Go to file

Lance Bragstad 65cb669e78 Make system tokens work with domain-specific drivers

When calling certain group or user APIs, keystone logic would attempt
to figure out the domain to scope responses to. This was specific to
enabling domain-specific driver support, where each domain is backed
by a different identity store. This functionality is turned off by
default. Since system-scoped tokens are not associated to a domain
(unlike project-scoped tokens or domain-scoped tokens), the logic to
determine a domain from a system-scoped token was breaking and
returning an erroneous HTTP 401 Unauthorized when system users
attempted to list users or groups.

This commit adds support for domain detection with system-scoped
tokens.

Conflicts:
      keystone/server/flask/common.py

This backport has conflicts with keystone/server/flask/common.py due to
the ``token_ref`` variable being renamed to ``token``. This conflict is
resolved by continuing to use the old name, but the change is
functionally equivalent to what was proposed to all other branches.

This backport modifies the unit test to use the pre-flask-compatible
self.admin_request method instead of flask's test_client() context
manager.

Change-Id: I8f0f7a623a1741f461493d872849fae7ef3e8077
Closes-Bug: 1843609
(cherry picked from commit 8f43b9cab0)
(cherry picked from commit 417d2c0e6e)

2019-10-22 16:56:09 -07:00

api-ref/source

Update 3.10 versioning to limits and system scope

2018-02-21 20:14:15 +00:00

config-generator

Move policy generator config to config-generator/

2017-04-21 21:47:32 +00:00

devstack

Update links in keystone

2017-09-12 15:18:13 +08:00

doc

Replace openstack.org git:// URLs with https://

2019-03-24 20:33:59 +00:00

etc

Update sample configuration file for Queens

2018-02-06 21:19:35 +00:00

examples/pki

Remove support for PKI and PKIz tokens

2016-11-01 22:05:01 +00:00

httpd

Remove apache-httpd related link

2017-11-23 14:05:17 +08:00

keystone

Make system tokens work with domain-specific drivers

2019-10-22 16:56:09 -07:00

keystone_tempest_plugin

Remove the local tempest plugin

2017-06-06 11:48:37 +00:00

playbooks/legacy

OpenDev Migration Patch

2019-04-19 19:30:42 +00:00

rally-jobs

[rally] remove deprecated arg

2015-10-29 16:34:58 +02:00

releasenotes

Make system tokens work with domain-specific drivers

2019-10-22 16:56:09 -07:00

tools

Increase MySQL max_connections for unit tests

2018-01-30 23:49:04 +01:00

.coveragerc

Change ignore-errors to ignore_errors

2015-09-21 14:27:58 +00:00

.gitignore

Migrate to stestr

2017-09-22 11:07:09 -05:00

.gitreview

OpenDev Migration Patch

2019-04-19 19:30:42 +00:00

.mailmap

update mailmap with gyee's new email

2015-11-03 16:12:01 -08:00

.stestr.conf

Migrate to stestr

2017-09-22 11:07:09 -05:00

.zuul.yaml

Import LDAP job into project

2019-10-17 09:14:49 -07:00

babel.cfg

setting up babel for i18n work

2012-06-21 18:03:09 -07:00

bindep.txt

Differentiate between dpkg and rpm for libssl-dev

2017-03-31 11:27:25 -04:00

CONTRIBUTING.rst

Use https for docs.openstack.org references

2017-01-30 16:05:08 -08:00

HACKING.rst

Merge "Update links in keystone"

2017-10-06 16:10:56 +00:00

LICENSE

Added Apache 2.0 License information.

2012-02-15 17:48:33 -08:00

README.rst

Update API reference link in README

2017-09-14 14:07:09 -06:00

requirements.txt

Updated from global requirements

2018-01-17 20:36:58 +00:00

setup.cfg

Cap bandit

2019-08-22 08:31:02 +02:00

setup.py

Updated from global requirements

2017-03-06 01:10:37 +00:00

test-requirements.txt

Updated from global requirements

2018-01-17 20:36:58 +00:00

tox.ini

Update UPPER_CONSTRAINTS_FILE for stable/queens

2018-02-09 15:26:07 +00:00

README.rst

Team and repository tags

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://developer.openstack.org/api-ref/identity

The canonical client library is available at:

https://git.openstack.org/cgit/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://git.openstack.org/cgit/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.