openstack
/
keystone
Code Issues Proposed changes
OpenStack Identity (Keystone)
13,977 Commits 9 Branches 41 Tags 231 MiB
Python 99.5%
Shell 0.5%
Go to file
Colleen Murphy 330911cee4 Ensure OAuth1 authorized roles are respected 
Without this patch, when an OAuth1 request token is authorized with a
limited set of roles, the roles for the access token are ignored when
the user uses it to request a keystone token. This means that user of an
access token can use it to escallate their role assignments beyond what
was authorized by the creator. This patch fixes the issue by ensuring
the token model accounts for an OAuth1-scoped token and correctly
populating the roles for it.

Change-Id: I02f9836fbd4d7e629653977fc341476cfd89859e
Closes-bug: #1873290
(cherry picked from commit 6c73690f77)
(cherry picked from commit ba89d27793)
(cherry picked from commit 5ff52dbaa2082991d229d8557a8e4b65256d6c53)
 		2020-05-06 08:18:06 -07:00
api-ref/source trivial: fix broken link in trust API reference 2019-03-13 19:45:49 +00:00
config-generator Move policy generator config to config-generator/ 2017-04-21 21:47:32 +00:00
devstack Add voting k2k tests 2020-02-05 11:04:26 -08:00
doc Docs: Make robust with using real links 2019-10-18 09:13:36 -07:00
etc DRY: Remove redundant policies from policy.v3cloudsample.json 2019-04-02 19:41:36 +00:00
examples/pki Remove support for PKI and PKIz tokens 2016-11-01 22:05:01 +00:00
httpd Remove admin interface in sample Apache file 2018-03-24 12:56:02 +01:00
keystone Ensure OAuth1 authorized roles are respected 2020-05-06 08:18:06 -07:00
keystone_tempest_plugin Remove the local tempest plugin 2017-06-06 11:48:37 +00:00
playbooks/legacy/keystone-dsvm-grenade-multinode OpenDev Migration Patch 2019-04-19 19:30:50 +00:00
rally-jobs fix rally docs url 2018-05-21 16:24:51 +08:00
releasenotes Ensure OAuth1 authorized roles are respected 2020-05-06 08:18:06 -07:00
tools changed port in tools/sample_data.sh 2018-11-15 20:45:59 +05:30
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:27:58 +00:00
.gitignore Tell reno to ignore the kilo branch 2020-02-21 18:56:11 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:30:50 +00:00
.mailmap update mailmap with gyee's new email 2015-11-03 16:12:01 -08:00
.stestr.conf Migrate to stestr 2017-09-22 11:07:09 -05:00
.zuul.yaml Add voting k2k tests 2020-02-05 11:04:26 -08:00
CONTRIBUTING.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
HACKING.rst Merge "Update links in keystone" 2017-10-06 16:10:56 +00:00
LICENSE Added Apache 2.0 License information. 2012-02-15 17:48:33 -08:00
README.rst Add release notes link to README 2018-06-12 15:30:45 +08:00
babel.cfg setting up babel for i18n work 2012-06-21 18:03:09 -07:00
bindep.txt Fix bindep for SUSE 2019-02-14 16:50:33 +01:00
lower-constraints.txt Pin Werkzeug in lower-constraints 2019-03-19 23:56:08 +01:00
reno.yaml Tell reno to ignore the kilo branch 2020-02-21 18:56:11 +00:00
requirements.txt Add PyJWT as a requirement 2019-01-31 19:42:09 +00:00
setup.cfg Revert "Blacklist bandit 1.6.0" 2019-06-24 06:52:52 -07:00
setup.py Updated from global requirements 2017-03-06 01:10:37 +00:00
test-requirements.txt Use pycodestyle in place of pep8 2018-11-20 17:16:01 +00:00
tox.ini Constraint dependencies for docs build 2020-02-19 20:23:23 -05:00

README.rst

Team and repository tags

image

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://developer.openstack.org/api-ref/identity

The canonical client library is available at:

https://git.openstack.org/cgit/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://git.openstack.org/cgit/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Release notes is available at:

https://docs.openstack.org/releasenotes/keystone

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.