9b052e4c05
Exceptions are now handled in the Flask APP instead of in the legacy webob Application code (at this point that code was living in the URL Normalizing Middleware). All Keystone API exceptions (derived from keystone.exception.Error) are automatically registered on definition with the keystone.exception.KEYSTONE_API_EXCEPTIONS set. This set is processed once the app is created in keystone.server.application to the flask-friendly handler. TypeError and generic Exception are registered to an explicit error handler that converts TypeError to ValidationError (BAD_REQUEST) and all other Exceptions to UnexpectedError (INTERNAL SERVER ERROR). These exceptions are then emitted in a "jsonify-ed" manner to the client. Two other minor changes were required: * Unenforced API decorator had it's core functionality split into a dedicated function that can be called in the case of an error being raised in a "before_request" function (such as validation in the JSON Body before request func. * The JSON Body before request func now explicitly sets the api to "unenforced_ok" if it is raising an exception. This prevents the flask "was this API enforced" assertion from failing because @unenforced_api was never run (the ValidationError was raised prior to the resource's method being called). Change-Id: I0d0ef6a774eb86b4769238ed34d7703232ce86c3 Partial-Bug: #1776504 |
||
---|---|---|
api-ref/source | ||
config-generator | ||
devstack | ||
doc | ||
etc | ||
examples/pki | ||
httpd | ||
keystone | ||
keystone_tempest_plugin | ||
playbooks/legacy/keystone-dsvm-grenade-multinode | ||
rally-jobs | ||
releasenotes | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.stestr.conf | ||
.zuul.yaml | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
README.rst | ||
babel.cfg | ||
bindep.txt | ||
lower-constraints.txt | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
OpenStack Keystone
Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.
Developer documentation, the source of which is in
doc/source/
, is published at:
The API reference and documentation are available at:
The canonical client library is available at:
https://git.openstack.org/cgit/openstack/python-keystoneclient
Documentation for cloud administrators is available at:
The source of documentation for cloud administrators is available at:
Information about our team meeting is available at:
Release notes is available at:
Bugs and feature requests are tracked on Launchpad at:
Future design work is tracked at:
Contributors are encouraged to join IRC
(#openstack-keystone
on freenode):
For information on contributing to Keystone, see
CONTRIBUTING.rst
.