lp:~openstack-ubuntu-testing/keystone/precise-essex-proposed

Created by Adam Gandelman on 2012-03-05 and last modified on 2012-12-17
Get this branch:
bzr branch lp:~openstack-ubuntu-testing/keystone/precise-essex-proposed
Members of Openstack Ubuntu Testers can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Openstack Ubuntu Testers
Project:
OpenStack Identity (keystone)
Status:
Development

Recent revisions

140. By Yolanda Robla on 2012-12-17

[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (c17a9992):
  - [8735009] Removing user from a tenant isn't invalidating user access to
    tenant (CVE-2012-5571)
  - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
    migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  - [ddb4019] Open 2012.1.4 development
  - [0e1f05e] memcache driver needs protection against unicode user keys
    (LP: #1056373)
  - [176ee9b] Token invalidation in case of role grant/revoke should be
    limited to affected tenant (LP: #1050025)
  - [58ac669] Token validation includes revoked roles (CVE-2012-4413)
  - [cd1e48a] Memcached Token Backend does not support list tokens
    (LP: #1046905)
  - [5438d3b] Update user's default tenant partially succeeds without authz
    (CVE-2012-3542)
* Dropped, superseeded by new snapshot:
  - debian/patches/CVE-2012-4413.patch [58ac669]
  - debian/patches/CVE-2012-5571.patch [8735009]
  - debian/patches/CVE-2012-3542.patch [5438d3b]
* SECURITY UPDATE: fix for EC2-style credentials invalidation
  - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
    that the user is in at least one valid role for the tenant
  - CVE-2012-5571
  - LP: #1064914
* SECURITY UPDATE: Pre-existing tokens continue to be valid after
  granting or revoking a user's access (LP: #1041396)
  - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
    tokens upon role grant/revoke
  - CVE-2012-4413
* SECURITY UPDATE: tenants are able to be added to users without
  authorization (LP: #1040626)
  - debian/patches/keystone-CVE-2012-3542: require authz to update a
    user's tenant.
  - CVE-2012-3542

139. By Adam Gandelman on 2012-12-12

Revert changelog.

138. By Yolanda Robla on 2012-12-12

Resynchronize with stable/essex (c17a9992) LP: #1089488:
modified changelog to add LP bug number

137. By Yolanda Robla on 2012-12-11

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
      that the user is in at least one valid role for the tenant
    - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
      tokens upon role grant/revoke
    - debian/patches/keystone-CVE-2012-3542: require authz to update a
      user's tenant.
  * Resynchronize with stable/essex (c17a9992):
    - [8735009] Removing user from a tenant isn't invalidating user access to
      tenant
    - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
      migrate and the newest sqlalchemy-0.8.0b1
    - [ddb4019] Open 2012.1.4 development
    - [0e1f05e] memcache driver needs protection against unicode user keys
    - [176ee9b] Token invalidation in case of role grant/revoke should be
      limited to affected tenant
    - [58ac669] Token validation includes revoked roles (CVE-2012-4413)
    - [cd1e48a] Memcached Token Backend does not support list tokens
    - [5438d3b] Update user's default tenant partially succeeds without authz

136. By Yolanda Robla on 2012-12-11

* Resynchronize with stable/essex (c17a9992):
  - [8735009] Removing user from a tenant isn't invalidating user access to
    tenant (LP: #1064914)
  - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
    migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  - [ddb4019] Open 2012.1.4 development
  - [0e1f05e] memcache driver needs protection against unicode user keys
    (LP: #1056373)
  - [176ee9b] Token invalidation in case of role grant/revoke should be
    limited to affected tenant (LP: #1050025)
  - [58ac669] Token validation includes revoked roles (CVE-2012-4413)
    (LP: #1041396)
  - [cd1e48a] Memcached Token Backend does not support list tokens
    (LP: #1046905)
  - [5438d3b] Update user's default tenant partially succeeds without authz
    (LP: #1040626)
* SECURITY UPDATE: fix for EC2-style credentials invalidation
  - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
    that the user is in at least one valid role for the tenant
  - CVE-2012-5571
  - LP: #1064914
* SECURITY UPDATE: Pre-existing tokens continue to be valid after
  granting or revoking a user's access (LP: #1041396)
  - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
    tokens upon role grant/revoke
  - CVE-2012-4413
* SECURITY UPDATE: tenants are able to be added to users without
  authorization (LP: #1040626)
  - debian/patches/keystone-CVE-2012-3542: require authz to update a
    user's tenant.
  - CVE-2012-3542
* Automated Ubuntu testing build:
* [7d08d12] Remove tenant membership during user deletion
* Automated Ubuntu testing build:
* [aa542c4] Add a _ at the end of reseller_prefix default.
* [89e8dc0] Add support to swift_auth for tokenless authz
* [4314ae6] additional logging to support debugging auth issue
* [bc153d5] Fixed misc errors in configuration.rst
* [ada4021] don't duplicate the extra dict in extra
* [1b7aa15] Raise keystone.exception for HTTP 401 (bug 962563)
* [b1336b0] Validate object refs (return 404 instead of 500)
* [d9959d8] tenant-crud 404 (bug 963056)
* [b56e326] role-crud 404 (bug 963056)
* [8037722] Improve swift_auth test coverage + Minor fixes
* [1904228] Check values for EC2.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [7abe0aa] S3 tokens cleanups.
* [1904228] Check values for EC2.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [9feb000] Fix critical typo in endpoint_create (bug 961412)
* [94904e4] Rename tokenauth to authtoken.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [d61aeda] unique role name constraint
* [53b3d44] Add test for swift middleware.
* [3a296a4] Spring cleaning, fix PEP8 violations.
* [94904e4] Rename tokenauth to authtoken.
* [80c7936] pass the arguments in when starting keystone-all
* [3e4653a] fix keystone-all's usage of options vs conf
* [009d661] Wrapped unexpected exceptions (bug 955411)
* [5d07cdf] Changing belongsTo validation back to ID
* [6f8752b] Clean up sql connection args
* [ee57716] Improved file logging example (bug 959610)
* [2324247] Swift middleware doc update.
* [193374a] Fixes LP #954089 - Service list templated catalog
* [2146119] Remove nova-specific middlewares
* [239e4f6] Add check for MAX_PASSWORD_LENGTH to utils.
* [2c6a232] Remove glance_auth_token middleware
* [e677327] Support PyPAM in pam backend, update to latest API
* [773f0f8] Fix default port for identity.internalURL
* [00a2392] Installing keystone docs
* [678dcad] Refactor keystone.common.logging use (bug 948224)
* [e7bb737] Add automatically generated code docs.
* [9363d5f] Properly return 501 for unsupported Catalog calls
* [56e4103] docstring cleanup to remove sphinx warnings
* [d2c6e88] Raising unauthorized instead of 500 (bug 954547)
* [f8cbd61] sample_data.sh: check file paths for packaged
  installations
* [6f2c858] Update get_metadata to return {}
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [ab6be05] Update username -> name in token response.
* [f4915af] Allow connect to another tenant.
* [a1e0174] Update docs for keystone client cli args
* [d2c6e88] Raising unauthorized instead of 500 (bug 954547)
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [b03c204] updating documentation for rewrite of auth_token.
* [5b3e05b] added LDAP section to architecture and architecture
* Automated Ubuntu testing build:
* [dc41cb5] Failing to update tenants (bug 953678, bug 954673)
* Automated Ubuntu testing build:
* [5b3e05b] added LDAP section to architecture and architecture
* Automated Ubuntu testing build:
* [e65a22c] Bug #943031 MySQL Server has gone away added docnotes of
  error messages caught for mysql and reference
* [73af033] Improved legacy tenancy resolution (bug 951933)
* Automated Ubuntu testing build:
* [dee8153] making all use of time follow datetime.utcnow() fixes bug
  954057
* [73af033] Improved legacy tenancy resolution (bug 951933)
* Automated Ubuntu testing build:
* [1e07b98] Fix iso8601 import/use and date comparaison.
* Automated Ubuntu testing build:
* [a036b3f] Fix double-quoted service names
* [0c3c27c] Fixes the cli documentation of user/tenant/roles
* Automated Ubuntu testing build:
* [1b64c84] Remove Nova Diablo reference from migrate docs
* [0c3c27c] Fixes the cli documentation of user/tenant/roles
* [2f4fb46] create service endpoints in sample data
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [a863c13] Add simple set of tests for auth_token middleware
* [259d938] enables run_test option to skip integration
* [48f2c7d] Add AUTHORS to the tarball.
* Automated Ubuntu testing build:
* [d6631d8] update documention on changing user password
* [259d938] enables run_test option to skip integration
* [48f2c7d] Add AUTHORS to the tarball.
* [94abc7e] Make sure we have a port number before int it.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [b5c8b3a] Add token caching via memcache.
* Automated Ubuntu testing build:
* [e05bc6a] Diablo to Essex migration docs (bug 934328)
* Automated Ubuntu testing build:
* [5720730] Added license header (bug 929663)
* [303a10b] Fix EC2 credentials crud after policy backend change
* [524cbd5] add more default catalog templates
* Automated Ubuntu testing build:
* [a2f2274] port common policy code to keystone
* [e422567] rename belongs_to to belongsTo as per the API spec.
* [5c6bccf] fixes lp#949648 change belongsTo validate to name
* [a7472f1] HTTP_AUTHORIZATION was used in proxy mode
* [71aa1db] fix Nova Volume Service in sample data
* [a2f2274] port common policy code to keystone [71aa1db] fix Nova
  Volume Service in sample data [524cbd5] add more default catalog
  templates
* No change rebuild.
* [e422567] rename belongs_to to belongsTo as per the API spec.
  [a7472f1] HTTP_AUTHORIZATION was used in proxy mode
* No change rebuild.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* [5c6bccf] fixes lp#949648 change belongsTo validate to name
  [d0429ea] Make bind host configurable [989d62f] Improve
  auth_str_equal(). [5c7f3cf] Set default identity driver to sql (bug
  934332)
* No change rebuild.
* No change rebuild.
* [98170a7] fixes bug lp#948439 belongs_to and serviceCatalog behavior
  * removing belongs_to as a kwarg and getting from the context *
  adding a serviceCatalog for belongs_to calls to tokens * adding test
  to validate belongs_to behavior in tokens
* [d0429ea] Make bind host configurable [fd4e961] Isolating backtraces
  to DEBUG (bug 947060)
* [ec35ea8] Fix coverage jobs for Jenkins. [fd4e961] Isolating
  backtraces to DEBUG (bug 947060)
* No change rebuild.
* [b68051c] Renamed sqlite files (bug 944951) [e8fb989] Add reseller
  admin capability. [460c3f3] Remove trailing whitespaces in regular
  file [bc34635] LDAP get_user_by_name
* No change rebuild.
* No change rebuild.
* [fad1a38] updating readme to point to developer setup docs * fixes
  bug 945274 [dd35d2a] standardize ldap and related tests
* No change rebuild.
* No change rebuild.
* [b698855] Added missing import (bug 944905) [dd35d2a] standardize
  ldap and related tests
* debian/keystone.preinst: Create group *before* user
* [ea4999d] add git commit date / sha1 to sphinx html docs [33e6c29]
  improve auth_token middleware [fc63c5d] Add service accounts to
  sample_data.sh
* [845a0de] gitignore follow up for docs/ rename [33e6c29] improve
  auth_token middleware [fc63c5d] Add service accounts to
  sample_data.sh [f8ba5af] Align with project configs.
* [a6105f7] Fixes doc typo s/SERVIVE/SERVICE/ [cfb996d] Align tox jobs
  with project standards.
* [1c24191] Use constant time string comparisons for auth. [49586bd]
  fix pep8 [1c5f3e2] GET /v2.0 (bug 930321) [cfb996d] Align tox jobs
  with project standards. [a7c8e2a] Provide request to
  Middleware.process_response()
* No change rebuild.
* No change rebuild.
* [834b931] Unpythonic code in redux in auth_token.py
* [49586bd] fix pep8
* [83df210] LDAP member defaults
* [089f53a] Handle KeyError in _get_admin_auth_token.
* [5816542] renaming pip-requires-test to test-requires
* [9581809] Add Vary header (bug 928057) [6c60d6c] Set tenantName to
  'admin' in get_admin_auth_token.
* [37d223e] Implement a Catalog SQL backend
* [6c60d6c] Set tenantName to 'admin' in get_admin_auth_token.
* [63437e9] LDAP Identity backend [cdac09e] Support unicode in the
  keystone database. [33a13b7] Add HEAD /tokens/{token_id} (bug
  933587)
* No change rebuild.
* [071f6b3] Implements extension discovery (bug 928054) [cdac09e]
  Support unicode in the keystone database. [c2142af] fleshing out
  architecture docs
* [2124890] XML de/serialization (bug 928058) [e23ecc6] Update
  auth_token middleware so it sets X_USER_ID.
* [c2142af] fleshing out architecture docs
* [e23ecc6] Update auth_token middleware so it sets X_USER_ID.
* [b4d35d6] Adds AUTHORS file generated from git log (and de-
  duplicated). [7530b8e] The default nova compute port is 8774.
  [c4411c1] Fix case of admin role in middleware. [1395bb4] Fix
  MANIFEST.in to include missing files [09a64dd] Create
  tools/sample_data.sh [036b990] Backslash continuations (Keystone)
  [510061e] Removing broken & redundant code (bug 933555)
* No change rebuild.
* [8465ef1] Remove extraneous _validate_claims() arg. [1f119bc] Use
  cfg's new print_help() method [762b461] Remove cfg dict mixin
  [e5a3e09] Update cfg from openstack-common [e6a23e3] fix the style
  guide to match the code
* No change rebuild.
* [baedc45] Correct config name for max_pool_size.
* [d679baf] Move cfg to keystone.openstack.common
* [45d6aa1] Fix copyright dates and remove duplicate Apache licenses.
  [de3ad7a] Add migration path for Nova auth [13dfd21] Fix thinko in
  keystone-all sys.path hack
* [83c7933] some additional style bits [de3ad7a] Add migration path
  for Nova auth [13dfd21] Fix thinko in keystone-all sys.path hack
  Ignore sqlite.db files [43c8bbc] Removing unused imports from
  keystone.cli [fb4f379] Update docs for Swift and S3 middlewares.
* No change rebuild.
* [08a3060] Re-adds admin_pass/user to auth_tok middleware. [77c11b2]
  Implements admin logic for tenant_list call. [73f22e1] Implemented
  get_tenant_users. Fixed bug 933721. [43c8bbc] Removing unused
  imports from keystone.cli [fb4f379] Update docs for Swift and S3
  middlewares.
* [c233b44] cli now returns an exit status cmd is invalid. [77c11b2]
  Implements admin logic for tenant_list call. [73f22e1] Implemented
  get_tenant_users. Fixed bug 933721. [43c8bbc] Removing unused
  imports from keystone.cli [460504f] Remove data_files section from
  setup.py. [1143802] Update Manifest.in [9246e04] fixes #934459
* No change rebuild.
* [faf6866] Set include_package_data=True in setup.py. [460504f]
  Remove data_files section from setup.py. [1143802] Update
  Manifest.in [2feb519] Add migrate.cfg to data_files in setup.py
  Admin version pipeline not utilized (bug 925548) [546f952] Fix
  logging.config import [8712abb] backport some asserts [892ba0f]
  remove pycli [02ef19a] Adds missing argument to add_user_to_tenant
  in create_user. [e238427] Fixes a failure caused by a recent change
  to user update in the client. [3093980] remove executable bit from
  setup.py [484dc24] Raising 'NotImplmented' results in TypeError
  [8d7189f] Added Apache 2.0 License information. [90068b0] Add docs
  on keystone_old -> ksl migration [71436db] Add token expiration
  add catalog export [e1a9a1f] Handle unicode keys in memcache token
  backend [ed793ad] make sure passwords work after migration [b409629]
  add legacy diablo import tests [48f2f65] change password hash
  [aa2656c] add essex test as well [700a397] add sql for import legacy
  tests [63adca3] add import legacy cli command [eb5a939] add
  migration from legacy db [de8c958] remove keystoneclient-based
  manage commands [9f03722] Remove executable bit from auth_token.py
  [6c5c964] Update swift token middleware. [af28360] Add s3_token.
  [0e775d6] Add pagination to GET /tokens [79faa28] Fixes role
  checking for admin check [d049c19] Fix webob exceptions in
  test_middlware [363a5d6] Add tests for core middleware [9028f32] Add
  version description to root path [2c18314] Add TokenNotFound
  exception [ae55fdc] remove diablo tests, they aren't doing much
  [e5ffa74] Fix largest memory leak in ksl tests [05b2583] Add
  memcache token backend [c64a12f] Friendly JSON exceptions (bug
  928061, bug 928062) [26655dc] Fix comment on bcrypt and avoid hard-
  coding 29 as the salt length [c680d7c] Add SQL token backend
  [6013dd8] Add content-type to responses [9528060] Cope with unicode
  passwords or None [a3d21f0] Add auth checks to ec2 credential crud
  operations [51eda01] termie all the things [f9a8827] example in
  hacking was incorrect [f0f8dde] Ensures duplicate users and tenants
  can't be made [3efce6d] make pip requires match nova [aed78aa] fixes
  lp:925721 adds .gitreview for redux branch [fabad5a] remove
  novaclient, fix python syntax [fa5b2e4] We don't need all the deps
  to check pep8. [9dadf01] remove extra line [b6a142d] Make ec2 auth
  actually work [62a92c4] fixing grammar, noting broken enable, adding
  hacking with prefs for project [e0afc0d] Removed unused reference
  [fca3e9c] adding a token service Driver to define the interface
  [6a5c524] Added support for DELETE /tokens/{token_id} [cc37127] ran
  through all commands to verify keywords against current (master)
  keystonelight [32ff03b] updating docs: [4f651ba] updating tox.ini
  with test pip requirements [446b268] use our own logging module
  [433e7db] minor docstring update for new locations [0027f90] Missed
  one more keystone-server. [69bb042] Renamed keystone-server to
  keystone-all based on comments in LP: #910484. [40525e0] be more
  safe with getting json aprams [a703983] skip the two tests where
  testing code is failing [3cfea52] accept POST or PUT for tenant
  update [09bd758] deal with reparsing the config files [37e1c5c]
  don't automatically parse sys.argv for cfg [0b34e5f] deal with tags
  in git checkout [6fd68e1] fix keystoneclient tests [c6e30eb] add
  tests for essex and fix the testing framework [2d2ce8c] Update
  docs/source/developing.rst [ec89d4e] Change the name of keystone to
  keystone-server so the binaries dont conflict with python-
  keystoneclient. [3da6575] Normalize build files with current
  jenkins. [fc3de24] Use gerrit instead of github [cf3f671] Fix pep8
  violations. [666a2b8] Add .gitreview file. [8d695b8] removing unused
  images, cleaning up RST in docstrings from sphinx warnings [d961f7c]
  pep8 cleanup [9d7d898] shifting contents from _static to static
  [d1f4ddc] adding in testing details [22c3f80] moved notes from
  README.rst into docs/architecture.rst [ef8b8f1] updating formating
  for configuration page [1908a2d] format tweaks and moving old docs
  [fec7598] shifting older docs into old/ directory [e643f23] doc
  updates [6b38e3c] moving in all the original docs from keystone
  fixing up PIP requirements for testing and virtualenv [103fc87]
  indents. [3974760] Make it as a subclass. [d6d56e4] fix style and
  termie's comments about comments [726b5ad] invalid params for
  roles.delete [d5443e2] initial stab at requiring adminness [b1cd214]
  Simplify code. [1efee11] add tests that auth with tenant user isn't
  member of [fcea15d] Add s3tokens validation. [d4f2bf5] add a bunch
  of basic tests for the cli [608b9a2] remove this useless catalog
  [de6a98a] move cli code into a module for testing [a6a6124] allow
  class names to be different from attr names [f5dbc98] add ec2
  credentials to the cli [51a2c18] fix middleware [4899210] bcrypt the
  passwords [e344821] fix token vs auth_token [9f0bb49] some quick
  fixes to cli, tests incoming [aaf75e9] fix pep8 [e4a00e0] fix some
  more pass-by-reference bugs [da4f955] strip password before checking
  output [8ad8d88] flip actual and expected to match common api
  [8ffee09] don't allow disabled users to authenticate [5a8a8ae] turn
  off echo [2ebb89b] fix invalid_password, skip ec2 tests [57b24dd]
  strip password from sql backend [3cce41e] raise and catch correct
  authenticate error [c59370e] rely on internal _get_user for update
  calls [36a0190] strip password from kvs backend [86dad07] fix
  user_get/user_list tests [28760bd] removing the sphinx_build from
  setup.py, adding how to run the docs into the README [f943977] ec2
  docs [269159f] simple docstrings for ec2 crud [d8ddc07] get docs
  working [ea78b2e] some cli improvements [c83bcb1] add checks for no
  password attribute [2a91b1c] users with correct credentials but
  disabled are forbidden not unauthorized [f40198d] shimming in basics
  from original keystone [3d2bb3a] test login fails with invalid
  password or disabled user [ffeb0e5] doctry [0df93eb] use
  token_client in token tests [71faa9f] remove duplicate pycli from
  pip-requires [ecabdd1] fix ec2 sql config [21cfcfc] get_client lets
  you send user and tenant [cbc1558] update how user is specified in
  tests [c1fe998] rename ec2 tests to be more explicit [e567fb9] use
  the sql backend for ec2 tests [88b0a4b] more failing ec2 tests
  [f28a03c] add METADATA for boo [7b4c26d] add (failing) tests for
  scoping ec2 crud [781feaf] add some docs that got overwritten last
  night [89c378c] fix pep8 [f226234] update tests [fc79bbe] update
  some names [e2f04f2] fix some imports [ff6af1f] split up sql
  backends too [308a766] split up the services and kvs backends
  [909012a] establish basic structure [f0e3e7f] add docs for various
  service managers [94f78a3] expect sphinx sources to be autogenned
  [bf7e6fb] some tiny docs [e129d5f] fix sphinx [198d168] testing rst
  on github [67d4a7c] updating dependencies for ksl [e75f7be] needed
  to do more for cli opts [76c45b4] make a main in keystone-manage
  [3c10e73] fix pep8 error [9d04ee9] rename apidoc to autodoc
  [53ec23a] Fix typo [f16a262] return to starting directory after git
  work [44c6b69] spacing [1418925] tests for ec2 crud [dae746d] add
  keystoneclient expected format [a0c7c7c] add sql backend, too
  [afd897f] add an ec2 extension [2ed9759] update readme [8c33e66] re-
  indent [c233dc2] re-indent [bd974c9] re-indent [9ab0a42] re-indent
  kvs.py [9d7c5c0] re-indent test.py [6a48676] remove models.py
  [7b0f71b] add some docs to manager [deab5c4] dynamic manager classes
  for now [1bd1349] add a couple more tests [8ea6e8f] add some more
  todos [be52a5e] strip newlines [2a31259] TODO [2d6b348] add role
  refs to validate token [aea09bd] fix token auth [c25155a] check for
  membership [4ae246d] flush that sht [61ecf60] add more middleware
  [ef1a474] fixing WatchedFileHandler [c830305] logging to debugging
  by default for now [2723439] add a noop controller [cd37b05] woops
  [52da891] add glance middleware ?? [47908a4] add legacy middleware
  [ec85749] fix setup.py [d230857] adding #vim to file with changed
  indent [230a003] add id-only flag to return IDs [5961430] rename ks
  to keystone-manage [d940dc4] fixing imports for syslog handlers and
  gettext [c3c05cb] adding gettext [393aedb] adding logging from
  configuration files, default logging per common [6540120] cli using
  keystoneclient [732909a] add a db_sync command to bin/ks, remove
  others [3c88b7f] merge test and default configs [2c60c7f] adding
  project to keystone config to find default config files [1d6334d]
  some more config in bin/keystone [74170ee] in the bin config too
  keystone_compat -> service [75e781a] remove keystone from names,
  remove service [51df8b1] remove default configuration [8f46af0]
  basic service running again [2340dee] rename extras to metadata
  [8362442] version number in setup.py [a84930a] add basic sphinx doc
  bits [1967545] remove references to keystone light [763013c]
  renaming keystonelight to keystone [13ec79b] keystoneclient tests
  working against sql backend [4b4ada2] run all teh keystoneclient
  tests against sql too [0f6a9a7] move everything over to the default
  config [feadf75] config system overhaul [829a96b] add nova's cfg
  framework [8fdcb69] fix pep8 [c8ed28c] missed a file [6495d41] most
  tests working again [119808d] still wip, got migration mostly
  working [775b8ed] get the sql ball rolling, still wip [b766165] add
  sql backend, WIP [9691c0f] tweaking for running regular tests in
  jenkins [205a7b9] finished up services stuff [ebe158f] add the
  various role tests [5c89972] add list users [46943c5] get user tests
  working [ff15e5f] get endpoints test working [c6d6d43] get
  tenant_add_and_remove_user test working [94e9d6b] tenant test
  working again [e396650] copy over the os-ksadm extension [23c6f49]
  example crud extension for create_tenant [63c7934] get some tests
  working again [0e7f06d] merge fixes [30a1146] fixup [c5b1b6f] Made
  tests use both service and admin endpoints [2fb294f] All tests but
  create_tenant pass [f2a9c51] Split keystone compat by admin and
  service endpoints [3eb2adf] Added broken tests to show compatibility
  gaps [4b55fa5] Split keystone compat by admin and service endpoints
  [909770d] move novaclient tests over also [9e8ec25] clean up
  test_identity_api [2e1558e] clean up keystoneclient setup [32aa1de]
  add role crud [a32c73c] speed up tests [8425eab] add basic fixture
  functionality [7541ed4] documentation driven development [b4eba62]
  novaclient now requires prettytable [26a4cde] whitespace [5ff67d7]
  whitespace [82f6445] make create_tenant work for keystone api
  [29e1336] common ks client creation [5e4a877] updating of docs
  [e4428dc] working on a tenant_create test [99f81d5] standardize
  spacing [a0d0669] novaclient uses password instead of apikey
  [b42859f] update to use the correct repo for python-novaclient
  [cad238d] fix tenant auth tests [91f2097] add an example for
  capability rbac [e5d1050] make readme use code style [860aa86] add
  the policy code [63943c9] describe and add a policy backend
  [d820917] policty stub [834301a] re-indent [b0733ca] change array
  syntax [3479575] updates to make compatible with middleware
  handle unscoped requests [20bebd9] adjust default port [17e03b8]
  move noop to identity controller [9024351] allow setting user_id on
  create [776a159] users require a name [c8b28b5] pep8 [8eea6b3]
  update test conf too [1335e4c] cli for adding users, tenants, extras
  [9d99821] adjust paths and use composite apps [2545907] add tests
  for extras [3ab9d87] add tenant crud [f8e6fae] oops, forgot update
  in crud [7035e4a] add crud tests [54f32f9] add crud tests [d0009db]
  add crud tests [8ff5606] add test for create user and get user
  [2c7770f] add test for create user and get user [2d15482] re-indent
  identity.py [9105935] don't pep8 swp files [e8f72ed] accept data as
  kwargs for crud [adbbe01] use the keystone app in the conf [6c84c1b]
  reorg [f2e73bc] re-indent service.py [e10512b] more dyanmic client
  update service to middleware in confs [d7f364e] move around
  middleware [716c450] make a composite app [59c2dea] add crud methods
  to identity manager [570b08d] cli beginnings [64b369f] add admin
  port [4885d4a] add an etc dir [cd712b2] add a default handler for /
  [8ae627a] add a stubby setup.py [3117b41] use paste for the binary
  [3d79099] add a trivial admin-only middleware [8fd8220] update
  keystone sample tests, skip one [3212101] add crud info to readme
  [44a07fd] get novaclient tests working [3439a77] add novaclient,
  intermediate [2bc4376] add run_tests.sh and pep8 stuff [d17e1cf]
  remove italics on Light [29e4e54] modify requirements [6cb7e6c] link
  diagrams [002ae33] whitespace [344d21c] added catalog tests
  [f86bf25] added tests for tokens [3f0137a] test the other methods
  too [912c222] add some tests and get others to pass [4c8a5ac] add
  some failing tests [b514897] add a default conf [4b48845] minor
  whitespace cleanup [f8ec4f6] add some todo [d3cc798] add example
  authenticate and tenants working [2f2465e] working authenticate in
  keystoneclient [3caf2a8] remove test_keystone_compat's catalog tests
  [4ba33be] add templated catalog backend [2ac753e] everything but the
  catalog [583e3c9] get a checkout of keystoneclient [d920d84]
  authenticate working, too [ba4913f] base tests on keystone-
  diablo/stable [a98b2ed] get tenants passing, yay [f886ab9] flow
  working, added debugging [06944e8] add context to calls [ef9f039]
  move diagram into docs dir [7427b1a] refactor keystone compat and
  add catalog service [c8d4e88] added sequence diagrams for keystone
  compat [50d64c3] getting closer, need to match api now [35ec297]
  tests running through, still failing [a200e50] add a test client
  [03b75a5] added a test, need to get it working now [a328b99] working
  with dashboard [8cd7f5c] add get_tenants [9a0ec99] rudimentary login
  working [158dfba] most bits working [419c2cb] initial
* No change rebuild.
* [9452cf0] Fixes bug 924391
* [bfe9abe] Fix "KeyError: 'service-header-mappings'" [9858e08]
  Removes nova middleware and config from keystone [1ea4e4f] Added
  keystone-manage list_role_grants (bug 923933)
* No change rebuild.
* No change rebuild.
* [f76477c] Update auth_token middleware to support creds.
* [d2e6f63] Added shortcut for id=NULL queries (bug 916386) [a86a661]
  Removing __init__ from non-packages (bug 921054) [fd36f1f] add
  instructions for setting up a devenv on openSUSE 11.4 and 12.1
  [2e73dfa] Documented race condition (bug 921634)
* No change rebuild.
* No change rebuild.
* [2efd311] Test coverage for issue described in bug 919335 [fd36f1f]
  add instructions for setting up a devenv on openSUSE 11.4 and 12.1
* [a86a661] Removing __init__ from non-packages (bug 921054) [053345c]
  Forgot to update models (bug 885426) [9e9e7f0] Updating example
  glance paste config.
* [d1a3c5f] Fix race in TestCreateTokenCommand (bug 921634) [053345c]
  Forgot to update models (bug 885426) [9e9e7f0] Updating example
  glance paste config.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* [b1581a1] Migrated 'enabled' int columns to bool for postgres (bug
  885426) [b207a49] Return Version and Tenant in Endpoints
* [8c6e606] Updated bp keystone-configuration for bp keystone-manage2
* [b207a49] Return Version and Tenant in Endpoints
* [23c396d] Updated error message for keystone-manage2
* [e2f8607] Added: "UserWithPassword" Added: "UserWithOnlyEnabled"
  Removed: "UserWithOnlyPassword" [b680202] Fix for bug 921126
* No change rebuild.
* [2dbb2a6] Update Extended Credentials (EC2, S3) [ef6c133] Release
  Notes for E3 [5ce7e70] Restore Console Info Logging - bp keystone-
  logging
* No change rebuild.
* No change rebuild.
* [027782a] Adds keystone auth-n/auth-z for Swift S3 API.
* [5b8682f] Implement cfg.py
* [28dac45] Implement Secure Token Auth [5f69fbb] Fixed: Inserting
  URLs into endpoint version attr
* [92462c8] Suppressed backtraces in tests causes sweaty eyes
* [5f69fbb] Fixed: Inserting URLs into endpoint version attr
* [45b3636] Addresses bug 918608
* [f2726df] Added Vary header to support caching (bug 913895)
  [6362857] Handle EC2 Credentials on /tokens
* No change rebuild.
* [95fb6d1] Implemented subparsers (bp keystone-manage2)
* [9e1e113] Fixed PEP8 violations and disallowed them
* [8b3df32] Implemented bp keystone-manage2
* [8c98285] Fixes 918535: time not properly parsed in auth_token
  middleware [1b44286] fix bug lp:843064
* [159757c] Use dateutil 1.5 [1b44286] fix bug lp:843064
* [70e5a00] Prestage fix - fixed requirement name; python-dateutil,
  not dateutil [7c0529f] Bug #916199: keystone-manage service list
  fails with AttributeError on Service.description [3d08211] Fix LDAP
  Schema Syntax (bug 904380)
* [2d18686] Pre-staging pip requires [7681a01] Exception raise error
  [e03ff6e] Updates to middleware to deprecate X_USER [3d08211] Fix
  LDAP Schema Syntax (bug 904380)
* [7c0529f] Bug #916199: keystone-manage service list fails with
  AttributeError on Service.description [e03ff6e] Updates to
  middleware to deprecate X_USER [3d08211] Fix LDAP Schema Syntax (bug
  904380)
* [7681a01] Exception raise error [eedd271] Revert "Exception raise
  error" [fa95e14] Bug #915544: keystone-manage version 1 commands
  broken when using flags
* [e03ff6e] Updates to middleware to deprecate X_USER [fa95e14] Bug
  #915544: keystone-manage version 1 commands broken when using flags
* [eedd271] Revert "Exception raise error" [fa95e14] Bug #915544:
  keystone-manage version 1 commands broken when using flags
* No change rebuild.
* [45c62a8] Exception raise error [ee617f4] Fix minor typo [3f70358]
  Add 'tenants' to Auth & Validate Response [1c2708f] Fixed Test
  Coverage Handling [73525ac] Adding prettytable dependency [105b908]
  Front-end logging [870c1aa] Implement Role Model [876e309] xsd fixes
  [82852a7] Added decorators for admin and service_admin checks
  [2e3ee14] Initial keystone-manage rewrite (bp keystone-manage2)
  [fe74938] Correct endpoint template URLs in docs.
* No change rebuild.
* debian/patches/temp_fix_keystone_manage.patch: Update
* No change rebuild.
* debian/patches/temp_fix_keystone_manage.patch: Temp. patch to get moving during sprint
* No change rebuild.
* [0762754] Show useful traceback if manage command fails [3f70358]
  Add 'tenants' to Auth & Validate Response [1c2708f] Fixed Test
  Coverage Handling
* [ee617f4] Fix minor typo
* [73525ac] Adding prettytable dependency [105b908] Front-end logging
  [870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
  decorators for admin and service_admin checks [2e3ee14] Initial
  keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
  endpoint template URLs in docs.
* [73525ac] Adding prettytable dependency [105b908] Front-end logging
  [870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
  decorators for admin and service_admin checks [2e3ee14] Initial
  keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
  endpoint template URLs in docs.
* [105b908] Front-end logging [870c1aa] Implement Role Model [876e309]
  xsd fixes [82852a7] Added decorators for admin and service_admin
  checks [2e3ee14] Initial keystone-manage rewrite (bp keystone-
  manage2) [fe74938] Correct endpoint template URLs in docs.
* [870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
  decorators for admin and service_admin checks [2e3ee14] Initial
  keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
  endpoint template URLs in docs.
* [876e309] xsd fixes [82852a7] Added decorators for admin and
  service_admin checks [2e3ee14] Initial keystone-manage rewrite (bp
  keystone-manage2) [fe74938] Correct endpoint template URLs in docs.
* [82852a7] Added decorators for admin and service_admin checks
  [2e3ee14] Initial keystone-manage rewrite (bp keystone-manage2)
  [fe74938] Correct endpoint template URLs in docs.
* [82852a7] Added decorators for admin and service_admin checks
* debian/keystone.install: install tools/{convert_to_sqlite.sh,
  sample_data.sh}
* debian/patches/fix-ubuntu-tests.patch: Also skip keystoneclient
  essex 3 tests, add patch description
* debian/keystone.logrotate: Add logrotate config (LP: #962426)

135. By Yolanda Robla on 2012-12-11

[ Yolanda Robla ]
* Resynchronize with stable/essex (c17a9992):
  - [8735009] Removing user from a tenant isn't invalidating user access to
    tenant (LP: #1064914)
  - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
    migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  - [ddb4019] Open 2012.1.4 development
  - [0e1f05e] memcache driver needs protection against unicode user keys
    (LP: #1056373)
  - [176ee9b] Token invalidation in case of role grant/revoke should be
    limited to affected tenant (LP: #1050025)
  - [58ac669] Token validation includes revoked roles (CVE-2012-4413)
    (LP: #1041396)
  - [cd1e48a] Memcached Token Backend does not support list tokens
    (LP: #1046905)
  - [5438d3b] Update user's default tenant partially succeeds without authz
    (LP: #1040626)
* SECURITY UPDATE: fix for EC2-style credentials invalidation
  - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
    that the user is in at least one valid role for the tenant
  - CVE-2012-5571
  - LP: #1064914
* SECURITY UPDATE: Pre-existing tokens continue to be valid after
  granting or revoking a user's access (LP: #1041396)
  - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
    tokens upon role grant/revoke
  - CVE-2012-4413
* SECURITY UPDATE: tenants are able to be added to users without
  authorization (LP: #1040626)
  - debian/patches/keystone-CVE-2012-3542: require authz to update a
    user's tenant.
  - CVE-2012-3542
* Automated Ubuntu testing build:
* [7d08d12] Remove tenant membership during user deletion
* Automated Ubuntu testing build:
* [aa542c4] Add a _ at the end of reseller_prefix default.
* [89e8dc0] Add support to swift_auth for tokenless authz
* [4314ae6] additional logging to support debugging auth issue
* [bc153d5] Fixed misc errors in configuration.rst
* [ada4021] don't duplicate the extra dict in extra
* [1b7aa15] Raise keystone.exception for HTTP 401 (bug 962563)
* [b1336b0] Validate object refs (return 404 instead of 500)
* [d9959d8] tenant-crud 404 (bug 963056)
* [b56e326] role-crud 404 (bug 963056)
* [8037722] Improve swift_auth test coverage + Minor fixes
* [1904228] Check values for EC2.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [7abe0aa] S3 tokens cleanups.
* [1904228] Check values for EC2.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [9feb000] Fix critical typo in endpoint_create (bug 961412)
* [94904e4] Rename tokenauth to authtoken.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [d61aeda] unique role name constraint
* [53b3d44] Add test for swift middleware.
* [3a296a4] Spring cleaning, fix PEP8 violations.
* [94904e4] Rename tokenauth to authtoken.
* [80c7936] pass the arguments in when starting keystone-all
* [3e4653a] fix keystone-all's usage of options vs conf
* [009d661] Wrapped unexpected exceptions (bug 955411)
* [5d07cdf] Changing belongsTo validation back to ID
* [6f8752b] Clean up sql connection args
* [ee57716] Improved file logging example (bug 959610)
* [2324247] Swift middleware doc update.
* [193374a] Fixes LP #954089 - Service list templated catalog
* [2146119] Remove nova-specific middlewares
* [239e4f6] Add check for MAX_PASSWORD_LENGTH to utils.
* [2c6a232] Remove glance_auth_token middleware
* [e677327] Support PyPAM in pam backend, update to latest API
* [773f0f8] Fix default port for identity.internalURL
* [00a2392] Installing keystone docs
* [678dcad] Refactor keystone.common.logging use (bug 948224)
* [e7bb737] Add automatically generated code docs.
* [9363d5f] Properly return 501 for unsupported Catalog calls
* [56e4103] docstring cleanup to remove sphinx warnings
* [d2c6e88] Raising unauthorized instead of 500 (bug 954547)
* [f8cbd61] sample_data.sh: check file paths for packaged
  installations
* [6f2c858] Update get_metadata to return {}
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [ab6be05] Update username -> name in token response.
* [f4915af] Allow connect to another tenant.
* [a1e0174] Update docs for keystone client cli args
* [d2c6e88] Raising unauthorized instead of 500 (bug 954547)
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [b03c204] updating documentation for rewrite of auth_token.
* [5b3e05b] added LDAP section to architecture and architecture
* Automated Ubuntu testing build:
* [dc41cb5] Failing to update tenants (bug 953678, bug 954673)
* Automated Ubuntu testing build:
* [5b3e05b] added LDAP section to architecture and architecture
* Automated Ubuntu testing build:
* [e65a22c] Bug #943031 MySQL Server has gone away added docnotes of
  error messages caught for mysql and reference
* [73af033] Improved legacy tenancy resolution (bug 951933)
* Automated Ubuntu testing build:
* [dee8153] making all use of time follow datetime.utcnow() fixes bug
  954057
* [73af033] Improved legacy tenancy resolution (bug 951933)
* Automated Ubuntu testing build:
* [1e07b98] Fix iso8601 import/use and date comparaison.
* Automated Ubuntu testing build:
* [a036b3f] Fix double-quoted service names
* [0c3c27c] Fixes the cli documentation of user/tenant/roles
* Automated Ubuntu testing build:
* [1b64c84] Remove Nova Diablo reference from migrate docs
* [0c3c27c] Fixes the cli documentation of user/tenant/roles
* [2f4fb46] create service endpoints in sample data
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [a863c13] Add simple set of tests for auth_token middleware
* [259d938] enables run_test option to skip integration
* [48f2c7d] Add AUTHORS to the tarball.
* Automated Ubuntu testing build:
* [d6631d8] update documention on changing user password
* [259d938] enables run_test option to skip integration
* [48f2c7d] Add AUTHORS to the tarball.
* [94abc7e] Make sure we have a port number before int it.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* No change rebuild.
* Automated Ubuntu testing build:
* [b5c8b3a] Add token caching via memcache.
* Automated Ubuntu testing build:
* [e05bc6a] Diablo to Essex migration docs (bug 934328)
* Automated Ubuntu testing build:
* [5720730] Added license header (bug 929663)
* [303a10b] Fix EC2 credentials crud after policy backend change
* [524cbd5] add more default catalog templates
* Automated Ubuntu testing build:
* [a2f2274] port common policy code to keystone
* [e422567] rename belongs_to to belongsTo as per the API spec.
* [5c6bccf] fixes lp#949648 change belongsTo validate to name
* [a7472f1] HTTP_AUTHORIZATION was used in proxy mode
* [71aa1db] fix Nova Volume Service in sample data
* [a2f2274] port common policy code to keystone [71aa1db] fix Nova
  Volume Service in sample data [524cbd5] add more default catalog
  templates
* No change rebuild.
* [e422567] rename belongs_to to belongsTo as per the API spec.
  [a7472f1] HTTP_AUTHORIZATION was used in proxy mode
* No change rebuild.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* [5c6bccf] fixes lp#949648 change belongsTo validate to name
  [d0429ea] Make bind host configurable [989d62f] Improve
  auth_str_equal(). [5c7f3cf] Set default identity driver to sql (bug
  934332)
* No change rebuild.
* No change rebuild.
* [98170a7] fixes bug lp#948439 belongs_to and serviceCatalog behavior
  * removing belongs_to as a kwarg and getting from the context *
  adding a serviceCatalog for belongs_to calls to tokens * adding test
  to validate belongs_to behavior in tokens
* [d0429ea] Make bind host configurable [fd4e961] Isolating backtraces
  to DEBUG (bug 947060)
* [ec35ea8] Fix coverage jobs for Jenkins. [fd4e961] Isolating
  backtraces to DEBUG (bug 947060)
* No change rebuild.
* [b68051c] Renamed sqlite files (bug 944951) [e8fb989] Add reseller
  admin capability. [460c3f3] Remove trailing whitespaces in regular
  file [bc34635] LDAP get_user_by_name
* No change rebuild.
* No change rebuild.
* [fad1a38] updating readme to point to developer setup docs * fixes
  bug 945274 [dd35d2a] standardize ldap and related tests
* No change rebuild.
* No change rebuild.
* [b698855] Added missing import (bug 944905) [dd35d2a] standardize
  ldap and related tests
* debian/keystone.preinst: Create group *before* user
* [ea4999d] add git commit date / sha1 to sphinx html docs [33e6c29]
  improve auth_token middleware [fc63c5d] Add service accounts to
  sample_data.sh
* [845a0de] gitignore follow up for docs/ rename [33e6c29] improve
  auth_token middleware [fc63c5d] Add service accounts to
  sample_data.sh [f8ba5af] Align with project configs.
* [a6105f7] Fixes doc typo s/SERVIVE/SERVICE/ [cfb996d] Align tox jobs
  with project standards.
* [1c24191] Use constant time string comparisons for auth. [49586bd]
  fix pep8 [1c5f3e2] GET /v2.0 (bug 930321) [cfb996d] Align tox jobs
  with project standards. [a7c8e2a] Provide request to
  Middleware.process_response()
* No change rebuild.
* No change rebuild.
* [834b931] Unpythonic code in redux in auth_token.py
* [49586bd] fix pep8
* [83df210] LDAP member defaults
* [089f53a] Handle KeyError in _get_admin_auth_token.
* [5816542] renaming pip-requires-test to test-requires
* [9581809] Add Vary header (bug 928057) [6c60d6c] Set tenantName to
  'admin' in get_admin_auth_token.
* [37d223e] Implement a Catalog SQL backend
* [6c60d6c] Set tenantName to 'admin' in get_admin_auth_token.
* [63437e9] LDAP Identity backend [cdac09e] Support unicode in the
  keystone database. [33a13b7] Add HEAD /tokens/{token_id} (bug
  933587)
* No change rebuild.
* [071f6b3] Implements extension discovery (bug 928054) [cdac09e]
  Support unicode in the keystone database. [c2142af] fleshing out
  architecture docs
* [2124890] XML de/serialization (bug 928058) [e23ecc6] Update
  auth_token middleware so it sets X_USER_ID.
* [c2142af] fleshing out architecture docs
* [e23ecc6] Update auth_token middleware so it sets X_USER_ID.
* [b4d35d6] Adds AUTHORS file generated from git log (and de-
  duplicated). [7530b8e] The default nova compute port is 8774.
  [c4411c1] Fix case of admin role in middleware. [1395bb4] Fix
  MANIFEST.in to include missing files [09a64dd] Create
  tools/sample_data.sh [036b990] Backslash continuations (Keystone)
  [510061e] Removing broken & redundant code (bug 933555)
* No change rebuild.
* [8465ef1] Remove extraneous _validate_claims() arg. [1f119bc] Use
  cfg's new print_help() method [762b461] Remove cfg dict mixin
  [e5a3e09] Update cfg from openstack-common [e6a23e3] fix the style
  guide to match the code
* No change rebuild.
* [baedc45] Correct config name for max_pool_size.
* [d679baf] Move cfg to keystone.openstack.common
* [45d6aa1] Fix copyright dates and remove duplicate Apache licenses.
  [de3ad7a] Add migration path for Nova auth [13dfd21] Fix thinko in
  keystone-all sys.path hack
* [83c7933] some additional style bits [de3ad7a] Add migration path
  for Nova auth [13dfd21] Fix thinko in keystone-all sys.path hack
  [015dd3d] Return HTTP 401 bad user/password is specified. [1746ea6]
  Ignore sqlite.db files [43c8bbc] Removing unused imports from
  keystone.cli [fb4f379] Update docs for Swift and S3 middlewares.
* No change rebuild.
* [08a3060] Re-adds admin_pass/user to auth_tok middleware. [77c11b2]
  Implements admin logic for tenant_list call. [73f22e1] Implemented
  get_tenant_users. Fixed bug 933721. [43c8bbc] Removing unused
  imports from keystone.cli [fb4f379] Update docs for Swift and S3
  middlewares.
* [c233b44] cli now returns an exit status cmd is invalid. [77c11b2]
  Implements admin logic for tenant_list call. [73f22e1] Implemented
  get_tenant_users. Fixed bug 933721. [43c8bbc] Removing unused
  imports from keystone.cli [460504f] Remove data_files section from
  setup.py. [1143802] Update Manifest.in [9246e04] fixes #934459
* No change rebuild.
* [faf6866] Set include_package_data=True in setup.py. [460504f]
  Remove data_files section from setup.py. [1143802] Update
  Manifest.in [2feb519] Add migrate.cfg to data_files in setup.py
  [6672acb] Should return 300 Multiple Choice (bug 925548) [dd382af]
  Admin version pipeline not utilized (bug 925548) [546f952] Fix
  logging.config import [8712abb] backport some asserts [892ba0f]
  remove pycli [02ef19a] Adds missing argument to add_user_to_tenant
  in create_user. [e238427] Fixes a failure caused by a recent change
  to user update in the client. [3093980] remove executable bit from
  setup.py [484dc24] Raising 'NotImplmented' results in TypeError
  [8d7189f] Added Apache 2.0 License information. [90068b0] Add docs
  on keystone_old -> ksl migration [71436db] Add token expiration
  [448c641] Update docs to for current keystone-manage usage [27db5cb]
  add catalog export [e1a9a1f] Handle unicode keys in memcache token
  backend [ed793ad] make sure passwords work after migration [b409629]
  add legacy diablo import tests [48f2f65] change password hash
  [aa2656c] add essex test as well [700a397] add sql for import legacy
  tests [63adca3] add import legacy cli command [eb5a939] add
  migration from legacy db [de8c958] remove keystoneclient-based
  manage commands [9f03722] Remove executable bit from auth_token.py
  [6c5c964] Update swift token middleware. [af28360] Add s3_token.
  [0e775d6] Add pagination to GET /tokens [79faa28] Fixes role
  checking for admin check [d049c19] Fix webob exceptions in
  test_middlware [363a5d6] Add tests for core middleware [9028f32] Add
  version description to root path [2c18314] Add TokenNotFound
  exception [ae55fdc] remove diablo tests, they aren't doing much
  [e5ffa74] Fix largest memory leak in ksl tests [05b2583] Add
  memcache token backend [c64a12f] Friendly JSON exceptions (bug
  928061, bug 928062) [26655dc] Fix comment on bcrypt and avoid hard-
  coding 29 as the salt length [c680d7c] Add SQL token backend
  [6013dd8] Add content-type to responses [9528060] Cope with unicode
  passwords or None [a3d21f0] Add auth checks to ec2 credential crud
  operations [51eda01] termie all the things [f9a8827] example in
  hacking was incorrect [f0f8dde] Ensures duplicate users and tenants
  can't be made [3efce6d] make pip requires match nova [aed78aa] fixes
  lp:925721 adds .gitreview for redux branch [fabad5a] remove
  novaclient, fix python syntax [fa5b2e4] We don't need all the deps
  to check pep8. [9dadf01] remove extra line [b6a142d] Make ec2 auth
  actually work [62a92c4] fixing grammar, noting broken enable, adding
  hacking with prefs for project [e0afc0d] Removed unused reference
  [fca3e9c] adding a token service Driver to define the interface
  [6a5c524] Added support for DELETE /tokens/{token_id} [cc37127] ran
  through all commands to verify keywords against current (master)
  keystonelight [32ff03b] updating docs: [4f651ba] updating tox.ini
  with test pip requirements [446b268] use our own logging module
  [433e7db] minor docstring update for new locations [0027f90] Missed
  one more keystone-server. [69bb042] Renamed keystone-server to
  keystone-all based on comments in LP: #910484. [40525e0] be more
  safe with getting json aprams [a703983] skip the two tests where
  testing code is failing [3cfea52] accept POST or PUT for tenant
  update [09bd758] deal with reparsing the config files [37e1c5c]
  don't automatically parse sys.argv for cfg [0b34e5f] deal with tags
  in git checkout [6fd68e1] fix keystoneclient tests [c6e30eb] add
  tests for essex and fix the testing framework [2d2ce8c] Update
  docs/source/developing.rst [ec89d4e] Change the name of keystone to
  keystone-server so the binaries dont conflict with python-
  keystoneclient. [3da6575] Normalize build files with current
  jenkins. [fc3de24] Use gerrit instead of github [cf3f671] Fix pep8
  violations. [666a2b8] Add .gitreview file. [8d695b8] removing unused
  images, cleaning up RST in docstrings from sphinx warnings [d961f7c]
  pep8 cleanup [9d7d898] shifting contents from _static to static
  [d1f4ddc] adding in testing details [22c3f80] moved notes from
  README.rst into docs/architecture.rst [ef8b8f1] updating formating
  for configuration page [1908a2d] format tweaks and moving old docs
  [fec7598] shifting older docs into old/ directory [e643f23] doc
  updates [6b38e3c] moving in all the original docs from keystone
  [68aa9cd] adding python keystoneclient to setup.py deps [080f523]
  fixing up PIP requirements for testing and virtualenv [103fc87]
  indents. [3974760] Make it as a subclass. [d6d56e4] fix style and
  termie's comments about comments [726b5ad] invalid params for
  roles.delete [d5443e2] initial stab at requiring adminness [b1cd214]
  Simplify code. [1efee11] add tests that auth with tenant user isn't
  member of [fcea15d] Add s3tokens validation. [d4f2bf5] add a bunch
  of basic tests for the cli [608b9a2] remove this useless catalog
  [de6a98a] move cli code into a module for testing [a6a6124] allow
  class names to be different from attr names [f5dbc98] add ec2
  credentials to the cli [51a2c18] fix middleware [4899210] bcrypt the
  passwords [e344821] fix token vs auth_token [9f0bb49] some quick
  fixes to cli, tests incoming [aaf75e9] fix pep8 [e4a00e0] fix some
  more pass-by-reference bugs [da4f955] strip password before checking
  output [8ad8d88] flip actual and expected to match common api
  [8ffee09] don't allow disabled users to authenticate [5a8a8ae] turn
  off echo [2ebb89b] fix invalid_password, skip ec2 tests [57b24dd]
  strip password from sql backend [3cce41e] raise and catch correct
  authenticate error [c59370e] rely on internal _get_user for update
  calls [36a0190] strip password from kvs backend [86dad07] fix
  user_get/user_list tests [28760bd] removing the sphinx_build from
  setup.py, adding how to run the docs into the README [f943977] ec2
  docs [269159f] simple docstrings for ec2 crud [d8ddc07] get docs
  working [ea78b2e] some cli improvements [c83bcb1] add checks for no
  password attribute [2a91b1c] users with correct credentials but
  disabled are forbidden not unauthorized [f40198d] shimming in basics
  from original keystone [3d2bb3a] test login fails with invalid
  password or disabled user [ffeb0e5] doctry [0df93eb] use
  token_client in token tests [71faa9f] remove duplicate pycli from
  pip-requires [ecabdd1] fix ec2 sql config [21cfcfc] get_client lets
  you send user and tenant [cbc1558] update how user is specified in
  tests [c1fe998] rename ec2 tests to be more explicit [e567fb9] use
  the sql backend for ec2 tests [88b0a4b] more failing ec2 tests
  [f28a03c] add METADATA for boo [7b4c26d] add (failing) tests for
  scoping ec2 crud [781feaf] add some docs that got overwritten last
  night [89c378c] fix pep8 [f226234] update tests [fc79bbe] update
  some names [e2f04f2] fix some imports [ff6af1f] split up sql
  backends too [308a766] split up the services and kvs backends
  [909012a] establish basic structure [f0e3e7f] add docs for various
  service managers [94f78a3] expect sphinx sources to be autogenned
  [bf7e6fb] some tiny docs [e129d5f] fix sphinx [198d168] testing rst
  on github [67d4a7c] updating dependencies for ksl [e75f7be] needed
  to do more for cli opts [76c45b4] make a main in keystone-manage
  [3c10e73] fix pep8 error [9d04ee9] rename apidoc to autodoc
  [53ec23a] Fix typo [f16a262] return to starting directory after git
  work [44c6b69] spacing [1418925] tests for ec2 crud [dae746d] add
  keystoneclient expected format [a0c7c7c] add sql backend, too
  [afd897f] add an ec2 extension [2ed9759] update readme [8c33e66] re-
  indent [c233dc2] re-indent [bd974c9] re-indent [9ab0a42] re-indent
  kvs.py [9d7c5c0] re-indent test.py [6a48676] remove models.py
  [7b0f71b] add some docs to manager [deab5c4] dynamic manager classes
  for now [1bd1349] add a couple more tests [8ea6e8f] add some more
  todos [be52a5e] strip newlines [2a31259] TODO [2d6b348] add role
  refs to validate token [aea09bd] fix token auth [c25155a] check for
  membership [4ae246d] flush that sht [61ecf60] add more middleware
  [ef1a474] fixing WatchedFileHandler [c830305] logging to debugging
  by default for now [2723439] add a noop controller [cd37b05] woops
  [52da891] add glance middleware ?? [47908a4] add legacy middleware
  [ec85749] fix setup.py [d230857] adding #vim to file with changed
  indent [230a003] add id-only flag to return IDs [5961430] rename ks
  to keystone-manage [d940dc4] fixing imports for syslog handlers and
  gettext [c3c05cb] adding gettext [393aedb] adding logging from
  configuration files, default logging per common [6540120] cli using
  keystoneclient [732909a] add a db_sync command to bin/ks, remove
  others [3c88b7f] merge test and default configs [2c60c7f] adding
  project to keystone config to find default config files [1d6334d]
  some more config in bin/keystone [74170ee] in the bin config too
  [a606c39] rename many service parts to public [ec82e9b]
  keystone_compat -> service [75e781a] remove keystone from names,
  remove service [51df8b1] remove default configuration [8f46af0]
  basic service running again [2340dee] rename extras to metadata
  [8362442] version number in setup.py [a84930a] add basic sphinx doc
  bits [1967545] remove references to keystone light [763013c]
  renaming keystonelight to keystone [13ec79b] keystoneclient tests
  working against sql backend [4b4ada2] run all teh keystoneclient
  tests against sql too [0f6a9a7] move everything over to the default
  config [feadf75] config system overhaul [829a96b] add nova's cfg
  framework [8fdcb69] fix pep8 [c8ed28c] missed a file [6495d41] most
  tests working again [119808d] still wip, got migration mostly
  working [775b8ed] get the sql ball rolling, still wip [b766165] add
  sql backend, WIP [9691c0f] tweaking for running regular tests in
  jenkins [205a7b9] finished up services stuff [ebe158f] add the
  various role tests [5c89972] add list users [46943c5] get user tests
  working [ff15e5f] get endpoints test working [c6d6d43] get
  tenant_add_and_remove_user test working [94e9d6b] tenant test
  working again [e396650] copy over the os-ksadm extension [23c6f49]
  example crud extension for create_tenant [63c7934] get some tests
  working again [0e7f06d] merge fixes [30a1146] fixup [c5b1b6f] Made
  tests use both service and admin endpoints [2fb294f] All tests but
  create_tenant pass [f2a9c51] Split keystone compat by admin and
  service endpoints [3eb2adf] Added broken tests to show compatibility
  gaps [4b55fa5] Split keystone compat by admin and service endpoints
  [909770d] move novaclient tests over also [9e8ec25] clean up
  test_identity_api [2e1558e] clean up keystoneclient setup [32aa1de]
  add role crud [a32c73c] speed up tests [8425eab] add basic fixture
  functionality [7541ed4] documentation driven development [b4eba62]
  novaclient now requires prettytable [26a4cde] whitespace [5ff67d7]
  whitespace [82f6445] make create_tenant work for keystone api
  [29e1336] common ks client creation [5e4a877] updating of docs
  [e4428dc] working on a tenant_create test [99f81d5] standardize
  spacing [a0d0669] novaclient uses password instead of apikey
  [b42859f] update to use the correct repo for python-novaclient
  [cad238d] fix tenant auth tests [91f2097] add an example for
  capability rbac [e5d1050] make readme use code style [860aa86] add
  the policy code [63943c9] describe and add a policy backend
  [d820917] policty stub [834301a] re-indent [b0733ca] change array
  syntax [3479575] updates to make compatible with middleware
  [58b8ca8] mergeish dolph's port change [3dac773] fix tests [aaf7695]
  handle unscoped requests [20bebd9] adjust default port [17e03b8]
  move noop to identity controller [9024351] allow setting user_id on
  create [776a159] users require a name [c8b28b5] pep8 [8eea6b3]
  update test conf too [1335e4c] cli for adding users, tenants, extras
  [9d99821] adjust paths and use composite apps [2545907] add tests
  for extras [3ab9d87] add tenant crud [f8e6fae] oops, forgot update
  in crud [7035e4a] add crud tests [54f32f9] add crud tests [d0009db]
  add crud tests [8ff5606] add test for create user and get user
  [2c7770f] add test for create user and get user [2d15482] re-indent
  identity.py [9105935] don't pep8 swp files [e8f72ed] accept data as
  kwargs for crud [adbbe01] use the keystone app in the conf [6c84c1b]
  reorg [f2e73bc] re-indent service.py [e10512b] more dyanmic client
  [8464499] get some initial identity api tests working [4b4969f]
  update service to middleware in confs [d7f364e] move around
  middleware [716c450] make a composite app [59c2dea] add crud methods
  to identity manager [570b08d] cli beginnings [64b369f] add admin
  port [4885d4a] add an etc dir [cd712b2] add a default handler for /
  [8ae627a] add a stubby setup.py [3117b41] use paste for the binary
  [3d79099] add a trivial admin-only middleware [8fd8220] update
  keystone sample tests, skip one [3212101] add crud info to readme
  [44a07fd] get novaclient tests working [3439a77] add novaclient,
  intermediate [2bc4376] add run_tests.sh and pep8 stuff [d17e1cf]
  remove italics on Light [29e4e54] modify requirements [6cb7e6c] link
  diagrams [002ae33] whitespace [344d21c] added catalog tests
  [f86bf25] added tests for tokens [3f0137a] test the other methods
  too [912c222] add some tests and get others to pass [4c8a5ac] add
  some failing tests [b514897] add a default conf [4b48845] minor
  whitespace cleanup [f8ec4f6] add some todo [d3cc798] add example
  [1d1db0f] rst blah blah [169c4fb] updated readme [0d4e11c]
  authenticate and tenants working [2f2465e] working authenticate in
  keystoneclient [3caf2a8] remove test_keystone_compat's catalog tests
  [4ba33be] add templated catalog backend [2ac753e] everything but the
  catalog [583e3c9] get a checkout of keystoneclient [d920d84]
  authenticate working, too [ba4913f] base tests on keystone-
  diablo/stable [a98b2ed] get tenants passing, yay [f886ab9] flow
  working, added debugging [06944e8] add context to calls [ef9f039]
  move diagram into docs dir [7427b1a] refactor keystone compat and
  add catalog service [c8d4e88] added sequence diagrams for keystone
  compat [50d64c3] getting closer, need to match api now [35ec297]
  tests running through, still failing [a200e50] add a test client
  [03b75a5] added a test, need to get it working now [a328b99] working
  with dashboard [8cd7f5c] add get_tenants [9a0ec99] rudimentary login
  working [158dfba] most bits working [419c2cb] initial
* No change rebuild.
* [9452cf0] Fixes bug 924391
* [bfe9abe] Fix "KeyError: 'service-header-mappings'" [9858e08]
  Removes nova middleware and config from keystone [1ea4e4f] Added
  keystone-manage list_role_grants (bug 923933)
* No change rebuild.
* No change rebuild.
* [f76477c] Update auth_token middleware to support creds.
* [d2e6f63] Added shortcut for id=NULL queries (bug 916386) [a86a661]
  Removing __init__ from non-packages (bug 921054) [fd36f1f] add
  instructions for setting up a devenv on openSUSE 11.4 and 12.1
  [2e73dfa] Documented race condition (bug 921634)
* No change rebuild.
* No change rebuild.
* [2efd311] Test coverage for issue described in bug 919335 [fd36f1f]
  add instructions for setting up a devenv on openSUSE 11.4 and 12.1
* [a86a661] Removing __init__ from non-packages (bug 921054) [053345c]
  Forgot to update models (bug 885426) [9e9e7f0] Updating example
  glance paste config.
* [d1a3c5f] Fix race in TestCreateTokenCommand (bug 921634) [053345c]
  Forgot to update models (bug 885426) [9e9e7f0] Updating example
  glance paste config.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* No change rebuild.
* [b1581a1] Migrated 'enabled' int columns to bool for postgres (bug
  885426) [b207a49] Return Version and Tenant in Endpoints
* [8c6e606] Updated bp keystone-configuration for bp keystone-manage2
* [b207a49] Return Version and Tenant in Endpoints
* [23c396d] Updated error message for keystone-manage2
* [e2f8607] Added: "UserWithPassword" Added: "UserWithOnlyEnabled"
  Removed: "UserWithOnlyPassword" [b680202] Fix for bug 921126
* No change rebuild.
* [2dbb2a6] Update Extended Credentials (EC2, S3) [ef6c133] Release
  Notes for E3 [5ce7e70] Restore Console Info Logging - bp keystone-
  logging
* No change rebuild.
* No change rebuild.
* [027782a] Adds keystone auth-n/auth-z for Swift S3 API.
* [5b8682f] Implement cfg.py
* [28dac45] Implement Secure Token Auth [5f69fbb] Fixed: Inserting
  URLs into endpoint version attr
* [92462c8] Suppressed backtraces in tests causes sweaty eyes
* [5f69fbb] Fixed: Inserting URLs into endpoint version attr
* [45b3636] Addresses bug 918608
* [f2726df] Added Vary header to support caching (bug 913895)
  [6362857] Handle EC2 Credentials on /tokens
* No change rebuild.
* [95fb6d1] Implemented subparsers (bp keystone-manage2)
* [9e1e113] Fixed PEP8 violations and disallowed them
* [8b3df32] Implemented bp keystone-manage2
* [8c98285] Fixes 918535: time not properly parsed in auth_token
  middleware [1b44286] fix bug lp:843064
* [159757c] Use dateutil 1.5 [1b44286] fix bug lp:843064
* [70e5a00] Prestage fix - fixed requirement name; python-dateutil,
  not dateutil [7c0529f] Bug #916199: keystone-manage service list
  fails with AttributeError on Service.description [3d08211] Fix LDAP
  Schema Syntax (bug 904380)
* [2d18686] Pre-staging pip requires [7681a01] Exception raise error
  [e03ff6e] Updates to middleware to deprecate X_USER [3d08211] Fix
  LDAP Schema Syntax (bug 904380)
* [7c0529f] Bug #916199: keystone-manage service list fails with
  AttributeError on Service.description [e03ff6e] Updates to
  middleware to deprecate X_USER [3d08211] Fix LDAP Schema Syntax (bug
  904380)
* [7681a01] Exception raise error [eedd271] Revert "Exception raise
  error" [fa95e14] Bug #915544: keystone-manage version 1 commands
  broken when using flags
* [e03ff6e] Updates to middleware to deprecate X_USER [fa95e14] Bug
  #915544: keystone-manage version 1 commands broken when using flags
* [eedd271] Revert "Exception raise error" [fa95e14] Bug #915544:
  keystone-manage version 1 commands broken when using flags
* No change rebuild.
* [45c62a8] Exception raise error [ee617f4] Fix minor typo [3f70358]
  Add 'tenants' to Auth & Validate Response [1c2708f] Fixed Test
  Coverage Handling [73525ac] Adding prettytable dependency [105b908]
  Front-end logging [870c1aa] Implement Role Model [876e309] xsd fixes
  [82852a7] Added decorators for admin and service_admin checks
  [2e3ee14] Initial keystone-manage rewrite (bp keystone-manage2)
  [fe74938] Correct endpoint template URLs in docs.
* No change rebuild.
* debian/patches/temp_fix_keystone_manage.patch: Update
* No change rebuild.
* debian/patches/temp_fix_keystone_manage.patch: Temp. patch to get moving during sprint
* No change rebuild.
* [0762754] Show useful traceback if manage command fails [3f70358]
  Add 'tenants' to Auth & Validate Response [1c2708f] Fixed Test
  Coverage Handling
* [ee617f4] Fix minor typo
* [73525ac] Adding prettytable dependency [105b908] Front-end logging
  [870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
  decorators for admin and service_admin checks [2e3ee14] Initial
  keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
  endpoint template URLs in docs.
* [73525ac] Adding prettytable dependency [105b908] Front-end logging
  [870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
  decorators for admin and service_admin checks [2e3ee14] Initial
  keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
  endpoint template URLs in docs.
* [105b908] Front-end logging [870c1aa] Implement Role Model [876e309]
  xsd fixes [82852a7] Added decorators for admin and service_admin
  checks [2e3ee14] Initial keystone-manage rewrite (bp keystone-
  manage2) [fe74938] Correct endpoint template URLs in docs.
* [870c1aa] Implement Role Model [876e309] xsd fixes [82852a7] Added
  decorators for admin and service_admin checks [2e3ee14] Initial
  keystone-manage rewrite (bp keystone-manage2) [fe74938] Correct
  endpoint template URLs in docs.
* [876e309] xsd fixes [82852a7] Added decorators for admin and
  service_admin checks [2e3ee14] Initial keystone-manage rewrite (bp
  keystone-manage2) [fe74938] Correct endpoint template URLs in docs.
* [82852a7] Added decorators for admin and service_admin checks
  [2e3ee14] Initial keystone-manage rewrite (bp keystone-manage2)
  [fe74938] Correct endpoint template URLs in docs.
* [82852a7] Added decorators for admin and service_admin checks
[Chuck Short]
* debian/keystone.install: install tools/{convert_to_sqlite.sh,
  sample_data.sh}
[Adam Gandelman]
* debian/patches/fix-ubuntu-tests.patch: Also skip keystoneclient
  essex 3 tests, add patch description
* debian/keystone.logrotate: Add logrotate config (LP: #962426)

134. By Chuck Short on 2012-11-27

Refresh again.

133. By Chuck Short on 2012-11-27

Updated patches

132. By Adam Gandelman on 2012-09-14

Add Chuck's name to changelog.

131. By Adam Gandelman on 2012-09-14

debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.