summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | | domain_id_attributes in config.py have wrong default valueBrad Topol2013-02-252-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, as requested I put in this bug fix the related updates to keystone.conf.sample Fixes Bug1131443 Fixes Bug1131439 Change-Id: I3e973c8f8ad2783153a2ccb3d743b65eec47e749
* | | | | Merge "bug 1131840: fix auth and token data for XML translation"Jenkins2013-02-2714-119/+189
|\ \ \ \ \
| * | | | | bug 1131840: fix auth and token data for XML translationGuang Yee2013-02-2614-119/+189
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I4408b3e6e0752ca75bc36399f5148890820e9a89
* | | | | | Convert api to controllerAdam Young2013-02-261-42/+53
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Auth test case was using the member for a controller but had called it API, which was confusing Change-Id: Ic3d233208149277e4647010c0a8567814bdadc44
* | | / / flatten payload for policyAdam Young2013-02-262-35/+70
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | allows the policy rules to run over a JSON payload. Nestes values en up in dotted notation Change-Id: I9a2ec870c79369d308a23cd742aaeda25400f33a
* | | | Merge "Move handle_conflicts decorator into sql"Jenkins2013-02-253-43/+32
|\ \ \ \
| * | | | Move handle_conflicts decorator into sqlAdam Young2013-02-253-43/+32
| |/ / / | | | | | | | | | | | | Change-Id: I7ed923592e94f96be5226745224b981c3a3ac161
* | | | Merge "Ensure keystone unittests do not leave CONF.policyfile in bad state"Jenkins2013-02-252-0/+12
|\ \ \ \ | |/ / / |/| | |
| * | | Ensure keystone unittests do not leave CONF.policyfile in bad stateHenry Nash2013-02-222-0/+12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A few of the tests overwrite the name of the policy file (so they can use a temp file instead). However, if it is left that way, subsequent tests that rely on it may fail. A separate patch will look at doing a more comprehensive reset in the setup of test_v3 - ensuring we always start from a completely clean slate for all confirguration parameters. Fixes Bug #1131819 Change-Id: Ibe5ee12f44310de00b12ddd405c83f59b2d840b7
* | | Merge "Correct SQL migration 017 column name"Jenkins2013-02-231-3/+3
|\ \ \ | |/ / |/| |
| * | Correct SQL migration 017 column nameDean Troyer2013-02-191-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | The user_project_membership still uses tenant_id and not project_id as a column name, the migration code uses project_id for both tables. Fixed bug 1130424 Change-Id: Id7c9f78235ad87103ecf469bea312e6291c0a327
* | | Merge "Change the default LDAP mapping for description."Jenkins2013-02-222-4/+4
|\ \ \
| * | | Change the default LDAP mapping for description.alatynskaya2013-02-202-4/+4
| | | | | | | | | | | | | | | | Change-Id: I361ec7fde2dde8b9a2091446d4d9f3b95d98f306
* | | | Merge "Tests for domain-scoped tokens"Jenkins2013-02-213-82/+218
|\ \ \ \
| * | | | Tests for domain-scoped tokensDolph Mathews2013-02-213-82/+218
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fixes bug 1131292: catalog returned with unscoped tokens - Fixes bug 1131294: X-Subject-Token not returned on token validation Change-Id: I1808613f276354e2a37cf8c154b55509a2888d89
* | | | | Merge "Fix id_to_dn for creating objects"Jenkins2013-02-213-24/+30
|\ \ \ \ \
| * | | | | Fix id_to_dn for creating objectsAdam Young2013-02-213-24/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only do the lookup if the scope is not ONELEVEL For ONELEVEL, there is no point in paying the price of the lookup. If the object is not found for scoped queries, return the top level DN so the object can be created. Bug 1131265 Change-Id: I1ca41bf87c3bdea30fbdf607b19192f37dd0bfd6
* | | | | | Merge "domain-scoping"Jenkins2013-02-214-2/+107
|\ \ \ \ \ \ | | |/ / / / | |/| | | |
| * | | | | domain-scopingGuang Yee2013-02-204-7/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement domain-scoping functionality for v3 auth API Change-Id: Id5e935735a43fefee10a36d9d691578871ba7fcb
* | | | | | Merge "Update oslo-config version."Jenkins2013-02-211-1/+1
|\ \ \ \ \ \
| * | | | | | Update oslo-config version.Russell Bryant2013-02-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the version of oslo-config in pip-requires. This update includes a fix for a bug that breaks oslo.config imports. Change-Id: I2e31d3980c495b1fd16db5488c7d3c982ce069ac
* | | | | | | Merge "Removed redundant assertion"Jenkins2013-02-211-5/+0
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | |
| * | | | | | Removed redundant assertionDolph Mathews2013-02-201-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Iba9f0a5bd713b21487471eb64ce931910b1ca912
* | | | | | | Merge "Pass query filter attributes to policy engine"Jenkins2013-02-217-76/+306
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | |
| * | | | | | Pass query filter attributes to policy engineHenry Nash2013-02-217-76/+306
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the v3 api, there will be cases when a cloud provider will want to be able to protect apis by matching items in the query filter string. A classic case would be: GET /users?domain_id=mydomain The change augments the v3 controller protection wrapper with one that will also pass in filter parameters. Since this filter list also equates to the filter_by_attribute code that the subsequent api call will make, the filterprotection wrapper passes the filter list into the api call, allowing the code body to not have to re-specify the same list. This also has the consequency of fixing all the missing filter_by_attribute statements in the current code base. Some tests cannot yet be run due to dependency on completion of v3/auth Fixes Bug #1126048 Fixes Bug #1101240 Change-Id: Ibd9867f6eed585414671bbab774df95b8acdf6a5
* | | | | | Merge "v3 token API"Jenkins2013-02-2134-135/+1834
|\| | | | |
| * | | | | v3 token APIGuang Yee2013-02-2034-135/+1834
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also implemented the following: blueprint pluggable-identity-authentication-handlers blueprint stop-ids-in-uris blueprint multi-factor-authn (just the plumbing) What's missing? * domain scoping (will be implemented by Henry?) Change-Id: I191c0b2cb3367b2a5f8a2dc674c284bb13ea97e3
* | | | | Merge "enabled attribute emulation support"Jenkins2013-02-215-2/+191
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | enabled attribute emulation supportalatynskaya2013-02-205-2/+191
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes bug 1063858 Implementation works as described in the second comment. Change-Id: Ib0aa85f05244044c9f40fa9634b5ed3e8afa1f37
* | | | | Merge "make LDAP query scope configurable"Jenkins2013-02-204-10/+49
|\ \ \ \ \
| * | | | | make LDAP query scope configurableIonuț Arțăriși2013-02-184-10/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Get the DN from the LDAP server itself rather than hardcoding its format. Fixes bug 1122181 Change-Id: I6f70c480b5c6f1b064e74d3cbd2cd8ca5ee82b0a
* | | | | | Merge "Disable XML entity parsing"Jenkins2013-02-201-2/+13
|\ \ \ \ \ \
| * | | | | | Disable XML entity parsingDolph Mathews2013-02-191-2/+13
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes bug 1100282 and bug 1100279. Change-Id: I6a7c9e7110e1c7890205d6e4550ab46295c68906
* | | | | | Merge "merging in fix from oslo upstream"Jenkins2013-02-201-22/+9
|\ \ \ \ \ \
| * | | | | | merging in fix from oslo upstreamJoe Heck2013-02-201-22/+9
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | Change-Id: I61ae24b305df086a5c48a6d033046d84296023b2
* | | | | | Merge "Ensure user and tenant enabled in EC2"Jenkins2013-02-203-35/+59
|\ \ \ \ \ \ | |/ / / / / |/| | | | |
| * | | | | Ensure user and tenant enabled in EC2Nathanael Burton2013-02-193-35/+59
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | Fixes bug 1121494. Change-Id: If7277f0b4a55aa5be81b354cd4c7ed338a600a62
* | | | | Merge "Update the Keystone policy engine to the latest openstack common"Jenkins2013-02-195-248/+855
|\ \ \ \ \ | |_|_|/ / |/| | | |
| * | | | Update the Keystone policy engine to the latest openstack commonHenry Nash2013-02-195-248/+855
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes Bug #1126037 Change-Id: I246bc9c0c2eb0f4af97c11588c80e4bcea06e747
* | | | | Merge "Implement name space for domains"Jenkins2013-02-199-76/+431
|\ \ \ \ \ | |_|_|_|/ |/| | | |
| * | | | Implement name space for domainsHenry Nash2013-02-199-76/+431
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Creates a separate name space for each domain for the name attribute of user, groups and projects - meaning that the names of these entities only have to be unique within that domain. Implementation of this within the SQL backends is handled by simply changing the uniqueness constraints on the relevant attributes. KVS and LDAP backends do not yet support domain separation (blocked by existing restrictions, already raised as bugs). An issue exists for the downward migration with this change in that if the database has been used and populated with the name space in place then the downward migration may fail due to clashing names when you try and revert to a global name space (raised as a separate bug) This patch also improves the group support in the KVS backend and cleans up string quoting in the 016 migration fucntions, and fixes an issue where the SQL update_project was not updating a change in domain_id. Change-Id: I8f0df0e1bf84bfd26b8ef5505fe5fafd930dc78b
* | | | Merge "Remove old, outdated keystone devref docs"Jenkins2013-02-198-1461/+0
|\ \ \ \
| * | | | Remove old, outdated keystone devref docsTom Fifield2013-02-208-1461/+0
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The doc/source/old directory contained several docs that were marked as 'old' and hadn't been updated for more than a year. This patch simply removes them - they aren't referred to in any way noticable on keystone.openstack.org. Change-Id: Ida57e0321be09aa8ddcb966f386132946017cdcb
* | | | Merge "Use oslo-config-2013.1b3"Jenkins2013-02-198-1870/+10
|\ \ \ \
| * | | | Use oslo-config-2013.1b3Mark McLoughlin2013-02-188-1870/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cfg API is now available via the oslo-config library, so switch to it and remove the copied-and-pasted version. Add the 2013.1b3 tarball to tools/pip-requires - this will be changed to 'oslo-config>=2013.1' when oslo-config is published to pypi. This will happen in time for grizzly final. Remove the 'deps = pep8==1.3.3' from tox.ini as it means all the other deps get installed with easy_install which can't install oslo-config from the URL. Change-Id: I4815aeb8a9341a31a250e920157f15ee15cfc5bc
* | | | | Merge "Update sample_data.sh to match docs"Jenkins2013-02-191-156/+108
|\ \ \ \ \ | |_|/ / / |/| | | |
| * | | | Update sample_data.sh to match docsDavid Höppner2013-02-181-156/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Confirm more with the "OpenStack Install and Deploy Manual." Change-Id: I46ab7e8e5ccdf389cbc60fee84c063f289155781 Fixes: bug #1073291
* | | | | Merge "make fakeldap._match_query work for an arbitrary number of groups"Jenkins2013-02-191-6/+2
|\ \ \ \ \ | |_|_|/ / |/| | | / | | |_|/ | |/| |
| * | | make fakeldap._match_query work for an arbitrary number of groupsIonuț Arțăriși2013-02-181-6/+2
| | |/ | |/| | | | | | | Change-Id: I82e36ff2005309d316e45a65b242d778005f7615
* | | Merge "Add an update option to run_tests.sh"Jenkins2013-02-191-0/+7
|\ \ \
generated by cgit (git 2.34.1) at 2026-03-19 20:40:19 +0000