Add documentation on how to configure federation in keystone
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
DocImpact
Closes-Bug: #1311693
Change-Id: Ia7e5a67d762921a81ef4a7d16c682e5db1c3ba6c
Remove PDF link.
Replace deep html links with links to the docs.openstack.org site.
Change-Id: Ic7c2218bf43a221e8d753a910fdfb2243851214d
Closes-Bug: #1313127
The docs themselves have little to do with configuration,
and mostly describe how to enable the extension.
Suggest removing the configuration part of the file rename.
Also motivating this change, is the fact that we are including
a doc that helps to configure the federation extension
(https://review.openstack.org/#/c/89220/).
Change-Id: I0fe845ac9bdfede330a7eb56fee6f971290789b3
Perform minimal checks on po and pot files so that no broken files can
get imported.
Add msgfmt to list of requirements in doc/source/setup.rst.
Change-Id: Ifa9fe2fc1ca9a41621ff3039c249700cdb1cd0ac
Related-Bug: #1299349
Co-Authored-By: Clark Boylan <clark.boylan@gmail.com>
update the dev docs for OS X to use Homebrew instead of macports, and
reflect the necessary dependencies for 10.9 Mavericks (2013) instead of
10.7 Lion (2011).
Change-Id: Ia1a06a15b9f03777fe9d3e77a37eb395f15a4706
After a mailing list discussion it is clear that users need more
information to make a decision on how to setup their PKI tokens.
This recommends an external CA over using keystone pki_setup as it does
offer a bit more protection against an intruder being able to setup a
rogue token generator.
Change-Id: I798a562dd8c222e04660482b434ed3bbe6b63d62
Minor fixes to the external authentication example given in the
documentation.
Change-Id: I2bef7da8bf8278349fec80a513095637ea49f19a
Closes-Bug: #1308634
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
During a test run stdout, stderr and log messages are being captured. If
the test fails all three will be printed out so that can be inspected.
Each stream has an environment variable that can be used to stop it from
being printed at the end of a test run by setting its value to 0. This
is in line with what many of the other project are already doing.
Environment variables:
- OS_STDOUT_CAPTURE for stdout
- OS_STDERR_CAPTURE for stderr
- OS_LOG_CAPTURE for logging
Change-Id: I2fed99069950b839e060297026c8e06cbd45bb98
To enable ldap live test, set the environmental variable
``ENABLE_LDAP_LIVE_TESTS`` to a non-false value.
To enable tls ldap live test, set the environmental variable
``ENABLE_TLS_LDAP_LIVE_TESTS`` to a non-false value.
To enable mysql sql live test, set the environmental variable
``ENABLE_LIVE_MYSQL_TESTS`` to a non-false value.
To enable postgres sql live test, set the environmental variable
``ENABLE_LIVE_POSTGRES_TESTS`` to a non-false value.
To enable db2 sql live test, set the environmental variable
``ENABLE_LIVE_DB2_TESTS`` to a non-false value.
This allows for running all tests in a standard run by simply setting
the appropriate environmental variables.
This moves the live tests to be skips if the specific live-test
environmental variables are not set.
Change-Id: I8c09a8dcfca3f9691306c5f416f688205171bda3
Closes-Bug: 1243392
The oauth1 method and plugin must be declared in keystone.conf for
OS-OAUTH1 to be completely enabled.
Change-Id: I23b479d3cd462ea3823dee0c281a26486f8600ac
Closes-Bug: #1290966
The saml2 method and plugin must be declared in keystone.conf for
federation to be completely enabled.
Change-Id: Id68ffdc8a84d093406c836ee6988bfdb9e58d50f
Closes-Bug: #1290582
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
Base API for reporting revocation events.
The KVS Backend uses the Dogpile backed KVS stores.
Modifies the places that were directly deleting tokens to also generate
revocation events.
Where possible the revocations are triggered by listening to the notifications.
Some places, the callers have been modified instead. This is usually due to
the need to iterate through a collection, such as users in a group.
Adds a config file option to disable the existing mechanisms that support
revoking a token by that token's id: revoke_by_id. This flag is necessary
to test that the revocation mechanism is working as defined, but will also
be part of the phased removal of the older mechanisms. TokenRevoke tests
have been extended to test both with and without revoke-by-id enabled.
Note: The links aren't populated in the list_events response.
SQL Backend for Revocation Events
Initializes the SQL Database for the revocation backend.
This patch refactors the sql migration call from the CLI
so that the test framework can use it as well. The sql
backend for revcations is exercized by test_notifications
and must be properly initialized.
Revoke By Search Tree
Co-Authored-By: Yuriy Taraday (Yoriksar)
create a set of nested maps for the events. Look up revocation by
traversing down the tree.
Blueprint: revocation-events
Change-Id: If76c8cd5d01a5b991c58a4d1a9d534b2a3da875a
In the keystone api_curl_examples document, the curl example for
"POST /tokens" did not specify a tenant. This example utilized
the default tenant, which is not commonly used. Changed the
example to include "tenantName" as part of the example to prevent
future confusion.
DocImpact
Closes-Bug: #1269739
Change-Id: Iaad8c7c5a32bc6cff38c938dd36365cddd6741cb
With this new optional caching backend, MongoDB can be used for caching data.
Change-Id: I25ba1cac9456d5e125a5eac99d42330507d4e329
Blueprint: mongodb-dogpile-caching-backend
This updates the log module from oslo-incubator to
a01f79c3050962fd744239956e9654407d14ea1f
$ git checkout a01f79c3050962fd744239956e9654407d14ea1f
$ python update.py --nodeps --base keystone \
--dest-dir ../keystone --modules log
This includes a fix for the deprecated logger that caused the
deprecated message to be printed multiple times rather than once.
Change-Id: I6174b064205adcdc9fb966a9e01eb5190b5b730e
Closes-Bug: #904307
Closes-Bug: #1266812
The man pages were out of date.
To get the new man pages, I ran keystone-all -h and
keystone-manage -h and copy-pasted the output.
Change-Id: I6c6f6f9f56c2216cce300fcf24877b78b601db5d
Restructure the common config to include many help strings to
support using the oslo.config auto-generated sample config file.
Closes-Bug: #1229941
Change-Id: If352b3b816b1e7dc8b5fc3b9c1cb2adab187ffda
Fixed the keystone-manage command (--extension should be placed after db_sync)
Amend: making it more readable by seperating command from text
Change-Id: Iaf8dcacaa38cdcbaa867bb6e374a87c00cd45ac3
backport: none
Closes-bug: 1281819
This patchset implements the ability to define non-expiring keys
for dogpile.cache backends. The non-expiring keys are relevant
in the case of drivers that can automatically remove keys after
a given time (e.g. memcache). This new non-expiring-key
functionality is currently only implemented for the provided
memcached backend.
bp: dogpile-kvs-backends
Change-Id: I7e25e0049e5b8697c5cb67272b660519c3c3305e
General cleanup of the Dogpile KVS Memcache backends to be simpler
names and remove the 'dogpile_' prefix for the memcache_driver
argument utilized by the memcached backend pivot point. Documentation
updated to match KVS memcached changes.
DocImpact
Change-Id: Ieb368d440e48111d844c6e715ed17dd54ca50802
bp: dogpile-kvs-backends
- Add documentation to the Configuration page for enabled_emulation
- Fix a comment about the default value used for enabled_emulation
Change-Id: I3fdb4e9ecfe8bd43f8046d6e99a18941bc938487
Closes-Bug: #1275907
