openstack
/
deb-keystone
Code Issues Proposed changes
deb-keystone/keystone
History
Steve Martinelli ef48072d94 Fix cloud_admin rule and ensure only project tokens can be cloud admin 
The current rule fails to load with oslo.policy, the correct
value used to determine the admin project for the cloud_admin should
simply be: `is_admin_project:True`, since that is what is stored
in oslo.context.

This problem was masking a more serious issue that domain admin tokens
could be misinterpreted as cloud admin tokens.

Change-Id: I3ea562c01e06e6c519fdaec3ab6e1dac204ced71
Closes-Bug: 1547684
Closes-Bug: 1651989
 		2016-12-23 09:31:08 +00:00
..
assignment Refactors _get_names_from_role_assignments 2016-12-13 20:32:57 +00:00
auth Correct missspellings of secret 2016-12-08 13:25:05 +00:00
catalog Merge "Replace tenant with project for keystone catalog" 2016-11-14 14:30:29 +00:00
cmd Merge "Add doctor tests on security_compliance and rename" 2016-12-14 15:39:26 +00:00
common Merge "Add reason to notifications for PCI-DSS" 2016-12-21 18:45:19 +00:00
conf Merge "Include mapped in the default auth methods" 2016-12-08 14:55:45 +00:00
contrib Remove metadata from token provider 2016-11-20 12:44:45 +00:00
credential log.error use _ of i18n 2016-10-25 10:35:43 +08:00
endpoint_policy Merge "Create unit tests for endpoint policy drivers" 2016-11-10 13:45:23 +00:00
federation Pass a request to controllers instead of a context 2016-10-29 21:19:08 +08:00
identity Merge "Add reason to notifications for PCI-DSS" 2016-12-21 18:45:19 +00:00
locale Imported Translations from Zanata 2016-10-15 06:59:46 +00:00
middleware Merge "Add is_admin_project to policy dict" 2016-10-14 15:59:07 +00:00
models Fix cloud_admin rule and ensure only project tokens can be cloud admin 2016-12-23 09:31:08 +00:00
oauth1 Merge "Pass initiator to Manager as a kwarg" 2016-10-09 02:57:43 +00:00
policy Merge "Pass initiator to Manager as a kwarg" 2016-10-09 02:57:43 +00:00
resource Implement password requirements API 2016-12-15 19:51:41 +00:00
revoke Improve check_token validation performance 2016-10-13 15:39:54 +00:00
server Implement encryption of credentials at rest 2016-09-02 04:25:49 +00:00
tests Fix cloud_admin rule and ensure only project tokens can be cloud admin 2016-12-23 09:31:08 +00:00
token Merge "Invalidate token cache after token delete" 2016-12-20 21:29:09 +00:00
trust Remove eventlet-related call to sleep 2016-11-24 12:43:18 +00:00
v2_crud Move V2TokenDataHelper to the v2.0 controller 2016-12-08 22:57:45 +00:00
version remove deprecated `[endpoint_policy] enable` option 2016-10-07 20:12:28 +00:00
__init__.py Revert "Disable eventlet monkey-patching of DNS" 2013-05-10 10:24:48 -04:00
exception.py Merge "Add reason to notifications for PCI-DSS" 2016-12-21 18:45:19 +00:00
i18n.py Change oslo.i18n to oslo_i18n 2015-02-09 18:10:07 -06:00
notifications.py Add reason to notifications for PCI-DSS 2016-12-19 19:38:47 -06:00