OpenStack Identity (Keystone)
Go to file
Morgan Fainberg 9b052e4c05 Register exceptions with a Flask Error Handler
Exceptions are now handled in the Flask APP instead of in the
legacy webob Application code (at this point that code was living
in the URL Normalizing Middleware). All Keystone API exceptions
(derived from keystone.exception.Error) are automatically
registered on definition with the
keystone.exception.KEYSTONE_API_EXCEPTIONS set. This set is
processed once the app is created in keystone.server.application
to the flask-friendly handler.

TypeError and generic Exception are registered to an explicit
error handler that converts TypeError to ValidationError (BAD_REQUEST)
and all other Exceptions to UnexpectedError (INTERNAL SERVER ERROR).
These exceptions are then emitted in a "jsonify-ed" manner to the
client.

Two other minor changes were required:

* Unenforced API decorator had it's core functionality split into
  a dedicated function that can be called in the case of an error
  being raised in a "before_request" function (such as validation
  in the JSON Body before request func.

* The JSON Body before request func now explicitly sets the
  api to "unenforced_ok" if it is raising an exception. This
  prevents the flask "was this API enforced" assertion from failing
  because @unenforced_api was never run (the ValidationError was
  raised prior to the resource's method being called).

Change-Id: I0d0ef6a774eb86b4769238ed34d7703232ce86c3
Partial-Bug: #1776504
2018-10-11 15:27:46 -07:00
api-ref/source Merge "Update response codes for authentication API reference" 2018-10-09 00:56:08 +00:00
config-generator Move policy generator config to config-generator/ 2017-04-21 21:47:32 +00:00
devstack Only upload SP metadata to testshib.org if IDP id is testshib 2018-07-05 15:18:29 +00:00
doc Merge "Docs: Remove the TokenAuth middleware" 2018-10-08 08:36:08 +00:00
etc Add policy for limit model protection 2018-06-19 20:27:00 +08:00
examples/pki Remove support for PKI and PKIz tokens 2016-11-01 22:05:01 +00:00
httpd Remove admin interface in sample Apache file 2018-03-24 12:56:02 +01:00
keystone Register exceptions with a Flask Error Handler 2018-10-11 15:27:46 -07:00
keystone_tempest_plugin Remove the local tempest plugin 2017-06-06 11:48:37 +00:00
playbooks/legacy/keystone-dsvm-grenade-multinode Convert legacy functional jobs to Zuul-v3-native 2018-09-26 20:09:49 +02:00
rally-jobs fix rally docs url 2018-05-21 16:24:51 +08:00
releasenotes Enable foreign keys for unit test 2018-10-09 09:50:21 +08:00
tools Increase MySQL max_connections for unit tests 2018-01-30 23:49:04 +01:00
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:27:58 +00:00
.gitignore Ignore .eggs dir as well 2018-07-04 12:39:20 +00:00
.gitreview Add .gitreview config file for gerrit. 2011-10-24 14:48:03 -04:00
.mailmap update mailmap with gyee's new email 2015-11-03 16:12:01 -08:00
.stestr.conf Migrate to stestr 2017-09-22 11:07:09 -05:00
.zuul.yaml Replace openSUSE experimental check with newer version 2018-10-10 17:58:44 +02:00
CONTRIBUTING.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
HACKING.rst Merge "Update links in keystone" 2017-10-06 16:10:56 +00:00
LICENSE Added Apache 2.0 License information. 2012-02-15 17:48:33 -08:00
README.rst Add release notes link to README 2018-06-12 15:30:45 +08:00
babel.cfg setting up babel for i18n work 2012-06-21 18:03:09 -07:00
bindep.txt Move use of constraints out of install_cmd 2018-09-12 03:54:38 +00:00
lower-constraints.txt Move use of constraints out of install_cmd 2018-09-12 03:54:38 +00:00
requirements.txt Move use of constraints out of install_cmd 2018-09-12 03:54:38 +00:00
setup.cfg Replace JSON Body middleware with flask-native func 2018-10-11 15:27:46 -07:00
setup.py Updated from global requirements 2017-03-06 01:10:37 +00:00
test-requirements.txt Follow the new PTI for document build 2018-04-09 01:13:58 +09:00
tox.ini Move use of constraints out of install_cmd 2018-09-12 03:54:38 +00:00

README.rst

Team and repository tags

image

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://developer.openstack.org/api-ref/identity

The canonical client library is available at:

https://git.openstack.org/cgit/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://git.openstack.org/cgit/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Release notes is available at:

https://docs.openstack.org/releasenotes/keystone

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.