A contract migration will use the '--contract' flag, obviously.
Change-Id: I288bd0175834fdd3ee8d224f099e37b6294cb7ea
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We can now auto-generate migrations. Document how this is done.
Change-Id: I754b0eb9eb74cd31f22440c64187d292c19ce4fa
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We're going to add new alembic-based migrations shortly. These will live
in the 'keystone.common.sql.migrations' module. Prepare for this by
moving the existing migrations from ''keystone.common.sql' into a common
'keystone.common.sql.legacy_migrations' module.
Change-Id: I5ab7b010b21268977f73738e895bbd21442e9455
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is now folded into the initial migration of the 'expand_repo'
repository. Previously, this was a dummy migration. We simply move
things across and remove any code that was trying to work with the older
repo since it's no longer necessary.
A release note is added, even though it's not really necessary since
nothing will change for users. It's more of a heads up that things are
afoot.
Change-Id: I59882d88fe593ec1ae37415b2157584f7f3c85f8
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This patch removes the information about router.py and
controller.py used in wsgi model and updates about the new
API's written when adopting Flask Application.
Change-Id: I902647472a0df69f2fa402aec84eac9d94701a2c
This patch removes about controller and replaces it with API. It
also add some links to the details mentioned in doc.
Change-Id: I558e6db1e0e920a5a22c1708e35553f1af678476
all-plugin is deprecated and is going to be removed soon.
It is being replaced by "all" [1].
[1] 181a26d258/tox.ini (L82)
Change-Id: I2911caa169e063fdaf06933598b52bbb7f5f338a
Add prose about why someone might want to contribute to keystone and
reduce the emphasis on developer-specific contributions.
Change-Id: Ied32aac47e098d25fd9880a12c617574d5e24ace
Our tools noticed that keystone links to
https://docs.openstack.org/keystone/latest/admin/identity-domain-specific-config.html
which does not exist anymore.
The page was removed but the link to it was not changed. Replace this
and similar links with internal links that will work even if files are
moved - and can be verified, thus sphinx will error in case of broken
targets.
These changes include a few other fixes for broken keystone links, e.g.
to renamed anchors.
For the include files in admin/configuration.rst and
admin/federation/configure_federation.rst: Rename them to *inc.
The files were
published twice (as separate files and on this page) and thus
referencing failed. Renaming avoids this.
Also, put doctree outside of html tree so that it does not get
published.
Change-Id: I3d07637b0046cc88a66bcb51a0a4fe7c146c1549
The api documentation is now published on docs.openstack.org instead
of developer.openstack.org. Update all links that are changed to the
new location.
This does not relationship URIs since "these links do not resolve to
anything valid, but exist to show a relationship."
Note that redirects will be set up as well but let's point now to the
new location.
For details, see:
http://lists.openstack.org/pipermail/openstack-discuss/2019-July/007828.html
Change-Id: I6efdf375bc8e1e5ca2b113337002d6178180a1e1
At the Train PTG, we discussed[1] what we could do to continue to
participate in open source internship programs like Outreachy while
keeping the high volume of applicants manageable. Outreachy requires
applicants to submit a contribution to the project they are applying
for, but we rarely have sufficient numbers of low-hanging-fruit tasks to
assign to all of them to allow all of them to make useful contributions.
Instead, we propose to give them exercises that most likely will not be
merged into keystone itself. These exercises are much more difficult
than typo fix tasks, and can be assigned to multiple people without
concern for applicants stepping on each others' toes. They can also help
new contributors get familiar with the architecture of keystone and the
development workflow, and encourages them to interact with the team.
[1] https://etherpad.openstack.org/p/keystone-train-ptg-outreachy-brainstorm
Change-Id: I615b1c029db59a1f9d8548dc0a80faa5c4150f2a
Since keystone now tracks features as Bugs not
blueprints. This patch updates the same in the
contributor doc.
Change-Id: Ic51205c1403f2085d7f921d3ff9d667cfe3f4c87
Add a link to the vision reflection to clarify the meaning of the
Principle of Least Privilege, which is a significant theme in our vision
document.
Change-Id: Iad751761fcc143f4549a19c4c3d262bbee0419c4
During the Train PTG, the team discussed ways to better engage
newcomers and folks who don't have fulltime responsibility upstream.
One way we can do that is by doing a better job describing and
applying `low-hanging-fruit` in bug triage.
This commit attempts to introduce consistency for that specific bug
tag.
Change-Id: Ib6ea0b62ad95335ed2d9b26687708cd664bf3648
As discussed during the Train PTG[1], update the mission statement to
include discovery and resiliency, and update the vision reflection to
include Bidirectional Compatibility and Secure by Design.
Support for quota management could be read as included under
"user-friendly...multitenant" in the mission statement.
[1] https://etherpad.openstack.org/p/keystone-train-ptg-vision-mission
Change-Id: I195d5ae5affb84feaee63598d2c927db2faa20b7
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: Ic878f69afe5eaf9ec22194944c2dfd8e1ead0542
The current external-dev.rst page only contains 3
links that are semi-hidden in the current docs layout
unless someone specifically clicks on the
"External Developer" link.
This change removes the external-dev page, which only
contained 3 links, and now those 3 links are available
on the contributor index. These links also now show
up on the main keystone documentation page as well for
easy access to readers.
Change-Id: Ib0106ade10f1760a91bbac8e3c8e43b1aeda0884
We have documentation on the various scopes keystone offers, but we
don't describe *how* other developers in OpenStack should use this
information.
This commit attempts to answer some of the most common authorization
scope questions we've heard and fixes up some wording to make the
document more clear.
Change-Id: Iaf53e632e1c4e7c2ef1fcbf0262d99d896c06157
This document is written for other developers working on OpenStack.
Its goal is to describe various concepts in a way that other
developers, who may not be familiar with keystone, can digest and use
effectively in their projects.
The introductory paragraph was phrased as if the v3 API just became a
thing, when it has actually been around for a long time. It also
eluded to underlying implementation details by mentioning paste
pipelines, which we no longer use.
This commit updates the introduction to be more relevant to the state
of things today.
Change-Id: I79564dc99fd65a5609bd548d12a0413ca3ee6b2a
We recently merged a document for describing how to write
specifications and open bug reports to track feature work:
I5dbf6f81058de3f2a64a95e4cf34a1279a49c5dd
This commit addresses some follow on comments from the initial review,
namely:
* removes copyright dates
* reorders opening RFE bugs before proposing specs to be consistent
with the specification template
* fixes links to be more descriptive
* clarifies some details on the spec writing process
Change-Id: I883beed7c9b731ec69d169702b03652c98307f85
We have a specification template and a keystone-specs repository, but
we don't offer any documentation or guidance on the specification
process we have.
This commit aims to clarify the difference between specifications and
RFE bug reports, and why we use both. It also describes the process
someone should follow if they want to file a feature request against
the project.
Change-Id: I5dbf6f81058de3f2a64a95e4cf34a1279a49c5dd
Move the identity sources support matrix to the administrator guide and
clean up the remainder of the configuration page and the operator guide.
Change-Id: If6978121873b6b4a5438164f082f359688477298
Some of the admin guide pages were prefixed with "identity-" because
they came from the centralized install guide or operators guide or
security guide or somewhere else. We don't need the prefix, everything
in keystone is identity. Remove the prefix from the affected pages so
that everything is consistent.
Change-Id: Icd172a39fe720472f1fb15395178f90282696ac9
We have a document that attempts to help describe keystone concepts
to other OpenStack developers. Now that we've added system scope to
keystone, it makes sense to refresh this document and make it more
helpful for services.
This should help services consume various scopes to protect APIs at
various levels (project, domain, system, et cetera).
Change-Id: I1a92ed0b6bbba44d1050a857c3609d918bb25b86
Closes-Bug: 1757151
Takashi Kajinami