7aee6304f6
When MySQL is used to store revocation events, events are returned from the database with the timestamps truncated to the second. This causes a revocation event for a token (which has the issued_at timestamp to the microsecond) to not match the revocation event and therefore the token is not considered to be revoked. The fix is to have the revocation events and token timestamps both always be truncated to the second. This will cause all tokens for a user that are issued within a second to be revoked when any of those tokens are revoked, which shouldn't be a problem. Change-Id: Ibd82b4ce910206dfd504c396614ae2ebed025e9b Closes-Bug: #1347961 |
||
---|---|---|
bin | ||
doc | ||
etc | ||
examples/pki | ||
httpd | ||
keystone | ||
rally-scenarios | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.rst | ||
babel.cfg | ||
openstack-common.conf | ||
requirements-py3.txt | ||
requirements.txt | ||
run_tests.sh | ||
setup.cfg | ||
setup.py | ||
test-requirements-py3.txt | ||
test-requirements.txt | ||
tox.ini |
README.rst
OpenStack Keystone
Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.
Developer documentation, the source of which is in
doc/source/
, is published at:
The API specification is available at:
The API documentation is available at:
The canonical client library is available at:
Documentation for cloud administrators is available at:
The source of documentation for cloud administrators is available at:
Information about our team meeting is available at:
Bugs and feature requests are tracked on Launchpad at:
Future design work is tracked at:
Contributors are encouraged to join IRC
(#openstack-keystone
on freenode):
For information on contributing to Keystone, see
CONTRIBUTING.rst
.