepend each cell field with a single quote
- Escape every double quote using an additional double quote
The patch https://review.opendev.org/c/openstack/horizon/+/679161
takes care of the double quotes. This patch adds a single quote to
the cell fields beginning with specific characters, so their content
will be read by a spreadsheet editor as text, not a formula.
Closes-Bug: #2048106
Change-Id: I882fe376613ff1dc13a61f38b59d2a2567dbba7d
The list of users assigned to a project becomes invisible when a domain context
is set in Horizon. If a domain context is set, the user list call should
provide a list of users within the specified domain context, rather than users
within the user's own domain.
Groups tab of project also has the same problem.
Change-Id: Ia778317acc41fe589765e6cd04c7fe8cad2360ab
Closes-Bug: #2054799
As discussed in the horizon meetings or in horizon PTG sessions,
horizon team agreed to deprecate django version of Images, Keypair
and Roles panel as we think that feature gaps between the two
implementations have been closed. Let's mark the Django version as
deprecated for all these panels and gather more attention
from operators.
Change-Id: I965f9dbdd5e78b52a788f73b359c1c6fbc18637e
Since not all services are ready to use the system scope token,
we need a way to disable and enable the use of system scope
token on a per-service basis. This setting let us configure
which services should use the system scope token. By default
the list is empty and system scope token is not used at all.
Change-Id: I5e0cdc7288221571f183a37b800c19dc4cff5707
django.utils.translation.ugettext(), ugettext_lazy(), ugettext_noop(),
ungettext(), and ungettext_lazy() are deprecated in favor of the
functions that they’re aliases for: django.utils.translation.gettext(),
gettext_lazy(), gettext_noop(), ngettext(), and ngettext_lazy().
https://docs.djangoproject.com/en/4.0/releases/3.0/#id3
Change-Id: I77878f84e9d10cf6a136dada81eabf4e18676250
This patch update default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE
to 'member' from '_member_'. If a user tries to create a new project now
it leads to "Could not find default role "_member_" in Keystone" error.
Also long time ago keystone-bootstrap changed the default member role
that is created to member from the legacy _member_ role. Any deployments
that might still be using _member_ should set this explicitly.
Closes-Bug: #1957173
Change-Id: I1fc7f44326b82ceb303f8d663ff0b42f0bdf7855
It seems Django 3.0+ does not allow to set an unknown attribute
to forms.Form.fields. "keyOrder" attribute has no meaning and
"field_order" of the Form class is the right way to configure
the order of fields.
Change-Id: Ib3a631a3626977a2e7114dac217aacd523354c53
Currently, "Set Domain Context" and "Clear Domain Context" doesn't do
PRG, so page reload after these actions produce browser popup about form
re-submission. Proposed patch fixes it
Change-Id: I80d11cbdd42224456ee3a354ebad556a318ba03a
Most units (KB, MB, GB, TB, PB) are shown in an abbreviated format.
The exception were bytes, which where shown as "Bytes". This commit
resolves this inconsistency by showing "B" for byte units.
Change-Id: Ied94c777a70bf8955f5a328ffcb63d98a7a2befd
Closes-Bug: 1411595
Signed-off-by: Iago Estrela <hiagoestrelas@gmail.com>
The policy_rules feature was added recently, which simplifies making
tabs allowed conditionally based on policy. Use the feature for the User
role assignments and groups tabs.
This is a separate commit to allow the original patch to be backported.
Related-Bug: #1920214
Change-Id: Ic4a16b27c4f2da0daa2ec066d129926c349d1e4b
As a non admin user, navigate to Identity -> Users. Then click on the
username of your user to go to the detail page.
Only the allowed Overview tab is visible.
The view shows three tabs: Overview, Role assignments, Groups. Click on
either Role assignments or Groups. An error will appear, showing that
the API call is unauthorised, and the table content will fail to load.
This change fixes the issue by conditionally loading the tabs based on
policy.
Closes-Bug: #1920214
Change-Id: Ic8b723e6fd423b96a4f5eff54f9392cee534ed9e
we delete the "access_rules" field from the form if keystone API
version is less than 3.13, but we don't consider the case in
clean() method. We are in Wallaby development cycle and we support
N-4 release for upgrade [1]. This means horizon can run with Stein
keystone. Pre-3.13 keystone API (i.e., 3.12) is part of Stein
release [2], so it makes sense to consider this condition.
[1] https://docs.openstack.org/horizon/latest/contributor/policies/supported-software.html
[2] https://docs.openstack.org/api-ref/identity/
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I02e124d90f99d400d8c59bff2c563fdc85e624d4
All strings are considered as unicode strings in python 3,
so we no longer need "u" prefix (u'...').
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I796d2fcdca066475bbf29d25cbf2aa67b2b2178b
The last bunch of "spec has ho expectations" warnings is fixed
for the latest Jasmine. The option failSpecWithNoExpectations
is set to true now.
Related-Bug: #1894127
Change-Id: I87d6a3e0a21eb8f3e5a548d7fdd0ae01bbda54e1
Part of the removal of OPENSTACK_NOVA_EXTENSIONS_BLACKLIST (1/3)
All references of nova extensions in the python code are cleaned up.
Note that the API layer is not touched yet as it is used by the
JavaScript side.
Change-Id: I66cd0a9629253a6462aace9902ef8200b94b2a21
In python3, super() does not always require a class and self reference.
In other words, super() is enough for most cases.
This is much simpler and it is time to switch it to the newer style.
pylint provides a check for this.
Let's enable 'super-with-arguments' check.
NOTE: _prepare_mappings() method of FormRegion in
openstack_dashboard/test/integration_tests/regions/forms.py is refactored.
super() (without explicit class and self referece) does not work when
a subclass method calls a same method in a parent class multiple times.
It looks better to prepare a separate method to provide a common logic.
Change-Id: Id9512a14be9f20dbd5ebd63d446570c7b7c825ff
This pylint check 'no-else-return' might be debatable.
but as far as I checked it works in most cases.
Change-Id: Ie8574d4a529454c6e050fa62a7a17ea097d00240
Currently "then" callback functions for these tests aren't called since
digest cycles were never triggered. Jasmine Spec Runner marks them 'passed'
only adding "SPEC HAS NO EXPECTATIONS" into their names.
This patch triggers a digest by calling a scope's $apply functions in a
correct place, deals with timeout properly and makes the tests work.
Closes-Bug: #1894127
Change-Id: I00acc4b13fa0cc05b8c6ccd2024084527562f001
Identity JS tests have no output expectations but Jasmine Spec Runner marks
them 'passed' only adding "SPEC HAS NO EXPECTATIONS" into the tests names.
This patch adds callbacks to make tests asynchronous and fix it.
Partial-Bug: #1894127
Change-Id: I6c10c49b6a6aaee2fded8c3ef02f858208bc31b4
This patch is a clean-up patch for refactor-error-messages bp
which remove the exception message from base message otherwise
the same exception message display twice like
this https://ibb.co/XyFWMdz .
Partially-Implements blueprint refactor-error-messages
Change-Id: I46b632dbb6701785e7d654feff336a27d6ecea9c
On the application credentials index page the roles
are displayed as a python list: "[b'_member']".
This changes that to be properly comma-separated.
Closes-bug: #1878741
Change-Id: Idfbba05091b563957162b6cb58c2475f9594b0c2
Kyestone V2 support was removed in Train, so it's safe to do such cleanup.
* Functions which just return horizon settings are dropped and
the settings are referred directly now.
* The service catalog in the sample test data is updated to match
the format of the keystone API v3.
* Related to the above change of the sample service catalog,
openstack_dashboard.test.unit.api.test_keystone.ServiceAPITests is
updated to specify the region name explicitly because 'RegionTwo'
endpoint is no longer the second entry of the endpoint list in the
keystone API v3.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Ib60f360c96341fa5c618595f4a9bfdfe7ec5ae83
This feature was added in Keystone V3 API. Proposed patch adds support
to Horizon
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Closes-bug: #1766485
Change-Id: Ic20a58c76826d703b43fa6a2d77ae5f77dcda1f4
Changes test invocation from `manage.py test` to `pytest`. Adds addtitional
test requirements like pytest, pytest-django, pytest-html. Adds
`pytest.mark` alongside django's test `tag`. Adds posibility to export test
results into xml and html formats.
Depends-On: https://review.opendev.org/#/c/712315/
Related-Bug: #1866666
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Change-Id: Idb6e63cd23ca2ba8ca56f36eb8b63069bd211944
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I2de669d8e89b8daeb7ee5405ffab35af6307c40b
There are cases where leading/trailing spaces are included in passwords
We should not touch passwords input in forms and pass them to auth
backends without any modifications. The detail was discussed in
the mailing list thread [1] referred in the bug comment.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-January/thread.html#12223
Change-Id: I98de224cc77a98fa216ec3bc032412325e661e14
Closes-Bug: #1861224
