openstack/keystone
Code Issues Proposed changes
OpenStack Identity (Keystone)
14,321 Commits 10 Branches 45 Tags 235 MiB
Python 99.5%
Shell 0.5%
c4d6097788
Go to file
Colleen Murphy c4d6097788 Drop project.id foreign keys 
In 2bd88d30 we added a new column domain_id to the user table to
deduplicate the domain_id columns in the local_user and nonlocal_user
tables, and at that point made the user.domain_id column a foreign key
referencing the project.id column. This is a problem that led to
3d46c8a5 in which we removed the ability for the resource driver to be
pluggable, since we had linked two sql backends together and made them
reliant on one another.

This commit removes the foreign key constraint from the user table and
the identity_provider table. For the user table, the sqlalchemy model
never reflected this schema so we don't need to change the model. For
the identity_provider table, we need to update the model. In both cases,
we already enforce, at the manager layer, the constraint that the
domain_id needs to reference a real domain ID[1][2], so we do not need
to rely on this constraint at the database layer.

[1] 43142e4470/keystone/identity/core.py (L935)
[2] 43142e4470/keystone/federation/core.py (L73-L77)

Partial-bug: #1672713

Change-Id: I7c068e350811e22622d1f1e7d8b0a55d4d7cab11
2019-10-11 14:12:57 -07:00
api-ref/source Add default roles and scope checking to project tags 2019-09-19 02:48:39 +00:00
config-generator Move policy generator config to config-generator/ 2017-04-21 21:47:32 +00:00
devstack Added keystone identity provider installation to Devstack plugin 2019-03-19 11:22:38 -04:00
doc Update token definitions 2019-10-04 19:41:10 +00:00
etc Remove policy.v3cloudsample.json 2019-10-02 20:26:05 +00:00
examples/pki Remove support for PKI and PKIz tokens 2016-11-01 22:05:01 +00:00
httpd Remove admin interface in sample Apache file 2018-03-24 12:56:02 +01:00
keystone Drop project.id foreign keys 2019-10-11 14:12:57 -07:00
keystone_tempest_plugin Replace git.openstack.org URLs with opendev.org URLs 2019-04-24 11:51:00 +08:00
playbooks/legacy/keystone-dsvm-grenade-multinode OpenDev Migration Patch 2019-04-19 19:30:29 +00:00
rally-jobs fix rally docs url 2018-05-21 16:24:51 +08:00
releasenotes Drop project.id foreign keys 2019-10-11 14:12:57 -07:00
tools Fix E731 flake8 2019-06-19 17:40:01 +05:30
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:27:58 +00:00
.gitignore Ignore .eggs dir as well 2018-07-04 12:39:20 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:30:29 +00:00
.mailmap update mailmap with gyee's new email 2015-11-03 16:12:01 -08:00
.stestr.conf Migrate to stestr 2017-09-22 11:07:09 -05:00
.zuul.yaml Readjust job timeouts 2019-09-19 15:41:25 -07:00
babel.cfg setting up babel for i18n work 2012-06-21 18:03:09 -07:00
bindep.txt Fix bindep for SUSE 2019-02-14 16:50:33 +01:00
CONTRIBUTING.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
HACKING.rst Merge "Update links in keystone" 2017-10-06 16:10:56 +00:00
LICENSE Added Apache 2.0 License information. 2012-02-15 17:48:33 -08:00
lower-constraints.txt Add access rules to token validation 2019-09-14 03:14:36 -07:00
README.rst Update api-ref location 2019-07-23 06:53:33 +02:00
requirements.txt Add access rules to token validation 2019-09-14 03:14:36 -07:00
setup.cfg Revert "Add JSON driver for access rules config" 2019-05-28 08:38:42 -07:00
setup.py Updated from global requirements 2017-03-06 01:10:37 +00:00
test-requirements.txt Use pycodestyle in place of pep8 2018-11-20 17:16:01 +00:00
tox.ini Split protection unit tests into its own job 2019-09-16 10:56:42 -07:00

README.rst

Team and repository tags

image

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://docs.openstack.org/api-ref/identity

The canonical client library is available at:

https://opendev.org/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://opendev.org/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Release notes is available at:

https://docs.openstack.org/releasenotes/keystone

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.