openstack
/
keystone
Code Issues Proposed changes
OpenStack Identity (Keystone)
14,360 Commits 9 Branches 40 Tags 231 MiB
Python 99.5%
Shell 0.5%
Go to file
Colleen Murphy 17c337dbdb Fix credential list for project members 
Without this patch, project members and readers can list any credentials
with the /v3/credentials API when enforce_scope is false. enforce_scope
is only applicable to project admins due to the admin-ness problem[1],
and this policy is not meant to allow project admins any access to users'
credentials (only system admins should be able to access them). However,
when enforce_scope is false, we need to preserve the old behavior of
project admins being able to list all credentials. This change mitigates
the problem by running the identity:get_credential policy check to
filter out credentials the user does not have access to. This will
impact performance.

Closes-bug: #1855080

[1] https://bugs.launchpad.net/keystone/+bug/968696

Change-Id: I5dd85a6b8368373a27aef2942a64499d020662ef
 		2019-12-04 16:42:17 -08:00
api-ref/source Fix wrong interface description 2019-10-09 15:36:07 +05:30
config-generator Move policy generator config to config-generator/ 2017-04-21 21:47:32 +00:00
devstack Add voting k2k tests 2019-10-17 15:27:35 -07:00
doc Refresh "how can I help?" doc 2019-10-28 15:47:21 -07:00
etc Remove policy.v3cloudsample.json 2019-10-02 20:26:05 +00:00
examples/pki Remove support for PKI and PKIz tokens 2016-11-01 22:05:01 +00:00
httpd Remove admin interface in sample Apache file 2018-03-24 12:56:02 +01:00
keystone Fix credential list for project members 2019-12-04 16:42:17 -08:00
keystone_tempest_plugin Replace git.openstack.org URLs with opendev.org URLs 2019-04-24 11:51:00 +08:00
playbooks/legacy/keystone-dsvm-grenade-multinode OpenDev Migration Patch 2019-04-19 19:30:29 +00:00
rally-jobs fix rally docs url 2018-05-21 16:24:51 +08:00
releasenotes Fix credential list for project members 2019-12-04 16:42:17 -08:00
tools Re-enable line-length linter 2019-10-21 08:48:47 -07:00
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:27:58 +00:00
.gitignore Ignore .eggs dir as well 2018-07-04 12:39:20 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:30:29 +00:00
.mailmap update mailmap with gyee's new email 2015-11-03 16:12:01 -08:00
.stestr.conf Migrate to stestr 2017-09-22 11:07:09 -05:00
.zuul.yaml Merge "Stop testing Python 2" 2019-11-14 10:28:52 +00:00
CONTRIBUTING.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
HACKING.rst Merge "Update links in keystone" 2017-10-06 16:10:56 +00:00
LICENSE Added Apache 2.0 License information. 2012-02-15 17:48:33 -08:00
README.rst Start README.rst with a better title 2019-11-19 17:35:27 +01:00
babel.cfg setting up babel for i18n work 2012-06-21 18:03:09 -07:00
bindep.txt Fix bindep for SUSE 2019-02-14 16:50:33 +01:00
lower-constraints.txt Stop explicitly requiring pycodestyle 2019-10-17 08:18:25 +00:00
requirements.txt Add access rules to token validation 2019-09-14 03:14:36 -07:00
setup.cfg Merge "Stop testing Python 2" 2019-11-14 10:28:52 +00:00
setup.py Updated from global requirements 2017-03-06 01:10:37 +00:00
test-requirements.txt Stop explicitly requiring pycodestyle 2019-10-17 08:18:25 +00:00
tox.ini Merge "Stop testing Python 2" 2019-11-14 10:28:52 +00:00

README.rst

OpenStack Keystone

image

OpenStack Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://docs.openstack.org/api-ref/identity

The canonical client library is available at:

https://opendev.org/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://opendev.org/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Release notes is available at:

https://docs.openstack.org/releasenotes/keystone

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.