lp://staging/~openstack-ubuntu-testing/keystone/precise-essex-proposed
- Get this branch:
- bzr branch lp://staging/~openstack-ubuntu-testing/keystone/precise-essex-proposed
Branch merges
- Ubuntu Server Developers: Pending requested
-
Diff: 13 lines (+6/-0)1 file modifieddebian/changelog (+6/-0)
Related bugs
Related blueprints
Branch information
Recent revisions
- 140. By Yolanda Robla
-
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (c17a9992):
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (CVE-2012-5571)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(CVE-2012-3542)
* Dropped, superseeded by new snapshot:
- debian/patches/ CVE-2012- 4413.patch [58ac669]
- debian/patches/ CVE-2012- 5571.patch [8735009]
- debian/patches/ CVE-2012- 3542.patch [5438d3b]
* SECURITY UPDATE: fix for EC2-style credentials invalidation
- debian/patches/ CVE-2012- 5571.patch: adjust contrib/ec2/core.py to verify
that the user is in at least one valid role for the tenant
- CVE-2012-5571
- LP: #1064914
* SECURITY UPDATE: Pre-existing tokens continue to be valid after
granting or revoking a user's access (LP: #1041396)
- debian/patches/ keystone- CVE-2012- 4413.patch: invalidate all user
tokens upon role grant/revoke
- CVE-2012-4413
* SECURITY UPDATE: tenants are able to be added to users without
authorization (LP: #1040626)
- debian/patches/ keystone- CVE-2012- 3542: require authz to update a
user's tenant.
- CVE-2012-3542 - 138. By Yolanda Robla
-
Resynchronize with stable/essex (c17a9992) LP: #1089488:
modified changelog to add LP bug number - 137. By Yolanda Robla
-
* Dropped patches, applied upstream:
- debian/patches/ CVE-2012- 5571.patch: adjust contrib/ec2/core.py to verify
that the user is in at least one valid role for the tenant
- debian/patches/ keystone- CVE-2012- 4413.patch: invalidate all user
tokens upon role grant/revoke
- debian/patches/ keystone- CVE-2012- 3542: require authz to update a
user's tenant.
* Resynchronize with stable/essex (c17a9992):
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens
- [5438d3b] Update user's default tenant partially succeeds without authz - 136. By Yolanda Robla
-
* Resynchronize with stable/essex (c17a9992):
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (LP: #1064914)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
(LP: #1041396)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(LP: #1040626)
* SECURITY UPDATE: fix for EC2-style credentials invalidation
- debian/patches/ CVE-2012- 5571.patch: adjust contrib/ec2/core.py to verify
that the user is in at least one valid role for the tenant
- CVE-2012-5571
- LP: #1064914
* SECURITY UPDATE: Pre-existing tokens continue to be valid after
granting or revoking a user's access (LP: #1041396)
- debian/patches/ keystone- CVE-2012- 4413.patch: invalidate all user
tokens upon role grant/revoke
- CVE-2012-4413
* SECURITY UPDATE: tenants are able to be added to users without
authorization (LP: #1040626)
- debian/patches/ keystone- CVE-2012- 3542: require authz to update a
user's tenant.
- CVE-2012-3542
* Automated Ubuntu testing build:
* [7d08d12] Remove tenant membership during user deletion
* Automated Ubuntu testing build:
* [aa542c4] Add a _ at the end of reseller_prefix default.
* [89e8dc0] Add support to swift_auth for tokenless authz
* [4314ae6] additional logging to support debugging auth issue
* [bc153d5] Fixed misc errors in configuration.rst
* [ada4021] don't duplicate the extra dict in extra
* [1b7aa15] Raise keystone.exception for HTTP 401 (bug 962563)
* [b1336b0] Validate object refs (return 404 instead of 500)
* [d9959d8] tenant-crud 404 (bug 963056)
* [b56e326] role-crud 404 (bug 963056)
* [8037722] Improve swift_auth test coverage + Minor fixes
* [1904228] Check values for EC2.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [7abe0aa] S3 tokens cleanups.
* [1904228] Check values for EC2.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [9feb000] Fix critical typo in endpoint_create (bug 961412)
* [94904e4] Rename tokenauth to authtoken.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [d61aeda] unique role name constraint
* [53b3d44] Add test for swift middleware.
* [3a296a4] Spring cleaning, fix PEP8 violations.
* [94904e4] Rename tokenauth to authtoken.
* [80c7936] pass the arguments in when starting keystone-all
* [3e4653a] fix keystone-all's usage of options vs conf
* [009d661] Wrapped unexpected exceptions (bug 955411)
* [5d07cdf] Changing belongsTo validation back to ID
* [6f8752b] Clean up sql connection args
* [ee57716] Improved file logging example (bug 959610)
* [2324247] Swift middleware doc update.
* [193374a] Fixes LP #954089 - Service list templated catalog
* [2146119] Remove nova-specific middlewares
* [239e4f6] Add check for MAX_PASSWORD_LENGTH to utils.
* [2c6a232] Remove glance_auth_token middleware
* [e677327] Support PyPAM in pam backend, update to latest API
* [773f0f8] Fix default port for identity.internalURL
* [00a2392] Installing keystone docs
* [678dcad] Refactor keystone.common. logging use (bug 948224)
* [e7bb737] Add automatically generated code docs.
* [9363d5f] Properly return 501 for unsupported Catalog calls
* [56e4103] docstring cleanup to remove sphinx warnings
* [d2c6e88] Raising unauthorized instead of 500 (bug 954547)
* [f8cbd61] sample_data.sh: check file paths for packaged
installations
* [6f2c858] Update get_metadata to return {}
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [ab6be05] Update username -> name in token response.
* [f4915af] Allow connect to another tenant.
* [a1e0174] Update docs for keystone client cli args
* [d2c6e88] Raising unauthorized instead of 500 (bug 954547)
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [b03c204] updating documentation for rewrite of auth_token.
* [5b3e05b] added LDAP section to architecture and architecture
* Automated Ubuntu testing build:
* [dc41cb5] Failing to update tenants (bug 953678, bug 954673)
* Automated Ubuntu testing build:
* [5b3e05b] added LDAP section to architecture and architecture
* Automated Ubuntu testing build:
* [e65a22c] Bug #943031 MySQL Server has gone away added docnotes of
error messages caught for mysql and reference
* [73af033] Improved legacy tenancy resolution (bug 951933)
* Automated Ubuntu testing build:
* [dee8153] making all use of time follow datetime.utcnow() fixes bug
954057
* [73af033] Improved legacy tenancy resolution (bug 951933)
* Automated Ubuntu testing build:
* [1e07b98] Fix iso8601 import/use and date comparaison.
* Automated Ubuntu testing build:
* [a036b3f] Fix double-quoted service names
* [0c3c27c] Fixes the cli documentation of user/tenant/roles
* Automated Ubuntu testing build:
* [1b64c84] Remove Nova Diablo reference from migrate docs
* [0c3c27c] Fixes the cli documentation of user/tenant/roles
* [2f4fb46] create service endpoints in sample data
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [a863c13] Add simple set of tests for auth_token middleware
* [259d938] enables run_test option to skip integration
* [48f2c7d] Add AUTHORS to the tarball.
* Automated Ubuntu testing build:
* [d6631d8] update documention on changing user password
* [259d938] enables run_test option to skip integration
* [48f2c7d] Add AUTHORS to the tarball.
* [94abc7e] Make sure we have a port number before int it.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [b5c8b3a] Add token caching via memcache.
* Automated Ubuntu testing build:
* [e05bc6a] Diablo to Essex migration docs (bug 934328)
* Automated Ubuntu testing build:
* [5720730] Added license header (bug 929663)
* [303a10b] Fix EC2 credentials crud after policy backend change
* [524cbd5] add more default catalog templates
* Automated Ubuntu testing build:
* [a2f2274] port common policy code to keystone
* [e422567] rename belongs_to to belongsTo as per the API spec.
* [5c6bccf] fixes lp#949648 change belongsTo validate to name
* [a7472f1] HTTP_AUTHORIZATION was used in proxy mode
* [71aa1db] fix Nova Volume Service in sample data
* [a2f2274] port common policy code to keystone [71aa1db] fix Nova
Volume Service in sample data [524cbd5] add more default catalog
templates
* No change rebuild.
* [e422567] rename belongs_to to belongsTo as per the API spec.
[a7472f1] HTTP_AUTHORIZATION was used in proxy mode
* No change rebuild.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* [5c6bccf] fixes lp#949648 change belongsTo validate to name
[d0429ea] Make bind host configurable [989d62f] Improve
auth_str_equal(). [5c7f3cf] Set default identity driver to sql (bug
934332)
* No change rebuild.
* No change rebuild.
* [98170a7] fixes bug lp#948439 belongs_to and serviceCatalog behavior
* removing belongs_to as a kwarg and getting from the context *
adding a serviceCatalog for belongs_to calls to tokens * adding test
to validate belongs_to behavior in tokens
* [d0429ea] Make bind host configurable [fd4e961] Isolating backtraces
to DEBUG (bug 947060)
* [ec35ea8] Fix coverage jobs for Jenkins. [fd4e961] Isolating
backtraces to DEBUG (bug 947060)
* No change rebuild.
* [b68051c] Renamed sqlite files (bug 944951) [e8fb989] Add reseller
admin capability. [460c3f3] Remove trailing whitespaces in regular
file [bc34635] LDAP get_user_by_name
* No change rebuild.
* No change rebuild.
* [fad1a38] updating readme to point to developer setup docs * fixes
bug 945274 [dd35d2a] standardize ldap and related tests
* No change rebuild.
* No change rebuild.
* [b698855] Added missing import (bug 944905) [dd35d2a] standardize
ldap and related tests
* debian/keystone. preinst: Create group *before* user
* [ea4999d] add git commit date / sha1 to sphinx html docs [33e6c29]
improve auth_token middleware [fc63c5d] Add service accounts to
sample_data.sh
* [845a0de] gitignore follow up for docs/ rename [33e6c29] improve
auth_token middleware [fc63c5d] Add service accounts to
sample_data.sh [f8ba5af] Align with project configs.
* [a6105f7] Fixes doc typo s/SERVIVE/SERVICE/ [cfb996d] Align tox jobs
with project standards.
* [1c24191] Use constant time string comparisons for auth. [49586bd]
fix pep8 [1c5f3e2] GET /v2.0 (bug 930321) [cfb996d] Align tox jobs
with project standards. [a7c8e2a] Provide request to
Middleware.process_ response( )
* No change rebuild.
* No change rebuild.
* [834b931] Unpythonic code in redux in auth_token.py
* [49586bd] fix pep8
* [83df210] LDAP member defaults
* [089f53a] Handle KeyError in _get_admin_auth_token.
* [5816542] renaming pip-requires-test to test-requires
* [9581809] Add Vary header (bug 928057) [6c60d6c] Set tenantName to
'admin' in get_admin_auth_token.
* [37d223e] Implement a Catalog SQL backend
* [6c60d6c] Set tenantName to 'admin' in get_admin_auth_token.
* [63437e9] LDAP Identity backend [cdac09e] Support unicode in the
keystone database. [33a13b7] Add HEAD /tokens/{token_id} (bug
933587)
* No change rebuild.
* [071f6b3] Implements extension discovery (bug 928054) [cdac09e]
Support unicode in the keystone database. [c2142af] fleshing out
architecture docs
* [2124890] XML de/serialization (bug 928058) [e23ecc6] Update
auth_token middleware so it sets X_USER_ID.
* [c2142af] fleshing out architecture docs
* [e23ecc6] Update auth_token middleware so it sets X_USER_ID.
* [b4d35d6] Adds AUTHORS file generated from git log (and de-
duplicated). [7530b8e] The default nova compute port is 8774.
[c4411c1] Fix case of admin role in middleware. [1395bb4] Fix
MANIFEST.in to include missing files [09a64dd] Create
tools/sample_ data.sh [036b990] Backslash continuations (Keystone)
[510061e] Removing broken & redundant code (bug 933555)
* No change rebuild.
* [8465ef1] Remove extraneous _validate_claims() arg. [1f119bc] Use
cfg's new print_help() method [762b461] Remove cfg dict mixin
[e5a3e09] Update cfg from openstack-common [e6a23e3] fix the style
guide to match the code
* No change rebuild.
* [baedc45] Correct config name for max_pool_size.
* [d679baf] Move cfg to keystone.openstack. common
* [45d6aa1] Fix copyright dates and remove duplicate Apache licenses.
[de3ad7a] Add migration path for Nova auth [13dfd21] Fix thinko in
keystone-all sys.path hack
* [83c7933] some additional style bits [de3ad7a] Add migration path
for Nova auth [13dfd21] Fix thinko in keystone-all sys.path hack
Ignore sqlite.db files [43c8bbc] Removing unused imports from
keystone.cli [fb4f379] Update docs for Swift and S3 middlewares.
* No change rebuild.
* [08a3060] Re-adds admin_pass/user to auth_tok middleware. [77c11b2]
Implements admin logic for tenant_list call. [73f22e1] Implemented
get_tenant_users. Fixed bug 933721. [43c8bbc] Removing unused
imports from keystone.cli [fb4f379] Update docs for Swift and S3
middlewares.
* [c233b44] cli now returns an exit status cmd is invalid. [77c11b2]
Implements admin logic for tenant_list call. [73f22e1] Implemented
get_tenant_users. Fixed bug 933721. [43c8bbc] Removing unused
imports from keystone.cli [460504f] Remove data_files section from
setup.py. [1143802] Update Manifest.in [9246e04] fixes #934459
* No change rebuild.
* [faf6866] Set include_package_ data=True in setup.py. [460504f]
Remove data_files section from setup.py. [1143802] Update
Manifest.in [2feb519] Add migrate.cfg to data_files in setup.py
Admin version pipeline not utilized (bug 925548) [546f952] Fix
logging.config import [8712abb] backport some asserts [892ba0f]
remove pycli [02ef19a] Adds missing argument to add_user_to_tenant
in create_user. [e238427] Fixes a failure caused by a recent change
to user update in the client. [3093980] remove executable bit from
setup.py [484dc24] Raising 'NotImplmented' results in TypeError
[8d7189f] Added Apache 2.0 License information. [90068b0] Add docs
on keystone_old -> ksl migration [71436db] Add token expiration
add catalog export [e1a9a1f] Handle unicode keys in memcache token
backend [ed793ad] make sure passwords work after migration [b409629]
add legacy diablo import tests [48f2f65] change password hash
[aa2656c] add essex test as well [700a397] add sql for import legacy
tests [63adca3] add import legacy cli command [eb5a939] add
migration from legacy db [de8c958] remove keystoneclient-based
manage commands [9f03722] Remove executable bit from auth_token.py
[6c5c964] Update swift token middleware. [af28360] Add s3_token.
[0e775d6] Add pagination to GET /tokens [79faa28] Fixes role
checking for admin check [d049c19] Fix webob exceptions in
test_middlware [363a5d6] Add tests for core middleware [9028f32] Add
version description to root path [2c18314] Add TokenNotFound
exception [ae55fdc] remove diablo tests, they aren't doing much
[e5ffa74] Fix largest memory leak in ksl tests [05b2583] Add
memcache token backend [c64a12f] Friendly JSON exceptions (bug
928061, bug 928062) [26655dc] Fix comment on bcrypt and avoid hard-
coding 29 as the salt length [c680d7c] Add SQL token backend
[6013dd8] Add content-type to responses [9528060] Cope with unicode
passwords or None [a3d21f0] Add auth checks to ec2 credential crud
operations [51eda01] termie all the things [f9a8827] example in
hacking was incorrect [f0f8dde] Ensures duplicate users and tenants
can't be made [3efce6d] make pip requires match nova [aed78aa] fixes
lp:925721 adds .gitreview for redux branch [fabad5a] remove
novaclient, fix python syntax [fa5b2e4] We don't need all the deps
to check pep8. [9dadf01] remove extra line [b6a142d] Make ec2 auth
actually work [62a92c4] fixing grammar, noting broken enable, adding
hacking with prefs for project [e0afc0d] Removed unused reference
[fca3e9c] adding a token service Driver to define the interface
[6a5c524] Added support for DELETE /tokens/{token_id} [cc37127] ran
through all commands to verify keywords against current (master)
keystonelight [32ff03b] updating docs: [4f651ba] updating tox.ini
with test pip requirements [446b268] use our own logging module
[433e7db] minor docstring update for new locations [0027f90] Missed
one more keystone-server. [69bb042] Renamed keystone-server to
keystone-all based on comments in LP: #910484. [40525e0] be more
safe with getting json aprams [a703983] skip the two tests where
testing code is failing [3cfea52] accept POST or PUT for tenant
update [09bd758] deal with reparsing the config files [37e1c5c]
don't automatically parse sys.argv for cfg [0b34e5f] deal with tags
in git checkout [6fd68e1] fix keystoneclient tests [c6e30eb] add
tests for essex and fix the testing framework [2d2ce8c] Update
docs/source/ developing. rst [ec89d4e] Change the name of keystone to
keystone-server so the binaries dont conflict with python-
keystoneclient. [3da6575] Normalize build files with current
jenkins. [fc3de24] Use gerrit instead of github [cf3f671] Fix pep8
violations. [666a2b8] Add .gitreview file. [8d695b8] removing unused
images, cleaning up RST in docstrings from sphinx warnings [d961f7c]
pep8 cleanup [9d7d898] shifting contents from _static to static
[d1f4ddc] adding in testing details [22c3f80] moved notes from
README.rst into docs/architecture.rst [ef8b8f1] updating formating
for configuration page [1908a2d] format tweaks and moving old docs
[fec7598] shifting older docs into old/ directory [e643f23] doc
updates [6b38e3c] moving in all the original docs from keystone
fixing up PIP requirements for testing and virtualenv [103fc87]
indents. [3974760] Make it as a subclass. [d6d56e4] fix style and
termie's comments about comments [726b5ad] invalid params for
roles.delete [d5443e2] initial stab at requiring adminness [b1cd214]
Simplify code. [1efee11] add tests that auth with tenant user isn't
member of [fcea15d] Add s3tokens validation. [d4f2bf5] add a bunch
of basic tests for the cli [608b9a2] remove this useless catalog
[de6a98a] move cli code into a module for testing [a6a6124] allow
class names to be different from attr names [f5dbc98] add ec2
credentials to the cli [51a2c18] fix middleware [4899210] bcrypt the
passwords [e344821] fix token vs auth_token [9f0bb49] some quick
fixes to cli, tests incoming [aaf75e9] fix pep8 [e4a00e0] fix some
more pass-by-reference bugs [da4f955] strip password before checking
output [8ad8d88] flip actual and expected to match common api
[8ffee09] don't allow disabled users to authenticate [5a8a8ae] turn
off echo [2ebb89b] fix invalid_password, skip ec2 tests [57b24dd]
strip password from sql backend [3cce41e] raise and catch correct
authenticate error [c59370e] rely on internal _get_user for update
calls [36a0190] strip password from kvs backend [86dad07] fix
user_get/user_ list tests [28760bd] removing the sphinx_build from
setup.py, adding how to run the docs into the README [f943977] ec2
docs [269159f] simple docstrings for ec2 crud [d8ddc07] get docs
working [ea78b2e] some cli improvements [c83bcb1] add checks for no
password attribute [2a91b1c] users with correct credentials but
disabled are forbidden not unauthorized [f40198d] shimming in basics
from original keystone [3d2bb3a] test login fails with invalid
password or disabled user [ffeb0e5] doctry [0df93eb] use
token_client in token tests [71faa9f] remove duplicate pycli from
pip-requires [ecabdd1] fix ec2 sql config [21cfcfc] get_client lets
you send user and tenant [cbc1558] update how user is specified in
tests [c1fe998] rename ec2 tests to be more explicit [e567fb9] use
the sql backend for ec2 tests [88b0a4b] more failing ec2 tests
[f28a03c] add METADATA for boo [7b4c26d] add (failing) tests for
scoping ec2 crud [781feaf] add some docs that got overwritten last
night [89c378c] fix pep8 [f226234] update tests [fc79bbe] update
some names [e2f04f2] fix some imports [ff6af1f] split up sql
backends too [308a766] split up the services and kvs backends
[909012a] establish basic structure [f0e3e7f] add docs for various
service managers [94f78a3] expect sphinx sources to be autogenned
[bf7e6fb] some tiny docs [e129d5f] fix sphinx [198d168] testing rst
on github [67d4a7c] updating dependencies for ksl [e75f7be] needed
to do more for cli opts [76c45b4] make a main in keystone-manage
[3c10e73] fix pep8 error [9d04ee9] rename apidoc to autodoc
[53ec23a] Fix typo [f16a262] return to starting directory after git
work [44c6b69] spacing [1418925] tests for ec2 crud [dae746d] add
keystoneclient expected format [a0c7c7c] add sql backend, too
[afd897f] add an ec2 extension [2ed9759] update readme [8c33e66] re-
indent [c233dc2] re-indent [bd974c9] re-indent [9ab0a42] re-indent
kvs.py [9d7c5c0] re-indent test.py [6a48676] remove models.py
[7b0f71b] add some docs to manager [deab5c4] dynamic manager classes
for now [1bd1349] add a couple more tests [8ea6e8f] add some more
todos [be52a5e] strip newlines [2a31259] TODO [2d6b348] add role
refs to validate token [aea09bd] fix token auth [c25155a] check for
membership [4ae246d] flush that sht [61ecf60] add more middleware
[ef1a474] fixing WatchedFileHandler [c830305] logging to debugging
by default for now [2723439] add a noop controller [cd37b05] woops
[52da891] add glance middleware ?? [47908a4] add legacy middleware
[ec85749] fix setup.py [d230857] adding #vim to file with changed
indent [230a003] add id-only flag to return IDs [5961430] rename ks
to keystone-manage [d940dc4] fixing imports for syslog handlers and
gettext [c3c05cb] adding gettext [393aedb] adding logging from
configuration files, default logging per common [6540120] cli using
keystoneclient [732909a] add a db_sync command to bin/ks, remove
others [3c88b7f] merge test and default configs [2c60c7f] adding
project to keystone config to find default config files [1d6334d]
some more config in bin/keystone [74170ee] in the bin config too
keystone_compat -> service [75e781a] remove keystone from names,
remove service [51df8b1] remove default configuration [8f46af0]
basic service running again [2340dee] rename extras to metadata
[8362442] version number in setup.py [a84930a] add basic sphinx doc
bits [1967545] remove references to keystone light [763013c]
renaming keystonelight to keystone [13ec79b] keystoneclient tests
working against sql backend [4b4ada2] run all teh keystoneclient
tests against sql too [0f6a9a7] move everything over to the default
config [feadf75] config system overhaul [829a96b] add nova's cfg
framework [8fdcb69] fix pep8 [c8ed28c] missed a file [6495d41] most
tests working again [119808d] still wip, got migration mostly
working [775b8ed] get the sql ball rolling, still wip [b766165] add
sql backend, WIP [9691c0f] tweaking for running regular tests in
jenkins [205a7b9] finished up services stuff [ebe158f] add the
various role tests [5c89972] add list users [46943c5] get user tests
working [ff15e5f] get endpoints test working [c6d6d43] get
tenant_add_and_ remove_ user test working [94e9d6b] tenant test
working again [e396650] copy over the os-ksadm extension [23c6f49]
example crud extension for create_tenant [63c7934] get some tests
working again [0e7f06d] merge fixes [30a1146] fixup [c5b1b6f] Made
tests use both service and admin endpoints [2fb294f] All tests but
create_tenant pass [f2a9c51] Split keystone compat by admin and
service endpoints [3eb2adf] Added broken tests to show compatibility
gaps [4b55fa5] Split keystone compat by admin and service endpoints
[909770d] move novaclient tests over also [9e8ec25] clean up
test_identity_api [2e1558e] clean up keystoneclient setup [32aa1de]
add role crud [a32c73c] speed up tests [8425eab] add basic fixture
functionality [7541ed4] documentation driven development [b4eba62]
novaclient now requires prettytable [26a4cde] whitespace [5ff67d7]
whitespace [82f6445] make create_tenant work for keystone api
[29e1336] common ks client creation [5e4a877] updating of docs
[e4428dc] working on a tenant_create test [99f81d5] standardize
spacing [a0d0669] novaclient uses password instead of apikey
[b42859f] update to use the correct repo for python-novaclient
[cad238d] fix tenant auth tests [91f2097] add an example for
capability rbac [e5d1050] make readme use code style [860aa86] add
the policy code [63943c9] describe and add a policy backend
[d820917] policty stub [834301a] re-indent [b0733ca] change array
syntax [3479575] updates to make compatible with middleware
handle unscoped requests [20bebd9] adjust default port [17e03b8]
move noop to identity controller [9024351] allow setting user_id on
create [776a159] users require a name [c8b28b5] pep8 [8eea6b3]
update test conf too [1335e4c] cli for adding users, tenants, extras
[9d99821] adjust paths and use composite apps [2545907] add tests
for extras [3ab9d87] add tenant crud [f8e6fae] oops, forgot update
in crud [7035e4a] add crud tests [54f32f9] add crud tests [d0009db]
add crud tests [8ff5606] add test for create user and get user
[2c7770f] add test for create user and get user [2d15482] re-indent
identity.py [9105935] don't pep8 swp files [e8f72ed] accept data as
kwargs for crud [adbbe01] use the keystone app in the conf [6c84c1b]
reorg [f2e73bc] re-indent service.py [e10512b] more dyanmic client
update service to middleware in confs [d7f364e] move around
middleware [716c450] make a composite app [59c2dea] add crud methods
to identity manager [570b08d] cli beginnings [64b369f] add admin
port [4885d4a] add an etc dir [cd712b2] add a default handler for /
[8ae627a] add a stubby setup.py [3117b41] use paste for the binary
[3d79099] add a trivial admin-only middleware [8fd8220] update
keystone sample tests, skip one [3212101] add crud info to readme
[44a07fd] get novaclient tests working [3439a77] add novaclient,
intermediate [2bc4376] add run_tests.sh and pep8 stuff [d17e1cf]
remove italics on Light [29e4e54] modify requirements [6cb7e6c] link
diagrams [002ae33] whitespace [344d21c] added catalog tests
[f86bf25] added tests for tokens [3f0137a] test the other methods
too [912c222] add some tests and get others to pass [4c8a5ac] add
some failing tests [b514897] add a default conf [4b48845] minor
whitespace cleanup [f8ec4f6] add some todo [d3cc798] add example
authenticate and tenants working [2f2465e] working authenticate in
keystoneclient [3caf2a8] remove test_keystone_compat' s catalog tests
[4ba33be] add templated catalog backend [2ac753e] everything but the
catalog [583e3c9] get a checkout of keystoneclient [d920d84]
authenticate working, too [ba4913f] base tests on keystone-
diablo/stable [a98b2ed] get tenants passing, yay [f886ab9] flow
working, added debugging [06944e8] add context to calls [ef9f039]
move diagram into docs dir [7427b1a] refactor keystone compat and
add catalog service [c8d4e88] added sequence diagrams for keystone
compat [50d64c3] getting closer, need to match api now [35ec297]
tests running through, still failing [a200e50] add a test client
[03b75a5] added a test, need to get it working now [a328b99] working
with dashboard [8cd7f5c] add get_tenants [9a0ec99] rudimentary login
working [158dfba] most bits working [419c2cb] initial
* No change rebuild.
* [9452cf0] Fixes bug 924391
* [bfe9abe] Fix "KeyError: 'service-header- mappings' " [9858e08]
Removes nova middleware and config from keystone [1ea4e4f] Added
keystone-manage list_role_grants (bug 923933)
* No change rebuild.
* No change rebuild.
* [f76477c] Update auth_token middleware to support creds.
* [d2e6f63] Added shortcut for id=NULL queries (bug 916386) [a86a661]
Removing __init__ from non-packages (bug 921054) [fd36f1f] add
instructions for setting up a devenv on openSUSE 11.4 and 12.1
[2e73dfa] Documented race condition (bug 921634)
* No change rebuild.
* No change rebuild.
* [2efd311] Test coverage for issue described in bug 919335 [fd36f1f]
add instructions for setting up a devenv on openSUSE 11.4 and 12.1
* [a86a661] Removing __init__ from non-packages (bug 921054) [053345c]
Forgot to update models (bug 885426) [9e9e7f0] Updating example
glance paste config.
* [d1a3c5f] Fix race in TestCreateTokenCommand (bug 921634) [053345c]
Forgot to update models (bug 885426) [9e9e7f0] Updating example
glance paste config.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* [b1581a1] Migrated 'enabled' int columns to bool for postgres (bug
885426) [b207a49] Return Version and Tenant in Endpoints
* [8c6e606] Updated bp keystone-configuration for bp keystone-manage2
* [b207a49] Return Version and Tenant in Endpoints
* [23c396d] Updated error message for keystone-manage2
* [e2f8607] Added: "UserWithPassword" Added: "UserWithOnlyEnabled"
Removed: "UserWithOnlyPassword" [b680202] Fix for bug 921126
* No change rebuild.
* [2dbb2a6] Update Extended Credentials (EC2, S3) [ef6c133] Release
Notes for E3 [5ce7e70] Restore Console Info Logging - bp keystone-
logging
* No change rebuild.
* No change rebuild.
* [027782a] Adds keystone auth-n/auth-z for Swift S3 API.
* [5b8682f] Implement cfg.py
* [28dac45] Implement Secure Token Auth [5f69fbb] Fixed: Inserting
URLs into endpoint version attr
* [92462c8] Suppressed backtraces in tests causes sweaty eyes
* [5f69fbb] Fixed: Inserting URLs into endpoint version attr
* [45b3636] Addresses bug 918608
* [f2726df] Added Vary header to support caching (bug 913895)
[6362857] Handle EC2 Credentials on /tokens
* No change rebuild.
* [95fb6d1] Implemented subparsers (bp keystone-manage2)
* [9e1e113] Fixed PEP8 violations and disallowed them
* [8b3df32] Implemented bp keystone-manage2
* [8c98285] Fixes 918535: time not properly parsed in auth_token
middleware [1b44286] fix bug lp:843064
* [159757c] Use dateutil 1.5 [1b44286] fix bug lp:843064
* [70e5a00] Prestage fix - fixed requirement name; python-dateutil,
not dateutil [7c0529f] Bug #916199: keystone-manage service list
fails with AttributeError on Service.description [3d08211] Fix LDAP
Schema Syntax (bug 904380)
* [2d18686] Pre-staging pip requires [7681a01] Exception raise error
[e03ff6e] Updates to middleware to deprecate X_USER [3d08211] Fix
LDAP Schema Syntax (bug 904380)
* [7c0529f] Bug #916199: keystone-manage service list fails with
AttributeError on Service.description [e03ff6e] Updates to
middleware to deprecate X_USER [3d08211] Fix LDAP Schema Syntax (bug
904380)
* [7681a01] Exception raise error [eedd271] Revert "Exception raise
error" [fa95e14] Bug #915544: keystone-manage version 1 commands
broken when using flags
* [e03ff6e] Updates to middleware to deprecate X_USER [fa95e14] Bug
#915544: keystone-manage version 1 commands broken when using flags
* [eedd271] Revert "Exception raise error" [fa95e14] Bug #915544:
keystone-manage version 1 commands broken when using flags
* No change rebuild.
* [45c62a8] Exception raise error [ee617f4] Fix minor typo [3f70358]
Add 'tenants' to Auth & Validate Response [1c2708f] Fixed Test
Coverage Handling [73525ac] Adding prettytable dependency [105b908]
Front-end logging [870c1aa] Implement Role Model [876e309] xsd fixes
[82852a7] Added decorators for admin and service_admin checks
[2e3ee14] Initial keystone-manage rewrite (bp keystone-manage2)
[fe74938] Correct endpoint template URLs in docs.
* No change rebuild.
* debian/patches/ temp_fix_ keystone_ manage. patch: Update
* No change rebuild.
* debian/patches/ temp_fix_ keystone_ manage. patch: Temp. patch to get moving during sprint
* No change rebuild.
* [0762754] Show useful traceback if manage command fails [3f70358]
Add 'tenants' to Auth & Validate Response [1c2708f] Fixed Test
Coverage Handling
* [ee617f4] Fix minor typo
* [73525ac] Adding prettytable dependency [105b908] Front-end logging
[870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
decorators for admin and service_admin checks [2e3ee14] Initial
keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
endpoint template URLs in docs.
* [73525ac] Adding prettytable dependency [105b908] Front-end logging
[870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
decorators for admin and service_admin checks [2e3ee14] Initial
keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
endpoint template URLs in docs.
* [105b908] Front-end logging [870c1aa] Implement Role Model [876e309]
xsd fixes [82852a7] Added decorators for admin and service_admin
checks [2e3ee14] Initial keystone-manage rewrite (bp keystone-
manage2) [fe74938] Correct endpoint template URLs in docs.
* [870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
decorators for admin and service_admin checks [2e3ee14] Initial
keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
endpoint template URLs in docs.
* [876e309] xsd fixes [82852a7] Added decorators for admin and
service_admin checks [2e3ee14] Initial keystone-manage rewrite (bp
keystone-manage2) [fe74938] Correct endpoint template URLs in docs.
* [82852a7] Added decorators for admin and service_admin checks
[2e3ee14] Initial keystone-manage rewrite (bp keystone-manage2)
[fe74938] Correct endpoint template URLs in docs.
* [82852a7] Added decorators for admin and service_admin checks
* debian/keystone. install: install tools/{ convert_ to_sqlite. sh,
sample_data.sh}
* debian/patches/ fix-ubuntu- tests.patch: Also skip keystoneclient
essex 3 tests, add patch description
* debian/keystone. logrotate: Add logrotate config (LP: #962426) - 135. By Yolanda Robla
-
[ Yolanda Robla ]
* Resynchronize with stable/essex (c17a9992):
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (LP: #1064914)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
(LP: #1041396)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(LP: #1040626)
* SECURITY UPDATE: fix for EC2-style credentials invalidation
- debian/patches/ CVE-2012- 5571.patch: adjust contrib/ec2/core.py to verify
that the user is in at least one valid role for the tenant
- CVE-2012-5571
- LP: #1064914
* SECURITY UPDATE: Pre-existing tokens continue to be valid after
granting or revoking a user's access (LP: #1041396)
- debian/patches/ keystone- CVE-2012- 4413.patch: invalidate all user
tokens upon role grant/revoke
- CVE-2012-4413
* SECURITY UPDATE: tenants are able to be added to users without
authorization (LP: #1040626)
- debian/patches/ keystone- CVE-2012- 3542: require authz to update a
user's tenant.
- CVE-2012-3542
* Automated Ubuntu testing build:
* [7d08d12] Remove tenant membership during user deletion
* Automated Ubuntu testing build:
* [aa542c4] Add a _ at the end of reseller_prefix default.
* [89e8dc0] Add support to swift_auth for tokenless authz
* [4314ae6] additional logging to support debugging auth issue
* [bc153d5] Fixed misc errors in configuration.rst
* [ada4021] don't duplicate the extra dict in extra
* [1b7aa15] Raise keystone.exception for HTTP 401 (bug 962563)
* [b1336b0] Validate object refs (return 404 instead of 500)
* [d9959d8] tenant-crud 404 (bug 963056)
* [b56e326] role-crud 404 (bug 963056)
* [8037722] Improve swift_auth test coverage + Minor fixes
* [1904228] Check values for EC2.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [7abe0aa] S3 tokens cleanups.
* [1904228] Check values for EC2.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [9feb000] Fix critical typo in endpoint_create (bug 961412)
* [94904e4] Rename tokenauth to authtoken.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [d61aeda] unique role name constraint
* [53b3d44] Add test for swift middleware.
* [3a296a4] Spring cleaning, fix PEP8 violations.
* [94904e4] Rename tokenauth to authtoken.
* [80c7936] pass the arguments in when starting keystone-all
* [3e4653a] fix keystone-all's usage of options vs conf
* [009d661] Wrapped unexpected exceptions (bug 955411)
* [5d07cdf] Changing belongsTo validation back to ID
* [6f8752b] Clean up sql connection args
* [ee57716] Improved file logging example (bug 959610)
* [2324247] Swift middleware doc update.
* [193374a] Fixes LP #954089 - Service list templated catalog
* [2146119] Remove nova-specific middlewares
* [239e4f6] Add check for MAX_PASSWORD_LENGTH to utils.
* [2c6a232] Remove glance_auth_token middleware
* [e677327] Support PyPAM in pam backend, update to latest API
* [773f0f8] Fix default port for identity.internalURL
* [00a2392] Installing keystone docs
* [678dcad] Refactor keystone.common. logging use (bug 948224)
* [e7bb737] Add automatically generated code docs.
* [9363d5f] Properly return 501 for unsupported Catalog calls
* [56e4103] docstring cleanup to remove sphinx warnings
* [d2c6e88] Raising unauthorized instead of 500 (bug 954547)
* [f8cbd61] sample_data.sh: check file paths for packaged
installations
* [6f2c858] Update get_metadata to return {}
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [ab6be05] Update username -> name in token response.
* [f4915af] Allow connect to another tenant.
* [a1e0174] Update docs for keystone client cli args
* [d2c6e88] Raising unauthorized instead of 500 (bug 954547)
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [b03c204] updating documentation for rewrite of auth_token.
* [5b3e05b] added LDAP section to architecture and architecture
* Automated Ubuntu testing build:
* [dc41cb5] Failing to update tenants (bug 953678, bug 954673)
* Automated Ubuntu testing build:
* [5b3e05b] added LDAP section to architecture and architecture
* Automated Ubuntu testing build:
* [e65a22c] Bug #943031 MySQL Server has gone away added docnotes of
error messages caught for mysql and reference
* [73af033] Improved legacy tenancy resolution (bug 951933)
* Automated Ubuntu testing build:
* [dee8153] making all use of time follow datetime.utcnow() fixes bug
954057
* [73af033] Improved legacy tenancy resolution (bug 951933)
* Automated Ubuntu testing build:
* [1e07b98] Fix iso8601 import/use and date comparaison.
* Automated Ubuntu testing build:
* [a036b3f] Fix double-quoted service names
* [0c3c27c] Fixes the cli documentation of user/tenant/roles
* Automated Ubuntu testing build:
* [1b64c84] Remove Nova Diablo reference from migrate docs
* [0c3c27c] Fixes the cli documentation of user/tenant/roles
* [2f4fb46] create service endpoints in sample data
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [a863c13] Add simple set of tests for auth_token middleware
* [259d938] enables run_test option to skip integration
* [48f2c7d] Add AUTHORS to the tarball.
* Automated Ubuntu testing build:
* [d6631d8] update documention on changing user password
* [259d938] enables run_test option to skip integration
* [48f2c7d] Add AUTHORS to the tarball.
* [94abc7e] Make sure we have a port number before int it.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [b5c8b3a] Add token caching via memcache.
* Automated Ubuntu testing build:
* [e05bc6a] Diablo to Essex migration docs (bug 934328)
* Automated Ubuntu testing build:
* [5720730] Added license header (bug 929663)
* [303a10b] Fix EC2 credentials crud after policy backend change
* [524cbd5] add more default catalog templates
* Automated Ubuntu testing build:
* [a2f2274] port common policy code to keystone
* [e422567] rename belongs_to to belongsTo as per the API spec.
* [5c6bccf] fixes lp#949648 change belongsTo validate to name
* [a7472f1] HTTP_AUTHORIZATION was used in proxy mode
* [71aa1db] fix Nova Volume Service in sample data
* [a2f2274] port common policy code to keystone [71aa1db] fix Nova
Volume Service in sample data [524cbd5] add more default catalog
templates
* No change rebuild.
* [e422567] rename belongs_to to belongsTo as per the API spec.
[a7472f1] HTTP_AUTHORIZATION was used in proxy mode
* No change rebuild.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* [5c6bccf] fixes lp#949648 change belongsTo validate to name
[d0429ea] Make bind host configurable [989d62f] Improve
auth_str_equal(). [5c7f3cf] Set default identity driver to sql (bug
934332)
* No change rebuild.
* No change rebuild.
* [98170a7] fixes bug lp#948439 belongs_to and serviceCatalog behavior
* removing belongs_to as a kwarg and getting from the context *
adding a serviceCatalog for belongs_to calls to tokens * adding test
to validate belongs_to behavior in tokens
* [d0429ea] Make bind host configurable [fd4e961] Isolating backtraces
to DEBUG (bug 947060)
* [ec35ea8] Fix coverage jobs for Jenkins. [fd4e961] Isolating
backtraces to DEBUG (bug 947060)
* No change rebuild.
* [b68051c] Renamed sqlite files (bug 944951) [e8fb989] Add reseller
admin capability. [460c3f3] Remove trailing whitespaces in regular
file [bc34635] LDAP get_user_by_name
* No change rebuild.
* No change rebuild.
* [fad1a38] updating readme to point to developer setup docs * fixes
bug 945274 [dd35d2a] standardize ldap and related tests
* No change rebuild.
* No change rebuild.
* [b698855] Added missing import (bug 944905) [dd35d2a] standardize
ldap and related tests
* debian/keystone. preinst: Create group *before* user
* [ea4999d] add git commit date / sha1 to sphinx html docs [33e6c29]
improve auth_token middleware [fc63c5d] Add service accounts to
sample_data.sh
* [845a0de] gitignore follow up for docs/ rename [33e6c29] improve
auth_token middleware [fc63c5d] Add service accounts to
sample_data.sh [f8ba5af] Align with project configs.
* [a6105f7] Fixes doc typo s/SERVIVE/SERVICE/ [cfb996d] Align tox jobs
with project standards.
* [1c24191] Use constant time string comparisons for auth. [49586bd]
fix pep8 [1c5f3e2] GET /v2.0 (bug 930321) [cfb996d] Align tox jobs
with project standards. [a7c8e2a] Provide request to
Middleware.process_ response( )
* No change rebuild.
* No change rebuild.
* [834b931] Unpythonic code in redux in auth_token.py
* [49586bd] fix pep8
* [83df210] LDAP member defaults
* [089f53a] Handle KeyError in _get_admin_auth_token.
* [5816542] renaming pip-requires-test to test-requires
* [9581809] Add Vary header (bug 928057) [6c60d6c] Set tenantName to
'admin' in get_admin_auth_token.
* [37d223e] Implement a Catalog SQL backend
* [6c60d6c] Set tenantName to 'admin' in get_admin_auth_token.
* [63437e9] LDAP Identity backend [cdac09e] Support unicode in the
keystone database. [33a13b7] Add HEAD /tokens/{token_id} (bug
933587)
* No change rebuild.
* [071f6b3] Implements extension discovery (bug 928054) [cdac09e]
Support unicode in the keystone database. [c2142af] fleshing out
architecture docs
* [2124890] XML de/serialization (bug 928058) [e23ecc6] Update
auth_token middleware so it sets X_USER_ID.
* [c2142af] fleshing out architecture docs
* [e23ecc6] Update auth_token middleware so it sets X_USER_ID.
* [b4d35d6] Adds AUTHORS file generated from git log (and de-
duplicated). [7530b8e] The default nova compute port is 8774.
[c4411c1] Fix case of admin role in middleware. [1395bb4] Fix
MANIFEST.in to include missing files [09a64dd] Create
tools/sample_ data.sh [036b990] Backslash continuations (Keystone)
[510061e] Removing broken & redundant code (bug 933555)
* No change rebuild.
* [8465ef1] Remove extraneous _validate_claims() arg. [1f119bc] Use
cfg's new print_help() method [762b461] Remove cfg dict mixin
[e5a3e09] Update cfg from openstack-common [e6a23e3] fix the style
guide to match the code
* No change rebuild.
* [baedc45] Correct config name for max_pool_size.
* [d679baf] Move cfg to keystone.openstack. common
* [45d6aa1] Fix copyright dates and remove duplicate Apache licenses.
[de3ad7a] Add migration path for Nova auth [13dfd21] Fix thinko in
keystone-all sys.path hack
* [83c7933] some additional style bits [de3ad7a] Add migration path
for Nova auth [13dfd21] Fix thinko in keystone-all sys.path hack
[015dd3d] Return HTTP 401 bad user/password is specified. [1746ea6]
Ignore sqlite.db files [43c8bbc] Removing unused imports from
keystone.cli [fb4f379] Update docs for Swift and S3 middlewares.
* No change rebuild.
* [08a3060] Re-adds admin_pass/user to auth_tok middleware. [77c11b2]
Implements admin logic for tenant_list call. [73f22e1] Implemented
get_tenant_users. Fixed bug 933721. [43c8bbc] Removing unused
imports from keystone.cli [fb4f379] Update docs for Swift and S3
middlewares.
* [c233b44] cli now returns an exit status cmd is invalid. [77c11b2]
Implements admin logic for tenant_list call. [73f22e1] Implemented
get_tenant_users. Fixed bug 933721. [43c8bbc] Removing unused
imports from keystone.cli [460504f] Remove data_files section from
setup.py. [1143802] Update Manifest.in [9246e04] fixes #934459
* No change rebuild.
* [faf6866] Set include_package_ data=True in setup.py. [460504f]
Remove data_files section from setup.py. [1143802] Update
Manifest.in [2feb519] Add migrate.cfg to data_files in setup.py
[6672acb] Should return 300 Multiple Choice (bug 925548) [dd382af]
Admin version pipeline not utilized (bug 925548) [546f952] Fix
logging.config import [8712abb] backport some asserts [892ba0f]
remove pycli [02ef19a] Adds missing argument to add_user_to_tenant
in create_user. [e238427] Fixes a failure caused by a recent change
to user update in the client. [3093980] remove executable bit from
setup.py [484dc24] Raising 'NotImplmented' results in TypeError
[8d7189f] Added Apache 2.0 License information. [90068b0] Add docs
on keystone_old -> ksl migration [71436db] Add token expiration
[448c641] Update docs to for current keystone-manage usage [27db5cb]
add catalog export [e1a9a1f] Handle unicode keys in memcache token
backend [ed793ad] make sure passwords work after migration [b409629]
add legacy diablo import tests [48f2f65] change password hash
[aa2656c] add essex test as well [700a397] add sql for import legacy
tests [63adca3] add import legacy cli command [eb5a939] add
migration from legacy db [de8c958] remove keystoneclient-based
manage commands [9f03722] Remove executable bit from auth_token.py
[6c5c964] Update swift token middleware. [af28360] Add s3_token.
[0e775d6] Add pagination to GET /tokens [79faa28] Fixes role
checking for admin check [d049c19] Fix webob exceptions in
test_middlware [363a5d6] Add tests for core middleware [9028f32] Add
version description to root path [2c18314] Add TokenNotFound
exception [ae55fdc] remove diablo tests, they aren't doing much
[e5ffa74] Fix largest memory leak in ksl tests [05b2583] Add
memcache token backend [c64a12f] Friendly JSON exceptions (bug
928061, bug 928062) [26655dc] Fix comment on bcrypt and avoid hard-
coding 29 as the salt length [c680d7c] Add SQL token backend
[6013dd8] Add content-type to responses [9528060] Cope with unicode
passwords or None [a3d21f0] Add auth checks to ec2 credential crud
operations [51eda01] termie all the things [f9a8827] example in
hacking was incorrect [f0f8dde] Ensures duplicate users and tenants
can't be made [3efce6d] make pip requires match nova [aed78aa] fixes
lp:925721 adds .gitreview for redux branch [fabad5a] remove
novaclient, fix python syntax [fa5b2e4] We don't need all the deps
to check pep8. [9dadf01] remove extra line [b6a142d] Make ec2 auth
actually work [62a92c4] fixing grammar, noting broken enable, adding
hacking with prefs for project [e0afc0d] Removed unused reference
[fca3e9c] adding a token service Driver to define the interface
[6a5c524] Added support for DELETE /tokens/{token_id} [cc37127] ran
through all commands to verify keywords against current (master)
keystonelight [32ff03b] updating docs: [4f651ba] updating tox.ini
with test pip requirements [446b268] use our own logging module
[433e7db] minor docstring update for new locations [0027f90] Missed
one more keystone-server. [69bb042] Renamed keystone-server to
keystone-all based on comments in LP: #910484. [40525e0] be more
safe with getting json aprams [a703983] skip the two tests where
testing code is failing [3cfea52] accept POST or PUT for tenant
update [09bd758] deal with reparsing the config files [37e1c5c]
don't automatically parse sys.argv for cfg [0b34e5f] deal with tags
in git checkout [6fd68e1] fix keystoneclient tests [c6e30eb] add
tests for essex and fix the testing framework [2d2ce8c] Update
docs/source/ developing. rst [ec89d4e] Change the name of keystone to
keystone-server so the binaries dont conflict with python-
keystoneclient. [3da6575] Normalize build files with current
jenkins. [fc3de24] Use gerrit instead of github [cf3f671] Fix pep8
violations. [666a2b8] Add .gitreview file. [8d695b8] removing unused
images, cleaning up RST in docstrings from sphinx warnings [d961f7c]
pep8 cleanup [9d7d898] shifting contents from _static to static
[d1f4ddc] adding in testing details [22c3f80] moved notes from
README.rst into docs/architecture.rst [ef8b8f1] updating formating
for configuration page [1908a2d] format tweaks and moving old docs
[fec7598] shifting older docs into old/ directory [e643f23] doc
updates [6b38e3c] moving in all the original docs from keystone
[68aa9cd] adding python keystoneclient to setup.py deps [080f523]
fixing up PIP requirements for testing and virtualenv [103fc87]
indents. [3974760] Make it as a subclass. [d6d56e4] fix style and
termie's comments about comments [726b5ad] invalid params for
roles.delete [d5443e2] initial stab at requiring adminness [b1cd214]
Simplify code. [1efee11] add tests that auth with tenant user isn't
member of [fcea15d] Add s3tokens validation. [d4f2bf5] add a bunch
of basic tests for the cli [608b9a2] remove this useless catalog
[de6a98a] move cli code into a module for testing [a6a6124] allow
class names to be different from attr names [f5dbc98] add ec2
credentials to the cli [51a2c18] fix middleware [4899210] bcrypt the
passwords [e344821] fix token vs auth_token [9f0bb49] some quick
fixes to cli, tests incoming [aaf75e9] fix pep8 [e4a00e0] fix some
more pass-by-reference bugs [da4f955] strip password before checking
output [8ad8d88] flip actual and expected to match common api
[8ffee09] don't allow disabled users to authenticate [5a8a8ae] turn
off echo [2ebb89b] fix invalid_password, skip ec2 tests [57b24dd]
strip password from sql backend [3cce41e] raise and catch correct
authenticate error [c59370e] rely on internal _get_user for update
calls [36a0190] strip password from kvs backend [86dad07] fix
user_get/user_ list tests [28760bd] removing the sphinx_build from
setup.py, adding how to run the docs into the README [f943977] ec2
docs [269159f] simple docstrings for ec2 crud [d8ddc07] get docs
working [ea78b2e] some cli improvements [c83bcb1] add checks for no
password attribute [2a91b1c] users with correct credentials but
disabled are forbidden not unauthorized [f40198d] shimming in basics
from original keystone [3d2bb3a] test login fails with invalid
password or disabled user [ffeb0e5] doctry [0df93eb] use
token_client in token tests [71faa9f] remove duplicate pycli from
pip-requires [ecabdd1] fix ec2 sql config [21cfcfc] get_client lets
you send user and tenant [cbc1558] update how user is specified in
tests [c1fe998] rename ec2 tests to be more explicit [e567fb9] use
the sql backend for ec2 tests [88b0a4b] more failing ec2 tests
[f28a03c] add METADATA for boo [7b4c26d] add (failing) tests for
scoping ec2 crud [781feaf] add some docs that got overwritten last
night [89c378c] fix pep8 [f226234] update tests [fc79bbe] update
some names [e2f04f2] fix some imports [ff6af1f] split up sql
backends too [308a766] split up the services and kvs backends
[909012a] establish basic structure [f0e3e7f] add docs for various
service managers [94f78a3] expect sphinx sources to be autogenned
[bf7e6fb] some tiny docs [e129d5f] fix sphinx [198d168] testing rst
on github [67d4a7c] updating dependencies for ksl [e75f7be] needed
to do more for cli opts [76c45b4] make a main in keystone-manage
[3c10e73] fix pep8 error [9d04ee9] rename apidoc to autodoc
[53ec23a] Fix typo [f16a262] return to starting directory after git
work [44c6b69] spacing [1418925] tests for ec2 crud [dae746d] add
keystoneclient expected format [a0c7c7c] add sql backend, too
[afd897f] add an ec2 extension [2ed9759] update readme [8c33e66] re-
indent [c233dc2] re-indent [bd974c9] re-indent [9ab0a42] re-indent
kvs.py [9d7c5c0] re-indent test.py [6a48676] remove models.py
[7b0f71b] add some docs to manager [deab5c4] dynamic manager classes
for now [1bd1349] add a couple more tests [8ea6e8f] add some more
todos [be52a5e] strip newlines [2a31259] TODO [2d6b348] add role
refs to validate token [aea09bd] fix token auth [c25155a] check for
membership [4ae246d] flush that sht [61ecf60] add more middleware
[ef1a474] fixing WatchedFileHandler [c830305] logging to debugging
by default for now [2723439] add a noop controller [cd37b05] woops
[52da891] add glance middleware ?? [47908a4] add legacy middleware
[ec85749] fix setup.py [d230857] adding #vim to file with changed
indent [230a003] add id-only flag to return IDs [5961430] rename ks
to keystone-manage [d940dc4] fixing imports for syslog handlers and
gettext [c3c05cb] adding gettext [393aedb] adding logging from
configuration files, default logging per common [6540120] cli using
keystoneclient [732909a] add a db_sync command to bin/ks, remove
others [3c88b7f] merge test and default configs [2c60c7f] adding
project to keystone config to find default config files [1d6334d]
some more config in bin/keystone [74170ee] in the bin config too
[a606c39] rename many service parts to public [ec82e9b]
keystone_compat -> service [75e781a] remove keystone from names,
remove service [51df8b1] remove default configuration [8f46af0]
basic service running again [2340dee] rename extras to metadata
[8362442] version number in setup.py [a84930a] add basic sphinx doc
bits [1967545] remove references to keystone light [763013c]
renaming keystonelight to keystone [13ec79b] keystoneclient tests
working against sql backend [4b4ada2] run all teh keystoneclient
tests against sql too [0f6a9a7] move everything over to the default
config [feadf75] config system overhaul [829a96b] add nova's cfg
framework [8fdcb69] fix pep8 [c8ed28c] missed a file [6495d41] most
tests working again [119808d] still wip, got migration mostly
working [775b8ed] get the sql ball rolling, still wip [b766165] add
sql backend, WIP [9691c0f] tweaking for running regular tests in
jenkins [205a7b9] finished up services stuff [ebe158f] add the
various role tests [5c89972] add list users [46943c5] get user tests
working [ff15e5f] get endpoints test working [c6d6d43] get
tenant_add_and_ remove_ user test working [94e9d6b] tenant test
working again [e396650] copy over the os-ksadm extension [23c6f49]
example crud extension for create_tenant [63c7934] get some tests
working again [0e7f06d] merge fixes [30a1146] fixup [c5b1b6f] Made
tests use both service and admin endpoints [2fb294f] All tests but
create_tenant pass [f2a9c51] Split keystone compat by admin and
service endpoints [3eb2adf] Added broken tests to show compatibility
gaps [4b55fa5] Split keystone compat by admin and service endpoints
[909770d] move novaclient tests over also [9e8ec25] clean up
test_identity_api [2e1558e] clean up keystoneclient setup [32aa1de]
add role crud [a32c73c] speed up tests [8425eab] add basic fixture
functionality [7541ed4] documentation driven development [b4eba62]
novaclient now requires prettytable [26a4cde] whitespace [5ff67d7]
whitespace [82f6445] make create_tenant work for keystone api
[29e1336] common ks client creation [5e4a877] updating of docs
[e4428dc] working on a tenant_create test [99f81d5] standardize
spacing [a0d0669] novaclient uses password instead of apikey
[b42859f] update to use the correct repo for python-novaclient
[cad238d] fix tenant auth tests [91f2097] add an example for
capability rbac [e5d1050] make readme use code style [860aa86] add
the policy code [63943c9] describe and add a policy backend
[d820917] policty stub [834301a] re-indent [b0733ca] change array
syntax [3479575] updates to make compatible with middleware
[58b8ca8] mergeish dolph's port change [3dac773] fix tests [aaf7695]
handle unscoped requests [20bebd9] adjust default port [17e03b8]
move noop to identity controller [9024351] allow setting user_id on
create [776a159] users require a name [c8b28b5] pep8 [8eea6b3]
update test conf too [1335e4c] cli for adding users, tenants, extras
[9d99821] adjust paths and use composite apps [2545907] add tests
for extras [3ab9d87] add tenant crud [f8e6fae] oops, forgot update
in crud [7035e4a] add crud tests [54f32f9] add crud tests [d0009db]
add crud tests [8ff5606] add test for create user and get user
[2c7770f] add test for create user and get user [2d15482] re-indent
identity.py [9105935] don't pep8 swp files [e8f72ed] accept data as
kwargs for crud [adbbe01] use the keystone app in the conf [6c84c1b]
reorg [f2e73bc] re-indent service.py [e10512b] more dyanmic client
[8464499] get some initial identity api tests working [4b4969f]
update service to middleware in confs [d7f364e] move around
middleware [716c450] make a composite app [59c2dea] add crud methods
to identity manager [570b08d] cli beginnings [64b369f] add admin
port [4885d4a] add an etc dir [cd712b2] add a default handler for /
[8ae627a] add a stubby setup.py [3117b41] use paste for the binary
[3d79099] add a trivial admin-only middleware [8fd8220] update
keystone sample tests, skip one [3212101] add crud info to readme
[44a07fd] get novaclient tests working [3439a77] add novaclient,
intermediate [2bc4376] add run_tests.sh and pep8 stuff [d17e1cf]
remove italics on Light [29e4e54] modify requirements [6cb7e6c] link
diagrams [002ae33] whitespace [344d21c] added catalog tests
[f86bf25] added tests for tokens [3f0137a] test the other methods
too [912c222] add some tests and get others to pass [4c8a5ac] add
some failing tests [b514897] add a default conf [4b48845] minor
whitespace cleanup [f8ec4f6] add some todo [d3cc798] add example
[1d1db0f] rst blah blah [169c4fb] updated readme [0d4e11c]
authenticate and tenants working [2f2465e] working authenticate in
keystoneclient [3caf2a8] remove test_keystone_compat' s catalog tests
[4ba33be] add templated catalog backend [2ac753e] everything but the
catalog [583e3c9] get a checkout of keystoneclient [d920d84]
authenticate working, too [ba4913f] base tests on keystone-
diablo/stable [a98b2ed] get tenants passing, yay [f886ab9] flow
working, added debugging [06944e8] add context to calls [ef9f039]
move diagram into docs dir [7427b1a] refactor keystone compat and
add catalog service [c8d4e88] added sequence diagrams for keystone
compat [50d64c3] getting closer, need to match api now [35ec297]
tests running through, still failing [a200e50] add a test client
[03b75a5] added a test, need to get it working now [a328b99] working
with dashboard [8cd7f5c] add get_tenants [9a0ec99] rudimentary login
working [158dfba] most bits working [419c2cb] initial
* No change rebuild.
* [9452cf0] Fixes bug 924391
* [bfe9abe] Fix "KeyError: 'service-header- mappings' " [9858e08]
Removes nova middleware and config from keystone [1ea4e4f] Added
keystone-manage list_role_grants (bug 923933)
* No change rebuild.
* No change rebuild.
* [f76477c] Update auth_token middleware to support creds.
* [d2e6f63] Added shortcut for id=NULL queries (bug 916386) [a86a661]
Removing __init__ from non-packages (bug 921054) [fd36f1f] add
instructions for setting up a devenv on openSUSE 11.4 and 12.1
[2e73dfa] Documented race condition (bug 921634)
* No change rebuild.
* No change rebuild.
* [2efd311] Test coverage for issue described in bug 919335 [fd36f1f]
add instructions for setting up a devenv on openSUSE 11.4 and 12.1
* [a86a661] Removing __init__ from non-packages (bug 921054) [053345c]
Forgot to update models (bug 885426) [9e9e7f0] Updating example
glance paste config.
* [d1a3c5f] Fix race in TestCreateTokenCommand (bug 921634) [053345c]
Forgot to update models (bug 885426) [9e9e7f0] Updating example
glance paste config.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* [b1581a1] Migrated 'enabled' int columns to bool for postgres (bug
885426) [b207a49] Return Version and Tenant in Endpoints
* [8c6e606] Updated bp keystone-configuration for bp keystone-manage2
* [b207a49] Return Version and Tenant in Endpoints
* [23c396d] Updated error message for keystone-manage2
* [e2f8607] Added: "UserWithPassword" Added: "UserWithOnlyEnabled"
Removed: "UserWithOnlyPassword" [b680202] Fix for bug 921126
* No change rebuild.
* [2dbb2a6] Update Extended Credentials (EC2, S3) [ef6c133] Release
Notes for E3 [5ce7e70] Restore Console Info Logging - bp keystone-
logging
* No change rebuild.
* No change rebuild.
* [027782a] Adds keystone auth-n/auth-z for Swift S3 API.
* [5b8682f] Implement cfg.py
* [28dac45] Implement Secure Token Auth [5f69fbb] Fixed: Inserting
URLs into endpoint version attr
* [92462c8] Suppressed backtraces in tests causes sweaty eyes
* [5f69fbb] Fixed: Inserting URLs into endpoint version attr
* [45b3636] Addresses bug 918608
* [f2726df] Added Vary header to support caching (bug 913895)
[6362857] Handle EC2 Credentials on /tokens
* No change rebuild.
* [95fb6d1] Implemented subparsers (bp keystone-manage2)
* [9e1e113] Fixed PEP8 violations and disallowed them
* [8b3df32] Implemented bp keystone-manage2
* [8c98285] Fixes 918535: time not properly parsed in auth_token
middleware [1b44286] fix bug lp:843064
* [159757c] Use dateutil 1.5 [1b44286] fix bug lp:843064
* [70e5a00] Prestage fix - fixed requirement name; python-dateutil,
not dateutil [7c0529f] Bug #916199: keystone-manage service list
fails with AttributeError on Service.description [3d08211] Fix LDAP
Schema Syntax (bug 904380)
* [2d18686] Pre-staging pip requires [7681a01] Exception raise error
[e03ff6e] Updates to middleware to deprecate X_USER [3d08211] Fix
LDAP Schema Syntax (bug 904380)
* [7c0529f] Bug #916199: keystone-manage service list fails with
AttributeError on Service.description [e03ff6e] Updates to
middleware to deprecate X_USER [3d08211] Fix LDAP Schema Syntax (bug
904380)
* [7681a01] Exception raise error [eedd271] Revert "Exception raise
error" [fa95e14] Bug #915544: keystone-manage version 1 commands
broken when using flags
* [e03ff6e] Updates to middleware to deprecate X_USER [fa95e14] Bug
#915544: keystone-manage version 1 commands broken when using flags
* [eedd271] Revert "Exception raise error" [fa95e14] Bug #915544:
keystone-manage version 1 commands broken when using flags
* No change rebuild.
* [45c62a8] Exception raise error [ee617f4] Fix minor typo [3f70358]
Add 'tenants' to Auth & Validate Response [1c2708f] Fixed Test
Coverage Handling [73525ac] Adding prettytable dependency [105b908]
Front-end logging [870c1aa] Implement Role Model [876e309] xsd fixes
[82852a7] Added decorators for admin and service_admin checks
[2e3ee14] Initial keystone-manage rewrite (bp keystone-manage2)
[fe74938] Correct endpoint template URLs in docs.
* No change rebuild.
* debian/patches/ temp_fix_ keystone_ manage. patch: Update
* No change rebuild.
* debian/patches/ temp_fix_ keystone_ manage. patch: Temp. patch to get moving during sprint
* No change rebuild.
* [0762754] Show useful traceback if manage command fails [3f70358]
Add 'tenants' to Auth & Validate Response [1c2708f] Fixed Test
Coverage Handling
* [ee617f4] Fix minor typo
* [73525ac] Adding prettytable dependency [105b908] Front-end logging
[870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
decorators for admin and service_admin checks [2e3ee14] Initial
keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
endpoint template URLs in docs.
* [73525ac] Adding prettytable dependency [105b908] Front-end logging
[870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
decorators for admin and service_admin checks [2e3ee14] Initial
keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
endpoint template URLs in docs.
* [105b908] Front-end logging [870c1aa] Implement Role Model [876e309]
xsd fixes [82852a7] Added decorators for admin and service_admin
checks [2e3ee14] Initial keystone-manage rewrite (bp keystone-
manage2) [fe74938] Correct endpoint template URLs in docs.
* [870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
decorators for admin and service_admin checks [2e3ee14] Initial
keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
endpoint template URLs in docs.
* [876e309] xsd fixes [82852a7] Added decorators for admin and
service_admin checks [2e3ee14] Initial keystone-manage rewrite (bp
keystone-manage2) [fe74938] Correct endpoint template URLs in docs.
* [82852a7] Added decorators for admin and service_admin checks
[2e3ee14] Initial keystone-manage rewrite (bp keystone-manage2)
[fe74938] Correct endpoint template URLs in docs.
* [82852a7] Added decorators for admin and service_admin checks
[Chuck Short]
* debian/keystone. install: install tools/{ convert_ to_sqlite. sh,
sample_data.sh}
[Adam Gandelman]
* debian/patches/ fix-ubuntu- tests.patch: Also skip keystoneclient
essex 3 tests, add patch description
* debian/keystone. logrotate: Add logrotate config (LP: #962426)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)