RETIRED, further work has moved to Debian project infrastructure
Go to file
Boris Bobrov 955fd6ca37 Do not fetch group assignments without groups
Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.

Return empty list of assignments if no groups were passed.

Closes-Bug: 1677723
Change-Id: I65f5be915bef2f979e70b043bde27064e970349d
(cherry picked from commit 2139639eea)
2017-04-25 14:36:12 +00:00
api-ref/source Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
config-generator Remove stevedore warning when building docs 2017-01-06 21:40:20 +00:00
devstack Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
doc Prepare for using standard python tests 2017-02-02 12:13:12 +00:00
etc update keystone.conf.sample for ocata-rc 2017-01-31 14:10:01 -08:00
examples/pki Remove support for PKI and PKIz tokens 2016-11-01 22:05:01 +00:00
httpd remove httpd/keystone.py 2016-09-21 22:35:52 -04:00
keystone Do not fetch group assignments without groups 2017-04-25 14:36:12 +00:00
keystone_tempest_plugin Reuse already existing groups from upstream tempest config 2017-01-27 01:07:00 -05:00
rally-jobs [rally] remove deprecated arg 2015-10-29 16:34:58 +02:00
releasenotes Error messages are not translating with locale. 2017-03-26 17:53:50 +00:00
tools Prepare for using standard python tests 2017-02-02 12:13:12 +00:00
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:27:58 +00:00
.gitignore Migrate identity /v3 docs from api-ref repo 2016-05-24 09:58:23 -03:00
.gitreview Update .gitreview for stable/ocata 2017-02-02 21:47:58 +00:00
.mailmap update mailmap with gyee's new email 2015-11-03 16:12:01 -08:00
.testr.conf Stop using oslotest.BaseTestCase 2016-03-01 21:44:20 +00:00
CONTRIBUTING.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
HACKING.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
LICENSE Added Apache 2.0 License information. 2012-02-15 17:48:33 -08:00
README.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
babel.cfg setting up babel for i18n work 2012-06-21 18:03:09 -07:00
bindep.txt Move other-requirements.txt to bindep.txt 2016-08-12 20:53:45 +02:00
requirements.txt Updated from global requirements 2017-03-09 18:15:03 +00:00
setup.cfg Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
setup.py Updated from global requirements 2015-09-17 12:12:39 +00:00
test-requirements.txt Updated from global requirements 2017-01-02 16:10:39 +00:00
tox.ini Update UPPER_CONSTRAINTS_FILE for stable/ocata 2017-02-02 21:47:59 +00:00

README.rst

Team and repository tags

image

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/developer/keystone/

The API specification and documentation are available at:

https://specs.openstack.org/openstack/keystone-specs/

The canonical client library is available at:

https://git.openstack.org/cgit/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://git.openstack.org/cgit/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs/#identity-program-specifications

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.