31eecfb2a4
This commit adds explicit tests that show how domain users are expected to behave with global roles. A subsequent patch will do the same for project users. Note that these changes are slightly different from the policy.v3cloudsample.json role policies. In policy.v3cloudsample.json, domain users were allowed to get and list global roles. So were project users. This behavior is changing because global roles are considered global resources of the deployment, and they should be managed by system users. Domain users should be able to add and remove domain specific roles, which will come in a subsequent series of patches. This approach is being taken because it is a safer default for a system level resource (roles) and still allows the same functionality for domain users through domain-specific roles. Change-Id: Ia1a7adf4431042ecea1b41e3c589c55112183ab5 Partial-Bug: 1806713 Partial-Bug: 1805400 |
||
---|---|---|
api-ref/source | ||
config-generator | ||
devstack | ||
doc | ||
etc | ||
examples/pki | ||
httpd | ||
keystone | ||
keystone_tempest_plugin | ||
playbooks/legacy/keystone-dsvm-grenade-multinode | ||
rally-jobs | ||
releasenotes | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.stestr.conf | ||
.zuul.yaml | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
README.rst | ||
babel.cfg | ||
bindep.txt | ||
lower-constraints.txt | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
OpenStack Keystone
Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.
Developer documentation, the source of which is in
doc/source/
, is published at:
The API reference and documentation are available at:
The canonical client library is available at:
https://git.openstack.org/cgit/openstack/python-keystoneclient
Documentation for cloud administrators is available at:
The source of documentation for cloud administrators is available at:
Information about our team meeting is available at:
Release notes is available at:
Bugs and feature requests are tracked on Launchpad at:
Future design work is tracked at:
Contributors are encouraged to join IRC
(#openstack-keystone
on freenode):
For information on contributing to Keystone, see
CONTRIBUTING.rst
.