Added keystone-manage documentation from man pages
to the placeholder created for CLI Documentation.
Change-Id: I0e259c76d96c6479a6165c535bc49c032b2f41da
Divided the keystone docs into four categories, depending
upon the usage criteria: general information (which will
be common for all), developer documentation,
user documantation and operator documentation.
Change-Id: I2f5dd41acd9874739accc54c4f4fd69460b58334
This change fixes multiple issues of "WARNING: document isn't included
in any toctree" that were appearing when building "tox -edocs" by adding
the pages to the toctree in index.rst.
Change-Id: Iefc19e4aa8a950ffc35256e0fd22bb6bc7b3d2da
Partial-Bug: #1602422
* landing page: increase toc depth for configuration for easier navigation
* landing page: move keystone-manage man page to bottom
* created common keystone-manage commands doc, so config and man page can
reference
* moved the sample config files section up near config file section
* moved fernet token section up near token section
* moved token flush near token section
* moved endpoint policy and endpoint filter near catalog
* removed references to devstack files that do not exist
* removed references to experimental and stable status for stable features
* removed references to keystoneclient CLI
* removed IANA portions, not config related
* removed section about user CRUD on v2.0 API, not config related
* lots of minor cleanup with syntax and wording
Change-Id: Id814b70d626299ba0717d6759ec6be5e97645a39
This is the first step of several to remove PKI token support in
keystone. A large issue in removing PKI support is support for the
revocation list must be maintained.
This patch removes support for the token format, it's surrounding tests
and examples that are generated. Additionally, some wording has been
changed around the CLI and config options to make the distinction
between keys and certs used for PKI tokens and those used for getting
the revocation list (a list of tokens that are revoked, which is signed).
Future patches will:
- Remove the keystone-manage commands for generating certs
- Modify the revocation list (at /auth/tokens/OS-PKI/revoked) to return
a 403 if pki is not configured (instead of raising a 500). We cannot
remove the API as that would break an API contract.
- Options to configure PKI will be marked as deprecated
- If PKI is configured a normal signed list will be returned (same
behavior as today)
- Follow up patch to keystonemiddleware will make sure auth_token does
not rely on the revocation api at all.
Related-Bug: 1626778
Related-Bug: 1626779
Co-Authored-By: Boris Bobrov <bbobrov@mirantis.com>
bp removed-as-of-ocata
Change-Id: Icf1ebced44a675c88fb66a6c0431208ff5181574
The configuration and man page docs are missing some commands
noting the available options to the keystone-manage command.
Change-Id: Iba5efcf94e70f70bac899b8db377960fd35567d4
The man page of keystone-manage needs mention of the command
credential_setup.
partially-implements bp credential-encryption
Change-Id: I8c3ee9f1d738d96a51fb5a71cd475b20106e1d61
Fetching users from LDAP requires creating public ids for them.
id_mapping_api does that. Creating public ids is slow, because it
requires performing N INSERTs for N users, and there is no way to
work around that. It leads to very slow responses to queries like
"list users".
By pre-creating these public ids we improve API users' experience.
Add keystone-manage mapping_populate command that creates id mapping entries
for users.
bp ldap-preprocessing
Partial-Bug: 1582585
Change-Id: I98f795854aee26f9e7f668372c47572d2b6d4f0f
This introduces a new keystone-manage command called 'doctor' which
attempts to diagnose and report on various ill-advised configurations
and deployment states.
The number of checks we could perform is basically endless, so this is
just a random sampling of checks to get the ball rolling. The idea is
that as new features are introduced, as default configurations change,
as we have new recommendations to make to deployers, etc, we can
implement new checks in keystone-manage doctor and communicate our
concerns directly to those operated affected deployments.
Change-Id: Ib6660c1a885c439ca03357870628b2ea52e39e9d
Implements: bp keystone-manage-doctor
Several of the command line options don't match the current output
from keystone-manage -h.
Here's the output of keystone-manage to compare with the new man
page content:
http://paste.openstack.org/show/508828/
Change-Id: I60d212c5930fcd450745b10155b578faff0e4654
these config options and it's supporting command are only useful
when deploying keystone under eventlet, with that removed these
are redundant.
Change-Id: I7c602805bba2c658d3280811ed8919f78ed3aa0d
implements: bp removed-as-of-newton
Eventlet has been deprecated since the Kilo release and is
being removed in Newton.
A follow on patch will be proposed to remove the [ssl] section
since it is now redundant.
Co-Authored-By: Grzegorz Grasza <grzegorz.grasza@intel.com>
Partially implements: bp removed-as-of-newton
Change-Id: I963d94bbd188dbb6eba68623a42c5bc3f2289da4
with PKI deprecated, we should also deprecate this command
bp: deprecated-as-of-mitaka
Closes-Bug: 1541201
Change-Id: If0600fc52084d1bb2acaadb05d858e4b69ff48eb
create docs on how to configure keystone with the new
keystone-manage bootstrap option.
implements bp: bootstrap
Change-Id: I4c7520cc68aadd49179e40e77b2d5058125edf00
The keystone-manage listed out-dated version and date. This patch
bumps the version to 9.0.0 and the release date of 4-7-16 according
to: http://docs.openstack.org/releases/schedules/mitaka.html
Note: keystone-all was untouched since it's being removed under the
eventlet deprecation.
Change-Id: I2e9de4ca1d19d5ee62b3c761bea46d6d61445fd6
Both keystone-all and keystone-manage listed out-dated versions
and dates. This patch bumps the version to 8.0.0 and the release
date of 10-15-15 according to:
https://wiki.openstack.org/wiki/Liberty_Release_Schedule
Change-Id: Ic389d4fded4579c7ebee2645e7150df4d12e48de
Closes-Bug: #1495645
Implementation of a command line wrapped build on top of mapping engine.
Its main goal is checking effects of input parsed by RuleProcessor with
set of provided mapping rules. User must provide two files: a) rules
file with proper JSON with mapping rules (identical to those uploaded to
the server) b) a file with key-value set of environ-like parameters.
Basic usage:
$ keystone-manage mapping_engine --help
$ keystone-manage mapping_engine --rules <path> --input <path>
Upon successful execution program outputs to the stdout a JSON structure
with effective objects like user, group_ids and user_names.
Implements: bp mapping-engine-tester
Change-Id: Ia4b2e617692ebb42693db6d335985dcb6a0969e1
* Replace the github by openstack's official home git.openstack.org
* Also update the like of developer documentation of keystone
Change-Id: I60e8e914d9fa3be2cdfffe029e4c2432c07962e2
The current man pages for keystone-manage don't include commands relating to
Fernet setup, or the domain configuration upload.
Change-Id: Ifd208151470d8d39d3d4851557e45dc12d1a577b
Closes-Bug: #1441300
This updates the log module from oslo-incubator to
a01f79c3050962fd744239956e9654407d14ea1f
$ git checkout a01f79c3050962fd744239956e9654407d14ea1f
$ python update.py --nodeps --base keystone \
--dest-dir ../keystone --modules log
This includes a fix for the deprecated logger that caused the
deprecated message to be printed multiple times rather than once.
Change-Id: I6174b064205adcdc9fb966a9e01eb5190b5b730e
Closes-Bug: #904307
Closes-Bug: #1266812
The man pages were out of date.
To get the new man pages, I ran keystone-all -h and
keystone-manage -h and copy-pasted the output.
Change-Id: I6c6f6f9f56c2216cce300fcf24877b78b601db5d
- wrap literals with double backticks so things render in RST
- replace triple line breaks with double line breaks for consistency
- replace 'REST api' with 'HTTP API' because 2x pedantic
Change-Id: Ib28d0cea06f81b32ef985dfa74333693ef32ae46
remove "through" from "with through the keystone REST api" and fix "keystone" to "Keystone" and "can not" to "cannot".
Change-Id: I1cc74b36cdb7de28be5dc4c3ee74922da8020804
Closes-Bug: #1273862
Updates the man pages based on the latest oslo.config and
Keystone code. oslo.config is version 1.2.0.
To generate the man pages, ran
tools/with_venv.sh bin/keystone-all -h
and copied the output to the man page. A couple of changes were
required because of the output formatting.
1) Escape * in *.config otherwise it's considered emphasis without
end.
2) --log-file is split to separate lines which results in a space
in the output, so put it back together.
Change-Id: Ic76b7eafd04551ec01a3c117b9d5a73471b1e4ce
This removes support for the following legacy-related commands:
$ keystone-manage export_legacy_catalog
$ keystone-manage import_legacy
$ keystone-manage import_nova_auth
DocImpact
Change-Id: If7277e912f11c9bf3bec15f9addd848e0774f14f
Several warnings were generated from keystone-manage when
building docs. Also, the options without a description
didn't display correctly in the rendered result.
Also, I added a description for the new db_version subcommand.
To generate the new option list, I ran keystone-manage --help
and copy-pasted the options into the doc.
Change-Id: I1a405ca03d894c9c3e0f6b3bfccc9bcfcce1302d
Yesterday, openstack@lists.launchpad.org was migrated with
all users to openstack@list.openstack.org.
This patch updates references to the old mailing list with the
new, to ensure that people encountering them don't accidentally
try and join the old list!
Change-Id: I0f8a91a361647a87fab9a1392d56a815f4d66eac
This change fixes warnings and errors from
doc/source/man/keystone-all.rst when generating documentation.
Change-Id: Ie33b2600f28c517644730b2371ce34ca2e73b7a5
Extracts common OpenSSL functionality from pki_setup and adds a new cli
command ssl_setup which re-uses this base to generate SSL certificates
for https.
Change-Id: Ia34827583bcdfbd871133250681010e642271f07
Fixes: bug 1155361
- Added a missing space: mayuse -> may use
- Removed default values from help messages, which were appearing as
None, and should be added by argparse anyway
- Updated man pages
Change-Id: I471a1aaff40398488e19f91a16bd91d2d17db61d