Go to file

Steve Martinelli ef48072d94 Fix cloud_admin rule and ensure only project tokens can be cloud admin

The current rule fails to load with oslo.policy, the correct
value used to determine the admin project for the cloud_admin should
simply be: `is_admin_project:True`, since that is what is stored
in oslo.context.

This problem was masking a more serious issue that domain admin tokens
could be misinterpreted as cloud admin tokens.

Change-Id: I3ea562c01e06e6c519fdaec3ab6e1dac204ced71
Closes-Bug: 1547684
Closes-Bug: 1651989

2016-12-23 09:31:08 +00:00

api-ref/source

Merge "[api] set is_admin_project on tokens for admin project"

2016-12-21 13:12:29 +00:00

config-generator

Remove eventlet support

2016-04-18 18:07:28 +00:00

devstack

Settings for test cases

2016-12-20 09:07:09 -03:00

doc

Merge "[doc] point release note docs to project team guide"

2016-12-22 01:24:15 +00:00

etc

Fix cloud_admin rule and ensure only project tokens can be cloud admin

2016-12-23 09:31:08 +00:00

examples/pki

Remove support for PKI and PKIz tokens

2016-11-01 22:05:01 +00:00

httpd

remove httpd/keystone.py

2016-09-21 22:35:52 -04:00

keystone

Fix cloud_admin rule and ensure only project tokens can be cloud admin

2016-12-23 09:31:08 +00:00

keystone_tempest_plugin

Validate mapping exists when creating/updating a protocol

2016-10-20 19:12:04 +00:00

rally-jobs

[rally] remove deprecated arg

2015-10-29 16:34:58 +02:00

releasenotes

Fix cloud_admin rule and ensure only project tokens can be cloud admin

2016-12-23 09:31:08 +00:00

tools

Correct missspellings of secret

2016-12-08 13:25:05 +00:00

.coveragerc

Change ignore-errors to ignore_errors

2015-09-21 14:27:58 +00:00

.gitignore

Migrate identity /v3 docs from api-ref repo

2016-05-24 09:58:23 -03:00

.gitreview

Add .gitreview config file for gerrit.

2011-10-24 14:48:03 -04:00

.mailmap

update mailmap with gyee's new email

2015-11-03 16:12:01 -08:00

.testr.conf

Stop using oslotest.BaseTestCase

2016-03-01 21:44:20 +00:00

babel.cfg

setting up babel for i18n work

2012-06-21 18:03:09 -07:00

bindep.txt

Move other-requirements.txt to bindep.txt

2016-08-12 20:53:45 +02:00

CONTRIBUTING.rst

Workflow documentation is now in infra-manual

2015-05-16 14:55:07 +00:00

HACKING.rst

Use oslo.log instead of incubator

2015-02-14 05:34:52 +00:00

LICENSE

Added Apache 2.0 License information.

2012-02-15 17:48:33 -08:00

README.rst

Show team and repo badges on README

2016-11-25 16:44:54 +01:00

requirements.txt

Updated from global requirements

2016-12-17 21:31:28 +00:00

setup.cfg

Remove entry_points to non-existent drivers

2016-11-16 23:38:25 -08:00

setup.py

Updated from global requirements

2015-09-17 12:12:39 +00:00

test-requirements.txt

Updated from global requirements

2016-12-02 05:06:03 +00:00

tox.ini

Remove support for PKI and PKIz tokens

2016-11-01 22:05:01 +00:00

README.rst

Team and repository tags

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

http://docs.openstack.org/developer/keystone/

The API specification and documentation are available at:

http://specs.openstack.org/openstack/keystone-specs/

The canonical client library is available at:

https://git.openstack.org/cgit/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

http://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://git.openstack.org/cgit/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

http://specs.openstack.org/openstack/keystone-specs/#identity-program-specifications

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.