Skip to end of metadata
Go to start of metadata

OpenStack Identity (Keystone)

Keystone is a cloud identity service written in Python.

Project Description

CODE Repository - https://github.com/openstack/keystone Releases - https://github.com/openstack/keystone/tags DOCUMENTATION For Users - http://docs.openstack.org/ For Contributors - http://keystone.openstack.org/ COMMUNITY Wiki - http://wiki.openstack.org/keystone Meetings - http://wiki.openstack.org/Meetings/KeystoneMeeting Mailing Lists - http://wiki.openstack.org/MailingLists IRC - #openstack on http://freenode.net/

 

Active Project Series

Series

Summary

Status

Active Milestone(s)

Keystone future series

The future series tracks work that is necessary but will not land (or be completed) in the current development cycle.

Future

Keystone grizzly series

This is the "grizzly" series.

Current Stable Release

 

Keystone havana series

This is the "havana" series.

Active Development

Keystone icehouse series

This is the "icehouse" series.

Future

Project Code:

openstack/keystone

Repository URL:

https://github.com/openstack/keystone

Launchpad Project:

OpenStack Identity (Keystone)

Project Activity Dashboard:

Project Activity

Project Contributors Activity:

Project Contributors Activity

Repository

Active Bugs in the past 7 days

Bug Importance Reporter Assigned Date Assigned Assignee Status
OSSA 2014-029 Catalog replacement allows reading config (CVE-2014-3621) Medium Brant Knudson (info) Sep 16, 2014 Tristan Cacqueray Fix Committed
Token are not revoked when a role from group is revoked Medium Kévin Bernard-Allies (info) Sep 15, 2014 Kévin Bernard-Allies Fix Committed
local configuration is not allowed in "keystone-paste.ini" Undecided Dave Chen (info) Sep 15, 2014 Dave Chen New
keystone logs for unit tests are too verbose Medium Henry Nash (info) Sep 13, 2014 Henry Nash Fix Committed
fakeldap search with SUBTREE scope does not return the base entry Undecided Richard Megginson (info) Sep 13, 2014 Brant Knudson In Progress
Keystone2Keystone extension leaks file descriptors Low Marek Denis (info) Sep 12, 2014 Marek Denis New
empty username/userid results in unhelpful error Undecided Kevin Benton (info) Sep 11, 2014 Kevin Benton In Progress
Trust execution fails when trustor is in LDAP Medium Adam Young (info) Sep 10, 2014 Adam Young In Progress
Extract Assignment related tests from IdentityTestCase Low Samuel de Medeiros Queiroz (info) Sep 10, 2014 Samuel de Medeiros Queiroz In Progress
Assignment backends raise non-suggestive exception in grant CRUD Undecided Samuel de Medeiros Queiroz (info) Sep 10, 2014 Samuel de Medeiros Queiroz New
Add test for grant CRUD on test_backend Undecided Samuel de Medeiros Queiroz (info) Sep 9, 2014 Samuel de Medeiros Queiroz New
Templated catalog backend not implemented Wishlist Marcos Lobo (info) Sep 9, 2014 Marcos Lobo In Progress
Formatting error in debug logging Medium David Stanek (info) Sep 8, 2014 David Stanek Fix Committed
Internal error Enabling Federation Extension Low Marcos Lobo (info) Sep 8, 2014 Steve Martinelli Fix Committed
Setting autodoc_tree_index_modules makes documentation builds fail High David Stanek (info) Sep 8, 2014 David Stanek Confirmed
Can't use sql as domain-specific driver Medium Mark Miller (info) Sep 8, 2014 Morgan Fainberg In Progress
keystone user-role-delete operation fails when user no longer exists in backend Medium Mike Dorman (info) Sep 8, 2014 Lance Bragstad Fix Committed
ad248f6 jsonutils sync breaks if simplejson < 2.2.0 (under python 2.6) Medium Matt Riedemann (info) Sep 7, 2014 Brant Knudson Fix Committed
JSON Home support for GET / Medium Brant Knudson (info) Sep 7, 2014 Brant Knudson Fix Committed
Using LDAP assignments, delete group doesn't remove assignments Low Brant Knudson (info) Sep 7, 2014 Brant Knudson Fix Committed
authenticate ldap binary fields fail when converting fields to utf8 Medium David Bingham (info) Sep 5, 2014 Nathan Kinder Fix Committed
client connection leak to memcached under eventlet due to threadlocal Medium Aleksandr Shaposhnikov (info) Sep 5, 2014 Morgan Fainberg In Progress
keystone behavior when one memcache backend is down Medium Sergii Golovatiuk (info) Sep 5, 2014 Morgan Fainberg In Progress
LDAP group role assignment becomes user assignment Medium Brant Knudson (info) Sep 5, 2014 Brant Knudson Fix Committed
OpenLDAP 2.3: naming attribute ... is not present in entry; Naming violation Medium eraser (info) Sep 5, 2014 Sasikanth Eda Fix Committed
Update Endpoint Filter APIs Low Bob Thyne (info) Sep 4, 2014 Bob Thyne In Progress
Endpoint grouping extension does handle deletion callbacks Medium Dolph Mathews (info) Sep 3, 2014 Bob Thyne Fix Committed
Warn against sorting requirements Low Dolph Mathews (info) Sep 3, 2014 Dolph Mathews Fix Committed
KvsInheritanceTests does not use backend KVS Low Samuel de Medeiros Queiroz (info) Sep 2, 2014 Samuel de Medeiros Queiroz Fix Committed
Keystone doesn't handle user_attribute_id mapping High Haneef Ali (info) Aug 28, 2014 Guang Yee Fix Committed
Wrong return from list role assignments on KVS Low Samuel de Medeiros Queiroz (info) Aug 25, 2014 Samuel de Medeiros Queiroz In Progress
Add memcached_backend option in keystone.conf Wishlist Kui Shi (info) Aug 23, 2014 Kui Shi In Progress
List role assignments filters performance Wishlist Samuel de Medeiros Queiroz (info) Aug 22, 2014 Samuel de Medeiros Queiroz In Progress
IdentityError in TokensV3TestJSON.test_rescope_token Undecided Davanum Srinivas (DIMS) (info) Jul 31, 2014 Brant Knudson In Progress
Filtering services by name doesn't work Wishlist Juan Antonio Osorio Robles (info) Jul 30, 2014 Juan Antonio Osorio Robles Fix Committed
Unittests do not succeed with random PYTHONHASHSEED value Medium Clark Boylan (info) Jul 28, 2014 Dolph Mathews In Progress
Keystone token poor performance. Need index on user_id Medium Haneef Ali (info) Jun 23, 2014 Justin Shepherd In Progress
trustor_user_id not available in v2 trust token Wishlist Jamie Lennox (info) Jun 20, 2014 wanghong Fix Committed
do not use default=None for config options Low Christian Berendt (info) Jun 20, 2014 wanghong Fix Committed
mod_wsgi exception processing UTF-8 Header Undecided Adam Young (info) Apr 28, 2014 Adam Young Fix Committed
V3 list users filter by email address throws exception Medium Haneef Ali (info) Apr 14, 2014 Juan Antonio Osorio Robles Fix Committed
revocation events: deleting a token revokes all tokens with same expiration High Morgan Fainberg (info) Mar 14, 2014 Morgan Fainberg Fix Committed
LDAP Identity Driver does not call delete_user or delete_group on the LDAP assignment api High Morgan Fainberg (info) Mar 12, 2014 Brant Knudson Fix Committed
Some server-side 'SSL' communication fails to check certificates (use of HTTPSConnection) High Thierry Carrez (info) Feb 26, 2014 Daniel Gollub Fix Committed
Replace assertEqual(None, *) with assertIsNone in tests Undecided Jia Dong (info) Feb 25, 2014 lvdongbing In Progress
ldap/core deleteTree not always supported Medium Richard Megginson (info) Feb 20, 2014 Richard Megginson Fix Committed
v3 PKI token requests result in 500 error when run in apache Medium Jeremy Agee (info) Feb 5, 2014 Adam Young Confirmed
range method is not same in py3.x and py2.x Low lizheming (info) Jan 13, 2014 lizheming In Progress
DB2 disconnect not handled pessimistically Medium David Peraza (info) Sep 26, 2013 Brant Knudson Fix Committed
Keystone token hashing is MD5 Wishlist Adam Young (info) Aug 30, 2013 Brant Knudson Fix Committed
Split backend does not provide ldap.set_option(ldap.OPT_X_TLS_CACERTFILE) for ldaps connections Wishlist Mark Miller (info) Aug 15, 2013 Nathan Kinder In Progress
Broken mysql connection causes internal server error Undecided Jan Provaznik (info) New
Check token not exposed in the user-facing library API Undecided Fernando Ribeiro (info) New
DB2 deadlock error not detected Undecided Bryan Jones (info) New
Keystone cannot cope with being behind an SSL terminator for version list Undecided Andrey Pavlov (info) New
Keystone fails to start: "CRITICAL log logging_excepthook No module named utils" Undecided Marc Koderer (info) New
Keystone should support HEAD requests for all GET actions Wishlist Morgan Fainberg (info) Triaged
Middeware auth_token fails with scoped federated saml token Undecided Mahesh Sawaiker (info) New
Migration from havana to icehouse takes forever if large subset of data is present Undecided David Hill (info) New
Multiple services with same name and type Undecided eraser (info) New
Openstack services should support SIGHUP signal Low Bogdan Dobrelya (info) Confirmed
UnicodeDecodeError using ldap backend Low Alvaro Lopez (info) New
calling curl "HEAD" ops time out on /v3/auth/tokens Low Mike Abrams (info) Confirmed
keystoneauth middleware not domain aware (keystone v3 issue) Undecided Donagh McCabe (info) Incomplete
oslo.db's master breaks unittest in OS projects Undecided Victor Sergeyev (info) Fix Committed
oslo.middleware.sizelimit configuration conflict Undecided Richard Jones (info) New
tempest.api.identity.admin.v3.test_credentials.CredentialsTestJSON create credential unauthorized Undecided Steve Martinelli (info) New

 

Active Reviews in the past 7 days

Review

Owner

Status

Created

Updated

Updated from global requirements

NEW

Aug 4, 2014

Sep 15, 2014

Imported Translations from Transifex

NEW

Sep 11, 2014

Sep 17, 2014

Updated from global requirements

NEW

Sep 13, 2014

Sep 13, 2014

Updated from global requirements

NEW

Sep 13, 2014

Sep 15, 2014

Safer check for enabled in trusts

Adam Young

NEW

Sep 10, 2014

Sep 17, 2014

Implemented caching in identity layer.

Ajaya Agrawal

NEW

Jul 30, 2014

Sep 13, 2014

LDAP additional attribute mappings validation

Alexander Makarov

NEW

Sep 3, 2014

Sep 15, 2014

Add delete notification to endpoint grouping

Bob Thyne

MERGED

Aug 29, 2014

Sep 14, 2014

Update Endpoint Filter API

Bob Thyne

NEW

Sep 17, 2014

Sep 17, 2014

Refactor keystone-all and http/keystone

Brant Knudson

NEW

Apr 28, 2014

Sep 12, 2014

add oslo.utils for testing with Keystoneclient master

Brant Knudson

ABANDONED

Aug 17, 2014

Sep 12, 2014

Add V3 JSON Home support to GET /

Brant Knudson

MERGED

Sep 2, 2014

Sep 12, 2014

Fix LDAP group role assignment listing

Brant Knudson

MERGED

Sep 5, 2014

Sep 13, 2014

Add characterization test for cleanup role assignments for group

Brant Knudson

MERGED

Sep 7, 2014

Sep 13, 2014

Fix delete group cleans up role assignments with LDAP

Brant Knudson

MERGED

Sep 7, 2014

Sep 15, 2014

Fix using local ID to clean up user/group assignments

Brant Knudson

MERGED

Sep 7, 2014

Sep 13, 2014

Sync jsonutils from oslo-incubator 32e7f0b5

Brant Knudson

MERGED

Sep 7, 2014

Sep 12, 2014

Move unit tests from test_backend_ldap

Brant Knudson

NEW

Sep 8, 2014

Sep 16, 2014

Tests raise exception if logging problem

Brant Knudson

NEW

Sep 8, 2014

Sep 16, 2014

Enhance FakeLdap to require base entry for subtree search

Brant Knudson

NEW

Sep 13, 2014

Sep 15, 2014

Refactor FakeLdap to share delete code

Brant Knudson

NEW

Sep 13, 2014

Sep 15, 2014

Fix fakeldap search_s documentation

Brant Knudson

NEW

Sep 13, 2014

Sep 13, 2014

local configuration should be allowed in "keystone-paste.ini"

Dave Chen

NEW

Sep 15, 2014

Sep 16, 2014

Make the default cache time more explicit in code

David Stanek

NEW

Aug 12, 2014

Sep 15, 2014

Adds pipeline hints to the example paste config

David Stanek

MERGED

Sep 8, 2014

Sep 13, 2014

Adds hint about filter placement to extension docs

David Stanek

MERGED

Sep 8, 2014

Sep 15, 2014

Fixes an issue with the XMLEquals matcher

Dolph Mathews

NEW

Aug 15, 2014

Sep 12, 2014

LDAP: refactor use of "1.1" OID

Dolph Mathews

MERGED

Sep 10, 2014

Sep 12, 2014

Remove extraenous instantiations of managers

Dolph Mathews

NEW

Sep 11, 2014

Sep 12, 2014

Add documentation on LDAP 'user_id_attribute'

Eric N. Vander Weele

NEW

May 13, 2014

Sep 13, 2014

Use id attribute map for read-only LDAP

Guang Yee

MERGED

Aug 29, 2014

Sep 13, 2014

Ensure identity sql driver supports domain-specific configuration.

Henry Nash

NEW

Sep 12, 2014

Sep 17, 2014

Reduce unit test log level for notifications.

Henry Nash

MERGED

Sep 13, 2014

Sep 15, 2014

Initial kerberos plugin implementation.

Jose Castro Leon

ABANDONED

Feb 18, 2014

Sep 12, 2014

Enable filtering of services by name

Juan Antonio Osorio Robles

MERGED

Jul 31, 2014

Sep 12, 2014

Adding an index on token.user_id

Justin Shepherd

ABANDONED

Jun 23, 2014

Sep 17, 2014

Fail on empty userId/username before query

Kevin Benton

NEW

Sep 11, 2014

Sep 15, 2014

Catalog driver generates v3 catalog from v2 catalog

Kieran Spear

NEW

Aug 28, 2014

Sep 12, 2014

Add memcached_backend configuration

Kui Shi

NEW

Sep 17, 2014

Sep 17, 2014

Revoke the tokens of group members when a group role is revoked

Kévin Bernard-Allies

MERGED

Sep 15, 2014

Sep 16, 2014

Allow users to clean up role assignments.

Lance Bragstad

NEW

Sep 8, 2014

Sep 17, 2014

Implement group related methods for LDAP backend

Marcos Lobo

NEW

Jun 24, 2014

Sep 17, 2014

Templated catalog backend not implemented

Marcos Lobo

NEW

Sep 9, 2014

Sep 15, 2014

Change pysaml2 comment in test-requrements.txt.

Marek Denis

MERGED

Sep 16, 2014

Sep 16, 2014

Add pysaml2 to requirements.txt.

Marek Denis

ABANDONED

Sep 16, 2014

Sep 16, 2014

Update sample config

Morgan Fainberg

ABANDONED

Sep 12, 2014

Sep 15, 2014

Avoid conversion of binary LDAP values

Nathan Kinder

MERGED

Sep 6, 2014

Sep 15, 2014

Set LDAP certificate trust options for LDAPS and TLS

Nathan Kinder

NEW

Sep 12, 2014

Sep 14, 2014

Add a simple module to work with filters and DNs to LDAP backend

Razumovsky Peter

NEW

Aug 28, 2014

Sep 16, 2014

Refactor LDAP backend using context manager for connection

Razumovsky Peter

MERGED

Sep 1, 2014

Sep 14, 2014

Correct typos in keystone/common/base64utils.py docstrings

Razumovsky Peter

NEW

Sep 8, 2014

Sep 12, 2014

ldap/core deleteTree not always supported

Richard Megginson

MERGED

Feb 20, 2014

Sep 15, 2014

Inherited roles to projects

Rodrigo Duarte

NEW

Aug 29, 2014

Sep 12, 2014

Add parent_id field to projects

Rodrigo Duarte

NEW

Aug 29, 2014

Sep 17, 2014

Create, update and delete hierarchical projects

Rodrigo Duarte

NEW

Aug 29, 2014

Sep 12, 2014

Base methods to handle hierarchical projects

Rodrigo Duarte

NEW

Aug 29, 2014

Sep 12, 2014

DO NOT MERGE - Squashed commit of the following:

Ryan Hsu

ABANDONED

Sep 15, 2014

Sep 15, 2014

Improve list role assignments filters performance

Samuel de Medeiros Queiroz

NEW

Sep 2, 2014

Sep 12, 2014

Making KvsInheritanceTests use backend KVS

Samuel de Medeiros Queiroz

MERGED

Sep 2, 2014

Sep 15, 2014

Add test for getting a token with inherited role

Samuel de Medeiros Queiroz

NEW

Sep 4, 2014

Sep 15, 2014

Extract Assignment tests from IdentityTestCase

Samuel de Medeiros Queiroz

NEW

Sep 15, 2014

Sep 16, 2014

Fix user-role-add in LDAP backend

Sasikanth Eda

NEW

Sep 5, 2014

Sep 16, 2014

Update the docs that list sections in keystone.conf

Steve Martinelli

MERGED

Sep 3, 2014

Sep 12, 2014

Make the extension docs a top level entry in the landing page

Steve Martinelli

MERGED

Sep 4, 2014

Sep 12, 2014

Use oslo_debug_helper and remove our own version

Steve Martinelli

MERGED

Sep 5, 2014

Sep 13, 2014

Document Keystone2Keystone federation

Steve Martinelli

MERGED

Sep 10, 2014

Sep 16, 2014

don't write python bytecode while testing

Steve Martinelli

ABANDONED

Sep 12, 2014

Sep 16, 2014

Adds a whitelist for endpoint catalog substitution

Tristan Cacqueray

MERGED

Sep 16, 2014

Sep 16, 2014

Fix typo on cache backend module

Tushar Kalra

NEW

Aug 26, 2014

Sep 17, 2014

Ensure a consistent transactional context is used

Victor Sergeyev

MERGED

Sep 9, 2014

Sep 15, 2014

Add a pool of memcached clients

Yuriy Taraday

NEW

Sep 5, 2014

Sep 17, 2014

add --rebuild option for ssl/pki_setup

wanghong

NEW

Apr 17, 2014

Sep 15, 2014

trustor_user_id not available in v2 trust token

wanghong

MERGED

Jun 23, 2014

Sep 13, 2014

Notes

Icon
 

  • No labels