OpenStack Identity (Keystone) Middleware

Go to file

Colleen Murphy 5f093bf5ee Add validation of app cred access rules This commit adds a validation step in the auth_token middleware to check for the presence of an access_rules attribute in an application credential token and to validate the request against the permissions granted for that token. During token validation it sends a header to keystone to indicate that it is capable of validating these access rules, and not providing this header for a token like this would result in the token failing validation. This disregards access rules for a service request made by a service on behalf of a user, such as nova making a request to glance, because such a request is not under the control of the user and is not expected to be explicitly allowed in the access rules. bp whitelist-extension-for-app-creds Depends-On: https://review.opendev.org/670377 Change-Id: I185e0541d5df538d74edadf9976b3034a2470c88		2019-07-15 16:05:59 -07:00
config-generator	generate sample config automatically	2016-05-12 06:38:40 +00:00
doc	Merge "Add a new option to choose the Identity endpoint"	2019-06-12 15:47:50 +00:00
keystonemiddleware	Add validation of app cred access rules	2019-07-15 16:05:59 -07:00
releasenotes	Add validation of app cred access rules	2019-07-15 16:05:59 -07:00
.coveragerc	Update .coveragerc after the removal of respective directory	2016-10-24 18:03:12 +05:30
.gitignore	Updates for stestr	2017-10-02 21:57:27 -05:00
.gitreview	OpenDev Migration Patch	2019-04-19 19:35:58 +00:00
.stestr.conf	Updates for stestr	2017-10-02 21:57:27 -05:00
.zuul.yaml	Add Python 3 Train unit tests	2019-06-26 18:44:50 -04:00
CONTRIBUTING.rst	Use https for *.openstack.org references	2017-02-05 20:36:42 -08:00
HACKING.rst	Update URLs in documentation	2017-07-20 16:38:16 +08:00
LICENSE	Initial commit	2014-06-19 15:45:29 -07:00
README.rst	Trivial: Update pypi url to new url	2018-12-16 22:44:50 +08:00
babel.cfg	Initial commit	2014-06-19 15:45:29 -07:00
lower-constraints.txt	Add validation of app cred access rules	2019-07-15 16:05:59 -07:00
requirements.txt	Add validation of app cred access rules	2019-07-15 16:05:59 -07:00
setup.cfg	Drop py35 jobs	2019-03-01 11:37:06 +01:00
setup.py	Updated from global requirements	2017-04-06 22:03:25 +00:00
test-requirements.txt	Blacklist bandit 1.6.0 & cap sphinx for 2.7	2019-05-20 11:26:34 -05:00
tox.ini	Add Python 3 Train unit tests	2019-06-26 18:44:50 -04:00

README.rst

Team and repository tags

Middleware for the OpenStack Identity API (Keystone)

This package contains middleware modules designed to provide authentication and authorization features to web services other than Keystone <https://github.com/openstack/keystone>. The most prominent module is keystonemiddleware.auth_token. This package does not expose any CLI or Python API features.

For information on contributing, see CONTRIBUTING.rst.

License: Apache License, Version 2.0
Documentation: https://docs.openstack.org/keystonemiddleware/latest/
Source: https://git.openstack.org/cgit/openstack/keystonemiddleware
Bugs: https://bugs.launchpad.net/keystonemiddleware
Release notes: https://docs.openstack.org/releasenotes/keystonemiddleware/

For any other information, refer to the parent project, Keystone:

https://github.com/openstack/keystone