| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |/ / /
|/| | |
| | | |
| | | | |
Change-Id: I2200e33868d50bb69089f3108a5a4c061afccd6e
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Preserves the default passwords corresponding to the OpenStack Install
and Deploy Manual while allowing environment variables to specify user
provided passwords. As well, a single common password for all the service
users can be specified using the SERVICE_PASSWORD environment variable.
This fix restores compatibility with the version of this script released
in Folsom where the environment variables could override default passwords.
It also preserves compatibility with the fix for bug 1073291 that brought
the script into line with the docs (but unfortunately broke backwards
compatibility).
There is no warning emited if the user does not override the default
passwords as was present in Folsom, but not in Grizzly. This makes the
fix output compatible with Grizzly only. Note that the logic for warnings
pre-Grizzly was unclear. The script is, however, clearly named "sample"
and warnings are present in the comments.
Change-Id: I927fcddf04dcb87e5c9252f0874939b17f3c4809
Fixes: bug #1166182
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Moves the credentials API into its own backend.
LDAP was not going to be able to support credentials.
Even with a custom schema, many people are using LDAP in read only
mode, which means that they would not be able to use the credentials
API at all. By splitting it out, we have a workable solution for
both SQL and LDAP Identity backends.
Drops the Foreign Key constraints off the Credentials table, as there
is now no guaranttee that users are stored in the same backend.
Blueprint extract-credentials-id
Change-Id: I10ad4b36c6f03d1712621eaffcfefa48a5453aff
|
| |\ \ \ \ \ \ |
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When creating or updating a user, no type check was performed on the
enabled attribute. Therefore, if enabled value in JSON/XML is not a
boolean buta string or an int, keystone responds with an incorrect
Http 500 error code and the stacktrace.
The change introduces a type validation of the enabled attribute
at backend and api layer. If the type is not a boolean, keystone
now returns an appropriate Http 400 error code with a message
pointing a bad format for the attribute.
Test cases have been added to file test_backend and
test_content_types for testing the case when enabled attribute is a
string or int when creating or updating user.
The same correction can be done for create/update projects, domains.
Change-Id: I7d2fe3acf0c4dbd3ce5bdf9f4d059df085853b84
Fixes: bug #1110435
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Test for fix of bug 1078497
Change-Id: I5cd28b38111f3e80adbb33ef1b1c8db7630d75f8
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Closes bug 1172444
Change-Id: I4831946d01f05c2a10264745a07b53fa48be44c8
|
| |\| | | | | |
| |_|/ / / /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: Ifc8c876760f8402fc3293326972b9286fb1635c9
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Keystone exceptions could only take byte string message as the
message arguments to construct exception instances because of
the way its super class StandardError implements __unicode__.
This patch can also make sure it would not unintentionally remove
line breaks and indentation in a explicitly given message argument.
Fixs bug #1168879
Change-Id: I7916efc87845cfc4dba705e9474125b275affc13
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Currently the tables are not created which means that it isn't
possible for these tests to run on anything other than sqlite.
Fix test issues where the token id that is used to create the token is
not the same as the id that the token is saved with.
Fix a number of foreign key constraints issues.
Bug 1178041
Change-Id: Ib67eb97836e4224940abdeae4bba66748bfe4ca5
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This reverts commit 6219f94b3a1103a16bd5f16ed8ffdd41a85280e1.
This commit seems to cause keystone auth to hang when using
Keystone w/ Swift.
Fixes LP Bug #1178646.
Change-Id: Ieb94a29b3129847c84a02c8a526611f125f21ea0
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This should allow tests to pass on Centos 6 without
the 6219f94 commit which functionally breaks swift.
Change-Id: I4a6d07abf5159d3daa4c8f9bf94e60d730ccd300
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This change avoids eventlet's monkey-patching of DNS
resolution. eventlet's doesn't support IPv6, for example.
The way to avoid eventlet's DNS is to set an environment
variable. The trick is the environment variable needs to be set
before eventlet is imported.
A similar change was made in nova, so this is just copying
that code and technique to keystone.
This allows re-enabling the IPv6 tests, too.
Change-Id: I30524a1cebd43580d692fd88ef32be45e62758c5
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
A minor refactor to move the code up in the file as suggested by termie
and henry regarding the review comments in
https://review.openstack.org/#/c/26487/
Fix bug 1166697
Change-Id: I890415c755dd383749f2d4382f53d0b3a6badc6c
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | | |
Change-Id: Ieeb2246579ddc0608092eed5239258d2b4dbf42b
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Use regex pattern to replace password to "***" for both env vars and
request body output
Fix bug 1166697
Change-Id: I671ea25cca78b4dea1fbf2e63c89b82912279f2d
|
| |\ \ \ \ \ \ \
| |_|_|_|_|_|/
|/| | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: I77a20d1910063b5cbee601885cd049df86c03752
|
| |\ \ \ \ \ \ \ |
|
| | | |_|_|_|_|/
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Using the LDAP identity backend,
if a group member entry doesn't exist in the LDAP server anymore
and the group's members are listed using GET /v3/groups/{groupId}/users,
Keystone returns 404 Not Found.
The server should return all the group members that do exist
and ignore the missing members,
and probably log a warning message about the missing user.
Fixes bug 1174585
Change-Id: Idf7c8c7f87affc4a72c5fe5e18e09a0f362e2646
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Eventlet address resolving doesn't support IPv6. This is causing the
gate to fail.
The failure happens when the dnspython package is installed in the
environment. When dnspython is there then eventlet takes over
getaddrinfo, and eventlet's getaddrinfo doesn't support IPv6. If
dnspython isn't there, then the eventlet patching doesn't happen
and IPv6 address resolution works.
It appears that the pip dependencies have recently been updated
so that dnspython gets installed now.
The fix is to skip the 3 tests that force the server to listen
on "::1".
Fixes bug 1176204
Once eventlet is updated, we can add the tests back in. Here's the
eventlet code in question:
https://bitbucket.org/eventlet/eventlet/src/e0f578180d7d82d2ed3d8a96d520103503c524ec/eventlet/support/greendns.py?at=0.12#cl-166
Change-Id: Ib7a5a5f0dcac82229b7b7fb3df4b1ef141586c5f
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
A short blurb indicating how to do development for LDAP
Change-Id: Id75d9f9af8742b44158ed739d34dbdccb62eccf2
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This is needed as a work around for objectclasses that require additional
attributes other than just what is supplied in user_id_attribute and
user_name_attribute.
Change-Id: Ie6cdd0534b8389f62f98fdca7d19bc0feb9c131f
Fixes: bug #1158077
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add secret=True to LDAP password and admin_token
of keystone configuration.
Fix bug #1172195
Change-Id: I8ef7f705e3f6b374ff427c20eb761892d5146a75
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Change-Id: Ieb88d50f378b46cb0e91a84142cbaf07c3f3defb
Signed-off-by: You Ji <jiyou09@gmail.com>
|
| |\ \ \ \ \ \ \ \ |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Add some session commits to prevent database deadlocks.
Force close all open sessions before performing tear down.
Use escaped parameter handling for raw sql statements.
Change-Id: I0ef670ddc416a02e78570ab6ebed2b4bf2a8635b
|
| |\| | | | | | | |
| |_|_|_|/ / / /
|/| | | | | | | |
|
| | | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Remove the foreign key constraint for user_id. Whilst it is a foreign
key the constraint was not set in the previous schema. Also sets the
columns names to unicode as they were in previous schema.
Fixes: bug 1169381
Change-Id: I9b1ac5305622d68a7e124ba8100a4b8166b43af0
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
keystone.auth.controllers.AuthInfo's get_method_data() referenced
a variable that was not defined.
Change-Id: I4171453d5e9843501052c9e395273976255342ad
|
| |\ \ \ \ \ \ \ \ |
|
| | | |_|_|_|_|/ /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Providing an initial policy rule for the list_groups_for_user
operation in the sample policy.json file for the ease of
configuration.
Fixes bug #1167836
Change-Id: Id253729098a95d3b129babde1b3706f409a095dd
|
| |\ \ \ \ \ \ \ \ |
|
| | | |_|_|/ / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
when using ./run_tests.sh with -xintegration this test fails
with a duplicate option error, we shouldn't be running it there
Change-Id: Idb0f7608bbefd2975958ae30977e9a4d5debfc1f
|
| |\ \ \ \ \ \ \ \ |
|
| | | |_|/ / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
An undefined variable was used in the trust kvs backend, this
fixes it.
Change-Id: I9c25d85ab64afa2bf7639d3fd14a4d6839dacb64
|
| |\ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/
|/| | | | | | | |
|
