This removes additional references to ldap role attributes found
in the documentation and tests.
Commit I1bd02d5834814959a93601fe53f115d0f9cc08a8 removed the ldap
role backend.
Change-Id: If8e74aca9b983c0f0e9779ea6e5e1260c1eb6dd7
Commit I848bf41022224fec65cd9555a6e82790b296dcbe removed the
LDAP resource and assignment backends. As a result, some more
items can be removed, namely:
* ProjectLdapStructureMixin class is no longer used anywhere.
* references to project related ldap attributes in test conf files
* removal of references to ldap project attributes in configuration
doc
Change-Id: I3efb32c39d3077f787e31533ef5407948a5d8cfd
Building on the earlier patch that provdided the 'new' url name
restriction, this patch adds the 'strict' open that prevents
authenticating to projects and domains with unsafe names.
A release note and config documentation is also added that covers
both this and the earlier patch.
Partially Implements: blueprint url-safe-naming
Change-Id: Ie69025e7759bae1067e05d9190bede192a5e6830
create docs on how to configure keystone with the new
keystone-manage bootstrap option.
implements bp: bootstrap
Change-Id: I4c7520cc68aadd49179e40e77b2d5058125edf00
Link for fedora install guide is too old (juno). So it is
updated with liberty version
Change-Id: Id2bf138eae832175fa563de939de858e0a3a070f
Closes-Bug: #1499841
The whitelisted configuration options, that are supported as part
of the domain specific configuration functionality, can now have
their defualt values read via the Identity API.
DocImpact
Change-Id: I9b1073f4d43c69f03fc920eee2712305524c1300
Implements: blueprint domain-config-default
os.popen() is deprecated since version 2.6. Resolved with use of
subprocess module.
Change-Id: Id8edeb60aa32f556b58ed0397d27598c39945241
Closes-Bug: #1529836
The keystone-manage listed out-dated version and date. This patch
bumps the version to 9.0.0 and the release date of 4-7-16 according
to: http://docs.openstack.org/releases/schedules/mitaka.html
Note: keystone-all was untouched since it's being removed under the
eventlet deprecation.
Change-Id: I2e9de4ca1d19d5ee62b3c761bea46d6d61445fd6
The docs instruct you to install pip, and then document the use of
setuptools, which pbr doesn't particularly support. But pip alone will
fail, so I added a note referencing devstack if you need help on that
step.
Change-Id: Iea07b5ffd9d5c6c8509a698db2728e0fde21d4d8
The developer documentation references a script `tools/install_venv.py`,
which no longer exists in the repo. Cleaned up the documentation to reference
venv usage with tox.
Change-Id: Ida1e2b300411541e8c5f0a7463a2ca5f910ba03b
Closes-Bug: 1175686
All keystone extensions have been moved into cores and are
enabled by default, the configuration about the extension in
this doc is not valid any more.
Change-Id: I0d1b7348d581b17d718c356fadad8f071ddbe09e
This patch adds the API routing (and appropriate REST API
tests) to call the manager support for listing role
assignments for a tree of projects that was implemented in
the earlier patch.
In order to support the required policy rule, the protection
wrapper for filter list calls was extended to support a callback
(in the same way that the regular protection wrapper already did).
Implements: bp list-assignment-subtree
Change-Id: I3495c7cab3b40811b2722ac7d70ddda30410b62b
For role assignment notifications there were two notifications
being emitted. We deprecated the original notification event_type
in Kilo and can now remove it in Mitaka. Also update a reference
of the old event_type in the notification docs.
implements bp removed-as-of-mitaka
Change-Id: I42e68d2b95014fb7500a709de6ecbd8e5f93bac4
we will no longer be supporting extensions, everything is in keystone
proper, with varying degrees of stability.
Change-Id: I419df55ebe760cbd36a1c93ff7e712cfd3e8405f
Implements: bp move-extensions
Closes-Bug: #1519244
With most of the legacy extensions were moved to core and
enabled by default, The docs for keystone extension should
be updated accordingly.
Partially implements: bp move-extensions
Change-Id: Iae7eba719992ea941b1267998ee77184eeea7b0f
These are inconsistent with the rest of the federation routes. Note that
this doesn't change a public interface, it changes the path variables
names that exist within a jsonhome document which should only be
referenced within the same href_vars element and some internal variable
names.
Change-Id: I36d41e95d745bd98d36c3442bd4aa4faa91cab72
Closes-Bug: #1420125
The emulated enabled mix-in uses hard-coded LDAP schema for the
group objectclass and membership attributes. This patch makes the
mix-in optionally use the LDAP group configuration settings.
Change-Id: I5ed9d552ec140f83578398fd29e2130ebf827662
Closes-Bug: #1515302
The documentation for setting up Shibboleth gives you a snippet of code
that you can copy and paste and then later in notes tells you to remove
options for apache 2.4.
At this point apache 2.4 should be considered the default and not the
exception and we can easily convey this information in the config
snippet and make copying it easier than having to re-read documentation
to figure out why options are unknown.
Change-Id: I9546b6b9cabdaffdb0473711dc07fc234f00d297
Since we added support for reno, document that submitters should
provide release notes with their changes. Rather then expecting
others to provide them at the end.
Change-Id: I021dab1a6e34eb0b46c0676b26c669013118c118
Currently, key_terms.rst incorrectly states "The Identity..."
under the section dealing with Resources. This corrects
this issue.
Change-Id: I9db75c408cf9a7ab6979d44ecc39aa9821044b28
Closes-Bug: #1513464
There are a few words that I have noticed throughout Keystone
that should be capitalized when they were not. The few words
I fix are: Fernet, SQLite and MySQL.
Change-Id: Iba3ef08e35829ffb65f4c3e920066783a73e9d0b
Character between section name and parameter name is
backslash or white space in Configuring Keystone doc.
This patch change backslash to white space for consistency.
Change-Id: I730a9769dad117ab2f94619bd02ae2a00c30bc38
The documentation for other services previously made an assertion that
(paraphrasing) "using v3 tokens on v2 works fine." That statement comes
with a laundry list of caveats, starting with the "default" domain.
This patch revises the documentation to introduce the default domain
first, and then enumerates the caveats that come as a result of mixing
and matching v2 and v3.
There's also some general RST syntax improvements, grammar improvements,
and line wrapping politely at 79 characters like your mother taught you
to do.
Change-Id: I342092b9c9971d44438fa83f547d1f5ddd204ced
The documentation didn't provide correct example of a mapping rules with
direct group mapping (with blacklist/whitelist keyword).
This could led users to a major confusion.
The example is now fixed. Additionaly, for clarity and increased
readibility the ``user`` and ``groups``
objects were split into separate ``local`` rules.
Change-Id: Iff343f1ff2829ef282a1314fd07203a435611e70
Closes-Bug: #1507944
because of the stackforge project move to openstack project,
so change the url to https://git.openstack.org/cgit/openstack/
Change-Id: I10070df0cf7222568e0e306e3b19612378baf30c