2e51473138
Base API for reporting revocation events. The KVS Backend uses the Dogpile backed KVS stores. Modifies the places that were directly deleting tokens to also generate revocation events. Where possible the revocations are triggered by listening to the notifications. Some places, the callers have been modified instead. This is usually due to the need to iterate through a collection, such as users in a group. Adds a config file option to disable the existing mechanisms that support revoking a token by that token's id: revoke_by_id. This flag is necessary to test that the revocation mechanism is working as defined, but will also be part of the phased removal of the older mechanisms. TokenRevoke tests have been extended to test both with and without revoke-by-id enabled. Note: The links aren't populated in the list_events response. SQL Backend for Revocation Events Initializes the SQL Database for the revocation backend. This patch refactors the sql migration call from the CLI so that the test framework can use it as well. The sql backend for revcations is exercized by test_notifications and must be properly initialized. Revoke By Search Tree Co-Authored-By: Yuriy Taraday (Yoriksar) create a set of nested maps for the events. Look up revocation by traversing down the tree. Blueprint: revocation-events Change-Id: If76c8cd5d01a5b991c58a4d1a9d534b2a3da875a |
||
|---|---|---|
| bin | ||
| doc | ||
| etc | ||
| examples/pki | ||
| httpd | ||
| keystone | ||
| tools | ||
| .coveragerc | ||
| .gitignore | ||
| .gitreview | ||
| .mailmap | ||
| .testr.conf | ||
| babel.cfg | ||
| CONTRIBUTING.rst | ||
| HACKING.rst | ||
| LICENSE | ||
| MANIFEST.in | ||
| openstack-common.conf | ||
| README.rst | ||
| requirements.txt | ||
| run_tests.sh | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
OpenStack Keystone
Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.
Developer documentation, the source of which is in
doc/source/, is published at:
The API specification is available at:
The API documentation is available at:
The canonical client library is available at:
Documentation for cloud administrators is available at:
The source of documentation for cloud administrators is available at:
Information about our team meeting is available at:
Bugs and feature requests are tracked on Launchpad at:
Future design work is tracked at:
Contributors are encouraged to join IRC
(#openstack-keystone on freenode):
For information on contributing to Keystone, see
CONTRIBUTING.rst.