The controller is responsible for listing user projects based on role
assignments and would build a hints objects and pass it to the
assignment manager. This is a common pattern used across keystone's
APIs. But, the assignment API never actually passed the hints objects
to the backend implementation.
This commit removes the hints from being passed to the manager for
list_projects_for_user and list_domains_for_user because those
APIs never use the hints object. This should allow us to implement
caching to speed up those calls later.
Change-Id: I9b1c8c30ca6a78dd6e78add7de278e467ceea046
Related-Bug: 1700852
Since Sphinx 1.6 released, pbr's build_sphinx extension has been broken.
Specifically, pbr's [build_sphinx]/builders option is ignored. Luckily,
sphinx itself ipmlemented the feature but called it just 'builder'[1].
This patch fixes the config setting name and then cleans up a Sphinx
extension inclusion that is now automatically included.
[1] http://lists.openstack.org/pipermail/openstack-dev/2017-July/119396.html
Change-Id: I5da6a996ed442524ddb108a890df2d024ee07c4d
Added end user specific content from API documentation
to the placeholder created for User Documentation.
Change-Id: I8dbeeabb992a93b8b18df812da983bc6ca434cc5
The eye-catchy-ness of the Important SELinux notice in the LDAP
integration documentation can cause confusion for users to whom the
notice is not applicable, such as Ubuntu or SUSE users. For them,
SELinux is not enabled by default and they may not even be aware of what
it is for, and so perceive a failure when they try to enable the SELinux
boolean as described in the document. This patch prepends a
clarification that the notice only applies to SELinux users, to
hopefully make it clearer that not being able to follow the directions
is just fine in many cases.
Change-Id: I65a34608f1a51ec923329065b6443bdd525a1ac7
The sample files were being rendered in two separate places. This
commit removes one of them and adjusts the references accordingly.
This commit also removes the sample files from the Operator guide
since they have their own dedicated section under configuration/.
Change-Id: I6da0843e2cb9dc7451d97af661a6cb4873eba671
The self-service password API was left intentionally
unprotected in a change during the stable/ocata cycle:
I4d3421c56642cfdbb25cb33b3aaaacbac4c64dd1
The default policy was not removed from the same config and as a
result it was migrated into code during the policy-in-code work.
This isn't necessary since it's not used to protect anything. Policy
should still be enforced on administrative password resets, but that
is done using the `update_user` API.
Change-Id: I431f5ef9d6d5d689a06736640d22997fbddb869c
Closes-Bug: 1705485
Now use domain_id_response_body in the request parameters of
creating role, but its required is true. When we create a role,
the domain id is optional.
This patch add role_domain_id_request_body in request parameters.
Change-Id: Ib384f2b074e86691223fbc3d480fbb82a903e209
This is part of an effort to consolidate all the content in the
Operator guide into the Administrator guide.
Change-Id: I3431ecbff399bf6ae7620996e4c4cce9bb3489eb
This commit merges two documents that were both attempting to
document integrating keystone with LDAP. Instead, we should have a
single document so that it's easier to operators to understand and
find.
Change-Id: I1b1927b498d93f39d57a03b60384de22f07ad2f2
The specification detailing the great documentation migration
requires a doc/source/cli/ directory be added to the project.
The directory is intended for cli documentation.
This commit add the directory so that we are in compliance with the
specification but doesn't move any content into the directory. It is
instead treated like a placeholder until we can migrate the right
content into the cli guide.
Change-Id: Ida5ffc979d3c596547e9664dce8933d2cf9a4486
Closes-Bug: 1694460
The specification detailing the great documentation migration
requires a doc/source/user/ directory be added to the project.
The directory is intended for end user documentation.
This commit add the directory so that we are in compliance with the
specification but doesn't move any content into the directory. It is
instead treated like a placeholder until we can migrate the right
content into the user guide.
Change-Id: I7d9cde958957bff20c7221f37cb0b03b61aa38f9
Partial-Bug: 1694460
The specification detailing the great documentation migration
requires a doc/source/contributor/ directory for all contributor
documentation. Keystone had a directory specifically for this type
of content but it was in doc/source/devref/.
This commit renames devref/ to contributor/ because the term
`contributor` is more inclusive of other community members that
aren't necessarily developers. The specification also requires this
convention for consistency with other projects.
Change-Id: Id6363213dc6ba6946bd272ca5ee67b4604afc5ac
Partial-Bug: 1694460
All users and groups are required to have a name. Prior to this fix,
Keystone was not properly enforcing this for LDAP users and groups.
Keystone will now ignore users and groups that do not have a value for
the LDAP attribute which Keystone has been configured to use for that
entity's name.
Closes-Bug: #1704205
Change-Id: I424813785b7a355514ef42f1e4c6384b8a78b256
This is part of an effort to consolidate everything from the Operator
guide into the Administrator guide.
Change-Id: I76b0eaee11f5a8d68304a163381c905611edd43b
Since the last patch in the ocata release that removed the metadata_ref,
the ec2tokens api is broken due to unable to unpack the result of the
authenticate command (4 elements) while expecting to expand it into 5.
Change-Id: I71c4b51444ea9f7a3016b68d7dee9a4747e9c0fd
Closes-Bug: #1691111
Closes-Bug: #1635389
The guide uses the Apache HTTP server with mod_wsgi to serve
identity service, but it did not introduce the step to install
Apache2 and libapache2-mod-wsgi package in this guide. The identity
service will not be started without these two packages.
This patch modify the step 1 in part "Install and configure components"
for installing two packages metioned above.
Change-Id: I8ca55e605f806bdc48f753ab893040d9a76aa93d
Closes-Bug: 1707176
When creating an IdP, if a domain was generated for it and a conflict
was raised while effectively creating the IdP in the database, the
auto-generated domain is now cleaned up.
Change-Id: I9b7c3c1fae32b9412f75323a75d9ebe4ad756729
Closes-Bug: #1688188
The OS-EP-FILTER api-ref request sample is malformed; it is missing a comma
for it to be proper json. This patchset fixes the issue.
trivial fix
Change-Id: Ia26fc67affde11335a825dcff7063716f09d071b
Some references to whitelisting and blacklisting was confusing in the
mapping documentation. This commit attempts to clarify the wording
and purpose for both whitelists and blacklists.
Change-Id: I09f4762f03824acc689600c8561fe99ea113ad9a
Closes-Bug: 1693690
