openstack
/
keystone
Code Issues Proposed changes
OpenStack Identity (Keystone)
14,143 Commits 9 Branches 40 Tags 231 MiB
Python 99.5%
Shell 0.5%
Go to file
Colleen Murphy ea7acd8036 Implement system reader role for trusts API 
Currently, the trusts API only allows the "project" scope type, and
moreover inconsistently enforces different actions based on admin status
or trustor/trustee relationship: for example, an "admin" can list all
trusts but not filter by trustor or trustee and cannot get details for a
single trust, not can they list or get trust roles. This patch changes
the behavior of the trusts API to allow a system reader to list and get
details for trusts and trust roles, where previously only a trustor or
trustee could do so. This helps make the different actions in the trusts
API consistent with one another and makes the API more useful to a
deployment auditor. A subsequent patch will add system admin
functionality.

This change does not use the oslo.policy deprecation feature for the
'identity:list_trusts_for_trustor' or 'identity:list_trusts_for_trustee'
policies as those are new policies introduced in 7717ed3.

Change-Id: I4e1482643e18fd46e937ffae8b3623cea2d2dd62
Partial-bug: #1818850
Partial-bug: #1818846
Related-Bug: #968696
 		2019-08-16 15:20:15 -07:00
api-ref/source Merge "Add new attribute to the federation protocol API" 2019-07-30 18:49:30 +00:00
config-generator Move policy generator config to config-generator/ 2017-04-21 21:47:32 +00:00
devstack Added keystone identity provider installation to Devstack plugin 2019-03-19 11:22:38 -04:00
doc Move list_trusts enforcement to default policies 2019-08-16 15:10:49 -07:00
etc DRY: Remove redundant policies from policy.v3cloudsample.json 2019-04-02 19:09:53 +00:00
examples/pki Remove support for PKI and PKIz tokens 2016-11-01 22:05:01 +00:00
httpd Remove admin interface in sample Apache file 2018-03-24 12:56:02 +01:00
keystone Implement system reader role for trusts API 2019-08-16 15:20:15 -07:00
keystone_tempest_plugin Replace git.openstack.org URLs with opendev.org URLs 2019-04-24 11:51:00 +08:00
playbooks/legacy/keystone-dsvm-grenade-multinode OpenDev Migration Patch 2019-04-19 19:30:29 +00:00
rally-jobs fix rally docs url 2018-05-21 16:24:51 +08:00
releasenotes Merge "Allows to use application credentials through group membership" 2019-08-07 00:32:55 +00:00
tools Fix E731 flake8 2019-06-19 17:40:01 +05:30
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:27:58 +00:00
.gitignore Ignore .eggs dir as well 2018-07-04 12:39:20 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:30:29 +00:00
.mailmap update mailmap with gyee's new email 2015-11-03 16:12:01 -08:00
.stestr.conf Migrate to stestr 2017-09-22 11:07:09 -05:00
.zuul.yaml Update Python 3 test runtimes for Train 2019-05-09 17:35:22 +08:00
CONTRIBUTING.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
HACKING.rst Merge "Update links in keystone" 2017-10-06 16:10:56 +00:00
LICENSE Added Apache 2.0 License information. 2012-02-15 17:48:33 -08:00
README.rst Update api-ref location 2019-07-23 06:53:33 +02:00
babel.cfg setting up babel for i18n work 2012-06-21 18:03:09 -07:00
bindep.txt Fix bindep for SUSE 2019-02-14 16:50:33 +01:00
lower-constraints.txt Suppress policy deprecation warnings in unit tests 2019-08-05 14:23:17 -07:00
requirements.txt Suppress policy deprecation warnings in unit tests 2019-08-05 14:23:17 -07:00
setup.cfg Revert "Add JSON driver for access rules config" 2019-05-28 08:38:42 -07:00
setup.py Updated from global requirements 2017-03-06 01:10:37 +00:00
test-requirements.txt Use pycodestyle in place of pep8 2018-11-20 17:16:01 +00:00
tox.ini Docs: Make robust with using real links 2019-08-09 20:15:14 +02:00

README.rst

Team and repository tags

image

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://docs.openstack.org/api-ref/identity

The canonical client library is available at:

https://opendev.org/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://opendev.org/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Release notes is available at:

https://docs.openstack.org/releasenotes/keystone

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.