Go to file

gtema c3c6d9854c Fix implied roles in the application credentials

When user requests new application credentials without specifying roles
explicitly all current roles from the token are being used for that
(including implied roles).
When new application credentials are requested specifying a role that
implies another role (i.e. member) only that role is added into the
list. This is not what is expected, so change it by looping through
every requested role and add every implied role into the list if it is
not already there.

Related-Bug: https://bugs.launchpad.net/keystone/+bug/2030061

Change-Id: I452313ac7e1e6960748bcd1e667fb7c0076eb7a2

2024-07-15 15:09:41 +02:00

api-ref/source

Merge "Replace CRLF by LF"

2024-03-29 17:24:57 +00:00

config-generator

Move policy generator config to config-generator/

2017-04-21 21:47:32 +00:00

devstack

Run Secure RBAC tests as project-admin

2024-04-02 20:56:48 -05:00

doc

Merge "Improve configuration of out-of-tree identity drivers"

2024-07-12 18:16:30 +00:00

etc

Deprecate templated catalog driver

2024-03-13 22:09:30 +09:00

examples/pki

Remove support for PKI and PKIz tokens

2016-11-01 22:05:01 +00:00

httpd

Remove admin interface in sample Apache file

2018-03-24 12:56:02 +01:00

keystone

Fix implied roles in the application credentials

2024-07-15 15:09:41 +02:00

keystone_tempest_plugin

Replace git.openstack.org URLs with opendev.org URLs

2019-04-24 11:51:00 +08:00

playbooks

Add FIPS check job

2021-08-04 14:25:06 -04:00

rally-jobs

fix rally docs url

2018-05-21 16:24:51 +08:00

releasenotes

Merge "Improve configuration of out-of-tree identity drivers"

2024-07-12 18:16:30 +00:00

tools

Drop remaining references to eventlet options

2024-01-27 21:02:14 +09:00

.coveragerc

Change ignore-errors to ignore_errors

2015-09-21 14:27:58 +00:00

.gitignore

Tell reno to ignore the kilo branch

2020-02-21 13:51:02 -05:00

.gitreview

OpenDev Migration Patch

2019-04-19 19:30:29 +00:00

.mailmap

update mailmap with gyee's new email

2015-11-03 16:12:01 -08:00

.stestr.conf

Migrate to stestr

2017-09-22 11:07:09 -05:00

.zuul.yaml

Merge "Remove SQLAlchemy tips jobs"

2024-06-28 17:14:38 +00:00

bindep.txt

Fix bindep.txt for python 3.11 job(Debian Bookworm)

2023-11-29 12:41:29 +09:00

CONTRIBUTING.rst

Use https for docs.openstack.org references

2017-01-30 16:05:08 -08:00

HACKING.rst

Merge "Update links in keystone"

2017-10-06 16:10:56 +00:00

LICENSE

Added Apache 2.0 License information.

2012-02-15 17:48:33 -08:00

README.rst

Moving IRC network reference to OFTC

2021-07-16 13:58:33 +00:00

reno.yaml

Update regex to detect closed branch

2024-03-13 19:27:16 +09:00

requirements.txt

Remove dependency on pytz

2024-06-10 09:14:41 +00:00

setup.cfg

Drop unused pymongodb from requirements

2024-02-04 15:04:55 +00:00

setup.py

Cleanup py27 support

2020-04-08 08:37:30 +02:00

test-requirements.txt

Remove dependency on pytz

2024-06-10 09:14:41 +00:00

tox.ini

Drop unused pymongodb from requirements

2024-02-04 15:04:55 +00:00

README.rst

OpenStack Keystone

OpenStack Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://docs.openstack.org/api-ref/identity

The canonical client library is available at:

https://opendev.org/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://opendev.org/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Release notes is available at:

https://docs.openstack.org/releasenotes/keystone

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on OFTC):

https://wiki.openstack.org/wiki/IRC

Source for the project:

https://opendev.org/openstack/keystone

For information on contributing to Keystone, see CONTRIBUTING.rst.