commit fdbad9f530ea4478d96437b021c9b5cc6d338901
Author: Nathan Kinder <email address hidden>
Date: Wed Oct 15 16:21:01 2014 -0700
Restrict certain APIs to cloud admin in domain-aware policy
Some of the APIs in the domain-aware policy file are currently
allowed by any "admin" user, when they should really be locked
down to the cloud admin. Without this, users who are a project
admin will be allowed to do things like manage regions, IdPs,
and other objects that they should not be allowed to touch.
commit 7e1289244ec95a086152229b72ebe83cbcb5a1ea
Author: Steve Martinelli <email address hidden>
Date: Sat Oct 4 00:54:00 2014 -0400
Use importutils from oslo.utils
Rather than sync'ing with oslo-incubator, let's use the library
oslo.utils instead, we already import it anyway.
We can't remove importutils under keystone/openstack/common/
because it's still used by other common functions.
commit faa6aed1a8ece2e5c67f3d9d678f989de89a50c9
Author: Steve Martinelli <email address hidden>
Date: Sat Oct 4 01:33:35 2014 -0400
Use jsonutils from oslo.serialization
Rather than sync'ing with oslo-incubator, let's use the library
oslo.serialization instead.
We can't remove jsonutils under keystone/openstack/common/
because it's still used by other common functions.
Use openstackclient examples in configuration documentation
We should start encouraging the use of openstackclient in the
Keystone documentation. However, maintain some references to
keystoneclient's CLI for backwards compatability purposes.
wrong logic in assertValidRoleAssignmentListResponse method
According to current logic, we always use the last of entities to
compare with ref. And, actually, we provide another method
assertRoleAssignmentInListResponse to judge whether the ref in the
list. So, the ref parameter could be removed.
Reviewed: https:/ /review. openstack. org/129376 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=6f806bdc9b5 8206ecccf29f79d f1257e737e9f5b hierarchical- multitenancy
Committed: https:/
Submitter: Jenkins
Branch: feature/
commit fdbad9f530ea447 8d96437b021c9b5 cc6d338901
Author: Nathan Kinder <email address hidden>
Date: Wed Oct 15 16:21:01 2014 -0700
Restrict certain APIs to cloud admin in domain-aware policy
Some of the APIs in the domain-aware policy file are currently
allowed by any "admin" user, when they should really be locked
down to the cloud admin. Without this, users who are a project
admin will be allowed to do things like manage regions, IdPs,
and other objects that they should not be allowed to touch.
Change-Id: Ifca8bc2fffd2d8 c1bf02373d1fadd 459a77f836c
Closes-bug: #1381809
commit 062786bc53533ed f78a24e35688d71 83c0b57175
Author: Brad Topol <email address hidden>
Date: Mon Sep 8 11:28:02 2014 -0500
Clean up federated identity audit code
Change-Id: I110eb40c83f1de 25bff9215b04902 69f5941316a
commit 1056f9abfb283ab b083538b7588a00 6c1b242d1b
Author: wanghong <email address hidden>
Date: Thu Oct 9 15:39:27 2014 +0800
obsolete deployment docs
Now we use 'database' section instead, but the doc does not synchronize.
Change-Id: Ie73ec8225ce129 0a4b8fdbb5b9db4 c566b5ada22
Closes-Bug: #1377101
commit 1b2fc1e10469bf5 ff97b8a825ba404 dd8f602320
Author: David Stanek <email address hidden>
Date: Thu Sep 4 17:59:58 2014 +0000
Fixes a spelling error in hacking tests
bp more-code- style-automatio n
Change-Id: I9159aba128415d 6e3a1f9ee9147c7 cba19abeffe
commit 2520502724c549f b7ad846203ed60e b86c21aed3
Author: OpenStack Proposal Bot <email address hidden>
Date: Tue Oct 7 19:12:29 2014 +0000
Updated from global requirements
Change-Id: If2d591bba11999 8e41f109f4099ba 4147821171e
commit 8af522af96c4bc0 f6d0f7de48f6433 fd19115d54
Author: Henry Nash <email address hidden>
Date: Tue Oct 7 10:01:47 2014 +0100
Remove deprecated KVS trust backend.
The trust backend is one of the KVS backends that was marked as
deprecated, for removal in Kilo. This patch removes it.
Partially implements: bp removed-as-of-kilo
Change-Id: Ib67cd33419d09e 219d90ab8c50d37 5964a12640c
commit a96b20238919037 837156e238e708a bff415cade
Author: Steve Martinelli <email address hidden>
Date: Fri Sep 26 14:40:22 2014 -0400
Add v3 openstackclient CLI examples
Add some notes about authenticating with v3 keystone and ient. Also add some examples that don't exist in v2.0,
openstackcl
like domains and groups.
Change-Id: I92f9f9ab3ed465 7f0771ad284ee6c 4c613eca27c
commit 495b44ae0ed3e69 e21022ccfc9e2d6 7ba4d0a97e
Author: Steve Martinelli <email address hidden>
Date: Thu Sep 25 12:08:15 2014 -0400
Update the CLI examples to also use openstackclient
In the CLI example section, use openstackclient examples and
keystoneclient examples.
Change-Id: Ia13730fbac5900 998993c56d9a792 b392a1ba3ac
commit 4f9add8029de5f9 463b9bd9ca4f933 f1be79c021
Author: Steve Martinelli <email address hidden>
Date: Sat Oct 4 02:32:49 2014 -0400
Replace an instance of keystone/ openstack/ common/ timeutils
There was an instance of timeutils from the sycn'ed code in: contrib/ federation/ idp.py, we should replace is with
keystone/
oslo.utils.
Change-Id: I5a208903d6810d 8f2d43fc710874f 6d8463e2150
commit 7e1289244ec95a0 86152229b72ebe8 3cbcb5a1ea
Author: Steve Martinelli <email address hidden>
Date: Sat Oct 4 00:54:00 2014 -0400
Use importutils from oslo.utils
Rather than sync'ing with oslo-incubator, let's use the library openstack/ common/
oslo.utils instead, we already import it anyway.
We can't remove importutils under keystone/
because it's still used by other common functions.
Change-Id: I0a8c2de0fa9209 0a3631a2d30cc31 1059d021eae
commit faa6aed1a8ece2e 5c67f3d9d678f98 9de89a50c9
Author: Steve Martinelli <email address hidden>
Date: Sat Oct 4 01:33:35 2014 -0400
Use jsonutils from oslo.serialization
Rather than sync'ing with oslo-incubator, let's use the library serialization instead. openstack/ common/
oslo.
We can't remove jsonutils under keystone/
because it's still used by other common functions.
Change-Id: Ic3e8d621616dd1 cf14ac144640589 6f2dc61288b
commit 6683d96821229ed dc634be7a396c4c a018f3e53b
Author: Steve Martinelli <email address hidden>
Date: Thu Sep 25 01:40:16 2014 -0400
Update 'Configuring Services' documentation
These docs are sorely out of date; are littered with references be-depreated keystone CLI.
to tenants, and reference the soon-to-
Change-Id: Idaa360446d9a0b 797044c277f2247 58505375650
commit 081eb90d722725f 05beff6d8dfb350 4004a0dcc4
Author: Steve Martinelli <email address hidden>
Date: Fri Sep 26 00:58:00 2014 -0400
Use openstackclient examples in configuration documentation
We should start encouraging the use of openstackclient in the ent's CLI for backwards compatability purposes.
Keystone documentation. However, maintain some references to
keystonecli
Change-Id: I16fa302c2cd5bf 3592725ef7f3ef6 c5ba6e83354
commit 1ea9d50a2c828a3 eb976e458659008 a5461b1418
Author: Steve Martinelli <email address hidden>
Date: Thu Oct 2 12:57:20 2014 -0400
Remove deprecated TemplatedCatalog class
Use keystone. catalog. backends. templated. Catalog instead
implements bp removed-as-of-kilo
Change-Id: I0415852991e504 677d1d1a81740c7 2f0bd8fc8bb
commit 78b49fdc302ac38 5b9c94a09a4b866 433bf5d1e0
Author: Steve Martinelli <email address hidden>
Date: Wed Oct 1 21:30:45 2014 -0400
Add an XML code directive to a shibboleth example
By using the code directive the doc generated adds some basic
syntax highlighting, making it much easier to read.
Change-Id: I865085b833dbeb a841a4de9111167 d5e7aafba98
commit d7b52931aeef06e da6ec774f6cc349 7836b14899
Author: Dolph Mathews <email address hidden>
Date: Wed Oct 1 21:18:25 2014 +0000
revise docs on default _member_ role
Closes-Bug: 1330132 304191dfa5e34e5 6122c11cd68
Change-Id: I3d9647ee6e537b
commit 897cfb18ad1cdb5 f169d452178295c afd5ae9e8f
Author: wanghong <email address hidden>
Date: Fri Sep 5 15:13:02 2014 +0800
wrong logic in assertValidRole AssignmentListR esponse method
According to current logic, we always use the last of entities to ssignmentInList Response to judge whether the ref in the
compare with ref. And, actually, we provide another method
assertRoleA
list. So, the ref parameter could be removed.
Change-Id: I3f8786baa6964c 0f17add2d669aa7 36732698ea7
commit bdc0f68210a29e7 ad02734d11fb88e 5c31930cd8
Author: Lance Bragstad <email address hidden>
Date: Fri Sep 26 15:31:24 2014 +0000
Address some late comments for memcache clients
This change addresses some late comments from the following review: /review. openstack. org/#/c/ 119452/ 31
https:/
Change-Id: I031620f9085ff9 14aa9b99c21387f 953b6ada171
Related-Bug: #1360446
commit 15e0c974fe92ca0 06832da458807db e7b55dd76b
Author: Brant Knudson <email address hidden>
Date: Sat Sep 13 14:10:45 2014 -0500
Refactor FakeLdap to share delete code
FakeLdap is changed to implement delete_s using delete_ext_s.
Change-Id: Ibf63f6e13da830 b57a9f7ea5b9689 d52d7bdf690
commit 2bf29998942071d 656361455e3d75c 17ea513cb7
Author: Brant Knudson <email address hidden>
Date: Sat Sep 13 14:19:23 2014 -0500
Fix fakeldap search_s documentation
FakeLdap's search_s documentation said it only supported base and
subtree, but it also supports onelevel.
Change-Id: I7536855d5a94a5 d570e993be1a1e3 da92ddd9e0f
commit d20cb633506913b b7c6ecb57400bb7 4dc7b579a8
Author: David Stanek <email address hidden>
Date: Thu Aug 14 19:30:28 2014 +0000
Updates package comment to be more accurate.
Change-Id: I980b9fb37516f5 775f11a01d93e82 d5349b8850a
commit 81c52ce5446ee6b 7602fb1c38b812a 096a4e116a
Author: Brant Knudson <email address hidden>
Date: Sun Sep 7 15:41:17 2014 -0500
Add testcase for coverage of 002_add_ endpoint_ groups
There wasn't unit test coverage for (keystone.contrib. filter. migrate_ repo.versions. 002_add_ endpoint_ groups) .
endpoint_
Change-Id: I902ff28a82a964 f19835d2b16e465 01e45fb1371