This spec proposes to to add a new keystone middleware that implements
RFC7662 OAuth 2.0 Token Introspection [1] and allows users to optionally
use that middleware when using an external authorization server.
OpenStack services will be able to validate their OAuth2.0 client with
an external authorization server other than Keystone.
[1] https://datatracker.ietf.org/doc/html/rfc7662
Change-Id: Ie1066ab2735205fcb534e7697c3b9a5aa2d23eeb
This spec proposes to Provide the option for users to
proof-of-possession of OAuth2.0 access token based on RFC8705 OAuth 2.0
Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.
Users will be able to authenticate their OAuth2.0 client with a client
certificate instead of using Basic authentication with
client_id/client_secret to prevent a token from being used by a
malicious client. This protects Keystone Identity and other OpenStack
services from spoofed OAuth clients.
Change-Id: I67e030c183631bd421cc93ceb767f60fa178238a
This spec proposes to allow users to optionally use an OAuth2.0 Client
Credentials Grant flow to authorize an API client. In order to realize
this, we implement an OAuth2.0 authorization server as an extension of
keystone.
Implements: blueprint oauth2-client-credentials-ext
Change-Id: I4954c1e8f22199deb13031441c46a3565383412d
Switch to openstackdocstheme 2.2.1 version. Using
this version will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Disable openstackdocs_auto_name to use 'project' variable as name.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I27fd7e7310b2a1be3b283d43f40436ba5e165bbf
* Move uncompleted specs to the backlog (will discuss adding them to
Ussuri in planning meeting)
* Move Train section under "implemented"
* Create new empty section for Ussuri with new roadmap link
Change-Id: Id06bba1512364f8b4daeb3a594ff1e5b896f1b90
Update openstackdocstheme options so that "Report a bug" works.
Remove git settings for last update, the theme handles this now
by default.
Remove viewdocs and autodocs options, they are for source code but this
repo has no sourcecode.
Update minimal openstackdocstheme version so that these settings work.
Change-Id: I1dedf35825fd2fbd4dcbf8991affcd1f54d0ed70
Move the request-helpers backlog spec for keystonemiddleware to the
attic. At the Denver PTG (2019) we discussed this spec. We are in a
very different space from where we were at the time of proposal, and
if there is a desire to revisit this specific specification it can
be brought back from the attic.
Change-Id: I3e1ab025bb998b14c0a71854b9109d9f29b25ee9
The explicit domain IDs and capabilities/access rules specs were not
finished in Stein but are already in progress and on target to finish
early in the Train cycle.
Change-Id: I052079fcdb11f8e11c854b11d8013fd460f421ec
The link to the Stein roadmap was populated before we actually went
through the schedule for Stein. We actually used a copy of a previous
roadmap to build the Stein roadmap, making it easier to manage carry
over items. As a result, the original link isn't useful and was
abandoned.
This commit updates the link to point to the correct roadmap.
Change-Id: Ib02bd11b3604c366db873c0f74d739dd04d322e2
This work wasn't completed in Rocky, but the specification was
targeted to the release. This commit bumps it to the Stein release.
Change-Id: I2147f3cfb68b719666544fb1a7a7393a67c7bb2b
The following sketches out limits API about
OpenStack quota usage.
Co-Authored-By: wangxiyuan<wangxiyuan@huawei.com>
Co-Authored-By: Lance Bragstad<lbragstad@gmail.com>
bp: unified-limits
Change-Id: Ie1e046244cfb379775d241b83c80cd1f2fb9c637
One of the action items in the queens-1 retrospective was to clearly
document our roadmap. Ideally, this is something specification should
do, but not all work in a release is associated to specifications.
This commit adds a link to the Queens roadmap next to the
accepted specifications for Queens. When Rocky opens for
development, we need to archive this link with the Queens
specifications so that it is discoverable.
Change-Id: I1a558abd0f7379a33a3176608aa55f9ba54390bb
One of the outcomes of the Pike retrospective to clarification
of the purpose of backlog. It was also mentioned that it would be
useful to have an `ideas` directory that allow people to propose
ideas that need to be freshed out and discussed. The backlog somewhat
filled this purpose but is going to be more specific in the future.
This commit clears up the direction of each location and what purpose
they fill.
Change-Id: Ie07f11e67aef1e03311c430963938fe079bf0fa6
Queens is open for development. This commit prepares the specs
repository to receive candidates for Queens work.
We originally targeted project tags for Pike, but it didn't make the
release. This targets the work for Queens instead.
bp project-tags
Change-Id: I318f4e7377e58e8870a41fea413886825fb87720
Fix the Sphinx html_last_updated_fmt for Python3.
The html_last_updated_fmt option is interpreted as a
byte string in python3, causing Sphinx build to break.
This patch makes it utf-8 string.
Change-Id: I3a79f12a62037e565484cea4b8ff927d85a83394
Closes-Bug: #1693670
This change removes the now unused "warnerrors" setting,
which is replaced by "warning-is-error" in sphinx
releases >= 1.5[0]. This also fixes any warnings
that came up when testing with the latest version
of sphinx:
- Invalid json in code-blocks
- Redundant loading of todo extension
- Empty man_pages config value
Also updated the requirements for pbr and sphinx to the latest
version(s) in requirements.txt
With this change, any doc warnings will cause the build to fail
[0] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113085.html
Change-Id: I53b0bf833a940cef471589ba883db13b620cc5fe
We originally targeted this for Ocata, but we were not able to get it
into the release. Let's re-target it for Pike since we are close to
getting it done!
bp support-federated-attributes
Change-Id: I75640d196c2ef072a0f8bb25e9a2dce409dc761f
The following file(s) added utf-8 encoding but never used. So we can
remove them at all.
doc/source/conf.py
TrivialFix
Change-Id: I6524bad4677c7cdfe86cf20c5b2bdfefff630454
create the folder and section in the doc, also add the drop
driver version spec, since IIRC everyone was for this idea.
Change-Id: I7624f9b3697f8a704821011b3f0148f853c7f24a
As we do with other things we don't want folks to see, shove the
APIs in the attic. These files are being moved to the api-ref
directory in the keystone repo. See topic `keystone-api-sprint`.
https://review.openstack.org/#/q/branch:master+topic:keystone-api-sprint
Change-Id: Ic61dfa8ef1d71954ae5b3e09f1ccc8ec6e774973
* create a project level folder for each project
* create folders for each release within the project
* move the backlog folder to keystone
* place the keystoneclient/keystonemiddleware specs in
their correct release
* collapse the "implemented" specs onto the landing page
probably best to review the generated web page
Change-Id: I6d70cf5a7df190eb7e030df53ed8790510dc33f8
rename a few things, move ldap3 and non-sqlite db tests to newton,
move sp-fitler to backlog since it never landed.
Change-Id: I4d815fd440c4adecc1dae27c4c81b8d2b154007d
lots of blueprints and specs have bumped around from backlog
to mitaka and back. added a new ongoing section for things like
python3 and functional testing
Change-Id: I52f704635dd53ea26298d2547408286bac0b230c
os.popen() is deprecated since version 2.6. Resolved with use of
subprocess module.
Change-Id: I80d4973f143e77789c340c1d0b03991c6589dacd
Closes-Bug: #1529836
* move specs that were not implemented into backlog, except for
functional testing and py3, since those are ongoing.
* tweak the landing page to show mitaka instead of liberty.
* add implemeted specs from liberty to implemeted spec page.
Change-Id: I1cd8a8c5415fb1e3a4324ac4a4084ff1b16add70
We already have implemented the following features:
- A new field will be added to the project table to represent if that
project has the domain feature;
- Update the domain operations to execute in the project table
- Allow create subdomain using a parent_id
- Migrate the domains for project table
- Drop domain table
Now in liberty release we want work to approve this features.
The other features mentioned in this spec will not be implemeted since
we need to discuss better in the next summit, there is:
- Migrate the role assignments for DomainUser and DomainGroups types.
- Provide dual scoped token for a project with domain feature
previously-approved: kilo
Change-Id: If357f38a8d81b094f47cd1a055dbec7edfb945ae
Implements: bp reseller
Update the headers slightly for API specifications to make the sections
a bit easier to read. The V3 and V2.0 specifications do not need to be
top-level and can easily be nested under a more generic section.
Change-Id: Id636ce72460423597a6f11b24530082b8ae9ddc8
Add the project documentation links to the specs index including the
template and the README file.
Change-Id: I53f92795a5718aa69168d6f5e6b5412e1c925e24
The backlog performs two essential functions:
1. It provides a way for a user to float an idea before committing
to a detailed analysis. It is, instead, a way for a user to get
approval on an approach or design.
2. It is a parking lot for specifications that are orphaned. If a
spec is not going to be implemented by the assigned user, it will be
collected into the backlog, and be available for other developers to
implement.
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Change-Id: If546724fd535db7753a372389c3f90f3b060d9bc
Rafael Weingärtner