By referencing the old endpoint_policy in contrib, we are causing
deprecation warnings to appear in log files. We no longer need
to create a filter and include it, since it's in core now.
Change-Id: Id711163b76c9a81a650bc03ec08964129e167514
Closes-Bug: 1482500
This will give Domain Admin the ability to retrieve the details
for it's domain.
Change-Id: Ia82aaa686a7381be0b3f46c1d90658c1f1e1167d
Closes-Bug: #1480480
The sample config file was out of date. There are two [cors]
sections in the current one for some reason.
Regenerated using
tox -e genconfig
Change-Id: I7e98e20624a80fe53e8d8d2dce1f136f27268f97
The policy rule for get_trust is misleading for operators
since it is not used by the trust controller.
Change-Id: I885ccbafef8bb9ca73ca6fab110176291bb3a542
Closes-Bug: #1444748
This change updates the sample configuration for Keystone to include the
'choices' work that's been added to oslo_config.
Change-Id: I5d9a19b26abc7ef19d898bace6de53ad716ecc28
Add missing routing mapping to "list_endpoint_groups_for_project".
Now that mapping has been corrected, adding back the policy rule
"identity:list_endpoint_groups_for_project" in the sample policy
file.
Change-Id: Iedc0622cd472d630346b7ae8e662ab88de6c52cb
Closes-Bug: #1421968
Causes issues with oslo.policy and ironic
This reverts commit 9e845eaae0c20d56d437b48c0dea93ce45833ee0.
Closes-Bug: 1437032
Change-Id: I5cd7445a15a5c4f20f7f018eb5b35f111feb8866
There was no documentation that showed the mapping between the
actions in the policy file to the REST operation. The mapping is
now shown in the sample policy.json files.
DocImpact
This info also needs to be in an admin guide.
Closes-Bug: 1424496
Change-Id: I7c973068ec1a62d39287f926b71ba61de0566f58
Currently, policy.json and policy.v3cloudsample.json only check if
the user from token matchs the user from url. However, we should
also check if the user owns the credential.
Change-Id: I5c8bbb6736b028d6cb693d2a35e018f28caeaa57
Closes-Bug: #1417366
Closes-Bug: #1417522
Building on previous patches, this adds the public API support
for domain configurations being stored in the database.
Partially Implements: blueprint domain-config-ext
Change-Id: Idcd37a55a1179ef9be088323414cd76e7bfcd6bb
Include endpoint policy, oauth1 and endpoint filter in the pipeline
by default, and automatically migrate the databases.
implements bp: replace-extensions
Change-Id: Ie12d220da149135755e15873807b4a551b243220
This commit adds the oslo middleware request id middleware into
keystones paste pipeline to add request id's to the response headers
Change-Id: I475d60460df6b1b88942bd8347b6bc443dbf4c8a
Add the ability to return a templated post back HTML
response when a call is made that contains info from trusted
dashboard host.
implements bp websso-portal
Co-Authored-By: Jose Castro Leon <jose.castro.leon@cern.ch>
Co-Authored-By: Marek Denis <marek.denis@cern.ch>
Co-Authored-By: Thai Tran <tqtran@us.ibm.com>
Change-Id: Ia5a5c9bd176ea0372c92de6d0a3587d82f2fe5d7
This takes into account a few changes that have modified the
sample config.
1) Handle SSL termination
I76462db9c01a130964844207e375bd35359694f7
2) federated domains
I84c95a0abe3f4c4bbe2b785fd773f54e3384f5ce
3) use oslo.log
0f61b11141baff243d0e4c10b3dcb612584f7426
Change-Id: I11950714b533b1bb8f216411611505f4fbadaedd
The "identity:check_role_for_trust" was defined in the sample
policy files but there is no actual mapping for it, so setting
a value for this target has no effect. If or when the
mapping gets added then this target must be added back in.
Fixed the double protected call in "get_role_for_trust" by changing its
call to a private unprotected version of "check_role_for_trust".
Also, marking the public version of "check_role_for_trust" as deprecated
for future cleanup.
Change-Id: I1c2b1186e37e31eaf556f81db686cc362768a5ae
Closes-Bug: #1421966