Commits on Aug 16, 2012
  1. Adding missing files to

    Fix to include files missing from generated tarballs.
    Fixes bug 1037010.
    Change-Id: I33a911e77cc364e761de0c45de7046eca58797b1
    ttx committed Aug 15, 2012
Commits on Aug 14, 2012
Commits on Aug 13, 2012
  1. Merge "Set example key_size to 1024."

    Jenkins committed with openstack-gerrit Aug 13, 2012
  2. Merge "fix broken link"

    Jenkins committed with openstack-gerrit Aug 13, 2012
Commits on Aug 12, 2012
  1. Simplify the sql backend deletion of users and tenants.

    There is a remaining problem in that the table definition permits dangling
    membership in tenants, and vice verca, but this change will make the fix for
    that easier to review, and make the code simpler and faster at the sametime.
    See bug 1000609 for the bug report that lead to examining this.
    Change-Id: Id7cd5fad7032779d352a7c577c8d10558091d767
    rbtcollins committed Aug 12, 2012
Commits on Aug 7, 2012
  1. Allow overloading of username and tenant name in the config files.

    Includes documentation and sample config file values.
    Bug 997700
    Patchset adds DocImpact flag for notifying doc team about these new
    config file values.
    Change-Id: Ibd3fade3f233a3b89a1c2feaa0a6b5a9569ad86c
    Adam Young committed with annegentle Jul 26, 2012
Commits on Aug 6, 2012
Commits on Aug 1, 2012
  1. Enabling SQL Catalog tests (bug 958950)

    Change-Id: I9d33d95ffa357b88f099a5a37aa4a139d93fd82f
    dolph committed Aug 1, 2012
  2. Use user home dir as default for cache

    This is a better and safer default, as it and minimizes the
    possibility that the cache directory will be prepopulated or
    unwritable, while still providing a reasonable value for the
    individual developer
    Creates a better exception for failure to create the cache
    Logs the name of the cache dir actually used.
    Bug 1031022
    Change-Id: Ia3718107e436ceb034e3a89318ac05265d66d6f1
    Adam Young committed Jul 31, 2012
Commits on Jul 31, 2012
  1. Set example key_size to 1024.

    Updates the default key_size and config file example to 1024.
    Using the previous value of 2048 would cause database truncation
    and/or column size errors because the 'id' column isn't big enough
    to hold that much data.
    Works around LP Bug #1031191.
    Change-Id: Ic28bf0945a65fb80a4b610a4de7afa485d09e2bb
    dprince committed Jul 31, 2012
  2. Log errors when signing/verifying.

    The patch updates the PKI cms_verify and cms_sign_text methods so
    that they log full error messages to the log file when errors occur.
    These error messages will now include useful output from the openssl
    commands that failed (which should help end users better diagnose
    configuration issues with PKI). For example:
     2012-07-31 11:10:53    ERROR [keystone.common.cms] Error opening signing
     key file /etc/keystone/ssl/private/signing_key.pem
     140380567730016:error:0200100D:system library:fopen:Permission
     140380567730016:error:20074002:BIO routines:FILE_CTRL:system
     unable to load signing key file
    Previously you'd just get an error that looked like this:
     CalledProcessError: Command 'openssl' returned non-zero exit status 3
    Fixes LP Bug #1031317.
    Change-Id: I8990ef057488fe71d077a02b443da464f99fcd94
    dprince committed Jul 31, 2012
  3. Implement python version of migration 002.

    This patch adds a python version of keystone migration 002 which
    supports MySQL and PostgreSQL. SQLite still uses manual .sql files
    for now...
    Fixes LP Bug #1031164.
    Change-Id: I2f4f7b0ea42040994bd8e1711ccbbb6d690c868f
    dprince committed Jul 31, 2012
Commits on Jul 30, 2012
  1. Set default signing_dir based on os USER.

    Updates the Keystone auth_token middleware so that it sets the
    default signing_dir name base on the OS username obtained
    from the environment. This should help resolve potential permissions
    issues which can occur when multiple OpenStack services attempt
    to use the same signing directory name.
    Fixes LP Bug #1031022.
    Change-Id: I53bceed27f60721b8f61ffec2d1e91ec2ea464ed
    dprince committed Jul 30, 2012
  2. Assert adminness on token validation (bug 1030968)

    - Only affects non-PKI tokens
    - Includes style changes following bug 1003962
      - Fixed redundant imports & import order
      - Fixed single quote consistency
      - Fixed line continuations
      - Refactored a bit for readability
    Change-Id: I2d2566c615919f4968fd5636744fdb613b8fa3ad
    dolph committed Jul 30, 2012
  3. Merge "Test for Cert by name"

    Jenkins committed with openstack-gerrit Jul 30, 2012
  4. Test for Cert by name

    Fixes a typo in checking if cert file exists.
    Bug 1030912
    Change-Id: Iea783aaa6bc425a17799d40cd6b378d90ebe6faf
    Adam Young committed Jul 30, 2012
Commits on Jul 27, 2012
  1. Typo error in keystone/doc/source/configuration.rst.

    Change-Id: I076d4679cd797db816b99e63053661515712302b
    armaan committed Jul 27, 2012
  2. fix broken link

    sections have implicit hyperlink targets
    bug 1027109
    Change-Id: I984695c16f77e7939c5aebe65060abc13e3514ca
    apevec committed Jul 27, 2012
Commits on Jul 26, 2012
  1. Cryptographically Signed tokens

    Uses CMS to create tokens that can be verified without network calls.
    Tokens encapsulate authorization information.
    This includes user name and roles in JSON.
    The JSON document info is cryptographically signed with a private key
    from Keystone, in accordance with the Cryptographic Message Syntax (CMS)
    in DER format and then Base64 encoded.  The header, footer, and line breaks
    are stripped to minimize the size,  and slashes which are  invalid in Base64
    are converted to hyphens.
    Since signed tokens are not validated against the Keystone server,  they
    continue to be valid until the expiration time.  This means that even if a user
    has their roles revoked or their account disabled, those changes will not take
    effect until their token times out.  The prototype for this is Kerberos, which
    has the same limitation, and has funtioned sucessfully with it for decades.  It
    is possible to set the token time out for much shorter than the default of 8
    hours, but that may mean that users tokens will time out prior to completion
    of long running tasks.
    This should be a drop in replacement for the current token production code.
    Although  the signed token is longer than the older format, the token is still
    a unique stream of Alpha-Numeric characters.
    The auth token middle_ware is capable of handling both uuid and signed tokens.
    To start with, the PKI functionality is disabled.  This will keep from breaking
    the existing deployments.  However,  it can be enabled with the config value:
    disable_pki = False
    The 'id_hash' column is added to the SQL schema because SQL alchemy insists on
    each table having a primary key.  However primary keys are limited to roughly
    250 Characters (768 Bytes,  but there is more than 1 varchar per byte) so the
    ID field cannot be used as the primary key anymore.  id_hash is a hash of the
    id column, and should be used for lookups as it is indexed.
    middleware/ needs to stand alone in the other services, and uses
    keystone.common.cms in order to verify tokens.
    Token needs to have all of the data from the original authenticate code
    contained in the signed document, as the authenticate RPC will no longer
    be called in mand cases.
    The datetime of expiry is signed in the token.
    The certificates are accessible via web APIs.  On the remote service side,
    certificates needed to authenitcate tokens are stored in /tmp/keystone-signing
    by default.  Remote systems use Paste API to read configuration values.
    Certificates are retrieved only if they are not on the local system.
    When authenticating in Keystone systems, it still does the Database checks for
    token presence.  This allows Keystone to continue to enforce Timeout and
    disabled users.
    The service catalog has been added to the  signed token.  Although this greatly
    increases the size of the token,  it makes it consistant with what is fetched
    during the token authenticate checks
    This change also fixes time variations in expiry test.  Although unrelated to
    the above changes, it was making testing very frustrating.
    For the database Upgrade scripts, we now only  bring 'token' up to V1 in 001
    script.  This makes it possible to use the same 002 script for both upgrade
    and initializing a new database.
    Upon upgrade, the current UUID tokens are retained in the id_hash and id fields.
    The mechanisms to verify uuid tokens work the same as before.  On downgrade,
    token_ids are dropped.
    Takes into account changes for "Raise unauthorized if tenant disabled"
        Bug 1003962
    Change-Id: I89b5aa609143bbe09a36bfaf64758c5306e86de7
    Adam Young committed Jul 3, 2012
Commits on Jul 25, 2012
Commits on Jul 24, 2012
  1. Merge "Implementation of LDAP functions"

    Jenkins committed with openstack-gerrit Jul 24, 2012
Commits on Jul 20, 2012
  1. Merge "Files for Apache-HTTPD"

    Jenkins committed with openstack-gerrit Jul 20, 2012
Commits on Jul 19, 2012
  1. Sync jsonutils from openstack-common

    This makes keystone work with recent versions of anyjson.
    Changes from openstack-common:
        commit ce3071437d1871f77c4d8573cbe5f4ea8c817650
        Author: Russell Bryant <>
        Date:   Mon Jul 16 10:30:25 2012 -0400
            Use strtime() in to_primitive() for datetime objs.
            This patch updates jsonutils.to_primitive() to use timeutils.strtime()
            to convert a datimetime object to a string instead of just using str().
            This ensures that we can easily convert the string back to a datetime
            using timeutils.parse_strtime().
            Required for the nova blueprint no-db-messaging.
            Change-Id: I725b333695930e12e2832378102514326fec639c
        commit 4c9d439ef24f5afdd74aa9153aa8fc772051e6cb
        Author: Tim Daly Jr <>
        Date:   Tue Jun 26 02:48:42 2012 +0000
            Add 'filedecoder' method to the jsonutils wrapper module.
            Fixes bug #1017765
            After version 3.3.2, the anyjson library will throw a KeyError if
            filedecoder isn't present.  The filedecoder is just like the decoder
            except it takes a file instead of a string, like json.load() instead
            of json.loads().
            Change-Id: I7bd012a7b4afa9b1ec987c3e6393cc922b5dadff
    Change-Id: Icfd5c39c322ed6e73148c7f5ae03f704a3aa160e
    vuntz committed Jul 19, 2012
  2. Added user name validation. Fixes bug 966251.

    1. Verified name length while creating/updating user.
    2. Disallowed blank user name in create/update.
    3. Added unit test coverage.
    Change-Id: I55cd5daf34f4f57d4163be403a7a75c5d22baa62
    Unmesh Gurjar committed Jul 19, 2012
Commits on Jul 18, 2012
  1. Import ec2 credentials from old keystone db

    Fix bug #1016056
    Change-Id: Iebf31ccbdeff274b2c8f265911d3411963dd4844
    trid committed Jul 11, 2012
Commits on Jul 17, 2012
  1. Debug output may include passwords (bug 1004114)

    Change-Id: If0a7704ff578162d6b7fa8b68c0e0ed37e72cb73
    dolph committed Jul 17, 2012
Commits on Jul 16, 2012
  1. Raise unauthorized if tenant disabled (bug 988920)

    If the client attempts to explicitly authenticate against a disabled
    tenant, keystone should return HTTP 401 Unauthorized.
    Change-Id: I49fe56b6ef8d9f2fc6b9357472dae8964bb9cb9c
    dolph committed Jul 16, 2012
  2. Files for Apache-HTTPD

    files required for running Keystone in Apache-HTTPD and instructions to set it up
    Change-Id: Ib3fdf873ea3816186e6bb63307028ba3aa2edaa9
    Adam Young committed May 1, 2012
  3. Implementation of LDAP functions

    implementations of delete_tenant, delete_user,
      remove_role_from_user_and_tenant, get_tenant_users
      role.delete_user and remove_role_from_user_and_tenant
      remove_user_from_tenant, change_ role
    clean up LDAP sample data for live LDAP
    properly check for existance of tenant_id in user.
    Some tests expected the functions to be unimplemented.  Those hid the
    failuers on the LDAP Identity provider and have been removed.
    Make live tests extend the standard LDAP tests, so they test the same features.
    Bug 1021315
    Change-Id: I2866ff40fdc13040ba10d189ea2d95440eb4395c
    Adam Young committed Jul 12, 2012