keystone-all command was removed but no alternative for running
keystone in developer mode was added. Update documentation with uwsgi
command and update keystone-all reference.
Change-Id: Ia949620de21c1b05127769c6da249b38d83cda9c
The default value for the admin_token parameter was removed from the
sample config file in ea952bd2, so the recommendation in the developer
documentation to use it without first setting it will result in an
error. This patch updates the developer documentation and the
sample_data.sh script to use the Identity v3 API and to follow the
latest recommendations for bootstrapping an admin user with which to
insert sample data.
Change-Id: I424ff6129d4ddcd63fb2bed4eabcbe910ab0153e
Whether the user is using tox or has installed keystone globally, the
keystone-manage command should already be in their path. The keystone
repo doesn't have a bin/ directory so trying to call
bin/keystone-manage from the root of the repo will result in an error.
Moreover, other references to keystone-manage in this page do not
specify a path. This patch fixes the instruction and makes it
consistent with the rest of the document.
Change-Id: I93f1aca9bdef0fa3ef4937ef616157d1e1b6fbe9
The tools/with_venv.sh no longer exists in the source tree. This
patch cleans up all references to it.
Closes-Bug: #1514792
Change-Id: I4638c9894fab01b4556ee0537bf40807a659e7e9
This is based on Nova upgrades documentation and links to Nova and
Cinder examples, since we are just starting to write backwards
compatible schema migration scripts.
Change-Id: Ie4bd5c28555e97df39465a5c793fc3306572a2c3
Partially-Implements: bp online-schema-migration
All keystone extensions have been moved into cores and are
enabled by default, the configuration about the extension in
this doc is not valid any more.
Change-Id: I0d1b7348d581b17d718c356fadad8f071ddbe09e
Since we added support for reno, document that submitters should
provide release notes with their changes. Rather then expecting
others to provide them at the end.
Change-Id: I021dab1a6e34eb0b46c0676b26c669013118c118
There are a few words that I have noticed throughout Keystone
that should be capitalized when they were not. The few words
I fix are: Fernet, SQLite and MySQL.
Change-Id: Iba3ef08e35829ffb65f4c3e920066783a73e9d0b
because of the stackforge project move to openstack project,
so change the url to https://git.openstack.org/cgit/openstack/
Change-Id: I10070df0cf7222568e0e306e3b19612378baf30c
When using openstack client to populate an initial keystone
deployment, instead of the former keystone client, the env.
variables needed are OS_TOKEN and OS_URL instead of the
previous OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT
Change-Id: I79dcd56896945267cf1c8ff4378ffff63048e155
There's an infra job now to keep the sample config file
up to date so developers shouldn't propose config file updates
with their commits.
Change-Id: I154ccbf8c289a373c8cc02004244e1edfcc9f4af
The keystone-all file no longer exists in bin/, but it is automatically
created when Keystone is installed. It was never removed as this bug
originally suggested.
Removing "bin/" from the command 'tools/with_venv.sh bin/keystone-all'
will make with_venv.sh use the keystone-all from the created virtualenv.
Change-Id: I04695f0548d6f87d632b87a40834323fea1378d7
Co-Authored-By: Akshay Aggarwal <akshayx.aggarwal@intel.com>
Co-Authored-By: Jason O'Brien <jasonx.obrien@intel.com>
Closes-Bug: #1462242
If the developer doesn't want to use the wip decorator, they
should be able to choose not to. This makes it clear that a
-1 shouldn't be applied if the developer decides not to use
wip.
Change-Id: If041cd1a4e3a1092ab47e6dd81ee03eb772c4c35
Cleans up the sample_data script to replace the keystoneclient commands
with the new openstackclient commands
Change-Id: Id68ff2b466e582a0c2f4418d173f7d63c14f5f37
Closes-Bug: #1459816
Replace URLs for workflow documentation to appropriate parts of the
OpenStack Project Infrastructure Manual.
Also update some outdated/obsolete devstack-related URLs.
Change-Id: I84e3a62b0aec7cb62d10b8b41eac27b15326ab5c
The http://ci.openstack.org/ documentation site has been deprecated,
replaced by redirects to corresponding paths within
http://docs.openstack.org/infra/ where other Project Infrastructure
documentation already resides.
Change-Id: Ifbc668063ad7cc8bee6b44279592ea6ca09c35ea
* Replace the github by openstack's official home git.openstack.org
* Also update the like of developer documentation of keystone
Change-Id: I60e8e914d9fa3be2cdfffe029e4c2432c07962e2
In developing.rst there is an incorrect reference to the
directory in which the docs are generated.
Closes-Bug: #1438983
Change-Id: I4afa0194f5f7cab3c562806b052be6f4a8d38357
Add some content in `developing.rst` for how to migrate core
components, primarly includes:
- The dir of core components should also includes version
subdirectory.
- Files: `__init__.py` and `migrate.cfg` also needed for core
components, so we should start a new section.
- Provide example for core components to upgrade or downgrade.
Change-Id: I7080609c043f856fc923a16473b4a49d5f7d06cd
Both of the test modules that perform functional (*cough* integration
*cough*) tests with python-keystoneclient are primarily focused on API
coverage for v2. All the analogous coverage for v3 is in the test_v3*
modules, so these two modules should be renamed so that they're easier
for new contributors to find.
Change-Id: Ib4264e5b9914177c48a63d239c1d05c743d62a26
This decorator can be used to commit failing tests while they are still
in development. It can also be used by people to show how an issue can
be reproduced without them having to make the code changes necessary to
make the test pass.
This is nicer than just raising TestSkipped because there is a built in
reminder to remove the decorator when the test starts passing.
Implements: blueprint failing-tests
Change-Id: I9ded266b368e7955b1e295950df394823b1a4088
Several examples were either missing code-blocks entirely,
this patch added either bash or python, so the rendered HTML
is nicer.
Change-Id: Ia145dc78a871dc27cf0926ea1ef9cf9b6df564b7
There were quite a few instances of `keystone` where `Keystone`
should have been used. Code examples were not changed, since that
would break things.
Change-Id: I533ad1b71cc3af1b70bb54cca0a820aaad3f62da
Using ldappool library to establish connection pooling.
Connection pooling is disabled by default.
Pooling specific configuration parameters are added in ldap section.
Added pool test using existing FakeLdap as connector class.
Added pool specific ldap live test. These tests are executed similar to
existing ldap live test.
Addressed async search_s and result3 API issues mentioned in review.
Added separate connection pool for end user auth bind done by keystone
identity ldap driver logic to avoid saturation of pool by these kind of
binds and limiting pool effectiveness for other ldap operations.
Rebased with lastest master and addressed doc comments.
Change-Id: If516a0d308a7f3be88df5583a30739a935076173
Closes-Bug: #1320997
bp: ldap-connection-pooling
DocImpact
The current code has a number of problems and limitations in its
support for having domain-specific backends (e.g. a different LDAP
server per domain). Not least of the problems is that you cannot
always infer the domain if an API call is just handed a user_id or
group_id. These issues are so severe that this feature is currently
marked as experimental.
This patch fixes these issues by using a mapping layer to store
the domain and local ID for the public facing user and group IDs.
No API changes are required for this new support. An important
consequence of this change is that non-UUID IDs for backends
like LDAP do not escape from keystone.
To ensure backward compatibility with existing single backend
installations, the mapping is not used for the default driver.
An exception to this is that if a cloud provider wants to enable
mapping for the default LDAP driver then they can set a config
option to achieve this.
keystone-manage has been extended to provide options to purge
the mapping table.
Blueprint: multi-backend-uuids
Change-Id: I60f8965bb74b248e6a6c8f141289affa431ee3cf
So an issue I hit when following the getting started docs for developers
is that I forgot to remove old pyc files and that can cause
keystone-manage db_sync to throw errors. I added some extra doc that
explains how to remove these files should this situation be encountered
Change-Id: Ib41c62e99faa7c82f89ab3c5bfa0d740f426829a
During a test run stdout, stderr and log messages are being captured. If
the test fails all three will be printed out so that can be inspected.
Each stream has an environment variable that can be used to stop it from
being printed at the end of a test run by setting its value to 0. This
is in line with what many of the other project are already doing.
Environment variables:
- OS_STDOUT_CAPTURE for stdout
- OS_STDERR_CAPTURE for stderr
- OS_LOG_CAPTURE for logging
Change-Id: I2fed99069950b839e060297026c8e06cbd45bb98
To enable ldap live test, set the environmental variable
``ENABLE_LDAP_LIVE_TESTS`` to a non-false value.
To enable tls ldap live test, set the environmental variable
``ENABLE_TLS_LDAP_LIVE_TESTS`` to a non-false value.
To enable mysql sql live test, set the environmental variable
``ENABLE_LIVE_MYSQL_TESTS`` to a non-false value.
To enable postgres sql live test, set the environmental variable
``ENABLE_LIVE_POSTGRES_TESTS`` to a non-false value.
To enable db2 sql live test, set the environmental variable
``ENABLE_LIVE_DB2_TESTS`` to a non-false value.
This allows for running all tests in a standard run by simply setting
the appropriate environmental variables.
This moves the live tests to be skips if the specific live-test
environmental variables are not set.
Change-Id: I8c09a8dcfca3f9691306c5f416f688205171bda3
Closes-Bug: 1243392
With this new optional caching backend, MongoDB can be used for caching data.
Change-Id: I25ba1cac9456d5e125a5eac99d42330507d4e329
Blueprint: mongodb-dogpile-caching-backend
Restructure the common config to include many help strings to
support using the oslo.config auto-generated sample config file.
Closes-Bug: #1229941
Change-Id: If352b3b816b1e7dc8b5fc3b9c1cb2adab187ffda
Fixed the keystone-manage command (--extension should be placed after db_sync)
Amend: making it more readable by seperating command from text
Change-Id: Iaf8dcacaa38cdcbaa867bb6e374a87c00cd45ac3
backport: none
Closes-bug: 1281819
This patchset implements the ability to define non-expiring keys
for dogpile.cache backends. The non-expiring keys are relevant
in the case of drivers that can automatically remove keys after
a given time (e.g. memcache). This new non-expiring-key
functionality is currently only implemented for the provided
memcached backend.
bp: dogpile-kvs-backends
Change-Id: I7e25e0049e5b8697c5cb67272b660519c3c3305e
General cleanup of the Dogpile KVS Memcache backends to be simpler
names and remove the 'dogpile_' prefix for the memcache_driver
argument utilized by the memcached backend pivot point. Documentation
updated to match KVS memcached changes.
DocImpact
Change-Id: Ieb368d440e48111d844c6e715ed17dd54ca50802
bp: dogpile-kvs-backends
Add the appropriate styling macro for the code snippets in the
documentation. This change highlights the language syntax making
the documentation more readable.
Closes-Bug: #1276299
Change-Id: Id331be204f688ccbb6e9f2c7ab9287310477312b
Provides an optional limit to the number of rows that will be
returned by a backend from a list_{entity} call. The limit is specified
in the configuration file, and allows for an overall general limit as
well as an individual limit for a given driver. By default, there is
no limit.
Limitations:
- The list limit is not yet handled by LDAP, rather this remains
implemented in the final wrap collection - a subsequent patch
will provide the support in the LDAP drivers
Implements bp list-limiting
Change-Id: I7ca76a8da4260242e578c44103b26257f7e2a5d5
The Continuous Integration Project link does not exist anymore as such.
Link instead to the documentation about the CI infrastructure.
Closes-Bug: #1274282
Change-Id: Ia69d9a3f89f67acee611222f411019395aa9d41c