Keystone v2 must not allow the creation of projects with the is_domain
field set True.
Co-Authored-By: Rodrigo Duarte <rodrigods@lsd.ufcg.edu.br>
Change-Id: I569e4ab147a16bb019fb3d5f4f6218c75f4a3cca
Closes-Bug: 1496946
I had a hard time seeing if all of the cases were covered. This is to
make the cases very obvious.
Change-Id: I1c1c3f6cd4c29fd8e057f24c1d748d73af13627d
This patch addresses most of the comments from patch:
https://review.openstack.org/#/c/264260/
Changes:
- fix nits on documentation
- minor refactor in get and delete of implied
roles SQL backend
- added tests for CRD of implied role and ImpliedRoleNotFound
Change-Id: I96ce922d94826cc985af4f4b4acff3be24b35aad
This removes additional references to ldap role attributes found
in the documentation and tests.
Commit I1bd02d5834814959a93601fe53f115d0f9cc08a8 removed the ldap
role backend.
Change-Id: If8e74aca9b983c0f0e9779ea6e5e1260c1eb6dd7
Commit I848bf41022224fec65cd9555a6e82790b296dcbe removed the
LDAP resource and assignment backends. As a result, some more
items can be removed, namely:
* ProjectLdapStructureMixin class is no longer used anywhere.
* references to project related ldap attributes in test conf files
* removal of references to ldap project attributes in configuration
doc
Change-Id: I3efb32c39d3077f787e31533ef5407948a5d8cfd
At the previous summit, we decided to deprecate write support for
idenity LPAP. It'll be removed in 2 releases. Several config
options were affected, and those operations should now have
deprecation warnings.
implements bp: deprecated-as-of-mitaka
Change-Id: I1e989d6c5e85ba303609c7bb36116a8bdedce9e4
The PKI and PKIz drivers are now deprecated, but one of the
config options that only works for PKI has not been deprecated.
implements bp: deprecated-as-of-mitaka
Change-Id: I55d5fb2a2678dccd8638b0460921ba6f8e76da6a
Mark the memcache and memcache_pool token persistence backends
deprecated in favor of using the fernet token (no-persistence
needed) backend.
This is only deprecating the token persistence backends and does
not affect the cache layer.
implements bp deprecated-as-of-mitaka
Change-Id: I552774f95bc246f7f013350f5b11ae4ae482bdc5
When a client calls list assignment API what is returned is the
role id, user id or group id, and project id or domain id. Most users
then call the api again for each of these entities to get their names,
creating many api calls between the client and server. This can
be reduced by having the server do all the work instead.
This commit adds the functionality to include the user, role, group,
project, and domain names with the response if the parameter
'include_names' is set to True.
Change-Id: I0a1cc986b8a35aeafe567e5e7fee6eeb848ae113
Closes-Bug: #1479569
Implements: blueprint list-assignment-with-names
The LDAP Role Backend has been removed without the normal deprecation
notice in-code however, the Role backend was explicitly called out when
the deprecation announcement occured[1] and was explicitly included
as part of the deprecation of "assignment"-based LDAP. The LDAP Role
backend is not very useful without the other parts of the assignment
backend that were deprecated and removed.
[1] http://lists.openstack.org/pipermail/openstack/2015-January/011337.html
Change-Id: I1bd02d5834814959a93601fe53f115d0f9cc08a8
bp: removed-as-of-mitaka
LDAP Resource and LDAP Assignment backends have been slated for removal
in the Mitaka release. This patchset removes support for the deprecated
LDAP backends.
Change-Id: I848bf41022224fec65cd9555a6e82790b296dcbe
bp: removed-as-of-mitaka
The templated backend relied on the KVS backend to implement some
functionality. The functionality (CRUD for endpoint, services, etc.) is
arguably incorrect since it won't actually change the contents of the
catalog. The read only methods have been fixed to use the templated data
and the write methods raise NotImplemented.
bp: removed-as-of-mitaka
Partial-Bug: #1077282
Closes-Bug: #1367113
Closes-Bug: #1269789
Change-Id: Iaa68b18f0b6d7e9f5dc0cbf7d21a3d90dcdc1ea4
This patch allows for better validation of mappings. Only user,
group, groups, and domain will be allowed as keys in the local
level.
Change-Id: I490f0522829802968024a6ca1cb45c446c6a3e0f
Closes-Bug: #1470718