openstack
/
keystone
Code Issues Proposed changes
keystone/keystone/common
History
Lance Bragstad 65cb669e78 Make system tokens work with domain-specific drivers 
When calling certain group or user APIs, keystone logic would attempt
to figure out the domain to scope responses to. This was specific to
enabling domain-specific driver support, where each domain is backed
by a different identity store. This functionality is turned off by
default. Since system-scoped tokens are not associated to a domain
(unlike project-scoped tokens or domain-scoped tokens), the logic to
determine a domain from a system-scoped token was breaking and
returning an erroneous HTTP 401 Unauthorized when system users
attempted to list users or groups.

This commit adds support for domain detection with system-scoped
tokens.

Conflicts:
      keystone/server/flask/common.py

This backport has conflicts with keystone/server/flask/common.py due to
the ``token_ref`` variable being renamed to ``token``. This conflict is
resolved by continuing to use the old name, but the change is
functionally equivalent to what was proposed to all other branches.

This backport modifies the unit test to use the pre-flask-compatible
self.admin_request method instead of flask's test_client() context
manager.

Change-Id: I8f0f7a623a1741f461493d872849fae7ef3e8077
Closes-Bug: 1843609
(cherry picked from commit 8f43b9cab0)
(cherry picked from commit 417d2c0e6e)
 		2019-10-22 16:56:09 -07:00
..
cache Merge "Wrap invalidation region to context-local cache" 2017-01-06 21:28:51 +00:00
policies Remove v2.0 policies 2018-02-21 09:45:34 +00:00
sql Add placeholder migrations for Queens 2018-02-08 21:39:14 +01:00
validation Fix json schema nullable to add None to ENUM 2018-04-19 13:24:08 +00:00
__init__.py establish basic structure 2012-01-18 20:06:27 -08:00
authorization.py Remove dead code for auth_context 2017-12-08 21:39:18 -05:00
clean.py move clean.py into keystone/common 2015-07-18 23:32:08 -07:00
context.py Implement project tags API controller and router 2017-10-19 12:18:01 -05:00
controller.py Make system tokens work with domain-specific drivers 2019-10-22 16:56:09 -07:00
dependency.py Remove Dependency Injection 2017-12-13 10:59:39 -08:00
driver_hints.py Drop type in filters 2017-01-13 14:19:11 +03:00
extension.py Fix D202: No blank lines after function docstring (PEP257) 2015-10-28 07:25:04 +00:00
json_home.py Expose unified limit APIs 2018-01-25 16:33:11 +08:00
manager.py Merge "Handle deprecation of inspect.getargspec" 2017-12-16 04:30:47 +00:00
password_hashing.py Support new hashing algorithms for securely storing password hashes 2017-05-18 20:03:25 -05:00
policy.py Merge "Expose a get_enforcer method for oslo.policy scripts" 2018-01-16 09:04:07 +00:00
profiler.py Remove log translations in keystone 2017-03-25 18:17:15 +00:00
provider_api.py Remove Dependency Injection 2017-12-13 10:59:39 -08:00
request.py Replace logging with oslo_log. 2016-12-16 03:10:52 +00:00
resource_options.py Fixed warning when building keystone docs 2017-02-08 11:24:10 -06:00
router.py Implement HEAD method for all v3 GET actions 2016-03-22 10:27:53 -07:00
token_utils.py Rename fernet_utils to token_utils 2017-12-12 16:38:42 -06:00
tokenless_auth.py Remove Dependency Injection 2017-12-13 10:59:39 -08:00
utils.py Handle TZ change in iso8601 >=0.1.12 2018-01-26 23:09:41 +08:00
wsgi.py Improve exception logging with 500 response 2017-12-10 13:37:57 -06:00