openstack
/
keystone
Code Issues Proposed changes
OpenStack Identity (Keystone)
12,260 Commits 9 Branches 40 Tags 231 MiB
Python 99.5%
Shell 0.5%
Go to file
Jorge Munoz 8eb29c37d1 Validate disabled domains and projects online 
Keystone's performance degrades as the `revocation_event` table grows
in size. This patch reduces the total number of events written to the
table by not persisting events when a domain or project is disabled.

The main reason for persisting a revocation event when a project or
domain is disabled is to make sure tokens associated to those targets
are considered invalid. Instead of relying on revocation events, we
can check if the project or domain is enabled when we validate the
token. We take the same approach when we validate a user's role
assignments instead of relying on an ever-growing database table.

Co-Authored-By: Lance Bragstad <lbragstad@gmail.com>

Closes-Bug: 1524030
Change-Id: I76330567e0df2d9f2af88ef9b6b98b8c379e7406
 		2017-11-27 23:06:10 +00:00
api-ref/source Merge "Two different API achieve listing role assignments" 2017-11-13 15:58:49 +00:00
config-generator Move policy generator config to config-generator/ 2017-04-21 21:47:32 +00:00
devstack Update links in keystone 2017-09-12 15:18:13 +08:00
doc Remove apache-httpd related link 2017-11-23 14:05:17 +08:00
etc policy.v3cloudsample.json: remove redundant blank space 2017-10-23 18:57:26 +08:00
examples/pki Remove support for PKI and PKIz tokens 2016-11-01 22:05:01 +00:00
httpd Remove apache-httpd related link 2017-11-23 14:05:17 +08:00
keystone Validate disabled domains and projects online 2017-11-27 23:06:10 +00:00
keystone_tempest_plugin Remove the local tempest plugin 2017-06-06 11:48:37 +00:00
rally-jobs [rally] remove deprecated arg 2015-10-29 16:34:58 +02:00
releasenotes Validate disabled domains and projects online 2017-11-27 23:06:10 +00:00
tools Use ostestr instead of the custom pretty_tox.sh 2017-02-09 16:03:59 +01:00
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:27:58 +00:00
.gitignore Migrate to stestr 2017-09-22 11:07:09 -05:00
.gitreview Add .gitreview config file for gerrit. 2011-10-24 14:48:03 -04:00
.mailmap update mailmap with gyee's new email 2015-11-03 16:12:01 -08:00
.stestr.conf Migrate to stestr 2017-09-22 11:07:09 -05:00
.zuul.yaml Add non-voting rolling upgrade test 2017-10-25 10:34:21 +00:00
CONTRIBUTING.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
HACKING.rst Merge "Update links in keystone" 2017-10-06 16:10:56 +00:00
LICENSE Added Apache 2.0 License information. 2012-02-15 17:48:33 -08:00
README.rst Update API reference link in README 2017-09-14 14:07:09 -06:00
babel.cfg setting up babel for i18n work 2012-06-21 18:03:09 -07:00
bindep.txt Differentiate between dpkg and rpm for libssl-dev 2017-03-31 11:27:25 -04:00
requirements.txt Updated from global requirements 2017-11-16 11:06:56 +00:00
setup.cfg Add default configuration files to data_files 2017-09-21 13:53:41 +01:00
setup.py Updated from global requirements 2017-03-06 01:10:37 +00:00
test-requirements.txt Updated from global requirements 2017-11-16 11:06:56 +00:00
tox.ini Use stestr directly instead of ostestr 2017-09-29 20:35:13 +00:00

README.rst

Team and repository tags

image

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://developer.openstack.org/api-ref/identity

The canonical client library is available at:

https://git.openstack.org/cgit/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://git.openstack.org/cgit/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.