| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: I03daf10aa4f689fe323e39537c312d1e783db313
|
|
|
|
|
|
|
|
| |
- v3 policy (bp rbac-keystone-api)
- v3 policy tests (bug 1023935)
- v3 policy implementation (bug 1023939)
Change-Id: I163fbb67726c295fe9ed09b68cd18d2273345d29
|
|
|
|
|
|
| |
DocImpact
Change-Id: I1ee9a1e2505cdd8c9ee8acba5c0e89a4f25c7262
|
|\
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
keystone/catalog/core.py
keystone/identity/core.py
Change-Id: Id47b9dd9c4da811d13454b539f78b751d40ed87d
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Provides configuration to deploy the v3 API identically across both:
http://[...]:5000/v3/
http://[...]:35357/v3/
Change-Id: I97c5a2f7a84e3fca0adaea020697f958e04f5753
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The token_format settings defaults to PKI, but both the
"PKI" and "UUID" lines were still in the sample config file.
This patch removes the duplicate and leaves only the
correct default.
Change-Id: Ib8560952ec2aee6d6b6eda944c6ec1f96fdc5c4c
|
| |
| |
| |
| | |
Change-Id: I128b0ccdb32694a4fc2f660e73c367aa8b01f257
|
| |
| |
| |
| | |
Change-Id: I004e569756698098bf073f5516945f356f88bfea
|
|\ \ |
|
| |/
| |
| |
| | |
Change-Id: I5e2746827bd66c6c4aebc28da1b24933fdc261f7
|
|/
|
|
| |
Change-Id: I99092eb4aee3b3b1b9cf297561577f1915c0e886
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make the revocation list into a JSON document and get the Vary header.
This will also allow the revocation list to carry additional
information in the future, to include sufficient information for the
calling application to figure out how to get the certificates it
requires.
Bug 1038309
Change-Id: I4a41cbd8a7352e5b5f951027d6f2063b169bce89
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
fix bug #1039857
verbose and debug is False by default, but they display True in
keystone.conf.sample. It may confuse people who cp
keystone.conf.sample to keystone.conf
Change-Id: I62031b879196da1633a198b6ae1f116485fe783b
|
|/
|
|
| |
Change-Id: I535ddb9e7437cd80e692db13615cbfdc1b918e46
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Updates the default key_size and config file example to 1024.
Using the previous value of 2048 would cause database truncation
and/or column size errors because the 'id' column isn't big enough
to hold that much data.
Works around LP Bug #1031191.
Change-Id: Ic28bf0945a65fb80a4b610a4de7afa485d09e2bb
|
|/
|
|
|
|
|
|
|
|
|
| |
Includes documentation and sample config file values.
Bug 997700
Patchset adds DocImpact flag for notifying doc team about these new
config file values.
Change-Id: Ibd3fade3f233a3b89a1c2feaa0a6b5a9569ad86c
|
|
|
|
| |
Change-Id: If0a7704ff578162d6b7fa8b68c0e0ed37e72cb73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes bug 996922
This commit adds a user_crud module that can be used in the public wsgi
pipeline, currently the only operation included allows a user to update
their own password.
In order to change their password a user should make a HTTP PATCH to
/v2.0/OS-KSCRUD/users/<userid>
with the json data fomated like this
{"user": {"password": "DCBA", "original_password": "ABCD"}}
in addition to changing the users password, all current tokens
will be cleared (for token backends that support listing) and
a new token id will be returned.
Change-Id: I0cbdafbb29a5b6531ad192f240efb9379f0efd2d
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes bug 980037 again
Systemd notification should be sent in-process, otherwise systemd might
miss the subprocess sending notification.
See systemd bug https://bugzilla.redhat.com/show_bug.cgi?id=820448
Change-Id: Iccc51cf77af5598ee6b4c3cd69a12a7ee9fc2eb5
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Bug 1017554
paths now correspond with SSL
unit test for cert generation
Added mode config values
Explict about umask
replace string concat for paths with proper use of os.path.join
Change-Id: I8b3bec82d7b72993aa69653f63ff64c3f675f716
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Attributes are tracked seperately per interface (public API vs admin API):
- Request method (GETs, POSTs, etc)
- Requested resources
- Number of requests per remote address
- Response status codes
Retrieve statistics report:
GET http://keystone:35357/v2.0/OS-STATS/stats
e.g. http://paste.openstack.org/raw/18528/
Reset statistics report:
DELETE http://keystone:35357/v2.0/OS-STATS/stats
Change-Id: Id21af755e5e25b8275dd55b7415bf4c421304807
|
|
|
|
|
|
| |
- Document S3 functionality along the way.
Change-Id: I5525cd084aa16a33176c2ed0c3df53e9743072fc
|
|
|
|
|
|
| |
Implemented bp/2-way-ssl using eventlet-based SSL.
Change-Id: I5aeb622aded13b406e01c78a2d8c245543306180
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes bug 980037
Service managers starting keystone-all have no way of being notified
when the service is ready to accept connections. This commit allows
a configurable command to be called when we are ready e.g.
for systemd setting the statup type of a service unit to "notify" and setting
onready = systemd-notify --ready
in keystone.conf, would notify a waiting systemd that we are ready to
serve
In an automated envirnment (e.g. puppet) this will allow the startup of
the keystone-all service (with systemctl for example) directly followed
by usage of the keystone client without the need for a sleep (or retry)
while we are waiting for the keystone service to be ready.
Change-Id: I3f7aafe9837be60a0f35cae1a7db892f6851cc47
|
|/
|
|
|
|
| |
Fixes bug 956954.
Change-Id: Ib5995a01439e564fcb27682976e8e27c8bb7d0d1
|
|
|
|
|
|
|
|
| |
Make sure all the available options are include in the file, add
some more documentation and, rather than set any of the defaults,
just include them as comments.
Change-Id: I2cb6060f47ea88349b1862d4d995c80cf9237066
|
|
Fixes bug 966670.
Change-Id: Ic57c9971c4f3a14c30e2382c58c3d0da6b2a7957
|