openstack/keystone
Code Issues Proposed changes
14,082 Commits 11 Branches 47 Tags
52da4d0e12
Go to file
Guang Yee 52da4d0e12 implement system scope for application credential 
Implement system scopes, namely 'admin', 'reader', and 'member' for
the application credential API. Thus, making it consistent with other
system-scoped policy definitions.

For the application credential API, the follow policies will be enforced:

- system admin can fetch, list, lookup, and delete user's application
  credentials.
- system member and reader can only fetch, list, and lookup user's application
  credentials. Deleting a user's application credential other their own is
  strictly prohibitted.
- domain and project admins can no longer touch user's application credentials
  other their own.
- domain and project readers cannot touch user's application credentials
  other their own.
- domain and project members cannot touch user's application credentials
  other their own.
- create an application credential can only be done by the owner. No one else
  can create an application credential on behalf of another user.

Test cases are added to guard the above policy changes.

Change-Id: I26ee11571b6d0f700a5fe3a62ad2e8fc7f5316fe
Closes-Bug: 1818725
Closes-Bug: 1750615
2019-07-19 17:53:16 -07:00
api-ref/source
[api-ref] Fix nocatalog description for unscoped token
2019-06-19 17:11:35 +08:00
config-generator
Move policy generator config to config-generator/
2017-04-21 21:47:32 +00:00
devstack
Added keystone identity provider installation to Devstack plugin
2019-03-19 11:22:38 -04:00
doc
Fix keystone document
2019-07-09 14:21:33 +05:30
etc
DRY: Remove redundant policies from policy.v3cloudsample.json
2019-04-02 19:09:53 +00:00
examples/pki
Remove support for PKI and PKIz tokens
2016-11-01 22:05:01 +00:00
httpd
Remove admin interface in sample Apache file
2018-03-24 12:56:02 +01:00
keystone
implement system scope for application credential
2019-07-19 17:53:16 -07:00
keystone_tempest_plugin
Replace git.openstack.org URLs with opendev.org URLs
2019-04-24 11:51:00 +08:00
playbooks/legacy/keystone-dsvm-grenade-multinode
OpenDev Migration Patch
2019-04-19 19:30:29 +00:00
rally-jobs
fix rally docs url
2018-05-21 16:24:51 +08:00
releasenotes
implement system scope for application credential
2019-07-19 17:53:16 -07:00
tools
Fix E731 flake8
2019-06-19 17:40:01 +05:30
.coveragerc
Change ignore-errors to ignore_errors
2015-09-21 14:27:58 +00:00
.gitignore
Ignore .eggs dir as well
2018-07-04 12:39:20 +00:00
.gitreview
OpenDev Migration Patch
2019-04-19 19:30:29 +00:00
.mailmap
update mailmap with gyee's new email
2015-11-03 16:12:01 -08:00
.stestr.conf
Migrate to stestr
2017-09-22 11:07:09 -05:00
.zuul.yaml
Update Python 3 test runtimes for Train
2019-05-09 17:35:22 +08:00
babel.cfg
setting up babel for i18n work
2012-06-21 18:03:09 -07:00
bindep.txt
Fix bindep for SUSE
2019-02-14 16:50:33 +01:00
CONTRIBUTING.rst
Use https for docs.openstack.org references
2017-01-30 16:05:08 -08:00
HACKING.rst
Merge "Update links in keystone"
2017-10-06 16:10:56 +00:00
LICENSE
Added Apache 2.0 License information.
2012-02-15 17:48:33 -08:00
lower-constraints.txt
Implement system scope and default roles for token API
2019-06-17 15:57:51 +00:00
README.rst
Replace git.openstack.org URLs with opendev.org URLs
2019-04-24 11:51:00 +08:00
requirements.txt
Implement system scope and default roles for token API
2019-06-17 15:57:51 +00:00
setup.cfg
Revert "Add JSON driver for access rules config"
2019-05-28 08:38:42 -07:00
setup.py
Updated from global requirements
2017-03-06 01:10:37 +00:00
test-requirements.txt
Use pycodestyle in place of pep8
2018-11-20 17:16:01 +00:00
tox.ini
Merge "Add Python 3 Train unit tests"
2019-07-02 02:30:02 +00:00

README.rst

Team and repository tags

image

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://developer.openstack.org/api-ref/identity

The canonical client library is available at:

https://opendev.org/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://opendev.org/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Release notes is available at:

https://docs.openstack.org/releasenotes/keystone

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.

Description
OpenStack Identity (Keystone)
Readme 236 MiB
Languages
Python 99.5%
Shell 0.5%