This changes rewrites some of our migration history since the folsom
release so that we can create a default domain prior to creating
non-nullable foreignkey's in the user and project tables in migration
9 (numbered according to this change).
DocImpact
Change-Id: I807f7b1dca1d6a895f7417c316bcbce24ada61c0
Taking advantage of this middleware either requires enabling
verbose/debug or utilizing an external logging.conf which configures an
'access' logger.
Example output:
127.0.0.1 - - [2013-01-29T17:15:02.752214] "GET http://localhost:5000/v3/projects HTTP/1.0" 200 16
This patch also revises etc/logging.conf.sample with some more practical
defaults (e.g. supporting externally-managed log rotations) in addition
to illustrating how to generate an 'access.log' file.
DocImpact
Change-Id: I2a6048fa5fbf8661a6859d9e3a259d4cfa5fc589
Changes include:
c5984ba Move logging config options into the log module
7cf016a Fixing the trim for ListOp when reading from config file
The most significant change is that cfg no longer provides logging
config options as these have been moved to the log module which
keystone does not yet use. Define these options in keystone.config
where they are used since pulling in oslo logging isn't appropriate
if we're not going to use it.
Change-Id: I3913ea54465658d93dc56e014dfe5d911b0541d6
Adds a new RequestBodySizeLimiter middleware to guard against
really large HTTP requests. The default max request size is 112k
although this limit is configurable via the 'max_request_body_size'
config parameter.
Fixes LP Bug #1099025.
Change-Id: Id51be3d9a0d829d63d55a92dca61a39a17629785
Today we can use these configuration values to avoid having to guess
keystone's own endpoint URL from the service catalog backend, which may
contain more than one identity endpoint.
This is also the first step towards adding self-relational links to the v3 API.
Change-Id: I375ac0d1f9581592e437c67c17bf32022f652f66
The token_format settings defaults to PKI, but both the
"PKI" and "UUID" lines were still in the sample config file.
This patch removes the duplicate and leaves only the
correct default.
Change-Id: Ib8560952ec2aee6d6b6eda944c6ec1f96fdc5c4c
Make the revocation list into a JSON document and get the Vary header.
This will also allow the revocation list to carry additional
information in the future, to include sufficient information for the
calling application to figure out how to get the certificates it
requires.
Bug 1038309
Change-Id: I4a41cbd8a7352e5b5f951027d6f2063b169bce89
fix bug #1039857
verbose and debug is False by default, but they display True in
keystone.conf.sample. It may confuse people who cp
keystone.conf.sample to keystone.conf
Change-Id: I62031b879196da1633a198b6ae1f116485fe783b
Includes documentation and sample config file values.
Bug 997700
Patchset adds DocImpact flag for notifying doc team about these new
config file values.
Change-Id: Ibd3fade3f233a3b89a1c2feaa0a6b5a9569ad86c
Updates the default key_size and config file example to 1024.
Using the previous value of 2048 would cause database truncation
and/or column size errors because the 'id' column isn't big enough
to hold that much data.
Works around LP Bug #1031191.
Change-Id: Ic28bf0945a65fb80a4b610a4de7afa485d09e2bb
Fixes bug 996922
This commit adds a user_crud module that can be used in the public wsgi
pipeline, currently the only operation included allows a user to update
their own password.
In order to change their password a user should make a HTTP PATCH to
/v2.0/OS-KSCRUD/users/<userid>
with the json data fomated like this
{"user": {"password": "DCBA", "original_password": "ABCD"}}
in addition to changing the users password, all current tokens
will be cleared (for token backends that support listing) and
a new token id will be returned.
Change-Id: I0cbdafbb29a5b6531ad192f240efb9379f0efd2d
Fixes bug 980037 again
Systemd notification should be sent in-process, otherwise systemd might
miss the subprocess sending notification.
See systemd bug https://bugzilla.redhat.com/show_bug.cgi?id=820448
Change-Id: Iccc51cf77af5598ee6b4c3cd69a12a7ee9fc2eb5
Bug 1017554
paths now correspond with SSL
unit test for cert generation
Added mode config values
Explict about umask
replace string concat for paths with proper use of os.path.join
Change-Id: I8b3bec82d7b72993aa69653f63ff64c3f675f716
Fixes bug 980037
Service managers starting keystone-all have no way of being notified
when the service is ready to accept connections. This commit allows
a configurable command to be called when we are ready e.g.
for systemd setting the statup type of a service unit to "notify" and setting
onready = systemd-notify --ready
in keystone.conf, would notify a waiting systemd that we are ready to
serve
In an automated envirnment (e.g. puppet) this will allow the startup of
the keystone-all service (with systemctl for example) directly followed
by usage of the keystone client without the need for a sleep (or retry)
while we are waiting for the keystone service to be ready.
Change-Id: I3f7aafe9837be60a0f35cae1a7db892f6851cc47
Make sure all the available options are include in the file, add
some more documentation and, rather than set any of the defaults,
just include them as comments.
Change-Id: I2cb6060f47ea88349b1862d4d995c80cf9237066