Commits on Nov 28, 2012
  1. Ensure token expiration is maintained

    dolph authored and ttx committed Nov 28, 2012
    Ensure token expiration is maintained. Fixes bug 1079216.
    Change-Id: I0ce53f106ab6d95916fdc9797cb9d8bf09132a91
Commits on Nov 20, 2012
Commits on Nov 16, 2012
  1. Ensures User is member of tenant in ec2 validation

    vishvananda authored and ttx committed Nov 13, 2012
    It is possible that a user is no longer a member of a tenant when
    they attempt to use an ec2 token. This checks to make sure that
    the user still has at least one valid role in the tenant before
    authenticating them. This should automatically work for the s3
    version as well since it is a subclass.
    Fixes bug 1064914
    Change-Id: Ieb237bae936a7b00ce7ba4d4c59aec6c7a69ec21
Commits on Nov 15, 2012
  1. Properly list tokens with a null tenant

    vishvananda authored and dolph committed Nov 13, 2012
    We store the tenant as a null value in json, so checking to see
    if it exists is not sufficient. This makes the check safer, checking
    for existance and not null before continuing.
    Fixes bug 1078497
    Change-Id: Ida1b958e5df6f93a30efae0d3f71df668751ff81
Commits on Nov 1, 2012
  1. Merge "bug 1068674" into stable/folsom

    Jenkins authored and openstack-gerrit committed Nov 1, 2012
Commits on Oct 31, 2012
  1. pin sqlalchemy to 0.7

    mapleoin authored and Sean Dague committed Oct 31, 2012
    sqlalchemy 0.8.0b1 breaks some dependencies such as sqlalchemy-migrate, pin the version until we fix them
    Fixes bug #1073569
    Change-Id: I6620276bf8f0a7cbc1d51aa226cd33c512e59a48
Commits on Oct 25, 2012
  1. bug 1068674

    krtyyy authored and heckj committed Oct 19, 2012
    Redo part of bp/sql-identiy-pam that was accidently undone by bug 968519.
    We encapsulated the call to utils.check_password with a local method,
    _check_password, to make it easier to subclass Identity. This allows us
    to use a different password checker without having to replace the entire
    authenticate method in our code.  The fix for 968519 accidently removed
    the call to the local method. *This* fix puts that call back in.
    Updating comment because Jenkins failed due to build timeout in
    unrelated test.
    (cherry picked from commit 0dc2e9c)
    Change-Id: I69a3ba2d5a62e4c600edab7ef2cc07413c7360cc
  2. replacing PKI token detection from content length to content prefix. …

    radez authored and heckj committed Oct 8, 2012
    …(bug 1060389)
    Change-Id: I68b0e4126f2e339c04271fd982f5f5dab198c630
Commits on Oct 23, 2012
  1. Fixed bug 1068851. Refreshed new crypto for the SSL tests.

    guang-yee authored and gerardo8a committed Oct 22, 2012
    Change-Id: Ib37547923a9da347835a9b2c51deae6b954e1ead
    (cherry picked from commit 4f71ec9)
Commits on Oct 13, 2012
  1. Set defaultbranch in .gitreview to stable/folsom

    markmc committed Oct 13, 2012
    This allows people run git-review without any arguments.
    Change-Id: I2b2488ffffd783b64e5c760324e7d4a00d5a39db
Commits on Sep 28, 2012
  1. Bump next version to 2012.2.1

    ttx committed Sep 28, 2012
    Open stable/folsom by bumping next version to 2012.2.1.
    Change-Id: I9a705c14ac821cca48cb769d5c6cd9f7ae760f6f
Commits on Sep 25, 2012
  1. utf-8 encode user keys in memcache (bug 1056373)

    dolph authored and heckj committed Sep 25, 2012
    Change-Id: I026dd4282742213e69c7aa02e109439b07a73c8e
    (cherry picked from commit 431e50a)
Commits on Sep 13, 2012
  1. Limit token revocation to tenant (bug 1050025)

    dolph committed Sep 13, 2012
    Change-Id: I7ebe0192b4900ad9475119a6d582233b37b31fb4
  2. Fixed trivally true tests (bug 983304)

    dolph committed Sep 13, 2012
    Change-Id: I3c66092ce54cab6d972f78857b4c386b69dcabe3
  3. Merge "Implement token endpoint list (bug 1006777)"

    Jenkins authored and openstack-gerrit committed Sep 13, 2012
Commits on Sep 12, 2012
  1. Merge "LDAP backend attribute fixes"

    Jenkins authored and openstack-gerrit committed Sep 12, 2012
  2. Delete user tokens after role grant/revoke

    dolph authored and ttx committed Sep 7, 2012
    Delete user tokens when a new role is granted or revoked, in order to
    prevent old tokens to continue to be valid for the original set of
    roles for the remainder of the token's lifespan.
    Addresses CVE-2012-4413.
    Fixes bug 1041396.
    Change-Id: Iecf891f274b67408f568b949a7028362c4c30312
Commits on Sep 11, 2012
  1. LDAP backend attribute fixes

    dyarnell authored and Adam Young committed Sep 11, 2012
    R Boden and Adam Young assissted on this patch.
    There are two issues with the TenantAPI for the ldap Identity.
    There is a mistaken attribute_mapping entry, which was mapping
    'description' into 'desc'. Per RFC 2256 there should be no need to map
    this as the attribute as it is already 'description' in the LDAP
    schema. I am not aware of any other schema that would use 'desc'
    attribute for a 'groupOfNames' object.
    Since there is no support (yet) for users, tenants or roles to be
    enabled/disabled there needs to be a attribute_ignore set for the
    'enabled' attribute.
    Bug 980085
    Change-Id: I40afa7a1345c45c119e699bf4fd4c99652f66c2f
  2. Document memcached host system time configuration.

    Maru Newby
    Maru Newby committed Sep 7, 2012
     * Addresses 1022614
    Change-Id: I81617c4eecd6fdfdb3f01eb674f7308d9c93baaa
Commits on Sep 10, 2012
  1. Merge "Cleanup PEP8 errors from Common"

    Jenkins authored and openstack-gerrit committed Sep 10, 2012
  2. Implementation of tenant,user,role list functions for ldap

    dyarnell authored and Adam Young committed Apr 16, 2012
    Bug 983304
    Defines functions for the retrival and return of the tenant, user and
    role objects in ldap.  They will return in whatever order LDAP provides
    Additional fix for pep8 whitespace violation.
    Additional change to add some minimal unit tests for the new functions
    Tests have successfully run against a live LDAP server
    Change-Id: I368ae4097bb9bcdaab7bca0ccc2f9204d58f69d8
  3. Merge "Initialize Metadata variable"

    Jenkins authored and openstack-gerrit committed Sep 10, 2012
  4. Merge "PEP8 fix E251"

    Jenkins authored and openstack-gerrit committed Sep 10, 2012
Commits on Sep 8, 2012
  1. Initialize Metadata variable

    Adam Young
    Adam Young committed Sep 8, 2012
    Otherwise, Metadata hands back as None, which breaks later on in the
    Authentication process. This is how the SQL backend worksi as well.
    Bug 1047848
    Change-Id: I53022bff73267c9526d69e1d2c8ec3c87b3b89fe
Commits on Sep 7, 2012
  1. Cleanup PEP8 errors from Common

    Adam Young
    Adam Young committed Sep 7, 2012
    Change-Id: Ibd4fec8b38ba33168c271a8efed65dbf598bd372
Commits on Sep 6, 2012
  1. List tokens for memcached backend

    Adam Young
    Adam Young committed Sep 6, 2012
    Creates and updates an index of tokens in a memcache entry keyed
    by the user id
    Bug 1046905
    Change-Id: If11d6b87b0a8ae5f8349f1ebb31790e943c70fbf
  2. Merge "Sync latest cfg from openstack-common"

    Jenkins authored and openstack-gerrit committed Sep 6, 2012
  3. Implement token endpoint list (bug 1006777)

    dolph committed Sep 6, 2012
    Change-Id: Ia7dad06ec763994ce0beb171c481ab01c20af6cb
  4. Ignore eclipse files.

    Adam Young
    Adam Young committed Sep 6, 2012
    Change-Id: I3a9bb25b1fbdc696cee45e97e67dfb9af35e7718
Commits on Sep 5, 2012
  1. Sync some misc changes from openstack-common

    markmc committed Sep 5, 2012
    Syncs the following changes from stable/folsom:
     769ec65 Don't trap then re-raise ImportError.
     202b8b7 Fix spelling typos
     01b4f31 Support for marshalling datetime while preserving microseconds.
     c11a0d4 Remove unused imports
     9e1bd9d Add missing convert_instances arg.
     2d6f847 Track to_primitive() depth after iteritems().
     8c74b37 Improve exception from importutils.import_class().
     1fb2361 add import_object_ns function
    Change-Id: Id5885f4a00207cf70f15f195a154c45903111b8b