The field will help to figure out when the event is recorded, and thus
give a clue on when the revocation was done.
Change-Id: If5ba3bb9b68fff5f35be2b57af15584d69c6df8d
Closes-Bug: #1598040
include when the option was deprecated and when it will
be removed. refer to Iad628a863e55cbf20c89ef23ebc7527ba8e1a835
for details
Change-Id: I9d5f267ec45acfc92209e68e943c8fca244af9ca
The renames the config module which default the [DEFAULT] configuration
section from 'base' (a name adopted based on nova's precedence with
nova.conf.base) to 'default', which should make it slightly easier for
developers to navigate the keystone.conf package, since all other
configuration modules directly reflect the name of the section they're
defining.
Also note, that we could take this one step further and call the module
keystone.conf.DEFAULT, but it's actually a PEP8 violation to name
module in uppercase (it reads like a reference to a constant in the
keystone.conf module). From PEP8:
Modules should have short, all-lowercase names. Underscores can be
used in the module name if it improves readability."
Source: https://www.python.org/dev/peps/pep-0008/#package-and-module-names
Change-Id: I78d4ecf67ddcb5c3c46ce0c85e1f8330fbf99877
The test setup was creating and recreating the databases and loading
them with fixture data several times for each test run. Locally this
patch cut the test run times for these tests by about 70%.
Change-Id: I8caae6e9b30254b843e9325659df358a321ab840
The refactor of code cause the inappropriate guide.
Code in tutorial is out of date.
Change-Id: Ic986af1072f158f0f0f5608a9754db9d3e507409
Closes-Bug: #1597196
"Shadow users: unified identity" implementation:
Allow concrete role assignments for federated users. Currently,
federated users get roles from mapped group assignments. However, with
the shadow users implementation, federated users are mapped to
identities in the backend; thus, can be assigned roles.
This patch returns locally assigned roles with the mapped group roles
for federated users; allowing for authorization for those roles.
bp shadow-users-newton
Change-Id: I9a150ded6c4b556627147d2671be15d6a3794ba5
The context['query_string'] is just a dictionary copy of the original
params object that comes from a request. Just use the existing params
instead.
Change-Id: I0ecd7a09e36b39a105c150b3affcbbcd26a544c2
By default oslo.cfg sets the default value as None. There is no
need to explicitly do this.
TrivialFix
Change-Id: I8ba1e1d96a40f5563fba7e22af9bf02b9a7b13fa
This change reduces the amount of stacktrace spam in the
keystone logs due to authentication attempts with identifiers
that point to non-existent objects (users, domains, projects).
Closes-Bug #1595513
Co-Authored-By: Rudolf Vriend <rudolf.vriend@sap.com>
Change-Id: I4a8e572fe31ecda45de2e80425e22714fdd4403a
Moves the existing backend setup logic into a fixture. Future commits
will make it possible to just specify the backends needed for a
particular commit.
Change-Id: Ic4a9637a34d9523e6da46e3ea705676b34cf67a5
When we migrated to keystone.conf, the security_compliance group
was missed. This patch adds it and fixes a small name error.
Change-Id: I173f1dd7122eb3e388d623f97cf019588edb2c6f
This patch fixes small nits from
https://review.openstack.org/#/c/325604/ which weren't worth respinning
such a massive patch to resolve.
Change-Id: Ifd2afa95f3a13e1df0bd8a08ba5b6b514032495c
This patch allows the password column to be null which is the expected
behavior.
Note: We do have tests in place that should have caught this. However,
the SQL model for Password did not explicitly set the nullable column
attribute, so it defaulted to true, even though the migration set it to
false.
Closes-Bug: #1595819
Change-Id: I487072a5b1aeabebd1d2006781fa5dc568160ec5
I originally thought this was a good idea and long term I think it is.
The problem is that some tests need to use this fixture in the test
method itself and that will run after `load_backends()`, which also
tries to setup auth plugins.
This should come back after the tests are in good enough shapre to
support it.
Change-Id: I1175fa95d128940eb1a0feebdfe5d6e16285ad0a
Dave Chen