fa16882507
Trust scoped tokens are handled incorectly when making requests via the ec2tokens API, meaning that the restrictions enforced by trust-scoped tokens are not respected when obtaining a token via ec2token signature validation. Storing the trust_id in the blob associated with the ec2 keypair, and passing that id in the metadata when requesting a v2 token solves the issue. Change-Id: I52566384d7813ef0e2f20fb94a5076386457ff02 Closes-Bug: #1242597 |
||
---|---|---|
bin | ||
doc | ||
etc | ||
examples/pki | ||
httpd | ||
keystone | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.rst | ||
babel.cfg | ||
openstack-common.conf | ||
requirements.txt | ||
run_tests.sh | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
OpenStack Keystone
Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.
Developer documentation, the source of which is in
doc/source/
, is published at:
The API specification is available at:
The API documentation is available at:
The canonical client library is available at:
Documentation for cloud administrators is available at:
The source of documentation for cloud administrators is available at:
Information about our team meeting is available at:
Bugs and feature requests are tracked on Launchpad at:
Future design work is tracked at:
Contributors are encouraged to join IRC (#openstack-dev
on freenode):
For information on contributing to Keystone, see
CONTRIBUTING.rst
.