- the policy service was never finished
- it's overall design doesn't contribute to the architecture of keystone
- it's mostly boilerplate code
- it's marked as deprecated in the API reference
- people trying to understand the architecture document don't need to
fill a register with this information when there are other more
meaningful things to parse
Change-Id: Ie4f5b992e277eb79041fd6211a171ca90057fd69
User option ``lock_password`` has been implemented. This
option when set to ``True`` will prevent the usage of the
self-service password change API. If the ``lock_password``
option is set to ``False`` or ``None`` (to remove the
option from the user-data structure) normal password
change operations are allowed
Closes-Bug: #1755874
Change-Id: Icf1776c5fe625c2e9292bfcf40a8a9f17a002656
Added prerequisite package note and associated link to the main Install Guide
to the Keystone install guide. This is to ensure commands further down the
Keystone guide don't fail unexpectedly.
Change-Id: I189854fbc7f1e05945ab0002c08ee84f7bfad196
Closes-Bug: 1754413
Closes-Bug: 1754417
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Iefad7ba17f01d2982567e7f1f207ecb29d093e83
- Ensure myproject and myuser are used throughout the guide
consistently
- Add note that connection's host in keystone.conf must be resolveable
Change-Id: Icaaf6c1b7583ed75b7a6204d7fb1f3506e4e8937
This change fixes the 3 occurrences of "accommodate" being misspelled
in the keystone install documentation.
Change-Id: I2eb50fd1aedb8e7cb7530d640aaa8f183134945c
Bring the RDO install guide into alignment with the Ubuntu and SUSE
guides by removing references to the admin port 35357 that was used for
the keystone v2 API.
Change-Id: Ic2c5452dae0c142ce3311f6b5e6d9590d618fc22
The external developer document we have attempts to clarify various
concepts in keystone and make it easier for other developers writing
other services. Now that we've removed the v2.0 API, it makes sense
to update this documentation to refer to v2.0 in the past tense. Some
parts of the document seemed specific to operator documentation, which
has been either removed or reworked to the intended operators, other
service developers.
Change-Id: I809150f8b77a813e2300760fdcb1d11cfa8ca732
Support for the UUID token provider was removed when the Rocky cycle
opened for development:
I76d5c29f6b1572ee3ec7f2b1af63ff31572de2ce
This commit removes references to the UUID token provider from the
token provider documentation.
Change-Id: I85aa4eac1098628f090b3e95a9234bc5777d274d
Partial-Bug: 1757151
A lot of people are very surprised that we no longer reference port
35357 in our Ubuntu (and SUSE) install guides. Add a note to clarify
that this is not a bug and we do really mean it.
This does not change the RDO install guide because our guide still
instructs users to use port 35357 because the RDO package still includes
an Apache vhost file that uses 35357.
Change-Id: I334ba888190705a345d50cebe577b832753f202c
Related-bug: #1755026
Related-bug: #1755511
Related-bug: #1756178
Modify the Install Guide to use different labels for user, role, and project
names.
Change-Id: I14303ae708e47a8782d4ccc2a8c2ee076bc071b8
Closes-Bug: 1746302
Keystone has supported JSON Home documents since Juno, but we never
had any user-facing documentation for the API. This commit adds a
section to the user guide that describes what JSON Home is and adds
an example of how users can get it.
Change-Id: Ib0793f6af4f65e5549ba0543b87d20f3f1a8a62d
In queens the v2.0 APIs were removed. This commit removes the
leftover v2.0 policies documented in the sample policy file.
Change-Id: Ibb841bcbc12d0be365ddb2681310a0eee6724782
With support for application credentials landed on
python-openstackclient, update the documentation to use this more
user-friendly method of managing application credentials.
Change-Id: I0c05d5a276a6aeb6cc464420ca8c529ed00e4b45
Depends-on: https://review.openstack.org/536163
Add documentation in the User section on managing, using, and rotating
application credentials.
Since application credential support didn't make it into
python-openstackclient in the Queens release, show examples using
python-keystoneclient.
Change-Id: I24bc51d2f3741771ba321fc05d49fd111aa76c15
Both of these drivers were staged for removal in Rocky. Now that
Rocky is open for development we can remove them. This commit removes
just the bare-bones aspects of each. Subsequent patches will do the
following:
- Remove test class that were only meant for sql or uuid scenarios
- Refactor the notification framework to not hint at token storage
- Refactor the token provider API interfaces to be simpler and
cleaner
- Remove the needs_persistence property from the token provider API
and document the ability to push that logic into individual
providers that require it
- Return 403 Forbidden for all requests to fetch a revocation list
- Remove the signing directory configuration options
These changes will result in simpler interfaces which will be
important for people implementing their own token providers and
storage layers.
bp removed-as-of-rocky
Change-Id: I76d5c29f6b1572ee3ec7f2b1af63ff31572de2ce
With the removal of the v2 API, there is no reason to keep listening on
multiple ports. Update the OBS install guide to only mention the one
port. The openSUSE openstack-keystone package does not provide a default
vhost config file so we can update this independently of any package
changes in the distro. This also removes a few incorrect notes, one
claiming that the distro package installed and started the nonexistent
eventlet service and one claiming that port 5000 only allowed non-admin
access.
Change-Id: Ic06af94335598e0aadac20874d177e531069548a
The curl examples we keep in our documentation contain examples for
interacting with the now removed v2.0 APIs. This commit removes those
examples since we no long support v2.0, except for the ec2token API
until the T release. The curl examples didn't have any v2.0 ec2token
examples.
Change-Id: I7e16421873de1c2ebf13db971bef80a2d74e5823
