8 Commits

Author SHA1 Message Date
Colleen Murphy
5d7c92e204 Add support for functional RBAC tests
Add support to the keystone devstack plugin for setting enforce_scope in
the keystone config and setting up tempest to test it.

It may be better to move this to tempest proper at some point.

See also: https://review.opendev.org/686073 https://review.opendev.org/698397

Change-Id: I1b71135547b7ce03afb5b44fbbab3f52d213a2ae
2020-08-02 15:09:26 -07:00
jolie
cdfcac6e67 Update links in keystone
Some links have been changed. This patch updates links
in docs and codes.

Change-Id: Ia104a6ec890e1af4bc44c96a38a4b055ebb99e26
2017-09-12 15:18:13 +08:00
Lance Bragstad
6a20aa8587 Revert "Fix wrong links"
This reverts commit 77500b3615ae94ea45837f3fc0d503c8aadcc462.

Change-Id: I44a3f47329b06d4b85fa0bb944ce3bc8084fffa3
2017-08-22 18:54:25 +00:00
yfzhao
77500b3615 Fix wrong links
Some docs links have changed. We should update the wrong links in our codes.

Change-Id: I54587d1ca9a3b1628fc5437ca49b468a4e4107bc
Closes-Bug: #1710572
2017-08-14 16:26:42 +08:00
Eric Brown
30d9095d28 Use https for docs.openstack.org references
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.

Change-Id: I30a462e03d1fd7852511e22cac34c6bc0e8917f4
2017-01-30 16:05:08 -08:00
Rodrigo Duarte Sousa
91167ad58a Settings for test cases
This patch adds a function to configure the settings for test cases. It
currently sets the needed settings for the first federation scenario
test (follow up patch). If needed, additional settings can be added.

Change-Id: I5f0d0b5eeee1d8f03b38a2eb4cdc2101d3dccaa1
2016-12-20 09:07:09 -03:00
Kristi Nikolla
fbafc06ac6 Devstack plugin to federate with testshib.org
In a previous patch, I implemented a Devstack plugin to enable
federation and idp features in keystone. The plugin was to be
configured from environment variables for the idp entityID, metadata,
sp_auth_url, sp_url, etc. Providing an endless and untestable matrix
of combinations. Therefore the review was gathering dust waiting for
brave reviewers.

This review extracts the meat of the previous patch and removes all
the configuration options. This plugin now does one thing only: It
installs mod_shibboleth and sets up testshib.org as the IdP for keystone.

While testshib.org will not be used in our functional testing, this
is a necessary first step to make such complex changes more testable
reproducible and reviewable.

A follow-up patch will install a shibboleth-idp, and either that one,
or a later one, will switch from testshib.org to the local shibboleth.

This plugin will not yet be run as part of the gate, as "enable_service
federation" needs to be added to the Devstack options.

To run add the following after the lines that set up keystone from a
gerrit review:

enable_plugin keystone $KEYSTONE_REPO
enable_service keystone-saml2-federation

Change-Id: I6f7491ff063359d7065c77b00fe5bfc76f8587d6
2016-11-17 13:54:42 -05:00
Kristi Nikolla
75e8cd1538 Add structure for Devstack plugin
This review creates the structure for the Devstack plugin and
prints to the console to ensure its execution in the gate.

Follow-up reviews will do more useful stuff like setting up
the environment for our functional testing (ldap, federation).

Change-Id: I820ae355ae8f3183fee2b8207e3c17e8bd10dc17
2016-10-31 10:03:16 -04:00