10535 Commits

Author SHA1 Message Date
Jenkins
359275891c Merge "Support new osprofiler API" 2016-08-25 20:30:10 +00:00
Jenkins
6139f59341 Merge "Use egg form of osprofiler in paste pipeline" 2016-08-25 20:02:53 +00:00
Jenkins
5caf5212d8 Merge "[api-ref]: Outdated link reference" 2016-08-25 08:42:23 +00:00
Jamie Lennox
3e29913bb9 Use egg form of osprofiler in paste pipeline
Use the egg form of the osprofiler filter middleware in the paste
pipeline. This gives osprofiler greater control over exactly where this
middleware is pointing.

It also moves the filter section up to where all the other filters are.

Change-Id: I330956c49167606ce8a8137139ee92bd603adceb
2016-08-25 18:39:52 +10:00
Jenkins
43e75294d0 Merge "TrivialFix: Remove logging import unused" 2016-08-25 05:01:47 +00:00
Jenkins
30bb32a411 Merge "Remove mox from test-requirements" 2016-08-25 05:00:24 +00:00
Jenkins
5685990287 Merge "Doc fix: "keystone-manage upgrade" is not a thing" 2016-08-25 04:26:46 +00:00
Jenkins
62f0f31dee Merge "Remove unnecessary __init__" 2016-08-25 03:53:13 +00:00
Jenkins
6d8ad9c27e Merge "Add mapping_populate command" 2016-08-25 00:38:40 +00:00
Jenkins
a742dbaa34 Merge "Doc fix: license rendered in published doc" 2016-08-25 00:37:15 +00:00
Jenkins
f46185feb7 Merge "Update href for keystone extensions" 2016-08-24 23:58:50 +00:00
Matthew Treinish
4bf04ff189 Remove mox from test-requirements
The requirement is not used anywhere and commented out, lets just
remove it. There is no reason to keep it in there.

Change-Id: I1da227911d04de4d9baadb92db324ce8590060e7
2016-08-24 10:48:41 -04:00
Jenkins
be7307b20b Merge "Get ready for os-api-ref sphinx theme change" 2016-08-24 12:28:52 +00:00
Jenkins
beb7c1ccd9 Merge "Add key repository uniqueness check to doctor" 2016-08-24 11:29:33 +00:00
Cao Xuan Hoang
80c56babc8 TrivialFix: Remove logging import unused
This patch removes logging import unused in
keystone/cmd/doctor/__init__.py

Change-Id: Iec87e157b7a44a0ab35ddc3f8b1aa4f66330b1be
2016-08-24 17:02:34 +07:00
Jenkins
3de1713f2d Merge "Fix credential update to ec2 type" 2016-08-24 09:10:35 +00:00
Ha Van Tu
6ecc42692b [api-ref]: Outdated link reference
There are some outdated link reference in Keystone API version 3 such as:

http://developer.openstack.org/api-ref-identity-v3.html#getRoleInference
http://developer.openstack.org/api-ref-identity-v3.html#assignRoleToUser-domain
http://developer.openstack.org/api-ref-identity-v3.html#createRoleInference
http://developer.openstack.org/api-ref-identity-v3.html#createRoleInference

We should update these links

Change-Id: I18c65e2efe87f094bd8ba9afa7baa13c085f9b14
Closes-Bug: #1616290
2016-08-24 15:04:01 +07:00
zhufl
020776bada Remove unnecessary __init__
This is to remove unnecessary __init__ to keep code clean.

Change-Id: I3e93a9197150f0a4274b9ed1b65eb12306cbbbf0
2016-08-24 10:00:05 +08:00
Boris Bobrov
b1fdad9875 Add mapping_populate command
Fetching users from LDAP requires creating public ids for them.
id_mapping_api does that. Creating public ids is slow, because it
requires performing N INSERTs for N users, and there is no way to
work around that. It leads to very slow responses to queries like
"list users".

By pre-creating these public ids we improve API users' experience.

Add keystone-manage mapping_populate command that creates id mapping entries
for users.

bp ldap-preprocessing
Partial-Bug: 1582585
Change-Id: I98f795854aee26f9e7f668372c47572d2b6d4f0f
2016-08-23 20:52:10 +00:00
Dolph Mathews
5ae761e8e3 Doc fix: license rendered in published doc
This wasn't indented correctly, so it ended up being rendered in the
HTML as plain text:

  http://docs.openstack.org/developer/keystone/upgrading.html

Change-Id: I3f7f43484abaf128a5a2d3c3f120df9c4951b856
2016-08-23 10:35:33 -05:00
Dolph Mathews
52b2503e55 Doc fix: "keystone-manage upgrade" is not a thing
This was part of Henry's initial patch, which ended up just being part
of db_sync instead.

Change-Id: Ibbfec6d665e59a0195a425f75a108819d42a946d
2016-08-23 10:17:59 -05:00
Jenkins
a445165815 Merge "Shadowing a nonlocal_user incorrectly creates a local_user" 2016-08-23 14:54:04 +00:00
Rodrigo Duarte Sousa
8144e28336 Fix credential update to ec2 type
It was possible to create a credential without providing a project_id
and later updating it to the ec2 type.

This patch fixes the issue by adding a manual checking in the
manager layer since it needs to check the old credential contents
prior failing the request.

Change-Id: I1eb28a46c89e17d9c990cc798867d1a59714fe5f
Closes-Bug: #1613466
2016-08-23 06:58:03 +00:00
Jenkins
68e94ff979 Merge "Add entrypoint for mapped auth method" 2016-08-22 23:19:41 +00:00
Jenkins
861647228b Merge "Create unit tests for the policy drivers" 2016-08-22 21:09:53 +00:00
Lance Bragstad
25d359186f Add key repository uniqueness check to doctor
Just like underwear, key repositories shouldn't be shared. This commit adds a
check to `keystone-manage doctor` to make sure `[credential] key_repository`
and `[fernet_tokens] key_repository` are not pointing to the same location.

Change-Id: I652bdf940d82e7d2d93f115724ca42c99be63bab
2016-08-22 13:29:11 +00:00
Dave Chen
dd63146cf1 Update href for keystone extensions
Since the API docs have been moved to api-ref, and the docs maintained
in keystone-specs repo have been moved to attic. The href attribute
that points to old `specs.openstack.org` will not be a valid link, this
patch update them to point to the new site.

Change-Id: Idc4995509d262c74ce6d49c6c18b6452fae186d6
2016-08-22 11:09:43 +08:00
OpenStack Proposal Bot
8114a07283 Updated from global requirements
Change-Id: Ic6e656188528d17d7808d2744769cf66b152fe17
2016-08-22 03:08:34 +00:00
Jenkins
0cd732b2b0 Merge "Add create and update methods to credential Manager" 2016-08-22 03:00:47 +00:00
Jenkins
4d5bcb1ee8 Merge "Create a fernet credential provider" 2016-08-21 18:43:42 +00:00
Jenkins
7b3407a800 Merge "Add rolling upgrade documentation" 2016-08-21 14:40:21 +00:00
Jenkins
df26e3ae73 Merge "Fix the wrong URI for the OAuth1 extension in api-ref." 2016-08-21 11:06:25 +00:00
Jenkins
f74df8da1a Merge "Make KeyRepository shareable" 2016-08-21 05:27:53 +00:00
Jenkins
3a8df26ca5 Merge "Add conf to support credential encryption" 2016-08-21 05:27:46 +00:00
Dave Chen
1531b3ca06 Fix the wrong URI for the OAuth1 extension in api-ref.
Also change the "authorized access token" to "access token" in
the doc since there are only request token, authorized request token,
and access token. "access token" itself has implied it has been
authorized. "authorized access token" is ambiguous.

The route of the API is defined here:
https://github.com/openstack/keystone/blob/master/keystone/oauth1/routers.py
Change-Id: I97a588c0ff08288995b266e9346c6b47f50caef6
2016-08-20 10:28:46 +00:00
Ronald De Rose
70e6d58f46 Shadowing a nonlocal_user incorrectly creates a local_user
This patch fixes a bug where when shadowing a nonlocal_user (LDAP,
custom driver) it also incorrectly creates a local_user. The error is
related to hybrid properties and calling the class from_dict method,
which set the local_user attributes.

Change-Id: I6e69cce5f337a330f2531ff71db3e931b785271c
Closes-Bug: #1615000
2016-08-20 02:57:25 +00:00
Colleen Murphy
fd2a4fa07e Add entrypoint for mapped auth method
The keystone federation documentation says to use the 'mapped' method
instead of the 'saml2' method[1]. However, that entrypoint was never
added, so trying to use it resulted in keystone not being able to load
its wsgi scripts and failing. This patch adds the entrypoint so that
keystone won't explode.

[1] http://docs.openstack.org/developer/keystone/federation/federated_identity.html#configuring-federation-in-keystone

Change-Id: I6dd8c219765728ecf01b50f35c3c0da3943f13b0
2016-08-19 19:44:55 -07:00
Jenkins
ed9aa5ba34 Merge "Add expand, data migration and contract logic to keystone-manage" 2016-08-20 00:50:10 +00:00
Jenkins
c4d4c5bca8 Merge "Replace the content type with correct one" 2016-08-19 19:28:57 +00:00
Graham Hayes
80888cf344 Get ready for os-api-ref sphinx theme change
Change-Id: I528d91833156b1c4e638dab2a249c3b2871004b4
2016-08-19 16:44:02 +01:00
Jenkins
45a181928f Merge "Removes use of freezegun in test_auth tests" 2016-08-18 23:25:16 +00:00
Jenkins
f546898626 Merge "Removes a redundant test from FernetAuthWithTrust" 2016-08-18 23:25:07 +00:00
Jenkins
f9322f95df Merge "Make all token provider behave the same with trusts" 2016-08-18 23:24:59 +00:00
Jenkins
2d6293a79e Merge "Tidy up for late-breaking review comments on keystone-manage" 2016-08-18 19:14:57 +00:00
Jenkins
8aea566663 Merge "Password expires ignore user list" 2016-08-18 19:14:11 +00:00
Jenkins
0843ee860e Merge "Add dummy domain_id column to cached role" 2016-08-18 18:55:10 +00:00
Jenkins
e755970bfe Merge "PCI-DSS Minimum password age requirements" 2016-08-18 16:43:27 +00:00
Dolph Mathews
a5e2906dc4 Add rolling upgrade documentation
This documentation conflicts a bit with the approach originally proposed
in bp manage-migration because it depends on the notion of having
database triggers to assist in the migration process.

Change-Id: Iec9269ab6d799b757451cb8afe7fa889fe7068b9
2016-08-18 16:15:13 +00:00
Werner Mendizabal
a6d4512ef5 Add create and update methods to credential Manager
Previously, the credential controller would just call
``self.credential_api.<crud_method>`` which would just automatically call
the driver since the credential manager didn't implement any sort of business
logic around credentials.

With the implementation of encrypted credentials at rest, it makes sense to
have the encryption logic in the credential manager, instead of the driver or
controller layer. This commit creates those methods in the manager which will
be more useful for credential encryption in a subsequent commit.

bp credential-encryption

Change-Id: I22ec70aeaf12b5df9ed7d27985fc284c5c31533e
2016-08-18 16:13:30 +00:00
Werner Mendizabal
e10811cffd Create a fernet credential provider
This commit introduces a fernet provider for the credential API. This new
provider isn't actually wired up to the existing credential implementation, so
it's functionality isn't exposed. We'll do that in a subsequent patch.

bp credential-encryption
Change-Id: I217004c5fb94191d397059b1333bebd385792fb7
2016-08-18 16:07:13 +00:00