dolph

OpenStack Identity API v3

The Identity API primarily fulfills authentication and authorization needs within OpenStack, and is intended to provide a programmatic facade in front of existing authentication and authorization system(s).

The Identity API also provides endpoint discovery through a service catalog, identity management, project management, and a centralized repository for policy engine rule sets.

dolph

[ldap]

#
# Options defined in keystone
#

# URL for connecting to the LDAP server. (string value)
#url=ldap://localhost

# User BindDN to query the LDAP server. (string value)

dolph

These may land in Juno RC1:

• Make the default cache time more explicit in code
• Bug 1365147: Add test for getting a token with inherited role
• Bug 1367113: Templated catalog backend V3 not implemented
• WiP: Script to sync oslo (WIP)
• Bug 1308778: add --rebuild option for ssl/pki_setup
• Bug 1366589: Add V3 JSON Home support to GET /
• Bug 1324610: switch from sample_config.sh to oslo-config-generator
• Bug 1331882: [trustor_user_id not available in v2 trust to

dolph

Key New Features

• PKIZ is a new token provider available for users of PKI tokens, which simply adds zlib-based compression to traditional PKI tokens.
• Database migrations for releases prior to Havana have been dropped, meaning that you must upgrade to the Juno release from either a Havana or Icehouse deployment.
• Proxy methods from the identity backend to the assignment backend (created to provide backwards compatibility as a result of the split of the Assignment backend from the Identity backend), have been removed. This should only affect custom, out-of-tree API extensions.
• The hashing algorithm used for PKI tokens has been made configurable (the default is still MD5, but the Keystone team recommends that deployments migrate to SHA256).
• Identity-driver-configuration-per-domain now supports Internet domain names of arbitrary hierarchical complexity (for example, customer.cloud.example.com).
• Service names were added to the v3 service catalog.
• The LDAP identity backend now supports

dolph

Keybase proof

I hereby claim:

• I am dolph on github.
• I am dolph (https://keybase.io/dolph) on keybase.
• I have a public key whose fingerprint is C1B5 629D E7A3 C2E7 3CF3 D665 7BC8 38D0 688A 4993

To claim this, I am signing this object:

dolph

class BaseModel(object):
    def __init__(self, id=None):
        self.id = id or uuid.uuid4().hex

    @property
    def name(self):
        return self._name


class ProjectModel(BaseModel):

dolph

set -e

git ready stable/kilo

git review -X 167124 # Apr 15, 2015 7:54 PM
tox -e py27 -e pep8
git review -y

git review -X 167141 # May 6, 2015 12:46 PM
tox -e py27 -e pep8

dolph

#!/bin/bash
set -e

unset OS_TOKEN
unset OS_ENDPOINT

# mysql -ukeystone -pkeystone -e "drop database keystone; create database keystone;"
# ~/openstack/keystone/.tox/py27/bin/keystone-manage db_sync

export OS_IDENTITY_API_VERSION=2.0

dolph

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations

dolph

[dashboard]
title = My Reviews
description =
foreach =

[section "In progress"]
query = is:open owner:self -Workflow-1 -label:Verified<=-1 -label:Code-Review-1

[section "Needs attention"]
query = is:open owner:self (Workflow-1 OR label:Verified<=-1 OR label:Code-Review<=-1)