The SafeConfigParser class has been renamed to ConfigParser in Python
3.2 [1]. This alias will be removed in future versions.So we can use
ConfigParser directly instead.
[1] http://bugs.python.org/issue10627
Closes-Bug: #1618666
Change-Id: If01186cefad2149d65ffcc1fc6550d72d26f5b11
The schema migration document refers to a another document that
doesn't exist. This patch removes the reference since no appropriate
link could be found.
The doc was also updated to include the copyright.
This fix also resolves a warning in the tox doc build:
/keystone/doc/source/online_schema_migration_examples.rst:23:
WARNING: undefined label: online-migration (if the link has no
caption the label must precede a section header)
Change-Id: I4732651f8c5efd9fa494fd5fba5dad1f782d89a2
Closes-Bug: #1622035
For clustered Keystone nodes it's possible to optimize the upgrade
process to minimize downtime. Additionally a process to quickly restore
after a failed upgrade are described.
Change-Id: I746d46a968dd887b0559644f91ae207055146390
In order to support automatically updating the release notes when we
create stable branches, we want the pages to be in a standard order.
This patch updates the order to be reverse chronological, so the most
recent notes appear at the top.
Change-Id: Ib364dcc8eb31275a31c83b68d7914263b183e393
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
* A number of the keystone.conf sections were missing from the
documentation about configuration files.
* The object attributes were out-dated. The attribute
password_expires_at and others were missing.
Change-Id: I7c87021aa7511ba9cb6ab3de93e74be7209b6ead
We recently added a test for PCI password compliance that changes
passwords and attempts to get a token right afterwords. This causes
race conditions with Fernet tokens and we typcially use freezegun in
the tests to address it.
This commit does follows the same convention we've done elsewhere in
keystone.
Change-Id: I34e60b6fe56ae32ae0a32c8345b951bf9fe53ba9
When assigning a Domain specific role to a user it is OK if the user
is from a different domain, but the project's domain must match the
role's domain.
Closes-Bug: 1590587
Change-Id: I1d63415de0130794939998c3e142ebdce9ddf39d
Add information regarding the null key to the encrypted credentials
documentation.
Change-Id: Idbf4b1b15c9777b81d2a92d9c2e20a87e3eb6c53
Closes-Bug: 1619758
The null key doesn't provide any real encryption protection. It only
provides security through obscurity since the null key is a known
thing. This commit makes it so we log a warning every time it is
used for encryption.
Change-Id: I10e8b6697c3b35c3ae6e8a1cec5e53f0913b42e6
Related-Bug: 1619758
To ease upgrades from Mitaka to Newton, we are introducing the
concept of a null key to keystone's implementation of credential
encryption. The null key can be assumed by keystone if no other
keys exists in the configured `CONF [credential] key_repository`
and it is a known value, so it doesn't need to be orchestrated
across nodes in multi-node deployments.
This allows an operator to upgrade from Mitaka to Newton without
having to setup a credential key repository beforehand. It is
strongly recommended that deployers configure their key_repository
and migrate off of the null key as soon as possible. Since the null
key is a known value, it is no more secure than storing secrets in
plain text. It is only here to ease the upgrade process for
deployers.
Change-Id: I6cca7e40ce36a8a24dc73f92b22487998da6a1ae
Related-Bug: 1619758
Fixed some more trivial doc items missed in the previous patch.
* Removed extra underlining characters
* Removed extra blank lines at the end of the file
Change-Id: Ida511ff6fc0d28ee68c1ded1e272ed9cba1be4d7
While multiple passwords are stored for a user, only the latest one is
used for authentication. When `created_at` in tests get changed, the
order of password might change too.
Keep the order of passwords by giving earlier passwords an earlier date
of creation.
Change-Id: I68861bc5c379dcf1cf060081f7802917d6f0c4b9
The base manager had an issue where if a property was accessed through the
__getattr__ it would be cached.
Closes-Bug: 1620722
Change-Id: Iad7ca87a30fd5fa9f8bc88a0c7f74acca2ae1a56
This patch corrects some parameter's type such as 'type: list'
to 'type: array' or 'type: array of...' to 'type: array' because we
don't have 'type: list' in 'JSON Schema primitive types' [1]
[1] http://json-schema.org/latest/json-schema-core.html#anchor8
Change-Id: Ic638ef48fcf0f60c55cec975ee20a71d1830b319
This patch fixes the following problems found in the api doc:
- The 'service_id' field should not appear in a service create request;
- The 'enabled', 'description' fields should be optional when doing a
service update.
Change-Id: Iac91a9f2d29a458f1e3eb93e64fea6a508b9980c
NotImplementedError is the name of the exception
(https://docs.python.org/2/library/exceptions.html).
NotImplemented is the name of a constant
(https://docs.python.org/2/library/constants.html).
>>> raise NotImplemented()
Traceback (most recent call last):
File "<pyshell#31>", line 1, in <module>
raise NotImplemented()
TypeError: 'NotImplementedType' object is not callable
>>> raise NotImplementedError()
Traceback (most recent call last):
File "<pyshell#32>", line 1, in <module>
raise NotImplementedError()
NotImplementedError
This patch fix it.
Change-Id: I36292e5ee18bd792205a8ff527f4ae9705c61b61
Closes-Bug: #1339855
