openstack
/
keystone
Code Issues Proposed changes
OpenStack Identity (Keystone)
10,727 Commits 9 Branches 40 Tags 231 MiB
Python 99.5%
Shell 0.5%
Go to file
Dave Chen 48a5336d3d Handle token exception and use proper url for verification 
This commit is a product of two separate commits in order to unwedge
the stable/newton gate. The first commit is a oauth refactor to
properly handle token exceptions. The second is a patch to that
uses the proper url when verifying an oauth request token. The
problem is that the second patch can't be applied due to the
refactor from the first. This commit merges the two commits
together so that their isn't a merge conflict and it passes the
currently broken gate.

The first commit is:

Handle the exception from creating access token properly

If there is any request from client with any invalid request
parameters, invalid signature for example, keystone should
capture that and raise the exception.

It was `NotImplementedError`, `TypeError` thrown out and
presented directly to end user, and nothing helpful message
is given.

This patch fix that and show as many exception message that
is helpful for diagnosis as possible.

Change-Id: I112d0cd0c8a460c7b4d8d0e1c0b9c742aab9fde7
Closes-Bug: #1616424
(cherry picked from commit be5385c538)

This is the second commit

Change url passed to oauth signature verifier to request url

OAUTH signature verification should happen with the same URL used for signing.
Typically at the user end it should be signed with the request URL and hence it
should be verified with the same.
Currently keystone uses public endpoint URL for signature verification.

Modified the URL passed to oauth signature verification to request URL.

Change-Id: I28059a43cb0088c2952c19f696042ebec54d26c9
Partial-Bug: #1687593
(cherry picked from commit 926685c5a4)
 		2017-07-14 14:02:25 +00:00
api-ref/source Validate mapping exists when creating/updating a protocol 2017-06-29 16:37:27 +00:00
config-generator Remove eventlet support 2016-04-18 18:07:28 +00:00
devstack Add structure for Devstack plugin 2016-12-26 09:31:32 +00:00
doc Prepare for using standard python tests 2017-02-02 12:13:27 +00:00
etc Update sample keystone.conf for Newton 2016-09-07 20:41:47 +00:00
examples/pki Correct bashate issues in gen_pki.sh 2015-10-20 10:40:10 -05:00
httpd Update sample uwsgi config for lazy-apps 2016-08-31 15:41:21 -05:00
keystone Handle token exception and use proper url for verification 2017-07-14 14:02:25 +00:00
keystone_tempest_plugin Validate mapping exists when creating/updating a protocol 2017-06-29 16:37:27 +00:00
rally-jobs [rally] remove deprecated arg 2015-10-29 16:34:58 +02:00
releasenotes Handle token exception and use proper url for verification 2017-07-14 14:02:25 +00:00
tools Prepare for using standard python tests 2017-02-02 12:13:27 +00:00
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:27:58 +00:00
.gitignore Migrate identity /v3 docs from api-ref repo 2016-05-24 09:58:23 -03:00
.gitreview Update .gitreview for stable/newton 2016-09-15 10:22:57 -04:00
.mailmap update mailmap with gyee's new email 2015-11-03 16:12:01 -08:00
.testr.conf Stop using oslotest.BaseTestCase 2016-03-01 21:44:20 +00:00
CONTRIBUTING.rst Workflow documentation is now in infra-manual 2015-05-16 14:55:07 +00:00
HACKING.rst Use oslo.log instead of incubator 2015-02-14 05:34:52 +00:00
LICENSE Added Apache 2.0 License information. 2012-02-15 17:48:33 -08:00
MANIFEST.in Add .mo files to MANIFEST.in 2016-05-19 15:40:17 +02:00
README.rst Replace github reference by git.openstack.org and change a doc link 2015-05-07 10:08:10 +08:00
babel.cfg setting up babel for i18n work 2012-06-21 18:03:09 -07:00
bindep.txt Move other-requirements.txt to bindep.txt 2016-08-12 20:53:45 +02:00
requirements.txt Updated from global requirements 2016-09-09 16:05:04 +00:00
setup.cfg Implement encryption of credentials at rest 2016-09-02 04:25:49 +00:00
setup.py Updated from global requirements 2015-09-17 12:12:39 +00:00
test-requirements.txt Updated from global requirements 2016-09-09 16:05:04 +00:00
tox.ini Add structure for Devstack plugin 2016-12-26 09:31:32 +00:00

README.rst

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

http://docs.openstack.org/developer/keystone/

The API specification and documentation are available at:

http://specs.openstack.org/openstack/keystone-specs/

The canonical client library is available at:

https://git.openstack.org/cgit/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

http://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://git.openstack.org/cgit/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

http://specs.openstack.org/openstack/keystone-specs/#identity-program-specifications

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.