0edf1fe46c
This commit implements credential encryption through the following changes: - additive schema change to store key hashes for credentials - database migration to encrypt all pre-existing credentials - contractive schema change to remove unencrypted credential column - added code to the credential Manager to handle credential encryption All credentials will be encrypted by default. There will not be a way to store unencrypted credentials in keystone from this point forward. Note that this implementation uses database triggers in the migration process. If operators use the traditional offline migration method, it would be more reliable if we didn't try to setup and tear down triggers, as they'll never be used anyway. This makes it so that expand and contract migrations can skip anything related to triggers. Co-Authored-By: Werner Mendizabal <nonameentername@gmail.com> bp credential-encryption Depends-On: I433da9a257daa21ec3b5996b2bca571211f1fbba Depends-On: Id3e8922adc154cfec5f7a36613e22eb0b49eeffe Change-Id: I31b7539db436ad270462cfaa3b14213e0ed1fc04 |
||
---|---|---|
api-ref/source | ||
config-generator | ||
doc | ||
etc | ||
examples/pki | ||
httpd | ||
keystone | ||
keystone_tempest_plugin | ||
rally-jobs | ||
releasenotes | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.testr.conf | ||
babel.cfg | ||
bindep.txt | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.rst | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
OpenStack Keystone
Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.
Developer documentation, the source of which is in
doc/source/
, is published at:
The API specification and documentation are available at:
The canonical client library is available at:
https://git.openstack.org/cgit/openstack/python-keystoneclient
Documentation for cloud administrators is available at:
The source of documentation for cloud administrators is available at:
Information about our team meeting is available at:
Bugs and feature requests are tracked on Launchpad at:
Future design work is tracked at:
http://specs.openstack.org/openstack/keystone-specs/#identity-program-specifications
Contributors are encouraged to join IRC
(#openstack-keystone
on freenode):
For information on contributing to Keystone, see
CONTRIBUTING.rst
.