| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Key Distribution Service is used to register keys for services and
distribute tickets to contact othe services.
The KDS is used to digitally sign and optionally encrypt messages sent over the
message queue by the rpc modules.
It implements the service described in this document:
https://wiki.openstack.org/wiki/MessageSecurity#A_Key_Distribution_Server_in_Keystone
blueprint key-distribution-server
Change-Id: Ib47aca8f72623a07ff18f23d46d0af520e463fc9
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for doing language resolution for a request, based on the
Accept-Language HTTP header.
Using the lazy gettext functionality from oslo gettextutils, it is
possible to use the resolved language to translate an exception message
to the user requested language and return that translation from the API.
Co-authored-by: Luis A. Garcia <luis@linux.vnet.ibm.com>
Co-authored-by: Mathew Odden <mrodden@us.ibm.com>
Implements bp user-locale-api
Change-Id: Id8e92a42039d2f0b01d5c2dada733d068b2bdfeb
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Implements an OAuth 1.0a service provider.
blueprint: delegated-auth-via-oauth
DocImpact
SecurityImpact
Change-Id: Ib5561593ab608f3b22fbcd7196e2171f95b735e8
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The LDAP Identity backend was not properly using the
user_enabled_default option as a string. This caused
operations to fail with
TypeError: unsupported operand type(s) for &: 'str' and 'int'
Partial-Bug: #1210175
Change-Id: I54931e669186871d18dea088870945b9de40d573
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Validate the enabled attribute returned by create_user, update_user.
Also, validate that the enabled attribute in the LDAP server is
set.
Change-Id: I78d194528ad4fd67fc35ca4d124f2e031d02d9cc
Related-Bug: #1210175
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A common scenario in shared clouds will be that a cloud provider will
want to be able to offer larger customers the ability to interface to
their chosen identity provider. In the base case, this might well be
their own corporate LDAP/AD directory. A cloud provider might also
want smaller customers to have their identity managed solely
within the OpenStack cloud, perhaps in a shared SQL database.
This patch allows domain specific backends for identity objects
(namely user and groups), which are specified by creation of a domain
configuration file for each domain that requires its own backend.
A side benefit of this change is that it clearly separates the
backends into those that are domain-aware and those that are not,
allowing, for example, the removal of domain validation from the
LDAP identity backend.
Implements bp multiple-ldap-servers
DocImpact
Change-Id: I489e8e50035f88eca4235908ae8b1a532645daab
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The next patch syncs with global requirements, including an
update to hacking. These fixes align the codebase with those
new rules.
Change-Id: I16e5a4ffa877fb46d2fb28d881642185c801b628
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Non-string passwords from keystoneclient are converted but
we are not testing it so adding in a test case for this.
Co-authored-by: r-sekine <r-sekine@intellilink.co.jp>
Fixes: bug #1210099
Change-Id: I666e9e0b7ce10d6efed9d98aee0dac09cf2cd066
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Length of username in database may be too short for X.509 DNs and 255
seems a sane value for it.
Fixes bug #1081932
Change-Id: Ie8f696845ea15d37cf13f3fe7978b22deac798b0
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Modifications to use log from /keystone/openstack/common/log.py instead
of /keystone/common/logging.py. This change also includes some
refactoring to remove the WriteableLogger class from common/wsgi.py
since that is already included in the unified logging sync from Oslo.
This also moves fail_gracefully from /keystone/common/logging.py to
service.py as it is only used within that module.
blueprint unified-logging-in-keystone
Change-Id: I24b319bd6cfe5e345ea903196188f2394f4ef102
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Revoke tokens scoped to all users from a project when disabling or
deleting the project.
- Tests provided by Dolph.
Closes-Bug: #1179955
Change-Id: I8ab4713d513b26ced6c37ed026cec9e2df78a5e9
Signed-off-by: Chmouel Boudjnah <chmouel@enovance.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
test_user_enable_attribute_mask wasn't actually testing
user_enable_attribute_mask because it didn't reload the backend
after changing the config value.
Change-Id: I9fa6bebe0c4b3d2afc1eb53867cf217b046b0210
Related-Bug: #1210175
|
| | |
| |
| |
| |
| |
| |
| | |
This test is usable with OpenLDAP and is useful for validation.
Change-Id: Ie4da746a17d2ca545eb1125c1e7249620f0efbc0
Related-Bug: #1210175
|
| |/
|
|
|
|
|
|
|
| |
Live LDAP tests were not passing because this test doesn't work.
This is being addressed with a different bug.
Change-Id: Ic01aa505d867c1de30e2a1ed7c79ff1478e213ef
Related-Bug: #1172106
Related-Bug: #1210175
|
|
|
Similar to a range of other components (e.g. glance,nova,...) and recent
reviews by Monty.
Running individual tests can be done like this:
./run_tests.sh keystone.tests.test_drivers
Change-Id: I2482a48322150e5eb09b703326a94d8283f1c75b
|
