summaryrefslogtreecommitdiffstats
path: root/doc/source
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Add support for API message localization"Jenkins2013-08-181-0/+31
|\
| * Add support for API message localizationBrant Knudson2013-08-141-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for doing language resolution for a request, based on the Accept-Language HTTP header. Using the lazy gettext functionality from oslo gettextutils, it is possible to use the resolved language to translate an exception message to the user requested language and return that translation from the API. Co-authored-by: Luis A. Garcia <luis@linux.vnet.ibm.com> Co-authored-by: Mathew Odden <mrodden@us.ibm.com> Implements bp user-locale-api Change-Id: Id8e92a42039d2f0b01d5c2dada733d068b2bdfeb
* | Add delegated_auth support for keystoneSteve Martinelli2013-08-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | Implements an OAuth 1.0a service provider. blueprint: delegated-auth-via-oauth DocImpact SecurityImpact Change-Id: Ib5561593ab608f3b22fbcd7196e2171f95b735e8
* | Implement domain specific Identity backendsHenry Nash2013-08-151-0/+19
|/ | | | | | | | | | | | | | | | | | | | | | | | A common scenario in shared clouds will be that a cloud provider will want to be able to offer larger customers the ability to interface to their chosen identity provider. In the base case, this might well be their own corporate LDAP/AD directory. A cloud provider might also want smaller customers to have their identity managed solely within the OpenStack cloud, perhaps in a shared SQL database. This patch allows domain specific backends for identity objects (namely user and groups), which are specified by creation of a domain configuration file for each domain that requires its own backend. A side benefit of this change is that it clearly separates the backends into those that are domain-aware and those that are not, allowing, for example, the removal of domain validation from the LDAP identity backend. Implements bp multiple-ldap-servers DocImpact Change-Id: I489e8e50035f88eca4235908ae8b1a532645daab
* Move 'tests' directory into 'keystone' packageSascha Peilicke2013-08-141-4/+4
| | | | | | | | | | | Similar to a range of other components (e.g. glance,nova,...) and recent reviews by Monty. Running individual tests can be done like this: ./run_tests.sh keystone.tests.test_drivers Change-Id: I2482a48322150e5eb09b703326a94d8283f1c75b
* Add memcache to httpd doc.Adam Young2013-08-091-1/+11
| | | | | | Bug 1170455 Change-Id: Id2fc4f14d0c880160c2b6ef6c9922e23fb1cb8a6
* Merge "extension migrations"Jenkins2013-08-071-0/+30
|\
| * extension migrationsAdam Young2013-08-061-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow each of the extensions to have their own sql migration repository instead of mixing them into the common repo. db_sync must be called explicitly on the extension. In the past, it was assumed that only migrations for backends backed in sql would be run. In practice, however, all of the migrations were run every time. The code has been modified to reflect this. Adds parameter --extension to the cli for db_sync and db_version to test out the migrations bin/keystone-manage db_sync --extension example will migrate to version 1 and bin/keystone-manage db_sync --extension example 0 will migrate it back to 0 to check the version bin/keystone-manage db_version --extension example blueprint multiple-sql-migrate-repos DocImpact Change-Id: I6852d75bde6506c535fa3d74537e3c1bbd6578d8
* | Merge "Use oslo.sphinx and remove local copy of doc theme"Jenkins2013-08-024-98/+9
|\ \
| * | Use oslo.sphinx and remove local copy of doc themeDoug Hellmann2013-07-084-98/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the new oslo.sphinx version of the OpenStack doc theme instead of copying it into this repo. blueprint oslo.sphinx Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com> Change-Id: I0bd91f7bb43f97b99051fed65b75fc05d5149cc8
* | | Merge "Fix typo: Tenents -> Tenants"Jenkins2013-08-021-1/+1
|\ \ \ | |_|/ |/| |
| * | Fix typo: Tenents -> TenantsFrancois Deppierraz2013-07-301-1/+1
| | | | | | | | | | | | Change-Id: I3cbef892af708368bffe8f503299be3cf8f3c030
* | | Update references with new Mailing List locationTom Fifield2013-07-292-2/+2
|/ / | | | | | | | | | | | | | | | | | | | | Yesterday, openstack@lists.launchpad.org was migrated with all users to openstack@list.openstack.org. This patch updates references to the old mailing list with the new, to ensure that people encountering them don't accidentally try and join the old list! Change-Id: I0f8a91a361647a87fab9a1392d56a815f4d66eac
* | Deprecate kvs token backendJoe Gordon2013-07-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This backend is not usable in any production environment. All OpenStack environments will already have a SQL DB, and if someone does not want to use the DB they can use the memcache backend. Fixes bug 1188301 and bug 1188370 DocImpact This backend should not be mentioned in documentation, as it is not production grade and is deprecated. Change-Id: I41b147bcc70b79b4fc6df50b242a73cfcad33114
* | Implement Token Binding.Jamie Lennox2013-07-171-0/+38
| | | | | | | | | | | | | | | | | | | | | | Brings token binding to keystone server. There are a number of places where the location or hardcoding of binding checks are not optimal however fixing them will require having a proper authentication plugin scheme so just assume that they will be moved when that happens. DocImpact Implements: blueprint authentication-tied-to-token Change-Id: Ib34e5e0b6bd83837f6addbd45d4c5b828ce2f3bd
* | Merge "Pluggable Remote User"Jenkins2013-07-171-1/+10
|\ \
| * | Pluggable Remote UserAdam Young2013-07-171-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Select the code to handle REMOTE_USER based on a config file option Fixes the REMOTE_USER logic to get the domain name from REALM, which is the least surprise option. Disregards the auth_data passed in, as we should be using REMOTE_USER to get the user name. External Plugin is now executed in conjunction with the auth methods, as opposed to in place of them. DocImpact blueprint pluggable-remote-user Change-Id: I9dda6dbe073f03806bdf539db6faa01644109f1c
* | | Implement role assignment inheritance (OS-INHERIT extension)Henry Nash2013-07-171-0/+12
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This extension allows for project roles to be optionally inherited from the owning domain. The v3 grant APIs are extended to take an inherited_to_projects flag. The GET role_assignments API will also include these roles in its response, either showing them as inherited roles assigned to the domain or, if the 'effective' query parameter is set, will interpret the inheritance and reflect those role assignments on the projects. The inherited_to_projects flag is encoded in the role list in the metadata of the relevant entries in the grant tables. The 'roles' key in the metadata is now a list of dicts, as opposed to a simple list, where each dict is either {'id': role_id} for a regular role, or {'id': role_id, 'inherited_to': 'projects'} for an inherited role Remember that a previous patch had rationalized the way metadata is handled so that its structure is entirely hidden within the driver layer. The extension can be enabled/disabled via a config setting. Limitations: - The extension is not yet discoverable via url, this will be added as a separate patch when the v3/extensions work is complete. A separate issue has been discovered with the fact that the v2 calls of 'get_projects_for_user()' and 'list_user_projects()' should be rationalized and also honor both group (and inherited) role assignments. This is being raised as a separate bug. DocImpact Implements bp inherited-domain-roles Change-Id: I35b57ce0df668f12462e96b3467cef0239594e97
* | Merge "Change domain component value to org from com"Jenkins2013-07-161-1/+1
|\ \
| * | Change domain component value to org from comSahdev Zala2013-07-111-1/+1
| |/ | | | | | | | | | | | | | | | | Fixes Bug1200241 Changes variable value in keystone doc to proper a domain component and make it consistent. Change-Id: I0a9ac381d2da14c957df5aa50cb8f9dfadade1ac
* / Implements Pluggable V3 Token ProviderGuang Yee2013-07-121-2/+24
|/ | | | | | | | | | | | | | | | | | Abstract V3 token provider backend to make token provider pluggable. It enables deployers to customize token management to add their own capabilities. Token provider is responsible for issuing, checking, validating, and revoking tokens. Note the distinction between token 'driver' and 'provider'. Token 'driver' simply provides token persistence. It does not issue or interpret tokens. Token provider is specified by the 'provider' property in the '[token]' section of the Keystone configuration file. Partially implemented blueprint pluggable-token-format. This patch also fixes bug 1186061. Change-Id: I755fb850765ea99e5237626a2e645e6ceb42a9d3
* rename quantum to neutron in docsMark McClain2013-07-021-1/+1
| | | | | | implements bug: 1197208 Change-Id: Icb7e7d4212e53cd55281a42fb2cd26b243d79eb8
* Clean up keystone-all.rstBrant Knudson2013-06-261-23/+27
| | | | | | | This change fixes warnings and errors from doc/source/man/keystone-all.rst when generating documentation. Change-Id: Ie33b2600f28c517644730b2371ce34ca2e73b7a5
* Merge "Fix link typo in Sphinx doc"Jenkins2013-06-221-1/+1
|\
| * Fix link typo in Sphinx docDirk Mueller2013-06-121-1/+1
| | | | | | | | Change-Id: I00667ca171d1be5acdacb472561cbf74baf6a852
* | Set default 'ou' name for LDAP projects to ProjectsSahdev Zala2013-06-171-2/+2
| | | | | | | | | | | | | | | | | | | | The default ou name for projects/tenants should be Projects, as we normally use in devstack and ldap live test. Since multiple LDAP objects can use groupOfNames, setting projects group to Groups is vague. Fixes Bug1191807 Change-Id: I1718c76320da51a58abf6558a9b8560e908773cb
* | Merge "Remove how to contribute section in favor of CONTRIBUTING.rst"Jenkins2013-06-171-13/+0
|\ \
| * | Remove how to contribute section in favor of CONTRIBUTING.rstDolph Mathews2013-06-101-13/+0
| | | | | | | | | | | | Change-Id: I5364d9d930ca0871bd839917b23ef3199eff3340
* | | Correct LDAP configuration docSahdev Zala2013-06-131-7/+7
| |/ |/| | | | | | | | | | | | | Correct the wrong naming used for domain controller in the configuration doc. Fixes Bug1190647 Change-Id: I10b138f319b309db7c2747920ab5bd9e727a4557
* | Merge "Replace openstack-common with oslo in docs"Jenkins2013-06-111-1/+1
|\ \
| * | Replace openstack-common with oslo in docsThomas Bechtold2013-06-101-1/+1
| | | | | | | | | | | | Change-Id: Id4a8f285b380478705e5518440b7ed602e7757d4
* | | Merge "Fix internal doc links (bug 1176211)"Jenkins2013-06-103-17/+9
|\ \ \ | | |/ | |/|
| * | Fix internal doc links (bug 1176211)Dolph Mathews2013-06-073-17/+9
| | | | | | | | | | | | Change-Id: Iab416c941c7db00d3fd725e1c0e12ed7fc193dd0
* | | Merge "Raise key length defaults"Jenkins2013-06-081-4/+4
|\ \ \
| * | | Raise key length defaultsDirk Mueller2013-06-041-4/+4
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Extend RSA keylength to 2048 bits by default, as the previous default of 1024 bit is considered weak since 12/31/2010. Also unify the message_md to the openssl builtin default. Fixes bug 1103002 Change-Id: I70e90b7696f8a56073c3d6bdc9ed5d30cfa3401f
* / / Missing contraction: Its -> It's (bug 1176213)Dolph Mathews2013-06-071-1/+1
|/ / | | | | | | Change-Id: I9403289012eea3b78f9bf02154827554d9e07462
* | Merge " Rename requires files to standard names."Jenkins2013-05-312-5/+5
|\ \
| * | Rename requires files to standard names.Carlos D. Garza2013-05-242-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Rename tools/pip-requires to requirements.txt and tools/test-requires to test-requirements.txt. These are standard files, and tools in the general world are growing intelligence about them. Fixes: bug #1179008 Change-Id: I1a19f0c73ab48987e2ff0dade1a57a68b65f0a22
* | | separate paste-deploy configuration from parametersAlan Pevec2013-05-264-15/+26
|/ / | | | | | | | | | | | | | | | | | | | | | | PasteDeploy configuration contains class names which might change between releases. Keeping it separate from user-configurable parameters allows deployers to move paste-deploy ini file out of configuration directory to a place where it can be safely overwritten on updates e.g. under /usr/share/ DocImpact Change-Id: I9292ca6226c8430b93565dedd45cc842742a23e2
* | Merge "Documentation about the initial configuration file and sample data."Jenkins2013-05-211-2/+30
|\ \
| * | Documentation about the initial configuration file and sample data.James Slagle2013-04-231-2/+30
| | | | | | | | | | | | | | | | | | | | | The initial configuration file and sample data are both are helpful in getting setup with a keystone development environment. Change-Id: Ic100177abe8dda1510a183463e61e0b757986e97
* | | Implement Token Flush via keystone-manage.Jamie Lennox2013-05-212-0/+14
| |/ |/| | | | | | | | | | | | | Creates a cli entry 'token_flush' which removes all expired tokens. Fixes: bug 1032633 Implements: blueprint keystone-manage-token-flush Change-Id: I47eab99b577ff9e9ee74fee08e18fd07c4af5aad
* | HACKING LDAPAdam Young2013-04-241-0/+16
|/ | | | | | A short blurb indicating how to do development for LDAP Change-Id: Id75d9f9af8742b44158ed739d34dbdccb62eccf2
* Merge "bug 1159888 broken links in rst doc"Jenkins2013-04-185-18/+28
|\
| * bug 1159888 broken links in rst docJoe Savak2013-03-265-18/+28
| | | | | | | | Change-Id: Iad8e63ab57c927032e4bafab79c1f22cb485173f
* | Merge "Add missing colon for documentation build steps."Jenkins2013-04-121-1/+1
|\ \
| * | Add missing colon for documentation build steps.James Slagle2013-03-301-1/+1
| |/ | | | | | | Change-Id: I9ecb5d945d950e44c918469ab2ae0478e22bc1a8
* | Generate HTTPS certificates with ssl_setup.Jamie Lennox2013-04-112-11/+38
| | | | | | | | | | | | | | | | | | Extracts common OpenSSL functionality from pki_setup and adds a new cli command ssl_setup which re-uses this base to generate SSL certificates for https. Change-Id: Ia34827583bcdfbd871133250681010e642271f07 Fixes: bug 1155361
* | Add TLS Support for LDAPBrad Topol2013-04-091-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes Bug1040115 added several test cases, also provides a full ldap regression suite. Also added supplemental (simple) verification for CACERTFILE and CACERTDIR added a TLS disable option when ldaps URLs are used and did full regression tests using ldaps URLs and with TLS addresses ayoung's comments addresses dolphm's and Mouad's comments addresses gyee's doc request and bknudson's comments Change-Id: I639f2853df0ce5c10ae85b06214b26430d872aca
* | Fix example in documentation.Alvaro Lopez Garcia2013-04-051-1/+3
|/ | | | | | | The example lacked the import of keystone.common.wsgi that could be misleading for new developers. Change-Id: I20be59f5792507a775d033867a69d31c5216633c
generated by cgit (git 2.34.1) at 2024-05-18 11:32:07 +0000