openstack
/
keystone
Code Issues Proposed changes
keystone/keystone
History
Jose Castro Leon 578be15629 Allows to use application credentials through group membership 
When using role assignment through groups, the user cannot use
the application credentials created. This allows to look up
the membership by checking inherited and group assignments.

Conflicts:
    This change conflicts with newer branches because most of the
    logic in keystone/token/providers/common.py was refactored into
    keystone/models/token_model.py during the Rocky release. This
    refactor causes the stable/queens version to diverge from
    stable/rocky, stable/stein, and stable/train patches, although it
    is functionally equivalent to the approach used in later releases.

Change-Id: If1bf5bd785a494923303265797311d42018ba7af
Closes-Bug: #1773967
(cherry picked from commit 14b25bc5d1)
(cherry picked from commit 933ea511d1)
(cherry picked from commit cf83fc1056)
 		2019-11-13 15:28:46 +00:00
..
application_credential Invalidate app cred AFTER deletion 2018-10-21 19:52:38 +00:00
assignment Delete system role assignments when deleting groups 2018-02-14 19:21:44 +00:00
auth Use keystone.common.provider_api for auth APIs 2018-02-02 22:07:29 +00:00
catalog Use keystone.common.provider_api for catalog APIs 2017-12-27 16:32:18 +00:00
cmd Grant admin a role on the system during bootstrap 2018-02-14 19:18:23 +00:00
common Make system tokens work with domain-specific drivers 2019-10-22 16:56:09 -07:00
conf Merge "Impose limits on application credentials" 2018-01-31 22:16:25 +00:00
contrib Remove all v2.0 APIs except the ec2tokens API 2018-02-06 23:12:55 +01:00
credential Add retry for DBDeadlock in credential delete 2019-09-09 09:01:35 +05:30
endpoint_policy Use keystone.common.provider_api for endpoint_policy APIs 2017-12-27 16:56:49 +00:00
federation Mapped Groups don't exist breaks WebSSO 2018-09-24 16:06:35 +00:00
identity Revert "Fix python3 compatibility on LDAP search DN from id" 2019-10-30 08:51:24 -04:00
limit Expose unified limit APIs 2018-01-25 16:33:11 +08:00
locale Imported Translations from Zanata 2018-03-14 06:35:15 +00:00
middleware Implement system-scoped tokens 2018-01-23 23:33:43 +00:00
models Implement system-scoped tokens 2018-01-23 23:33:43 +00:00
oauth1 Remove all v2.0 APIs except the ec2tokens API 2018-02-06 23:12:55 +01:00
policy Use keystone.common.provider_api for policy APIs 2017-12-27 17:10:20 +00:00
resource Remove @expression from tags 2018-03-01 13:26:00 +00:00
revoke Remove all v2.0 APIs except the ec2tokens API 2018-02-06 23:12:55 +01:00
server Add limit provider 2018-01-25 15:45:44 +08:00
tests Allows to use application credentials through group membership 2019-11-13 15:28:46 +00:00
token Allows to use application credentials through group membership 2019-11-13 15:28:46 +00:00
trust Populate application credential data in token 2018-02-20 08:47:02 +01:00
version Remove all v2.0 APIs except the ec2tokens API 2018-02-06 23:12:55 +01:00
__init__.py Revert "Disable eventlet monkey-patching of DNS" 2013-05-10 10:24:48 -04:00
exception.py Impose limits on application credentials 2018-01-27 12:00:23 +01:00
i18n.py Update links in keystone 2017-09-12 15:18:13 +08:00
notifications.py Set initiator id as user_id for auth events 2019-03-19 10:54:25 +01:00